2

I'm having an issue when running a function in Cloud Code. It is supposed to check the existence of an object and, if it does exist, create a new user: 

Parse.Cloud.define("createUser", function(request, response) {

    // Query the existing company by id
    var query = new Parse.Query(Parse.Object.extend("Company"));
    query.equalTo("objectId", request.params.company.existing.id);
    query.find().then(function(result){

        var user = new Parse.User();

        user.set("username", request.params.username);
        user.set("password", request.params.username);
        user.set("email", request.params.email);
        user.set("permissions", ["User"]);

        var company = result[0];

        user.signUp(null, {
            success: function(user){
                // Asign company ACL for User write permission
                var cACL = company.getACL();
                cACL.setWriteAccess(user.id, true);
                company.setACL(cACL);
                // Save company
                company.save();
                console.log(company);

                // Establish user-company relationship
                var cRelation = user.relation("associated");
                cRelation.add(company);
                // Save user
                user.save();
                console.log(user);

                // Finish
                response.success(user);
            },
            error: function(user, error){
                response.error(JSON.stringify({code: -8000, message: "User creation failed"}));
            }
        });

    }, function(error){
        response.error(JSON.stringify({code: -8001, message: "Invalid company"}));
    });

});

I first query Parse for the existence of said object. If it does exist I create a new user with the parameters received. In the completion block of the user creation I assign the proper ACLs (to the company object) and later on save them. That's when I encounter the first issue: the ACLs are not saved (checked in the dashboard). I console.log the company for debugging purposes and it shows the ACLs are correctly set. So I assume it must be a saving problem.

NOTE: The user is created, but whatever I try to do later doesn't work.

Later on I add this object to a relationship previously defined in the dashboard, but I have the same problem with that: the relationship does not come up in the dashboard, even though when I console.log the object it shows that the relationship was properly set.

I'm lost here. I don't understand why this isn't working and I've read tons of online documentation and still can't find the answer.

tomidelucca
  • 2,543
  • 1
  • 26
  • 26

1 Answers1

2

Okay, after a day of work I finally found out my problem. I had ACLs set everywhere and I had no privilege for saving the objects I was trying to save. So saving was indeed failing.

I should note that if you are having the same problem I did, you can easily solve it using the Master Key. To do so, you need to call Parse.Cloud.useMasterKey() before executing any requests that must be authenticated.

This only works in Cloud Code, and you should definitely know what you are doing when you use the Master Key because it basically gives read and write privileges to anyone, everywhere, for everything. So make sure your logic is flawless because you might get big security problems if it's not used wisely. As Uncle Ben said: With great power comes great responsibility.

Hope this helps someone.

tomidelucca
  • 2,543
  • 1
  • 26
  • 26
  • For anyone reading this in 2017, I'd like to mention that `Parse.Cloud.useMasterKey()` is discontinued, and you should pass `{useMasterKey: true}` as an option to any function you wish to run elevated. – Doruk Karınca Feb 10 '17 at 08:36