Appwrite cloud function - user id mismatch issue

Question

This is a php appwrite function code to delete a document. I compared the owner of the document with the user id. If they are the same, the user has permission to delete it, otherwise not. After I execute it, even thought the user id equals with the owner, the document won't be deleted. However, I'm noticing that the user ID fetched on the server is different from my actual user ID and I think this leads to unexcepted behaviour. How can I solve this issue or should I use another logic?

<?php

use Appwrite\Client;
use Appwrite\Services\Databases;
use Appwrite\Services\Functions;
use Appwrite\ID;

require_once 'vendor/autoload.php';

error_reporting(E_ALL);
ini_set('display_errors', '1');

return function ($req, $res) {
    $client = new Client();
    $database = new Databases($client);

    if (
        empty($req['variables']['APPWRITE_FUNCTION_ENDPOINT']) ||
        empty($req['variables']['APPWRITE_FUNCTION_API_KEY']) ||
        empty($req['variables']['APPWRITE_FUNCTION_PROJECT_ID']) 
       
    ) {
        return $res->send('Environment variables are not set. Function cannot use Appwrite SDK.', 500);
    }
    
    echo "Configuring the client...\n";

    $client
        ->setEndpoint($req['variables']['APPWRITE_FUNCTION_ENDPOINT'])
        ->setProject($req['variables']['APPWRITE_FUNCTION_PROJECT_ID'])
        ->setKey($req['variables']['APPWRITE_FUNCTION_API_KEY'])
        ->setSelfSigned(false); //false in the test environment

    
        

    try {
        print_r($req);
        $payload = json_decode($req['payload'], true);
        $databaseId = 'conni';
        $collectionId = 'innocaps';
        $documentId = $payload['documentId'] ?? '';
        

        if (empty($documentId)) {
            return $res->json([
                'success' => false,
                'message' => 'Missing required data: documentId',
            ], 400);
        }
        
        echo "Checking if the user has permission to delete the innocap document.\n";
        $document = $database->getDocument($databaseId, $collectionId, $documentId);
        if(isset($document['owner']) && $document['owner'] === $req['variables']['APPWRITE_FUNCTION_USER_ID']){
            echo "The user who is trying to delete the document, with id: " . $req['variables']['APPWRITE_FUNCTION_USER_ID'] . " has permission to delete the document.\n";
            echo "Deleting document with ID: $documentId from Collection: $collectionId Database: $databaseId\n";
            $response = $database->deleteDocument($databaseId, $collectionId, $documentId);
            return $res->json([
                'success' => true,
                'message' => 'Document deleted successfully.',
                
            ]);
        
        }  else {
            echo "The user who was trying to delete the document, with id: " . $req['variables']['APPWRITE_FUNCTION_USER_ID'] . " does not have permission to delete it.\n";
            // Return an error response if the requester is not the owner of the document
            return $res->json([
                'success' => false,
                'message' => 'The user failed to delete the document',
            ], 403);
        }
    } catch (\Exception $e) {
        return $res->json([
            'success' => false,
            'message' => 'Failed to delete document: ' . $e->getMessage(),
        ], 500);
    }
};

Different how - "completely" different, or a difference in a few of the last digits? (If it is the latter, then you are probably dealing with an integer overflow.) — CBroe, Aug 08 '23 at 09:53
The first four digits are the same. My user id is this: 648051d777d7ac754e75 and the APPWRITE_FUNCTION_USER_ID printed is this: 64804ebb8a04d9e8b0bc — harlindis, Aug 08 '23 at 11:58
Okay, not integers, so what I said won't apply then. You're going to have to give us more details then, about what you are actually doing. [ask], [mre] — CBroe, Aug 08 '23 at 12:26
I am creating an appwrite function to delete a document in a certain collection. I want to give permission to the user, if he is the owner of the document, the user should be able to delete it, otherwise not. So, one of attributes of this collection is called owner and I want to compare if the owner equals the user id in authorization. I use this condition: if(isset($document['owner']) && $document['owner'] === $req['variables']['APPWRITE_FUNCTION_USER_ID']). After I execute the code in server, even thought the owner is the same as user id, the document wont be deleted. — harlindis, Aug 08 '23 at 12:43
That is still vague and ambiguous. Please go and actually read the links I posted. — CBroe, Aug 08 '23 at 12:47
I'm currently working on a project where I'm using the Appwrite SDK for document management, and I've run into an issue regarding user permissions during document deletion. In my setup, I'm comparing the user ID of the requester with the owner ID of the document. If they match, the user should have the permission to delete the document. However, I'm noticing that the user ID fetched on the server is different from my actual user ID, leading to unexpected behavior. After executing this function, the document is not being deleted even when the owner of the document matches my user ID. — harlindis, Aug 08 '23 at 13:28

Appwrite cloud function - user id mismatch issue

0 Answers0