The code snippet below works without a valid token.
var user = DatabaseUser.retrieve(dbId, user_id, includeRefObjects, token);
How is this possible? Isn't a valid token suppose to be mandatory when using this?
I have tried various combinations and it seems to ignore token completely?
Hi Dupdroid.
token is optional here. you can also run your script without token and get successful result.
Its used when you try something for specific.
Regards.
This happens because the default ACL has this:
{"*":{"read":true}....}
this means anyone can read the record. When you change it to 'false' (you can do it directly in the cell or by clicking on the blue ...-icon), you will get an error if a valid token is not specified. We have plans to update the default ACL so that only the owner can access the record. Hope this helps.
Thank you Max, that makes sense.