Permission Denied CLP Role #1991
Comments
|
I'll have a look. |
|
Just added a test in the PR I'm working on, does that encompasses what you see? |
|
Thank you and yes it does, essentially creating an admin role with a new user, and then having an object that can only be deleted by the admin role. Only issue is that admins cannot delete the object. |
|
Seems that it works with the PR. |
|
Any ideas? It is strange why it works with the user pointer but not with the role, when the same user is clearly part of the role (see screenshots). |
* Fixes for Pointer Permissions - Fix bug that would leave public CLP when setting a new set of permissions - Sets empty permissions if missing to match parse.com API - Updates tests to reflect changes * Adds regression test for #1991 * Fit -> It
|
Fixed by #1989 |
|
@flovilmart I just updated my server to 2.2.13 and am still experiencing the same issue. My workaround for now is to add the user ids as pointers in CLPs, but obviously that is not a long term solution. Thanks. |
|
@dcdspace I'm experiencing the same issue. Did you resolve this? |
I have a role named "admin" in which users of that role should be able to delete objects. I have created a CLP for that role to allow only admins to delete, but I am getting "Permission Denied For This Action".
I have verified that the user is a member of the admin role, and that I am passing the session token properly by adding a user pointer CLP with delete permissions, and that works.
See the screenshot below of the CLP editor.
The text was updated successfully, but these errors were encountered: