Authentication using Roles

How to authenticate users based on their roles? suppose I have customer, manager and admin. I want only admin to login to my website! How can I achieve that?

TL;DR

User wants to authenticate users based on their roles. They are experiencing some issues while trying to implement queries in teams and deploying functions using the Appwrite CLI. They also want to know how to create a role and how to authenticate users based on their roles. Solution: - Use the list team memberships API to query teams by email. - Follow the suggested approach mentioned in the given paragraph. - Deploy the function using the Appwrite CLI as mentioned in the documentation. - If encountering a Docker error, try specifying the correct file path in the command. - To create a membership in teams without authentication or team owners from server side functions, use the

Middleware

In the future where Appwrite will add middleware it will be straightforward.

As of now you can choose one of the following workarounds:

Create a function, let it trigger on users.*.sessions.*.create, then

Check if the user has the applicable role,
If not use Users deleteSessions and kick that user out. https://appwrite.io/docs/server/users?sdk=nodejs-default#usersDeleteSessions

Limit access

This will require a bit more effort, but in the long-term is easy to maintain and makes more sense.

Limit all protected resources

functions
collections
storage Only to a given role.

You can also just limit the edit one for example in your collections

hmm where do i create a role ? in User Preferences or should I create a teams and check there?

In teams Like here for example: https://appwrite.io/docs/client/teams?sdk=web-default#teamsUpdateMembershipRoles

ok let me check and see how I can implement it there!

I got stucked in something. I want to create a sign up for user and add this user to a team but it shows error on this

TypeScript

AppwriteException: general_unauthorized_scope, User (role: guests) missing scope (teams.write) (401)

If someone want to write to a team, it most be

Team owner - the one who created the team.
Server side SDK

Can I create a membership in teams without authentication or team owners from server side functions?

Yes, This when Teams are much easier to use When you're using them in server side no email is being send and all the logic happened on the spot.

oh okay let me try that

I have tried deploying the function

but getting error like this :

TypeScript

Docker Error: mv: cannot stat '/usr/code/main.dart': No such file or directory

Did you deploy using the Appwrite CLI like the docs suggest?

https://appwrite.io/docs/functions

yes i was using parameter --code="." instead of --code="functions/New Functions" but it wasn't mentioned in the docs as I checked.. I figured it out by looking at the attached picture or is it mentioned anywhere in docs?

The suggested approach is mentioned in this paragraph: https://appwrite.io/docs/functions#gettingStarted

ok

and How do i use queries in teams ?

i want to get all the team list with query = email

you would need to use the list team memberships API: https://appwrite.io/docs/client/teams?sdk=web-default#teamsListMemberships. Try to query just like you would against list documents

Yes i tried but it didn't work

query: { "userEmail", "abc@email.com" }

Please create a new <#1072905050399191082> post after reading the docs on queries

Reply

Reply to this thread by joining our Discord

Reply on Discord

Middleware

Limit access

Need support?

Join our Discord

Get premium support

Authentication using Roles

Middleware

Delete session upon login

Limit access

Recommended threads

Need support?

Join our Discord

Get premium support