Hi,
we noticed that in an existing application (id: 3EC9156B-FDDA-1998-FF35-4DA70D8C2800) a user cannot update it’s own record (user collection). Specifically the password. This worked in the past. Now we get the error:
{"message":"User has no permission to update entity","code":1012}
To solve this issue we tried several steps:
allow update via owner policy (more on that later)
allow user specific permissions (allow userX to update userX)
allow users to update all other users
None of these approaches brought any change (also not in combination).
For the owner-policy approach, we noticed that the owner is alway null. We tried setting the ownerId to the objectId manually and tested again, still no permission.
In addition there is also a visual bug when listing the users, that the columns are not correct, but shifted to the left. You can see that in the attachment, the objectId is shown twice and the ownerId appears to be a date. Updating the second objectId updates the ownerId as it should.
We also tried to create another bare application, it works there as expected.
Hi Mathis!
This error appears for every user-owner?
Please specify user identity which you use for testing.
We will check this issue in your app.
Regards,
Kate.
Hi,
thanks for the quick response.
It seems to happen with every user. We test it with the following user id: ED080028-9F70-C31E-FF3F-940B8434F400
Please could you try to update user again?
Hi Mathis!
You can update any user property except password. For changing user password
we have special api:
https://backendless.com/documentation/users/rest/users_password_recovery.htm
Regards,
Kate.
I have to disagree!
I created another application (C957D3D4-87C0-5881-FF82-65FBC96C8300) and did these steps:
Register User
Login with that user
Update email and password to something new
Login with the new credentials
This works perfectly as it should in the new application, but not in the other.
Yes, you are right.
We found issue with data service permissions:
if you set GRANT for UPDATE operation for NotAuthenticatedUser
password changing would work correctly.
We will resolve this issue in the next iteration.
Regards,
Kate.
So in the future it is possible to let an user update itself without the Update permission being given to notAuthenticatedUser?
How long will it take until the fix is online? Any estimation?
So in the future it is possible to let an user update itself without the Update permission being given to notAuthenticatedUser?
Yes, it will be possible.
How long will it take until the fix is online? Any estimation?
We will release update version on this week.
I will notify you.
Hi Mathis.
We will update the system tomorrow.
Regards,
Kate.
Mathis,
Could you please confirm if this is working for you now?
Regards,
Mark
Hi
I’ve created a password change menu for logged-in user in my JS app.
As usual user experience for this case I have to get old password and compare it with the logged-in user password, if it matches then update the user with new password .
but when I checked the password field of current user I found it’s undefined.
how can I update the logged in user password?
there is one solution in my mind which I’ll try:
- since the password of current user is undefined . I can not compare it with old password field entry in my app
so I will re login with current username and old password field value, if it logins successfully it means old password field and current user password is same so I will update the user with new password . If it does not login I will report an mismatch error message.
what is a standard solution for this scenario.
You have already posted a separate topic for the same question. Please try not to duplicate questions. Creating a new topic for every question is the best practice.
Mark
