PFACL

Objective-C

@interface PFACL : NSObject <NSCopying, NSCoding>

Swift

class PFACL : NSObject, NSCopying, NSCoding

The PFACL class is used to control which users can access or modify a particular object. Each PFObject can have its own PFACL. You can grant read and write permissions separately to specific users, to groups of users that belong to roles, or you can grant permissions to “the public” so that, for example, any user could read a particular object but only a particular set of users could write to that object.

Creating an ACL

  • Creates an ACL with no permissions granted.

    Declaration

    Objective-C

    + (nonnull instancetype)ACL;

    Return Value

    Returns a new PFACL.

  • Creates an ACL where only the provided user has access.

    Declaration

    Objective-C

    + (nonnull instancetype)ACLWithUser:(nonnull PFUser *)user;

    Swift

    convenience init(user: PFUser)

    Parameters

    user

    The user to assign access.

Controlling Public Access

  • Controls whether the public is allowed to read this object.

    Declaration

    Objective-C

    @property (nonatomic, assign, unsafe_unretained, readwrite,
              getter=getPublicReadAccess) BOOL publicReadAccess;

    Swift

    var hasPublicReadAccess: Bool { get set }
  • Controls whether the public is allowed to write this object.

    Declaration

    Objective-C

    @property (nonatomic, assign, unsafe_unretained, readwrite,
              getter=getPublicWriteAccess) BOOL publicWriteAccess;

    Swift

    var hasPublicWriteAccess: Bool { get set }

Controlling Access Per-User

  • Set whether the given user id is allowed to read this object.

    Declaration

    Objective-C

    - (void)setReadAccess:(BOOL)allowed forUserId:(nonnull NSString *)userId;

    Swift

    func setReadAccess(_ allowed: Bool, forUserId userId: String)

    Parameters

    allowed

    Whether the given user can write this object.

    userId

    The PFObject.objectId of the user to assign access.

  • Gets whether the given user id is explicitly allowed to read this object. Even if this returns NO, the user may still be able to access it if publicReadAccess returns YES or if the user belongs to a role that has access.

    Declaration

    Objective-C

    - (BOOL)getReadAccessForUserId:(nonnull NSString *)userId;

    Swift

    func getReadAccess(forUserId userId: String) -> Bool

    Parameters

    userId

    The PFObject.objectId of the user for which to retrive access.

    Return Value

    YES if the user with this objectId has explicit read access, otherwise NO.

  • Set whether the given user id is allowed to write this object.

    Declaration

    Objective-C

    - (void)setWriteAccess:(BOOL)allowed forUserId:(nonnull NSString *)userId;

    Swift

    func setWriteAccess(_ allowed: Bool, forUserId userId: String)

    Parameters

    allowed

    Whether the given user can read this object.

    userId

    The PFObject.objectId of the user to assign access.

  • Gets whether the given user id is explicitly allowed to write this object. Even if this returns NO, the user may still be able to write it if publicWriteAccess returns YES or if the user belongs to a role that has access.

    Declaration

    Objective-C

    - (BOOL)getWriteAccessForUserId:(nonnull NSString *)userId;

    Swift

    func getWriteAccess(forUserId userId: String) -> Bool

    Parameters

    userId

    The PFObject.objectId of the user for which to retrive access.

    Return Value

    YES if the user with this PFObject.objectId has explicit write access, otherwise NO.

  • Set whether the given user is allowed to read this object.

    Declaration

    Objective-C

    - (void)setReadAccess:(BOOL)allowed forUser:(nonnull PFUser *)user;

    Swift

    func setReadAccess(_ allowed: Bool, for user: PFUser)

    Parameters

    allowed

    Whether the given user can read this object.

    user

    The user to assign access.

  • Gets whether the given user is explicitly allowed to read this object. Even if this returns NO, the user may still be able to access it if publicReadAccess returns YES or if the user belongs to a role that has access.

    Declaration

    Objective-C

    - (BOOL)getReadAccessForUser:(nonnull PFUser *)user;

    Swift

    func getReadAccess(for user: PFUser) -> Bool

    Parameters

    user

    The user for which to retrive access.

    Return Value

    YES if the user has explicit read access, otherwise NO.

  • Set whether the given user is allowed to write this object.

    Declaration

    Objective-C

    - (void)setWriteAccess:(BOOL)allowed forUser:(nonnull PFUser *)user;

    Swift

    func setWriteAccess(_ allowed: Bool, for user: PFUser)

    Parameters

    allowed

    Whether the given user can write this object.

    user

    The user to assign access.

  • Gets whether the given user is explicitly allowed to write this object. Even if this returns NO, the user may still be able to write it if publicWriteAccess returns YES or if the user belongs to a role that has access.

