Reputation: 34780
How to prevent user editing a specific column while still having write access to the object on Parse?
I have some specific columns on my _User class that I want to edit only with master key at the server side. My User does have write access to itself. Is there a way to prevent my user from editing specific columns, for example, let's say I have a user object and I want user to prevent editing its own points:
before save trigger:
if(points field have been changed by the user){
response.error();
)
It doesn't have to be in before save trigger, but I highly doubt there is any other point to check such "dirty" column, if any. Is there a way to achieve what I need (other than obvious solutions such as creating a new class, setting it's ACL to none, holding a user pointer and a score column and editing that only with master key)?
Upvotes: 2
Views: 854
Answers (1)
Reputation: 11598
Here is the Parse JavaScript Documentation related to "dirty" objects and properties.
{Boolean} dirty(attr)
Returns true if this object has been modified since its last save/refresh. If an attribute is specified, it returns true only if that particular attribute has been modified since the last save/refresh.
Parameters: {String} attr
An attribute name (optional).
Returns: {Boolean}
If you couple that bit (calling dirty("score") with a beforeSave() Cloud Code function), you should get what you want.
Modifying Objects On Save
In some cases, you don't want to throw out invalid data. You just want to tweak it a bit before saving it. beforeSave can handle this case, too. You just call response.success on the altered object.
In our movie review example, we might want to ensure that comments aren't too long. A single long comment might be tricky to display. We can use beforeSave to truncate the comment field to 140 characters:
Parse.Cloud.beforeSave("Review", function(request, response) {
var comment = request.object.get("comment");
if (comment.length > 140) {
// Truncate and add a ...
request.object.set("comment", comment.substring(0, 137) + "...");
}
response.success();
});
Upvotes: 4
Related Questions
- How to restrict a class (table) read only via cloud function?
- How to implement `protectedFields` in Parse-Server?
- How to lock certain columns from being edited for a user in postgresql
- Restricting user editing in parse based on a column type
- Restrict users from updating certain fields but allow backend to edit them
- Parse Server - Is it possible for certain users to edit other users's data?
- Parse: How to restrict access to only certain properties of an object in Parse?
- How to secure an array field so Parse users can add objects without allowing malicious changes?
- How do I prevent a parse.com user from seeing parts of their user data? aka set ACL per field on User class?
- Make Parse Data Modification Only Accessible from the Cloud