file permission grant

Hi,

The below code uploads file and grants role for a user. Upload succeeds, but grantForUser fails with fault FAULT = ‘Server.Processing’ [java.lang.NullPointerException] <java.lang.NullPointerException>

Below is source code

BackendlessFile* file = [backendless.fileService saveFile:path content:imgData overwriteIfExist:YES error:&fault];
if(fault==nil) {
fault = [backendless.fileService.permissions grantForUser:User.loginId url:file.fileURL operation:FILE_READ];
}

We have reproduced problem, and we will prepare the new ios sdk with the fix, then notify you where you can get it.

Hi Scott,

This bug is fixed, you can get a fixed lib from github -https://github.com/Backendless/ios-SDK/blob/master/SDK/lib/backendless/backendless.a
Below you can see the some examples of file permission API usage:
http://support.backendless.com/public/attachments/10098a473d4483935ca84725ea3722f0.png&lt;/img&gt;

Hi Sergey, Slava,

Thanks for update. I will try the API.
Will I be able to change Roles/Users permission from server code as well?
Below is email that was sent to Kate several hours ago.

Just want to let you know that setting user and role permission from server code does not work as well.
If Authenticated user uploads file and runs server code which modifies role permissions for AuthenticatedUser, there shouldn’t be any problem right? (file initially granted role permission of read, write, remove, permission for AuthenticatedUser which inherited from parents)

Ok, I will try this scenario

  • the textual one:

- (void)saveFileWithPermission {

    

    @try {

        

        NSString *path = @"txt/fox.txt";

        NSData *bytes = [NSData dataWithBytes:"The quick brown fox jumps over the lazy dog" length:43];

        [backendless.fileService saveFile:path content:bytes overwriteIfExist:YES];

        

        [backendless.fileService.permissions denyForAllRoles:path operation:FILE_REMOVE];

        

        BackendlessUser *user = [backendless.userService login:@"bob@foo.com" password:@"bob"];

        NSLog(@">>>>>>>>> USER: %@", user);

        

        NSString *roleName = [backendless.userService getUserRoles][0];

        [backendless.fileService.permissions grantForRole:roleName url:path operation:FILE_REMOVE];

    }

    @catch (Fault *fault) {

        NSLog(@"FAULT: %@", fault);

    }

}


- (void)saveFileWithUserGrant {

    

    @try {

        

        NSString *path = @"txt/fox1.txt";

        NSData *bytes = [NSData dataWithBytes:"The quick brown fox jumps over the lazy dog" length:43];

        [backendless.fileService saveFile:path content:bytes overwriteIfExist:YES];

        

        BackendlessUser *user = [backendless.userService login:@"bob@foo.com" password:@"bob"];

        NSLog(@">>>>>>>>> USER: %@ &lt;%@&gt;", user, user.userId);

        [backendless.fileService.permissions grantForUser:user.userId url:path operation:FILE_REMOVE];

    }

    @catch (Fault *fault) {

        NSLog(@"FAULT: %@", fault);

    }

}

I have try it with Hosted Service and it is works. My code:

public void setPermission()
{
FilePermission.READ.denyForUser( “F9CFC34E-8494-903C-FF96-21AEA6157F00”, “web/index.html” );
}

Thanks for the code Slava, I tried it and it works.

Sergey, regarding server code, as far as file permission is concerned, it seems like user is not logged in at the custom server code context, and it keeps throwing error 4000 (permission denied).

What file are you changing the permission for on the server-side?

I might have done something wrong, I will try again tomorrow and get back to you.

User uploaded image files.
Apple rejected my app and requires to moderate user created content.

Have you made any changes in the Permissions screen for these files? Can you attach a screenshot of that screen?

I can’t take a screenshot right now I left office, but I didn’t change permission to uploaded file. Default permission for uploaded file which inherites from parent is role permission for AuthenticatedUser.(read, write, permission, remove)

There are no modified permissions for files, folder or global permissions, are there?

I just logged in with my phone and captured screenshot. As Sergey had no problem changing permission, I may have done something wrong so I will try tomorrow.

The second image shows that all permissions for non-autneticated users are denied. This would explain the error you’re getting.

Mark

Hi Mark,

I thought it would work because logged in user calls the custom code, and ACL changes would be allowed since role permission for AuthenticatedUser is set.

Hi Scott,

When you make an API call on the server-side, it is not executed under the same identity as the original request.

Regards,
Mark