Get records of logged user (filter from backend)

Client SDKs JavaScript SDK
#1

Hello,

I have a baisc User -> Products relationship in my app. Already created some records manually. For the front end I’m using js sdk and have the user logged already logged in.

Is there a way to automatically get only the products of my logged user without querying them from the front end?

To get the products I’m using:

let Product = Parse.Object.extend("Product");
let productsQuery = new Parse.Query(Product);

productsQuery
      .find()
      .then((response) => {
        // process the response
      })
      .catch((error) => {
        console.log(error);
      });

I know I could add an equalTo() constrain but I feel a better approach would be to filter the products from backend and not front end.

#2

You can write a cloud code function that returns the user together with the products.

#3

Thank you.

I implemented the following Cloud Function and it worked like a charm.

Parse.Cloud.define('getUserProducts',async(request) => {
	const user = request.user;
	const query = new Parse.Query('Product');
	query.includeAll();
	query.equalTo('owner',user);
	const results = await query.find();
	return results;
});

The only question I have is if it is the right approach.

#4

It is a good approach but the right approach really depends on your goals. Since you are retrieving the products of a single user, and you have no additional processing/logic, this same query can be done from the client probably with about the same performance. In terms of security, by using the cloud code function, you can simply make the CLP of the Product class not readable and use query.find({ useMasterKey: true }). The same level of security can also be achieved if you use pointer permission in your Product class CLP.

#5

Actually I found out that that a beforeFind method is available and it worked too. But still I’m concerned about security, so I’m trying to understand how CLP and ACL works to get it done the right way.

Thanks again.