PFACL

Objective-C

@interface PFACL : NSObject <NSCopying, NSCoding>

Swift

class PFACL : NSObject, NSCopying, NSCoding

The PFACL class is used to control which users can access or modify a particular object. Each PFObject can have its own PFACL. You can grant read and write permissions separately to specific users, to groups of users that belong to roles, or you can grant permissions to “the public” so that, for example, any user could read a particular object but only a particular set of users could write to that object.

Creating an ACL

+ACL
Creates an ACL with no permissions granted.
Declaration
Objective-C

+ (nonnull instancetype)ACL;
Return Value

Returns a new PFACL.


                    
                    
                    +ACLWithUser:

Creates an ACL where only the provided user has access.

Declaration

Objective-C

+ (nonnull instancetype)ACLWithUser:(nonnull PFUser *)user;

Swift

convenience init(user: PFUser)

Parameters


                                user

The user to assign access.

Controlling Public Access


                    
                    
                    publicReadAccess

Controls whether the public is allowed to read this object.

Declaration

Objective-C

@property (nonatomic, assign, unsafe_unretained, readwrite,
          getter=getPublicReadAccess) BOOL publicReadAccess;

Swift

var hasPublicReadAccess: Bool { get set }


                    
                    
                    publicWriteAccess

Controls whether the public is allowed to write this object.

Declaration

Objective-C

@property (nonatomic, assign, unsafe_unretained, readwrite,
          getter=getPublicWriteAccess) BOOL publicWriteAccess;

Swift

var hasPublicWriteAccess: Bool { get set }

Controlling Access Per-User


                    
                    
                    -setReadAccess:forUserId:

Set whether the given user id is allowed to read this object.

Declaration

Objective-C

- (void)setReadAccess:(BOOL)allowed forUserId:(nonnull NSString *)userId;

Swift

func setReadAccess(_ allowed: Bool, forUserId userId: String)

Parameters

`allowed`	Whether the given user can write this object.
`userId`	The `PFObject.objectId` of the user to assign access.


                    
                    
                    -getReadAccessForUserId:

Gets whether the given user id is explicitly allowed to read this object. Even if this returns NO, the user may still be able to access it if publicReadAccess returns YES or if the user belongs to a role that has access.

Declaration

Objective-C

- (BOOL)getReadAccessForUserId:(nonnull NSString *)userId;

Swift

func getReadAccess(forUserId userId: String) -> Bool

Parameters


                                userId

The PFObject.objectId of the user for which to retrive access.

Return Value

YES if the user with this objectId has explicit read access, otherwise NO.


                    
                    
                    -setWriteAccess:forUserId:

Set whether the given user id is allowed to write this object.

Declaration

Objective-C

- (void)setWriteAccess:(BOOL)allowed forUserId:(nonnull NSString *)userId;

Swift

func setWriteAccess(_ allowed: Bool, forUserId userId: String)

Parameters

`allowed`	Whether the given user can read this object.
`userId`	The `PFObject.objectId` of the user to assign access.


                    
                    
                    -getWriteAccessForUserId:

Gets whether the given user id is explicitly allowed to write this object. Even if this returns NO, the user may still be able to write it if publicWriteAccess returns YES or if the user belongs to a role that has access.

Declaration

Objective-C

- (BOOL)getWriteAccessForUserId:(nonnull NSString *)userId;

Swift

func getWriteAccess(forUserId userId: String) -> Bool

Parameters


                                userId

The PFObject.objectId of the user for which to retrive access.

Return Value

YES if the user with this PFObject.objectId has explicit write access, otherwise NO.


                    
                    
                    -setReadAccess:forUser:

Set whether the given user is allowed to read this object.

Declaration

Objective-C

- (void)setReadAccess:(BOOL)allowed forUser:(nonnull PFUser *)user;

Swift

func setReadAccess(_ allowed: Bool, for user: PFUser)

Parameters

`allowed`	Whether the given user can read this object.
`user`	The user to assign access.


                    
                    
                    -getReadAccessForUser:

Gets whether the given user is explicitly allowed to read this object. Even if this returns NO, the user may still be able to access it if publicReadAccess returns YES or if the user belongs to a role that has access.

Declaration

Objective-C

- (BOOL)getReadAccessForUser:(nonnull PFUser *)user;

Swift

func getReadAccess(for user: PFUser) -> Bool

Parameters


                                user

The user for which to retrive access.

Return Value

YES if the user has explicit read access, otherwise NO.


                    
                    
                    -setWriteAccess:forUser:

Set whether the given user is allowed to write this object.

Declaration

Objective-C

- (void)setWriteAccess:(BOOL)allowed forUser:(nonnull PFUser *)user;

Swift

func setWriteAccess(_ allowed: Bool, for user: PFUser)

Parameters

`allowed`	Whether the given user can write this object.
`user`	The user to assign access.


                    
                    
                    -getWriteAccessForUser:

Gets whether the given user is explicitly allowed to write this object. Even if this returns NO, the user may still be able to write it if publicWriteAccess returns YES or if the user belongs to a role that has access.

