
It depends on you and what you want your app to do. If you only need to filter so that the user sees only the ones they have access to, permissions is enough. If you need any other filtering you'll need to model your data so that it can be filtered for that

But I tried using this method, I logged in as a separate user and when I tried retrieving the documents in the boards collection, I got all the documents even the ones not created by the current user.

What are the permissions on your collection?

Users.

Meaning the users can create, read, update and delete documents.

Do you see why that's the problem?

The reason I'm getting confused is because I had checked the code of other people and they took different approaches when fetching or adding documents to collections.
Seems it's because most of them are outdated but now I don't know how to make this possible

Oh? I don't. Please explain.

You granted access to all documents to all users...that's why when a user logs in...they see all documents

I see. And how could I fix this?

Sorry I have to ask, this is my first time working with a backend service.

Take a guess

Would I only allow users to create, update, and delete documents?

Do you really want any user to update/delete any document (including another user's)?

No I don't.

So I'm guessing I'm going to disable the permission for all users. But how would appwrite know which user created a document so that when a user logs in into his account, he sees only the document he has created?

Don't disable create or else no one would be able to create a document.
Appwrite knows who the user is because they're authenticated and have a session

I'm so confused here. But the user would also have to be able to update, retrieve and delete a document won't they? How should I set the permissions then?

The update permission would be applied at the document level and only for that user versus granting access for all users

Okay, so if I get you now, I'll only enable the create permission in the collection level?

And then when retrieving the documents for a user, I won't need to pass in a query because appwrite would automatically detect the documents that the user created? Well of that's the way it works then that is amazing!

it will automatically return only the documents the user has read access to. and, by default, if you don't pass permissions for a document when creating it, the current user is given read, update, and delete access to the document.

Thank you so much, this was all that troubled me. I thought I'd have to create a created_by
attribute to keep track of the user that created a document, I see I don't have to do that now. Thank you so much.

So when I send a listDocuments
method appwrite only returns the document that the user created. Nice!

[SOLVED] Working with permissions
Recommended threads
- Sharing cookies
Hi, I’m using Appwrite Cloud, and I have a setup where my Appwrite backend is hosted on a subdomain (e.g., api.example.com), while my frontend (Next.js app) and...
- Custom Domain Issue
i have added a custom domain about 21 hours ago, but till now there is no SSL certificate is active on it. but if i do DNS check via https://dnschecker.org/#C...
- Flutter OAuth2 Google does not return to...
When the flow starts, the browser opens, I select an account, and it keeps showing: """ Page not found The page you're looking for doesn't exist. `general_rout...
