#[Solved] user_unauthorized in appwrite function using Server Dart SDK and API KEY

How this could happen?
Im trying to create document in database inside my function and getting user_unauthorized only in one function.
Im using dart appwrite server SDK with api key with all scopes active.

The current user is not authorized to perform the requested action. (401)

Are you sure all ID's are correct?

yes because, once per x executions it works properly

This could happened in case

• Wrong permissions
• Wrong permissions and document security turn on.

with API Key?

API key should be above normal permissions

I found that it happens only when adding relation object

With API key you certainly get a full access
But these two errors will happened even for an API-key-driven request.

If you ran it without permission does it ever get stuck?

what do you mean by without permission?

removing all permissions from collection?

or set them to "any"

my security settings for all collections are:
read:any
document permissions: off

Could you send here the code giving you the mentioned error?

Also, is this happening when activating the function from the dashboard?

Remove all permissions from the createDocument function

Do you have any?

no

here is client init:

 return Client()
      ..setEndpoint(envProvider.getEndpoint(environment, variables))
      ..setProject(connectionDataProvider.projectId(environment))
      ..setKey(envProvider.getApiKey(variables));

Okay, now that's unexpected behaver

and it crashes on createDocument function

Why 2 dots?

this is dart

its builder pattern

no worries here, its not my first function, and it works when no relationship objects are inside data

And what about the createDocument code?

i mean createDocument is from appwrite sdk

im using only databaseId, collectionId, documentId, and data params with createDocument

If you have a function that return this you can use . point to chain functions.
If you don't you can use double dots .. to have the whole object return to you. this is a nice dart feature

Didn't knew and just built a Flutter app 😅

You can see that you can the error you have only in these two locations
https://github.com/appwrite/appwrite/blob/master/app/controllers/api/databases.php#L2728
https://github.com/appwrite/appwrite/blob/master/app/controllers/api/databases.php#L2734

And if you an API key with all the Database permission that should pass
Can you try to test it in Postman through the REST API?

[Error] Timestamp: 2023-07-20T13:19:12+00:00
[Error] Method: POST
[Error] URL: /v1/databases/:databaseId/collections/:collectionId/documents
[Error] Type: Appwrite\Extend\Exception
[Error] Message: The current user is not authorized to perform the requested action.
[Error] File: /usr/src/code/app/controllers/api/databases.php
[Error] Line: 2726

I'll try with postman

and updating to 1.3.7 (i have 1.3.4)

Make sure to backup and run mirgate

oh there is 1.3.8

this is dev env so no backup needed

will back soon

ok same problems on 1.3.8

This is a document with relationships yes?

I think it can be a bug that even if you're using an API key you'll still need permission for any of the relational collections.

I think the times it didn't work was when relationship was part of the process.
Try to adjust the permissions and let us know.

but how to adjust permissions to work with api key? should i use jwt instead of api key and give user permissions for that?

I'll create github issue

I mean for the collections

Did it worked when changing the permissions?

no, it never worked when adding relationship
What i will try next:

• set write permissions to "any" or "any-logged"
• instead of api key use jwt with server sdk, and give user permission to all collections in relations

set write permissions to "any" or "any-logged"

Yes, exactly because you even though you don't need permission in general using an API key
When updating/creating something with relationships it won't work

same user unauthorized problem

and all my collections have now any-write,read,update,delete

will try with jwt now

Is there a way to see all requests received by appwrite realtime?

Don't think so

same problem with jwt - user is not authorized, even when all collections have all permissions available to "any"

removed all other fields from collection, only relation is present

tested other relations and only with twoWay relations there is such problem

so i just tested and i was able to create fine with an api key:

$ appwrite --json databases createDocument --databaseId "many-to-one" --collectionId "level1" --documentId "level1" --data '{
    "level2": {
        "$id": "level2",
        "level3": {
            "$id": "level3",
            "level4": {
                "$id": "level4",
                "level5": {
                    "$id": "level5"
                }
            }
        }
    }
}'
{
  "$id": "level1",
  "$permissions": [],
  "$createdAt": "2023-07-20T21:50:55.904+00:00",
  "$updatedAt": "2023-07-20T21:50:55.904+00:00",
  "level2": {
    "$id": "level2",
    "$createdAt": "2023-07-20T21:50:55.905+00:00",
    "$updatedAt": "2023-07-20T21:50:55.905+00:00",
    "$permissions": [],
    "level3": {
      "$id": "level3",
      "$createdAt": "2023-07-20T21:50:55.906+00:00",
      "$updatedAt": "2023-07-20T21:50:55.906+00:00",
      "$permissions": [],
      "$databaseId": "many-to-one",
      "$collectionId": "level3"
    },
    "$databaseId": "many-to-one",
    "$collectionId": "level2"
  },
  "$databaseId": "many-to-one",
  "$collectionId": "level1"
}
✓ Success

here are my collections:

