joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix checking existent class for allowClientClassCreation (#2051)

Browse Source
This commit is contained in:
Marco Cheung
2016-06-14 00:21:52 +08:00
committed by Drew
parent 2cc1b0cfa9
commit 0ec78d478b
4 changed files with 49 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
spec/RestCreate.spec.js
View File

@@ -91,6 +91,21 @@ describe('rest create', () => {
});
});
it('handles create on existent class when disabled client class creation', (done) => {
var customConfig = Object.assign({}, config, {allowClientClassCreation: false});
config.database.loadSchema()
.then(schema => schema.addClassIfNotExists('ClientClassCreation', {}))
.then(actualSchema => {
expect(actualSchema.className).toEqual('ClientClassCreation');
return rest.create(customConfig, auth.nobody(customConfig), 'ClientClassCreation', {});
})
.then(() => {
done();
}, err => {
fail('Should not throw error')
});
});
it('handles user signup', (done) => {
var user = {
username: 'asdf',

16
spec/RestQuery.spec.js
View File

@@ -145,6 +145,22 @@ describe('rest query', () => {
});
});
it('query existent class when disabled client class creation', (done) => {
var customConfig = Object.assign({}, config, {allowClientClassCreation: false});
config.database.loadSchema()
.then(schema => schema.addClassIfNotExists('ClientClassCreation', {}))
.then(actualSchema => {
expect(actualSchema.className).toEqual('ClientClassCreation');
return rest.find(customConfig, auth.nobody(customConfig), 'ClientClassCreation', {});
})
.then((result) => {
expect(result.results.length).toEqual(0);
done();
}, err => {
fail('Should not throw error')
});
});
it('query with wrongly encoded parameter', (done) => {
rest.create(config, nobody, 'TestParameterEncode', {foo: 'bar'}
).then(() => {

19
src/RestQuery.js
View File

@@ -171,17 +171,16 @@ RestQuery.prototype.redirectClassNameForKey = function() {
// Validates this operation against the allowClientClassCreation config.
RestQuery.prototype.validateClientClassCreation = function() {
let sysClass = SchemaController.systemClasses;
if (this.config.allowClientClassCreation === false && !this.auth.isMaster
&& sysClass.indexOf(this.className) === -1) {
return this.config.database.collectionExists(this.className).then((hasClass) => {
if (hasClass === true) {
return Promise.resolve();
}
throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
'This user is not allowed to access ' +
'non-existent class: ' + this.className);
&& SchemaController.systemClasses.indexOf(this.className) === -1) {
return this.config.database.loadSchema()
.then(schemaController => schemaController.hasClass(this.className))
.then(hasClass => {
if (hasClass !== true) {
throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
'This user is not allowed to access ' +
'non-existent class: ' + this.className);
}
});
} else {
return Promise.resolve();

19
src/RestWrite.js
View File

@@ -114,17 +114,16 @@ RestWrite.prototype.getUserAndRoleACL = function() {
// Validates this operation against the allowClientClassCreation config.
RestWrite.prototype.validateClientClassCreation = function() {
let sysClass = SchemaController.systemClasses;
if (this.config.allowClientClassCreation === false && !this.auth.isMaster
&& sysClass.indexOf(this.className) === -1) {
return this.config.database.collectionExists(this.className).then((hasClass) => {
if (hasClass === true) {
return;
}
throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
'This user is not allowed to access ' +
'non-existent class: ' + this.className);
&& SchemaController.systemClasses.indexOf(this.className) === -1) {
return this.config.database.loadSchema()
.then(schemaController => schemaController.hasClass(this.className))
.then(hasClass => {
if (hasClass !== true) {
throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
'This user is not allowed to access ' +
'non-existent class: ' + this.className);
}
});
} else {
return Promise.resolve();