    Declaration

    Objective-C

    - (BOOL)getWriteAccessForUser:(nonnull PFUser *)user;

    Swift

    func getWriteAccess(for user: PFUser) -> Bool

    Parameters

    user

    The user for which to retrive access.

    Return Value

    YES if the user has explicit write access, otherwise NO.

Controlling Access Per-Role

  • Get whether users belonging to the role with the given name are allowed to read this object. Even if this returns NO, the role may still be able to read it if a parent role has read access.

    Declaration

    Objective-C

    - (BOOL)getReadAccessForRoleWithName:(nonnull NSString *)name;

    Swift

    func getReadAccessForRole(withName name: String) -> Bool

    Parameters

    name

    The name of the role.

    Return Value

    YES if the role has read access, otherwise NO.

  • Set whether users belonging to the role with the given name are allowed to read this object.

    Declaration

    Objective-C

    - (void)setReadAccess:(BOOL)allowed forRoleWithName:(nonnull NSString *)name;

    Swift

    func setReadAccess(_ allowed: Bool, forRoleWithName name: String)

    Parameters

    allowed

    Whether the given role can read this object.

    name

    The name of the role.

  • Get whether users belonging to the role with the given name are allowed to write this object. Even if this returns NO, the role may still be able to write it if a parent role has write access.

    Declaration

    Objective-C

    - (BOOL)getWriteAccessForRoleWithName:(nonnull NSString *)name;

    Swift

    func getWriteAccessForRole(withName name: String) -> Bool

    Parameters

    name

    The name of the role.

    Return Value

    YES if the role has read access, otherwise NO.

  • Set whether users belonging to the role with the given name are allowed to write this object.

    Declaration

    Objective-C

    - (void)setWriteAccess:(BOOL)allowed forRoleWithName:(nonnull NSString *)name;

    Swift

    func setWriteAccess(_ allowed: Bool, forRoleWithName name: String)

    Parameters

    allowed

    Whether the given role can write this object.

    name

    The name of the role.

  • Get whether users belonging to the given role are allowed to read this object. Even if this returns NO, the role may still be able to read it if a parent role has read access.

    The role must already be saved on the server and it’s data must have been fetched in order to use this method.

    Declaration

    Objective-C

    - (BOOL)getReadAccessForRole:(nonnull PFRole *)role;

    Swift

    func getReadAccess(for role: PFRole) -> Bool

    Parameters

    role

    The name of the role.

    Return Value

    YES if the role has read access, otherwise NO.

  • Set whether users belonging to the given role are allowed to read this object.

    The role must already be saved on the server and it’s data must have been fetched in order to use this method.

    Declaration

    Objective-C

    - (void)setReadAccess:(BOOL)allowed forRole:(nonnull PFRole *)role;

    Swift

    func setReadAccess(_ allowed: Bool, for role: PFRole)

    Parameters

    allowed

    Whether the given role can read this object.

    role

    The role to assign access.

  • Get whether users belonging to the given role are allowed to write this object. Even if this returns NO, the role may still be able to write it if a parent role has write access.

    The role must already be saved on the server and it’s data must have been fetched in order to use this method.

    Declaration

    Objective-C

    - (BOOL)getWriteAccessForRole:(nonnull PFRole *)role;

    Swift

    func getWriteAccess(for role: PFRole) -> Bool

    Parameters

    role

    The name of the role.

    Return Value

    YES if the role has write access, otherwise NO.

  • Set whether users belonging to the given role are allowed to write this object.

    The role must already be saved on the server and it’s data must have been fetched in order to use this method.

    Declaration

    Objective-C

    - (void)setWriteAccess:(BOOL)allowed forRole:(nonnull PFRole *)role;

    Swift

    func setWriteAccess(_ allowed: Bool, for role: PFRole)

    Parameters

    allowed

    Whether the given role can write this object.

    role

    The role to assign access.

Setting Access Defaults

  • Sets a default ACL that will be applied to all instances of PFObject when they are created.

    • If NO, the provided acl will be used without modification.
    • If acl is nil, this value is ignored.

    Declaration

    Objective-C

    + (void)setDefaultACL:(nullable PFACL *)acl
        withAccessForCurrentUser:(BOOL)currentUserAccess;

    Swift

    class func setDefault(_ acl: PFACL?, withAccessForCurrentUser currentUserAccess: Bool)

    Parameters

    acl

    The ACL to use as a template for all instance of PFObject created after this method has been called. This value will be copied and used as a template for the creation of new ACLs, so changes to the instance after this method has been called will not be reflected in new instance of PFObject.

    currentUserAccess

    - If YES, the PFACL that is applied to newly-created instance of PFObject will provide read and write access to the PFUser.+currentUser at the time of creation.