LiveQuery and Roles

[cheesykyle]

Does LiveQuery check ACL against Roles?

When I set the ACL to the current user I have no problems. When I set the ACL to a Role that contains the user, no data is sent.

Is this a security issue, or something that just hasn't been implemented?

[frangulyan]

I got similar issues, the problem was that the Role object itself was under "master-key" ACL. So I guess in order to check for permissions Parse Server tried to retrieve a Role object that my LiveQuery class was assigned, and it tried to get that Role with the same permissions, which failed in my case, since I locked the Role table to be accessed only by master key for read/write.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.