🐛 Bug Report: Manually uploading file to bucket without permissions still adds permissions about appwrite HOT 10 OPEN

@BlackyWolf, it would definitely be cleaner if we don't add the Console user's ID to the permissions so I'll leave this open to address that.

That said, it shouldn't have much of an impact as without that added permission, no one would have access to the file (assuming they're not granted access at the bucket level).

from appwrite.

@BlackyWolf, thanks for creating this issue! 🙏🏼 What you're describing seems like the expected behavior as described by our docs:

If you create a resource using a Client SDK without explicit permissions, the creator will be granted read, update, and delete permissions on that resource by default.

If you don't want to grant the user permissions, you may pass an empty array.

Is there anything else you need or can this be closed?

from appwrite.

I apologize for not being clear. I am manually uploading a file using the cloud.appwrite.io UI and it is being assigned a specific user's permissions from when I uploaded a file using a local react app. When I upload the file through the cloud admin UI I leave the permissions blank, so I'm trying to figure out how permissions are getting assigned.

from appwrite.

@BlackyWolf, are you using the same ID for both cases?

from appwrite.

When I upload the file to the bucket from the local react app, I use the currently logged in user's ID.
When I log into the cloud.appwrite.io admin portal to upload the file, I leave the permissions blank and don't assign any ID.

If it's easier to show, I can record a screen capture of the process.

from appwrite.

Here's the screen capture:

from appwrite.

@BlackyWolf, I'm pretty sure that's the ID of your Console account user since that's the user that created the file.

from appwrite.

Ah, I see. I was able to confirm this on a separate project. Is there any way to prevent this without having to disable file security? My expectation was manipulating data by going through the cloud admin console would not affect permissions on said data by automatically applying permissions.

If not, since this is expected behavior, please feel free to close the issue.

from appwrite.

Hey @stnguyen90 I can take a shot at this.

from appwrite.

I already raised a PR, as this issue was abandoned for a long time. 😅

from appwrite.