Parse-server: Query with current user in cloud function

Created on 18 Mar 2016  Â·  12Comments  Â·  Source: parse-community/parse-server

For implementation related questions or technical support, please refer to the stackoverflow community.

Make sure these boxes are checked before submitting your issue -- thanks for reporting issues back to Parse Server!

  • [ ✓ ] You've met the prerequisites.
  • [ ✓ ] You're running the latest version of Parse Server.
  • [ ✓ ] You've searched through existing issues. Chances are that your issue has been reported or resolved before.

Environment Setup

Steps to reproduce

  1. Create one user

    curl -X POST -H "X-Parse-Application-Id: f15RG3DbyKXrMEVH1u9HVKGuCynEIwy41VnH7Kuw" -H "Content-Type: application/json" -d '{"username":"digbick","password":"qwerty"}' https://fathomless-earth-52600.herokuapp.com/parse/users

    Sample output

    {"objectId":"hwoH7ADeBo","createdAt":"2016-03-18T10:33:49.770Z","sessionToken":"r:f84be29e1edc20803b203e3d6c9b2e18"}

  2. Create a private Settings object for this user using an ACL like "ACL":{"hwoH7ADeBo":{"read":true,"write":true}} (note the usage of the session token obtained in step 1)

    curl -X POST -H "X-Parse-Application-Id: f15RG3DbyKXrMEVH1u9HVKGuCynEIwy41VnH7Kuw" -H "X-Parse-Session-Token: r:f84be29e1edc20803b203e3d6c9b2e18" -H "Content-Type: application/json" -d '{"user":{"__type":"Pointer","className":"_User","objectId":"hwoH7ADeBo"}, "saveOriginalPhotos":true, "ACL":{"hwoH7ADeBo":{"read":true,"write":true}}}' https://fathomless-earth-52600.herokuapp.com/parse/classes/Settings

  3. Fetch all Settings objects (using the session token again)

    curl -X GET -H "X-Parse-Application-Id: f15RG3DbyKXrMEVH1u9HVKGuCynEIwy41VnH7Kuw" -H "X-Parse-Session-Token: r:f84be29e1edc20803b203e3d6c9b2e18" -H "Content-Type: application/json" -d '{}' https://fathomless-earth-52600.herokuapp.com/parse/classes/Settings

    Expect an output as follows

    {"results":[{"ACL":{"hwoH7ADeBo":{"read":true,"write":true}},"objectId":"ZFrrUgrgaR","user":{"__type":"Pointer","className":"_User","objectId":"hwoH7ADeBo"},"saveOriginalPhotos":true,"updatedAt":"2016-03-18T10:36:45.017Z","createdAt":"2016-03-18T10:36:45.017Z"}]}

    And also, if you fetch all Settings without the session token, that is

    curl -X GET -H "X-Parse-Application-Id: f15RG3DbyKXrMEVH1u9HVKGuCynEIwy41VnH7Kuw" -H "Content-Type: application/json" -d '{}' https://fathomless-earth-52600.herokuapp.com/parse/classes/Settings

    You should get

    {"results":[]}

    Which makes sense.

  4. Create a cloud function which fetches all Settings and returns them

    Parse.Cloud.define('getSettings', function(req, res) {
 var query = new Parse.Query("Settings");
 query.find().then(function(settings) {
   res.success(settings);
 }, function(error) {
   res.error(error);
 });
});

  5. Call the getSettings cloud function sending the session token as well

    curl -X POST -H "X-Parse-Application-Id: f15RG3DbyKXrMEVH1u9HVKGuCynEIwy41VnH7Kuw" -H "X-Parse-Session-Token: r:f84be29e1edc20803b203e3d6c9b2e18" -H "Content-Type: application/json" -d '{}' https://fathomless-earth-52600.herokuapp.com/parse/functions/getSettings

    It returns nothing

    {"result":[]}

    That is, the current user is not being taken into account when querying objects in cloud code, and so, all queries behave like we're not logged in.

picture xissburg

Most helpful comment

This is expected. In Node, there is no concept of a current user. You need to be explicit about each call.

