[SOLVED] Authenticate File Uploads

Hello,

I was looking at the documentation and it seems that there's no way to authenticate file uploads? For example, if a user logs into my app I want to upload their file to storage using their session so that no random people can upload files.

This also allows me to track who uploaded what file and who has access to it.

TL;DR

Developers learnt how to authenticate file uploads and grant permissions effectively. File level permissions can be set to restrict access even with bucket permissions. The 'permissions' field indicates which users can access a file. For code implementation, permissions can be set in the bucket settings and during file creation. Documentation and resources provided for further assistance.

You can give bucket level permissions only allowing logged in users, or users with x label, or any number of items. You can also allow file level permissions giving only certain users access to a file.

https://appwrite.io/docs/products/storage/permissions#bucket-level

Thank you! But how can this also be achieved in code? I'm very new to appwrite (but it's been AMAZING so far). I can't find it in the docs where to authenticate file uploads for apple

You set the permission in the console, in the bucket under settings. Then if you want file level permissions you can add them when creating the file.

https://appwrite.io/docs/references/cloud/client-web/storage#createFile

OOH so the 'permissions' field is what I set to tell the server "only this and that user can access this file"?

Yep

Thank you so much

You can use this set of docs for a bit more help on file/document permissions

https://appwrite.io/docs/advanced/platform/permissions#permission-types

Perfect. Thank you :))

[SOLVED] Authenticate File Uploads

Have a great rest of your day 🙂

Sorry, just quickly. If I set the attached permissions for the bucket, will they still only be allowed to access their own files if I also set up file level security? Or do the bucket permissions override file level security entirely?

When file security is enabled, users will be able to access files for which they have been granted either File or Bucket permissions.
If file security is disabled, users can access files only if they have Bucket permissions. File permissions will be ignored..

Yes but does that mean if they have bucket permissions to read, it overwrites the file permission not to read?

Like if User A uploads a document and all users have bucket permission to read, would User B be able to read User As document which has file permissions enabled?

I believe File level supersedes bucket.

Perfect. Thank you so much once again!

thank you @darShan haha

And you Kenny

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support