2

I'm creating an app using ionic/angularjs using Backand as the backend service. I have it setup to use a MySQL database.

1) When I create a user through the SDK (version 1.8.2 from the CDN), the user shows up in Registered Users area but does not get a row in the 'users' table. Someone mentioned that I should have Anonymous Access set to User as they said this is a permissions issue but that did not solve the issue for me.

2) I can manually add a user through the Backand GUI and the user gets a row in the 'users' table as I would expect.

3) I can not manually delete users or rows in the 'users' table through the Backand GUI. I get an error stating that the "Delete My App User" failed to perform. You can't specify target table 'users' for update in FROM clause. I haven't modified the Security Actions at all. They're all default. Updating a user receives a similar error.

4) I created a blank app in Backand and updated my app with the new tokens and app name. I was able to login to that app using login credentials that were created on the original app but were not a part of this app. Does this mean users can access any Backand once registered with one app on the system?

Am I just really missing how 'users' registration and logins are suppose to work in Backand?

Any guidance would be appreciated. Thank you in advance.

CourtneyR
  • 93
  • 8
  • Ok, my issues seem to be that when I built the model for the 'users' table, it added in some code in the nosql security area of the object. – CourtneyR Mar 03 '16 at 02:19
  • Still not sure when I delete a user, how they are able to still login though. – CourtneyR Mar 03 '16 at 02:19
  • 1) Make sure you have the users object and no special permissions in the Security Tab. For now you need to allow user to create users or allow anonymus access 2) The users object is to be used by the app, Backand uses the Registered users for authentications - the way to add users are only by calling /1/signup or use Backand.signup() in the SDK – Itay Mar 03 '16 at 13:57
  • 3) What is you app name in Backand? To delete just make sure you have permissions and in the Security Actions the code is correct – Itay Mar 03 '16 at 14:01

1 Answers1

2

You can read more on the Back& security concept here.

User can only access to the app he was registred into. In your case I believe the second app has anonymus access, so you have signed in to the first app and got access token, and using the anonymus header you accessed the second app.

Please use incognito window mode for the second app and then you could debug two apps.

You can also review Back& User example to play around with the security.

Itay
  • 734
  • 4
  • 5