[SOLVED] Setting document permissions for another user when creating a document in a collection
I have document level security on and want to implement simple sharing mechanism in app I'm building when a record represented by Appwrite document can be made visible for another user. I created code for creating a document which works fine when operating logged user's ID (I can set permissions for logged user for read/update/delete without issues with this code), but as soon as I add a read permission for another user to the permissions array, I have appwrite exception, see the screenshot. Is it not allowed to set permissions for other users from client side even if it's read-only? If this is indeed the cause, what is the best way to implement per-user and per-document sharing mechanism? Thanks.
Also, I am able to set the required permissions in Appwrite console without a problem, which leads to this suggestion that it might be some client side restriction.
I just tried to create a team which contains both current user and user with whom the document is to be shared with and then setting a permission for a team and it works. But this is clunky to apply to per-user sharing use case and I'm not sure about potential performance applications of always creating a team when doing a per-user sharing.
In the console you should not have restrictions when setting document/collection permissions
Thanks D5, the original issue is indeed about client side (I am working on Flutter app where there is a possibility to do per-user sharing of records).
For that case, if you want to set permissions for other users, you should use an appwrite function. You can write it in Dart too
By default, it's only "allowed" creating permissions for the team/s where the user is and for itself
Ok I see how I can do that with functions, perhaps based on an additional field in the collection, thanks.
And good to have confirmation on restrictions.
[SOLVED] Setting document permissions for another user when creating a document in a collection
Perfect. The restrictions are mainly for security reasons 😅
Some flexiblity in setting up securing restriction could be nice I guess, but I see how it is not a key priority right now as there are workarounds.
Well, the main priority is security, and that's why it has been set that way
May I also suggest adding this information to the Permissions page in Docs? I was reading it before posting the issue, but it's not mentioned there.
Not sure if I can contribute to it
It has been added
My apologies, just re-read that paragraph 😄
need to wake up, sorry for wasting your time
Nope, not wasting my time, I'm here to help 😁
thanks a million
Thanks to you! Great that solves your doubt and issue, if you face any other issues or need help while making the function don't hesitate to create another post and we will try to help 😁
I'm pinning the solution
