🚀 Feature: "Query" Database by permissions

[nimos-dev]

🔖 Feature description

Extend the functionality of: Database List Documents (get a list of all the user's documents in a given collection.)

Suggestions:

List Documents(X) Get a list of all the user's documents in a given collection where user has permissions X;

List Documents(Read) (Get a list of all the user's documents which the user has read permissions)
List Documents(Read/Write) (Get a list of all the user's documents which the user has read/write permissions)
List Documents(Read/Write/Delete) ( Get a list of all the user's documents which the user has read/write/Delete permissions)

🎤 Pitch

Today we can List Documents (get a list of all the user's documents in a given collection.) which in practice means all documents to which the user has read rights. It would be nice if you could get all documents based on what permissions the user have. Today you have to implement extra redundant attributes if we want to sort/querry by permission.

Examples of areas of use are content moderation.

Not a critical feature but something that would help avoid boilerplate code and redundant attributes which improves code quality and reduces the risk of errors. Today, when I give a user write rights, I have to both update permissions and then also an attribute field to be able to sort/querry based on whether the user has write permissions or not.

👀 Have you spent some time to check if this issue has been raised before?

• I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

• I have read the Code of Conduct

[stnguyen90]

@nimos-dev, thanks for creating this issue! 🙏🏼

[dhonig-weizmann]

upvoted :)

Is there any workaround I can use in the meantime?

I tried to use
Query.contains('\$permissions', 'read("user:$subjectId")') but I get an error Attribute not found in schema: $permissions
Using dart_appwrite version 11.0.3

Any help would be most appreciated

[barshag]

@dhonig-weizmann I add user attribute....but i prefere this issue will be push to production soon...(it's just a walkaround..)

[dhonig-weizmann]

@barshag, In the end I used the JWT token and read only "my" documents, as I needed all the documents created by a specific client. This worked great :)

[cosmicsan]

i upvoted. This features is really really interesting for us.

[cloudatlas9]

In the end I used the JWT token and read only "my" documents, as I needed all the documents created by a specific client. This worked great :)

@dhonig-weizmann Good point! This is basically the same as querying by permissions, when the goal is to get all documents a user has access to.

But when wanting to maintain read-only permissions everywhere (updating docs only happens through server-side Functions with "admin" API key), then two different SDK instantiations are necessary. One with user scope to get all documents they have access to, one with admin scope to write to a document. Which is not most elegant I guess...

[apperside]

The thing that may be really useful would be to be able to filter by users in the appwrite dashboard.
Imagine you get a ticker from a user, it would streamline the problem debugging being able to filter records for which the user has permissions.