Skip to content

Query with current user in cloud function #1090

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
xissburg opened this issue Mar 18, 2016 · 12 comments
Closed

Query with current user in cloud function #1090

xissburg opened this issue Mar 18, 2016 · 12 comments

Comments

@xissburg
Copy link

For implementation related questions or technical support, please refer to the stackoverflow community.

Make sure these boxes are checked before submitting your issue -- thanks for reporting issues back to Parse Server!

  • [ ✓ ] You've met the prerequisites.
  • [ ✓ ] You're running the latest version of Parse Server.
  • [ ✓ ] You've searched through existing issues. Chances are that your issue has been reported or resolved before.

Environment Setup

Steps to reproduce

  1. Create one user

    curl -X POST -H "X-Parse-Application-Id: f15RG3DbyKXrMEVH1u9HVKGuCynEIwy41VnH7Kuw" -H "Content-Type: application/json" -d '{"username":"digbick","password":"qwerty"}' https://fathomless-earth-52600.herokuapp.com/parse/users

    Sample output

    {"objectId":"hwoH7ADeBo","createdAt":"2016-03-18T10:33:49.770Z","sessionToken":"r:f84be29e1edc20803b203e3d6c9b2e18"}

  2. Create a private Settings object for this user using an ACL like "ACL":{"hwoH7ADeBo":{"read":true,"write":true}} (note the usage of the session token obtained in step 1)

    curl -X POST -H "X-Parse-Application-Id: f15RG3DbyKXrMEVH1u9HVKGuCynEIwy41VnH7Kuw" -H "X-Parse-Session-Token: r:f84be29e1edc20803b203e3d6c9b2e18" -H "Content-Type: application/json" -d '{"user":{"__type":"Pointer","className":"_User","objectId":"hwoH7ADeBo"}, "saveOriginalPhotos":true, "ACL":{"hwoH7ADeBo":{"read":true,"write":true}}}' https://fathomless-earth-52600.herokuapp.com/parse/classes/Settings

  3. Fetch all Settings objects (using the session token again)

    curl -X GET -H "X-Parse-Application-Id: f15RG3DbyKXrMEVH1u9HVKGuCynEIwy41VnH7Kuw" -H "X-Parse-Session-Token: r:f84be29e1edc20803b203e3d6c9b2e18" -H "Content-Type: application/json" -d '{}' https://fathomless-earth-52600.herokuapp.com/parse/classes/Settings

    Expect an output as follows

    {"results":[{"ACL":{"hwoH7ADeBo":{"read":true,"write":true}},"objectId":"ZFrrUgrgaR","user":{"__type":"Pointer","className":"_User","objectId":"hwoH7ADeBo"},"saveOriginalPhotos":true,"updatedAt":"2016-03-18T10:36:45.017Z","createdAt":"2016-03-18T10:36:45.017Z"}]}

    And also, if you fetch all Settings without the session token, that is

    curl -X GET -H "X-Parse-Application-Id: f15RG3DbyKXrMEVH1u9HVKGuCynEIwy41VnH7Kuw" -H "Content-Type: application/json" -d '{}' https://fathomless-earth-52600.herokuapp.com/parse/classes/Settings

    You should get

    {"results":[]}

    Which makes sense.

  4. Create a cloud function which fetches all Settings and returns them

    Parse.Cloud.define('getSettings', function(req, res) {
  var query = new Parse.Query("Settings");
  query.find().then(function(settings) {
    res.success(settings);
  }, function(error) {
    res.error(error);
  });
});

  5. Call the getSettings cloud function sending the session token as well

    curl -X POST -H "X-Parse-Application-Id: f15RG3DbyKXrMEVH1u9HVKGuCynEIwy41VnH7Kuw" -H "X-Parse-Session-Token: r:f84be29e1edc20803b203e3d6c9b2e18" -H "Content-Type: application/json" -d '{}' https://fathomless-earth-52600.herokuapp.com/parse/functions/getSettings

    It returns nothing

    {"result":[]}

    That is, the current user is not being taken into account when querying objects in cloud code, and so, all queries behave like we're not logged in.
@xissburg
Copy link
Author

I also get zero results in the API Console in Parse Dashboard. This must be related to #1084.

@oli107
Copy link

oli107 commented Mar 18, 2016

See my comment on #1084, I think I may have found the source of the issue, although not a fix as yet as not enough time today...

@gfosco
Copy link
Contributor

gfosco commented Mar 18, 2016

This is expected. In Node, there is no concept of a current user. You need to be explicit about each call.

Try this:

Parse.Cloud.define('getSettings', function(req, res) {
  var query = new Parse.Query("Settings");
  query.find({ sessionToken: req.user.getSessionToken() }).then(function(settings) {
    res.success(settings);
  }, function(error) {
    res.error(error);
  });
});

You can also use the master key on individual calls:

query.find({ useMasterKey: true }).then(...
obj.save(null, { useMasterKey: true }).then(...

@gfosco gfosco changed the title Queries ignore the current user in cloud code, or, can't fetch objects containing user-specific ACL Query with current user in cloud function Mar 18, 2016
@gfosco gfosco closed this as completed Mar 18, 2016
@xissburg
Copy link
Author

@gfosco Thanks for the reply. Is this mentioned anywhere in the documentation? If not, it definitely should be.

@gfosco
Copy link
Contributor

gfosco commented Mar 18, 2016

It was, may have gone missing... we definitely need to re-add it.

@batkov
Copy link

batkov commented Mar 19, 2016

@gfosco This issue should be mentioned in migration guide.
I've searched few hours until I found this issue.

@alarrosa14 alarrosa14 mentioned this issue Apr 7, 2016
Closed
3 tasks
@steven-supersolid steven-supersolid mentioned this issue Apr 18, 2016
Closed
@pie6k
Copy link

pie6k commented May 12, 2016
edited
Loading

Wouldn't it be cool to have some more intuitive option to manage that?

I hate to try to remember every time "oh what was that key to make query work for current user?"

For example:

var query = Parse.Query("Settings");
query.forCurrentUser(req);
//or query.session(req);
query.find();

@JeremyPlease
Copy link
Contributor

@gfosco Is it really necessary to include sessionToken option on every request in cloud code?

I noticed that I can use Parse.User.become(req.user.getSessionToken()) in cloud code, however that sets the user for all subsequent cloud function requests as well.

Can you think of any way to pass the req.user.getSessionToken() for all requests made from cloud code functions without specifying on each query/save?

@ksngits
Copy link

ksngits commented Sep 21, 2017
edited
Loading

Hi, I have a similar situation. First I set public read/write to false for one of the classes and tested using the parse api-console. It worked as expected. It didn't return any results. I enabled the public read/write. It still didnt work and I have to "use master key". Do I need to re-launch parse-dashboard session for the settings to get enabled?

Edited:
Please ignore. The issue was in Parse Server 2.2.25 and when i upgraded to Parse Server 2.5.3, it worked fine. Thanks

@ian-dowhile
Copy link

I agree with @batkov that this should be mentioned in the Parse Server cloud code and REST documentation. I struggled for about 2 hours, searching through the docs,to find out how to query for classes belonging to a particular user, until I found @gfosco post above. Thanks @gfosco!

@flovilmart
Copy link
Contributor

@ian-dowhile this is mentioned here in the parse-server guide: http://docs.parseplatform.org/parse-server/guide/#no-current-user

@ian-dowhile
Copy link

@flovilmart I missed that, sorry. Thanks for pointing me in the right direction!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@JeremyPlease @flovilmart @gfosco @ian-dowhile @batkov @xissburg @oli107 @pie6k @ksngits