Grant write permission for all logged users

Question

Hello,

I am working on user permission in storage service module.

What I want to do is:

- Not logged users can Read document but not write
- Logged users can Read and Write all documents

(I want to perform this in all documents in one collection)

One solution is every time a new user is created grant write permission in all documents but I think is not a good solution.

How can I perform this in a better way?

Thank you very much,

German.

Answer 1

Hello German,

Apologies for getting late back to you.

You can manage it easily on the cline side by checking the LoggedInUser value. In order to check loggedInUser, please use below code snippet.

App42API.getLoggedInUser();

If it doesn't contain username than it means user is not loggedIn, so that you restrict on the UI side to not to operate Read/Write operation on the document. 

P.S Example code snippet is in Android, if you are working on different platform than let me know it will help us to provide better support to you.

Let me know if it helps.

Regards,

Himanshu Sharma

Comments

Hello Himanshu,

Thank you but my idea was to increase the app security through user permission.

If somebody steals my ApiKey/SecretKey and writes a code to send commands directly to the API, he could not write documents. (Only logged users could write documents)

Should I be worried about this?

Regards,
German.

---

Hello German,

In that case, i will suggest you to have a look at this tutorial(http://api.shephertz.com/tutorial/Securing-Your-App/?index=security-acl). This will help you to understand that how you can easily secure your app data.

If you find any issue while implementation or you need any help feel free to update this thread.

Regards,
Himanshu Sharma

---

Thank you!
Regards,
German.