Query with current user in cloud function

[xissburg]

For implementation related questions or technical support, please refer to the stackoverflow community.

Make sure these boxes are checked before submitting your issue -- thanks for reporting issues back to Parse Server!

• [ ✓ ] You've met the prerequisites.
• [ ✓ ] You're running the latest version of Parse Server.
• [ ✓ ] You've searched through existing issues. Chances are that your issue has been reported or resolved before.

Environment Setup

Steps to reproduce

1. Create one user

   curl -X POST -H "X-Parse-Application-Id: f15RG3DbyKXrMEVH1u9HVKGuCynEIwy41VnH7Kuw" -H "Content-Type: application/json" -d '{"username":"digbick","password":"qwerty"}' https://fathomless-earth-52600.herokuapp.com/parse/users

   Sample output

   {"objectId":"hwoH7ADeBo","createdAt":"2016-03-18T10:33:49.770Z","sessionToken":"r:f84be29e1edc20803b203e3d6c9b2e18"}

2. Create a private Settings object for this user using an ACL like "ACL":{"hwoH7ADeBo":{"read":true,"write":true}} (note the usage of the session token obtained in step 1)

   curl -X POST -H "X-Parse-Application-Id: f15RG3DbyKXrMEVH1u9HVKGuCynEIwy41VnH7Kuw" -H "X-Parse-Session-Token: r:f84be29e1edc20803b203e3d6c9b2e18" -H "Content-Type: application/json" -d '{"user":{"__type":"Pointer","className":"_User","objectId":"hwoH7ADeBo"}, "saveOriginalPhotos":true, "ACL":{"hwoH7ADeBo":{"read":true,"write":true}}}' https://fathomless-earth-52600.herokuapp.com/parse/classes/Settings

3. Fetch all Settings objects (using the session token again)

   curl -X GET -H "X-Parse-Application-Id: f15RG3DbyKXrMEVH1u9HVKGuCynEIwy41VnH7Kuw" -H "X-Parse-Session-Token: r:f84be29e1edc20803b203e3d6c9b2e18" -H "Content-Type: application/json" -d '{}' https://fathomless-earth-52600.herokuapp.com/parse/classes/Settings

   Expect an output as follows

   {"results":[{"ACL":{"hwoH7ADeBo":{"read":true,"write":true}},"objectId":"ZFrrUgrgaR","user":{"__type":"Pointer","className":"_User","objectId":"hwoH7ADeBo"},"saveOriginalPhotos":true,"updatedAt":"2016-03-18T10:36:45.017Z","createdAt":"2016-03-18T10:36:45.017Z"}]}

   And also, if you fetch all Settings without the session token, that is

   curl -X GET -H "X-Parse-Application-Id: f15RG3DbyKXrMEVH1u9HVKGuCynEIwy41VnH7Kuw" -H "Content-Type: application/json" -d '{}' https://fathomless-earth-52600.herokuapp.com/parse/classes/Settings

   You should get

   {"results":[]}

   Which makes sense.

4. Create a cloud function which fetches all Settings and returns them

   Parse.Cloud.define('getSettings', function(req, res) {
     var query = new Parse.Query("Settings");
     query.find().then(function(settings) {
       res.success(settings);
     }, function(error) {
       res.error(error);
     });
   });
   

5. Call the getSettings cloud function sending the session token as well

   curl -X POST -H "X-Parse-Application-Id: f15RG3DbyKXrMEVH1u9HVKGuCynEIwy41VnH7Kuw" -H "X-Parse-Session-Token: r:f84be29e1edc20803b203e3d6c9b2e18" -H "Content-Type: application/json" -d '{}' https://fathomless-earth-52600.herokuapp.com/parse/functions/getSettings

   It returns nothing

   {"result":[]}

   That is, the current user is not being taken into account when querying objects in cloud code, and so, all queries behave like we're not logged in.

[xissburg]

I also get zero results in the API Console in Parse Dashboard. This must be related to #1084.

[oli107]

See my comment on #1084, I think I may have found the source of the issue, although not a fix as yet as not enough time today...

[gfosco]

This is expected. In Node, there is no concept of a current user. You need to be explicit about each call.

Try this:

Parse.Cloud.define('getSettings', function(req, res) {
  var query = new Parse.Query("Settings");
  query.find({ sessionToken: req.user.getSessionToken() }).then(function(settings) {
    res.success(settings);
  }, function(error) {
    res.error(error);
  });
});

You can also use the master key on individual calls:

query.find({ useMasterKey: true }).then(...
obj.save(null, { useMasterKey: true }).then(...

[xissburg]

@gfosco Thanks for the reply. Is this mentioned anywhere in the documentation? If not, it definitely should be.

[gfosco]

It was, may have gone missing... we definitely need to re-add it.

[batkov]

@gfosco This issue should be mentioned in migration guide.
I've searched few hours until I found this issue.

[pie6k]

Wouldn't it be cool to have some more intuitive option to manage that?

I hate to try to remember every time "oh what was that key to make query work for current user?"

For example:

var query = Parse.Query("Settings");
query.forCurrentUser(req);
//or query.session(req);
query.find();

[JeremyPlease]

@gfosco Is it really necessary to include sessionToken option on every request in cloud code?

I noticed that I can use Parse.User.become(req.user.getSessionToken()) in cloud code, however that sets the user for all subsequent cloud function requests as well.

Can you think of any way to pass the req.user.getSessionToken() for all requests made from cloud code functions without specifying on each query/save?

[ksngits]

Hi, I have a similar situation. First I set public read/write to false for one of the classes and tested using the parse api-console. It worked as expected. It didn't return any results. I enabled the public read/write. It still didnt work and I have to "use master key". Do I need to re-launch parse-dashboard session for the settings to get enabled?

Edited:
Please ignore. The issue was in Parse Server 2.2.25 and when i upgraded to Parse Server 2.5.3, it worked fine. Thanks

[ian-dowhile]

I agree with @batkov that this should be mentioned in the Parse Server cloud code and REST documentation. I struggled for about 2 hours, searching through the docs,to find out how to query for classes belonging to a particular user, until I found @gfosco post above. Thanks @gfosco!

[flovilmart]

@ian-dowhile this is mentioned here in the parse-server guide: http://docs.parseplatform.org/parse-server/guide/#no-current-user