Skip to content
Start building
Back

How to use permission in server-side with node-appwrite

  • 1
  • Users
  • Databases
  • Web
View on Discord
Мухаммадамин
28 Jan, 2024, 05:33

Please help with this code. I'm trying to get data by permission but it doesn't work ?

Nextjs + node-appwrite.

TypeScript
export async function GET() {
    try {
        setToken();
        const userId = headers().get("x-user-id")!;

        const boards = await appwriteSDK.databases.listDocuments(
            DB.id,
            DB.collections.BOARDS_ID,
            [
                Permission.read(Role.user(userId))
            ]
        );

        return NextResponse.json(boards);
    } catch (error) {
        return NextResponse.json({ error });
    }
}
TypeScript
export async function POST(request: NextRequest) {
    try {
        setToken();
        const board = await request.json();
        const userId = headers().get("x-user-id")!;

        const saved = appwriteSDK.databases.createDocument(
            DB.id,
            DB.collections.BOARDS_ID,
            ID.unique(),
            board,
            [
                Permission.read(Role.user(userId))
            ]
        );

        return NextResponse.json({ saved });
    } catch (error) {
        return NextResponse.json({ error });
    }
}
TL;DR
Developers are seeking help with using permissions in server-side code with the Node.js library 'appwrite'. They are able to successfully create documents with the create function (POST method), but are having trouble retrieving documents with the GET method. They are specifically unsure of how to properly use permissions when fetching documents. One suggestion is to use the Appwrite documentation on permissions for more information. Another question is asked about solving a CORS issue with the PATCH method in 'appwrite' on the client-side. It is recommended to use the client SDK for web instead. The developers share their code for the GET and POST functions and ask for
kamal.panara
28 Jan, 2024, 06:30

hi @Мухаммадамин Server SDK is for server needs, and it by passes the permissions, so you should only use it in secure environment. and don't expose it to direct users.

kamal.panara
28 Jan, 2024, 06:30

you can use client sdk for web for your project

Мухаммадамин
28 Jan, 2024, 06:49

@kamal.panara Hi, thank you for the message. However I faced CORS issue with PATCH method in appwrite on client-side and I couldn't solve it at all, there was no other way to solve the issue.

kamal.panara
28 Jan, 2024, 06:51

Did you created post for that issue here on support channel?

Мухаммадамин
28 Jan, 2024, 06:54

Yes, https://discord.com/channels/564160730845151244/1193142686715232266

Мухаммадамин
28 Jan, 2024, 06:54

In my code, the create function (post method) is working well but GET is not getting the documents.

I don't understand how to use permissions when fetching the documents ? (now, this is the main issue)

kamal.panara
28 Jan, 2024, 06:55

Okay got it

kamal.panara
28 Jan, 2024, 06:59

You can learn more about using permissions here https://appwrite.io/docs/products/databases/permissions

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more