Try this:

Parse.Cloud.define('getSettings', function(req, res) {
  var query = new Parse.Query("Settings");
  query.find({ sessionToken: req.user.getSessionToken() }).then(function(settings) {
    res.success(settings);
  }, function(error) {
    res.error(error);
  });
});

You can also use the master key on individual calls:

query.find({ useMasterKey: true }).then(...
obj.save(null, { useMasterKey: true }).then(...
picture gfosco on 18 Mar 2016
👍6 😕2

All 12 comments

I also get zero results in the API Console in Parse Dashboard. This must be related to https://github.com/ParsePlatform/parse-server/issues/1084.

xissburg picture xissburg on 18 Mar 2016

See my comment on #1084, I think I may have found the source of the issue, although not a fix as yet as not enough time today...

oli107 picture oli107 on 18 Mar 2016

This is expected. In Node, there is no concept of a current user. You need to be explicit about each call.

Try this:

Parse.Cloud.define('getSettings', function(req, res) {
  var query = new Parse.Query("Settings");
  query.find({ sessionToken: req.user.getSessionToken() }).then(function(settings) {
    res.success(settings);
  }, function(error) {
    res.error(error);
  });
});

You can also use the master key on individual calls:

query.find({ useMasterKey: true }).then(...
obj.save(null, { useMasterKey: true }).then(...
gfosco picture gfosco on 18 Mar 2016
👍6 😕2

@gfosco Thanks for the reply. Is this mentioned anywhere in the documentation? If not, it definitely should be.

xissburg picture xissburg on 18 Mar 2016
👍3

It was, may have gone missing... we definitely need to re-add it.

gfosco picture gfosco on 18 Mar 2016

@gfosco This issue should be mentioned in migration guide.
I've searched few hours until I found this issue.

batkov picture batkov on 19 Mar 2016
👍3

Wouldn't it be cool to have some more intuitive option to manage that?

I hate to try to remember every time "oh what was that key to make query work for current user?"

For example:

var query = Parse.Query("Settings");
query.forCurrentUser(req);
//or query.session(req);
query.find();
pie6k picture pie6k on 12 May 2016
👍4

@gfosco Is it really necessary to include sessionToken option on every request in cloud code?

I noticed that I can use Parse.User.become(req.user.getSessionToken()) in cloud code, however that sets the user for all subsequent cloud function requests as well.

Can you think of any way to pass the req.user.getSessionToken() for all requests made from cloud code functions without specifying on each query/save?

JeremyPlease picture JeremyPlease on 13 May 2016

Hi, I have a similar situation. First I set public read/write to false for one of the classes and tested using the parse api-console. It worked as expected. It didn't return any results. I enabled the public read/write. It still didnt work and I have to "use master key". Do I need to re-launch parse-dashboard session for the settings to get enabled?

Edited:
Please ignore. The issue was in Parse Server 2.2.25 and when i upgraded to Parse Server 2.5.3, it worked fine. Thanks

ksngits picture ksngits on 21 Sep 2017

I agree with @batkov that this should be mentioned in the Parse Server cloud code and REST documentation. I struggled for about 2 hours, searching through the docs,to find out how to query for classes belonging to a particular user, until I found @gfosco post above. Thanks @gfosco!

ian-dowhile picture ian-dowhile on 6 Mar 2018

@ian-dowhile this is mentioned here in the parse-server guide: http://docs.parseplatform.org/parse-server/guide/#no-current-user

flovilmart picture flovilmart on 6 Mar 2018

@flovilmart I missed that, sorry. Thanks for pointing me in the right direction!

ian-dowhile picture ian-dowhile on 6 Mar 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

okaris picture okaris  Â·  4Comments
lorki picture lorki  Â·  3Comments
darkprgrmmr picture darkprgrmmr  Â·  4Comments
dcdspace picture dcdspace  Â·  3Comments
ugo-geronimo picture ugo-geronimo  Â·  3Comments