User can no longer update himself in existing application

Hi,
we noticed that in an existing application (id: 3EC9156B-FDDA-1998-FF35-4DA70D8C2800) a user cannot update it’s own record (user collection). Specifically the password. This worked in the past. Now we get the error:

{"message":"User has no permission to update entity","code":1012}

To solve this issue we tried several steps:

    allow update via owner policy (more on that later) allow user specific permissions (allow userX to update userX) allow users to update all other users
None of these approaches brought any change (also not in combination). For the owner-policy approach, we noticed that the owner is alway null. We tried setting the ownerId to the objectId manually and tested again, still no permission. In addition there is also a visual bug when listing the users, that the columns are not correct, but shifted to the left. You can see that in the attachment, the objectId is shown twice and the ownerId appears to be a date. Updating the second objectId updates the ownerId as it should.

We also tried to create another bare application, it works there as expected.

Hi Mathis!

This error appears for every user-owner?
Please specify user identity which you use for testing.
We will check this issue in your app.

Regards,
Kate.

Hi,

thanks for the quick response.
It seems to happen with every user. We test it with the following user id: ED080028-9F70-C31E-FF3F-940B8434F400

Please could you try to update user again?

Still happening

Hi Mathis!

You can update any user property except password. For changing user password
we have special api:
https://backendless.com/documentation/users/rest/users_password_recovery.htm

Regards,
Kate.

I have to disagree!

I created another application (C957D3D4-87C0-5881-FF82-65FBC96C8300) and did these steps:

    Register User Login with that user Update email and password to something new Login with the new credentials
This works perfectly as it should in the new application, but not in the other.

Yes, you are right.

We found issue with data service permissions:
if you set GRANT for UPDATE operation for NotAuthenticatedUser
password changing would work correctly.
We will resolve this issue in the next iteration.

Regards,
Kate.

So in the future it is possible to let an user update itself without the Update permission being given to notAuthenticatedUser?

How long will it take until the fix is online? Any estimation?

So in the future it is possible to let an user update itself without the Update permission being given to notAuthenticatedUser?
Yes, it will be possible.

How long will it take until the fix is online? Any estimation?
We will release update version on this week.
I will notify you.

thanks for the support! :slight_smile:

Any updates?

Hi Mathis.

We will update the system tomorrow.

Regards,
Kate.

Hi Matis.

We have added changes.

Could you try it again?

Regards,
Kate.

Mathis,

Could you please confirm if this is working for you now?

Regards,
Mark

Seems to work! Thanks.

Hi

I’ve created a password change menu for logged-in user in my JS app.
As usual user experience for this case I have to get old password and compare it with the logged-in user password, if it matches then update the user with new password .
but when I checked the password field of current user I found it’s undefined.
how can I update the logged in user password?
there is one solution in my mind which I’ll try:

  • since the password of current user is undefined . I can not compare it with old password field entry in my app
    so I will re login with current username and old password field value, if it logins successfully it means old password field and current user password is same so I will update the user with new password . If it does not login I will report an mismatch error message.
    what is a standard solution for this scenario.

You have already posted a separate topic for the same question. Please try not to duplicate questions. Creating a new topic for every question is the best practice.

Mark