Iām trying to secure my user management system, in which only the users with Role Administrator can assign users to certain Roles.
Iām using this cloud function to changes roles based on a role name and user id, which works fine:
// change user role
Moralis.Cloud.define('changeRole', async (request) => {
const userQuery = new Moralis.Query(Moralis.User);
userQuery.equalTo('objectId', request.params.userId);
const userObject = await userQuery.first({useMasterKey:true});
const roleQuery = new Moralis.Query(Moralis.Role)
const roles = await roleQuery.find({ useMasterKey: true })
for (let i = 0; i < roles.length; i++) {
if (roles[i].get('name') === request.params.roleName) {
logger.info(roles[i].get('name'))
roles[i].getUsers().add(userObject)
} else {
roles[i].getUsers().remove(userObject)
}
roles[i].save()
}
return request.params.roleName
},{
fields : ['roleName', 'userId'],
requireUser: true
})
But I only want users with the Administrator role to be able to change Role data.
Iāve tried 2 things:
- setting CLP to āRole: Administratorā with full access
- setting the ACL on all Roles to āRole: Administratorā with full access
None of these work, Iām not able to write when those are set, only when everything is set to Public access.
How do you use/identify Roles in cloud functions or should I use this client side?
Also, can you validate a cloud function on a Role, something like requireRole: āAdministratorā?