Hello everyone, I have a collection called innocaps and each document has an attribute called "owner". I am using Appwrite function with PHP SDK to delete an innocap document and what I'm trying to accomplish is to set up permissions in such a way that only the owner of a document can delete that specific document and other users should not have that ability. I've been reading through the Appwrite documentation, but I'm not entirely sure how to implement this specific permission logic. Can someone please guide me on the steps to achieve this?
Hi @sidney by default appwrite the current user is granted with all permissions, that means if you don't send any permission when you create the document, the person who create the document can read, update, and delete the document:
You can check that in the documentation of createDocument
https://appwrite.io/docs/client/databases?sdk=web-default#databasesCreateDocument
I created a function to delete a document and I have to add the permission only for the owner to delete it, but in this documentation: https://appwrite.io/docs/server/databases?sdk=php-default#databasesDeleteDocument I don't see permission in http request
You don't set the permissions in the deleteDocument
, you do it in createDocument
or updateDocument
What is a reason of that because I don't want that other users can be able to delete the document of the owner
you send it as part of the create and update so that it's in the document itself. So, when the delete is executed, Appwrite can look at the document to see who should have access and then validate against who made the request
Recommended threads
- Type Mismatch in AppwriteException
There is a discrepancy in the TypeScript type definitions for AppwriteException. The response property is defined as a string in the type definitions, but in pr...
- What Query's are valid for GetDocument?
Documentation shows that Queries are valid here, but doesn't explain which queries are valid. At first I presumed this to be a bug, but before creating a githu...
- HTTP POST to function returning "No Appw...
Hi everyone, I’m running into an issue with my self-hosted Appwrite instance. I’ve set up my environment variables (APPWRITE_FUNCTION_PROJECT_ID, APPWRITE_FUNC...