Unable to create document with custom role

I have a custom role which has the following permission and yet I am not able to create this document with that role selected. I am able to create it with server role.

Let(
  {
    postRef: Ref(Collection("posts"), "320709300xxxxxx265")
  },
  Do(
    Create(Var("postRef"), {
      data: {
        postId: "320709300xxxxxx265",
        communityId: Ref(Collection("communities"), "31901843xxxxxx4428"),
        authorId: Ref(Collection("users"), "313215493xxxxxx073"),
        postTitle: "editedPost.postTitle",
        postText: "editedPost.postText",
        itemPrice: "editedPost.itemPrice",
        itemLocation: "editedPost.itemLocation",
        imageUrl: ["editedPost.imageUrl"],
        createTimestamp: Now()
      }
    }),
    Call(Function("getPostByPostId"), Var("postRef"))
  )
)

Screenshot 2022-01-14 at 3.56.16 AM1176×488 42.6 KB

Screenshot 2022-01-14 at 3.56.03 AM2534×508 37.1 KB

Your query uses a predetermined document ID in the postRef. If a document already exists with that reference, then the create permission is ignored and the write permission would need to be enabled. Still, Create would fail in that situation:

> Create(Ref(Collection("Letters"), "101"), { data: { foo: "bar" }})
Error: instance already exists
{
  errors: [
    {
      position: [
        'create'
      ],
      code: 'instance already exists',
      description: 'Document already exists.'
    }
  ]
}

If you really need to create new documents each time, use Create(Collection("posts"), ...), which will create a document with an auto-generated reference.

If you need that reference ahead of the document creation, then you should use NewID() to create a reference that should not collide with any existing reference.

What does the getPostByPostId do? Is it the equivalent of calling Get(Var("postRef"))? If so, the UDF is redundant: calling Create returns the document that it creates:

> Create(Collection("posts"), { data: { title: "New Post", body: "Lorem ipsum..."}})
{
  ref: Ref(Collection("posts"), "320712854044934656"),
  ts: 1642114461910000,
  data: { title: 'New Post', body: 'Lorem ipsum...' }
}

Hi Ewan, thanks for your response. I have posted the query that I am running in the shell for both server role and my custom role. I of course delete the document with that document ID before running the query. That is how I am able to create this document every time I execute this query in the shell with the server role.

The second part is not redundant as it fetches the other details of the author and community along with the just created post. Though I would probably retire it now, now that I have the user management setup with google auth.

I have however looked at this differently since you pointed me in that direction.
I am able to create the document with both server and custom-role when not specifying the document ID
Create(Collection("posts"),

I am able to create the document with only server role when specifying the document ID. Not able to create with custom-role. (I am deleting the document after creating so existing document isn’t the problem)
Create(Ref(Collection("posts"), "320709300642120265"),

So does creating document with prefetched document ID require additional permission?

Creating a Document with a specific ID requires history_write permissions. This is true whether or not the Document has existed in the past.

Create(Ref(Collection(...), {...}) is essentially equivalent to Insert(Ref(Collection(...), Now(), "create", { ... } )

There’s some additional discussion in this topic as to why this requires the “history_write” permission. Why creating a new document with a ref requires the "History Write" permission?

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.