Declaration

Objective-C

- (BOOL)getWriteAccessForUser:(nonnull PFUser *)user;

Swift

func getWriteAccess(for user: PFUser) -> Bool

Parameters


                                user

The user for which to retrive access.

Return Value

YES if the user has explicit write access, otherwise NO.

Controlling Access Per-Role


                    
                    
                    -getReadAccessForRoleWithName:

Get whether users belonging to the role with the given name are allowed to read this object. Even if this returns NO, the role may still be able to read it if a parent role has read access.

Declaration

Objective-C

- (BOOL)getReadAccessForRoleWithName:(nonnull NSString *)name;

Swift

func getReadAccessForRole(withName name: String) -> Bool

Parameters


                                name

The name of the role.

Return Value

YES if the role has read access, otherwise NO.


                    
                    
                    -setReadAccess:forRoleWithName:

Set whether users belonging to the role with the given name are allowed to read this object.

Declaration

Objective-C

- (void)setReadAccess:(BOOL)allowed forRoleWithName:(nonnull NSString *)name;

Swift

func setReadAccess(_ allowed: Bool, forRoleWithName name: String)

Parameters

`allowed`	Whether the given role can read this object.
`name`	The name of the role.


                    
                    
                    -getWriteAccessForRoleWithName:

Get whether users belonging to the role with the given name are allowed to write this object. Even if this returns NO, the role may still be able to write it if a parent role has write access.

Declaration

Objective-C

- (BOOL)getWriteAccessForRoleWithName:(nonnull NSString *)name;

Swift

func getWriteAccessForRole(withName name: String) -> Bool

Parameters


                                name

The name of the role.

Return Value

YES if the role has read access, otherwise NO.


                    
                    
                    -setWriteAccess:forRoleWithName:

Set whether users belonging to the role with the given name are allowed to write this object.

Declaration

Objective-C

- (void)setWriteAccess:(BOOL)allowed forRoleWithName:(nonnull NSString *)name;

Swift

func setWriteAccess(_ allowed: Bool, forRoleWithName name: String)

Parameters

`allowed`	Whether the given role can write this object.
`name`	The name of the role.


                    
                    
                    -getReadAccessForRole:

Get whether users belonging to the given role are allowed to read this object. Even if this returns NO, the role may still be able to read it if a parent role has read access.

The role must already be saved on the server and it’s data must have been fetched in order to use this method.

Declaration

Objective-C

- (BOOL)getReadAccessForRole:(nonnull PFRole *)role;

Swift

func getReadAccess(for role: PFRole) -> Bool

Parameters


                                role

The name of the role.

Return Value

YES if the role has read access, otherwise NO.


                    
                    
                    -setReadAccess:forRole:

Set whether users belonging to the given role are allowed to read this object.

The role must already be saved on the server and it’s data must have been fetched in order to use this method.

Declaration

Objective-C

- (void)setReadAccess:(BOOL)allowed forRole:(nonnull PFRole *)role;

Swift

func setReadAccess(_ allowed: Bool, for role: PFRole)

Parameters

`allowed`	Whether the given role can read this object.
`role`	The role to assign access.


                    
                    
                    -getWriteAccessForRole:

Get whether users belonging to the given role are allowed to write this object. Even if this returns NO, the role may still be able to write it if a parent role has write access.

The role must already be saved on the server and it’s data must have been fetched in order to use this method.

Declaration

Objective-C

- (BOOL)getWriteAccessForRole:(nonnull PFRole *)role;

Swift

func getWriteAccess(for role: PFRole) -> Bool

Parameters


                                role

The name of the role.

Return Value

YES if the role has write access, otherwise NO.


                    
                    
                    -setWriteAccess:forRole:

Set whether users belonging to the given role are allowed to write this object.

The role must already be saved on the server and it’s data must have been fetched in order to use this method.

Declaration

Objective-C

- (void)setWriteAccess:(BOOL)allowed forRole:(nonnull PFRole *)role;

Swift

func setWriteAccess(_ allowed: Bool, for role: PFRole)

Parameters

`allowed`	Whether the given role can write this object.
`role`	The role to assign access.

Setting Access Defaults


                    
                    
                    +setDefaultACL:withAccessForCurrentUser:

Sets a default ACL that will be applied to all instances of PFObject when they are created.

If NO, the provided acl will be used without modification.
If acl is nil, this value is ignored.

Declaration

Objective-C

+ (void)setDefaultACL:(nullable PFACL *)acl
    withAccessForCurrentUser:(BOOL)currentUserAccess;

Swift

class func setDefault(_ acl: PFACL?, withAccessForCurrentUser currentUserAccess: Bool)

Parameters

`acl`	The ACL to use as a template for all instance of `PFObject` created after this method has been called. This value will be copied and used as a template for the creation of new ACLs, so changes to the instance after this method has been called will not be reflected in new instance of `PFObject`.
`currentUserAccess`	- If `YES`, the `PFACL` that is applied to newly-created instance of `PFObject` will provide read and write access to the `PFUser.+currentUser` at the time of creation.