Menu
In my game, a user can cause damage to another user, and take some of their gold. The gold variable is stored in the other users PFUser object. How can one user change the value for the gold that is stored in the other users PFUser's object?
961
You can not save or delete non-authenticated PFUsers. The way to implement that functionality is to set up a separate class for public read/write user variables
From the parse documentation -
Security For User Objects
The PFUser class is secured by default. Data stored in a PFUser can only be modified by that user. By default, the data can still be read by any client. Thus, some PFUser objects are authenticated and can be modified, whereas others are read-only.
Specifically, you are not able to invoke any of the save or delete methods unless the PFUser was obtained using an authenticated method, like logIn or signUp. This ensures that only the user can alter their own data.
106
The best solution would be to handle it with a cloud code. Manipulating a non authenticated PFUser object from client side will raise some security issues. Have a cloud function like:
Parse.Cloud.define("stealGold", function(request, response) {
var query = new Parse.Query(Parse.User);
query.equalTo("objectId", request.params.targetObjectId);
query.find({useMasterKey : true}).then(function(results) {
// process the result of the query here
// Save the user object
});
});
You may read about it in docs here: https://parse.com/docs/data#security-cloudcode
36
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
