What to return from validation function in cloud code

Parse Server 📡 Cloud Code
#1

I have a custom validation function in cloud code, it checks the user is a member certain roles, but following the documentation it suggests, doing this

    const validationFunction(){
          if(isAdmin){return}else{throw "unauthorised"}
   }

    Parse.Cloud.define("cloud_test",async(request)=>{
        return "hello world"
    },validationFunction)

But if the user isn’t admin, the throw “unauthorised” crashes my node app. I assume its because there is no catch block, but returning anything from the validationFunction means the cloud code will run, im a bit baffled as to how you use it? In the example it also shows checking the user against a hard coded userId, thats pretty useless for most circumstances, I use a Role search to check the user has rights, is this wrong?

#2

I guess it is something related to the isAdmin var. Looking at the code you shared, I don’t see where this var is being set. I see also some syntax errors.

#3

Sorry this is my actual validation code

const validationRules = (request) => {
  if (request.master) {
    return;
  }
  if (!request.user) {
    throw error;
  }
  var query = new Parse.Query(Parse.Role);
  query
    .equalTo("users", request.user.id)
    .find({ useMasterKey: true })
    .then((roles) => {
      console.log("validation found", roles, request.user);
      if (
        roles.map((a) => a.attributes.name).includes("staff") ||
        roles.map((a) => a.attributes.name).includes("admin")
      ) {
        return;
      } else {
        throw error;
      }
    })
    .catch((err) => {
      throw error;
    });
};

I don’t have any problem here, if the user is admin or staff it’ll find them and return, which allows the cloud code to run, my question is, what do I do if they are a user, but not admin or staff, in the example in the docs the code throws an error, but if I do that it crashes my node app. What should I return to the cloud code to stop it from running, but not crashing the app?

#4

When you say node app, are you referring to a client or the node app running parse server?

#5

Is error defined here? There are a few places you throw error when error looks to be undefined.

#6

The express app with the Parse server middleware and cloud code.

#7

Sorry I’ve tried lots of things, lots of different errors but the original code, which matches the docs, and crashes my app is this

const validationRules = (request) => {
  if (request.master) {
    return;
  }
  if (!request.user) {
    throw "Unauthorized";
  }
  var query = new Parse.Query(Parse.Role);
  query
    .equalTo("users", request.user.id)
    .find({ useMasterKey: true })
    .then((roles) => {
      console.log("validation found", roles, request.user);
      if (
        roles.map((a) => a.attributes.name).includes("staff") ||
        roles.map((a) => a.attributes.name).includes("admin")
      ) {
        return;
      } else {
        throw "Unauthorized";
      }
    })
    .catch((err) => {
      throw "Unauthorized";
    });
};
#8

What version of Parse Server are you using?

#9

Parse Server version 4.5.0

#10

I guess the problem happens because you are not returning your promise. Try this:

const validationRules = (request) => {
  if (request.master) {
    return;
  }
  if (!request.user) {
    throw "Unauthorized";
  }
  var query = new Parse.Query(Parse.Role);
  return query
    .equalTo("users", request.user.id)
    .find({ useMasterKey: true })
    .then((roles) => {
      console.log("validation found", roles, request.user);
      if (
        roles.map((a) => a.attributes.name).includes("staff") ||
        roles.map((a) => a.attributes.name).includes("admin")
      ) {
        return;
      } else {
        throw "Unauthorized";
      }
    })
    .catch((err) => {
      throw "Unauthorized";
    });
};