how to set relation in object without updating related object?

yuriy · May 26, 2016, 6:02am

I have table “Inventory” with column QtyType - 1to1 relation to table QuantityType. Rows in QuantityType table shouldn’t be updated by anyone, only used as reference.
In QuantityType permisssions I set ‘deny’ to update to authenticated user. All rows in QuantityType created by User A.
I have row, created with user B, in Inventory table that I would like to update - set relation QtyType to certain object. In console REST console, logged as user B,
I execute PUT for Inventory objectId yyyyy in Inventory with body

{
"QtyType": {
    "___class": "QuantityType",
    "objectId": "xxxxxxxxxx"
    }
}

When Inventory object updated I also see that QuantityType referenced object is updated too. That’s confusing, I don’t understand why it’s updated at all? Also why it’s updated whereas I denied that access (and if I try update this QuantityType object directly I’m receiving expected “User has no permission to update entity” error)

kate-maksimenko · May 27, 2016, 1:40pm

“Also why it’s updated whereas I denied that access…”
This issue was already discussed here:
“Unfortunately, this is the expected behaviour for now - we don’t yet support checking permissions for related entity. Though it may be fixed in the future, we can’t provide any exact time frame.”
http://support.backendless.com/t/permissions-dont-seem-working
To avoid updating related data object try to load only parent object (without related child)
and update only it.

yuriy · May 27, 2016, 1:58pm

Thanks, yes, I got it
I don’t understand what do you mean by loading parent object - I’m trying to create new object (and set it’s related field to certain existing object).

sergey-chupov · May 30, 2016, 10:08am

When you save an object with related entities, all entities are marked as saved. So you can’t relate one object to another without implicitly updating both of them.

yuriy · May 30, 2016, 10:45am

Interesting. So, I can do it in console (I mean without related object update) - create object, then click on “+” and set related object, but not in API?

sergey-chupov · May 30, 2016, 10:50am

Yes, because the only way to set a relation using API is to send the objects in the request, and the server always marks the objects as updated if it receives them in such request.