Merge branch 'android-installation-duplicate-token-test' into installation-handling-fix

2016-02-26 21:10:14 -05:00
parent c9d4f7693d aee968a853
commit 02b56def6d
13 changed files with 225 additions and 22 deletions
--- a/src/RestWrite.js
+++ b/src/RestWrite.js
@@ -59,6 +59,8 @@ function RestWrite(config, auth, className, query, data, originalData) {
 RestWrite.prototype.execute = function() {
  return Promise.resolve().then(() => {
    return this.getUserAndRoleACL();
+  }).then(() => {
+    return this.validateClientClassCreation();
  }).then(() => {
    return this.validateSchema();
  }).then(() => {
@@ -105,6 +107,25 @@ RestWrite.prototype.getUserAndRoleACL = function() {
  }
 };

+// Validates this operation against the allowClientClassCreation config.
+RestWrite.prototype.validateClientClassCreation = function() {
+  if (this.config.allowClientClassCreation === false && !this.auth.isMaster) {
+    return this.config.database.loadSchema().then((schema) => {
+      return schema.hasClass(this.className)
+    }).then((hasClass) => {
+      if (hasClass === true) {
+        return Promise.resolve();
+      }
+
+      throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
+                            'This user is not allowed to access ' +
+                            'non-existent class: ' + this.className);
+    });
+  } else {
+    return Promise.resolve();
+  }
+};
+
 // Validates this operation against the schema.
 RestWrite.prototype.validateSchema = function() {
  return this.config.database.validateObject(this.className, this.data, this.query);
@@ -176,7 +197,7 @@ RestWrite.prototype.validateAuthData = function() {
    }
  }

-  if (!this.data.authData) {
+  if (!this.data.authData || !Object.keys(this.data.authData).length) {
    return;
  }