Let me remove permissions:

and it still works:

$ appwrite --json databases createDocument --databaseId "many-to-one" --collectionId "level1" --documentId "level1" --data '{
    "level2": {
        "$id": "level2",
        "level3": {
            "$id": "level3",
            "level4": {
                "$id": "level4",
                "level5": {
                    "$id": "level5"
                }
            }
        }
    }
}'
{
  "$id": "level1",
  "$permissions": [],
  "$createdAt": "2023-07-20T21:54:59.591+00:00",
  "$updatedAt": "2023-07-20T21:54:59.591+00:00",
  "level2": {
    "$id": "level2",
    "$createdAt": "2023-07-20T21:54:59.592+00:00",
    "$updatedAt": "2023-07-20T21:54:59.592+00:00",
    "$permissions": [],
    "level3": {
      "$id": "level3",
      "$createdAt": "2023-07-20T21:54:59.593+00:00",
      "$updatedAt": "2023-07-20T21:54:59.593+00:00",
      "$permissions": [],
      "$databaseId": "many-to-one",
      "$collectionId": "level3"
    },
    "$databaseId": "many-to-one",
    "$collectionId": "level2"
  },
  "$databaseId": "many-to-one",
  "$collectionId": "level1"
}
✓ Success

Thanks a lot!
Im comparing it to mine and in the meantime I will paste mine:

and insert try:

appwrite --json databases createDocument --databaseId "main_database" --collectionId "content_entry" --documentId "test1" --data '{"name":"test","assignedToCategories":[{"$id":"64b9b41199345ad2a55d"}]}'    
✗ Error The current user is not authorized to perform the requested action.

64b9b41199345ad2a55d is already existing object of type category

@loud tinsel maybe problem is that im trying to insert document with relation from the "child" side?

ok, so its possible to create child or parent of the relation but cant reference it

also now getting 500

 appwrite --json databases updateDocument --databaseId "main_database" --collectionId "category" --documentId "k1" --data '{"content": ["c1"]}' --verbose
AppwriteException [Error]: Server Error
    at Client.call (/opt/homebrew/Cellar/appwrite/HEAD-b461997/libexec/lib/node_modules/appwrite-cli/lib/client.js:209:19)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async databasesUpdateDocument (/opt/homebrew/Cellar/appwrite/HEAD-b461997/libexec/lib/node_modules/appwrite-cli/lib/commands/databases.js:1353:16) {
  code: 500,
  response: [Object: null prototype] {
    message: 'Server Error',
    code: 500,
    type: 'general_unknown',
    version: '1.3.7',
    file: '/usr/src/code/vendor/utopia-php/database/src/Database/Database.php',
    line: 3090,
    trace: [
      [Object: null prototype],
      [Object: null prototype],
      [Object: null prototype],
      [Object: null prototype],
      [Object: null prototype],
      [Object: null prototype],
      [Object: null prototype],
      [Object: null prototype],
      [Object: null prototype]
    ]
  }
}
✗ Error Server Error

works from the "child" side

appwrite --json databases updateDocument --databaseId "main_database" --collectionId "content_entry" --documentId "c1" --data '{"assignedToCategories": ["k1"]}' --verbose
{
  "name": "c1",
  "$id": "c1",
  "$createdAt": "2023-07-20T22:59:38.347+00:00",
  "$updatedAt": "2023-07-20T23:03:52.676+00:00",
  "$permissions": [],
  "assignedToCategories": [
    {
      "name": "k1",
      "$id": "k1",
      "$createdAt": "2023-07-20T22:59:46.246+00:00",
      "$updatedAt": "2023-07-20T23:03:52.679+00:00",
      "$permissions": [],
      "$databaseId": "main_database",
      "$collectionId": "category"
    }
  ],
  "$databaseId": "main_database",
  "$collectionId": "content_entry"
}
✓ Success 

no error while creating, but no relation either:

 appwrite --json databases createDocument --databaseId "main_database" --collectionId "category" --documentId "k2" --data '{"name":"k2", "content": ["c1"]}' --verbose
{
  "name": "k2",
  "$id": "k2",
  "$permissions": [
    "read(\"user:64b43b2993b48df0d16b\")",
    "update(\"user:64b43b2993b48df0d16b\")",
    "delete(\"user:64b43b2993b48df0d16b\")"
  ],
  "$createdAt": "2023-07-20T23:05:14.443+00:00",
  "$updatedAt": "2023-07-20T23:05:14.443+00:00",
  "$databaseId": "main_database",
  "$collectionId": "category"
}
✓ Success 

are you trying to create those nested assignedCategories or link?

link

to link, you should put an array of ids rather than passing an array of objects

Yes! That was it! I was passing array of json objects with id instead of string array of ids

Thank you Steven, you saved the day again