Appcelerator Mobile Backend Service Access Control Lists

Access Control Lists (ACL)

Mobile Backend Services are awesome, but sometimes you need them to be limited to some users. Thats where Access Control Lists (ACL) come in. The ACL object implements access control lists for mobile backend service objects. An access control list controls read and write access to any mobile backend service objects it’s attached to. You assign an ACL to an object via the object’s acl_id or acl_name properties. Currently, ACLs can be assigned to the following types of mobile backend service objects: Checkins, CustomObjects, Events, Files, Photos, PhotoCollections, Places, Posts, Reviews and Statuses.

Examples

So lets look at how to do this on a photo. (Note: you can also create ACL’s via the dashboard.).
In this example we are going to create an ACL that gives public read write access to everyone. Then we will apply that ACL to a newly created photo and give it the ACL photo_access.

// Logged in as User A:
Cloud.ACLs.create({
    name: 'photo_access',
    public_read: "true",
    public_write: "true"
}, function (e) {});      

// Then create Photo that uses the "photo_access" ACL:
Cloud.Photos.create({
    photo: Titanium.Filesystem.getFile('photo.jpg'),
    acl_name: 'photo_access'
}, function (e) { }); 

Now lets say we want to update that access to only allow them write access for certain users. We do that by updating the ACL with public_write: "false" and a list of users writer_ids: [userB, userC] that we will allow to write/update this photo. However we are still allowing public read access to this ACL.

// Logged in as User A:
Cloud.ACLs.update({
    name: 'photo_access',
    public_write: "false",
    writer_ids: [userB, userC]
}, function (e) {});

But what if we only wanted certain user to be able to even see this photo? In that case we would do something like this. Now only userB can see this photo along with any admin’s.

(NOTE: Application administrator are exempt from these ACL’s they can see everything. The object’s owner also has read and write permission as well.)

// Logged in as User A:
Cloud.ACLs.update({
    name: 'photo_access',
    public_read: "false",
    reader_ids: [userB]
}, function (e) {});

Now that you understand ACL’s get out there and try them.

Loading Facebook Comments ...