🚀 Enhancement: Client: set permission scope

[minecrawler]

🔖 Enhancement description

The API should be able to execute actions in the context of a (different) user's permissions. This could be implemented by adding a method to Client:

Client.setPermissionScope = (role: Role): Client => {}

🎤 Pitch

Never trust a user. This should be the guiding factor when designing app security. Hence, it makes sense to disable services for the client. Doing so can prevent data scraping and partly hacker's interference by providing contextual, minimal APIs using Functions.

Appwrite offers a granular permissions system, which would help a lot in order to further harden security, in conjunction with locking down services and only providing minimal Function APIs. However, disabled services aren't available to Functions either when executing actions with a user session, even though they are executed in a controlled environment.

Hence, I would like a way to make use of all of a Functions amenities while also respecting permissions. E.g. it should be simple to check if a logged in user (via JWT?) has the permission to delete a document or file, and the operation should fail if not.

See this Discord discussion for context.

Further, this functionality could be useful to admins or moderators who want to see their site (e.g. a Dashboard, Forum, etc.) with different permissions applied. A switch between views could easily be implemented by just changing the permission scope and user's role from admin to user or similar.

👀 Have you spent some time to check if this issue has been raised before?

• I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

• I have read the Code of Conduct

[lnguyen14123]

Hi I would love to work on this!