Add more integration of User Roles to the api

As I’m building a CMS, user roles are an important feature.
I’ve been struggling to find the right security implementations concerning Roles:

  1. how to validate user roles in cloud functions: would be lovely to just have
Moralis.Cloud.define('someThing', async (request) => {
  // some thing
},{
  fields : ['someField', 'anotherField'],
  requireUser: true,
  requireRole: ['Editor', 'Other Role']
})

I wrote a function but it’s complicated with the nested relations when you want to figure out that Administrator role is part of Editor for example. It have this now but it only checks for ‘Editor’ and fails to allow Admin users to validate as well:

async function validateUserRole(user, role) {
  const roleQuery = new Moralis.Query(Moralis.Role)
  roleQuery.equalTo('name', role)
  roleQuery.equalTo('users', user)
  return await roleQuery.first({ useMasterKey: true })
}

and

Moralis.Cloud.define('someThing', async (request) => {
  if (!await validateUserRole(request.user, 'Administrator')) throw "No access" // validate user role
  // do stuff that's allowed
})
  1. How do get the role of the current user client side easily
    Could there be an identifier of the user role in the Moralis.User object client side?
    I’m protecting routes based on user roles. Nothing important security wise, cause those are covered by CLP and could function role validation. Just to show other things on the UI/UX.
    Maybe a Moralis.User.getRole(s) method.

I will add it myself for now with a sync Job to add Role info to the User object.

:robot:

I’m in the same boat here. I’d like to see a getRole method for the same reasons of showing messages to users trying to access routes they can’t do anything with.

this works for me:
query = await new Moralis.Query(Moralis.Role).equalTo('users', user).find()