ACL on client or server side

hi, my code

var user = Moralis.User.current();
user.setACL(new Moralis.ACL(user));

if set ACLs in client js code , I think this is not security, how to I can security my code, thank for help

You normally set permissions in Cloud Code on the server not in the client
For example when a new user signs up - you set up ACL in afterSave trigger

Read docs on Security and Triggers

What you can do on client-side is to allow the users to change whether other users should be able to see some of their private data

ok, thank for help, i will read it

Hi, the Trigger afterSave for user in moralis it not run, is there any other way?

try beforeSave instead

Now with beforeSave, i cant get any params or object user in current, why?

my code

Moralis.Cloud.beforeSave(Moralis.User, async function(request) {'before save user')
  var user = Moralis.User.current();

What you see if you try;?