Back

Ghost permissions after uploading a file

  • 0
  • Storage
memoonlite
25 Feb, 2024, 15:47

Hello. I'd like to bring up some behavior of Appwrite that I can't explain. My configuration is as follows:

TypeScript
- Bucket: Uploads, permissions: only Users.create, file security: off```

I have a function that is triggered by `buckets.*.files.*.create.` Here is a dump of the request from the server:

```{"bodyRaw":"{\"$id\":\"65db4520453e21a2cbb6\",\"bucketId\":\"64b131922f6e02d64f37\",\"$createdAt\":\"2024-02-25T14:56:32.534+00:00\",\"$updatedAt\":\"2024-02-25T14:56:32.534+00:00\",\"$permissions\":[\"read(\\\"user:65db382d6cd458a3207e\\\")\",\"update(\\\"user:65db382d6cd458a3207e\\\")\",\"delete(\\\"user:65db382d6cd458a3207e\\\")\"],```

As you see there's a permission array that says that the user can read, update and delete the file they uploaded. My question is: How did these permissions get there? 🤔 The team in which the user is in does not have permissions to update or delete documents within the Uploads bucket, only to create files.

Also, these read, update and delete permissions the user have aren't visible anywhere from within the Appwrite console. It's a mystery to me how these permissions get there. 🤔
TL;DR
Developers experiencing ghost permissions issue after uploading a file. Permissions are added by default by the SDK, overriding team permissions set in the configuration. Solution: Check SDK settings for automatic permission inclusion.
Ernest
25 Feb, 2024, 15:55

It is added by default by the SDK

Reply

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more