User security in parse.com javascript
Question
i'm trying to make a user login in parse.com with angularjs and after the login a form is shown on the user, but i have a problem. At parse.com i set a user "katikati" to have full access and a user "admin" to get and to find only. as you can see on the image below.
And the code below is what i am doing, the login and if the user exists to see the html. But when i login with user "admin" i can still post to my parse.com account. What am i doing wrong???
<!DOCTYPE html>
<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.7/angular.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js"></script>
<script src="http://www.parsecdn.com/js/parse-latest.js"></script>
<meta name="viewport" content="initial-scale=1.0, user-scalable=no">
<meta charset="utf-8">
<title>Testy</title>
<script>
Parse.initialize("APPID", "JSKEY");
angular.module('AuthApp', [])
.run(['$rootScope', function($scope) {
$scope.scenario = 'Log in';
$scope.currentUser = Parse.User.current();
$scope.logIn = function(form) {
Parse.User.logIn(form.username, form.password, {
success: function(user) {
$scope.currentUser = user;
$scope.$apply();
},
error: function(user, error) {
alert("Unable to log in: " + error.code + " " + error.message);
}
});
};
$scope.logOut = function(form) {
Parse.User.logOut();
$scope.currentUser = null;
};
}]);
</script>
<script type="text/javascript">
$(document).ready(function() {
Parse.initialize("APPID", "JSKEY");
function saveJobApp(objParseFile) {
var jobApplication = new Parse.Object("magazia");
var email = document.getElementById('email').value;
var name = document.getElementById('name').value;
var description = document.getElementById('description').value;
var website = document.getElementById('website').value;
var phone = document.getElementById('phone').value;
var address = document.getElementById('address').value;
var latlon = document.getElementById('latlon').value;
var value = latlon;
value = value.replace(/[\(\)]/g, '').split(', ');
console.log(value[0]);
console.log(value[1]);
var x = parseFloat(value[0]);
var y = parseFloat(value[1]);
var point = new Parse.GeoPoint(x, y);
jobApplication.set("image", objParseFile);
jobApplication.set("email", email);
jobApplication.set("phone", phone);
jobApplication.set("address", address);
jobApplication.set("name", name);
jobApplication.set("website", website);
jobApplication.set("description", description);
jobApplication.set("latlon", point);
jobApplication.save(null, {
success: function(gameScore) {
// Execute any logic that should take place after the object is saved.
/* var photo = gameScore.get("image");
var name = gameScore.get("name");
var id = gameScore.id;
$("#profileImg")[0].src = photo.url();
$("#objID")[0].innerHTML = id; */
//edw 8a perasoume to id apo ta magazia sta events gia na exoume to FK apo ta magazia
},
error: function(gameScore, error) {
// Execute any logic that should take place if the save fails.
// error is a Parse.Error with an error code and description.
alert('Failed to create new object, with error code: ' + error.description);
}
});
//var objectId = jobApplication.getObjectId();
// objectId = document.getElementById("objID").innerHTML;
// console.log(objectId);
}
$('#submitId').on("click", function(e) {
var fileUploadControl = $("#profilePhotoFileUpload")[0];
var file = fileUploadControl.files[0];
var name = file.name; //This does *NOT* need to be a unique name
var parseFile = new Parse.File(name, file);
console.log("Done");
parseFile.save().then(
function() {
saveJobApp(parseFile);
},
function(error) {
alert("error");
}
);
});
});
</script>
</head>
<body ng-app="AuthApp">
<div ng-hide="currentUser">
<form ng-show="scenario == 'Sign up'">
<a href="#" ng-click='scenario="Log in"'>Log in</a>
</form>
<form ng-show="scenario == 'Log in'">
<h2>Log in</h2>
Username: <input type="text" ng-model="user.username" /><br />
Password: <input type="password" ng-model="user.password" /><br />
<button ng-click="logIn(user)">Log in</button>
or <a href="#" ng-click='scenario="Sign up"'>Sign up</a>
</form>
</div>
<div ng-show="currentUser">
<form id="business_form" method="post">
<table>
<tr>
<td>NAME</td>
<td><input type="text" id="name"></td>
</tr>
<tr>
<td>Description</td>
<td><input type="text" id="description"></td>
</tr>
<tr>
<td>Address</td>
<td><input type="text" id="address"></td>
</tr>
<tr>
<td>LatLon</td>
<td><input type="text" id="latlon"></td>
</tr>
<tr>
<td>Phone</td>
<td><input type="text" id="phone"></td>
</tr>
<tr>
<td>Email</td>
<td><input id="email" name="email" type="email" placeholder="Type your email to create a Mail Link"></td>
</tr>
<tr>
<td>Website</td>
<td><input type="text" id="website"></td>
</tr>
<tr>
<td>Image</td>
<td><input type="file" id="profilePhotoFileUpload"></td>
</tr>
<tr>
<td><input type="button" id="submitId" value="submit"></td>
</tr>
</table>
</form>
<input id="pac-input" class="controls" type="text" placeholder="Search Your Place Here">
<div id="map"></div>
<script>
// This example adds a search box to a map, using the Google Place Autocomplete
// feature. People can enter geographical searches. The search box will return a
// pick list containing a mix of places and predicted search terms.
