Skip to content
Start building
Back

Understanding appwrite permissions

  • 1
  • Teams
  • Web
View on Discord
L'unique Madfish
24 Mar, 2023, 10:55

I'm trying to prevent team creation for any user.

I have a test code that simply connects with a third party service and tries to create a test team.

TypeScript
account.createOAuth2Session("microsoft", url_success, url_failure);

teams.create("test", "test").then((response) => {
    console.log(response);
  }).catch(
    (error) => {
      console.log(error);
    }
  );

And I got the following error:

TypeScript
AppwriteException: User (role: guests) missing scope (teams.write)
    at Client.<anonymous> (file:///Users/.../node_modules/appwrite/dist/esm/sdk.js:385:27)
    at Generator.next (<anonymous>)
    at fulfilled (file:///Users/.../node_modules/appwrite/dist/esm/sdk.js:22:58)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
  code: 401,
  type: 'general_unauthorized_scope',
  response: {
    message: 'User (role: guests) missing scope (teams.write)',
    code: 401,
    type: 'general_unauthorized_scope',
    version: '1.2.1'
  }
}

But on the console the team is well created

(see picture)

If you have any advice or explanations to give me, I'm interested.

Thanks in advance

TL;DR
The user is getting an error message saying "User (role: guests) missing scope (teams.write)" when trying to create a team using Appwrite. The team is still created successfully despite the error. Possible solution: 1. Make sure the team creation is happening after the user is logged in by implementing a flow that checks if the user is logged in before calling the teams.create() function. 2. Instead of calling account.createOAuth2Session() and teams.create() together, separate them and call teams.create() only after the user is logged in. 3. Use a code structure like this: ``` account.get().then
Binyamin
24 Mar, 2023, 13:24

When you're stating and createOAuth2Session it will go to the provider for authentication. Which means the line teams.create is being called with no user, aka guest.

You can try a flow like this (for example)

TypeScript
account.get().then((user)=>{
    // Is logged in
    addToTeam();
}).catch(()=>{
    // not logged in
    OAuth2Session();
})

function addToTeam() {
    teams.create("test", "test").then((response) => {
        console.log(response);
    }).catch(
        (error) => {
            console.log(error);
        }
    );
}

function OAuth2Session(){
    account.createOAuth2Session("microsoft", url_success, url_failure);
}

There is more to it, but this will make sure the team operation happens with a current signed user

L'unique Madfish
24 Mar, 2023, 14:20

the second function is on another page (the success url), it's called only after a successful login

Binyamin
24 Mar, 2023, 14:22

I gather them for convince sorry for the miss confusing What I'm trying to say is that the team.create() should run only after the user is logged in

L'unique Madfish
24 Mar, 2023, 16:24

The user is logged in, ´cause the team is well created on appwrite (see picture ) but I still get an error

Binyamin
24 Mar, 2023, 16:25

The same error is here? about user being in (role: guests)?

L'unique Madfish
24 Mar, 2023, 17:16

yes

Binyamin
24 Mar, 2023, 17:26

Are you still calling these two functions together?

TypeScript
account.createOAuth2Session("microsoft", url_success, url_failure);

teams.create("test", "test").then((response) => {

I think that the teams.create should be separate from the createOAuth2Session one

L'unique Madfish
25 Mar, 2023, 12:44

I have to pages,

one who call

TypeScript
account.createOAuth2Session("microsoft", url_success, url_failure);

and the other one is the url_success page who call

TypeScript
teams.create("test", "test").then((response) => {

so the second one is called only if the first one is succesful

Drake
25 Mar, 2023, 17:03
  1. What's your code around initializing Client, Account, and Teams?
  2. Do you only have 1 instance of Client in your codebase?
  3. Can you test calling account.get() before calling teams.create()?
L'unique Madfish
25 Mar, 2023, 17:53

I only have 1 instance on Client in a appwrite.ts then in the same file I create an appwrite variable

TypeScript
const client = ...

const appwrite = {
  account: new Account(client);
  teams: new Teams(client);
};

export default appwrite;

then I just import appwrite in to different page index.tsx and success.tsx

and if I call account.get() I got the same error as mentionned above

Drake
25 Mar, 2023, 18:22

What framework are you using on your front end?

Drake
25 Mar, 2023, 18:22

Oooh sorry oauth...you might need to make sure your Appwrite endpoint and your front end share the same front end registerable domain so that the cookie is set properly and are passed properly

L'unique Madfish
25 Mar, 2023, 18:34

I'm just debugging my app so it's localhost basicly

Drake
25 Mar, 2023, 19:07

Appwrite and your front end are on localhost?

L'unique Madfish
25 Mar, 2023, 23:59

Yes

Drake
26 Mar, 2023, 01:35

And what are you using for your front end?

L'unique Madfish
26 Mar, 2023, 02:03

Nextjs + react

Drake
26 Mar, 2023, 02:42

NextJS! Can you make sure that account.get() and teams.create() is being executed client side and not server side?

L'unique Madfish
26 Mar, 2023, 12:10

That's probably the reason why

L'unique Madfish
26 Mar, 2023, 12:11

And is there any way to disable teams creation or collection / document creation for any users ?

Drake
26 Mar, 2023, 15:44

You can disable services. I think it's in the settings for your project. The service will be disabled for clients, but should still work with an API key.

For collections, you would have to limit who has create access

L'unique Madfish
26 Mar, 2023, 16:16

Ok perfect

L'unique Madfish
26 Mar, 2023, 16:16

thanks for all the help

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more