Permission error, after migration, for one class only which was working fine before

[mmahmood]

I have multiple apps on Parse.com, dev, test and prod. For migration, I migrated test environment to mLab "m-test" DB because our Parse dev DB has a lot of bad data. We've done a lot of testing using that DB, and we're about to finalize it all. Things are working fine.

I created another mLab DB using the same Parse Test DB (m-dev) to be used as DEV DB in mLab from now on. So both m-test and m-dev DBs are created from the same Parse Test DB.

The issue is with a certain "Inbox" class. I can see all inbox messages in my iPhone app when I use the m-test DB we created earlier. But we get permission errors on m-dev DB which I created recently. I dropped all collections, and have tried multiple times in the last couple of days to migrate Parse Test DB to m-dev DB. But I keep getting read permission error when trying to get list of items from Inbox. No permissions have been changed. I have compared _SCHEMA for Inbox in both m-test, and m-dev DBs and it's the same. Even tried replacing the one in m-dev DB, but it doesn't work.

Can you please assist me in debugging this issue? What else should I be looking at more. Also, this is the issue with only Inbox. Everything else is working as expected. I am clueless now.

Regards, -Mariam

[drew-gross]

Is your app using your own Parse Server for the application logic, or are you still using the hosted service on Parse.com? This repo is for issues with Parse Server

[mmahmood]

Yes, we are using Parse Server. We have set up the Parse Server on AWS, and the behavior is the same on both AWS and my local machine. If we connect to m-test DB, we can list() the Inbox messages. If we use m-dev DB, we get permission exception. Both m-test and m-dev were migrated from the same Parse.com DB. m-test around 1.5 months ago, and m-dev 3 days ago.

[mmahmood]

I am trying to read inbox messages on my iPhone app.

[drew-gross]

In that case can you provide some more detailed reproduction steps? Server logs containing the complete request and response for each request (use VERBOSE=1 env var) and the exact commands you use to create the database are best, that way if you have found a bug we can use use the commands you provide in our test cases.

[mmahmood]

To create the DB, I simply created a blank on in mLab, and migrated Parse DB using the migration tool by pointing to this new DB.

There are no major reproduction steps. It's just one class that's behaving in odd way. From the app, I'm simply doing query.list() for a certain user. I am getting permission error in one case, and success case in the other. Where should I look other than _Schemas in my mLab DB? The user does have read and update permission to his own messages.

Here's the requestion with VERBOSE =1 verbose: GET /parse/classes/Inbox { host: 'xxxxx.ngrok.io', 'x-parse-app-display-version': '3.1', 'x-parse-application-id': 'MY-APP-ID', accept: '/', 'x-parse-os-version': '9.3.2 (13F69)', 'accept-language': 'en-us', 'x-parse-client-key': 'CLIENT-KEY', 'user-agent': 'Doofl/3.1.1 CFNetwork/758.4.3 Darwin/15.5.0', 'x-parse-app-build-version': '3.1.1', 'content-type': 'application/json; charset=utf-8', 'x-parse-session-token': 'r:ae761f78264701ff240c21031e973b28', 'x-parse-client-version': 'i1.12.0', 'x-parse-installation-id': 'PARSE-INSTALLATION-ID', 'content-length': '169', 'accept-encoding': 'gzip, deflate', 'x-forwarded-proto': 'https', 'x-forwarded-for': '119.63.142.23' } { "include": "bulkMessage,sender", "order": "-createdAt", "where": { "recipient": { "objectId": "USER_ID", "className": "_User", "__type": "Pointer" }ti }, "limit": "15" }

In one case, I am getting this: verbose: error: code=119, message=Permission denied for this action.

In the other case, I am getting data.

What else can I do to debug this?

[mmahmood]

ACLs and Class level permissions all seem to be correct.

[mmahmood]

Data for the record that I can read.. { "_id": "dht22gx4LA", "_rperm": [ "ap6mgSK9AI" ], "_wperm": [ "ap6mgSK9AI" ], "_acl": { "ap6mgSK9AI": { "r": true, "w": true } }, "_p_recipient": "_User$ap6mgSK9AI", "subject": "", "message": "", "isRead": false, "_p_sender": "_User$qXkcqPWIi8", "isBulkMessage": false, "updateStats": false, "_updated_at": { "$date": "2016-06-12T16:04:17.069Z" }, "_created_at": { "$date": "2016-06-12T16:04:17.069Z" } }

Data for the record not being viewed for another user: { "_id": "DFJzocK9Nf", "_rperm": [ "HSG8qCtSDn" ], "_wperm": [ "HSG8qCtSDn" ], "_acl": { "HSG8qCtSDn": { "r": true, "w": true } }, "_p_recipient": "_User$HSG8qCtSDn", "subject": "", "message": "", "isRead": false, "_p_sender": "_User$qXkcqPWIi8", "isBulkMessage": false, "updateStats": false, "_updated_at": { "$date": "2016-06-12T16:02:01.234Z" }, "_created_at": { "$date": "2016-06-12T16:02:01.234Z" } }

Both users have the same role "User". Class level permissions in _SCHEMA in DB for both DBs:

{ "_id": "Inbox", "_metadata": { "class_permissions": { "get": { "role:Administrator": true, "role:User": true }, "find": { "role:Administrator": true, "role:User": true }, "update": { "role:Administrator": true, "role:User": true }, "create": { "role:Administrator": true }, "delete": {}, "addField": {}, "readUserFields": [], "writeUserFields": [] } }, "recipient": "__User", "bulkMessage": "_InboxBulkMessage", "subject": "string", "message": "string", "isRead": "boolean", "sender": "*_User", "isBulkMessage": "boolean", "updateStats": "boolean" }

[mmahmood]

Found the issue. I was including BulkMessage when getting the whole inbox list. InboxBulkMessage did not have the FIND rights for users.

This is not how things were on Parse.com. This means that I need to check all "includes" now.

[mmahmood]

How do I turn verbose logging off? I tried setting VERBOSE=0 and restarted server, but it didn't work.