I'm trying to create a new user via the REST API, and want the object to be accessible (read+write) only to the user that created it. If I create the user without setting an ACL, setting only the username/password, it automatically gets "Public Read, xxxx" where xxxx is the objectId.
If I include an ACL with the create user call, it silently ignores the field and gives it that same public read access.
{"username":"dummyUsersname","ACL":{"*":{"write":false,"read":false}},"password":"dummyPassword"}
If I try to update the ACL after creating the object, I get:
code: 123 error: Invalid acl {"*":{"read":false,"write":false}}
And yet the web-based data browser will let me revoke the public read access without complaint. Any idea what's going on?
Try using Cloud Code function:
Parse.Cloud.beforeSave(Parse.User, function(request, response) {
var acl = new Parse.ACL();
acl.setPublicReadAccess(false);
acl.setPublicWriteAccess(false);
request.object.setACL(acl);
response.success();
});
When using it, request
curl -X POST \
-H "X-Parse-Application-Id: <app_id>" \
-H "X-Parse-REST-API-Key: <rest_api_key>" \
-H "X-Parse-Revocable-Session: 1" \
-H "Content-Type: application/json" \
-d '{"username":"cooldude6","password":"p_n7!-e8","phone":"415-392-0202"}' \
https://api.parse.com/1/users
...returns:
{"ACL":{"adItsbPH0a":{"read":true,"write":true}},"createdAt":"2015-08-13T10:10:09.591Z","objectId":"adItsbPH0a","phone":"415-392-0202","sessionToken":"r:otH4qsd2zmBG4tTj4ePoGSFVE","username":"cooldude6"}
Hope this helps.