[英]Parse.com - How to stop new users seeing content they shouldn't after sign up?
成功输入他们的详细信息后,我的用户可以在index.html页面上注册,然后将他们转发到user_home.html页面,在该页面上向他们显示相关内容。
我遇到的问题是新用户看到了他们不应该看到的内容。 我的网站具有基于朋友的逻辑,该逻辑限制了用户可以查看的徽章,但是当我的新用户创建一个帐户时,他们可以看到所有内容。 但是,当他们仅使用自己的详细信息正常登录时,逻辑工作正常。
我不确定是否存在逻辑空白或是否需要一些其他代码来清楚地标识用户?
我错过了什么?
主页代码(内容)
///////////Checks to see if the user is logged in - Refuses access if they are not///////////
var currentUser = Parse.User.current();
if (currentUser) {
} else {
var uri = encodeURI('http://mysiteurl.com/index.html');
window.location.href=uri;
}
////////////Queries and returns list of badges belonging to users friends////////////////////
var currentFriendsQuery = new Parse.Query("FriendRequest");
currentFriendsQuery.equalTo("status", "Connected");
var myBadgeQuery = new Parse.Query("myBadges");
myBadgeQuery.include('SentTo');
myBadgeQuery.include('uploadedBy');
myBadgeQuery.matchesKeyInQuery("SentTo", "toUser", currentFriendsQuery);
myBadgeQuery.find({
success: function (Badgeresults) {
"use strict";
var Badges = [];
for (var i = 0; i < Badgeresults.length; i++) {
Badges.push({
imageURL: Badgeresults[i].get('Global_Badges_img'),
AwardedBy: Badgeresults[i].get('uploadedBy').get('username'),
AwardedTo: Badgeresults[i].get('SentTo').get('username'),
badgename: Badgeresults[i].get('BadgeName'),
category: Badgeresults[i].get('category'),
comment: Badgeresults[i].get('Comment')
});
}
_.each(Badges, function(item) {
var wrapper = $('<div></div>');
wrapper.append('<img class="images responsive-image BadgeImgOutline" src="' + item.imageURL + '" />');
wrapper.append('<div class="tag badgelabel" >' + item.badgename + '</div>' + '<br>');
wrapper.append('<div id="category" class="tag categorylabel modal.tag" >' + item.category + '</div>' + '<br>' + '</div>');
wrapper.append('<div class="tag awardedbylabel">' + item.AwardedBy + '</div>' + '<br>');
wrapper.append('<div class="tag senttolabel">' + item.AwardedTo + '</div>' + '<br>');
wrapper.append('<div class="item fui-chat">' + ' Reason: ' + item.comment + '</div>' + '<div class="wrapper b_seperater"></div>' + '<br>');
$('#container').append(wrapper);
});
collapseIt();
},
error: function(error) {
alert("Error: " + error.code + " " + error.message);
}
});
注册代码
////////////Runs parse after the SignUp button has been clicked by the user////////////////////
$('#SignUp').click(function(e) {
UserSignUp();
});
function UserSignUp() {
var user = new Parse.User();
userFirstname = $('#firstnamesu').val();
userLastname = $('#lastnamesu').val();
userUsername = $('#usernamesu').val();
userGender = $('#gendersu').val();
Email = $('#emailsu').val();
PWP = $('#passwordsu').val();
user.set("FirstName", userFirstname);
user.set("LastName", userLastname);
user.set("username", userUsername);
user.set("gender", userGender);
user.set("email", Email);
user.set("password", PWP);
user.signUp(null, {
success: function(user) {
if (!user.existed()) {
window.location.href = "user_home.html";
} else {
alert("NO WAY BUDDY");
}
},
error: function(user, error) {
}
});
}
请求中没有任何内容可将数据限制为当前用户。 因此,该请求将始终为任何用户返回相同的内容。
现在,您将返回所有发送到状态为Connected
的人员列表的徽章。
您需要更新currentFriendsQuery,以便它仅查询当前用户。
// We need to do a OR query since the current user can be in FriendRequest.fromUser or FriendRequest.toUser
// Query that match the result for when the current user made a friend request
var fromQuery = new Parse.Query("FriendRequest");
fromQuery.equalTo("fromUser", currentUser);
// Query that match the result for when the current user accepted a friend request
var toQuery = new Parse.Query("FriendRequest");
toQuery.equalTo("toUser", currentUser);
// We now create the main FriendRequest query using the two previous one
var currentFriendsQuery = Parse.Query.or(fromQuery, toQuery);
currentFriendsQuery.equalTo("status", "Connected");
// The rest doesn't change
var myBadgeQuery = new Parse.Query("myBadges");
myBadgeQuery.include('SentTo');
myBadgeQuery.include('uploadedBy');
myBadgeQuery.matchesKeyInQuery("SentTo", "toUser", currentFriendsQuery);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.