Reputation: 2939
Parse.com Core Data: Exclude fields from being exposed to frontend based on roles
Is there any way to exclude fields from being exposed to the frontend in Parse Core Data? E.g. I have a User model that has the field email. Now I want to permit that other users can get certain information about the user but not the email address. Only admins should be permitted to fetch the email address from the backend. Is there any chance to realize this with Parse.com?
Upvotes: 0
Views: 64
Answers (1)
Reputation: 1542
There is no way to use ACL per field (at least to this day).
I believe the best approach for your problem is to create another class named PublicUserProfile (make it public read, no public write), make the User class private (set public read/write to false) and reference the public profile from the User class (and vice versa). That way you could expose only what you define as 'public'.
You could also make the User class private and use cloud code to expose only the data you want, but then you might lose some of Parse features (via its client code). Using this solution, your user profile doesn't 'span' on two classes (compared to my first suggestion). It will make, for example, editing user fields much simpler. It's a trade-off you'll have to make.
Upvotes: 1
Related Questions
- Parse-Server prevent fields from being added automatically
- How to implement `protectedFields` in Parse-Server?
- Deny access for user/role with ACL
- Restricting user editing in parse based on a column type
- Restrict users from updating certain fields but allow backend to edit them
- Parse: How to restrict access to only certain properties of an object in Parse?
- How to prevent user editing a specific column while still having write access to the object on Parse?
- Property-Level Access Control in Parse
- How do I prevent a parse.com user from seeing parts of their user data? aka set ACL per field on User class?
- How to limit Objects on a role basis with Parse.com?