Search code examples
parse-platformparse-server

How to implement `protectedFields` in Parse-Server?

I believe this is a new feature in Parse-Server.

By default, the User class's email field is considered a protected field, meaning that email is set to read: false, write: false to the public by default. But, every other field in the User class is set to read: true, write: false

In Github, I saw this example:

export type ClassLevelPermissions = {
find?: { [string]: boolean },
count?: { [string]: boolean },
get?: { [string]: boolean },
create?: { [string]: boolean },
update?: { [string]: boolean },
delete?: { [string]: boolean },
addField?: { [string]: boolean },
readUserFields?: string[],
writeUserFields?: string[],

// new feature
protectedFields?: { [string]: boolean }
};

For example, with the _User class, if the server was initialized with userSensitiveFields: ['email', 'sin', 'phone'], this would be the equivalent of:

{
// CLP for the class ... other 
protectedFields: { "*": ["email", "sin"] }
};

Now if you wanted an moderator role to be able to see the user's email but not the sin and an admin which can read it all

{
 protectedFields: { 
   "*": ["email", "sin"],
   "role:moderator": ["sin"],
   "role:admin": []
 }
};

After seeing this example, I was still confused where exactly to implement protectedFields. Do I implement it in my app's index.js, or main.js, etc? Can somebody give me an example of how I can set a field: phoneNum to have a protectedField similiar to email's default?

Solution

  • It is an option in parse server initialization. See the protectedField option here: http://parseplatform.org/parse-server/api/master/ParseServerOptions.html

    I don't know exactly where/how you are running your Parse server, but it should be something like this:

    var express = require('express');
var ParseServer = require('parse-server').ParseServer;
var app = express();

var api = new ParseServer({
  databaseURI: 'mongodb://localhost:27017/dev',
  cloud: '/home/myApp/cloud/main.js',
  appId: 'myAppId',
  masterKey: 'myMasterKey',
  fileKey: 'optionalFileKey',
  serverURL: 'http://localhost:1337/parse'
  protectedFields: {
    _User: {
      "*": ["email", "sin"],
      "role:moderator": ["sin"],
      "role:admin": []
    }
  }
});

app.use('/parse', api);

app.listen(1337, function() {
  console.log('parse-server-example running on port 1337.');
});