[SOLVED] User permissions on document creation.
How would I properly set permissions on a new document to a specific user? This seems to not work as intended.
async function createArticle(data) {
return await databases.createDocument('default', 'rss_articles', sdk.ID.unique(), {
title: data.title,
content: data.content,
url: data.url,
$permissions: [
`read("user:${data.userId})`,
`update("user:${data.userId})`,
`delete("user:${data.userId}")`
]
});
}
Hey did u check out the example in this? https://appwrite.io/docs/permissions#:~:text=An%20Appwrite%20resource%20can%20be,and%20members%20with%20different%20roles.
@Dakshie thanks, i have missed that out
idk, doesn't work. js
async function createArticle(data) {
return await databases.createDocument(
'default',
'rss_articles',
sdk.ID.unique(),
{
title: data.title,
content: data.content,
url: data.url,
},
[
sdk.Permission.read(sdk.Role.user(data.userId))
])
}
Did you try adding permissions from the console?
i had some progress getting user:null
will have to take a look on the input if the data is corect, but atleast the permissions are set to null right now
is there a way to read a permission from document ?
i want to get the owner of a document from one collection, and create a post/document that belongs to that owner in another collection
You want to delegate the read permission to a user right? You can use - Permission.read()
no i want to know the owner of the document
then according to the owner of the document, create a post, as there might be several owners on different documents
I am using Permission.read(Role.user(data.userId)) to setup the userid, but the way i'm passing it, i have to create another field on creation, i don't want to do that, i want to understand on how to get the ID of the owner from the document itself, not create it manually each time
it will save a lot of pain in the future
i think i found the problem on permission setting, but the question about how to get who owns the document is still relevant
I'm trying to understand what's going on. I finally got the ID of the owner of the document, and it seems that it is working, but now realtime returns everything even though i got set document security permissions on.
function extract_user_id(permissions) {
for (let command of permissions) {
const start = command.indexOf(":") + 1;
const end = command.indexOf("\")");
if (start !== -1 && end !== -1) {
return command.substring(start, end);
}
}
return null; // null if no user ID was found
}
when loggin in with user1, i see only posts to user1, when loggin in user2 i see only posts to user two, but when the realtime db hits up, i see all posts on both ends
doesn't realtime apply the security of documents?
strange now it works, i guess must have been in the same session at the first time
[SOLVED] User permissions on document creation.
