Fix checking existent class for allowClientClassCreation (#2051)
This commit is contained in:
Marco Cheung
Drew
@@ -91,6 +91,21 @@ describe('rest create', () => {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('handles create on existent class when disabled client class creation', (done) => {
|
||||||
|
var customConfig = Object.assign({}, config, {allowClientClassCreation: false});
|
||||||
|
config.database.loadSchema()
|
||||||
|
.then(schema => schema.addClassIfNotExists('ClientClassCreation', {}))
|
||||||
|
.then(actualSchema => {
|
||||||
|
expect(actualSchema.className).toEqual('ClientClassCreation');
|
||||||
|
return rest.create(customConfig, auth.nobody(customConfig), 'ClientClassCreation', {});
|
||||||
|
})
|
||||||
|
.then(() => {
|
||||||
|
done();
|
||||||
|
}, err => {
|
||||||
|
fail('Should not throw error')
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
it('handles user signup', (done) => {
|
it('handles user signup', (done) => {
|
||||||
var user = {
|
var user = {
|
||||||
username: 'asdf',
|
username: 'asdf',
|
||||||
|
|||||||
@@ -145,6 +145,22 @@ describe('rest query', () => {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('query existent class when disabled client class creation', (done) => {
|
||||||
|
var customConfig = Object.assign({}, config, {allowClientClassCreation: false});
|
||||||
|
config.database.loadSchema()
|
||||||
|
.then(schema => schema.addClassIfNotExists('ClientClassCreation', {}))
|
||||||
|
.then(actualSchema => {
|
||||||
|
expect(actualSchema.className).toEqual('ClientClassCreation');
|
||||||
|
return rest.find(customConfig, auth.nobody(customConfig), 'ClientClassCreation', {});
|
||||||
|
})
|
||||||
|
.then((result) => {
|
||||||
|
expect(result.results.length).toEqual(0);
|
||||||
|
done();
|
||||||
|
}, err => {
|
||||||
|
fail('Should not throw error')
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
it('query with wrongly encoded parameter', (done) => {
|
it('query with wrongly encoded parameter', (done) => {
|
||||||
rest.create(config, nobody, 'TestParameterEncode', {foo: 'bar'}
|
rest.create(config, nobody, 'TestParameterEncode', {foo: 'bar'}
|
||||||
).then(() => {
|
).then(() => {
|
||||||
|
|||||||
@@ -171,17 +171,16 @@ RestQuery.prototype.redirectClassNameForKey = function() {
|
|||||||
|
|
||||||
// Validates this operation against the allowClientClassCreation config.
|
// Validates this operation against the allowClientClassCreation config.
|
||||||
RestQuery.prototype.validateClientClassCreation = function() {
|
RestQuery.prototype.validateClientClassCreation = function() {
|
||||||
let sysClass = SchemaController.systemClasses;
|
|
||||||
if (this.config.allowClientClassCreation === false && !this.auth.isMaster
|
if (this.config.allowClientClassCreation === false && !this.auth.isMaster
|
||||||
&& sysClass.indexOf(this.className) === -1) {
|
&& SchemaController.systemClasses.indexOf(this.className) === -1) {
|
||||||
return this.config.database.collectionExists(this.className).then((hasClass) => {
|
return this.config.database.loadSchema()
|
||||||
if (hasClass === true) {
|
.then(schemaController => schemaController.hasClass(this.className))
|
||||||
return Promise.resolve();
|
.then(hasClass => {
|
||||||
}
|
if (hasClass !== true) {
|
||||||
|
throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
|
||||||
throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
|
'This user is not allowed to access ' +
|
||||||
'This user is not allowed to access ' +
|
'non-existent class: ' + this.className);
|
||||||
'non-existent class: ' + this.className);
|
}
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
return Promise.resolve();
|
return Promise.resolve();
|
||||||
|
|||||||
@@ -114,17 +114,16 @@ RestWrite.prototype.getUserAndRoleACL = function() {
|
|||||||
|
|
||||||
// Validates this operation against the allowClientClassCreation config.
|
// Validates this operation against the allowClientClassCreation config.
|
||||||
RestWrite.prototype.validateClientClassCreation = function() {
|
RestWrite.prototype.validateClientClassCreation = function() {
|
||||||
let sysClass = SchemaController.systemClasses;
|
|
||||||
if (this.config.allowClientClassCreation === false && !this.auth.isMaster
|
if (this.config.allowClientClassCreation === false && !this.auth.isMaster
|
||||||
&& sysClass.indexOf(this.className) === -1) {
|
&& SchemaController.systemClasses.indexOf(this.className) === -1) {
|
||||||
return this.config.database.collectionExists(this.className).then((hasClass) => {
|
return this.config.database.loadSchema()
|
||||||
if (hasClass === true) {
|
.then(schemaController => schemaController.hasClass(this.className))
|
||||||
return;
|
.then(hasClass => {
|
||||||
}
|
if (hasClass !== true) {
|
||||||
|
throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
|
||||||
throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
|
'This user is not allowed to access ' +
|
||||||
'This user is not allowed to access ' +
|
'non-existent class: ' + this.className);
|
||||||
'non-existent class: ' + this.className);
|
}
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
return Promise.resolve();
|
return Promise.resolve();
|
||||||
|
|||||||
Reference in New Issue
Block a user