Skip to content

MasterKey, Users email and edition #3301

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Amex22 opened this issue Dec 30, 2016 · 10 comments
Closed

MasterKey, Users email and edition #3301

Amex22 opened this issue Dec 30, 2016 · 10 comments

Comments

@Amex22
Copy link

Amex22 commented Dec 30, 2016
edited
Loading

Since update 2.3.0, emails field is not returned anymore for Parse.User queries.

Using masterkey in the client (javascript) for testing is working as expected.

I would like to know if there is a way to add the masterkey in a cloud based code for Parse.User queries if the request.user have the appropriate role, like Moderator or Administrator.

It would be great to be able to do something like (a little bit like Parse.Cloud.useMasterKey())

Parse.Cloud.beforeFind('_User', function(request) { 
//check if request.user has appropriate role then
request.master = true;
});

That is my problem. Any idea ?

Could also be useful in a beforesave user, in order to edit another user without having the "cannot modify user XXXX" and without having to write a specific cloud code function.
@Eyesony
Copy link

Eyesony commented Jan 1, 2017

Similar issue here.

I tried to query on a custom class with a pointer to Parse.User.
Also the query does include that pointer correctly.
After query succeeded, I could get that user's data, but email is missing.

Tried both theUser.get('email') and theUser.getEmail()

@Amex22
Copy link
Author

Amex22 commented Jan 10, 2017

Any idea @acinader ? Sorry for notifying you, but you're the one who changed the email thing in #3158 :)

@acinader
Copy link
Contributor

hey @Amex22. Sorry my change is causing your grief! Again, my goal was to mimic what parse.com did....

I see two potential solutions for you here:

  1. the way i implemented Strip personally identifiable information from user table for unautho… #3158, it is not possible to "unset" email as sensitive field as it is always merged into any config to set additional fields. You could change that. It wouldn't be a big a change and I'd be game to accept it.

  2. You could write a cloud function to return the data you want and use the master key in it.

@Amex22
Copy link
Author

Amex22 commented Jan 11, 2017

Hi @acinader ! Thanks you for your answer. I'm not blaming you for your changes, in fact, I am ok with the fact that we need to mimic parse.com.

But on parse.com, we had the Parse.Cloud.useMasterKey() solution. Why not mimic this ?

I would like to avoid doing a specific cloud code function so it would be better to have something like Parse.Cloud.useMasterKey() but I don't think I will have level to do sush a thing.

Why closing this topic ?

@natanrolnik
Copy link
Contributor

@Amex22 the way Parse.com and parse server run Cloud code is very different. As a consequence, there is no safe way to implement Parse.Cloud.useMasterKey() without messing other clients requests.
But I like your request.master = true; idea

@Amex22
Copy link
Author

Amex22 commented Jan 11, 2017

I like it too :) , but I don't have the level to do this.

@natanrolnik
Copy link
Contributor

natanrolnik commented Jan 11, 2017
edited
Loading

@Amex22 it's just a matter of effort, the source is available for everyone

@Amex22
Copy link
Author

Amex22 commented Jan 11, 2017

@natanrolnik well, I know, my doubt is more about my dev skills...

@acinader
Copy link
Contributor

acinader commented Jan 11, 2017
edited
Loading

@Amex22 you can re-open if you like. I closed it because I think I gave you two possible solutions to the specific question you asked: how to get the email address.

  1. Amending my change to allow you to override the hiding of email would not be difficult to do and I'd be glad to review and help you with the change.

  2. You could also use the alternate solution of making a cloud function that uses the master key. I understand that you'd rather not do that, but you can, and it'd work now.

the useMasterKey option is the solution that parse-server currently uses for the master key problem. It's reasonable for you to request an alternate solution, but I'm not going to undertake figuring out how that might be possibly implemented at this time and I don't think you're going to find any of the other currently active contributors to either, given the other priorities we have to make parse-server a great, stable and easy to use solution.

This was referenced Jan 18, 2017
Closed
Closed
@Amex22
Copy link
Author

Amex22 commented Feb 4, 2017

Hi ! I don't understand, you say you want to mimic what parse.com did, but parse.com DID offer a solution (useMasterKey).
As @MBDeveloper says (#3415), it's not always possible to make a specific cloud fonction for everything, as we may getting the user object from many other objects that have a pointer to the user object... and others cases...

I tried to make something like I suggested :

Parse.Cloud.beforeFind('_User', function(request) { 
//check if request.user has appropriate role then
request.master = true;
});

but i failed.... I'm sure that this is the solution to all our problems

@mross22 mross22 mentioned this issue Apr 20, 2017
Closed
@natanrolnik natanrolnik marked this as a duplicate of #4028 Jul 20, 2017
@natanrolnik natanrolnik mentioned this issue Jul 20, 2017
Closed
@snyk-bot snyk-bot mentioned this issue Sep 4, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@acinader @natanrolnik @Eyesony @Amex22