Create Documents that should be visible to only users that created them
- 1
- Databases
- Flutter
- Cloud
Hello folks! In my flutter app, I want to allow users to only be able to read/update/delete the documents that they themselves created. I've already created an email session and stored the userId in my localstorage using shared preferences. I'm trying to assign permissions while the user is creating documemts by doing this:
taskList.forEach((task) {
AppwriteService.database.createDocument(
databaseId: Strings.databaseId,
collectionId: Strings.collectionId,
documentId: ID.unique(),
data: task.toJson(),
permissions: [
Permission.read(Role.user(Constants.userId)),
Permission.delete(Role.user(Constants.userId)),
Permission.update(Role.user(Constants.userId)),
],
).then((value) {
if (value.data.isNotEmpty) {
print('Success');
}
});
});
But I'm getting an error saying "AppwriteException (AppwriteException: user_unauthorized, The current user is not authorized to perform the requested action. (401))". What exactly am I doing wrong? Also, should I be doing it this way (the taskList I am iterating through is a list of all tasks I want to store for that specific user).
I'm using Appwrite cloud, not local
What permissions did you set on the collection?
Umm I need to set permissions on the collection?
Yes, by default, no users have access to create documents
Oh! Okay I updated my collection permissions and have allowed everything. I'll try again. But I'm curious as to why collections have no default permissions. I mean wouldn't it make more sense to keep a create and update permission by default?
No because what if you really don't want anyone to be able to create anything?
And we'd rather have secure/no access by default rather than have users accidentally expose their collections
what's the db structure like?
Does each user have a collection for them? Or does each user have a document in the collection?
Also, have you enabled document security on the collection?
I initially was going to do a separate collection for each user, but after a discussion in <#564160731327758347> I learned that Appwrite has permissions through which I can achieve the same result I want. Essentially I want a user to be able to view/update/delete only the tasks they've created. I'm actually a newb at designing backends/dbs so I would appreciate any input on which approach to take: Whether to create new collection for each user or use document permissions.
Yes
In general, I recommend starting with a collection per data type. Then, you can break things out into separate collections as needed
Alright, thanks! I'll update on what happens with the permissions as well!
Recommended threads
- Type Mismatch in AppwriteException
There is a discrepancy in the TypeScript type definitions for AppwriteException. The response property is defined as a string in the type definitions, but in pr...
- [SOLVED] OAuth With Google & Flutter
Hi all, I'm trying to sign in with google and it all goes swimmingly until the call back. I get a new user created on the appwrite dashboard however the flutte...
- What Query's are valid for GetDocument?
Documentation shows that Queries are valid here, but doesn't explain which queries are valid. At first I presumed this to be a bug, but before creating a githu...