Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

Permissions and Relationships

  • 0
  • Databases
  • Flutter
  • REST API
  • Cloud
View on Discord
w0rsti
21 Mar, 2024, 20:01

Although this question was kind of raised several times, I didnt find a concrete answer to my specific question:

Scenario:

Lets say I have a two way relationship between CollectionA and CollectionB. My application or use-case has two types of users roles defined by their role in the team - admin and user.

When acting as an admin, I want to be able to read the CollectionA (with their relating CollectionB) but when in the user role, i want them to only be able to read CollectionA but not the corresponding CollectionB.

Since the docs and also some answers on discord mention in order for some to read a document with relations they have to have read access to the document itself as well as to the relating children I considered the following solutions for this problem but I am unsure which of them are "best practice" or "better". I am also up for further solution suggestions.

  1. Write an appwrite cloud function or custom backend function to return the CollectionA Document without the CollectionB Document for regular users and make the permissions to be read only by admins (and the server/function sdk ofc.)
  2. Convert the relationship between them into a one way relationship where CollectionB is referencing CollectionA and as an admin fetch the CollectionB document(s) for CollectionA by a seperate call with the a query like "Give me all CollectionB documents that belong to CollectionA"

Thanks to everyone reading this in advance!

TL;DR
Developers wants to limit user roles' access to specific collections based on their role. Two proposed solutions are: 1. Utilize a cloud function to fetch CollectionA Document without CollectionB for regular users, while giving read access to admins. 2. Restructure the relationship to a one-way connection where CollectionB references CollectionA, allowing admins to retrieve CollectionB documents separately. The best practice is subjective, but both solutions are valid approaches to address the permissions and relationships concern.
anothermetic
21 Mar, 2024, 20:07

I'd lean towards #1 for the sake of flexibility, but #2 is definitely a lot simpler to implement https://www.phorm.ai/query?projectId=fb0cba3a-766d-4470-82eb-9313f19c0216&threadId=fba1ecd7-5026-495a-9006-ab8341981049

w0rsti
21 Mar, 2024, 20:16

@anothermetic I just watched a video by appwrite on YouTube https://youtu.be/f7z5-yVKz7A?si=-lPIyG5rTvVbj5Y- In the implementation part he is giving read access to „CollectionA“ (in the video „Calendars“) but not yet to „CollectionB“ (in the video „events“) but still can fetch collectionA. This is actually what I need but this has changed or has it?

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more