business logic code not finding elements in query

jdev · April 28, 2016, 4:18pm

I’m trying out business logic for the first time, but I’m not able to retrieve any elements from a table.
Using the Quick Start Example, I’ve added this extra code to the trigger “before” creating an Order, to retrieve elements from another table called “Comments”:

@Asset( "Order" )
public class OrderTableEventHandler extends com.backendless.servercode.extension.PersistenceExtender&lt;Order&gt;
{
 
 @Override
 public void beforeCreate( RunnerContext context, Order order) throws Exception
 {
 // add your code here


 System.out.println( "Printing orderId: " + order.getObjectId());
 System.out.println( "About to insert modified Order object into the data store" );
 String customerName = order.getCustomername();
 System.out.println( "?ustomer name received from client - " + customerName );
 order.setCustomername( customerName.toUpperCase() );
 System.out.println( "?ustomer name after the change - " + order.getCustomername() );


 String whereClause = "message = 'some message'";
 BackendlessDataQuery dataQuery = new BackendlessDataQuery();
 dataQuery.setWhereClause( whereClause );
 System.out.println("dataQuery = " + dataQuery);
 BackendlessCollection&lt;Comment&gt; result = Backendless.Persistence.of(Comment.class).find(dataQuery);
 System.out.println("After result = " + result);
 for (Comment comment: result.getData()) {
 System.out.println(comment.getAuthorEmail() + " - " + comment.getObjectId());
 }
 }
 
}

I’ve tried that exact query in the Backendless Data browser, and it filters to the 2 rows that should appear.
I have set permissions in a way that a NotAuthenticatedUser has every action set to “Deny”, AuthenticatedUser the same except for creating objects, which they can.
And finally ServerCodeUser is allowed to perform any action. And the owners policy is to allow all the actions (Find, Remove and Update).
When I execute this code, I get no results. Moreover, if I don’t use the dataQuery and just perform a find() operation, it doesn’t return any results as well.

What am I doing wrong??

oleg-vyalyh · April 29, 2016, 8:25am

Hi, jdev.
I am trying to reproduce your situation.

jdev · April 29, 2016, 8:55am

Any success? Do yo need any more info? Thanks!

jdev · April 29, 2016, 9:35am

I have changed the NotAuthenticatedUser Role Permission to Grant Find operations, and it returns the 2 values it was supposed to return.

So it’s a matter of permissions… I guess that I need to make some sort of sign in in the business logic code with a ServerCodeUser Role, but I haven’t found how yet.

oleg-vyalyh · April 29, 2016, 11:00am

This is strange behavior.
I opened inner task 12539.
To work now, try forcibly grant permission to ServerCodeUser (Find) for table from which you try to receive data.
This must help.

jdev · April 29, 2016, 11:40am

I already assigned those permissions to the ServerCodeUser but still doesn’t work. The only way I have been able so far is to grant permissions to NonAuthenticatedUser Role, but this shouldn’t be the way to go.

I have seen this other thread which might be related but I don’t completely understand what Mark is trying to say:
http://support.backendless.com/t/setting-acl-on-object-fails-in-custombusinesslogic#comment-7428

By default the backend code does not impersonate any users, it runs all the invocations as a NonAuthenticatedUser. However, any invocations coming from server-code will have the ServerCodeUser role assigned to them

First he says that all invocations will be as a NonAuthenticathedUser, and right after that says the opposite, saying that any invocations coming from server-code will have ServerCodeUser role…

2nd statement is not working for me.

In this other link: https://backendless.com/documentation/users/android/users_user_roles.htm
Security Role - Role is assigned when API uses secret key:
ASUser - ActionScript secret key
AndroidUser - Android secret key
DotNetUser - .NET secret key
IOSUser - iOS secret key
JSUser - JavaScript secret key
RestUser - REST secret key
ServerCodeUser - CodeRunner secret key

it looks like ServerCodeUser is just being used from CodeRunner…

Please let me know what arises in the inner task you opened. In the meanwhile I’m going to try to set a BackendSuperUser Role with all privileges, and log him in from the Server Code before performing any other operation.

Thanks

mark-piller · April 30, 2016, 2:49am

By default the backend code does not impersonate any users, it runs all the invocations as a NonAuthenticatedUser. However, any invocations coming from server-code will have the ServerCodeUser role assigned to them.
First he says that all invocations will be as a NonAuthenticathedUser, and right after that says the opposite, saying that any invocations coming from server-code will have ServerCodeUser role...

There is nothing here that says “the opposite”. Both statements are true. A single request CAN have both roles (NotAuthenticatedUser AND ServerCodeUser). Backendless supports multiple roles per user. So there is nothing here that would be contradictory.

If you disabled access to the NonAuthenticatedUser role, that explains why you’re getting no result, even if ServerCodeUser has the permission to fetch data.

jdev · April 30, 2016, 10:11am

Ok, I’m sorry. I thought NonAuthenticatedUser would be exclusive from other roles, since all others, one would say they are all authenticated…

Anyhow, I don’t want any NonAuthenticatedUser having permissions to do any operations but create objects. It wouldn’t be secure.

Is there any way to give priority to one Role above other?

How else could I get this behaviour?

Thanks!

mark-piller · April 30, 2016, 1:37pm

I would recommend creating a special user in the Users table. In your business logic use the Backendless.UserService.login(userid,password) API. This way the business logic requests will be performed with the AuthenticatedUser role.