Currently the Appwrite sdk requires you to explicitly pass the read and write permissions of any document that is created by a user.

The expected format for the read / write permissions requires you to supply the user ID of the current logged in user. This would result in an additional request being placed just to fetch user ID.
What I'm suggesting is a default setting where the read and write permissons default to the current user taking away the overhead on the developer to fetch the USER ID.
If required, additional permissions can be passed allowing other users to access the document but it must always have the current user as one of the permissions. It is logical that a user who writes a document will also want to read it at some point so I feel it would be a useful enhancement.
We really want community feedback on this to check if there are any possible drawbacks to this approach and other implications that it may cause.
Currently I'm using the following code to create a document
class DB {
constructor(sdk, collectionId) {
this.sdk = sdk;
this.collectionId = collectionId;
this.user = null;
this.read = null;
this.write = null;
}
// user.roles[1] is ["userID" : "5awe2edfefwef" .... ]
// Which im using to set the read and write permissions for the current user.
setUser(user) {
this.user = user;
this.read = user && [user.roles[1]];
this.write = user && [user.roles[1]];
}
addTodo(data) {
const promise = this.sdk.database.createDocument(this.collectionId, data, this.read, this.write);
console.log('[INFO] Adding Todo');
return promise.then(function(response) {
return response;
}, function(error) {
return error;
});
}
}
The setUser function is called by my authentication controller upon successful login to set the read and write permisson variables in the DB controller.
Here's what I'm suggesting
class DB {
constructor(sdk, collectionId) {
this.sdk = sdk;
this.collectionId = collectionId;
}
addTodo(data) {
const promise = this.sdk.database.createDocument(this.collectionId, data);
console.log('[INFO] Adding Todo');
return promise.then(function(response) {
return response;
}, function(error) {
return error;
});
}
}
I think this suggestion can lower the entry barrier for a developer starting to work with Appwrite because it will allow them to begin working with databases and files without requiring them to understand the permission mechanism first.
One issue I am not sure about is what the default should be in cases where we don’t have a logged-in user like when integrating from the server, or when the user is just a guest and have no account.
We should also find out what is the best way to reflect this in the documentation and other guides that might require understanding this process.
Are we going to allow anonymous users to create documents as well ??
In the documentation I feel we can have a getting started section that explains to the users regarding the various permissions. The getting started section will give an overview of appwrite and explain all the nuances specific to appwrite including permissions and rules.
@christyjacob4 Currently we do allow anonymous users to create documents, but we can always review and see if this is a real use case or can just be customised and implemented using a server integration. This still leaves us with the question of what happens on a server-to-server integration.
I agree documentations is a must, but we also need to make sure that the getting started guide is easy as possible for people just wanting to play around and get to know Appwrite without diving into all the little details straight away.
I agree documentations is a must, but we also need to make sure that the getting started guide is easy as possible for people just wanting to play around and get to know Appwrite without diving into all the little details straight away.
Yes if we write the documentation with a lot of examples, then it'll definitely be easy for people to get started. Here's what im suggesting.
1) The getting started guide needs to happen regardless. That can contain examples and theory behind appwrite. It must explain about the roles and permissions and also mention that the default permissions are for the current user and admin to read and write, but these permissions can be modified as per you use case
@christyjacob4 100% about the examples, this is something we really lack right now in this permissions tutorial: https://appwrite.io/docs/permissions
I will add it to my checklist ✅
Just to keep this thread up-to-date.
We have updated the permissions docs, making them a lot simpler to understand and we have also added some usage examples: https://appwrite.io/docs/permissions