Back

Restrict Oauth

  • 0
  • Self Hosted
  • Accounts
Binyamin
3 Jul, 2023, 19:24

Then go woth either the first option to limit the user number. This will let you create the user using a Server side SDK. But no user will be able to create account

TL;DR
Solution: To restrict OAuth access, there are a few options: 1. Remove the user from the permissions. 2. Move the document fetching process to a function. 3. Create a role for each user and move the creation process to a function. When a user is removed, remove their role and permissions. To restrict access to only certain users in a team, you can use a condition like `user == user && team == "special access"`. However, this will still allow any team member to read the documents. To mitigate this, you can move the creation process to a function and only give access to team members. This way
Binyamin
3 Jul, 2023, 19:25

Or you can go with a verified user teams logic

Binyamin
3 Jul, 2023, 19:26
rohan
3 Jul, 2023, 19:27

also i wonder how do i send custom emails using appwrite functions?

rohan
3 Jul, 2023, 19:27

thanks i will check this

Binyamin
3 Jul, 2023, 19:28

You'll need to use an external SMTP service. There is no way of using Appwrite mailer for custom emails at the time

rohan
3 Jul, 2023, 19:30

so i need to use libraries like node mailer or something with smtp

Binyamin
3 Jul, 2023, 19:31

Exactly

rohan
3 Jul, 2023, 19:34

i have another question... currently i have a team called special members i add. them to the team after being verified and they can start creating the documents

Binyamin
3 Jul, 2023, 19:34

Okay?

rohan
3 Jul, 2023, 19:34

when i remove the user from the special access. the user is still able to read this document

Binyamin
3 Jul, 2023, 19:35

How did you removed the user special access

rohan
3 Jul, 2023, 19:35

i dont want the user to access the data unless hes given the special access

rohan
3 Jul, 2023, 19:35

removing from the team

Binyamin
3 Jul, 2023, 19:36

Okay. And what is the document and collection permission?

As if the user is creating a document using the Client side SDK then the user will get reading permission for the user id. And not only because the user is in a specific team.

rohan
3 Jul, 2023, 19:37

Document Security is turned on

Binyamin
3 Jul, 2023, 19:37

So in your case after removing a user from a team you need to make sure to remove permissions from every document created by the user.

rohan
3 Jul, 2023, 19:38

what if the documents are more?

rohan
3 Jul, 2023, 19:38

cant we somehow restrict them

Binyamin
3 Jul, 2023, 19:38

If you want to mitigate this You can move the creation process to a function and then give only the team members access.

If you do this then any time you'll remove a user from a team the reading access will also get block

rohan
3 Jul, 2023, 19:41

but anyone in the team can read the documents

Binyamin
3 Jul, 2023, 19:42

This what you wanted, don't you?

rohan
3 Jul, 2023, 19:42

i want it something like user == user && team == "special access"

rohan
3 Jul, 2023, 19:42

if one of them is false then the access should be restriced

Binyamin
3 Jul, 2023, 19:44

Ohh, then you'll need to go with:

  • Removing user from the permissions. Or
  • Move the whole document fetching to a function. Or
  • Create a role - per user - move the creation to a function. Then when the user is removed remove the user from the team and remove is role.
Reply

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more