Update other User object #4789
Comments
|
As I understand it, Users are special class where for security only the user himself can update the user object. Although, you should not need to do this since by architecture the user object should only hold login information (username, password and other stuff NOT related to user settings or personal info). Personal data and other related settings to a user should be stored in different classes. Hope this helps! |
|
Right but why user class then have ACL? The PR #4792 would use ACL and will solve the problem. |
|
@aBuder while the Pr solves the problem, this is still a breaking behavioral change, which may not be acceptable for a majority of users. The PR is in review right now, commented upon. |
|
@flovimmart OK I hope that the change would be acceptet. I would also be an usecase that an Admin oder other user can change User Data. The previous behavior would also be possible with ACL. But at the momemt the ACL in user would not allow to edit other user. |
|
I know what the changes do, but imagine a second, that one developer has bad ACL’s on all or some it’s users. And that now, with the proposed change, those users become ‘open’ and unprotected. What are you gonna say to those users when they suffer a leak, or exploitation of their data? That the PR that opened the floodgates of hell was ‘cool’ and solved ‘your problem’? |
|
@flovilmart Thats right, I understand that problem. It would be tricky |
|
@flovilmart When there would be an decision? If the PR would rejected, I have to look for an other solution as parse. I plan an solution for fitness centers and each fitness center has an own parse server instance. As an business case an manager of fitness center should modify the members and trainers. The members should connect with an mobile app to parse server. |
I can't commit to a solution or another, but security is primordial, you would not want your 800 fitness centers being targeted by a security flaw right? Also, now any users with a masterKey can modify the users and the ACL's. So you could technically do something in a cloud function that would do whatever you like.
I'm not sure why you need not to have Cloud Code, perhaps parse is not the right tool for whatever you're trying to build. |
|
@flovilmart I would like to use normal POST, PUT, GET DELETE Operations on _User class and with the ACL also read and modify email. Also use normal query functions to fetch user with field email. |
|
@aBuder I undestand what YOU want, that's not the issue, but you have to understand the consideration required to maintain this project safe. |
|
@aBuder we are working on a project right now that have similar grand architecture of yours. We have centers that each run a single server instance (well, a cluster of them actually). If we were to directly allow members to edit members using _User ACL (actually that is not possible now without masterKey, but after the PR it will be), we would have to write additional functions and take additional security measures to prevent mistakes from happening. That is why I am against the PR, because in general: Our architecture is so complex, but should not be different than any system that implements different privileges for users and a group of users over others. I recommend you start looking into _Role and SPLIT, SPLIT, SPLIT actions, privileges and other stuff into different classes, even the personal information should be in a totally different class that is protected by a _Role. (this makes sense and enhances Query speed using indexes) Hope this helps with your decision :) |
Why does an manager should not edit user information of an member in department, that is an normal use case. An IT admin should create new user and set or edit user information of other users. That is an normal and real world use case, and the use case already exists :) I think the default behavior should not be hanged as the current behavior, but with an parameter in parse-server config like "modiyUserByACL". I could set if the ACL should be used, so that an user can edit other user, if the has the right ACL do do that. Otherwise the modify property in User should be obsolete now. |
|
@aBuder and yes
providing an option like this could prove to be useful for some developers. in your example,
the IT can and should be able to edit the user's info Yes, but this should be done in other classes. I see no reason why to put everything in _User class just because it is called user class. It is not wrong to do what you are trying to accomplish with _User; admins should be able to edit the name, email and date of birth of the user, Yes. I think what we are actually debating is the architecture of the database itself :) not the editing of the user info per say. All I am saying is that you can accomplish what you are trying to accomplish by a change in Database architecture. There is no need for _User class to follow the ACL. |
|
As the author of the PR and reading the comments above I concur that it's probably not a good idea. However the docs should probably be updated :) |
|
I will concur with @georgesjamous on this one. For the longest time, I've used the _user table solely for authentication purposes and locked down as much as possible. All public / private infos would go to external classes. |
|
@aBuder can you try the master branch with your code? I just merged the fix for it. cc @mullwaden , @georgesjamous . |
|
@flovilmart I will check it today |
Hi,
I would like to talk about an general think or feature in parse server. At the moment I get an error 206 Cannot modify user xyz. I don't know why, I set an other user which is an admin in my parse server to acl but he cloud not update some data. Is there an solution to fix that without writing some custom CloudCode?
This is an generally concept :)
The text was updated successfully, but these errors were encountered: