Back

Setting Delete Permission for Owners

  • 1
  • Users
  • Functions
  • Databases
sidney
26 Jul, 2023, 12:52

Hello everyone, I have a collection called innocaps and each document has an attribute called "owner". I am using Appwrite function with PHP SDK to delete an innocap document and what I'm trying to accomplish is to set up permissions in such a way that only the owner of a document can delete that specific document and other users should not have that ability. I've been reading through the Appwrite documentation, but I'm not entirely sure how to implement this specific permission logic. Can someone please guide me on the steps to achieve this?

TL;DR
The user wants to set up permissions so that only the owner of a document can delete it using Appwrite function with PHP SDK. They are unsure of how to implement this permission logic. The solution is to set the permissions in the `createDocument` or `updateDocument` functions, not in the `deleteDocument` function. By default, the current user is granted all permissions, so if no permission is set, the person who created the document can read, update, and delete it. Documentation for setting permissions can be found in the Appwrite documentation for `createDocument`.
Guille
26 Jul, 2023, 13:14

Hi @sidney by default appwrite the current user is granted with all permissions, that means if you don't send any permission when you create the document, the person who create the document can read, update, and delete the document:

You can check that in the documentation of createDocument https://appwrite.io/docs/client/databases?sdk=web-default#databasesCreateDocument

sidney
26 Jul, 2023, 13:24

I created a function to delete a document and I have to add the permission only for the owner to delete it, but in this documentation: https://appwrite.io/docs/server/databases?sdk=php-default#databasesDeleteDocument I don't see permission in http request

Guille
26 Jul, 2023, 13:28

You don't set the permissions in the deleteDocument, you do it in createDocument or updateDocument

sidney
26 Jul, 2023, 13:35

What is a reason of that because I don't want that other users can be able to delete the document of the owner

Drake
26 Jul, 2023, 18:45

you send it as part of the create and update so that it's in the document itself. So, when the delete is executed, Appwrite can look at the document to see who should have access and then validate against who made the request

Reply

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more