I created a database class for which I want to have public read access but only allow the user that created an object to edit that object. The class stores the user that created the object as a pointer.
I created that class level permission as in the screenshot
but when trying to create a new object I am getting a permission error
Error: Permission denied for action create on class PlayerMatches.
at Function.validatePermission (/moralis-server/lib/Controllers/SchemaController.js:1494:13)
at SchemaController.validatePermission (/moralis-server/lib/Controllers/SchemaController.js:1517:29)
at /moralis-server/lib/Controllers/DatabaseController.js:810:63
at runMicrotasks (<anonymous>)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
If I understand correctly, because the user is not created yet the pointer wont match the incoming request as the pointer is empty. If the object would exist with the user pointer I could edit the object but as it doesn’t exit yet it fails
If I enable write access on public, I can created the object, but then anyone can override the object.
From reading the docs I thought, it should be easy to create a class that is user write protected with public read access by using pointer permissions.
Am I doing something wrong here or is the only way to do this to set the Object ACL to allow only write access to the user when creating the object?