If authenticated can access, then you donāt need to have the admins on the class permissions. They would be getting through that layer and then the permissions on the single items are what prevents them from accessing it.
See securing with roles:
...
ACL: {
"role:admins" : {
"write": true,
"read": true
}
}
@gnunicorn thank you very much for your help, I implemented the scenario you indicated but for what I want it was not as ideal.
I got the idea of @davimacedo and it suited my needs more. Follows the trigger that I used.
Parse.Cloud.beforeSave("ads", (request) => {
var acl = new Parse.ACL();
acl.setPublicReadAccess(false);
acl.setPublicWriteAccess(false);
acl.setReadAccess(request.user, true);
acl.setWriteAccess(request.user, false);
acl.setRoleReadAccess("admins", true);
acl.setRoleWriteAccess("admins", true);
request.object.setACL(acl);
});