User roles for individual objects - Parse

StackOverflow https://stackoverflow.com/questions/23521051

  •  17-07-2023
  •  | 
  •  

Question

I have an app that allows users to host private chats. The chat can be public(no password to join) or private(password required). It also has settings for who can post in the chat(only the host or anyone who joins). I was thinking of having an "Administrator" role for the host, "User" role for those who can chat, and "Spectator" for those who can view but not chat. If I add a host to the Administrator role for one chat, he/she will be the administrator for all chats. How can I create roles so that if I add users to them, they will only apply to one chat(PFObject)?

Was it helpful?

Solution

I'd suggest creating a cloud code function to create the chat and within it create Chat-specific roles to which you can add users. By using a well-known format (-), you can pretty easily find and manage the role membership. In the example below, I create the Chat and admin role and add the current user (the creator of the chat) as the only member of the admin role (as well as the only one that can modify the admin role).

N.B. If you plan to create a Message class with a pointer to Chat, this won't directly prevent users from creating those objects. You'd likely need some additional cloud code (e.g. a beforeSave hook) to enforce that.

function createChat(name, public) {
    var chat = new Parse.Object("Chat");
    chat.set("public", public);
    chat.set("name", name);

    chat.save().then(function() {
        var id = chat.id;

        // create each role using a well-known format of <chat object id>-<role name>
        var adminRole = new Parse.Role();
        adminRole.setName(id+"-Admin");
        adminRole.relation("users").add(Parse.User.current());

        // add the current user (the creator
        var adminRoleAcl = new Parse.ACL();
        adminRoleAcl.setPublicWriteAccess(false);
        adminRoleAcl.setPublicReadAccess(true);
        adminRoleAcl.setWriteAccess(Parse.User.current(), true);
        adminRole.setACL(adminRoleAcl);

        var chatAcl = new Parse.ACL();
        chatAcl.setPublicWriteAccess(false);
        chatAcl.setPublicReadAccess(public);
        chatAcl.setRoleWriteAccess(id+"-Admin", true);

        chat.setACL(chatAcl);
        return Parse.Object.saveAll([adminRole, chat]);

    }).then(function() {
        // you'd normally have response.success() here
        console.log("done!");
    })
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top