Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

Permission check

  • 1
  • Databases
View on Discord
Iron
26 Apr, 2023, 13:46

Is it possible to do a server side check of the user permissions? For example, I want to know if a specific user has permission to write on a certain document. How can I do it?

TL;DR
The user is asking if it is possible to do a server-side check of user permissions in Appwrite. There is a suggestion to use a workaround with custom attributes to check permissions. The user also provides some code in Python as an example. No solution or official support response is provided in this thread.
Binyamin
26 Apr, 2023, 13:49

From what I've seen, it seems like this option is not yet implanted, so you'll have to make some workaround with custom attributes

You can see a discussion about it here https://discord.com/channels/564160730845151244/1100734700814872637

Iron
26 Apr, 2023, 13:52

I don't want to make actions on the behalf of the user, I just want to know if it has the permission to do certain actions

Binyamin
26 Apr, 2023, 13:56

Ohh, Something like this for example?

TypeScript
  const user = await getUser(id);


  if(user.can('write','databaseNane.colletionName')) {
    // Logic go's here
  }
Iron
26 Apr, 2023, 13:56

Yes

Iron
26 Apr, 2023, 13:57

Exactly

Binyamin
26 Apr, 2023, 14:00

That sounds like something that will add a lot to Appwrite user functions, I don't recall to be something about it.

Binyamin
26 Apr, 2023, 14:01

You can open an issue for it https://github.com/appwrite/appwrite/issues

From my quick search, I didn't find any other issues with this

Iron
26 Apr, 2023, 14:08

Wierd, it looks like a common usecase to me

Bouahaza
26 Apr, 2023, 14:10

Appwrite vision = all client actions from client sdk (that take into account the permissions)

Iron
26 Apr, 2023, 14:11

I don't want to do a client action, I just want to do a security check

Ponguta_
26 Apr, 2023, 14:26

Hello @Iron by writing on certain document you mean like update/delete that document?

Otherwise, are you talking about collections?

If you have not so many documents you can use a workaround like this, sorry if it is janky, but I have never think about it before.

TypeScript
database = databases.Databases(client)
user = users.Users(client)

id_user = '64492ce6569089ef247e'
aux_user = user.get(id_user)
list_docs = database.list_documents('data', 'new_collection')

for i in list_docs["documents"]:
    for j in i["$permissions"]:
        if (aux_user["$id"] in str(j)):
            print(aux_user["name"],
                  "has",
                  j.split("(")[0],
                  "permission in document",
                  i["$id"])

Outcome:

TypeScript
user 1 has read permission in document 64492d5ba2ac1a0e3b99
user 1 has update permission in document 64492d5ba2ac1a0e3b99
user 1 has delete permission in document 64492d5ba2ac1a0e3b99
Bouahaza
26 Apr, 2023, 14:28

I created issue for you : https://github.com/appwrite/appwrite/issues/5434

Bouahaza
26 Apr, 2023, 14:28

You can upvote it

Binyamin
26 Apr, 2023, 14:28

Cool 👍

Ponguta_
26 Apr, 2023, 14:29

Nice!

Iron
26 Apr, 2023, 14:35

I already know the document id, I didn't thought of doing it this way, thank you!

Ponguta_
26 Apr, 2023, 14:38

You are welcome!

Iron
26 Apr, 2023, 14:46

Thank you!

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more