Reputation: 2269
How to implement `protectedFields` in Parse-Server?
I believe this is a new feature in Parse-Server.
By default, the User class's email field is considered a protected field, meaning that email is set to read: false, write: false to the public by default. But, every other field in the User class is set to read: true, write: false
In Github, I saw this example:
export type ClassLevelPermissions = {
find?: { [string]: boolean },
count?: { [string]: boolean },
get?: { [string]: boolean },
create?: { [string]: boolean },
update?: { [string]: boolean },
delete?: { [string]: boolean },
addField?: { [string]: boolean },
readUserFields?: string[],
writeUserFields?: string[],
// new feature
protectedFields?: { [string]: boolean }
};
For example, with the _User class, if the server was initialized with userSensitiveFields: ['email', 'sin', 'phone'], this would be the equivalent of:
{
// CLP for the class ... other
protectedFields: { "*": ["email", "sin"] }
};
Now if you wanted an moderator role to be able to see the user's email but not the sin and an admin which can read it all
{
protectedFields: {
"*": ["email", "sin"],
"role:moderator": ["sin"],
"role:admin": []
}
};
After seeing this example, I was still confused where exactly to implement protectedFields. Do I implement it in my app's index.js, or main.js, etc? Can somebody give me an example of how I can set a field: phoneNum to have a protectedField similiar to email's default?
Upvotes: 2
Views: 1613
Answers (1)
Reputation: 2984
It is an option in parse server initialization. See the protectedField option here: http://parseplatform.org/parse-server/api/master/ParseServerOptions.html
I don't know exactly where/how you are running your Parse server, but it should be something like this:
var express = require('express');
var ParseServer = require('parse-server').ParseServer;
var app = express();
var api = new ParseServer({
databaseURI: 'mongodb://localhost:27017/dev',
cloud: '/home/myApp/cloud/main.js',
appId: 'myAppId',
masterKey: 'myMasterKey',
fileKey: 'optionalFileKey',
serverURL: 'http://localhost:1337/parse'
protectedFields: {
_User: {
"*": ["email", "sin"],
"role:moderator": ["sin"],
"role:admin": []
}
}
});
app.use('/parse', api);
app.listen(1337, function() {
console.log('parse-server-example running on port 1337.');
});
Upvotes: 4
Related Questions
- Parse-Server prevent fields from being added automatically
- How to restrict parse config parameter visible to clients?
- Restricting user editing in parse based on a column type
- Restrict users from updating certain fields but allow backend to edit them
- Parse.com Core Data: Exclude fields from being exposed to frontend based on roles
- How to secure an array field so Parse users can add objects without allowing malicious changes?
- How to prevent user editing a specific column while still having write access to the object on Parse?
- Property-Level Access Control in Parse
- Parse.com: Remove public read access for array of objects
- How do I prevent a parse.com user from seeing parts of their user data? aka set ACL per field on User class?