Permission denied for action create on class <...>

Shine · November 7, 2021, 5:55pm

After setting up CLP on class Article like the following:

here is how it looks like when I hit the schema endpoint:

{
    "className": "Article",
    "fields": {
        "objectId": {
            "type": "String"
        },
        "createdAt": {
            "type": "Date"
        },
        "updatedAt": {
            "type": "Date"
        },
        "ACL": {
            "type": "ACL"
        },
        "title": {
            "type": "String"
        },
        "url": {
            "type": "String"
        },
        "votes": {
            "type": "Array"
        },
        "submittedBy": {
            "type": "Pointer",
            "targetClass": "_User"
        }
    },
    "classLevelPermissions": {
        "find": {
            "*": true
        },
        "count": {
            "*": true
        },
        "get": {
            "*": true
        },
        "create": {
            "role:Contributor": true
        },
        "update": {},
        "delete": {},
        "addField": {},
        "protectedFields": {}
    },
    "indexes": {
        "_id_": {
            "_id": 1
        }
    }
}

I am getting Permission denied for action create on class Article. error while trying to create a new object in that class with the user who has the Contributor role.

I am not sure what I am doing wrong?

cryptokid · November 7, 2021, 6:06pm

if you set more permissions then it starts to work at some point?

Shine · November 7, 2021, 6:14pm

I have added all permission to the role and still getting the same error.

cryptokid · November 7, 2021, 6:16pm

you can try to add more permissions on the above lines too

Shine · November 7, 2021, 6:21pm

If I add the Create permission on Public row it works.

If i add the Create permission on the Authenticated row i get the following error:
Permission denied, user needs to be authenticated.
which is very strange as the user is authenticated actually.

?

Shine · November 7, 2021, 6:44pm

Actually, I think this problem is on my side.

I am actually not saving objects directly from the frontend but trough a cloud function instead. That is why CLP is failing.

How can I check if the user has a certain role in the cloud function? If i run
role.getUsers() on a particular role i get the following

{
  "__type": "Relation",
  "className": "_User"
}

What I really want is to get a list of users in that relation. How do I do that?

cryptokid · November 7, 2021, 6:47pm

your question sounds similar to this answer: Add more integration of User Roles to the api

Shine · November 7, 2021, 7:10pm

Thanks a lot.

So instead of querying if the user is in the role, i should query just what is the role of the user.

However, in the cloud function Is it possible to somehow pass the request object to the save method in order not to have to validate the roles in the cloud functions directly?

Do you know what I mean?

cryptokid · November 7, 2021, 7:19pm

it looks like you could try to add a role validation for a specific cloud function

Shine · November 7, 2021, 7:36pm

This is exactly what I am looking for but just tried it and it doesn’t seem to work.

It seems its a recent parse feature. Do you know which version is Moralis using under the hood?

Shine · November 7, 2021, 7:38pm

Looks like its only released some days ago

cryptokid · November 7, 2021, 7:40pm

I don’t know the exact version of Parse that Moralis is using, but I know that it is not Parse 5, it is a version of Parse 4