Relationships and security
Hence I have 2 collections:
- Contact(name, address) => collection security = create (for all users)
- Address(street, city) => collection security = none
Why do I need to give "create" permission to all related collections? What if I want, that the user only can create a contact and needs to use the existing addresses?
Are you getting some kind of error? If so, what's your code?
I‘m getting 401 „user not authorized“ I create a document with the nested documents If needed, I can create a minimal reproducible example
Same i still don’t know how to fix this issue, has no problem with non relation documents.
Yes, reproducible example would be great
Here is Flutter/Dart code and instructions
Future<void> main() async {
/// 1. create project and collections
/// Collections
/// Address(String city)
/// Contact(String, name, Address address)
///
/// 2. Activate document security
/// 3. In collections settings of Contact: activate "CREATE" for all users
///
/// 4. Create user
/// 5. create Address
/// 6. Add "READ" permission for user to created address
final client = Client(endPoint: "https://cloud.appwrite.io/v1")
..setProject(projectId);
final account = Account(client);
final database = Databases(client);
try {
await account.get();
} catch (e) {
await account.createEmailSession(email: email, password: password);
}
final documentList = await database.listDocuments(
databaseId: databaseId,
collectionId: addressCollection,
);
final address = documentList.documents.first;
print(address);
final newContact = {"name": "new contact", "address": address.data};
final response = await database.createDocument(
databaseId: databaseId,
collectionId: contactCollection,
documentId: ID.unique(),
data: newContact,
);
// AppwriteException: user_unauthorized, The current user is not authorized to perform the requested action. (401)
print(response);
}
I figured out, that it works if we give "READ" and "UPDATE" to the Address collection
If your issue has been solved, you can mark this post as closed by adding “[SOLVED]” to the beginning of the title
But why do I need to give „UPDATE“ permissions
This should only be needed if the user needs to send PATCH requests, if the user only needs to read just make it READ only
Ok Does not work I need to give UPDATE permission to create a document containing this nested document
So.. you want to create a document?
I have already a document B Collection A has a Many-To-One relationship to B I want to create a document in collection A (that has the nested document B)
Ah I see. You need the UPDATE permission because you are updating a relation within document B. You need the CREATE permission for collection A
Ok I understand
But did I understand the relation correct? I „only“ want a collection containing a document from another collection 🤔
Could you explain a little more? I don't fully understand your question
Following example as mentioned above I have a collection „Address“ with street, postal code etc and a collection „Contact“ and this contact has a name and an address How to do that with appwrite relations (Multiple contacts can have the same address)
Can a contact only have one address or multiple?
If so and I understand correctly, it would be many to many.
And if a contact only can one address → one to many?
If a contact can only be associated with 1 address, but an address can be associated with multiple contacts, then it's one to many
Ok, this works
Another question If I would delete a contact via appwrite dashboard, I get the dialog explaining, that the value for related documents get get set to null. Are there under the hood documents, that get created for every contact (related to one address) that gets created? Or where are these values set to null?
It basically means, that the document is no longer visible at the other document where you set the relation to.
Ok, but I never see the document because it’s a one way relationship (Many to one)? Or did I misunderstood something?
