ratty-blush
ratty-blush12mo ago

Appwrite permissions

I use Refine with Appwrite as backend and Antd. I have seen how to add document permissions when creating or editing documents https://refine.dev/docs/data/packages/appwrite/#create-page But there are things that remain unclear: First, what is the difference between meta's readPermissions and writePermissions https://github.com/refinedev/refine/blob/master/packages/appwrite/src/dataProvider.ts#L82? Second, with readPermissions and writePermissions I can add permissions to the default Permission.read(Role.any()) and Permission.write(Role.any()) https://github.com/refinedev/refine/blob/master/packages/appwrite/src/dataProvider.ts#L80C9-L81C38. But how to override these default permissions? I don't want public permissions, only the permissions i set in meta at creation/edition.
GitHub
refine/packages/appwrite/src/dataProvider.ts at master · refinedev/...
A React Framework for building internal tools, admin panels, dashboards & B2B apps with unmatched flexibility. - refinedev/refine
Appwrite | Refine
Refine provides a data provider for Appwrite, a backend as a service platform, to build CRUD applications.
8 Replies
kapa.ai
kapa.ai12mo ago
Hi @humboldtux. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- In Refine with Appwrite, readPermissions and writePermissions are used to control who can read and write to the documents in your Appwrite collections. - readPermissions: This is used to specify who can read the document. If you set readPermissions to Permission.read(Role.any()), it means that any role can read the document. - writePermissions: This is used to specify who can write to the document. If you set writePermissions to Permission.write(Role.any()), it means that any role can write to the document. These permissions are set in the meta of the useForm hook when creating or editing documents. Here is an example: 
import { Permission, Role } from "@refinedev/appwrite";  
const { formProps, saveButtonProps } = useForm<IPost>({  
 meta: {  
 writePermissions: [Permission.read(Role.any())],  
 readPermissions: [Permission.read(Role.any())],  
 },  
});  
import { Permission, Role } from "@refinedev/appwrite";  
const { formProps, saveButtonProps } = useForm<IPost>({  
 meta: {  
 writePermissions: [Permission.read(Role.any())],  
 readPermissions: [Permission.read(Role.any())],  
 },  
});
In this example, both readPermissions and writePermissions are set to Permission.read(Role.any()), which means that any role can read and write to the document. If you want to restrict permissions and only allow specific users, you need to specify it in meta. For example, if you want to allow only users with the role "admin" to write to the document, you can do it like this: 
import { Permission, Role } from "@refinedev/appwrite";  
const { formProps, saveButtonProps } = useForm<IPost>({  
 meta: {  
 writePermissions: [Permission.write(Role.admin())],  
 readPermissions: [Permission.read(Role.any())],  
 },  
});  
import { Permission, Role } from "@refinedev/appwrite";  
const { formProps, saveButtonProps } = useForm<IPost>({  
 meta: {  
 writePermissions: [Permission.write(Role.admin())],  
 readPermissions: [Permission.read(Role.any())],  
 },  
});
In this example, any role can read the document, but only users with the role "admin" can write to the document. Please note that the wildcard permission "*" has been replaced by "role:all" in Appwrite 0.12 and later versions. You can find more info in the Migration Guide (https://dev.to/appwrite/appwrite-012-migration-post-3cha) blog post. Sources: - Refine Appwrite List Page Part 4 (https://refine.dev/docs/data/packages/appwrite#list-page) - Github Issue: Update Dataprovider for Appwrite >0.12 (https://github.com/refinedev/refine/issues/1453) ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
kapa.ai
kapa.ai12mo ago
<@648661552894967820> kapa.ai is still learning and improving, please let us know how it did by reacting below
ratty-blush
ratty-blushOP12mo ago
I am sorry i didn't get the answer and help i wanted. Your answers are not relevant to my problem and are just a verbatim copy of the documentation. I already read the documentation.
xenial-black
xenial-black12mo ago
I can confirm, I facing the same problem. 
    "@refinedev/appwrite": "^6.4.7",
    "@refinedev/antd": "^5.37.5",
    "@refinedev/appwrite": "^6.4.7",
    "@refinedev/antd": "^5.37.5",
did you find a solution ? @humboldtux
ratty-blush
ratty-blushOP12mo ago
No, unfortunately @Aphelios
xenial-black
xenial-black12mo ago
@humboldtux I was able to walk around it, by wrapping the original dataProvider in a custom made dataProvider that overrides the methods. sample: 
export const customDataProvider = (
  appwriteClient: Appwrite,
  options: { databaseId: string } = { databaseId: 'default' }
): Required<DataProvider> => {
  const { databaseId } = options;
  const database = new Databases(appwriteClient);
  const originalDataProvider: Required<DataProvider> = dataProvider(
    appwriteClient,
    {
      databaseId,
    }
  );

  return {
    ...originalDataProvider,
    create: async ({ resource, variables, meta }) => {
      const permissions = [
        // Permission.read(Role.any()),
        // Permission.write(Role.any()),
        ...(meta?.readPermissions ?? [Permission.read(Role.any())]), // new permisions
        ...(meta?.writePermissions ?? [Permission.write(Role.any())]), // new permisions
      ];

      const { $id, ...restData } = await database.createDocument(
        databaseId,
        resource,
        meta?.documentId ?? ID.unique(),
        variables as unknown as object,
        permissions
      );

      return {
        data: {
          id: $id,
          ...restData,
        },
      } as any;
    },
}
export const customDataProvider = (
  appwriteClient: Appwrite,
  options: { databaseId: string } = { databaseId: 'default' }
): Required<DataProvider> => {
  const { databaseId } = options;
  const database = new Databases(appwriteClient);
  const originalDataProvider: Required<DataProvider> = dataProvider(
    appwriteClient,
    {
      databaseId,
    }
  );

  return {
    ...originalDataProvider,
    create: async ({ resource, variables, meta }) => {
      const permissions = [
        // Permission.read(Role.any()),
        // Permission.write(Role.any()),
        ...(meta?.readPermissions ?? [Permission.read(Role.any())]), // new permisions
        ...(meta?.writePermissions ?? [Permission.write(Role.any())]), // new permisions
      ];

      const { $id, ...restData } = await database.createDocument(
        databaseId,
        resource,
        meta?.documentId ?? ID.unique(),
        variables as unknown as object,
        permissions
      );

      return {
        data: {
          id: $id,
          ...restData,
        },
      } as any;
    },
}

message.txt

ratty-blush
ratty-blushOP12mo ago
thanks @Aphelios will give it a try
xenial-black
xenial-black12mo ago
cool, anyways I opened a PR to fix it, it should be merged soon. cheers! https://github.com/refinedev/refine/pull/5774
GitHub
fix(appwrite): make meta.permissions overrideable #5767 by abdelr...
PR Checklist Please check if your PR fulfills the following requirements: The commit message follows our guidelines: https://refine.dev/docs/guides-concepts/contributing/#commit-convention Bugs ...

Did you find this page helpful?