The problem occurs as follows:
I am adding a user. I login after adding a user. After login, when I add items to sell, it throws logine and does not log in again and gives this error.
Related
I created a class in my Parse Server, using the Parse Dashboard, and then I changed the Class Level Permissions to allow only one user to perform read and write operations in the documents of this class:
The user that is supposed to have access to this class was also created manually through the Parse Dashboard and it looks like this:
However, when I try to query documents from this class, using this user in specific, I keep getting the error message "Permission denied for action find on class Person". This is how my code to login and query the class looks like:
const Person = Parse.Object.extend('Person')
Parse.Object.registerSubclass('Person', Person)
Parse.User.logIn('username', 'password').then(user => {
console.log('E-mail: ' + user.getEmail())
console.log('Created: ' + user.createdAt)
console.log('Current: ' + user.isCurrent())
console.log('Authenticated: ' + user.authenticated())
const query = new Parse.Query(Person)
query.equalTo('name', 'John')
return query.find()
})
I included a bunch of console.log's to check what information about the user is being printed and I confirm that the login seems to complete successfully because the fields email and createdAt match the information that I see in the Parse Dashboard. However, the field authenticated and current both return false, but I don't know why. I was expecting them to return true.
This is the only place in the application that I try to login the Parse Server and perform an operation that is restricted to only one user. Any idea why I'm getting this "Permission denied for action find on class Person" error?
I guess that this is related to security. Generally Parse will not allow a user to get data about any other user, unless you do some actions - e.g. - allow it from the dashboard. But anyway I guess that you have to do it one by one.
Per other answers here my code below should be correct, but I am getting nothing from SecurityUtils. I need to assign a user to a new record in an application. Am I missing something here?
This other response also returns a null user.
User user = userRepository.findOneByLogin(SecurityUtils.getCurrentUserLogin().get()).get();
entity.setUser(user);
entityRepository.save(entity);
Can anyone explain how to append information to a default error message thrown from 'message.properties' file in jsf.
My application is setup in such a way that When I enter number 0 instead of any number in a inputText field, I am getting the following error message from message.properties file.
Current functionality:
Validation Error: Value is less than allowable minimum of '1'
But, i want to display the error message on the webpage as follows
Desired functionality:
Validation Error: Value is less than allowable minimum of '1' for the user XYZ
Basically, I want to get the username which is available on the same page where I am entering the number and append this username to the error message in the event of any error. The username will be changing for each user and it is not constant. I am not sure if I can override the message.properties file in this case and write my own error message because the user name will be changing and dynamic.
<f:validateLongRange minimum="1"/>
I am using the above code to validate the input text..
I was following along the example Lending Library app in the book "Packtpub.Getting.Started.with.Meteor.js". It is running at:
http://matloob.lendlib.meteor.com
It works fine, but when a user logs out when one category is open and its items are being displayed, that category and its items remain on the page while the rest is filtered out. On refreshing the page the remaining category is also filtered out.
The publish function is:
Meteor.publish("Categories", function () {
Meteor.flush(); // I added this so it will flush out the remaining data, but :(
return lists.find({owner: this.userId}, {fields: {Category: 1}});
});
It is hard to point out the exact vulnerability withour seeing more code but this is what I could find out: even if not logged in as a user one can set the session variable current_list to an id to get the corresponding list document:
Session.set("current_list",'ZLREaTCPiC6E7ece3')
So I assume that somewhere in your code you publish the details of a list given its id.
At least this would explain why the list remains even after logging out when a category is selected (which in turn means current_list holds an id).
Possibly publishing the list is done using Deps.autorun since the list is immediately published once the session variable is changed.
Maybe you can find that piece of code and post it or just change it so that it also includes a check whether the user is the owner of that list or category.
Consider using the user-status package to listen for users logging out and doing some cleanup on the server as a result:
https://github.com/mizzao/meteor-user-status
Specfically, you can use the following callback:
UserStatus.on "sessionLogout", (advice) ->
console.log(advice.userId + " with session " + advice.sessionId + " logged out")
DataServiceRequestException was unhandled by user code. An error occurred while processing this request.
This is in relation to the previous post I added
public void AddEmailAddress(EmailAddressEntity emailAddressTobeAdded)
{
AddObject("EmailAddress", emailAddressTobeAdded);
SaveChanges();
}
Again the code breaks and gives a new exception this time. Last time it was Storage Client Exception, now it is DataServiceRequestException. Code breaks at SaveChanges.
Surprisingly, solution is same. CamelCasing is not supported. So the code works if "EmailAddress" is changed to "Emailaddress" or "emailaddress"
More details
http://weblogs.asp.net/chanderdhall/archive/2010/07/10/dataservicerequestexception-was-unhandled-by-user-code-an-error-occurred-while-processing-this-request.aspx
Because you've tagged this with "azure" and "table," I'm going to assume this code results in a call to Windows Azure tables. If so, I can assure you that camel casing table names is indeed supported. However, the string you pass to AddObject has to match a table that you've created, so make sure the code where you create the table is using the same casing.