[SOLVED] Who is responsible on the permissions?
i write in nodejs, I create a document, and this specific document should be available only to the current user. so i add permissions:
clubsCollectionId,ID.unique(), {
...club,
owner: this.currentUser?.$id // This is for me - to check permissions myself!
},[
Permission.read(Role.user(<string>this.currentUser?.$id)),
Permission.update(Role.user(<string>this.currentUser?.$id)),
Permission.delete(Role.user(<string>this.currentUser?.$id)),
])```
However, when i want to get the documents, i aim to have ONLY thouse i have access to:
const ans:ApiResponse = await databases.listDocuments( conf.appwriteDatabaseId, clubsCollectionId, // [ // Query.equal("owner", [<string>this.currentUser?.$id]) // This is my check // ] ); return ans
Now, should I do manually this check ? or Appwrite sould check the permission before returning the answer ?
Am i using the permissions wrong?
You wonβt be able to get Documents you donβt have permissions on
Are you getting back Documents you would expect to not have Read permissions on?
yes. currently, all users, get all document π
And somehow all users can change all infos.. Although i try to use permissions :
and the document security is on for this collection
Hey.
It sounds like you have a global permission on in the collection. Is that correct?
This section:
Yes, You're right!!! Thank you! That solves the issue !!! Thank you!
To get this straight - If no-permission set on the collection level. Who could create records there ?? What should be the right way to have it secured?
make sure "users" can CREATE a document, if you want everyone to read it make sure "Any" has READ on
if you want only the same user to read it's own documents, disable read for any
πππ
Thank you ! How do i mark this as solved ?
Rename the title in the beginning with [Solved]
[SOLVED] Who is responsible on the permissions?
I got you π
<:appwriteraisehand:946072255279034388>
