how to update account fields, Account is created without any session token…but when i try to change the account fields using login token ,getting a error “unauthorize”
Can you share an example createAccount
and upsert
request with me so that I can help further?
in 1st pic i m create a Account without any session token
in 2nd pic i m login with newly created account credentials.
in 3rd pic ,i m able to update the Account field without using any token…(this account was created without any session token ,check in image 1 )
but getting error when i update fields using the session token(token was generated using the same account login credentials )
Hi deepakKashyap
A few things:
- It is really bad practice to post credentials - even on a development instance. It can be abused. Could you use an editor to hide the password and parts of the token returned by the login function.
- As we advised you in your previous post. Use the
createAccount
function to register new accounts https://hypi.dev/d/43-getting-permission-issue-when-i-update-owner-field-in-account-table/7 - I was able to reproduce the issue with anonymous being able to update the account. This is an issue with creating accounts when anonymous registration is enabled. Hypi automatically creates a
Permission
to grant the user creating the account access to the newAccount
. There was a bug which resulted in thisPermission
being created even if the user was anonymous. A patch has been deployed. - I was not able to reproduce the
Unauthorised
error you received with the token. The first question I would ask is “does the new account own or have access via a permission to all the objects for hypi.id you provided in the upsert?”
“does the new account own or have access via a permission to all the objects for hypi.id you provided in the upsert?”
i m not understanding …what u mean…
- When any data is created in Hypi - the account which created the data becomes its owner. You can see the
hypi.createdBy
field points to the ID of the account which created the data. This gives that account permission to modify or see the account automatically. - The other way to give other accounts permission to some data you create a
Permission
- https://docs.hypi.app/references/authorisation
If you haven’t created a Permission and the data isn’t createdBy the account then they cannot update it.
In your message above you have hypi.id being set. Does the user have permission using one of the two methods described above?
In your message above you have hypi.id being set. Does the user have permission using one of the two methods described above?
i think, i can solve this ,
when a user login ,before setting-up session token in app,i need to give the permission to the hypi.id from receiving login-Token,after that ,we should setup login token in app ::