Ability to Disable any of Appwrite's Service #2475
Replies: 6 comments 7 replies
-
Personally, I'm about more possibilities, and I think we should have options to choose whether to disable on client or server or both, this might open up more possibilities and use cases we might not know yet. As we want to enable as much power as possible, and yet keep the project aligned to the requirements of your community, we would appreciate all your valuable feedback. |
Beta Was this translation helpful? Give feedback.
-
I think having all options will add more complexity and uncertainty about how this feature work or why is it useful. That said, disabling server side access seems redundant because it is limited to the API key from the first place. I do see a lot of value in disabling client side access for services that are not actively used by the application. |
Beta Was this translation helpful? Give feedback.
-
When I saw this announcement on Discord I directly thought disabled everywhere, I didn’t even consider that it would be client or server side, which maybe useful in some edge cases but adds complexity. A question that maybe basic, but what’s the main goal of this? Improve security? Save resources in the server by stopping Docker containers? |
Beta Was this translation helpful? Give feedback.
-
After thinking more and more about this. I'm pretty sure we should limit this feature to the client API only. Devs have full control on what happens on both server and functions using the API key scopes and their own source-code, no reason to block it from the server side, just like we don't block it from the Appwrite console. |
Beta Was this translation helpful? Give feedback.
-
This feature now effects client side only! If you still want to use any disabled service using the server API, just create an API key with correct scopes. |
Beta Was this translation helpful? Give feedback.
-
It's exactly as someone mentioned up there. The featur is needed to prevent users who know how to use appwrite from doing whatever they want on the client. I for example didn't want to use the permission system built around the team API, but still wanted to use it. I just wanted a custom way of managing roles, and I'll be managing all of that server side. I then needed a way to prevent users on the client from creating teams, and updating them however they wish, because based on my app structure, not just any user can create a team. So, it's good that this feature was added. Just saying in case someone wanted to see a use case. |
Beta Was this translation helpful? Give feedback.
-
With upcoming version of Appwrite, we are planning to provide an option to disable any of Appwrite's service. As you can see in the image below.
Right now when you disable a service, you will not be able to access the service and it's functionalities from both server (authenticated with API Key) and client side and the service and it's functionalities are only accessible from the Appwrite's console.
We would like your feedback on the following.
Please provide your valuable comments. You can also vote with Emojis 😄
Thank you 🙏🏻
Beta Was this translation helpful? Give feedback.
All reactions