Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

How to omit sensitive fields in user.list()

  • 0
  • Self Hosted
  • Web
  • Users
View on Discord
yaman
10 Jun, 2023, 20:34

I am using appwrite node sdk to get list of all users, users.list(), however I am getting sensitive informations like password hashes in response. Is there any way to omit those fields while making the query ?

TL;DR
The user wants to know if it's possible to omit sensitive fields while making a query using `user.list()` in the Appwrite Node SDK. There is a suggestion to create a separate collection for public facing attributes. Filtering after getting the response is mentioned as a workaround, but the user wants a more efficient solution. No official solution is provided in the thread.
Drake
10 Jun, 2023, 23:51

What exactly are you trying to do? What's your use case?

Sandeep K. Dasari
11 Jun, 2023, 04:15

After catching the response, exclude those sensitive key: value pairs and create brand new object yourself and send that modified object as response brother.

yaman
11 Jun, 2023, 04:57

I am trying to get the user details using list of user ids. I don't want sensitive fields like password.

yaman
11 Jun, 2023, 05:01

Hmm I did that but I want something more efficient. Like filtering directly while making the query just like we have option to omit fields in mongodb using .select() . Filtering after getting the response might be a bit inefficient if there are large number of users

Sandeep K. Dasari
11 Jun, 2023, 05:05

Yes, this is using MariaDB, Reddis

Sandeep K. Dasari
11 Jun, 2023, 05:06

I think, there won't be this feature. may be they will introduce it in their next version if we could post issue in their repository. with valid argument.

Drake
11 Jun, 2023, 05:17

I understand that part, but why? Can you provide more context on your use case?

yaman
11 Jun, 2023, 08:00

Basically, I have a collection called "reviews" that has a field called user_id which maps to the unique id of user. When I fetch reviews, I want the full name and email of user. Currently, I am fetching user details and reviews separately on client side and then populating each reviews with name and email of user who posted it.

yaman
11 Jun, 2023, 08:01

I know it can be done securely using server sdk, but I was wondering if there are ways to omit certain fields while making queries.

Drake
11 Jun, 2023, 14:10

You really want to expose people's emails? 🧐

The way I typically handle this is to create a profiles collection for the public facing attributes

Susmita
11 Jun, 2023, 14:14

Hye @yaman Just asking

Are you making any admin dashboard for which you need to list users?

anirudhisonline
11 Jun, 2023, 14:16

Just add a new field for username in the reviews and add the name of the user to the field while they create the review instead of fetching users and reviews separately. Just a suggestion 😊

safwan
11 Jun, 2023, 14:47

There's a Query.select query that you can use for this, but I'm not sure if this was a feature added in 1.3.x.

yaman
11 Jun, 2023, 16:08

not exactly

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more