Delete Issue

[rick@rickaustin.net]

I am starting to build an iOS app on top your wonderful platform and I have a problem trying to delete an object.

I have a collection called Wants and I'm able to add items to this collection with no issue. I *think* I am set up, my application.ffdl PERMIT statement is below, so that a creator of an object is able to delete the object but when I attempt to delete an object I get a 403 error code which is a permission problem. I'm guessing I have an issue with my permissions but it is not clear to me what I need to do. The code I'm using to delete is:

    // Remove the row from data model
    [_wantsArray removeObjectAtIndex:indexPath.row];
    ThingIWant *want = [_wantsArray objectAtIndex:indexPath.row];
    FatFractal *ff = [FatFractal main];
    NSError *err;
    [ff deleteObj:want error:&err];
    if(err)
        NSLog(@"Error on delete");
    else
        [self.tableView reloadData];

The _wantsArray contains the same object type that I had stored and it is populated by reading from the Wants collection. I then request the item to be deleted using deleteObj: but this is when I get the 403 error.

My PERMIT statement is below:

#
# Permissions
#
PERMIT read:creator write:creator ON /Wants

[gkc]

Hi Rick,

OK yes there is a problem with your PERMIT syntax. The intention of the "PERMIT creator.<groupName>" syntax is as described here: http://fatfractal.com/prod/docs/permissions/#declarative-default-oap which I don't think is what you are intending. (i.e. your syntax is incorrect)

I think therefore that what is happening is that you are seeing 'Wants' being returned which were created by a different user. I suspect you are issuing a query like this
            [ff getArrayFromUri:@"/Wants", onComplete ....
which will of course return ALL objects from the /Wants collection

If your intention is to prevent any one user from seeing any other user's 'Wants' then the syntax is this:
   PERMIT read:none ON /Wants
By default, only the user that created an object can modify or delete it, which I think is what you want, so you don't need to do anything else there

I would suggest two things:
(1) Amend your PERMIT syntax to
   PERMIT read:none ON /Wants

(2) You should also change your query (for performance reasons) rather than just depend on the permissions filtering to filter out the results. For example if you make a request to get everything from /Wants, with the above PERMIT statement, then EVERY object in /Wants will be retrieved by the database, but only the ones that are visible will be presented to the client. This obviously will get very slow if you have lots of users and lots of objects in the /Wants collection

If you just want to get all /Wants created by the current user, then issue this query: (obj-c syntax)
       [ff getArrayFromUri:[NSString stringWithFormat:@"/Wants/(createdBy eq '%@')", [ff loggedInUserGuid]] onComplete:^(NSError *theErr, id theObj, NSHTTPURLResponse *theResponse) {
        //
    }];

Thanks for being the first poster on our shiny new forum; and keep the questions coming!

Cheers,

- Gary

[rick@rickaustin.net]

Wow! Thanks so much for the detailed explanation of what is going on and you hit the nail on the head about what I'm trying to do. Also the tip about filtering in the query is very much appreciated. I'm just knocked out at how quickly and thorough your response has been. Feeling good about considering FatFractal for my backend.