AVACL Class Reference

Inherits from NSObject
Conforms to NSCopying
Declared in AVACL.h

Overview

A AVACL is used to control which users can access or modify a particular object. Each AVObject can have its own AVACL. You can grant read and write permissions separately to specific users, to groups of users that belong to roles, or you can grant permissions to “the public” so that, for example, any user could read a particular object but only a particular set of users could write to that object.

Creating an ACL

+ ACL

Creates an ACL with no permissions granted.

+ (instancetype)ACL

Discussion

Creates an ACL with no permissions granted.

Declared In

AVACL.h

+ ACLWithUser:

Creates an ACL where only the provided user has access.

+ (instancetype)ACLWithUser:(AVUser *)user

Parameters

user

the AVUser

Discussion

Creates an ACL where only the provided user has access.

Declared In

AVACL.h

Controlling Public Access

– setPublicReadAccess:

Set whether the public is allowed to read this object.

- (void)setPublicReadAccess:(BOOL)allowed

Parameters

allowed

allowed or not

Discussion

Set whether the public is allowed to read this object.

Declared In

AVACL.h

– getPublicReadAccess

Gets whether the public is allowed to read this object.

- (BOOL)getPublicReadAccess

Discussion

Gets whether the public is allowed to read this object.

Declared In

AVACL.h

– setPublicWriteAccess:

Set whether the public is allowed to write this object.

- (void)setPublicWriteAccess:(BOOL)allowed

Parameters

allowed

allowed or not

Discussion

Set whether the public is allowed to write this object.

Declared In

AVACL.h

– getPublicWriteAccess

Gets whether the public is allowed to write this object.

- (BOOL)getPublicWriteAccess

Discussion

Gets whether the public is allowed to write this object.

Declared In

AVACL.h

Controlling Access Per-User

– setReadAccess:forUserId:

Set whether the given user id is allowed to read this object.

- (void)setReadAccess:(BOOL)allowed forUserId:(NSString *)userId

Parameters

allowed

allowed or not

userId

the AVUser’s objectId

Discussion

Set whether the given user id is allowed to read this object.

Declared In

AVACL.h

– getReadAccessForUserId:

Gets whether the given user id is explicitly allowed to read this object. Even if this returns NO, the user may still be able to access it if getPublicReadAccess returns YES or if the user belongs to a role that has access.

- (BOOL)getReadAccessForUserId:(NSString *)userId

Parameters

userId

the AVUser’s objectId

Discussion

Gets whether the given user id is explicitly allowed to read this object. Even if this returns NO, the user may still be able to access it if getPublicReadAccess returns YES or if the user belongs to a role that has access.

Declared In

AVACL.h

– setWriteAccess:forUserId:

Set whether the given user id is allowed to write this object.

- (void)setWriteAccess:(BOOL)allowed forUserId:(NSString *)userId

Parameters

allowed

allowed or not

userId

the AVUser’s objectId

Discussion

Set whether the given user id is allowed to write this object.

Declared In

AVACL.h

– getWriteAccessForUserId:

Gets whether the given user id is explicitly allowed to write this object. Even if this returns NO, the user may still be able to write it if getPublicWriteAccess returns YES or if the user belongs to a role that has access.

- (BOOL)getWriteAccessForUserId:(NSString *)userId

Parameters

userId

the AVUser’s objectId

Discussion

Gets whether the given user id is explicitly allowed to write this object. Even if this returns NO, the user may still be able to write it if getPublicWriteAccess returns YES or if the user belongs to a role that has access.

Declared In

AVACL.h

– setReadAccess:forUser:

Set whether the given user is allowed to read this object.

- (void)setReadAccess:(BOOL)allowed forUser:(AVUser *)user

Parameters

allowed

allowed or not

user

the AVUser

Discussion

Set whether the given user is allowed to read this object.

Declared In

AVACL.h

– getReadAccessForUser:

Gets whether the given user is explicitly allowed to read this object. Even if this returns NO, the user may still be able to access it if getPublicReadAccess returns YES or if the user belongs to a role that has access.

- (BOOL)getReadAccessForUser:(AVUser *)user

Parameters

user

the AVUser

Discussion

Gets whether the given user is explicitly allowed to read this object. Even if this returns NO, the user may still be able to access it if getPublicReadAccess returns YES or if the user belongs to a role that has access.

Declared In

AVACL.h

– setWriteAccess:forUser:

Set whether the given user is allowed to write this object.

- (void)setWriteAccess:(BOOL)allowed forUser:(AVUser *)user

Parameters

allowed

allowed or not

user

the AVUser

Discussion

Set whether the given user is allowed to write this object.

Declared In

AVACL.h

– getWriteAccessForUser:

Gets whether the given user is explicitly allowed to write this object. Even if this returns NO, the user may still be able to write it if getPublicWriteAccess returns YES or if the user belongs to a role that has access.

