CODEWITHSUNDEEP
javascriptazureazure-mobile-services
JSheller
JSheller

Reputation: 33

Azure mobile services scripts

I am very new to using server scripts, and I am sure this is a very simple answer but I have not found what I am looking for anywhere yet. I am using azure mobile services to retrieve and input user information, and want to prevent a user from seeing other users id numbers.

to read the data, the program makes the following http request

"GET http://Servicename.net/tables/TableName?$top=1&$orderby=__createdAt%20desc&$filter=id+eq+'"+id+"' HTTP/1.1"

the id is determined by the account the user is currently on, but I do not want the user to be able to remove the id, making a request such as the following and retrieving the entire table along with the other users id

 "GET http://Servicename.net/tables/TableName HTTP/1.1"

What I would like to do is use server side scripts, specifically the read operation script, to make sure the request has a id associated with it, and only the data with that specific id is returned.

I have tried the following:

function read(query, user, request) {
 if(request.parameter.id != null){
request.execute();
    }
}

This does not work, so my question is how do I retrieve the id number from the http request and use it within the script? I hope my question was clear, and any help is greatly appreciated!

Upvotes: 1

Views: 92

Answers (2)

Gary Liu
Gary Liu

Reputation: 13918

If you want to retrieve the user id in the table operations in Mobile Service. You can use the second the argument user, which is always a user object that represents the user that submitted the request.

And you can find a code snippet to explain the usage at https://azure.microsoft.com/en-us/documentation/articles/mobile-services-how-to-use-server-scripts/#table-scripts:

function insert(item, user, request) {
    if (item.userId !== user.userId) {
        request.respond(statusCodes.FORBIDDEN, 
        'You may only insert records with your userId.');
    } else {
        request.execute();
    }
}

Please refer to Work with a JavaScript backend mobile service for more info about Mobile Services in Node.js.

Additionally, now we have suggested to use Mobile Apps instead of Mobile Services. You can refer to https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-value-prop-migration-from-mobile-services/ for details.

Upvotes: 0

Adrian Hall
Adrian Hall

Reputation: 8035

I would refer you to my series on Azure Mobile Apps: https://shellmonger.com/30-days-of-azure-mobile-apps-the-table-of-contents/

In particular, look at Day 6 - Personal Tables. This shows how to restrict the data being returned to the user by the authenticated user ID.

Upvotes: 2

Related Questions