i’m having to make 2x the methods because of how security rules work.
wanting only the server code user to have access to the data just like in this Article.
now when a logged-in user make a call to any of my codeless methods he have no access to do any data. so i’m forced to make a “dummy” method for almost all my methods and make the user call the dummy method so i can set the user-token to null and pass the user-token as a parameter to the method and do overhead work to check for the user identity in the method…
so i can not use the built in context block such as the user id one after the dummy method.
this is painful do deal with as my project grow. and increasing my API calls.
i’m requesting that you guys find a way to all us developers to ignore the authenticated user rule just like you did with the not-authenticated user rule
Business logic is the only exception to the rule for assigning NotAuthenticatedUser and AuthenticatedUser roles. When business logic makes an API call and there is no authenticated user in the context of the call, Backendless assigns only the ServerCodeUser role. Otherwise, if there is an authenticated user, then both ServerCodeUser and AuthenticatedUser roles are assigned to the request.