Closed
Description
ISSUE DESCRIPTION
I just upgraded from v 3.10.0 to 4.0.0 and to my surprise the Granular CLP pointer permissions
#6352 affected any query from unauthenticated clients where the query.where('x', equalTo: POINTER)
was used.
I tried to revert back to 3.10.0 but going to 4.0.0 seemed to change the default CLP pointer permissions. And in the Dashboard it's not letting me add direct CLP pointer permissions for some reason.
.
HELP
- Do I have no other choice but to add CLP pointer permissions to all objects with pointers?
- If so, the documentation states like the screenshot below. However, it is unclear to me how and where to add a version of this through iOS, JavaScript, or the Dashboard.
- How would the permission for querying with pointers for unauthenticated users be integrated in the
classLevelPermission
?
.
REFERENCE
What changed in #6352 :
Where I'm stuck:
{
classLevelPermissions:
{
"find": {
"requiresAuthentication": false,
"role:admin": true
},
"get": {
"requiresAuthentication": false,
"role:admin": true
},
"create": {
"requiresAuthentication": true,
"role:admin": true
},
"update": {
"requiresAuthentication": true,
"role:admin": true
},
"delete": { "role:admin": true }
"pointer???": { ???? }
}
}
Metadata
Metadata
Assignees
Labels
No labels