fix(appwrite): make meta.permissions overrideable

[abdelrahman-essawy]

PR Checklist

Please check if your PR fulfills the following requirements:

• The commit message follows our guidelines: https://refine.dev/docs/guides-concepts/contributing/#commit-convention

Bugs / Features

• Related issue(s) linked
• Tests for the changes have been added
• Docs have been added / updated
• Changesets have been added https://refine.dev/docs/guides-concepts/contributing/#creating-a-changeset

What is the current behavior?

Users couldn't override the default readPermissions / writePermissions values.

What is the new behavior?

Users are able to override the default permissions by passing options.defaultReadPermissions / options.defaultWritePermissions OR by passing meta?.readPermissions / meta?.writePermissions.

If user passed options.defaultReadPermissions AND meta?.readPermissions, then the priority will be as following:

meta?.readPermissions if not? then options.defaultReadPermissions if not? then Role.any().

fixes #5767

Notes for reviewers

This should be compatible with old users who are not passing meta?.readPermissions and expecting to get Role.any() by default.

[changeset-bot]

🦋 Changeset detected

Latest commit: 0391c8c

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[aliemir]

Hey @abdelrahman-essawy thank you for the contribution! I think the defaultReadPermissions and defaultWritePermissions should respect the previous values:

[
  Permission.read(Role.any()),
  Permission.write(Role.any()),
]

to avoid any breaking changes due to this PR.

Am I missing something here?

[abdelrahman-essawy]

Hey @aliemir , please check out my discussion #5767 (comment) with @BatuhanW on this regard, and tell me what you think.

[aliemir]

Hey @aliemir , please check out my discussion #5767 (comment) with @BatuhanW on this regard, and tell me what you think.

Just discussed with @BatuhanW about this again. Here on Default Values - Permissions docs of Appwrite says that if there's no explicit permissions, client SDK will provide permissions to the author.

Tested out with our data-provider-appwrite example and used two different accounts. I can confirm that I was unable to update the record created with another account when I don't pass explicit permissions.

I confirm that this will be a breaking change if default permissions will be empty. Can you make the necessary changes to avoid this breaking change? 🙏 If you can, please let us know. We'll mark this PR to be included in our May release 🚀

We'll review again after you make the changes 🙌

[aliemir]

Thank you for the update @abdelrahman-essawy, just left two small comments. Hope you can have time to check those 🙏

[aliemir]

Since we've added the ability to configure permissions through dataProvider instance. Can we add a section like "Handling Permissions" to our Appwrite docs? https://refine.dev/docs/data/packages/appwrite/#example Adding a small section above "Example" section will be enough I guess.

Can you add this?

[abdelrahman-essawy]

Thank you for the update @abdelrahman-essawy, just left two small comments. Hope you can have time to check those 🙏

you are very welcome, sure thing!

[nx-cloud]

☁️ Nx Cloud Report

CI is running/has finished running commands for commit 0391c8c. As they complete they will appear below. Click to see the status, the terminal output, and the build insights.

📂 See all runs for this CI Pipeline Execution

---

🟥 Failed Commands
lerna run attw --scope @refinedev/*

✅ Successfully ran 1 target

• lerna run publint --scope @refinedev/*

---

Sent with 💌 from NxCloud.