
How can I write the access control algorithm or helper class for below conditions.
It should be like this.
User1 has Manager UserM1
User2 has Manager UserM2
User3 has Manager UserM3
UserM1 has Manager UserMM1
UserM2,M3 has Manager UserMM2
UserMM1, UserMM2 has Manager UserMMM
UserMMM can have its Manager as well and so and so.
Note: Recursive relationship of User and User's Manager could be deep like 10 levels.
So technically, any customers assigned to the User under the User Manager can see the client.
======= Additional explanation ========
I have 10 clients = I can only view 10 clients
Pogba have 5 clients = He can view 5 clients.
Paul is my manager and he also has 5 clients = He can view 15 clients
Logan is Pual Manager and he also has 10 clients = He can view 25 clients (Me, Paul, and Logan clients)
Henry is Pogba and Logan Manager = He can view 30 clients (25 client from Logan and Logan's staff + 5 clients from Pogba )

is there better apporach using appwrite auth for this case

You can try using teams and labels

Checkout this blog post https://appwrite.io/blog/post/manage-user-permissions-with-labels-and-teams

by how ?

Hey there 👋 Ill think about ideal solition. So far Im also mainly considering user labels. Before porposing a solution, may I ask what do you mean by "managing" an user? In Appwrite, user is authentication method - a way to login. User only holds private information to be used for login purposes. By manage, do you mean ability to change user email/password and deleting users, or do you mean to manage stuff they create - for example documents in some kind of custom collection like comments or invoices?

maybe the term is not correct. I mean, the user(manager) of the users can see the clients of users (which belong to that manager),

yes, you are right, permissions to access the collections of document.

then you can use labels to achive that.

no. the label only limit for 100 labels only

if there is something like inheriting permissions. let say user A, having permission to collections ......, then assign to under User B, so user B get alls permission from UserA and itself.

Sounds like the best way to achieve this would be with Teams, to me. But I think this would be a good feature request.

Yes should have features

We had internal discussion and 100 does sound like a small number. We will consider increating it to 1k in next release

There is a strategy used by ecommerce to find all products under a category and all it's subcaregories. Sounds like similar problem to finding manager, and all sub-managers. Using it might help, but requires re-calculation on every change to the tree.
Its called Nested Set Model
seems like. https://stackoverflow.com/questions/5368299/hierarchical-data-nested-set-model-mysql
Recommended threads
- Help with 409 Error on Relationship Setu...
I ran into a 409 document_already_exists issue. with AppWrite so I tried to debug. Here's what I've set up: Collection A has 3 attributes and a two-way 1-to-m...
- 1.7.0 Self Hosted Upgrade
Hi, I've tried a fresh install on 1.7.0 and I've also done a fresh install on 1.6.2. 1.6.2 is working fine fresh, update to 1.7.0 and migrate fails Fresh inst...
- Functions not work on Server only Localh...
Hi, I successfully upgraded from 1.4 to 1.7, but I'm having a problem. The functions no longer work with the settings I had. I assume some changes were made. It...
