Prevent user.signUp() from overwriting logged in user

kulanu · June 6, 2021, 8:11pm

I understand to create a new user, one should use user.signUp() to get username/email checking and password encryption. The user is returned and the currentUser() is set the newly created user.

And that’s precisely the problem. In cases where you have an admin adding privileged users to the system, when they signUp() a new user, they BECOME the new user, with the obvious confusion that implies on the front end and the unexpected loss of admin privileges.

Is there a way to prevent this from happening? I couldn’t find anything in the docs, but this is a very common pattern …where an admin has to manage other users and permissions. If not, how can I work around this?

Appreciate any thoughts …

davimacedo · June 7, 2021, 5:44am

I’d create a cloud code function to create new users that the admin would call instead of directly creating the users from the frontend.

kulanu · June 17, 2021, 7:47pm

Thanks, that’s what I ended up doing.

I wonder if there is a master list of requests or ideas to be built into the next major rewrite. I know I have a ton of thoughts after the past 3 months working with this full time. This would be on the list. Its a strange decision to FORCIBLY overwrite the user using the client when creating a new user (!?)

Does such a list exist?

davimacedo · June 18, 2021, 4:43pm

We don’t have a specific list of what will be included in the next release. We use to list and discuss all ideas via Github issues in Parse Server repo: Issues · parse-community/parse-server · GitHub