Mobile Services from Windows Azure - Data Store and custom script(part 3)

Part 2
In last post we saw how we can create a table using Mobile Services to store GPS position. We discover how we can setup who can make each CRUD operation on our table.
In this post we will continue to see how we can write data and retrieves data from our table. We already created an instance of MobileServiceClient. From this service we will need to retrieve an instance to our table using GetTable method. After we have a reference to our table (IMobileServiceTable) we will be able to execute any kind of request over our table:

IMobileServiceTable tableService = mobileServiceClient.GetTable<Location>();
await tableService.InsertAsync(location);
await tableService.Select(l=> { … });
await tableService.UpdateAsync(location);

I think that you already notified that all the methods are async. Also, you don’t need to manual create a new instance of the IMobileServiceTable. This is handled by the Mobile Services component automatically.
Do you remember how we setup our table? Only authenticate users will be able to execute any kind of action. Because of this we will need to add the authentication mechanism also.
Don’t be afraid, the authentication step is very simple. This mechanism is already implemented by Mobile Services; we only need to call a method that will make the entire job for us. In this moment we have 4 identifier providers that are supported (Google, Facebook, Twitter, Windows Live). You cannot add custom providers in this moment.
await mobileServiceClient.LoginAsync(MobileServiceAuthenticationProvider.Facebook);
Calling this method will display to the user the authentication dialog. We don’t need to do anything more than this. When the authentication failed an “InvalidOperationException” will be throw. We can catch this exception and do any kind of action we want.
After this step we will be able to access user information using CurrentUser property of MobileServiceClient. Each request that is made to our table will contain a parameter named ‘user’ with user information. 
We don’t want to permit users to see location of other users. To be able to restrict access of users we will need to define a script. On each CRUD operation over tables from Windows Azure Mobile Services we can define a custom script that will be called before each request will be executed. In this script we can define almost any kind of action we want.
An interesting part of these scripts is the programing language that needs to be used – JavaScript. This is a great think from the development perspective, because you don’t need to know C# or F# to be able to work with these scripts. The script can be added from the management portal and even ad we will have support for intellisense. A lot of libraries from NodeJS are supported. You will not be able to add reference to your own libraries, but you can define your own method. I great think that can be done is the support of calling remote services.
At this step we need to define a custom script for the insert operation. We will add another column to our table that will contains the id of the user. This action will be done from the script because we don’t want client to be able to hack their id.

function insert(item, user, request) {
  item.userId = user.userId;   
  request.execute();
}

As you can see this step is extremely simple.The second parameter is send each time, even if the user is not login and contain the user information. The table will contain a column named userId with the id of the user.
When someone will do a query we want to retrieve items of the user that make the request. To be able to do this, on the read operation of a table we will add to the query a condition that will retrieve items of the current user.

function read(query, user, request) {
   query.where({ userId: user.userId });   
   request.execute();
}

In this moment we saw how we can execute request over tables from Windows Azure Mobile Services, how we can define custom action over them.