Forum | Appery.io

I'm working on making an Admin interface on my app. I've done enough research to know that I'm doing it right. I've reviewed this through following resources:
ul
liWorking with the database API: Updating Users/li
liMapping Request Parameters For Updating users in Parse /li
liUpdating User Information/li
/ul
Even so, every time I send the request from the app, I get a PUT 403 (Forbidden) error. Below is my configuration.

Settings

Request

Response

These values were created from a manual test (from Test tab).

Using the Test tab, I was able to get the request to work. The only difference between how it is submitting from the Test tab and from the UI is that the ACL value is actually being sent as an object, were as from the UI it sends either codeacl:{_id:{read:true,write:true}}/code (where the _id value needs to be the actual sender's ID but its just sending the variable name instead), or as a string (which is not valid). It seems that nothing I do grants the user [admin] the access needed to modify user accounts without granting emeveryone/em access. Is there something I'm doing wrong? I highly doubt it is my configuration since I'm able to get it working from the Test tab.

Hello,

Do you invoke updating service after login service? The matter is that for tab "test" you should do the same to get session token.

Yes, the user is logged in and can only access the update service after authenticating. I've mapped the session token appropriately and still get 403. Using the same token and values on the Test tab works though.

Could you specify the full text of the error?

The error is code{"code":"DBUU333","description":"Access denied: you don't have write permission on specified object"}/code

Hi,

Please share your app and DB with a href="mailto:support@appery.io" rel="nofollow"support@appery.io/a and specify its name. Also, inform us what service we should test.

Done! Sent an email as well to a href="mailto:support@appery.io" rel="nofollow"support@appery.io/a detailing the service

Hello!

For user Koford you've set acl as follows
pre "acl":{
"*":{
"read":true
},
"532dbe6be4b07b0d80150cc2":{
"read":true,
"write":true
}
}/prethat means everyone can read his data, but only user himself can edit it because there is set user's id 532dbe6be4b07b0d80150cc2. If you want to allow data editing by admin, you need to change id.

Ideally this would work. The problem is that the user's ID value is never being set in the object on-send. Whenever I attempt to pass in the user ID (from a local storage variable), the variable value does not replaces the variable name. This means that when I inspect the request, the value appears as:
code"acl":{
"":{
"read":true
},
value:{
"read":true,
"write":true
}
}/code
which is, in part, the source of the error. For testing purposes, I also tested sending the request with an ACL as:
code"acl":{
"":{
"read":true,
"write":true
}
}/code
and that failed as well.

Please post mapping screenshot and JS you use in mapping to acl (acl is an object and you need to use JS).