Open
Description
New Feature / Enhancement Checklist
- I am not disclosing a vulnerability.
- I am not just asking a question.
- I have searched through existing issues.
Current Limitation
- Parse Dashboard users are hard coded and separate from Parse Server managed users in
_Users. - A dashboard user executes requests with the master key.
Feature / Enhancement Description
Allow log-in to Parse Dashboard with Parse Server managed user from _User class.
In combination with server side storage (#2555), user specific feature access can also be related to users. For example a user may (not) be allowed to access Parse Job Status or send a Push notification from Parse Dashboard.
There are also other feature suggestions where Parse Server plays a more integrated role with Parse Dashboard:
- FR: Specify FeaturesRouter per user #1618
- Store user data on account so it's available across different browsers #1744
This suggests that the integration of Parse Server is a strategically meaningful direction. At some point in the future, Parse Dashboard should be treated as "just another client app" without requiring the user of master key.
Example Use Case
- Whether a user should be able to log into dashboard can be restricted in the Cloud Code beforeLogin trigger, based on the client ID (which the dashboard should send) and the user. For example, every user that is member of a specific
_Rolecan be allowed to log in from that client. However, such a restriction is not significant anymore, since a user only has the permissions assigned to them and is not using the master key anymore.
Alternatives / Workarounds
n/a