Back

Create Documents that should be visible to only users that created them

  • 1
  • Databases
  • Flutter
  • Cloud
CodeSadhu
23 Jun, 2023, 08:21

Hello folks! In my flutter app, I want to allow users to only be able to read/update/delete the documents that they themselves created. I've already created an email session and stored the userId in my localstorage using shared preferences. I'm trying to assign permissions while the user is creating documemts by doing this:

TypeScript
taskList.forEach((task) {
        AppwriteService.database.createDocument(
          databaseId: Strings.databaseId,
          collectionId: Strings.collectionId,
          documentId: ID.unique(),
          data: task.toJson(),
          permissions: [
            Permission.read(Role.user(Constants.userId)),
            Permission.delete(Role.user(Constants.userId)),
            Permission.update(Role.user(Constants.userId)),
          ],
        ).then((value) {
          if (value.data.isNotEmpty) {
            print('Success');
          }
        });
      });

But I'm getting an error saying "AppwriteException (AppwriteException: user_unauthorized, The current user is not authorized to perform the requested action. (401))". What exactly am I doing wrong? Also, should I be doing it this way (the taskList I am iterating through is a list of all tasks I want to store for that specific user).

I'm using Appwrite cloud, not local

TL;DR
User is trying to set permissions on documents they are creating in their Flutter app using Appwrite cloud. They want to allow users to only read/update/delete the documents they created. They are getting an error saying "AppwriteException: user_unauthorized, The current user is not authorized to perform the requested action. (401)". They are asking for assistance on what they are doing wrong and if their approach is correct. Solution: The user needs to ensure that they have the appropriate permissions set on the collection. By default, no users have access to create documents, so they need to set the permissions on the collection to allow the intended actions
Drake
23 Jun, 2023, 16:26

What permissions did you set on the collection?

CodeSadhu
24 Jun, 2023, 05:26

Umm I need to set permissions on the collection?

Drake
24 Jun, 2023, 05:35

Yes, by default, no users have access to create documents

CodeSadhu
24 Jun, 2023, 05:39

Oh! Okay I updated my collection permissions and have allowed everything. I'll try again. But I'm curious as to why collections have no default permissions. I mean wouldn't it make more sense to keep a create and update permission by default?

Drake
24 Jun, 2023, 06:09

No because what if you really don't want anyone to be able to create anything?

Drake
24 Jun, 2023, 06:10

And we'd rather have secure/no access by default rather than have users accidentally expose their collections

safwan
24 Jun, 2023, 07:32

what's the db structure like?

Does each user have a collection for them? Or does each user have a document in the collection?

safwan
24 Jun, 2023, 07:32

Also, have you enabled document security on the collection?

CodeSadhu
24 Jun, 2023, 12:34

I initially was going to do a separate collection for each user, but after a discussion in <#564160731327758347> I learned that Appwrite has permissions through which I can achieve the same result I want. Essentially I want a user to be able to view/update/delete only the tasks they've created. I'm actually a newb at designing backends/dbs so I would appreciate any input on which approach to take: Whether to create new collection for each user or use document permissions.

CodeSadhu
24 Jun, 2023, 12:35

Yes

Drake
24 Jun, 2023, 14:54

In general, I recommend starting with a collection per data type. Then, you can break things out into separate collections as needed

CodeSadhu
26 Jun, 2023, 09:31

Alright, thanks! I'll update on what happens with the permissions as well!

Reply

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more