1

i'm trying to make a user login in parse.com with angularjs and after the login a form is shown on the user, but i have a problem. At parse.com i set a user "katikati" to have full access and a user "admin" to get and to find only. as you can see on the image below. enter image description here

And the code below is what i am doing, the login and if the user exists to see the html. But when i login with user "admin" i can still post to my parse.com account. What am i doing wrong???

<!DOCTYPE html>
<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.7/angular.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js"></script>

<script src="http://www.parsecdn.com/js/parse-latest.js"></script>
<meta name="viewport" content="initial-scale=1.0, user-scalable=no">
<meta charset="utf-8">
<title>Testy</title>
<script>
Parse.initialize("APPID", "JSKEY");

angular.module('AuthApp', [])
.run(['$rootScope', function($scope) {
  $scope.scenario = 'Log in';
  $scope.currentUser = Parse.User.current();


  $scope.logIn = function(form) {
    Parse.User.logIn(form.username, form.password, {
      success: function(user) {
        $scope.currentUser = user;
        $scope.$apply();
      },
      error: function(user, error) {
        alert("Unable to log in: " + error.code + " " + error.message);
      }
    });
  };

  $scope.logOut = function(form) {
    Parse.User.logOut();
    $scope.currentUser = null;
  };
}]);

</script>

<script type="text/javascript">
$(document).ready(function() {

    Parse.initialize("APPID", "JSKEY");

    function saveJobApp(objParseFile) {

        var jobApplication = new Parse.Object("magazia");

        var email = document.getElementById('email').value;
        var name = document.getElementById('name').value;
        var description = document.getElementById('description').value;
        var website = document.getElementById('website').value;
        var phone = document.getElementById('phone').value;
        var address = document.getElementById('address').value;
        var latlon = document.getElementById('latlon').value;

        var value = latlon;

        value = value.replace(/[\(\)]/g, '').split(', ');

        console.log(value[0]);
        console.log(value[1]);
        var x = parseFloat(value[0]);
        var y = parseFloat(value[1]);

        var point = new Parse.GeoPoint(x, y);
        jobApplication.set("image", objParseFile);
        jobApplication.set("email", email);
        jobApplication.set("phone", phone);
        jobApplication.set("address", address);
        jobApplication.set("name", name);
        jobApplication.set("website", website);
        jobApplication.set("description", description);
        jobApplication.set("latlon", point);
        jobApplication.save(null, {
            success: function(gameScore) {
                // Execute any logic that should take place after the object is saved.
               /* var photo = gameScore.get("image");
                var name = gameScore.get("name");
                var id = gameScore.id;
                $("#profileImg")[0].src = photo.url();
                $("#objID")[0].innerHTML = id; */



                //edw 8a perasoume to id apo ta magazia sta events gia na exoume to FK apo ta magazia  
            },
            error: function(gameScore, error) {
                // Execute any logic that should take place if the save fails.
                // error is a Parse.Error with an error code and description.
                alert('Failed to create new object, with error code: ' + error.description);
            }
        });
        //var objectId = jobApplication.getObjectId();
        // objectId = document.getElementById("objID").innerHTML;
        // console.log(objectId);

    }


    $('#submitId').on("click", function(e) {
        var fileUploadControl = $("#profilePhotoFileUpload")[0];
        var file = fileUploadControl.files[0];
        var name = file.name; //This does *NOT* need to be a unique name

        var parseFile = new Parse.File(name, file);
        console.log("Done");

        parseFile.save().then(
            function() {
                saveJobApp(parseFile);
            },
            function(error) {
                alert("error");
            }
        );
    });

});
</script>
</head>
<body ng-app="AuthApp">
  <div ng-hide="currentUser">
    <form ng-show="scenario == 'Sign up'">
     <a href="#" ng-click='scenario="Log in"'>Log in</a>
    </form>

    <form ng-show="scenario == 'Log in'">
      <h2>Log in</h2>
      Username: <input type="text" ng-model="user.username" /><br />
      Password: <input type="password" ng-model="user.password" /><br />
      <button ng-click="logIn(user)">Log in</button>
      or <a href="#" ng-click='scenario="Sign up"'>Sign up</a>
    </form>
  </div>

