The requiresAuthentication doesn't behave the way docs explained. #3753
Description
Issue Description
The requiresAuthentication doesn't behave the way docs explained.
Steps to reproduce
We tried to set our database's schema by following the parse-server (http://docs.parseplatform.org/parse-server/guide/#requireauthentication) documentation. As the docs stated For example, you want to allow your authenticated users to find and get objects from your application and your admin users to have all privileges, you would set the CLP:
"class_permissions": {
{
"find": {
"requiresAuthentication": true,
"role:admin": true
},
"get": {
"requiresAuthentication": true,
"role:admin": true
},
"create": { "role:admin": true },
"update": { "role:admin": true },
"delete": { "role:admin": true },
}
}
Expected Results
Authenticated users should be able to "find" and "get" objects and admin users have all privileges
Actual Outcome
Authenticated users got {"code":119,"error":"Permission denied for action find on class ClassName."} Only admin can do "find" and "get". But once we set something like this, it works as docs explained
"class_permissions": {
{
"find": {
"requiresAuthentication": true
},
"get": {
"requiresAuthentication": true
},
"create": { "role:admin": true },
"update": { "role:admin": true },
"delete": { "role:admin": true },
}
}
this works as we wanted to. Is this expected behaviour? or we understood the documentation wrong?
Environment Setup
-
Server
- parse-server version (Be specific! Don't say 'latest'.) : 2.3.8
- Operating System: Linux
- Hardware: [FILL THIS OUT]
- Localhost or remote server? (AWS, Heroku, Azure, Digital Ocean, etc): AWS
-
Database
- MongoDB version: 3.2.11
- Storage engine: WiredTiger
- Hardware: [FILL THIS OUT]
- Localhost or remote server? (AWS, mLab, ObjectRocket, Digital Ocean, etc): mLab
Logs/Trace
{"code":119,"error":"Permission denied for action find on class ClassName."}