I am trying to do something with hosted scripts that I cannot get working and want to be sure it is possible or figure out what I am doing wrong. I have a couple scripts that upload content to the database for my app and want to have them available from a web page so I can execute them from there. Since these scripts upload content to the app DB I want them to be secure and not just anyone access them with the public URL.
So I have set permissions on the admin script so that only one user has read and write permissions on the script. On the web page I have built the admin user enters their username & password, clicks a login button, and I call the login function which logs the admin user in successfully. Then I have another button on the same page to execute a the admin script file which has the permissions set on it. But when I try to run the second script even though I have logged the user in I receive the error {“message”:“User has no permissions to specified resource”,“code”:4000}.
Should this work? I am basically looking for a way to be able to run some admin hosted scripts but only have an authenticated admin user be able to execute the scripts.
I have attached screenshots of the user & role settings for the admin script. Basically I have granted the specific user Read & Write permissions and for roles for both authenticated and non-authenticated users disabled all permissions.
When you invoke the script from your webpage (after you authenticate the user), do you pass the “user-token” HTTP header? The value for that header is returned from the login API call.
No I’m not doing this. I am calling the login API with stayloggedin = true so I thought this would work.
When I look at the success response for login I don’t see a user token, here is what I am returned in the login response, is the token in here?
I also just tried assigning a variable to the login call result like below:
var userToken = Backendless.UserService.login( userName, password, false, async );
But when I do this the value I get for userToken is just “true”
I have ready through the docs and kept experimenting but I do not see how to get the actual token value to be used in the http header, I methods to check for the existence of the token but not how to get the token value. And as mentioned above if I assign a variable to the result of the login method it always just returns “true”. Please advise how I can get the actual token.
Hi Sergey, thanks for the update. What are we talking about in terms of timing for the next release, days, weeks, months? Also when the issue is fixed is it expected that the token value will come from the login call response or returned from the login function?
It should take about a week or less. Once the issue is fixed on the server side, you’ll still need to do the following:
Login a user
Retrieve user token using the following call:
var userToken = Backendless.LocalCache.get("user-token");
Add the "user-token" http header with the userToken value from above to the request sent to the .js script.
Regards,
Mark
Hi, I am still not able to get this working. I am trying to get the userToken as described by Mark in his step #2 above. Here is the code in my login.js file. I always get an empty string for the user token:
var Backendless = require( ‘…/libs/backendless.js’ );
Hi Kate, according to Mark’s comment above in #3 he mentions that the user token is required to test the permissions access. So I getting the user token is not working for me and without this I cannot try the file permission access.
on your client app you login user and get it’s token (for this purpose you can use JS SDK methods or REST). This logic should be on your client side, not in hosting scripts. Hosting scripts work without browser local cache (which is used in methods like Backendless.LocalCache.get(“user-token”)).
For testing you can user rest requests:
Login user:
