LiveQueryClient with sessiontoken but no updates to ACL secured objects

justav08 · November 26, 2021, 4:40pm

There are some issues on github about this problem. They are all closed but not solved yet. I stuck on that issue at the moment and before I do one of the awkward workaroud I want to ask if someone found a solution or have the same problem? My used versions

  "dependencies": {
    "parse": "2.19.0",
    "parse-dashboard": "^2.2.0",
    "parse-server": "4.5.0"
  }

The last Issue opened 2019

github.com/parse-community/Parse-SDK-JS

LiveQueryClient subscribe with token - no updates to ACL secured objects

opened 05:55PM - 02 Apr 19 UTC

closed 04:28PM - 18 Apr 19 UTC

kirilledelman

type:feature

### Issue Description Live query subscription to an ACL secured object doesn'…t work, even when sessionToken is passed. ### Steps to reproduce ``` // user is logged in, there's a Patient object in the DB, whose ACL is set to Read+Write by same user var lq = Parse.CoreManager.getLiveQueryController(); var cu = Parse.User.current(); var pq = new Parse.Query( 'Patient' ); pq.equalTo( 'userId', cu.id ); var plq = lq.subscribe( pq, cu.getSessionToken() ); plq.on('update', (object) => { console.log('object updated', object ); }); ``` Update a field in Patient object on the server. ### Expected Results "object updated" handler should be called ### Actual Outcome nothing happens. ### Environment Setup - **Server** - parse-server version (Be specific! Don't say 'latest'.) : ^3.1.3 - Operating System: CentOS - Hardware: AWS instance - Localhost or remote server? AWS remote server - **JS SDK** - JS SDK version: 2.2.1 - Application: Chrome

Older ones

Thanks

davimacedo · November 29, 2021, 2:10am

Could you please provide more details on your case? If you can share the piece of code you are using and how you are testing would be helpful. Live Query should work fine with ACL.

justav08 · November 29, 2021, 8:05am

Thanks for the reply and here is the parse config

const config = {
    databaseURI: getParseUri(),
    cloud: __dirname + '/cloud/main.js',
    appId: glbdef.PS_APPID,
    masterKey: glbsrvdef.PS_MASTERKEY,
    javascriptKey: glbdef.PS_JSID,
    liveQuery: {
        classNames: ['NotifyClient'],
        logLevel: 'VERBOSE'
    },
    auth: {
        NetManAuth: {
            module: NetManAuth,
            option1: 'hello',
            option2: 'world',
        }
    },
    verbose: true,
    maxUploadSize: "500mb"
};

init subscription:

    // livequery event handling
    enableEvents: function() {
        var me = this;
        var sUserSessionToken = '';
        var objCurrentUser = Parse.User.current();
        if (typeof objCurrentUser != 'undefined' && objCurrentUser != null) {
            sUserSessionToken = objCurrentUser.getSessionToken();
        }

        let LiveQueryClient = Parse.LiveQueryClient;
        let client = new LiveQueryClient({
            applicationId: glbdef.PS_APPID,
            serverURL: 'wss://' + glbdef.NFSHOST + ":" + glbdef.NFSPORT + '/',
            javascriptKey: glbdef.PS_JSID
        });

        client.open();
        let query = new Parse.Query('NotifyClient');
        console.log('using sessionToken for liveQuery: ' + sUserSessionToken);
        let subscription = client.subscribe(query, sUserSessionToken);
        // let subscription = client.subscribe(query);

        subscription.on('open', () => {
            console.log('subscription opened for ChatMessageController');
        });

        subscription.on('create', (object) => {
            console.log('object created ' + object.id + ' - ' + object.get('updatedAt'));
        });

        subscription.on('update', (object) => {
            console.log('object updated ' + object.id + ' - ' + object.get('updatedAt'));
        });
    },

and here how I initiate a NotifyClient class

    notifyClients: async function(sObjectId, sAct, sClass = 'ChatMsg') {
        const NotifyClient = Parse.Object.extend("NotifyClient");
        const objNotifyClient = new NotifyClient();

        objNotifyClient.set("data", {
            id: sObjectId,
            cls: sClass,
            act: sAct
        });


        // (*1)
        // var msgACL = new Parse.ACL();
        // msgACL.setPublicWriteAccess(true);
        // msgACL.setRoleReadAccess(sUserRole, true);
        // objNotifyClient.setACL(msgACL);

        objNotifyClient.save().then((objNotify) => {
            // Execute any logic that should take place after the object is saved.
            console.log('New notify object created with objectId: ' + objNotify.id);
        }, (error) => {
            // Execute any logic that should take place if the save fails.
            // error is a Parse.Error with an error code and message.
            console.log('Failed to create new object, with error code: ' + error.message);
        });
    }

if I uncomment the code on (*1) I get no notifications on clients (I am testing with one role and in the role - sUserRole - are all users). I am working on Windows 2019 with node.js 14.15.5.

Thanks

davimacedo · November 29, 2021, 6:46pm

Can you log sUserSessionToken before the subscribe() call to make sure you have it available?

Also, what is sUserRole?

justav08 · November 29, 2021, 8:23pm

Hi,
the session token is ‘r:95bcce65edc4f95e1fae3df116238455’, which is the session token of the ‘current user’, checked in parse dashboard sessions.
Also checked the role name in dashboard which is ‘prefix_Priv1’ (in sUserRole). The inserted object has the correct ACL with ‘Public Write, role:prefix_Priv1’, where prefix_Priv1 is the role name for read access.
The role prefix_Priv1 has default ACL with global read/write.
And last checked the included current user in role prefix_Priv1. The user has also default ACL with global read and only the user itself write access.

Thanks again for help

davimacedo · November 30, 2021, 5:45pm

Would you mind to open a PR against Parse Server repo with a failing test case that reproduces the problem? I think that’s the best way to debug the problem.

justav08 · November 30, 2021, 9:02pm

I will try but no idea how to do it, so I have to read about the PR first.

davimacedo · December 1, 2021, 7:19pm

You can find some guidance in here: parse-server/CONTRIBUTING.md at alpha · parse-community/parse-server · GitHub

And here: How to start contributing to Parse Server

justav08 · December 10, 2021, 12:36pm

When trying to reproduce the problem in a simple example, I could not reproduce the error. So it has to be a bug in my app and in fact I found a stupid one. As you said, Live Query work fine with ACL. Thanks and sorry.

davimacedo · December 10, 2021, 7:44pm

No problem. Thanks for the feedback.