[英]Parse.com - How to stop new users seeing content they shouldn't after sign up?
成功輸入他們的詳細信息后,我的用戶可以在index.html頁面上注冊,然后將他們轉發到user_home.html頁面,在該頁面上向他們顯示相關內容。
我遇到的問題是新用戶看到了他們不應該看到的內容。 我的網站具有基於朋友的邏輯,該邏輯限制了用戶可以查看的徽章,但是當我的新用戶創建一個帳戶時,他們可以看到所有內容。 但是,當他們僅使用自己的詳細信息正常登錄時,邏輯工作正常。
我不確定是否存在邏輯空白或是否需要一些其他代碼來清楚地標識用戶?
我錯過了什么?
主頁代碼(內容)
///////////Checks to see if the user is logged in - Refuses access if they are not///////////
var currentUser = Parse.User.current();
if (currentUser) {
} else {
var uri = encodeURI('http://mysiteurl.com/index.html');
window.location.href=uri;
}
////////////Queries and returns list of badges belonging to users friends////////////////////
var currentFriendsQuery = new Parse.Query("FriendRequest");
currentFriendsQuery.equalTo("status", "Connected");
var myBadgeQuery = new Parse.Query("myBadges");
myBadgeQuery.include('SentTo');
myBadgeQuery.include('uploadedBy');
myBadgeQuery.matchesKeyInQuery("SentTo", "toUser", currentFriendsQuery);
myBadgeQuery.find({
success: function (Badgeresults) {
"use strict";
var Badges = [];
for (var i = 0; i < Badgeresults.length; i++) {
Badges.push({
imageURL: Badgeresults[i].get('Global_Badges_img'),
AwardedBy: Badgeresults[i].get('uploadedBy').get('username'),
AwardedTo: Badgeresults[i].get('SentTo').get('username'),
badgename: Badgeresults[i].get('BadgeName'),
category: Badgeresults[i].get('category'),
comment: Badgeresults[i].get('Comment')
});
}
_.each(Badges, function(item) {
var wrapper = $('<div></div>');
wrapper.append('<img class="images responsive-image BadgeImgOutline" src="' + item.imageURL + '" />');
wrapper.append('<div class="tag badgelabel" >' + item.badgename + '</div>' + '<br>');
wrapper.append('<div id="category" class="tag categorylabel modal.tag" >' + item.category + '</div>' + '<br>' + '</div>');
wrapper.append('<div class="tag awardedbylabel">' + item.AwardedBy + '</div>' + '<br>');
wrapper.append('<div class="tag senttolabel">' + item.AwardedTo + '</div>' + '<br>');
wrapper.append('<div class="item fui-chat">' + ' Reason: ' + item.comment + '</div>' + '<div class="wrapper b_seperater"></div>' + '<br>');
$('#container').append(wrapper);
});
collapseIt();
},
error: function(error) {
alert("Error: " + error.code + " " + error.message);
}
});
注冊代碼
////////////Runs parse after the SignUp button has been clicked by the user////////////////////
$('#SignUp').click(function(e) {
UserSignUp();
});
function UserSignUp() {
var user = new Parse.User();
userFirstname = $('#firstnamesu').val();
userLastname = $('#lastnamesu').val();
userUsername = $('#usernamesu').val();
userGender = $('#gendersu').val();
Email = $('#emailsu').val();
PWP = $('#passwordsu').val();
user.set("FirstName", userFirstname);
user.set("LastName", userLastname);
user.set("username", userUsername);
user.set("gender", userGender);
user.set("email", Email);
user.set("password", PWP);
user.signUp(null, {
success: function(user) {
if (!user.existed()) {
window.location.href = "user_home.html";
} else {
alert("NO WAY BUDDY");
}
},
error: function(user, error) {
}
});
}
請求中沒有任何內容可將數據限制為當前用戶。 因此,該請求將始終為任何用戶返回相同的內容。
現在,您將返回所有發送到狀態為Connected
的人員列表的徽章。
您需要更新currentFriendsQuery,以便它僅查詢當前用戶。
// We need to do a OR query since the current user can be in FriendRequest.fromUser or FriendRequest.toUser
// Query that match the result for when the current user made a friend request
var fromQuery = new Parse.Query("FriendRequest");
fromQuery.equalTo("fromUser", currentUser);
// Query that match the result for when the current user accepted a friend request
var toQuery = new Parse.Query("FriendRequest");
toQuery.equalTo("toUser", currentUser);
// We now create the main FriendRequest query using the two previous one
var currentFriendsQuery = Parse.Query.or(fromQuery, toQuery);
currentFriendsQuery.equalTo("status", "Connected");
// The rest doesn't change
var myBadgeQuery = new Parse.Query("myBadges");
myBadgeQuery.include('SentTo');
myBadgeQuery.include('uploadedBy');
myBadgeQuery.matchesKeyInQuery("SentTo", "toUser", currentFriendsQuery);
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.