Mobile Backend Services are awesome, but sometimes you need them to be limited to some users. Thats where Access Control Lists (ACL)<\/a> come in. The ACL object implements access control lists for mobile backend service objects. An access control list controls read and write access to any mobile backend service objects it’s attached to. You assign an ACL to an object via the object’s So lets look at how to do this on a photo. (Note: you can also create ACL’s via the dashboard.<\/em>). Now lets say we want to update that access to only allow them write access for certain users. We do that by updating the ACL with But what if we only wanted certain user to be able to even see this photo? In that case we would do something like this. Now only userB can see this photo along with any admin’s. <\/p>\n (NOTE: Application administrator are exempt from these ACL’s they can see everything. The object’s owner also has read and write permission as well.<\/em>)<\/p>\n Now that you understand ACL’s get out there and try them. <\/p>\n","protected":false},"excerpt":{"rendered":" Access Control Lists (ACL) Mobile Backend Services are awesome, but sometimes you need them to be limited to some users. Thats where Access Control Lists (ACL) come in. The ACL object implements access control lists for mobile backend service objects. An access control list controls read and write access to any mobile backend service objects…<\/p>\nacl_id<\/code> or acl_name<\/code> properties. Currently, ACLs can be assigned to the following types of mobile backend service objects: Checkins<\/a>, CustomObjects<\/a>, Events<\/a>, Files<\/a>, Photos<\/a>, PhotoCollections<\/a>, Places<\/a>, Posts<\/a>, Reviews<\/a> and Statuses<\/a>.<\/p>\nExamples<\/h3>\n
\nIn this example we are going to create an ACL that gives public read write access to everyone. Then we will apply that ACL to a newly created photo and give it the ACL photo_access<\/code>.<\/p>\n\/\/ Logged in as User A:\nCloud.ACLs.create({\n name: 'photo_access',\n public_read: \"true\",\n public_write: \"true\"\n}, function (e) {}); \n\n\/\/ Then create Photo that uses the \"photo_access\" ACL:\nCloud.Photos.create({\n photo: Titanium.Filesystem.getFile('photo.jpg'),\n acl_name: 'photo_access'\n}, function (e) { }); <\/pre>\npublic_write: \"false\"<\/code> and a list of users writer_ids: [userB, userC]<\/code> that we will allow to write\/update this photo. However we are still allowing public read access to this ACL.<\/p>\n\/\/ Logged in as User A:\nCloud.ACLs.update({\n name: 'photo_access',\n public_write: \"false\",\n writer_ids: [userB, userC]\n}, function (e) {});<\/pre>\n\/\/ Logged in as User A:\nCloud.ACLs.update({\n name: 'photo_access',\n public_read: \"false\",\n reader_ids: [userB]\n}, function (e) {});<\/pre>\n