🐛 Bug Report: Unable to delete authentication method for user within project via Admin Console

[sam-morin]

👟 Reproduction steps

1. Register TOTP authentication method for a user within an application (Org -> Project -> Auth -> User)
2. Click trash can button to delete TOTP authentication method

👍 Expected behavior

My Appwrite Console admin account (across all orgs) would have the sufficient rights/role necessary (users:write) to delete an authentication method that is setup for an end user in one of my orgs.

I can successfully perform all other user administration actions from within the Appwrite console (rename, delete, create, turn off MFA).

👎 Actual Behavior

"myemail@myemail.com (role: users) missing scope (users.write)" error is produced

I've searched all over the console and cannot find any way/location to change the scope for the role of "users".

This is my main (and only) Appwrite console full admin account.

🎲 Appwrite version

Different version (specify in environment)

💻 Operating system

Linux

🧱 Your Environment

Appwrite v1.5.1

👀 Have you spent some time to check if this issue has been raised before?

• I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

• I have read the Code of Conduct

[stnguyen90]

@sam-morin, thanks for creating this issue! 🙏🏼 Let me try to reproduce this.

[stnguyen90]

I was able to reproduce this and I noticed the HTTP request looked like:

fetch("https://localhost/users/65ee4097cd531eb02fa9/mfa/authenticators/totp", {
  "headers": {
    "accept": "*/*",
    "accept-language": "en-US,en-GB;q=0.9,en;q=0.8",
    "cache-control": "no-cache",
    "content-type": "application/json",
    "pragma": "no-cache",
    "sec-ch-ua": "\"Not_A Brand\";v=\"8\", \"Chromium\";v=\"120\", \"Google Chrome\";v=\"120\"",
    "sec-ch-ua-mobile": "?0",
    "sec-ch-ua-platform": "\"macOS\"",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-appwrite-project": "console",
    "x-appwrite-response-format": "1.5.0",
    "x-fallback-cookies": "",
    "x-sdk-language": "web",
    "x-sdk-name": "Console",
    "x-sdk-platform": "console",
    "x-sdk-version": "0.6.0"
  },
  "referrer": "https://localhost/console/project-test/auth/user-65ee4097cd531eb02fa9",
  "referrerPolicy": "strict-origin-when-cross-origin",
  "body": "{}",
  "method": "DELETE",
  "mode": "cors",
  "credentials": "include"
});

which looks like it's missing the admin mode header 🧐