Default ACL to the logged-in user on create/update

MeIr · November 16, 2020, 4:26pm

Hello everyone, I’m fairly new to Parse Platform.
So far love the platform, however recently got stuck with ACL.

I’m struggling to understand how to configure/setup parse server in such a manner that: when a logged-in user creates a new record, ACL defaults to the user only?

Thank you.

dblythy · November 16, 2020, 4:54pm

Glad you are enjoying the platform!

Assuming you are using the Javascript SDK:

Prior to the object saving, you can set:

const acl = new Parse.ACL(Parse.User.current()); //this is r+w access for current user
obj.setACL(acl);
// now you can call obj.save();

Or, in a longer form:

const acl = new Parse.ACL();
acl.setReadAccess(Parse.User.current(),true);
acl.setWriteAccess(Parse.User.current(),true);
acl.setPublicReadAccess(false);
acl.setPublicWriteAccess(false);
obj.setACL(acl);

If you’re using a different language, please let us know. Hope this helps!

MeIr · November 16, 2020, 6:56pm

I’m working on small Angular web-app, since Parse JS library doesn’t seem to support Observables, I decided to write my own REST calls (which was pretty easy once I read Parse Docs).

As far as I can gather I have to include ACL data in every call?

P.S: correct me if I made wrong assumption on observable/angular part.

dblythy · November 16, 2020, 10:41pm

I’m not overly familiar with Angular, but from what I read online it is possible to use the JS SDK, which should make things a little easier.

Here’s an example.

Each object should have it’s own ACL. If you prefer, you can also do it via a cloud code function, minimising your frontend code and ensuring the data saved to your server has acl’s set.

Parse.Cloud.beforeSave('ObjClass', req => {
   const acl = new Parse.ACL();
   acl.setReadAccess(req.user,true);
   acl.setWriteAccess(req.user,true);
   acl.setPublicReadAccess(false);
   acl.setPublicWriteAccess(false);
   req.obj.setACL(acl);
}, {
   requireUser:true
});

MeIr · November 17, 2020, 2:04pm

Thank you, Cloud solution looks like something that will fit.

By the way why options for defaulting ACL on objects is not part of Parse Platform? In my head it makes lots of sense to include it into Parse out of the box and have ability to set it up via Dashboard.

dblythy · November 17, 2020, 2:17pm

It’s a good suggestion. We are currently looking at adding ACL options to the inbuilt validator, but I think it’s a good idea to potentially be able to set it up via dashboard.

MeIr · November 17, 2020, 2:25pm

Thank you for the help!