Permission management on individual contributions #8112
Unanswered
morzan1001
asked this question in
Q&A
Replies: 1 comment
-
|
Appwrite handles this using document-level permissions, so you don't need to give every user global update or delete access to the collection. A common approach for a blog application is:
Example: await databases.createDocument(
DATABASE_ID,
COLLECTION_ID,
ID.unique(),
{
title: "My First Post",
content: "Hello World!",
authorId: user.$id
},
[
Permission.read(Role.any()),
Permission.update(Role.user(user.$id)),
Permission.delete(Role.user(user.$id))
]
);This way:
It's also a good idea to store the |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hey, I'm playing around with appwrite to see if it's for me and I want to use it in backends in the future. However, I've run into a problem that you might be able to help me with.
In a normal blog application, a user should be able to create, delete and edit posts. Other users should be able to see these posts but not edit or delete them. I have created a collection in which the posts can be stored, but now I have to give the users all the permissions for delete and update although each user should only be able to edit his own post. How do I implement this with the appwrite permissions? Does anyone have a suggestion for me? Thank you very much
Beta Was this translation helpful? Give feedback.
All reactions