Unauth queries with pointers don't work after Granular CLP pointer permissions #6352

[santiagoprieto]

ISSUE DESCRIPTION

I just upgraded from v 3.10.0 to 4.0.0 and to my surprise the Granular CLP pointer permissions #6352 affected any query from unauthenticated clients where the query.where('x', equalTo: POINTER) was used.

I tried to revert back to 3.10.0 but going to 4.0.0 seemed to change the default CLP pointer permissions. And in the Dashboard it's not letting me add direct CLP pointer permissions for some reason.

.
HELP

1. Do I have no other choice but to add CLP pointer permissions to all objects with pointers?
2. If so, the documentation states like the screenshot below. However, it is unclear to me how and where to add a version of this through iOS, JavaScript, or the Dashboard.
3. How would the permission for querying with pointers for unauthenticated users be integrated in the classLevelPermission?

.
REFERENCE

What changed in #6352 :

What the documentation says:

Where I'm stuck:

{
  classLevelPermissions:
  {
    "find": {
      "requiresAuthentication": false,
      "role:admin": true
    },
    "get": {
      "requiresAuthentication": false,
      "role:admin": true
    },
    "create": {
      "requiresAuthentication": true,
       "role:admin": true
     },
    "update": { 
      "requiresAuthentication": true,
      "role:admin": true
    },
    "delete": { "role:admin": true }
    "pointer???": { ???? }
  }
}

[santiagoprieto]

OMG I just realized that the issue was not that the query had pointers, it was more that it had includeKeys and the keys to include did have requiresAuthentication: True.

So, the CLP works in waterfall manner, which makes total sense.