milesrichardson / ParsePy

A relatively up-to-date fork of ParsePy, the Python wrapper for the Parse.com API. Originally maintained by @dgrtwo
MIT License
516 stars 184 forks source link

Revert "Set an ACL on ParseResource by default" #107

Closed danrobinson closed 9 years ago

danrobinson commented 9 years ago

A default ACL breaks the unit tests for Users (since Users cannot be writeable by other users). It also breaks other functionality--if there are default global read/write permissions, using set_role or set_user won't override it, which is a security risk. We may want to look at other ways to prevent the difficulty mentioned in issue #97, but for now, it's probably best to do what other SDKs do and not have an ACL until the user creates one (and have an ACL created with no arguments result in master-key-only permissions, rather than global read/write permissions).

Closes #97