in v3 I had disabled permissions for auth/nonauth users to send email, and enabled for serverCodeUser and it was fine - BL script sent emails while client users wasn’t been able to abuse and send email.
Now after migration I’m receiving error “User has no permission to send email” when BL script tries to send email. Turns out I need to enable “send email” for authenticated user in order for BL send email to work. But I don’t want authenticated users to have this permission, I only need it to work from server side.
if you make a call from BL as nonauth user then will be used restrictions only for ServerCodeUser role.
if you make a call from BL as auth user then will be used restrictions as usual.
No, current behavior is not the same. Although now, after I tried few repeated tests I see that sometimes it’s actually works. But it’s unpredictable - sometime it run fine, and sometime it gave this error. You can check my log (for 5 minutes ago events):
INFO | myCustomEvent, context: {…}
INFO | error User has no permission to send email
ERROR | [7281] Error: [object Object]
INFO | [7281] Processing finished
INFO | [7797] [0E3313DC-2118-F3FD-FFA5-08077418A400] [INVOKE HANDLER] custom.myCustomEvent
INFO | [7797] Building ServerCode Model for path (/var/lib/backendless/repo/1b92f985-d9ef-9689-ffac-c7e5fe5f2a00/files/servercode/JS/default/PRODUCTION)
INFO | [7797] ServerCode Model built in 2ms
INFO | myCustomEvent, context: {…}
INFO | message has been sent
INFO | [7797] Processing finished
INFO | [8848] [3375EEC7-96FF-B591-FFA7-6DE380E38500] [INVOKE HANDLER] custom.myCustomEvent
INFO | [8848] Building ServerCode Model for path (/var/lib/backendless/repo/1b92f985-d9ef-9689-ffac-c7e5fe5f2a00/files/servercode/JS/default/PRODUCTION)
INFO | [8848] ServerCode Model built in 2ms
INFO | myCustomEvent, context: {…}
INFO | message has been sent
INFO | [8848] Processing finished
INFO | [9372] [8982B2C2-7CBB-C866-FF95-A3829E3F6400] [INVOKE HANDLER] custom.myCustomEvent
INFO | [9372] Building ServerCode Model for path (/var/lib/backendless/repo/1b92f985-d9ef-9689-ffac-c7e5fe5f2a00/files/servercode/JS/default/PRODUCTION)
INFO | [9372] ServerCode Model built in 2ms
INFO | myCustomEvent, context: {…}
INFO | message has been sent
INFO | [9372] Processing finished
INFO | [10408] [DD6EE18A-B822-366F-FF2C-430CD0648F00] [INVOKE HANDLER] custom.myCustomEvent
INFO | [10408] Building ServerCode Model for path (/var/lib/backendless/repo/1b92f985-d9ef-9689-ffac-c7e5fe5f2a00/files/servercode/JS/default/PRODUCTION)
INFO | [10408] ServerCode Model built in 2ms
INFO | myCustomEvent, context: {…}
INFO | message has been sent
INFO | [10408] Processing finished
INFO | [10921] [13C613BC-CD13-4592-FF5D-11B9E9579D00] [INVOKE HANDLER] custom.myCustomEvent
INFO | [10921] Building ServerCode Model for path (/var/lib/backendless/repo/1b92f985-d9ef-9689-ffac-c7e5fe5f2a00/files/servercode/JS/default/PRODUCTION)
INFO | [10921] ServerCode Model built in 2ms
INFO | myCustomEvent, context: {…}
INFO | error User has no permission to send email
ERROR | [10921] Error: [object Object]
My words about different behavior is not regarding theory, but about how it’s working now in my code. Changed behavior meant that I have different results, not same as was in 3.x, that’s it.So, how long until this “only as ServercodeUser role” change? days, weeks?
And what should I then call my observation: after migration same code with same settings give different result. I guess, I can’t call it fact? Maybe it’s my wild imagination then
and why do you think that in 3.X I’m not logged? Do you want another video where I’m logging in first? Or you mean log-in command in Business Logic? In that case what is changed in backend behavior?
btw, your link is broken
Thank you for spending your time and recording this, but it is not in any way related to the problem I have.
It’s somewhat related, but proves nothing in my case - I described problem with “send email” permission and sending email from javascript custom event. Which worked in certain way in v3 and works in other way in v4, if you want to prove me wrong, please provide relevant sample.
I made the same scenario with JS custom event, and you are right. But it works in Backendless 3.X because of bug, coderunner for JS do not send user-token header to the server, and server think that it is nonauth user. We have fixed it in Backendless 4. We can not fix it in 3.X because it will break some logic for our customers.
As a solution, you may use next code before call to the server:
I see. Yes with mentioned code it’s working with same permissions (disabled for Auth and NotAuth, enabled for Server). But I can’t fully understand what’s happening in code.
Is it:
originally my code (in custom event) have AuthenticatedUser and ServerCodeUser roles and “disabled” sendEmail for authenticated user overrides “enabled” sendEmail for ServerCodeUser.
Then, in code with Backendless.LocalCache.remove(‘user-token’) I’m making next commands run with NotAuthenticatedUser (and still ServerCodeUser). But why in this case permission for NotAuthenticatedUser (disbled sending) not overrides ServerCodeUser as was with AuthenticatedUser?
I read https://backendless.com/docs/js/doc.html#users_user_roles but didn’t find how to apply there.
Also with yours “Nevertheless, now we have discussion, to change this policy and make BL logic to call only as ServercodeUser role” - when will it be turned on and what it will affect?
But why in this case permission for NotAuthenticatedUser (disbled sending) not overrides ServerCodeUser as was with AuthenticatedUser?
because if you make requests from business logic as nonauth user there are will be only one role ServerCodeUser. But if you make requests as logged in user there are will be all roles as usual.
Also with yours “Nevertheless, now we have discussion, to change this policy and make BL logic to call only as ServercodeUser role” - when will it be turned on and what it will affect?
we have decided do not change anything. Current behavior more appropriate.