#[SOLVED] When relation has data, i get 401 Unauthorized

I have two collections "projects" (P) and "campaigns" (C).

They are configured as a two-way relationship / many to one: P can have many C. C can have one P.

Authenticated user (the one i am testing with) has read access for the P as well as for the C items he creates (document security layer).

I am using the client SDK to query. Double checked all IDs and I nearly do the same kind of query (beside of some query params) as the appwrite backend, when retrieving P items.

When I only have P but no (related) C everything just loads fine. Once I add a related C to a P, than the query to retrieve all items fails.

I get back a 401 Unauthorized from the XHR request and appwrite container tells me "[Error] Message: The current user is not authorized to perform the requested action.".

I know from your docs, that there must be sufficient access right to all related documents in a relationship. But that kind of require is met and tripple checked.

Looking forward for some help. Already spent hours of debugging and run out of ideas. Thanks!

Would you please share the details of the collection and documents?

Sure.

the collection configuration is attached.

The P document from the backend:

{
    "name": "abc",
    "color": "#F56565",
    "$id": "65425e3beb06b173cdbb",
    "$createdAt": "2023-11-01T14:18:35.962+00:00",
    "$updatedAt": "2023-11-01T14:18:35.962+00:00",
    "$permissions": [
      "read(\"user:653a9061c096bb18d3a4\")",
      "update(\"user:653a9061c096bb18d3a4\")",
      "delete(\"user:653a9061c096bb18d3a4\")"
    ],
    "mail_providers": [],
    "campaigns": [
      {
        "name": "sadfsf",
        "$id": "65516c7232fad43b3d2d",
        "$createdAt": "2023-11-13T00:23:14.209+00:00",
        "$updatedAt": "2023-11-13T00:23:14.209+00:00",
        "$permissions": [
          "read(\"user:653a9061c096bb18d3a4\")",
          "update(\"user:653a9061c096bb18d3a4\")",
          "delete(\"user:653a9061c096bb18d3a4\")"
        ],
        "messages": [],
        "contacts": [],
        "mail_provider": null,
        "$databaseId": "63cc623bb0baff5e8831",
        "$collectionId": "65516ada06108a04c399"
      }
    ],
    "$databaseId": "63cc623bb0baff5e8831",
    "$collectionId": "63cc6241dfb4a765a985"
  }

the collection ids don't seem to match up 🧐

Ok. I see.
This is what i got, doing a fresh
$ appwrite init collection
on the current install and there C has ID 63cc624ae0b383e8cf56.

When I go to the backend, I see the following in my collection as in the screenshot attached

That can be because i re-created campaigns collection while debugging.

ok...can you share a screenshot of the document security and permissions in here then?

also, can you check the output of account.get() before you call databases.listDocuments()?

sure. this is the output of account.get():

{
    "$id": "653a9061c096bb18d3a4",
    "$createdAt": "2023-10-26T16:14:25.789+00:00",
    "$updatedAt": "2023-11-01T10:36:20.128+00:00",
    "name": "Tester Mustermann",
    "registration": "2023-10-26T16:14:25.788+00:00",
    "status": true,
    "labels": [],
    "passwordUpdate": "2023-10-26T16:14:25.788+00:00",
    "email": "[email protected]",
    "phone": "",
    "emailVerification": true,
    "phoneVerification": false,
    "prefs": {},
    "accessedAt": "2023-10-26T16:14:25.788+00:00"
}

Find the screenshots of document and collection security in the attachment.

hmm there are several other relationship attributes too...the problem could be with one of those 🧐

Yep. I can tell that, when no C is connected to P, than everything works as expected. So the P relations should not be the problem.

When I add a related C, to problem occurs.

While when I query through the backend, to the collection overview, they can be successfully retrieved. Here is how the response from the appwrite GUI looks like:

 {
            "name": "abc",
            "color": "#F56565",
            "$id": "65425e3beb06b173cdbb",
            "$createdAt": "2023-11-01T14:18:35.962+00:00",
            "$updatedAt": "2023-11-01T14:18:35.962+00:00",
            "$permissions": [
                "read(\"user:653a9061c096bb18d3a4\")",
                "update(\"user:653a9061c096bb18d3a4\")",
                "delete(\"user:653a9061c096bb18d3a4\")"
            ],
            "mail_providers": [],
            "campaigns": [
                {
                    "name": "sadfsf",
                    "$id": "65516c7232fad43b3d2d",
                    "$createdAt": "2023-11-13T00:23:14.209+00:00",
                    "$updatedAt": "2023-11-13T00:23:14.209+00:00",
                    "$permissions": [
                        "read(\"user:653a9061c096bb18d3a4\")",
                        "update(\"user:653a9061c096bb18d3a4\")",
                        "delete(\"user:653a9061c096bb18d3a4\")"
                    ],
                    "messages": [],
                    "contacts": [],
                    "mail_provider": null,
                    "$databaseId": "63cc623bb0baff5e8831",
                    "$collectionId": "65516ada06108a04c399"
                }
            ],
            "$databaseId": "63cc623bb0baff5e8831",
            "$collectionId": "63cc6241dfb4a765a985"
        }

The error occurs only when I query with the client SDK, as follows:

    const test = await databases.listDocuments(
                process.env.REACT_APP_APPWRITE_DATABASE!,
                process.env.REACT_APP_APPWRITE_COLLECTION_PROJECTS!
            );

While the environment variables pointing to the right project ids

What are the permissions on messages and contacts? And is document security enabled on those?

💡 Ahhh... messages was the only one that had not document security enabled, now it seems to be working!!
Thank you so much for pointing my nose to the right setting 👌