Hi,
Let’s assume I am logged in as user1 who have been blocked by user2 (user1 is in the role of blocked users of user2) now when user1 tries to query for user2 by his objectId I managed to throw an error on beforeFind (before running the query check if the user1 is in the block users role of user2) it’s working without any problem.
Now let’s say I want to check the list of users in a role (where user1 and user2 are in and also many other users), when I run the query of the relation (role.getUsers().query.find()) I am able to retrieve the list of all users who are in that role, I want to exclude user2 from that list. How would I do that?
I did try adding the same condition of beforeFind on afterFind, it seems that the condition is being triggered but only when the user is defined, which in the case of relation query isn’t so it’s not being excluded from the list.
Something like this should do what you need: role.getUsers().query.notEqualTo('objectId', user2.id).find()
That would maybe work from the client side (only if user1 has blocked user2 but in this case, it’s user2 who blocked user1 so it means user1 doesn’t know if he is blocked since he doesn’t have ACL to check the block list of user2), but that’s not what I really need. user1 don’t know who are on the list of the role when user1 requests the list of the users I want to exclude some of them based on another query in the afterFind function.
Would you mind to share what you’ve tried so far? It is easier to understand and help. doesNotMatchKeyInQuery() can probably help on what you need.
This is the code I am using in beforeFind which works perfectly
const requestedUserId = requestedQuery.toJSON()["where"]["objectId"];
const userId = request.user.id;
//Check if requested user is in the block list of the requester, if not check if the requested user has blocked the requester
var queryCurrentUser = new Parse.Query(Parse.Role);
queryCurrentUser.equalTo("name", userId + "_blockedUsers");
await queryCurrentUser.first({ useMasterKey: true }).then(async (currentUserRole) => {
var currentUserRelation = new Parse.Relation(currentUserRole, 'users');
var queryCurrentUserBlockedList = currentUserRelation.query();
queryCurrentUserBlockedList.equalTo('objectId', requestedUserId);
var currentUserblockedResults = await queryCurrentUserBlockedList.find({ useMasterKey: true })
if (currentUserblockedResults.length > 0) {
throw _errors.getError(codesError.ERROR_USER_NOT_ALLOWED_TO_CHECK_PROFILE);
}
else {
var queryRequestedUser = new Parse.Query(Parse.Role);
queryRequestedUser.equalTo("name", requestedUserId + "_blockedUsers");
await queryRequestedUser.first({ useMasterKey: true }).then(async (requestedUserRole) => {
var requestedUserRelation = new Parse.Relation(requestedUserRole, 'users');
var queryBlockedUser = requestedUserRelation.query();
queryBlockedUser.equalTo('objectId', userId);
var blockedUserResults = await queryBlockedUser.find({ useMasterKey: true })
if (blockedUserResults.length > 0) {
throw _errors.getError(codesError.ERROR_USER_NOT_ALLOWED_TO_CHECK_PROFILE);
}
}, (error) => {
console.log("error finding role for requested user: " + error.message);
});
}
}, (error) => {
console.log("role for current user can't be found : " + error.message);
})
I am using the same code in afterFind, because when I run the query to get the list of users in a role I don’t know who are the users to exclude from the query from the client-side, which means on afterFind I have to check for each user and exclude the users from the result that’s going to be delivered to the user on the client side.
I did add this (with the code that i am using on beforeFind)
if (request.user != null && !isMaster) {
for (const object of request.objects) {
run same code in beforefind here to check each user and after that I do request.objects.splice(i,1)
}
}
But it seems it gets slow to deliver the result because of the loop and it’s not even working I still get the results that should be excluded.
Update: I forgot to mention that I am using setLimit and setSkip on the client side, I am using a limit of 10 what I did is try this if I reduce the amount of limit to 1-2 my code works without any issue (except that its slow at rendering) and the user is excluded from the list but if its 3 and above the user shows up in the result.
I managed to fix this issue by implementing another block logic (created a new class for blocked users instead of using roles for blocked users) still needs more testing though.