I'm having some trouble setting permission in quickblox custom objet.
Lets say I have 2 users: userA and userB, they can create object and, by default,
every user can see only it's objects.
I want userB can access (read) an object of userA so I
set the read permission on the userA's object this way:
?permissions[read][access]=open_for_users_ids&permissions[read][ids]=<userBid>
the operation seems to success, when I check on the web interface I can see the object with the right permissions but still userB can't access that userA's object!!
If I update the object from the web (without changing anything, just press the update button),
userB can see userA's object.
I followed this documentation
What's wrong?
Thanks!
What do you mean by 'every user can see only it's objects'.
By default, every user can request all objects, not only his own
Related
I'm using Getstream.IO to implement a Livestream type chat.
I see that in the Getstream.IO docs under Default Permission Policies a moderator is able to update and delete a message.
When I set a moderator on a channel and login, though, a moderator is only able to update their own messages. I need a moderator to be able to edit and delete another user's message.
I see that in the docs for Object Ownership Getstream.IO says, "If applicable, ownership of the entity is taken into account. This parameter allows you to grant users the ability to edit their own message while denying editing others’ messages. Permission policies are organized as list ordered by priority. A permission policy has the following fields ..."
How can I list existing permission policies or create a new permission policy using the python API?
At a higher level, using the server side python API or the client side API, is there a way to make it so that Moderator roles do not have the ownership of the entity taken into account?
UPDATE -
Using client.get_channel_type("livestream") I can see that channel_moderator has ability to UpdateMessage and DeleteMessage and owner is False as I expect:
Unfortunately, that is not the behavior I see when I log in as a user where I have performed channel.add_moderators([user_id]) for that user, which shows that the changed user has is_moderator set to True, but the user has the role of user. Do I also need to add a role to the user of channel_moderator? Is this documented anywhere?
UPDATE 2:
I see that in stream-chat-react, Message.canEditMessage and Message.canDeleteMessage are determined by this.isMyMessage(message) || this.isAdmin();, so it appears that unless one overrides the Message component, the moderators need to be Admin in order to edit a message they do not own.
UPDATE 3:
I can see that in the tests for channel_permissions in stream-chat-js that a moderator is indeed supposed to be able to edit and delete a message, just as the permissions matrix in the documentation specifies. I still cannot find a way to get stream-chat-react to allow moderators to update or delete a message, however; it's not easy to understand how best to override Message.canEditMessage, since MessageList.render() automatically constructs using the default Message class.
UPDATE 4:
I was able to get a user added as a moderator to be able to edit and delete posts, but only after making that user a global admin. I have users that I want to be moderators in a channel but not have the abilities of an admin. I've cross-posted an issue to stream-chat-react: Allow Moderators to Edit and Delete Messages Without Being Admin.
Newbie to Parse Server here.
I have an app which reads data from Parse Server and displays it to users without logging them in.
I want to create another 'Admin' app which will allow ONLY ONE pre-populated admin user to login and change the data. Is this possible via Facebook login? I would prefer Facebook login because with normal (user, password) login I can't implement 2FA easily on Parse Server. Facebook login would take care of the issue since the user is already logged into Facebook using 2FA.
Is this possible? Any suggestions / pointers would be appreciated. I am coding both apps in React Native. The first app is complete.
The type of login has nothing to do with the abilities a user has. The simplest solution for your desired setup is using class-level permissions:
create a new Role object and name it accordingly, e.g. admin
add your admin user to that role
set class-level permissions for your data classes: grant public read access, limit write access to the admin role
Now every user can see all the data, but only members of the admin role are able to manipulate them. If you want you can add more users to the role to also give them write access.
BTW: all these steps can be performed in Parse Dashboard, no coding required.
EDIT
Actually you can have it even simpler, the class-level permissions can also be granted to a single user -- so no need for a role, if you really only need one admin.
I have a shop function, where a user can send his basket without being logged in. He only has to register with the sr_feuser_register form and when the form is valid and the user is stored I forward to my basket send function, here I want to read the user with uid from the FrontendUserRepository, but I always get back a null object here. Is it possible, that my controller can not read userdata while the User is not logged in? I also checked while I activated the user dataset manually - same result, null)
Georg
I am working on a Titanium Alloy project where in I am creating custom objects using ACS. I also have different users in the Users ACS. I wish to associate a particular custom object to a particular logged in user.
For example, If user A is logged in the custom object created by that user should be associated to user A. Same for user B and so on. How do I create this association? Currently my Custom objects get created but they are not associated to the logged in user.
After a little discussion, I realised I should add my scenario too.
My scenario is, a user changes a few settings using the toggle switch. This information should be stored for a user and later on push notification for selected settings should be sent to the user.
Any help in this regard is greatly appreciated.
Regards,
Shreerang
So i think you should store custom object in database with its user name so whenever you want you can get back with user's name.
I want to use a single form to login normal users and admins, i have a flag on entity 'isAdmin'. If it's an admin redirect to panel and set ROLE_ADMIN, if not redirect to site and set ROLE_USER.
this is possible, have other method to do this?
That seems to make no sense at all. You should set the user's role on registration not on login.
When user loggs in you can retrieve its object from database and get the role attribute to decide which view to load.
Check the console commands for fosuserbundle, you can "promote" a user with the ROLE_ADMIN. On every login he'll be assigned with that role automatically.
It won't be working with a "isAdmin" flag on your Model Entity, more likely to use a mechanism provided by fosuserbundle itself (didn't dig into that myself to be honest).
You also might want to check out https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Resources/doc/groups.md