Problem with ACL

Thu Oct 30, 2014 12:51 am

Problem with acl, i've followed this tutorial http://devcenter.appery.io/tutorials/... . Not working, so with user "a" i create 3 items and when i login with user "b", the user b can see also the items of user "a", and i don't want the user "b" see list's of user "a".

Thu Oct 30, 2014 1:40 am

Any help?

Thu Oct 30, 2014 3:56 am

Hello!

We are working on it.
I will let you know when have more information from developers tea

Thu Oct 30, 2014 4:16 am

Thanks for comments Arina i will stay pending

Thu Oct 30, 2014 5:11 am

Hi Norman,

That's why you have in these items acl with {*: {read: true}} value. That means anyone could read this collection item.

If you want strictly restrict access only by singe user you should pass to create/update service "acl" field with value:

pre

{
"52aceac0e4b07420882b3f12":{"read":true,"write":true}
}

/pre

Where "52aceac0e4b07420882b3f12" is user id you want to grand access to this item.

Regards.

Wed Dec 10, 2014 4:08 pm

Hi Norman

I have to admit i am truly a total newbie to all of this so please be easy on me. I too have followed that tutorial over and over again. I think i have it memorized I've done it so many times, I even went as far as to create a second account thinking I did something wrong while creating the first account. I am having the same problem as Norman. The tutorial give you a sense that at the end each user should see their own list. On my app the registration works great but all users see the same list. Your last comment gives me the impression that there is something missing from that tutorial. In fact your comment leads me to believe the tutorial is telling us to do something we should not do?

At one point it the tutorial reads "Then open the MerchandiseDB_Merchandise_create_service and delete an acl request parameter." This leads me to believe (as someone that does not know much) that im not using "acl" and that @creator is another way of authenticating users. In fact my database has all field populated other then "acl" afer following this tutorial.

Again being new i don't understand the statement used in your last comment. It sorta sounds as if you are saying we can restrict a person using "acl". But how can that be done if we don't know when they have registered? again referring to the tutorial.

I have built a app (very simple one) but this is one of the things I need to check off my todo list. Each time I try to fix it i break the app and have to start over. Is there anyway someone can fix the tutorial so that it includes the "acl" instructions. Or can someone please point me in the right direction. Something more simplified then the working with the database api website. For some reason i find that site to be overwhelming. For a older guy like me..well not that old. Its like drinking a Slurpee to fast. I look at it and get brain freeze.

BTW all of you guys do a fantastic job. Thank you for making this available. I'm sure my issues are just a lack of knowledge on my part for sure.

Bill J

Wed Dec 10, 2014 11:54 pm

Hi Bill,

pre

MerchandiseDB_Merchandise_create_service and delete an acl request parameter." This leads me to believe (as someone that does not know much) that im not using "acl" and that @creator is another way of authenticating users.

/pre

That's not correct. You need to pass acl where only one(current) user could read this item.

So the solution is:

open your create service mapping.
click on acl request parameter JS.
Populate it with following JS code:

pre

//You should specify here your current user id.
var currentUser = "currentUserID";

var acl = {};
acl[currentUser] = {"read": true, "write": false};
acl["*"] = {"read": false, "write": false};
return acl;

/pre

Regards.

Thu Dec 11, 2014 12:23 pm

I had the same problem and solved it with your advice. My question. Why do we use the Session Tokens in this Merchandise - App ?

Fri Dec 12, 2014 12:01 am

Hi Robert,

It's not necessary to pass session token for custom collections to edit item.

Only if set "security collection" option.

See details here: http://devcenter.appery.io/documentat...

Regards.

Wed Jan 07, 2015 10:08 am

Hi
I would just like to ask how I can create an empty collection along with ACL in a way that only logged in users can create objects and then that only the user who has crated the object has read and write privileges?

I appreciate the help.

Regard Jonker