CLP in Dashboard problem

I’m trying to get the CLP to work but for some reasons it does not. I had it to work before and I can’t find how again.

I have a profile class which contains a pointer field to a user. I set the CLP as follow :

I also hooked a beforeFind on Profile and logged the request to make sure the user does get sent, and it does.

Last part of request sent :

user: ParseUser { _objCount: 20, className: ‘_User’, id: ‘a8tThkoh3j’ },
installationId: ‘00cb69b7-d74c-49fd-8546-e824c0c49097’
}

However, I still get :

error: Parse error: Permission denied for action find on class profile. {“code”:119,“stack”:“Error: Permission denied for action find on class profile.\n at Function.validatePermission (C:\Users\JP\
Desktop\Projets\auction\back\node_modules\parse-server\lib\Controllers\SchemaController.js:1422:11)\n at SchemaController.validatePermission (C:\Users\JP\Desktop\Projets\auction\back\nod
e_modules\parse-server\lib\Controllers\SchemaController.js:1427:29)\n at C:\Users\JP\Desktop\Projets\auction\back\node_modules\parse-server\lib\Controllers\DatabaseController.js:1111:65
n at runMicrotasks ()\n at processTicksAndRejections (internal/process/task_queues.js:97:5)”}

Also, CLP seems to work, if I add the userID directly in the CLP , logged user can write or read the whole class. What I want is that only users in the “creator” field can read or write the row.

Here it seems that you have a wrong CLP configuration, try to allow read for authenticated users.

Then only authenticated users can request a find. In second time, the pointer will take the lead to filter records by current user on the creator pointer.

If you check the authenticated read what is the behavior ?

1 Like

@jprules321 @Moumouls I just saw this thread because it was referenced in a different thread. The problem is that there is a bug in the way dashboard sets the CLPs. I fixed that bug here https://github.com/parse-community/parse-dashboard/pull/1556 but the release has not happened.

As a workaround, you can programmatically set the CLPs for that class so that they end up looking as shown in the description of the PR I just referenced and it will work for you. Doing it through the latest version of the dashboard won’t get you the expected behavior.

Another workaround is to downgrade the dashboard and it will work for you. We currently use version 2.0.4 at work and it sets the CLPs fine.

This is until a new release gets created. Please feel free to share any questions or concerns.

Just to give you some additional background, what I fixed was this Permission denied for action find on class