[SOLVED] Move to document level permissions from collection level permissions
Hello Everyone. I have a deployed Flutter app used to sign in and out people from a construction site from iPads. I also have an admin UI that can make corrections to those sign ins if needed but the problem is, if a document update is made from an iPad then it will override the correction the admin made on their Windows view. Currently I have Collection permissions set to all Users can CRUD. My question is, how can I move to document level permissions, without preventing people on their iPads from being able to do all operations until a change is made by an Admin user? Can I add document level permissions when creating documents even if I have document level permissions disabled, then enable document permissions at a later time for them to take effect? Thank you.
I have read all documentation on permissions and searched for an existing answer to my post.
After an admin updates, does a non admin need to update it again?
Hey Seven. No. Once an admin touches it, no one else should have access.
Then maybe the admin can remove the update permission from the document so that the user can't edit it anymore
I'm pretty sure your documents already have permissions on them (assuming you didn't pass anything while creating them), but they're ignored because you don't have document security enabled. You can enable document level security and check the documents to verify. Then, you'll need to remove the permissions at the collection level (if users still need to create documents, you can leave the create permission).
I see. So documents do have permissions on them even if I haven't enabled them. I know how to proceed now. Thanks Steven. I will enable document permissions, then give the admin team and all users access to each document as they are created on the iPad. Once the admin team makes an edit, I will remove the Update and Delete permissions from all Users. On the Collection side I will remove the Update and Delete permissions for Users using the console. I appreciate your help. You can mark this as solved.
Btw, the admin teams permissions can be configured at the collection level
You are right. That is how I should handle the admin permissions since they should always be able to access all document operations. This is my first time working with Permissions so thank you for helping me think through this.
For anyone curious about how I ended set this up on my project: Collection permissions (View Image) Then when an admin edits the collection, I set the permission property to an empty list to remove all permissions from the document. This leaves only the admin team to update and delete documents. What is cool is that by default, appwrite gives document Update and Delete permission to the creator so I just have to worry about removing them when it is edited by an admin. Otherwise they can Update and Delete as much as they need to.
[SOLVED] Move to document level permissions from collection level permissions
