Permissions - Design Patterns - Threads

Hey Appwriters. I'm keen to tap into your database expertise.

In my app I have nested collections:

Canvas (think of it like Trello) Cards (just like Trello cards)

For a multi-tenant app, one team shouldn't see another teams Canvas or Cards. So I started thinking document permissions is the way to go. But I'm quickly falling down a rabbit hole of security concerns.

Let's imagine two teams, two users on each, an admin and a member. The admin can invite others and the member can not. So the member shouldn't be allowed to change document permissions. If the admin invites a user to a canvas from outside of the team, they can update the canvas document permissions, but then we have to update all the cards too.

Can you see where my dilemma is?

I am sure the simple answer is "build a million functions" but it occurs to me that where there is a parent/child relationship, the child could inherit the secrity permissions of the parent.

That's my thinking, but if you've built an app with real time DB and figured out some good architecture for this kind of deeply nested data structure, I'd be greatful for your guidance.

Thanks :appwritecheers:

TL;DR

Developers are seeking advice on implementing document permissions for a multi-tenant app with nested collections like Canvas and Cards. The dilemma involves managing permissions for users based on their roles within a team and ensuring proper inheritance of security permissions between parent and child documents. The suggestion is to explore implementing inheritance of permissions between parent and child documents within the deeply nested data structure to simplify the process.

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Permissions - Design Patterns

Recommended threads

Need support?

Join our Discord

Get premium support