Skip to main content

Using ACL in Cloud Engine

Cloud Engine offers a way for you to define logic on the cloud to perform certain actions when certain events happen. When you need to print logs, verify permissions, or enforce ACL settings on data operations initiated by clients, this could be very helpful. See Cloud Functions and Hooks for more information.

Requirements

We have mentioned the requirements above to help you better understand the following requirement description:

Imagine that you are building an application for iOS, Android, and web (JavaScript), and you need to implement a function that adds permission settings to all the objects created. Traditionally, you will need to write the same function in different languages for each platform. But now you can write the same function only once and put it on the cloud, which makes the development process way easier.

Use Cases

Let's start with a simple example:

We want the administrator to have read and write access to every post made by a user from a client, be it iOS or Android.

To get started, we need to write our Cloud Engine hook function (see BeforeSave for an introduction to Cloud Engine hook functions):

AV.Cloud.beforeSave('Post', (request) => {
  const post = request.object;
  if (post) {
    var acl = new AV.ACL();
    acl.setPublicReadAccess(true);
    // Assuming a role named `admin` exists
    acl.setRoleWriteAccess('admin', true);
    post.setACL(acl);
  } else {
    throw new AV.Cloud.Error('Invalid Post object.');
  }
});

After deploying the code to the cloud, every post created on the client side from now on will automatically have the following ACL:

{"*":{"read":true},"role:admin":{"write":true}}