Parse中的属性级访问控制

时间:2014-11-06 16:44:12

标签: security parse-platform acl

Data & Security guide at Parse.com描述了如何控制类和对象级别的访问。我正在寻找一种方法来限制所有用户的类的某些属性的写权限。如何实现这一目标?

我的想法是使用一对一关系并限制对相关类的访问。然而,这并不像规范的方式......

1 个答案:

答案 0 :(得分:1)

最简单的方法是使用云代码。您可以这样做:

Parse.Cloud.beforeSave("YourObject", function(request, response)
{
    // Find a way to decide if writing is allowed.
    var writingForbidden = (request.master === false);

    if (writingForbidden)
    {
        var readOnlyProperties = ["property1", "property2", "property3", "..."];

        var dirtyProperties = request.object.dirtyKeys();
        for (i = 0 ; i < dirtyProperties.length ; i++) {
            var dirtyProperty = dirtyProperties[i];
            if (readOnlyProperties.indexOf(dirtyProperty) > -1) {
                return response.error("Trying to change a readonly property : " + dirtyProperty);
            }
        }
    }

    return response.success();
}