Reputation: 101
Parse: Doing permissions the right way
I'm trying to wrap my head around how to do permissions in Parse.
My case is the following:
- Teacher creates course
- Teacher adds lecture to course
- Teach wants to add student to the course
- Courses students should then be able to access all lectures belonging to the course and nothing else
I have an idea about how to actually get a student's courses and then the lectures attached to it.. But how can I also limit querying these? How can I prevent a user to query lectures for a course they're not attending etc?
Thanks!
Upvotes: 0
Views: 46
Answers (2)
Reputation: 101
I believe I figured how to this in Parse.
In the described scenario you have 3 classes:
- Course
- Lecture
- User
When a teacher creates a course, you need to add object ACL to it. So let's say a course object gets the ID "ABC123". You then add a role named "CourseTeachers_ABC123" and "CourseStudents_ABC123" and grant them access to your course object. Teachers should be able to do everything and students should only be able to read.
When you add a lecture, you give it a name and a pointer to the course. But you also add the above roles to it! By this, you'll only allow teachers and students of course ID "ABC123" to access these lectures.
You'll probably need some cloud code to make sure, that people don't assign/attach lectures to a courses they don't control. So if you want to save a lecture and point it to course ID "ABC123" you need to check whether or not the user trying to save the lecture has the "CourseTeachers_ABC123" role or not.
Upvotes: 0
Reputation: 1430
I don't think this is a permission issue but more logic and table structure. Permissions would be used if you wanted a student to edit specific parts of the course etc.
Have a table called Courses and then a student relations table. Then let your query be "select courses that equals the student relation which was added by the teacher in the enrollment process.
You see you might have multiple students for a specific course. So a relations table is needed. Same as having multiple lectures for a specific course.
This structure will also work well, if you want to add multiple parts for a specific course. Eg modules or even lectures
- Module 1 Intro
- Module 2 Basic
- Module 3 Assessment
Then you can have a query that is select all modules that belong to a specific course where my student ID = XX. This type of logic will allow you to expand aggressively. Sorry if i'm running away with this a bit! Let me know if this makes sense.
Also depending on your platform look at the parse relations WIKI for some understanding. Javascript below, but they have docs on all platforms.
https://parseplatform.github.io/docs/js/guide/#relational-data
Upvotes: 0
Related Questions
- How do you set a class-level permission using Parse Server?
- Parse Platform default ACL
- Parse - Is this the correct method on how to use ACL and CLP to protect Users and other Objects
- Why can't I set the ACL for a User to read: false + write:false?
- Parse JS SDK: How to set a default User ACL?
- Parse.com Class Level Permissions: No longer supporting operation specific permissions?
- Parse - using ACL for future users
- parse.com: Recommended permissions for roles and users tables
- Property-Level Access Control in Parse
- How to assign ACL to Parse Cloud Code