Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Permission error, after migration, for one class only which was working fine before #2024

Closed
mmahmood opened this issue Jun 10, 2016 · 9 comments

Comments

@mmahmood
Copy link

I have multiple apps on Parse.com, dev, test and prod. For migration, I migrated test environment to mLab "m-test" DB because our Parse dev DB has a lot of bad data. We've done a lot of testing using that DB, and we're about to finalize it all. Things are working fine.

I created another mLab DB using the same Parse Test DB (m-dev) to be used as DEV DB in mLab from now on. So both m-test and m-dev DBs are created from the same Parse Test DB.

The issue is with a certain "Inbox" class. I can see all inbox messages in my iPhone app when I use the m-test DB we created earlier. But we get permission errors on m-dev DB which I created recently. I dropped all collections, and have tried multiple times in the last couple of days to migrate Parse Test DB to m-dev DB. But I keep getting read permission error when trying to get list of items from Inbox. No permissions have been changed. I have compared _SCHEMA for Inbox in both m-test, and m-dev DBs and it's the same. Even tried replacing the one in m-dev DB, but it doesn't work.

Can you please assist me in debugging this issue? What else should I be looking at more. Also, this is the issue with only Inbox. Everything else is working as expected. I am clueless now.

Regards,
-Mariam

@drew-gross
Copy link
Contributor

Is your app using your own Parse Server for the application logic, or are you still using the hosted service on Parse.com? This repo is for issues with Parse Server

@mmahmood
Copy link
Author

Yes, we are using Parse Server. We have set up the Parse Server on AWS, and the behavior is the same on both AWS and my local machine. If we connect to m-test DB, we can list() the Inbox messages. If we use m-dev DB, we get permission exception. Both m-test and m-dev were migrated from the same Parse.com DB. m-test around 1.5 months ago, and m-dev 3 days ago.

@mmahmood
Copy link
Author

I am trying to read inbox messages on my iPhone app.

@drew-gross
Copy link
Contributor

In that case can you provide some more detailed reproduction steps? Server logs containing the complete request and response for each request (use VERBOSE=1 env var) and the exact commands you use to create the database are best, that way if you have found a bug we can use use the commands you provide in our test cases.

@mmahmood
Copy link
Author

To create the DB, I simply created a blank on in mLab, and migrated Parse DB using the migration tool by pointing to this new DB.

There are no major reproduction steps. It's just one class that's behaving in odd way. From the app, I'm simply doing query.list() for a certain user. I am getting permission error in one case, and success case in the other. Where should I look other than _Schemas in my mLab DB? The user does have read and update permission to his own messages.

Here's the requestion with VERBOSE =1
verbose: GET /parse/classes/Inbox { host: 'xxxxx.ngrok.io',
'x-parse-app-display-version': '3.1',
'x-parse-application-id': 'MY-APP-ID',
accept: '/',
'x-parse-os-version': '9.3.2 (13F69)',
'accept-language': 'en-us',
'x-parse-client-key': 'CLIENT-KEY',
'user-agent': 'Doofl/3.1.1 CFNetwork/758.4.3 Darwin/15.5.0',
'x-parse-app-build-version': '3.1.1',
'content-type': 'application/json; charset=utf-8',
'x-parse-session-token': 'r:ae761f78264701ff240c21031e973b28',
'x-parse-client-version': 'i1.12.0',
'x-parse-installation-id': 'PARSE-INSTALLATION-ID',
'content-length': '169',
'accept-encoding': 'gzip, deflate',
'x-forwarded-proto': 'https',
'x-forwarded-for': '119.63.142.23' } {
"include": "bulkMessage,sender",
"order": "-createdAt",
"where": {
"recipient": {
"objectId": "USER_ID",
"className": "_User",
"__type": "Pointer"
}ti
},
"limit": "15"
}

In one case, I am getting this:
verbose: error: code=119, message=Permission denied for this action.

In the other case, I am getting data.

What else can I do to debug this?

@mmahmood
Copy link
Author

ACLs and Class level permissions all seem to be correct.

@mmahmood
Copy link
Author

Data for the record that I can read..
{
"_id": "dht22gx4LA",
"_rperm": [
"ap6mgSK9AI"
],
"_wperm": [
"ap6mgSK9AI"
],
"_acl": {
"ap6mgSK9AI": {
"r": true,
"w": true
}
},
"_p_recipient": "_User$ap6mgSK9AI",
"subject": "",
"message": "",
"isRead": false,
"_p_sender": "_User$qXkcqPWIi8",
"isBulkMessage": false,
"updateStats": false,
"_updated_at": {
"$date": "2016-06-12T16:04:17.069Z"
},
"_created_at": {
"$date": "2016-06-12T16:04:17.069Z"
}
}

Data for the record not being viewed for another user:
{
"_id": "DFJzocK9Nf",
"_rperm": [
"HSG8qCtSDn"
],
"_wperm": [
"HSG8qCtSDn"
],
"_acl": {
"HSG8qCtSDn": {
"r": true,
"w": true
}
},
"_p_recipient": "_User$HSG8qCtSDn",
"subject": "",
"message": "",
"isRead": false,
"_p_sender": "_User$qXkcqPWIi8",
"isBulkMessage": false,
"updateStats": false,
"_updated_at": {
"$date": "2016-06-12T16:02:01.234Z"
},
"_created_at": {
"$date": "2016-06-12T16:02:01.234Z"
}
}

Both users have the same role "User". Class level permissions in _SCHEMA in DB for both DBs:

{
"_id": "Inbox",
"_metadata": {
"class_permissions": {
"get": {
"role:Administrator": true,
"role:User": true
},
"find": {
"role:Administrator": true,
"role:User": true
},
"update": {
"role:Administrator": true,
"role:User": true
},
"create": {
"role:Administrator": true
},
"delete": {},
"addField": {},
"readUserFields": [],
"writeUserFields": []
}
},
"recipient": "__User",
"bulkMessage": "_InboxBulkMessage",
"subject": "string",
"message": "string",
"isRead": "boolean",
"sender": "*_User",
"isBulkMessage": "boolean",
"updateStats": "boolean"
}

@mmahmood
Copy link
Author

Found the issue. I was including BulkMessage when getting the whole inbox list. InboxBulkMessage did not have the FIND rights for users.

This is not how things were on Parse.com. This means that I need to check all "includes" now.

@mmahmood
Copy link
Author

mmahmood commented Jun 12, 2016

How do I turn verbose logging off? I tried setting VERBOSE=0 and restarted server, but it didn't work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants