Parse.com: Authenticate user before updating object?
Question
The scenario is similar to Evernote: a user can own multiple notes that can be viewed publicly but cannot be edited by anyone other than himself.
(I have implemented creating notes, but now get confused on updating notes. Have read docs of data & security , but it didn't help me much; though I've known ACL.)
I tried this in backend:
Parse.beforeSave("Notes", function (request, response) { Parse.User.current(); });
But I got error saying null (or undefined? sorry for forgetting the exact error) is not a function. I think that meant there is no Parse.User or Parse.User.current available in Cloud Function.
Then according to a question in archive of Parse.com forum I found:
Parse.beforeSave("Notes", function (request, response) { var userId = new Parse.User({id : request.params.userId}); });
But it doesn't seem to be like a method of authentication. I mean, by this, I just trust data form client without authenticating it.
1 answers
solution1
0 2015-02-11 09:25:32
request.user will contain the user object that is making the request. Do whatever check you have to do on that object and return an error if the user is not allowed to edit it.
Even better, set proper ACL on each note object, for example "Public Read" and only write access for the creator. That should make the beforeSave hook unnecessary.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.