[CLOSED] Document security based on attribute

any example you can refer

TL;DR

The user is asking for an example of conditionally setting document security based on attributes. They want to restrict access to a document based on a specific attribute like 'isPublic'. The support suggests using role-based permissions and provides an example using the Supabase documentation. The user insists on attribute-based conditions and wants it to work on the client side. The support explains that using an attribute is not a good practice and suggests using role-based permissions. The user insists on attribute-based access and mentions that Supabase provides it. The support asks for clarification on where this is explained in Supabase and expresses confusion. Solution: The support

Okay can you explain what you mean by conditionally setting document security?

If you're trying to restrict access based on the user, it's possible.

Have you looked at this by any chance? https://appwrite.io/docs/permissions#example-1

i am taking about attribute based conditin, not role boesd

role based examples are there, what I can tell from doc

For example, if there is a user with name Safwan, email as safwan@example.com and user id as 7b9c24929ncnmc11, then you can use the Permission.role(Role.user('7b9c24929ncnmc11')) and only that user will be able to read the document

Attribute as in?

i need something like in a documnet an attribute called let say isPublic which set to boolean, and based on that i will enable the access

so this isPublic attribute will be set for each document right?

yup

and do you plan on setting this attribute manually from the dashboard, or through your client side code, when using createDocument?

any way, I don;t think that matters here

while reading the documnet i need to check if anyone try to access the documnet

I can omit it using serverside code

It kind of does because if you're doing it through code, you can just create that document with Permission.read(Role.any())

but I needed that to work on client, otherwise what; the use here using it , right

I don't see why you need an attribute to do this? Even if you were to use an attribute, you'll have to fetch the document, see if it's isPublic is set to false or true, and based on that move forward. This isn't good practice I believe.

but that's is role based, that's what I was trying to say

This will work on client.

I don;t think, is required, supabase is providing that

Yes but the role is user. So every user will have to satisfy the condition.

Sometime we need, is useful creating internal role based access in project

Can I ask where this is explained in Supabase? I wanna make sure I understand what's happening

I'm sorry I don't quite undersatnd what you meant

Reply to this thread by joining our Discord

Reply on Discord