Skip to content
Start project
Back

[500 - internal server]: Missing "update" permission for role "team:abc/owner".

  • 0
  • Self Hosted
  • Teams
View on Discord
Abhishek
2 Sep, 2023, 17:14

Web SDK is throwing 500 - internal server on permission missing.

Scenario: A non-owner user is trying to update the Team name.

Here is the traceback:

TypeScript
#0 /usr/src/code/app/controllers/api/teams.php(273): Utopia\Database\Database->updateDocument(Object(Utopia\Database\Document), 'abc...', Object(Utopia\Database\Document))
#1 /usr/src/code/vendor/utopia-php/database/src/Database/Database.php(495): {closure}()
#2 /usr/src/code/app/controllers/api/teams.php(274): Utopia\Database\Database->withRequestTimestamp(NULL, Object(Closure))
#3 /usr/src/code/vendor/utopia-php/framework/src/App.php(508): {closure}('abc...', 'ABC', NULL, Object(Appwrite\Utopia\Response), Object(Utopia\Database\Database), Object(Appwrite\Event\Event))
#4 /usr/src/code/vendor/utopia-php/framework/src/App.php(673): Utopia\App->execute(Object(Utopia\Route), Object(Appwrite\Utopia\Request), Object(Appwrite\Utopia\Response))
#5 /usr/src/code/app/http.php(258): Utopia\App->run(Object(Appwrite\Utopia\Request), Object(Appwrite\Utopia\Response))
#6 {main}

According to the Documentation, the following error should be triggered:

401 Unauthorized Missing or incorrect authentication credentials can happen when the API key or user permission is not sufficient.

403 Forbidden The request is understood, but it has been refused, or access is not allowed. An accompanying error message will explain why. Make sure to register your app in your project's dashboard platform list.

TL;DR
The user is getting a 500 internal server error when trying to update the name of a team using a non-owner account. The expected error codes are 401 or 403. The suggested solution is to use the server-side teams SDK through a cloud function.
Binyamin
3 Sep, 2023, 17:00

Can you share

  • Version of Appwrite
  • Your code
  • You've marked your question as servers is it servers or client side SDK?
Abhishek
3 Sep, 2023, 17:44

v1.4.1 It's a self-hosted instance I'm using web client sdk

Binyamin
3 Sep, 2023, 17:53

Can you share the code? As for changing the team name, if you doing so with the web SDK it won't work as only owner level memebers are allowed to do so. Other option would be to use the server side teams SDK through a cloud function.

Abhishek
3 Sep, 2023, 20:37

Yes, the error is expected. But here I'm getting 500 - INTERNAL SERVER ERROR. It should be 401 or 403

Abhishek
3 Sep, 2023, 20:39

I'm using this piece of code

TypeScript
const promise = teams.updateName('[TEAM_ID]', '[NAME]');

To update the team's name.

It works fine when the user is the owner of the team. However, when a non-owner user is trying to do update the team name it is throwing 500 error code instead of 401 or 403

Drake
3 Sep, 2023, 20:43

Agreed. Would you please create a GitHub issue so we don't forget about this?

Abhishek
3 Sep, 2023, 20:44

Sure!

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more