Back
Functions: use user context
Is there a way to use the client user's context to perform actions from the server SDK (e.g. node-appwrite)? I don't want to give users direct DB access, since users cannot be trusted (don't want someone scraping data or similar, plus some actions need additional steps). However, when a user calls a function, I want to make sure that permissions are still applied correctly, e.g. a user can only update their own DB records. How can I do so?
TL;DR
Developers are seeking a way to use a client user's context for server actions, like with node-appwrite, while maintaining security and restricting direct DB access. The solution lies in authenticating the user's actions using a JWT token and implementing appropriate permissions within the function itself. More information can be found at <https://appwrite.io/docs/products/functions/develop#using-jwt>.
Maybe this will help: https://appwrite.io/docs/products/functions/develop#using-jwt
