How to write the the access control

How can I write the access control algorithm or helper class for below conditions.

It should be like this.

User1 has Manager UserM1

User2 has Manager UserM2

User3 has Manager UserM3

UserM1 has Manager UserMM1

UserM2,M3 has Manager UserMM2

UserMM1, UserMM2 has Manager UserMMM

UserMMM can have its Manager as well and so and so.

Note: Recursive relationship of User and User's Manager could be deep like 10 levels.

So technically, any customers assigned to the User under the User Manager can see the client.

======= Additional explanation ========

I have 10 clients = I can only view 10 clients

Pogba have 5 clients = He can view 5 clients.

Paul is my manager and he also has 5 clients = He can view 15 clients

Logan is Pual Manager and he also has 10 clients = He can view 25 clients (Me, Paul, and Logan clients)

Henry is Pogba and Logan Manager = He can view 30 clients (25 client from Logan and Logan's staff + 5 clients from Pogba )

TL;DR

Summary: The developers are discussing how to implement access control for a system. They mention using the Nested Set Model and increasing the limit for a feature in the next release. They also discuss using teams and labels for managing permissions. There is a blog post and suggested solution using teams and labels for managing user permissions. Solution: The developers can try using teams and labels for managing user permissions. There is a blog post available that explains how to manage user permissions using teams and labels.

is there better apporach using appwrite auth for this case

You can try using teams and labels

Checkout this blog post https://appwrite.io/blog/post/manage-user-permissions-with-labels-and-teams

by how ?

Hey there 👋 Ill think about ideal solition. So far Im also mainly considering user labels. Before porposing a solution, may I ask what do you mean by "managing" an user? In Appwrite, user is authentication method - a way to login. User only holds private information to be used for login purposes. By manage, do you mean ability to change user email/password and deleting users, or do you mean to manage stuff they create - for example documents in some kind of custom collection like comments or invoices?

maybe the term is not correct. I mean, the user(manager) of the users can see the clients of users (which belong to that manager),

yes, you are right, permissions to access the collections of document.

then you can use labels to achive that.

no. the label only limit for 100 labels only

if there is something like inheriting permissions. let say user A, having permission to collections ......, then assign to under User B, so user B get alls permission from UserA and itself.

Sounds like the best way to achieve this would be with Teams, to me. But I think this would be a good feature request.

Yes should have features

We had internal discussion and 100 does sound like a small number. We will consider increating it to 1k in next release

There is a strategy used by ecommerce to find all products under a category and all it's subcaregories. Sounds like similar problem to finding manager, and all sub-managers. Using it might help, but requires re-calculation on every change to the tree.

Its called Nested Set Model seems like. https://stackoverflow.com/questions/5368299/hierarchical-data-nested-set-model-mysql

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support