How to view user data with new security settings?

phyx1u5 · June 5, 2021, 6:28pm

I have an object which has a pointer to the user that created it, because users are no longer publicly readable i cant access the relevant user information anymore such as username and profile photo.

I really need some help to walk me through how to setup a cloud function that can make my query.first function able to get the information of the user in the pointer.
Yes i have looked at the documentation, but after much time trying to get it to work i still cant get it working.

this is quite a frustrating change, although i do understand why the Moralis devs did it. but help asap would be great as the hackathon deadline is nearing.

any help would be really appreciated thanks!

also does the beforeFind trigger work for query.first as well or only query.find?

ivan · June 5, 2021, 6:49pm

What do you mean changed?
We haven’t changed the user recently.

If you need to share info about a user with other users - I would create a new Class called “UserInfo” with open ACL for other users to read and put all info that other users should access there.

User is a Class for storing sensitive user info and mostly it can only be read by the user that created it.

Moralis doesn’t have column level ACL - only Class level ACL, so to share data between users - you need to put it in separate class, data that should only be read by the actual User - you put in User Class

phyx1u5 · June 5, 2021, 7:11pm

ok I understand now, thank you

Great-Spirit · June 6, 2021, 6:09am

We are looking to integrate a model of users-groups-roles for a more fine grained control of who can see what and and who can do what for both Back Office of Registrar by staff and the Front Office visitors.

the above seems like key details @CasNWK will need for ACL implementation.

so thanks in advance

Cacao