
How can I write the access control algorithm or helper class for below conditions.
It should be like this.
User1 has Manager UserM1
User2 has Manager UserM2
User3 has Manager UserM3
UserM1 has Manager UserMM1
UserM2,M3 has Manager UserMM2
UserMM1, UserMM2 has Manager UserMMM
UserMMM can have its Manager as well and so and so.
Note: Recursive relationship of User and User's Manager could be deep like 10 levels.
So technically, any customers assigned to the User under the User Manager can see the client.
======= Additional explanation ========
I have 10 clients = I can only view 10 clients
Pogba have 5 clients = He can view 5 clients.
Paul is my manager and he also has 5 clients = He can view 15 clients
Logan is Pual Manager and he also has 10 clients = He can view 25 clients (Me, Paul, and Logan clients)
Henry is Pogba and Logan Manager = He can view 30 clients (25 client from Logan and Logan's staff + 5 clients from Pogba )

is there better apporach using appwrite auth for this case

You can try using teams and labels

Checkout this blog post https://appwrite.io/blog/post/manage-user-permissions-with-labels-and-teams

by how ?

Hey there 👋 Ill think about ideal solition. So far Im also mainly considering user labels. Before porposing a solution, may I ask what do you mean by "managing" an user? In Appwrite, user is authentication method - a way to login. User only holds private information to be used for login purposes. By manage, do you mean ability to change user email/password and deleting users, or do you mean to manage stuff they create - for example documents in some kind of custom collection like comments or invoices?

maybe the term is not correct. I mean, the user(manager) of the users can see the clients of users (which belong to that manager),

yes, you are right, permissions to access the collections of document.

then you can use labels to achive that.

no. the label only limit for 100 labels only

if there is something like inheriting permissions. let say user A, having permission to collections ......, then assign to under User B, so user B get alls permission from UserA and itself.

Sounds like the best way to achieve this would be with Teams, to me. But I think this would be a good feature request.

Yes should have features

We had internal discussion and 100 does sound like a small number. We will consider increating it to 1k in next release

There is a strategy used by ecommerce to find all products under a category and all it's subcaregories. Sounds like similar problem to finding manager, and all sub-managers. Using it might help, but requires re-calculation on every change to the tree.
Its called Nested Set Model
seems like. https://stackoverflow.com/questions/5368299/hierarchical-data-nested-set-model-mysql
Recommended threads
- Appwrite functions can't connect to data...
I'm trying to create a function that queries my database, but all database operations timeout from within the function, even though CLI access works perfectly. ...
- JSON and Object Support in Collection do...
I am working with Next.Js and Appwrite Cloud, I am relatively New to Appwrite but i have noticed there is no direct support of JSON and Object support in attrib...
- list() is very slow; eventually shows no...
When I use the web browser to view the collections in my database, the documents they contain are normally displayed within a few seconds. For a few days now, h...
