[SOLVED] Document security not working

Appwrite should throw document not accessible by this role but the user can access the doc :(

but userId: 64806f760ae83e634ce3 can also access this

You also need to check collection permissions

From the console 👇

When document security is enabled, users will be able to access documents for which they have been granted either **Document **or **Collection **permissions.

What I meant is that even if the user don't have permission for the document maybe the user has permissions for the collection (read).

ohhh

if the user has read collection, he can also read a doc which he has no perms for?

can see why that's happening

Exactly

but I want my users to get their documents with listDocuments from this collection. But don't want them to access someone elses documents from this collection

I don't think so we can do that, I'll have to write this in my backend and fetch list all docs ig

So remove the read permissions for any

done done its working now

but I wanted to also allow users to do list documents for their own documents

For that you give a user permission of is own documents, don't you?

done done

ohh waittt

fish its working

thanks solved @Binyamin

👍

[SOLVED] Document security not working