there have objectID _id in the schema, and i am using
{
"_id" : "%%user.id"
}
in the Document Permissions for Read&Write.
And it show that Client attempted a write that is not allowed.
Is i missing something?
there have objectID _id in the schema, and i am using
{
"_id" : "%%user.id"
}
in the Document Permissions for Read&Write.
And it show that Client attempted a write that is not allowed.
Is i missing something?
Hello!
Your current document filter expression signifies that the user can only read/write documents that have an _id
field equal to the user’s ID. For example:
Let’s say you have a user with ID “abc123”.
They will be able to read/write the following document:
{
_id: "abc123",
"name": "albert",
...
}
because their ID matches the _id
field of the document. This is a purely theoretical example however, and unless you manually set the _id
field of the document, the odds that the IDs are equal are about none. As such, you probably don’t want this as _id
is a required unique field for documents in MongoDB.
If your intention is to only allow the user to read/write documents that have a field with their ID, what you can do is add an additional field to your documents of the ObjectID type, and set it equal to the user’s ID. For example, the document might look like the following (depending on your use case):
{
_id: ObjectID(...),
"owner_id": ObjectID(...),
...
}
where the owner_id
is the user’s ID. Your document filter could be:
{
"owner_id": "%%user.id
}
So the user can read/write all documents that have an owner_id field equal to their ID.
thank you for the reply,
i think that is because of different data type.
when i set that field to string, anything is fine