Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

Insidious "The current user is not authorized to perform the requested action" bug

  • 0
  • Self Hosted
View on Discord
mav8rick
23 Mar, 2024, 12:16

Am on 1.3.7

Hi, I'm writing this in case this can help someone.

If I define a collection A with a relationship to collection B (1:1).

I set permissions "correctly" on collection A such that team XYZ can update collection A BUT I forgot to set the permission for XYZ to update collection B.

I create an email session and use the X-Fallback-Cookie to update collection A (say a string attribute called Name), I will hit into a "user is not authorized" 401 error. Even if I switch to the Server API, I still get "user is not authorized" and that's when I panicked. However, when I clear the user's session (go to Auth, look for the user and then sessions and then delete all), I can use the Server API to update (successful).

The solution is to update collection B's permission such that team XYZ can also update it.

I appreciate the permission bit but when the document "locks up" such that even using the server API fails to update it is frigging scary.

TL;DR
Title: Bug causing "The current user is not authorized" error for developers Message: Developers facing authorization error 401 when updating a document due to missing permissions on related collection. Solution is to ensure proper permissions are set on both collections to avoid the error. Panic-inducing bug fixed by updating permissions for the related collection.
Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more