[CLOSED] Permissions - Is it possible to use Appwrite without rolling your own Functions or backend?
This feature request is seems like relevant to that use-case https://github.com/appwrite/appwrite/issues/4656
Yes, exactly.
In Appwrite - as of now - you'll have to do it using a function.
This conversation does confirm my findings. It's absolutely fine, but it does mean that Appwrite (currently) cannot be used safely in production for apps that has personalized user content, unless you roll your own CRUD operations with user validations. Appwrite has many other amazing features however.
Why not?
You can use functions
Yes, that was my "unless".
😄
😂
You can though use a function and let it be triggered after update, so you can keep using the SDK as usual
But verify those fields after create or update events.
it's a caveat, it's a bit of a hassle, but it's something you'd from a traditional user content creation backend.
The dream would be to completely remove the propriatary backend code, maybe in the future 🙂
Also this line of Firebase permissions system
allow write : if user.id === document.id
Can be considered to be as a function, it just syntactic sugar for that logic inside Appwrite function.
const docuemnt = req.variables['APPWRITE_FUNCTION_EVENT_DATA'];
const user = req.variables['APPWRITE_FUNCTION_USER_ID']
if (document.userId !=== user.$id) {
document.userId = user.$id;
// Or just return
res.json({access:false});
return;
}
Meaning. think of it like this the only different between Firebase and Appwrite in that matter is that in Firebase you need to write it in there permission editor and in Appwrite you need to write it inside a deployed function.
indeed, there's one other caveat though, Firebase extends these permissions globally. So whenever a new feature is dropped, you can update all document permissions accordingly in one go with a click. In Appwrite, we'd need to write a migration script to migrate all permissions affected for nth documents.
and we'll need to use a mix between the Permissions in Appwrite, and our custom logic in the Function.
I have already started on a helper library for generating a full CRUD function callback.
👍
But keep in mind that you don't need to cover
- read
- delete As those will be prefect to be used permission-based.
So you need only CU
// function.js
import { crud } from 'appwrite-xxx'
module.exports = (req,res) => crud(req, res, 'database', 'collection', {
create: ({user, document}) => user.id === document.id,
...
})
I might also make a Collection helper, so that I won't have to write db.createDocument('database', 'collection', ...) all the time, just myCollection.create({...})
Thanks for clarifying. I wanted to make sure I didn't start on some unecessary journey.
👍 From what I know this is the current stand from Appwrite side.
Again, really impressed by the features in Appwrite. Perhaps if we get Community Extensions at some point I will make one for "Extended Permissions". Gotta brush off that PHP.
[CLOSED] Permissions - Is it possible to use Appwrite without rolling your own Functions or backend?
