Parse Query from somebody thats not logged in - parse-platform

I am using a Parse.Query to look up a record with javascript.
It works fine if the user making the query is logged in, but if its just a random unlogged in user making the query, it returns an empty set of results []
var userquery = new Parse.Query(Parse.User);
userquery.equalTo("username", "johndoe");
Is there something I need to do to enable random people who hit my webpage to run parse queries?
Also, even if I'm logged in. I can't query for a user besides my own. It also returns []
This describes my same problem, but there is no solution: https://www.parse.com/questions/querying-on-parseuser-object-always-returns-empty-array

The User class is restricted for very good security reasons. It would be quite a security hole if unauthenticated users could query the user table and get even partial login credentials.
If you really need some of the information to be open to unauthenticated users you should put it in another class with no security and link to it from the User class.

Related

GraphQL viewer-contextual queries on the top-level or within the viewer type?

When building the query and type graph structure in a GraphQL API, where would you put highly contextual queries that only apply to the viewer?
On the top-level (query.friendRequests)
This would remove noise in the User entity and only keep queries in there that are queryable for all users. Not just the viewing user.
It would add much more top-level queries with a risk of them becoming specialists in specific things which is not really thinking-in-a-graph and model-data-around-business-logic ideas.
On the viewer entity (query.viewer.friendRequests)
From a data perspective, this makes more sense to put it underneath the viewer entity (which is a User type). friend requests always belong to a parent object which is always a user.
Other Examples
Dashboard widgets
User notifications
Action items / TODO items / Task lists
Messages
Counters and badges
What are you guys' thoughts on this? What would be a good best-practice to follow for viewing user contextual queries that don't apply to other user entities in an API implementation?
We have always put it under a specific field in Query. First we started with a me query that would return a user. But this did not turn out very practical because the user type got very big and also most fields did not need the whole user object but only the user's ID. In your example we would have done two queries
SELECT * FROM account WHERE id = $id
SELECT * FROM friend_request WHERE account_id = $id
Unless we would query a trivial field on the me query the first query was completely wasted.
Then we got inspired a bit this thread and especially this answer from Lee Byron
Viewer is what we used everywhere at FB, so it’s stuck with me. Also, a Viewer is not a User, it’s an Auth session - which references a User. So there’s a useful distinction of terms.
Now we have a viewer query that returns a Viewer object. This object then has a field user to query the actual user object. This also might or might not help solving the problem around private and public fields on your user object.

Linking logged in user to object data on Parse.com

I'm new to using Parse.com and I'm trying to understand the general relationship between a logged in user and user-specific data.
I've figured out and understand how to create users and objects but I'm fuzzy on how to connect the two.
Is it as simple as creating a user and then once their logged in, storing an object with their username as the key?
Then when a user signs in successfully, you retrieve the object under their username key?
I just want to make sure I'm approaching this from the right angle, since I plan on having a lot of users and I also want the most secure approach.
I've read through the Parse.com documentation but can't seem to find the connection between the two. Any help is appreciated!
Do you mean when the user submits any details it is recorded with their User ID? If so, then this code will work for you:
ParseUser user = ParseUser.getCurrentUser();
//yourObjectID.put("User", user);
There is no user-specific data (all data is global with respect to the app ID you registered, as Parse is a database), but you can store data inside a ParseUser object. You can also give it access controls (an ACL), so only that user can read/write it. When the user signs in successfully, I don't believe it will be part of the ParseUser object yet, you need to fetch the data. (This is definitely true for object fields, but I'm not sure about simple fields like strings and ints. It deserves testing.)
There is a caveat to this. Depending on which SDK you're using, some of that information may be cached. In Unity 3D, for instance, the ParseUser object will retain all its data between program invocations (and indeed, will remain logged in).

webmatrix user id stored as -1 sometimes

I am developing a website using Webmatrix. I have a post page where user can post an item with several fields like item name, description, user name, phone number etc. I take all these values and save the item in database. Alongwith all this data provided by the user, I also save a user id of the user with WebSecurity.CurrentUserId method for that item.
This works well almost everytime. However, on very few occasions, I noticed that user id is stored as "-1" for some items.
I am absolutely clueless and can't figure out why it's happening.
Has someone ever experienced such thing. Or can someone may have clue about this?
I am not certain this will solve your problem but it would not hurt to verify that the current user is also defined within your web security database with WebSecurity.HasUserId property. I would give that a try - let me know what happens.
Hope that does the trick!

Main list of all the user logged-in in a struts application

In my struts2 application, in the login action I am placing the user and role in the session.
I want to keep track of all the users who logged in so as to do stuff like following :
Avoid multiple login of same user-id.
Check wheather a user is looged in or not ! Or any body with role Admin is logged in or not !
and in some other actions !
How to do it any suggestion!
And also how to maintain the issues like
User close browser without loggin ! etc
Any material with more information of session can also realy help !
You can have a column in you user table called logged_in_time (timestamp type) and update it with the time when user logs in and make it null when user logs out.
Avoid multiple login of same user-id: : check if this columns alreadt has some value or not.
Check whether a user is looged in or not : check if that column is null or not.
User close browser without logging out : A schduler job may be, that runs at fixed interval of time to check the session(using sessionid may be) of the user and update this field accordingly.
Take a look at this discussion for further information. And another one.

MVC3 User Authentication link

In my application I have an administrator who can create Tournament objects. When the object is created the service also creates a user (based on the tournament director's info which was entered at creation). The username for the user is the director's e-mail, the password is randomly generated and then mailed to the director.
When the director logs on with his e-mail address and password, I need to be able to link him to his own tournament, in order to only allow him to edit his own tournament's details. I have tried to find a way to store the TournamentId in the default ASP Net Users database, but was unsuccessful.
I had a look at this SO question which would certainly help me, but I can't figure out how it would apply to my problem. When the user logs on, I can't put the TournamentId in the userdata seeing as I don't know it.
Should I then do a lookup in the Tournament table to see which ID corresponds to the email address entered at login and store that in the userData? It seems quite unelegant this way.
I guess you should have a CreatedBy column in your Tournament table where you store the ID of the user who created the tournament. Then when the user logged in, get his id ( may be from session ,if you store it there), Do a select query where CreatedBy=loggedInUserId .That should do the trick.

Resources