function initAutocomplete() {
var map = new google.maps.Map(document.getElementById('map'), {
center: {
lat: 37.58,
lng: 23.43
},
zoom: 6,
mapTypeId: google.maps.MapTypeId.ROADMAP
});
// Create the search box and link it to the UI element.
var input = document.getElementById('pac-input');
var searchBox = new google.maps.places.SearchBox(input);
map.controls[google.maps.ControlPosition.TOP_LEFT].push(input);
// Bias the SearchBox results towards current map's viewport.
map.addListener('bounds_changed', function() {
searchBox.setBounds(map.getBounds());
});
var markers = [];
// [START region_getplaces]
// Listen for the event fired when the user selects a prediction and retrieve
// more details for that place.
searchBox.addListener('places_changed', function() {
var places = searchBox.getPlaces();
if (places.length == 0) {
return;
}
// Clear out the old markers.
markers.forEach(function(marker) {
marker.setMap(null);
});
markers = [];
// For each place, get the icon, name and location.
var bounds = new google.maps.LatLngBounds();
places.forEach(function(place) {
var icon = {
url: place.icon,
size: new google.maps.Size(71, 71),
origin: new google.maps.Point(0, 0),
anchor: new google.maps.Point(17, 34),
scaledSize: new google.maps.Size(25, 25)
};
var lat = place.geometry.location.lat();
var lng = place.geometry.location.lng();
var latlng = lat + "," + " " + lng;
var address =
console.log(latlng);
document.getElementById("latlon").value = latlng;
// Create a marker for each place.
markers.push(new google.maps.Marker({
map: map,
icon: icon,
title: place.name,
position: place.geometry.location
}));
if (place.geometry.viewport) {
// Only geocodes have viewport.
bounds.union(place.geometry.viewport);
} else {
bounds.extend(place.geometry.location);
}
});
map.fitBounds(bounds);
});
// [END region_getplaces]
}
</script>
<script src="https://maps.googleapis.com/maps/api/js?key=APIKEY&libraries=places&callback=initAutocomplete"
async defer></script>
<button ng-click="logOut(user)">Log out</button>
</div>
</div>
</body>
</html>
All i'm trying to do is to check if the user is "katikati" he can send data to my app, but if he is "admin" not to send anything at all.
UPDATE
When the user login he can post data to those 3 classes
And i want ONLY user "katikati" to be able to post to those 3 classes.
1 answers
solution1
1 ACCPTED 2016-01-26 11:26:43
What you do in the _User permissions only affects the _User class. Each class has its own class level permissions (CLP). To restrict your users write or read a class, you should go to the class settings and change its CLP.
Also, rather than configuring permissions for specific users one by one, it could be better you define some roles in your app.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Parse.com: user is not defined
Parse.com Not logging In User
Get custom attribute from User class on Parse.com [JavaScript]
Unable to search for user using parse.com query and javascript SDK
Parse.com / Javascript - Save users objectid string as user pointer
Roles - Parse.com Javascript
Parse.com, Javascript, Tables
JavaScript subclassing in Parse.com
Parse.com javascript login
currentuser in parse.com [javascript]
Related Tags