[SOLVED] useMasterKey with object.destroy() not working

Technical Issue Reporting
#1

Hello everyone,

I’m not being able to use the function “destroy” with master key, it keeps saying “permission denied” when I’ve my CLP just with read access.

I already tried obj.destroy(null, {useMasterKey:true}) and also obj.destroy({useMasterKey:true}) and none of them work.

Here is my cloud function:

Moralis.Cloud.beforeSave("PiecesSaleCancelled", async (request) => {
  if (!request.object.get("confirmed")) return;

  const tokenId = request.object.get("tokenId");
  const item = await new Moralis.Query("PiecesOnSale")
    .equalTo("tokenId", tokenId)
    .first({ useMasterKey: true });
  const modeOnSale = await new Moralis.Query("Mode").equalTo("Id", 2);
  const modeAvailable = await new Moralis.Query("Mode")
    .equalTo("Id", 1)
    .first();

  const robotsOnSale = await new Moralis.Query("MintedPieces")
    .matchesQuery("Mode", modeOnSale)
    .equalTo("TokenId", +tokenId)
    .first();
  robotsOnSale.set("Mode", modeAvailable);
  robotsOnSale.save(null, { useMasterKey: true }).then((robot) => {
    logger.info("Piece " + tokenId + " Mode set from On Sale to Available");
  });
  if (item) {
    item.destroy({ useMasterKey: true }).then(
      () => {
        logger.info("Piece " + tokenId + " removed from sale with success");
      },
      (error) => {
        logger.error("PiecesSaleCancelled ERROR: " + JSON.stringify(error));
      }
    );
  }
});

Does anyone have any idea why and what to do?

Obs: I’ve “Client Class Creation” disabled and all CLP just with read access.

#2

Thanks for reporting, I have encountered the same issue just now.
Also a beforeSave trigger and this code:

Moralis.Cloud.beforeSave('EthMarketItemsRemoved', async (request) => {
  logger.info('beforeSave EthMarketItemsRemoved triggered')
  const query = new Moralis.Query('EthMarketItems')
  query.equalTo('token_address', request.object.get('token_address'))
  query.equalTo('token_id', request.object.get('token_id'))
  const object = await query.first({useMasterKey:true})
  if (object) {
    object.destroy(null, {useMasterKey:true}).then(() => {
      logger.info('The object was deleted from EthMarketItems.');
    }, (error) => {
      logger.info(error)
    });
  }
})

Resulting in a permission denied error when using CLP no access.

2022-02-09T17:45:05.425Z - Permission denied for action delete on class EthMarketItems.
2022-02-09T17:45:05.393Z - beforeSave EthMarketItemsRemoved triggered

Expected behaviour: a cloud function should be able to have full access with CLP no access, when using object.destroy(null, {useMasterKey:true}).
It works only when setting EthMarketItems to Public Read/Write CLP access.

Quite sure it used to work?

#3

try this syntax: object.destroy({useMasterKey: true});

#4

can confirm this works object.destroy({useMasterKey:true}) :pray:

1 Like