Back
grant permisions only to users in collection
I'm building a web app and instead of using Appwrite Auth, I made my own custom auth system that stores user data in documents. I have a "Profile" page where logged-in users can update their username and password. The route is already protected β only authenticated users can access it. My question is: how do I make sure that only the owner of the profile (or someone with permissions) can update that specific document in the collection? Since I'm not using Appwrite's built-in users, I'm not sure how to handle document-level permissions properly in this case. What should i do?
TL;DR
Ensure that developers set up custom document-level permissions in the database so only the document owner can update the data. This can be done by storing the document owner's ID in the document itself and checking it before allowing updates.