You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@usergrid.apache.org by Charles Craig <cc...@gmail.com> on 2014/08/14 20:49:23 UTC
Limiting entity access at the user level
Hi,
I’m having trouble wrapping my head around how to use Usergrid with my web app (JS SDK). I read through Chris Rogers’ questions in the archives and they did help a little.
So I would like to:
1. Be able to add an entity to a collection ( I know how to do this )
2. Limit accessing entities in that collection to only the ones the user created ( Here’s my problem )
I created a collection named Notes and was able to add to it, but any logged in user has full CRUD capabilities for all the note entities in the collection.
Using a custom backend I would just add a User ID to each note entity and write code that only selected notes with that user’s ID. How can I verify or limit this using Usergrid?
Thanks!
-charles
Re: Limiting entity access at the user level
Posted by Charles Craig <cc...@gmail.com>.
Hi,
After setting up my roles as prescribed, I receive this error in the terminal when trying to create a connection:
WARNING: Exception occurred during body skip
java.lang.IllegalStateException: Can not skip more bytes than available
at org.glassfish.grizzly.http.server.io.InputBuffer.skip(InputBuffer.java:600)
…
I tried issuing this command from the shell in the portal:
post /users/2760f03a-22ef-11e4-8ffd-f3f0018b3726/mynotes { "data": "Learn Usergrid” }
and
post /users/2760f03a-22ef-11e4-8ffd-f3f0018b3726/mynotes [{ "data": "Learn Usergrid"}]
Either command returns:
/users/2760f03a-22ef-11e4-8ffd-f3f0018b3726/mynotes
{
"action": "post",
"application": "f2b952fa-22ee-11e4-9b4b-e9ea3d610fab",
"params": {
"access_token": [
"YWMtmZWU0iQUEeScLt1PgUhfegAAAUf7J0uW32RkTiYpwSNVOHBVAtmkMnjFT3s"
]
},
"path": "/users/2760f03a-22ef-11e4-8ffd-f3f0018b3726/mynotes",
"uri": "http://localhost:8080/test.2/note-pad/users/2760f03a-22ef-11e4-8ffd-f3f0018b3726/mynotes",
"entities": [],
"timestamp": 1408063432982,
"duration": 6,
"organization": "test.2",
"applicationName": “note-pad"
}
However, no entities are being created. I’ve also tried using curl with the same results:
curl -H "Authorization: Bearer YWMt2j3JaCQLEeSr1fvx65wFRAAAAUf67ffU8cqvWOyiAVXXIOea177UF05Noa8" -X POST -d '[ {"data":"Lear Usergrid"}]' http://localhost:8080/test.2/note-pad/users/me/mynotes
I did execute a post /users/2760f03a-22ef-11e4-8ffd-f3f0018b3726/mynotes by itself as well, which made no difference.
-charles
On Aug 14, 2014, at 7:44 PM, Charles Craig <cc...@gmail.com> wrote:
> Thanks Rod!
>
> -charles
>
> On Aug 14, 2014, at 7:43 PM, Rod Simpson <ro...@rodsimpson.com> wrote:
>
>> “me” is an alias to the user who acquired the token. So literally, put “me” in your query. You could also put the uuid or the username.
>>
>>
>> --
>> Rod Simpson
>> @rockerston
>> rodsimpson.com
>>
>> On August 14, 2014 at 4:52:16 PM, Charles Craig (ccraig13@gmail.com) wrote:
>>
>>> Thanks Todd, that's exactly what I needed.
>>>
>>> Now for my stupid question, is the "me" in the URL path actually what goes there or is that a place holder? If so, I assume "me" has special meaning/reserved in Usergrid?
>>>
>>> On Thursday, August 14, 2014, Todd Nine <to...@gmail.com> wrote:
>>> Hey Charles,
>>> You'll want to use connections for that. Our permissions are path based, you can think of the URL as similar to a directory structure. Try something like this.
>>>
>>> This would be the permission you assign all your app users
>>>
>>> GET, PUT, POST, DELETE : /users/me/**
>>>
>>> This means allow all operations on /users/me, and anything after it.
>>>
>>> You can then add your nodes via a connection.
>>>
>>> To create
>>>
>>> POST /users/me/mynotes/ {... json ...}
>>>
>>> To update
>>>
>>> PUT /users/me/mynodes/uuid {... json ...}
>>>
>>> To load a list of notes
>>>
>>> GET /users/me/mynotes/
>>>
>>>
>>> Then users will only be able to see notes that have been connected to their user entity. Using this allows you to create a private space for users, just load all the data within the /users/me paths.
>>>
>>> Later,
>>> Todd
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Thu, Aug 14, 2014 at 12:49 PM, Charles Craig <cc...@gmail.com> wrote:
>>> Hi,
>>>
>>> I’m having trouble wrapping my head around how to use Usergrid with my web app (JS SDK). I read through Chris Rogers’ questions in the archives and they did help a little.
>>>
>>> So I would like to:
>>>
>>> 1. Be able to add an entity to a collection ( I know how to do this )
>>> 2. Limit accessing entities in that collection to only the ones the user created ( Here’s my problem )
>>>
>>> I created a collection named Notes and was able to add to it, but any logged in user has full CRUD capabilities for all the note entities in the collection.
>>>
>>> Using a custom backend I would just add a User ID to each note entity and write code that only selected notes with that user’s ID. How can I verify or limit this using Usergrid?
>>>
>>> Thanks!
>>>
>>>
>>> -charles
>
Re: Limiting entity access at the user level
Posted by Charles Craig <cc...@gmail.com>.
Thanks Rod!
-charles
On Aug 14, 2014, at 7:43 PM, Rod Simpson <ro...@rodsimpson.com> wrote:
> “me” is an alias to the user who acquired the token. So literally, put “me” in your query. You could also put the uuid or the username.
>
>
> --
> Rod Simpson
> @rockerston
> rodsimpson.com
>
> On August 14, 2014 at 4:52:16 PM, Charles Craig (ccraig13@gmail.com) wrote:
>
>> Thanks Todd, that's exactly what I needed.
>>
>> Now for my stupid question, is the "me" in the URL path actually what goes there or is that a place holder? If so, I assume "me" has special meaning/reserved in Usergrid?
>>
>> On Thursday, August 14, 2014, Todd Nine <to...@gmail.com> wrote:
>> Hey Charles,
>> You'll want to use connections for that. Our permissions are path based, you can think of the URL as similar to a directory structure. Try something like this.
>>
>> This would be the permission you assign all your app users
>>
>> GET, PUT, POST, DELETE : /users/me/**
>>
>> This means allow all operations on /users/me, and anything after it.
>>
>> You can then add your nodes via a connection.
>>
>> To create
>>
>> POST /users/me/mynotes/ {... json ...}
>>
>> To update
>>
>> PUT /users/me/mynodes/uuid {... json ...}
>>
>> To load a list of notes
>>
>> GET /users/me/mynotes/
>>
>>
>> Then users will only be able to see notes that have been connected to their user entity. Using this allows you to create a private space for users, just load all the data within the /users/me paths.
>>
>> Later,
>> Todd
>>
>>
>>
>>
>>
>>
>> On Thu, Aug 14, 2014 at 12:49 PM, Charles Craig <cc...@gmail.com> wrote:
>> Hi,
>>
>> I’m having trouble wrapping my head around how to use Usergrid with my web app (JS SDK). I read through Chris Rogers’ questions in the archives and they did help a little.
>>
>> So I would like to:
>>
>> 1. Be able to add an entity to a collection ( I know how to do this )
>> 2. Limit accessing entities in that collection to only the ones the user created ( Here’s my problem )
>>
>> I created a collection named Notes and was able to add to it, but any logged in user has full CRUD capabilities for all the note entities in the collection.
>>
>> Using a custom backend I would just add a User ID to each note entity and write code that only selected notes with that user’s ID. How can I verify or limit this using Usergrid?
>>
>> Thanks!
>>
>>
>> -charles
Re: Limiting entity access at the user level
Posted by Rod Simpson <ro...@rodsimpson.com>.
“me” is an alias to the user who acquired the token. So literally, put “me” in your query. You could also put the uuid or the username.
--
Rod Simpson
@rockerston
rodsimpson.com
On August 14, 2014 at 4:52:16 PM, Charles Craig (ccraig13@gmail.com) wrote:
Thanks Todd, that's exactly what I needed.
Now for my stupid question, is the "me" in the URL path actually what goes there or is that a place holder? If so, I assume "me" has special meaning/reserved in Usergrid?
On Thursday, August 14, 2014, Todd Nine <to...@gmail.com> wrote:
Hey Charles,
You'll want to use connections for that. Our permissions are path based, you can think of the URL as similar to a directory structure. Try something like this.
This would be the permission you assign all your app users
GET, PUT, POST, DELETE : /users/me/**
This means allow all operations on /users/me, and anything after it.
You can then add your nodes via a connection.
To create
POST /users/me/mynotes/ {... json ...}
To update
PUT /users/me/mynodes/uuid {... json ...}
To load a list of notes
GET /users/me/mynotes/
Then users will only be able to see notes that have been connected to their user entity. Using this allows you to create a private space for users, just load all the data within the /users/me paths.
Later,
Todd
On Thu, Aug 14, 2014 at 12:49 PM, Charles Craig <cc...@gmail.com> wrote:
Hi,
I’m having trouble wrapping my head around how to use Usergrid with my web app (JS SDK). I read through Chris Rogers’ questions in the archives and they did help a little.
So I would like to:
1. Be able to add an entity to a collection ( I know how to do this )
2. Limit accessing entities in that collection to only the ones the user created ( Here’s my problem )
I created a collection named Notes and was able to add to it, but any logged in user has full CRUD capabilities for all the note entities in the collection.
Using a custom backend I would just add a User ID to each note entity and write code that only selected notes with that user’s ID. How can I verify or limit this using Usergrid?
Thanks!
-charles
Re: Limiting entity access at the user level
Posted by Charles Craig <cc...@gmail.com>.
Thanks Todd, that's exactly what I needed.
Now for my stupid question, is the "me" in the URL path actually what goes
there or is that a place holder? If so, I assume "me" has special
meaning/reserved in Usergrid?
On Thursday, August 14, 2014, Todd Nine <to...@gmail.com> wrote:
> Hey Charles,
> You'll want to use connections for that. Our permissions are path
> based, you can think of the URL as similar to a directory structure. Try
> something like this.
>
> This would be the permission you assign all your app users
>
> GET, PUT, POST, DELETE : /users/me/**
>
> This means allow all operations on /users/me, and anything after it.
>
> You can then add your nodes via a connection.
>
> To create
>
> POST /users/me/mynotes/ {... json ...}
>
> To update
>
> PUT /users/me/mynodes/uuid {... json ...}
>
> To load a list of notes
>
> GET /users/me/mynotes/
>
>
> Then users will only be able to see notes that have been connected to
> their user entity. Using this allows you to create a private space for
> users, just load all the data within the /users/me paths.
>
> Later,
> Todd
>
>
>
>
>
>
> On Thu, Aug 14, 2014 at 12:49 PM, Charles Craig <ccraig13@gmail.com
> <javascript:_e(%7B%7D,'cvml','ccraig13@gmail.com');>> wrote:
>
>> Hi,
>>
>> I’m having trouble wrapping my head around how to use Usergrid with my
>> web app (JS SDK). I read through Chris Rogers’ questions in the archives
>> and they did help a little.
>>
>> So I would like to:
>>
>> 1. Be able to add an entity to a collection ( I know how to do this )
>> 2. Limit accessing entities in that collection to only the ones the user
>> created ( Here’s my problem )
>>
>> I created a collection named Notes and was able to add to it, but any
>> logged in user has full CRUD capabilities for all the note entities in the
>> collection.
>>
>> Using a custom backend I would just add a User ID to each note entity and
>> write code that only selected notes with that user’s ID. How can I verify
>> or limit this using Usergrid?
>>
>> Thanks!
>>
>>
>> -charles
>>
>>
>
Re: Limiting entity access at the user level
Posted by Todd Nine <to...@gmail.com>.
Hey Charles,
You'll want to use connections for that. Our permissions are path based,
you can think of the URL as similar to a directory structure. Try
something like this.
This would be the permission you assign all your app users
GET, PUT, POST, DELETE : /users/me/**
This means allow all operations on /users/me, and anything after it.
You can then add your nodes via a connection.
To create
POST /users/me/mynotes/ {... json ...}
To update
PUT /users/me/mynodes/uuid {... json ...}
To load a list of notes
GET /users/me/mynotes/
Then users will only be able to see notes that have been connected to their
user entity. Using this allows you to create a private space for users,
just load all the data within the /users/me paths.
Later,
Todd
On Thu, Aug 14, 2014 at 12:49 PM, Charles Craig <cc...@gmail.com> wrote:
> Hi,
>
> I’m having trouble wrapping my head around how to use Usergrid with my web
> app (JS SDK). I read through Chris Rogers’ questions in the archives and
> they did help a little.
>
> So I would like to:
>
> 1. Be able to add an entity to a collection ( I know how to do this )
> 2. Limit accessing entities in that collection to only the ones the user
> created ( Here’s my problem )
>
> I created a collection named Notes and was able to add to it, but any
> logged in user has full CRUD capabilities for all the note entities in the
> collection.
>
> Using a custom backend I would just add a User ID to each note entity and
> write code that only selected notes with that user’s ID. How can I verify
> or limit this using Usergrid?
>
> Thanks!
>
>
> -charles
>
>