[SOLVED] useMasterKey with object.destroy() not working

Hello everyone,

I’m not being able to use the function “destroy” with master key, it keeps saying “permission denied” when I’ve my CLP just with read access.

I already tried obj.destroy(null, {useMasterKey:true}) and also obj.destroy({useMasterKey:true}) and none of them work.

Here is my cloud function:

Moralis.Cloud.beforeSave("PiecesSaleCancelled", async (request) => {
  if (!request.object.get("confirmed")) return;

  const tokenId = request.object.get("tokenId");
  const item = await new Moralis.Query("PiecesOnSale")
    .equalTo("tokenId", tokenId)
    .first({ useMasterKey: true });
  const modeOnSale = await new Moralis.Query("Mode").equalTo("Id", 2);
  const modeAvailable = await new Moralis.Query("Mode")
    .equalTo("Id", 1)

  const robotsOnSale = await new Moralis.Query("MintedPieces")
    .matchesQuery("Mode", modeOnSale)
    .equalTo("TokenId", +tokenId)
  robotsOnSale.set("Mode", modeAvailable);
  robotsOnSale.save(null, { useMasterKey: true }).then((robot) => {
    logger.info("Piece " + tokenId + " Mode set from On Sale to Available");
  if (item) {
    item.destroy({ useMasterKey: true }).then(
      () => {
        logger.info("Piece " + tokenId + " removed from sale with success");
      (error) => {
        logger.error("PiecesSaleCancelled ERROR: " + JSON.stringify(error));

Does anyone have any idea why and what to do?

Obs: I’ve “Client Class Creation” disabled and all CLP just with read access.

Thanks for reporting, I have encountered the same issue just now.
Also a beforeSave trigger and this code:

Moralis.Cloud.beforeSave('EthMarketItemsRemoved', async (request) => {
  logger.info('beforeSave EthMarketItemsRemoved triggered')
  const query = new Moralis.Query('EthMarketItems')
  query.equalTo('token_address', request.object.get('token_address'))
  query.equalTo('token_id', request.object.get('token_id'))
  const object = await query.first({useMasterKey:true})
  if (object) {
    object.destroy(null, {useMasterKey:true}).then(() => {
      logger.info('The object was deleted from EthMarketItems.');
    }, (error) => {

Resulting in a permission denied error when using CLP no access.

2022-02-09T17:45:05.425Z - Permission denied for action delete on class EthMarketItems.
2022-02-09T17:45:05.393Z - beforeSave EthMarketItemsRemoved triggered

Expected behaviour: a cloud function should be able to have full access with CLP no access, when using object.destroy(null, {useMasterKey:true}).
It works only when setting EthMarketItems to Public Read/Write CLP access.

Quite sure it used to work?

try this syntax: object.destroy({useMasterKey: true});

can confirm this works object.destroy({useMasterKey:true}) :pray:

1 Like