Skip to content
Back

[SOLVED] When relation has data, i get 401 Unauthorized

  • 0
  • Databases
  • Web
mark
13 Nov, 2023, 21:53

I have two collections "projects" (P) and "campaigns" (C).

They are configured as a two-way relationship / many to one: P can have many C. C can have one P.

Authenticated user (the one i am testing with) has read access for the P as well as for the C items he creates (document security layer).

I am using the client SDK to query. Double checked all IDs and I nearly do the same kind of query (beside of some query params) as the appwrite backend, when retrieving P items.

When I only have P but no (related) C everything just loads fine. Once I add a related C to a P, than the query to retrieve all items fails.

I get back a 401 Unauthorized from the XHR request and appwrite container tells me "[Error] Message: The current user is not authorized to perform the requested action.".

I know from your docs, that there must be sufficient access right to all related documents in a relationship. But that kind of require is met and tripple checked.

Looking forward for some help. Already spent hours of debugging and run out of ideas. Thanks!

TL;DR
The user was receiving a 401 Unauthorized error when querying with the client SDK. The issue was resolved by enabling document security on the 'messages' collection. The error occurred only when querying with the client SDK and not when querying through the backend. The user verified that the permissions and document security settings were correct. The user also shared screenshots of the document and collection security settings. The user mentioned that the collection IDs seemed to not match up. The user provided details of the 'projects' and 'campaigns' collections and mentioned that they had a two-way relationship. The user had read access for both collections and encountered the error when querying for
Drake
13 Nov, 2023, 22:00

Would you please share the details of the collection and documents?

mark
13 Nov, 2023, 22:33

Sure.

the collection configuration is attached.

The P document from the backend:

TypeScript
{
    "name": "abc",
    "color": "#F56565",
    "$id": "65425e3beb06b173cdbb",
    "$createdAt": "2023-11-01T14:18:35.962+00:00",
    "$updatedAt": "2023-11-01T14:18:35.962+00:00",
    "$permissions": [
      "read(\"user:653a9061c096bb18d3a4\")",
      "update(\"user:653a9061c096bb18d3a4\")",
      "delete(\"user:653a9061c096bb18d3a4\")"
    ],
    "mail_providers": [],
    "campaigns": [
      {
        "name": "sadfsf",
        "$id": "65516c7232fad43b3d2d",
        "$createdAt": "2023-11-13T00:23:14.209+00:00",
        "$updatedAt": "2023-11-13T00:23:14.209+00:00",
        "$permissions": [
          "read(\"user:653a9061c096bb18d3a4\")",
          "update(\"user:653a9061c096bb18d3a4\")",
          "delete(\"user:653a9061c096bb18d3a4\")"
        ],
        "messages": [],
        "contacts": [],
        "mail_provider": null,
        "$databaseId": "63cc623bb0baff5e8831",
        "$collectionId": "65516ada06108a04c399"
      }
    ],
    "$databaseId": "63cc623bb0baff5e8831",
    "$collectionId": "63cc6241dfb4a765a985"
  }
Drake
13 Nov, 2023, 22:46

the collection ids don't seem to match up 🧐

mark
13 Nov, 2023, 23:01

Ok. I see. This is what i got, doing a fresh $ appwrite init collection on the current install and there C has ID 63cc624ae0b383e8cf56.

When I go to the backend, I see the following in my collection as in the screenshot attached

mark
13 Nov, 2023, 23:01

That can be because i re-created campaigns collection while debugging.

Drake
13 Nov, 2023, 23:28

ok...can you share a screenshot of the document security and permissions in here then?

Drake
13 Nov, 2023, 23:29

also, can you check the output of account.get() before you call databases.listDocuments()?

mark
14 Nov, 2023, 09:33

sure. this is the output of account.get():

TypeScript
{
    "$id": "653a9061c096bb18d3a4",
    "$createdAt": "2023-10-26T16:14:25.789+00:00",
    "$updatedAt": "2023-11-01T10:36:20.128+00:00",
    "name": "Tester Mustermann",
    "registration": "2023-10-26T16:14:25.788+00:00",
    "status": true,
    "labels": [],
    "passwordUpdate": "2023-10-26T16:14:25.788+00:00",
    "email": "test@test.de",
    "phone": "",
    "emailVerification": true,
    "phoneVerification": false,
    "prefs": {},
    "accessedAt": "2023-10-26T16:14:25.788+00:00"
}

Find the screenshots of document and collection security in the attachment.

Drake
14 Nov, 2023, 17:20

hmm there are several other relationship attributes too...the problem could be with one of those 🧐

mark
14 Nov, 2023, 19:56

Yep. I can tell that, when no C is connected to P, than everything works as expected. So the P relations should not be the problem.

When I add a related C, to problem occurs.

While when I query through the backend, to the collection overview, they can be successfully retrieved. Here is how the response from the appwrite GUI looks like:

TypeScript
 {
            "name": "abc",
            "color": "#F56565",
            "$id": "65425e3beb06b173cdbb",
            "$createdAt": "2023-11-01T14:18:35.962+00:00",
            "$updatedAt": "2023-11-01T14:18:35.962+00:00",
            "$permissions": [
                "read(\"user:653a9061c096bb18d3a4\")",
                "update(\"user:653a9061c096bb18d3a4\")",
                "delete(\"user:653a9061c096bb18d3a4\")"
            ],
            "mail_providers": [],
            "campaigns": [
                {
                    "name": "sadfsf",
                    "$id": "65516c7232fad43b3d2d",
                    "$createdAt": "2023-11-13T00:23:14.209+00:00",
                    "$updatedAt": "2023-11-13T00:23:14.209+00:00",
                    "$permissions": [
                        "read(\"user:653a9061c096bb18d3a4\")",
                        "update(\"user:653a9061c096bb18d3a4\")",
                        "delete(\"user:653a9061c096bb18d3a4\")"
                    ],
                    "messages": [],
                    "contacts": [],
                    "mail_provider": null,
                    "$databaseId": "63cc623bb0baff5e8831",
                    "$collectionId": "65516ada06108a04c399"
                }
            ],
            "$databaseId": "63cc623bb0baff5e8831",
            "$collectionId": "63cc6241dfb4a765a985"
        }
mark
14 Nov, 2023, 19:56

The error occurs only when I query with the client SDK, as follows:

TypeScript
    const test = await databases.listDocuments(
                process.env.REACT_APP_APPWRITE_DATABASE!,
                process.env.REACT_APP_APPWRITE_COLLECTION_PROJECTS!
            );

While the environment variables pointing to the right project ids

Drake
15 Nov, 2023, 00:15

What are the permissions on messages and contacts? And is document security enabled on those?

mark
15 Nov, 2023, 09:53

πŸ’‘ Ahhh... messages was the only one that had not document security enabled, now it seems to be working!! Thank you so much for pointing my nose to the right setting πŸ‘Œ

Guille
15 Nov, 2023, 12:24

[SOLVED] When relation has data, i get 401 Unauthorized

Reply

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more