I have a simple Parse Cloud Code function for my NewsFeed Objects. For these NewsFeed Objects I set an ACL such that the fromUser can write to it and the toUser can read and write to it. I try to get these objects for every user with the following function:
Parse.Cloud.define("get_feed", async (request) => {
let user = request.user;
var query = new Parse.Query("NewsFeed");
query.equalTo("toUser", user);
query.include("fromUser");
query.descending("createdAt");
let result;
try {
result = await query.find();
} catch (error) {
throw error.message;
}
return result;
});
I would expect that I get all the objects which satisfy the query and have the following ACL:
"ACL" : {
"xXl3OIndCP": {
"read": true,
"write": true
},
"VPuRMZGhcv": {
"write": true
}
}
But unfortunately it works only if I add public read access to the ACL such that it looks like this
"ACL" : {
"*": {
"read": true
},
"xXl3OIndCP": {
"read": true,
"write": true
},
"VPuRMZGhcv": {
"write": true
}
}
I don't think that this is the expected behavior or am I wrong? Did anybody face this issue before?
Well, turned out that one has to pass the session token in the find() function so I had to use result = await query.find({sessionToken : user.getSessionToken()}); instead of result = await query.find();