Seeking assistance on document level security using roles and permissions in Appwrite

Hello community,

I have been working on creating a document that incorporates document level security through the usage of the Permission and Roles classes provided by the Appwrite NPM package. In the same project, I successfully utilised permissions in a cloud function. However, when attempting to make a request to the database API for creating the document in my a certain collection, I encountered an error.

I have reviewed the available permissions documentation. Despite following the documentation diligently, I have been unable to identify the root cause of the issue.

To provide further context, I have attached screenshots of some sections of the function code. In one of the screenshots I have defined the api where define functions to utilised by the frontend while interacting with the database and contextually implementing or consuming them in the handle submit. I kindly request your assistance in resolving this matter. Any help would be greatly appreciated.

Thank you in advance.

That's the error I get and that's the permissions array that is generated using the Role and Permission when utilised as specified in the documentation

Why the unique ID is like a string "unique()"?

It won't generate a random unique ID for the images to be stored

It works fine as a string

It will

No, it won't

It worked for me

How it will? It's a string and not any unique ID of the images. You'll storing multiple images so every images should have it's respective unique ID

What I'm doing here is to create a new file with a unique id which i store in the collection part as the logo so that I can later get it for preview or manipulation and that works fine. However, I just have to get the permissions to work for document level security. That's all.

i remember my days of using flutter, the unique() string actually worked, something along the way must have interpreted the string to a function, maybe the appwrite sdk itself

"unique()" is valid for many endpoint. Here source for createFile : https://github.com/appwrite/appwrite/blob/fd7a2cbfada41481495d2ffc6bf4fdec630c9f9f/app/controllers/api/storage.php#L439 ID.unique() allow to generate a UID from appwrite SDK (client side, before call server) "unique()" allow generate this UID from server side

You don't set permissions on createDocument function

Oh yes you do. But you call POST on document (mean create/update) but only give any perms on read So thinks that your logged user isn't on (super)admin teams ?

You can got current logged id and teams_id and go to document (via console) to check perms

Or you don't give create perms on organisationCOllectionId ?

holy moly that user is in a lot of teams 👀 is this the expected, common scenario?

FYI, If you have a permission that's applied on every document, it might be best to move that to the collection

Anyways, you're getting the error because you're passing a role the user doesn't have which isn't allowed (team:...d4e/admin).

Alright thanks