Databases
StackOverflow2013
Postsdbo
POcloud code : User can't access object which has ACL for the role it belongs
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POcloud code : User can't access object which has ACL for the role it belongs
    primarykey
    data
    text
    <p>The functionality i want to achieve is this</p> <ol> <li>When a user registers, two roles(admin, users) are created</li> <li>If the user is an admin he should be able to invite other users to join for the same account with user privilege (non admin)</li> <li>A user who is not admin should not be able to invite people to join</li> </ol> <p>This is how i am trying to achieve this in cloud code</p> <ol> <li>Create two roles when an account is created</li> <li><p>Create two dummy objects with admin and user ACLs, below is the code for these two steps</p> <pre><code>Parse.Cloud.afterSave("account", function(request) { var accountName = request.object.get("name"); //create admin role var adminRoleACL = new Parse.ACL(); adminRoleACL.setPublicReadAccess(false); adminRoleACL.setPublicWriteAccess(false); var adminRole = new Parse.Role(accountName + ADMINISTRATOR, adminRoleACL); adminRole.save(); //create user role var userRoleACL = new Parse.ACL(); userRoleACL.setPublicReadAccess(false); userRoleACL.setPublicWriteAccess(false); var userRole = new Parse.Role(accountName + USER, userRoleACL); userRole.save(); // create dummy object for each role with access to only that role // we will use these dummy objects in cloud code to figure out whether // the user belongs to that group. //create dummy for admin var dummy = new Dummy(); dummy.set("name", accountName + ADMINISTRATOR + DUMMY); var dummyACL = new Parse.ACL(); dummyACL.setPublicReadAccess(false); dummyACL.setRoleReadAccess(adminRole, true); dummy.setACL(dummyACL); dummy.save(); //create dummy for user dummy = new Dummy(); dummy.set("name", accountName + USER + DUMMY); dummyACL = new Parse.ACL(); dummyACL.setPublicReadAccess(false); dummyACL.setRoleReadAccess(userRole, true); dummy.setACL(dummyACL); dummy.save(); }); </code></pre></li> </ol> <p>After account is created i add this user to both admin as well as to the user group, here is the code</p> <pre><code>Parse.Cloud.define("addUsersToRole", function(request, response) { Parse.Cloud.useMasterKey(); var currentUser = request.user; var accountName = request.params.accountname; var query = new Parse.Query(Parse.Role); query.contains("name", accountName); query.find({ success : function(roles) { console.log("roles: " + roles.length); for (var i = 0; i &lt; roles.length; i++) { roles[i].getUsers().add(currentUser); roles[i].save(); } response.success(); }, error : function(error) { response.error("error adding to admin role " + error); } }); }); </code></pre> <p>Now when i try to do signup i just want to check if the current user can find the admin dummy object which was created (since the ACL for that was set to be accessed by only admin role). If the object can be read then it should mean that the current user belongs to admin role right? Here is the code</p> <pre><code>Parse.Cloud.define("inviteToSignUp", function(request, response) { var userEmail = request.params.email; var currentUser = request.user; var accountName = currentUser.get("accountname"); //do it only if the user is admin var query = new Parse.Query(Dummy); query.equalTo("name", + accountName + ADMINISTRATOR + DUMMY); query.first({ success : function(dummy) { if(dummy) { sendSignupEmail(userEmail, currentUser, request, response); } else { response.error("Invitation failed. You don't have the priviledges to add new user. Please contact your administrator'"); } }, error : function(error) { response.error("error while inviting users. " + error.message); } }) }); </code></pre> <p>Now the problem is that even though the admin user is logged in the dummy object created doesn't get returned in the query in the above method. Is there anything i am missing? Is there a better way to achieve this functionality?</p> <p>I checked the data browser and i can see the two roles being created, the user being member of both the groups. I also see that two dummy objects are created each with these two ACL</p> <ol> <li>{"role:XYZ_Administrator":{"read":true}}</li> <li>{"role:XYZ_user":{"read":true}}</li> </ol>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. USRaghvendra Singh
    1. USRaghvendra Singh
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload