Limiting entity access at the user level

[Charles Craig <cc...@gmail.com>]

Hi,

I’m having trouble wrapping my head around how to use Usergrid with my web app (JS SDK). I read through Chris Rogers’ questions in the archives and they did help a little.

So I would like to:

1. Be able to add an entity to a collection ( I know how to do this )
2. Limit accessing entities in that collection to only the ones the user created ( Here’s my problem )

I created a collection named Notes and was able to add to it, but any logged in user has full CRUD capabilities for all the note entities in the collection.

Using a custom backend I would just add a User ID to each note entity and write code that only selected notes with that user’s ID. How can I verify or limit this using Usergrid?

Thanks!


-charles

Re: Limiting entity access at the user level

[Charles Craig <cc...@gmail.com>]

Hi,

After setting up my roles as prescribed, I receive this error in the terminal when trying to create a connection:

WARNING: Exception occurred during body skip
java.lang.IllegalStateException: Can not skip more bytes than available
	at org.glassfish.grizzly.http.server.io.InputBuffer.skip(InputBuffer.java:600)
	…

I tried issuing this command from the shell in the portal:

post /users/2760f03a-22ef-11e4-8ffd-f3f0018b3726/mynotes { "data": "Learn Usergrid” }

and

post /users/2760f03a-22ef-11e4-8ffd-f3f0018b3726/mynotes [{ "data": "Learn Usergrid"}]

Either command returns:

/users/2760f03a-22ef-11e4-8ffd-f3f0018b3726/mynotes
 
{
  "action": "post",
  "application": "f2b952fa-22ee-11e4-9b4b-e9ea3d610fab",
  "params": {
    "access_token": [
      "YWMtmZWU0iQUEeScLt1PgUhfegAAAUf7J0uW32RkTiYpwSNVOHBVAtmkMnjFT3s"
    ]
  },
  "path": "/users/2760f03a-22ef-11e4-8ffd-f3f0018b3726/mynotes",
  "uri": "http://localhost:8080/test.2/note-pad/users/2760f03a-22ef-11e4-8ffd-f3f0018b3726/mynotes",
  "entities": [],
  "timestamp": 1408063432982,
  "duration": 6,
  "organization": "test.2",
  "applicationName": “note-pad"
}

However, no entities are being created. I’ve also tried using curl with the same results:

curl -H "Authorization: Bearer YWMt2j3JaCQLEeSr1fvx65wFRAAAAUf67ffU8cqvWOyiAVXXIOea177UF05Noa8" -X POST -d '[ {"data":"Lear Usergrid"}]' http://localhost:8080/test.2/note-pad/users/me/mynotes

I did execute a post /users/2760f03a-22ef-11e4-8ffd-f3f0018b3726/mynotes by itself as well, which made no difference.

-charles

On Aug 14, 2014, at 7:44 PM, Charles Craig <cc...@gmail.com> wrote:

> Thanks Rod!
> 
> -charles
> 
> On Aug 14, 2014, at 7:43 PM, Rod Simpson <ro...@rodsimpson.com> wrote:
> 
>> “me” is an alias to the user who acquired the token. So literally, put “me” in your query.  You could also put the uuid or the username.
>> 
>> 
>> -- 
>> Rod Simpson
>> @rockerston
>> rodsimpson.com
>> 
>> On August 14, 2014 at 4:52:16 PM, Charles Craig (ccraig13@gmail.com) wrote:
>> 
>>> Thanks Todd, that's exactly what I needed.
>>> 
>>> Now for my stupid question, is the "me" in the URL path actually what goes there or is that a place holder? If so, I assume "me" has special meaning/reserved in Usergrid?
>>> 
>>> On Thursday, August 14, 2014, Todd Nine <to...@gmail.com> wrote:
>>> Hey Charles,
>>>   You'll want to use connections for that.  Our permissions are path based, you can think of the URL as similar to a directory structure.  Try something like this.
>>> 
>>> This would be the permission you assign all your app users
>>> 
>>> GET, PUT, POST, DELETE : /users/me/**
>>> 
>>> This means allow all operations on /users/me, and anything after it.  
>>> 
>>> You can then add your nodes via a connection.
>>> 
>>> To create
>>> 
>>> POST /users/me/mynotes/ {... json ...}
>>> 
>>> To update
>>> 
>>> PUT /users/me/mynodes/uuid {... json ...}
>>> 
>>> To load a list of notes
>>> 
>>> GET /users/me/mynotes/
>>> 
>>> 
>>> Then users will only be able to see notes that have been connected to their user entity.  Using this allows you to create a private space for users, just load all the data within the /users/me paths.
>>> 
>>> Later,
>>> Todd
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> On Thu, Aug 14, 2014 at 12:49 PM, Charles Craig <cc...@gmail.com> wrote:
>>> Hi,
>>> 
>>> I’m having trouble wrapping my head around how to use Usergrid with my web app (JS SDK). I read through Chris Rogers’ questions in the archives and they did help a little.
>>> 
>>> So I would like to:
>>> 
>>> 1. Be able to add an entity to a collection ( I know how to do this )
>>> 2. Limit accessing entities in that collection to only the ones the user created ( Here’s my problem )
>>> 
>>> I created a collection named Notes and was able to add to it, but any logged in user has full CRUD capabilities for all the note entities in the collection.
>>> 
>>> Using a custom backend I would just add a User ID to each note entity and write code that only selected notes with that user’s ID. How can I verify or limit this using Usergrid?
>>> 
>>> Thanks!
>>> 
>>> 
>>> -charles
> 

Re: Limiting entity access at the user level

[Charles Craig <cc...@gmail.com>]

Thanks Rod!

-charles

On Aug 14, 2014, at 7:43 PM, Rod Simpson <ro...@rodsimpson.com> wrote:

> “me” is an alias to the user who acquired the token. So literally, put “me” in your query.  You could also put the uuid or the username.
> 
> 
> -- 
> Rod Simpson
> @rockerston
> rodsimpson.com
> 
> On August 14, 2014 at 4:52:16 PM, Charles Craig (ccraig13@gmail.com) wrote:
> 
>> Thanks Todd, that's exactly what I needed.
>> 
>> Now for my stupid question, is the "me" in the URL path actually what goes there or is that a place holder? If so, I assume "me" has special meaning/reserved in Usergrid?
>> 
>> On Thursday, August 14, 2014, Todd Nine <to...@gmail.com> wrote:
>> Hey Charles,
>>   You'll want to use connections for that.  Our permissions are path based, you can think of the URL as similar to a directory structure.  Try something like this.
>> 
>> This would be the permission you assign all your app users
>> 
>> GET, PUT, POST, DELETE : /users/me/**
>> 
>> This means allow all operations on /users/me, and anything after it.  
>> 
>> You can then add your nodes via a connection.
>> 
>> To create
>> 
>> POST /users/me/mynotes/ {... json ...}
>> 
>> To update
>> 
>> PUT /users/me/mynodes/uuid {... json ...}
>> 
>> To load a list of notes
>> 
>> GET /users/me/mynotes/
>> 
>> 
>> Then users will only be able to see notes that have been connected to their user entity.  Using this allows you to create a private space for users, just load all the data within the /users/me paths.
>> 
>> Later,
>> Todd
>> 
>> 
>> 
>> 
>> 
>> 
>> On Thu, Aug 14, 2014 at 12:49 PM, Charles Craig <cc...@gmail.com> wrote:
>> Hi,
>> 
>> I’m having trouble wrapping my head around how to use Usergrid with my web app (JS SDK). I read through Chris Rogers’ questions in the archives and they did help a little.
>> 
>> So I would like to:
>> 
>> 1. Be able to add an entity to a collection ( I know how to do this )
>> 2. Limit accessing entities in that collection to only the ones the user created ( Here’s my problem )
>> 
>> I created a collection named Notes and was able to add to it, but any logged in user has full CRUD capabilities for all the note entities in the collection.
>> 
>> Using a custom backend I would just add a User ID to each note entity and write code that only selected notes with that user’s ID. How can I verify or limit this using Usergrid?
>> 
>> Thanks!
>> 
>> 
>> -charles

Re: Limiting entity access at the user level

[Rod Simpson <ro...@rodsimpson.com>]

“me” is an alias to the user who acquired the token. So literally, put “me” in your query.  You could also put the uuid or the username.


-- 
Rod Simpson
@rockerston
rodsimpson.com

On August 14, 2014 at 4:52:16 PM, Charles Craig (ccraig13@gmail.com) wrote:

Thanks Todd, that's exactly what I needed.

Now for my stupid question, is the "me" in the URL path actually what goes there or is that a place holder? If so, I assume "me" has special meaning/reserved in Usergrid?

On Thursday, August 14, 2014, Todd Nine <to...@gmail.com> wrote:
Hey Charles,
  You'll want to use connections for that.  Our permissions are path based, you can think of the URL as similar to a directory structure.  Try something like this.

This would be the permission you assign all your app users

GET, PUT, POST, DELETE : /users/me/**

This means allow all operations on /users/me, and anything after it.  

You can then add your nodes via a connection.

To create

POST /users/me/mynotes/ {... json ...}

To update

PUT /users/me/mynodes/uuid {... json ...}

To load a list of notes

GET /users/me/mynotes/


Then users will only be able to see notes that have been connected to their user entity.  Using this allows you to create a private space for users, just load all the data within the /users/me paths.

Later,
Todd






On Thu, Aug 14, 2014 at 12:49 PM, Charles Craig <cc...@gmail.com> wrote:
Hi,

I’m having trouble wrapping my head around how to use Usergrid with my web app (JS SDK). I read through Chris Rogers’ questions in the archives and they did help a little.

So I would like to:

1. Be able to add an entity to a collection ( I know how to do this )
2. Limit accessing entities in that collection to only the ones the user created ( Here’s my problem )

I created a collection named Notes and was able to add to it, but any logged in user has full CRUD capabilities for all the note entities in the collection.

Using a custom backend I would just add a User ID to each note entity and write code that only selected notes with that user’s ID. How can I verify or limit this using Usergrid?

Thanks!


-charles

Re: Limiting entity access at the user level

[Charles Craig <cc...@gmail.com>]

Thanks Todd, that's exactly what I needed.

Now for my stupid question, is the "me" in the URL path actually what goes
there or is that a place holder? If so, I assume "me" has special
meaning/reserved in Usergrid?

On Thursday, August 14, 2014, Todd Nine <to...@gmail.com> wrote:

> Hey Charles,
>   You'll want to use connections for that.  Our permissions are path
> based, you can think of the URL as similar to a directory structure.  Try
> something like this.
>
> This would be the permission you assign all your app users
>
> GET, PUT, POST, DELETE : /users/me/**
>
> This means allow all operations on /users/me, and anything after it.
>
> You can then add your nodes via a connection.
>
> To create
>
> POST /users/me/mynotes/ {... json ...}
>
> To update
>
> PUT /users/me/mynodes/uuid {... json ...}
>
> To load a list of notes
>
> GET /users/me/mynotes/
>
>
> Then users will only be able to see notes that have been connected to
> their user entity.  Using this allows you to create a private space for
> users, just load all the data within the /users/me paths.
>
> Later,
> Todd
>
>
>
>
>
>
> On Thu, Aug 14, 2014 at 12:49 PM, Charles Craig <ccraig13@gmail.com
> <javascript:_e(%7B%7D,'cvml','ccraig13@gmail.com');>> wrote:
>
>> Hi,
>>
>> I’m having trouble wrapping my head around how to use Usergrid with my
>> web app (JS SDK). I read through Chris Rogers’ questions in the archives
>> and they did help a little.
>>
>> So I would like to:
>>
>> 1. Be able to add an entity to a collection ( I know how to do this )
>> 2. Limit accessing entities in that collection to only the ones the user
>> created ( Here’s my problem )
>>
>> I created a collection named Notes and was able to add to it, but any
>> logged in user has full CRUD capabilities for all the note entities in the
>> collection.
>>
>> Using a custom backend I would just add a User ID to each note entity and
>> write code that only selected notes with that user’s ID. How can I verify
>> or limit this using Usergrid?
>>
>> Thanks!
>>
>>
>> -charles
>>
>>
>

Re: Limiting entity access at the user level

[Todd Nine <to...@gmail.com>]

Hey Charles,
  You'll want to use connections for that.  Our permissions are path based,
you can think of the URL as similar to a directory structure.  Try
something like this.

This would be the permission you assign all your app users

GET, PUT, POST, DELETE : /users/me/**

This means allow all operations on /users/me, and anything after it.

You can then add your nodes via a connection.

To create

POST /users/me/mynotes/ {... json ...}

To update

PUT /users/me/mynodes/uuid {... json ...}

To load a list of notes

GET /users/me/mynotes/


Then users will only be able to see notes that have been connected to their
user entity.  Using this allows you to create a private space for users,
just load all the data within the /users/me paths.

Later,
Todd






On Thu, Aug 14, 2014 at 12:49 PM, Charles Craig <cc...@gmail.com> wrote:

> Hi,
>
> I’m having trouble wrapping my head around how to use Usergrid with my web
> app (JS SDK). I read through Chris Rogers’ questions in the archives and
> they did help a little.
>
> So I would like to:
>
> 1. Be able to add an entity to a collection ( I know how to do this )
> 2. Limit accessing entities in that collection to only the ones the user
> created ( Here’s my problem )
>
> I created a collection named Notes and was able to add to it, but any
> logged in user has full CRUD capabilities for all the note entities in the
> collection.
>
> Using a custom backend I would just add a User ID to each note entity and
> write code that only selected notes with that user’s ID. How can I verify
> or limit this using Usergrid?
>
> Thanks!
>
>
> -charles
>
>