Hi Rick,
OK yes there is a problem with your PERMIT syntax. The intention of the "PERMIT creator.<groupName>" syntax is as described here:
http://fatfractal.com/prod/docs/permissions/#declarative-default-oap which I don't think is what you are intending. (i.e. your syntax is incorrect)
I think therefore that what is happening is that you are seeing 'Wants' being returned which were created by a different user. I suspect you are issuing a query like this
[ff getArrayFromUri:@"/Wants", onComplete ....
which will of course return ALL objects from the /Wants collection
If your intention is to prevent any one user from seeing any other user's 'Wants' then the syntax is this:
PERMIT read:none ON /Wants
By default, only the user that created an object can modify or delete it, which I think is what you want, so you don't need to do anything else there
I would suggest two things:
(1) Amend your PERMIT syntax to
PERMIT read:none ON /Wants
(2) You should also change your query (for performance reasons) rather than just depend on the permissions filtering to filter out the results. For example if you make a request to get everything from /Wants, with the above PERMIT statement, then EVERY object in /Wants will be retrieved by the database, but only the ones that are visible will be presented to the client. This obviously will get very slow if you have lots of users and lots of objects in the /Wants collection
If you just want to get all /Wants created by the current user, then issue this query: (obj-c syntax)
[ff getArrayFromUri:[NSString stringWithFormat:@"/Wants/(createdBy eq '%@')", [ff loggedInUserGuid]] onComplete:^(NSError *theErr, id theObj, NSHTTPURLResponse *theResponse) {
//
}];
Thanks for being the first poster on our shiny new forum; and keep the questions coming!
Cheers,
- Gary