
Is it possible to do a server side check of the user permissions? For example, I want to know if a specific user has permission to write on a certain document. How can I do it?

From what I've seen, it seems like this option is not yet implanted, so you'll have to make some workaround with custom attributes
You can see a discussion about it here https://discord.com/channels/564160730845151244/1100734700814872637

I don't want to make actions on the behalf of the user, I just want to know if it has the permission to do certain actions

Ohh, Something like this for example?
const user = await getUser(id);
if(user.can('write','databaseNane.colletionName')) {
// Logic go's here
}

Yes

Exactly

That sounds like something that will add a lot to Appwrite user functions, I don't recall to be something about it.

You can open an issue for it https://github.com/appwrite/appwrite/issues
From my quick search, I didn't find any other issues with this

Wierd, it looks like a common usecase to me

Appwrite vision = all client actions from client sdk (that take into account the permissions)

I don't want to do a client action, I just want to do a security check

Hello @Iron by writing on certain document you mean like update/delete that document?
Otherwise, are you talking about collections?
If you have not so many documents you can use a workaround like this, sorry if it is janky, but I have never think about it before.
database = databases.Databases(client)
user = users.Users(client)
id_user = '64492ce6569089ef247e'
aux_user = user.get(id_user)
list_docs = database.list_documents('data', 'new_collection')
for i in list_docs["documents"]:
for j in i["$permissions"]:
if (aux_user["$id"] in str(j)):
print(aux_user["name"],
"has",
j.split("(")[0],
"permission in document",
i["$id"])
Outcome:
user 1 has read permission in document 64492d5ba2ac1a0e3b99
user 1 has update permission in document 64492d5ba2ac1a0e3b99
user 1 has delete permission in document 64492d5ba2ac1a0e3b99

I created issue for you : https://github.com/appwrite/appwrite/issues/5434

You can upvote it

Cool 👍

Nice!

I already know the document id, I didn't thought of doing it this way, thank you!

You are welcome!

Thank you!
Recommended threads
- Existing ID bug?!
Idk why this happens can someone explain!! why Im getting this error even if I "manually clear the collection" ?
- Constant 404 Pages
Whenever I am navigating through items and pages to go through my collections and database I end up at a page that sends me a 404 error, if i refresh it remains...
- Getting [object] [object] from appwrite
I'm fetching the data from appwrite having but for some reason I'm getting data in [object] [object] format why?
