In a fresh parse-server instance (i.e. all CLPs and ACLs are defaults), I create two example users using a signUp
mutation. I then query all the users. I’m passing user joe
's valid session token in my header. Here’s my query:
query {
users {
edges {
node {
id
email
username
}
}
}
}
For some reason, all the data I expect does comes back except for the email
field values of any user other than the user for whom the session token applies.
{
"data": {
"users": {
"edges": [
{
"node": {
"id": "X1VzZXI6MTZuY0U3RHJ3UA==",
"email": "[email protected]",
"username": "joe"
}
},
{
"node": {
"id": "X1VzZXI6OFFlVk1TT0I2RQ==",
"email": null, // This value should be populated too
"username": "tom"
}
}
]
}
}
}
If I pass the master key header with my query, then all the email
fields for all the users are returned as expected, but I feel there should be a way to achieve this same result via session token use too. Public read/write access is enabled for the User
class CLP and ACL levels, so I’m not sure what else to try. What am I missing?