Skip to content

Unauth queries with pointers don't work after Granular CLP pointer permissions #6352 #6740

Closed
@santiagoprieto

Description

@santiagoprieto

ISSUE DESCRIPTION

I just upgraded from v 3.10.0 to 4.0.0 and to my surprise the Granular CLP pointer permissions #6352 affected any query from unauthenticated clients where the query.where('x', equalTo: POINTER) was used.

I tried to revert back to 3.10.0 but going to 4.0.0 seemed to change the default CLP pointer permissions. And in the Dashboard it's not letting me add direct CLP pointer permissions for some reason.

.
HELP

  1. Do I have no other choice but to add CLP pointer permissions to all objects with pointers?
  2. If so, the documentation states like the screenshot below. However, it is unclear to me how and where to add a version of this through iOS, JavaScript, or the Dashboard.
  3. How would the permission for querying with pointers for unauthenticated users be integrated in the classLevelPermission?

.
REFERENCE

What changed in #6352 :
Screen Shot 2020-06-17 at 3 40 23 PM

What the documentation says:
Screen Shot 2020-06-17 at 3 25 04 PM
Screen Shot 2020-06-17 at 3 36 01 PM

Where I'm stuck:

{
  classLevelPermissions:
  {
    "find": {
      "requiresAuthentication": false,
      "role:admin": true
    },
    "get": {
      "requiresAuthentication": false,
      "role:admin": true
    },
    "create": {
      "requiresAuthentication": true,
       "role:admin": true
     },
    "update": { 
      "requiresAuthentication": true,
      "role:admin": true
    },
    "delete": { "role:admin": true }
    "pointer???": { ???? }
  }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions