I followed the instructions in the To-Do app in regards to logins, acl, etc. Problem is there are certain instances when a user creates an item within the app, and other users are able to see what that user made.
In one instance I saw that in the database the acl for the item all users could see was set to "*", but I don't know how that's possible if other users are able to create that same item and the acl is fine.
Can someone take a look at my mappings to see if they are correct? 
Hi Jake,
Your mapping looks ok.
Please give us code which is you use in "Add JS" for acl field: http://prntscr.com/4h5tch/direct
Also please take a look in your "trooDB" collection in "acl" field whether is there only acl like {"userid...": {read: true, write: true}} in items.
Regards.
This is what I used; is that right?
Jake,
It looks ok.
So please give us your app public link and describe steps to reproduce this problem.
Also it would be great if you share your DB with us and tell us it name.
Thanks and regards.
Okay, just shared DB with a href="mailto:support@appery.io" rel="nofollow"support@appery.io/a
Application is at http://appery.io/app/mobile-frame?src...
I wish I could reproduce it myself; it seems like it happens some times and not others. I'm working through a ton of scenarios right now so I'll try to reproduce and let you know. In the meantime can you look through the DB and see if there's a problem with the JS or something?
Thanks!! You guys are great.
Should I change this default value for acl??? 
Jake,
Unfortunatly we can not access your DB. Please give us it name.
Also, i've tested your app and see following request:
http://prntscr.com/4h6ynb/direct
This is correct acl for your goals.
We need steps to reproduce this issue. (where we can add item and in DB it will appear with wrong ACL).
Regards.
The DB name is 'troopsDB'.
Currently I have this ACL Code:
var acl = {};
acl[value]= {"read": true, "write": true};
return acl;
Should I have this instead, so other users can't read a different user's info?:
var acl = {};
acl[value]= {"read": true, "write": true};
acl["*"]= {"read": false, "write": false};
return acl;
What would that change do?
So is an "*" in this location right?
Jake,
Your code:
pre
var acl = {};
acl[value]= {"read": true, "write": true};
return acl;
/pre
Exactly what you need.
Also - i can not see "troopsDB" is to be shared with a href="mailto:support@appery.io" rel="nofollow"support@appery.io/a
Regards.