Ben*_*air 5 parse-platform parse-cloud-code
我在User模型上存储了一些永远不应由用户自己编辑的字段,而应仅由后端更新.所以我在beforeSave上做了验证:
// import all models
var Models = require('cloud/models/index');
// Models.User is a subclass of Parse.User
Parse.Cloud.beforeSave(Models.User, function (request, response) {
var user = request.object;
// prevent numberOfApples from being modified on clients
if(user.existed()) {
if(user.dirty('numberOfApples')) {
response.error('User is not allowed to modify numberOfApples.');
return;
}
}
response.success();
});
所以我检查之前是否存在模型,这很重要,所以这些东西不会在注册时触发.但后来我尝试从Parse仪表板手动更新该字段,它会引发错误.如何确保只允许用户编辑此字段,而仪表板或后端可以这样做(显然使用主密钥时).
原来Request.master是去这里的路。使用主密钥时,我允许更改锁定的字段。
例:
Parse.Cloud.beforeSave(Models.User, function (request, response) {
var user = request.object;
// prevent system managed fields from being modified on clients
if(user.existed()) {
// we can change those fields when using master key.
if(!request.master) {
var privateFields = [ 'gold', 'skillLevel', 'weaponCount' ];
for(var i = 0, c = privateFields.length; i < c; i++) {
var field = privateFields[i];
if(user.dirty(field)) {
response.error('User is not allowed to modify ' + field + '.');
return;
}
}
}
}
response.success();
});