Update any of the documents on the said collection from Appwrite Console, and I can noticed data is received, and channel/subscription callback is executed
User A logout, unsubscribe() is fired, and then User A is logout like so sdk.account.deleteSession('current') / sdk.account.deleteSession(session_id)
At the same browser tab, User B login, e.g. sdk.account.createSession(User B email, User B password), and visit the same page, so step 2 above is executed as well
NOTE: Don't refresh browser page, if you have refreshed browser page you can't reproduce the issue
Update any of the documents on the said collection from Appwrite Console, and I can noticed data is received, and channel/subscription callback is executed, which is not expected behaviour as only User A has read permission, not User B
π Expected behavior
I should not receive any channel/subscription callback when I login as User B
π Actual Behavior
I receive channel/subscription callback when I login as User B, but User B doesn't have any read permission on the subscribed data collection (Where the callback response data is for User A)
π² Appwrite version
Different version (specify in environment)
π» Operating system
Linux
𧱠Your Environment
Frontend using React 17.x, and WebSDK 7.0.0
Backend using Node 14.x and Appwrite Node client 5.0.0
π Have you spent some time to check if this issue has been raised before?
π Reproduction steps
Config/Setup:
Document Level
permissionuser:UserID
User A
, but NOTUser B
To reproduce:
Login as
User A
, e.g.sdk.account.createSession(User A email, User A password)
At a React page, using WebSDK to subscribe to a channel like so
Update any of the documents on the said collection from Appwrite Console, and I can noticed data is received, and channel/subscription callback is executed
User A
logout,unsubscribe()
is fired, and thenUser A
is logout like sosdk.account.deleteSession('current')
/sdk.account.deleteSession(session_id)
At the same browser tab,
User B
login, e.g.sdk.account.createSession(User B email, User B password)
, and visit the same page, so step 2 above is executed as well NOTE: Don't refresh browser page, if you have refreshed browser page you can't reproduce the issueUpdate any of the documents on the said collection from Appwrite Console, and I can noticed data is received, and channel/subscription callback is executed, which is not expected behaviour as only
User A
has read permission, notUser B
π Expected behavior
I should not receive any channel/subscription callback when I login as
User B
π Actual Behavior
I receive channel/subscription callback when I login as
User B
, butUser B
doesn't have any read permission on the subscribed data collection (Where the callback response data is forUser A
)π² Appwrite version
Different version (specify in environment)
π» Operating system
Linux
𧱠Your Environment
π Have you spent some time to check if this issue has been raised before?
π’ Have you read the Code of Conduct?