Business Login Service Event Handlers Run under any specific Role? OR will it run under Logged-In User making specific request
I see a role called “ServerCodeUser”, Is it used someway?
Just trying to see if i can move all Permissions to Business Logic rather than in Javascript code where its kind of exposing.
Thanks
Adding to above, to give more clarity on what i am planning to do.
a. Register User
b. Write Business Logic on Users for afterRegister event handler
Assign Role to the user
Now considering this, i am hoping
point (a) - would be running with role NonAuthenticatedUser ( i gave create permissions only)
point b) - i am hoping this runs with ServerCodeUser (i set Update, Permissions permissions ) and i can find and assign role.
but as per log, it looks like its running with NonAuthenticatedUser Only and fails as it don’t have find & Permissions permissions.
{ context:
{ ___jsonclass: 'com.backendless.servercode.RunnerContext',
deviceType: 'REST',
userRoles: [ 'NotAuthenticatedUser' ],
userToken: null,
prematureResult: null,
missingProperties: null,
appId: 'EEE6E864-900B-8F1F-FFBD-4D9AA308AF00',
userRole: [ 'NotAuthenticatedUser' ],
userId: null,
eventContext: null },
please guide me if i am missing something here…
Thanks,
Sudheer,
Please see the following section in the doc:
https://backendless.com/documentation/users/rest/users_user_roles.htm
Let me know if it does not make it clearer and does not answer your question.
Regards,
Mark
Thanks Mark. Link helped me understand various roles.
My question is still open.
ex: as mentioned above, i want to Register a user ( request would be made as JSUser and NonAuth). Once data is registered to Users Table, i want to run some permissions scripts providing access to various roles etc which i want to run as part of Business Logic Handler ( afterRegister Event). Since requested user would have NonAuth and JSUser he cannot add to Roles or so. If i can run that process with ServerCodeUser (for which i will pre-allocate Permissions), i feel safe.
To attain this, where should i start using ServiceCodeUser API Key. In afterRegister event handler? I cannot embed that in App anyway.
Thanks
Hi Sudheer Kumar,
The ServerCodeUser role is applied when any action is performed from Business Logic scope. If you make any API call from event handlers or timers, ServerCodeUser is applied.
Artur
Thanks Artur.
That is what i was expecting, but if you see the start of this thread, i have printed the context and it has NonAutheticatorUser as Role. That said its running with NonAuth. I even removed permissions for NonAuth and its started failing.
Here is the code, which i was using … please do let me know if i need to add some logging to get more details.
i am using JS in Event Handler
Backendless.ServerCode.User.afterRegister(function(req, res) {
console.log(req);
console.log(res);
console.log(res.result.objectId);
if(res.error == null) {
console.log("byId");
var lastContact = Backendless.Persistence.of( Backendless.User ).findById( res.result.objectId, new Backendless.Async( userById, gotError));
console.log(lastContact);
}
}, true);
Sudheer,
The context you print points to the role of the user who makes the user registration API call.
Not to the role of the user who runs the business logic. The business logic is running with ServerCodeUser role.
Here is a working example of what you are trying to achieve :
Backendless.enablePromises();
Backendless.ServerCode.User.afterRegister((req, res) => {
if (res.result) {
return Backendless.UserService.assignRole(res.result.email, 'MyCustomRole');
}
});
res.result is a user being registered
res.result.email is a value of a field marked in the console as a user identity field
MyCustomRole is a custom role being added to a newly registered user
P.S. the provided example will work for CodeRunner v1.4.1 or above
This is the result:
> coderunner debug
21:49:06.663 - CodeRunner(tm) Backendless Debugging Utility
21:49:06.668 - Copyright(C) 2016 Backendless Corp. All rights reserved.
21:49:06.672 - Version 1.4.2
21:49:07.195 - Starting Debug Code Runner...
21:49:07.210 - Building Model..
21:49:07.210 - Model Build completed
21:49:07.210 - Event handlers (1):
21:49:07.210 - user.afterRegister (async) (app\handlers\user\afterRegister.js)
21:49:07.495 - Registering Code Runner on https://api.backendless.com
21:49:08.164 - Runner successfully registered.
21:49:08.180 - Registering Model on https://api.backendless.com
21:49:08.567 - Model successfully registered
21:49:08.567 - Waiting for Server Code tasks..
21:49:17.915 - [32003A64-0CAD-E19F-FFCE-4745BD7EE100] New task arrived!
......
{ code: 1023,
message: 'User has no permission to change permission for the current table.' }
Following are the Permissions:
Users Table:
NonAuthenticatUser: Create (Yes), Permissiona(N)
ServerCodeUser: All Yes
Server Code (afterRegister.js)
…
Backendless.Data.Permissions.FIND.grantUser(identity.objectId, identity,
new Backendless.Async( userPerm1, gotError));
I am hoping Since Business Logic is running with ServerCodeUser it should work.
Thanks
Hi Sudheer,
Are you trying to assign a role or to grant FIND permissions?
Have you tried the example Vitaly Vengrov provided above?
Also, please make sure your CodeRunner uses a ‘CodeRunner secretKey’.
This configuration option can be set in app.secretKey JSON field in {PROJECT_DIR}/coderunner.json file
or via passing ‘–app-key’ command line argument to the CodeRunner
Thanks Guys.
@Vitaly: when i downloaded the code, looks like it already has the secretKey, but i doubled checked it.
Sergey\Vitaly: Yes, Assigning the Role is working as directed above, but not the FIND, UPDATE, REMOVE permissions on objects. Is this any restriction ?
Thanks