- (BOOL)getWriteAccessForUser:(AVUser *)user

Parameters

user

the AVUser

Discussion

Gets whether the given user is explicitly allowed to write this object. Even if this returns NO, the user may still be able to write it if getPublicWriteAccess returns YES or if the user belongs to a role that has access.

Declared In

AVACL.h

Controlling Access Per-Role

– getReadAccessForRoleWithName:

Get whether users belonging to the role with the given name are allowed to read this object. Even if this returns false, the role may still be able to read it if a parent role has read access.

- (BOOL)getReadAccessForRoleWithName:(NSString *)name

Parameters

name

The name of the role.

Return Value

YES if the role has read access. NO otherwise.

Discussion

Get whether users belonging to the role with the given name are allowed to read this object. Even if this returns false, the role may still be able to read it if a parent role has read access.

Declared In

AVACL.h

– setReadAccess:forRoleWithName:

Set whether users belonging to the role with the given name are allowed to read this object.

- (void)setReadAccess:(BOOL)allowed forRoleWithName:(NSString *)name

Parameters

allowed

Whether the given role can read this object.

name

The name of the role.

Discussion

Set whether users belonging to the role with the given name are allowed to read this object.

Declared In

AVACL.h

– getWriteAccessForRoleWithName:

Get whether users belonging to the role with the given name are allowed to write this object. Even if this returns false, the role may still be able to write it if a parent role has write access.

- (BOOL)getWriteAccessForRoleWithName:(NSString *)name

Parameters

name

The name of the role.

Return Value

YES if the role has read access. NO otherwise.

Discussion

Get whether users belonging to the role with the given name are allowed to write this object. Even if this returns false, the role may still be able to write it if a parent role has write access.

Declared In

AVACL.h

– setWriteAccess:forRoleWithName:

Set whether users belonging to the role with the given name are allowed to write this object.

- (void)setWriteAccess:(BOOL)allowed forRoleWithName:(NSString *)name

Parameters

allowed

Whether the given role can write this object.

name

The name of the role.

Discussion

Set whether users belonging to the role with the given name are allowed to write this object.

Declared In

AVACL.h

– getReadAccessForRole:

Get whether users belonging to the given role are allowed to read this object. Even if this returns NO, the role may still be able to read it if a parent role has read access. The role must already be saved on the server and its data must have been fetched in order to use this method.

- (BOOL)getReadAccessForRole:(AVRole *)role

Parameters

role

the given role

Return Value

YES if the role has read access. NO otherwise.

Discussion

Get whether users belonging to the given role are allowed to read this object. Even if this returns NO, the role may still be able to read it if a parent role has read access. The role must already be saved on the server and its data must have been fetched in order to use this method.

Declared In

AVACL.h

– setReadAccess:forRole:

Set whether users belonging to the given role are allowed to read this object. The role must already be saved on the server and its data must have been fetched in order to use this method.

- (void)setReadAccess:(BOOL)allowed forRole:(AVRole *)role

Parameters

allowed

Whether the given role can read this object.

role

The role to assign access.

Discussion

Set whether users belonging to the given role are allowed to read this object. The role must already be saved on the server and its data must have been fetched in order to use this method.

Declared In

AVACL.h

– getWriteAccessForRole:

Get whether users belonging to the given role are allowed to write this object. Even if this returns NO, the role may still be able to write it if a parent role has write access. The role must already be saved on the server and its data must have been fetched in order to use this method.

- (BOOL)getWriteAccessForRole:(AVRole *)role

Parameters

role

the given role

Return Value

YES if the role has write access. NO otherwise.

Discussion

Get whether users belonging to the given role are allowed to write this object. Even if this returns NO, the role may still be able to write it if a parent role has write access. The role must already be saved on the server and its data must have been fetched in order to use this method.

Declared In

AVACL.h

– setWriteAccess:forRole:

Set whether users belonging to the given role are allowed to write this object. The role must already be saved on the server and its data must have been fetched in order to use this method.

- (void)setWriteAccess:(BOOL)allowed forRole:(AVRole *)role

Parameters

allowed

Whether the given role can write this object.

role

The role to assign access.

Discussion

Set whether users belonging to the given role are allowed to write this object. The role must already be saved on the server and its data must have been fetched in order to use this method.

Declared In

AVACL.h

Setting Access Defaults

+ setDefaultACL:withAccessForCurrentUser:

Sets a default ACL that will be applied to all AVObjects when they are created.

+ (void)setDefaultACL:(AVACL *)acl withAccessForCurrentUser:(BOOL)currentUserAccess

Parameters

acl

The ACL to use as a template for all AVObjects created after setDefaultACL has been called. This value will be copied and used as a template for the creation of new ACLs, so changes to the instance after setDefaultACL has been called will not be reflected in new AVObjects.

currentUserAccess

If true, the AVACL that is applied to newly-created AVObjects will provide read and write access to the currentUser at the time of creation. If false, the provided ACL will be used without modification. If acl is nil, this value is ignored.

Discussion

Sets a default ACL that will be applied to all AVObjects when they are created.

Declared In

AVACL.h