How to automatically add new user to a team?
I'm confused -- what does this have to do with what we are discussing? res.status is a NextJS thing and is not related to appwrite.
How are you blocking people?
Oh sorry I thought this was an Appwrite function
Are you sure this code is executing at all?
My point is why create a team when there's something out of the box for you already?
So I would basically call account.createEmailSession and then account.get() - which then gives me an account object that has a boolean emailVerification which would be true if they've verified their account. At least I believe so - that's my plan, I haven't coded that in yet.
This is like doing client side validation only which is not secure
Yes I can register just fine. The user is created, then the account.createMembership() gets called, then I have a createVerification() call after that which does get called.
You sure an error isn't being thrown?
I mean - I was trying to do SSR before but you suggested that I do CSR instead that's why I've been moving most of my logic on the client side.
I do have a console.log in there but it's not showing anything.
It doesn't matter if you do SSR because a bad actor can make API calls directly to Appwrite. Server side validation means putting the restrictions in Appwrite
Which is why I am creating a bunch of teams to manage permissions, I'm putting the rules from inside appwrite. But in terms of checking if the user is verified, what else can I do? Didn't you say it was complicated to start a session on the NextJS backend and that I should just do it from the frontend? So I'm calling account.get() from the client side.
Out of curiosity - what's out of the box? I have 2 needs:
- Prevent unverified accounts from logging into my app to force users to verify their email before they can use the app
- Protect one collection so that even though everyone who is logged in can create new documents under that collection, only users belonging to certain teams can actually read from it
What's the out of the box solution for the second item?
But why create a team for everyone instead of using users or users/verified??
Because I didn't want to use All users when setting permissions for the collection since that could potentially include accounts that are unverified. Ideally I would like to automatically assign users to the basic team right after the email verification is done instead of after their account was created.
That's why I suggested users/verified.....
Where can I find an example of this?
In the console, select custom and then put the role string: https://appwrite.io/docs/rest#permissions
It looks like you've dealt with my concerns before: https://github.com/appwrite/appwrite/discussions/5036
And looking at the solution as you've described - selecting custom and setting users/verified seems to work for others. Okay I can try that too - just gotta make sure to do it for all of my collections. This should take care of the second item on my list:
- Prevent unverified accounts from logging into my app to force users to verify their email before they can use the app
- Protect one collection so that even though everyone who is logged in can create new documents under that collection, only users belonging to certain teams can actually read from it
I'm still worried about the first item though - as you said, checking for emailVerification is not secure because that's on the client side. Bad actors can still potentially bypass this security check and get past the login screen but since the collections are protected, they should only see an empty shell of the app without any data. I get this - but I'm just not a fan of it. Ideally I don't even want them to see an empty shell of the app, just be stuck on the login screen.
Is it normal for it to say "Not found"?
No π§
You mean "No, our team should change what that says" or "No, you messed up and it should show something else"? π
Maybe you can create an issue? I've never seen that before and I can't test that right now on my phone
Okay I submitted an issue.
