0

I have a _User class on parse for my application and i want to make it so that its ACL restricts writing from everywhere expect cloud code (W/ master key). The user has a "Verified" boolean column acknowledging weather they are a verified user or not. I do not want them to be able to log in, mess with the javascript, and write themselves in as "verified". I wrote this code but it wont work. Any suggestions?

Parse.Cloud.afterSave("_User", function(request, response) {
request.object.set("verifiedCritic",false);
var publicReadACL = new Parse.ACL();
publicReadACL.setPublicWriteAccess(false);
publicReadACL.setWriteAccess(request.object.id,false);
request.object.setACL(publicReadACL);
request.object.save();
response.success();
});
MingMan
  • 911
  • 1
  • 10
  • 31

1 Answers1

0

http://parse.com/docs/js/symbols/Parse.ACL.html#setReadAccess

check "setPublicREAD|WRITEAccess()" and use that in addition to the method you have for an individual user.ID.

When first created or when updated, IMO you want :

PubREAD TRUE PubWrite FALSE

AND

Write ( thatUsserID, TRUE )

Then with the above and no other additional accretive assess in the array for the ACL , you should get the result that u want in cloud code after issuing "use_master_key" ...

After you create a user, can u use the databrowser to copy/paste the ACL column so that you can verify you have the correct collection of permissions? Then do your updating and the Cloudcode stuff.

Robert Rowntree
  • 6,230
  • 2
  • 24
  • 43