  <div ng-show="currentUser">

    <form id="business_form" method="post">
        <table>
        <tr>
            <td>NAME</td>
            <td><input type="text" id="name"></td>
        </tr>
            <tr>
            <td>Description</td>
            <td><input type="text" id="description"></td>
        </tr>
        <tr>
            <td>Address</td>
            <td><input type="text" id="address"></td>
        </tr>
        <tr>
            <td>LatLon</td>
            <td><input type="text" id="latlon"></td>
        </tr>
        <tr>
            <td>Phone</td>
            <td><input type="text" id="phone"></td>
        </tr>
        <tr>
            <td>Email</td>
            <td><input id="email" name="email" type="email" placeholder="Type your email to create a Mail Link"></td>
        </tr>
        <tr>
            <td>Website</td>
            <td><input type="text" id="website"></td>
        </tr>
        <tr>
            <td>Image</td>
            <td><input type="file" id="profilePhotoFileUpload"></td>
        </tr>
        <tr>
            <td><input type="button" id="submitId" value="submit"></td>
        </tr>
        </table>
    </form>

<input id="pac-input" class="controls" type="text" placeholder="Search Your Place Here">
    <div id="map"></div>
    <script>
// This example adds a search box to a map, using the Google Place Autocomplete
// feature. People can enter geographical searches. The search box will return a
// pick list containing a mix of places and predicted search terms.
function initAutocomplete() {
    var map = new google.maps.Map(document.getElementById('map'), {
        center: {
            lat: 37.58,
            lng: 23.43
        },
        zoom: 6,
        mapTypeId: google.maps.MapTypeId.ROADMAP
    });

    // Create the search box and link it to the UI element.
    var input = document.getElementById('pac-input');
    var searchBox = new google.maps.places.SearchBox(input);
    map.controls[google.maps.ControlPosition.TOP_LEFT].push(input);

    // Bias the SearchBox results towards current map's viewport.
    map.addListener('bounds_changed', function() {
        searchBox.setBounds(map.getBounds());
    });

    var markers = [];
    // [START region_getplaces]
    // Listen for the event fired when the user selects a prediction and retrieve
    // more details for that place.
    searchBox.addListener('places_changed', function() {
        var places = searchBox.getPlaces();

        if (places.length == 0) {
            return;
        }

        // Clear out the old markers.
        markers.forEach(function(marker) {
            marker.setMap(null);
        });
        markers = [];

        // For each place, get the icon, name and location.
        var bounds = new google.maps.LatLngBounds();
        places.forEach(function(place) {
            var icon = {
                url: place.icon,
                size: new google.maps.Size(71, 71),
                origin: new google.maps.Point(0, 0),
                anchor: new google.maps.Point(17, 34),
                scaledSize: new google.maps.Size(25, 25)
            };
            var lat = place.geometry.location.lat();
            var lng = place.geometry.location.lng();
            var latlng = lat + "," + " " + lng;
            var address =
                console.log(latlng);
            document.getElementById("latlon").value = latlng;


            // Create a marker for each place.
            markers.push(new google.maps.Marker({
                map: map,
                icon: icon,
                title: place.name,
                position: place.geometry.location

            }));

            if (place.geometry.viewport) {
                // Only geocodes have viewport.
                bounds.union(place.geometry.viewport);
            } else {
                bounds.extend(place.geometry.location);
            }
        });
        map.fitBounds(bounds);
    });
    // [END region_getplaces]
}
    </script>
    <script src="https://maps.googleapis.com/maps/api/js?key=APIKEY&libraries=places&callback=initAutocomplete"
         async defer></script>

    <button ng-click="logOut(user)">Log out</button>
    </div>
</div>
</body>
</html>

All i'm trying to do is to check if the user is "katikati" he can send data to my app, but if he is "admin" not to send anything at all.

UPDATE

When the user login he can post data to those 3 classes enter image description here

And i want ONLY user "katikati" to be able to post to those 3 classes.

Improve this question
4
  • What do you mean by "can still post to parse.com account"? Because you are just setting admin's permissions on _User class. Admin can still read/write on other classes. Also _User class behaves a bit different than normal security rules. You may want to read this: parse.com/docs/ios/guide#security-security-edge-cases Commented Jan 26, 2016 at 10:57
  • @knshn i will update my code then explaining better what i'm trying to make Commented Jan 26, 2016 at 10:58
  • 1
    If you want only katikati to post those 3 classes, then you should go to every class and set the permissions for katikati and others. Each class has its own permissions. Commented Jan 26, 2016 at 11:05
  • @knshn ok you are right, i went to the class security and i set each user what he can do and now works perfect!! thanks a lot :D post answer to accept it please. Commented Jan 26, 2016 at 11:16

1 Answer 1

Reset to default
1

What you do in the _User permissions only affects the _User class. Each class has its own class level permissions (CLP). To restrict your users write or read a class, you should go to the class settings and change its CLP.

Also, rather than configuring permissions for specific users one by one, it could be better you define some roles in your app.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.