#How to Ensure a User Can Only Leave One Review per Product

Hi everyone,

I'm working on a review system for my app using Appwrite, and I'm facing an issue with ensuring that a user can only leave one review per product. I have a Products collection where I store the product details and a Reviews collection where users can submit their reviews. The Reviews collection has fields like userId, productId, and stars. I’ve set up a relation between the Products collection and the Reviews collection, and I’ve also implemented user authentication so users can log in.

However, I’m having trouble preventing a user from submitting multiple reviews for the same product. The permissions system seems to be the main issue, especially since I can’t use an index due to the relation between the Products and Reviews collections. I also experimented with linking users to a separate collection, but that approach doesn’t work well with the user authentication system.

Can anyone suggest the best approach to make sure that a user can only leave one review per product? I’m especially looking for a solution that integrates smoothly with Appwrite’s permissions system and user authentication. Any help or advice would be much appreciated!

maybe create a reviewed customer list field on that product and made user only not in that list can review. A user will get add to that list after he reviewed.

the another method is that a user will have the review product list. When he review on a product, that product id will hadd to that user's list and he won't able to review again

For a review doc
Have a "reviewer" attribute
Which contains the list of user ids who have already reviewed that doc.
So if they added a review
Add their id to the list
Then in your project
Check the review attribute if it contains the id of current user
If yes
Disable review
If no
Enable review

But the limitation of this method is the attribute size 😐

Orr
Create a separate collection
This has 2 attributes
Product
Review
When a user sees a review
Fetch the docs from this collection matching the product id with the collection attribute
And userid with reviewer attribute
If any docs are returned
Then turn the option off
Else
Turn it on
Create new doc on review when completed.

Thanks for the suggestions, everyone!

However, in all of these cases, I would still need to ensure the right permissions and safeguards are in place. Specifically, I think I’d need to create the reviews through an Appwrite Function. If I only rely on client-side checks (like managing a list of reviewers or adding the user ID to the review), there’s the risk that someone could reverse-engineer the app, access the API endpoints, and potentially manipulate or change the reviews.

By using an Appwrite Function to manage the creation and validation of reviews, I can ensure that the logic is executed securely, and the proper checks are enforced before allowing a review to be saved. This way, even if someone manages to reverse-engineer the app, they wouldn’t be able to bypass these important checks.

What do you think? Would that be the recommended approach in this case?