Added array support for pointer-permissions (#5921)

* added array support for pointer permissions

* added tests for array support for pointer permissions

* Postgres fix

* simplify PG, no idea why this works

src/Controllers/DatabaseController.js

@@ -1482,23 +1482,23 @@ class DatabaseController {
       };
 
       const permFields = perms[field];
-      const ors = permFields.map(key => {
+      const ors = permFields.flatMap(key => {
+        // constraint for single pointer setup
         const q = {
           [key]: userPointer,
         };
+        // constraint for users-array setup
+        const qa = {
+          [key]: { $all: [userPointer] },
+        };
         // if we already have a constraint on the key, use the $and
         if (Object.prototype.hasOwnProperty.call(query, key)) {
-          return { $and: [q, query] };
+          return [{ $and: [q, query] }, { $and: [qa, query] }];
         }
         // otherwise just add the constaint
-        return Object.assign({}, query, {
-          [`${key}`]: userPointer,
-        });
+        return [Object.assign({}, query, q), Object.assign({}, query, qa)];
       });
-      if (ors.length > 1) {
-        return { $or: ors };
-      }
-      return ors[0];
+      return { $or: ors };
     } else {
       return query;
     }

src/Controllers/SchemaController.js

@@ -238,9 +238,12 @@ function validateCLP(perms: ClassLevelPermissions, fields: SchemaFields) {
       } else {
         perms[operation].forEach(key => {
           if (
-            !fields[key] ||
-            fields[key].type != 'Pointer' ||
-            fields[key].targetClass != '_User'
+            !(
+              fields[key] &&
+              ((fields[key].type == 'Pointer' &&
+                fields[key].targetClass == '_User') ||
+                fields[key].type == 'Array')
+            )
           ) {
             throw new Parse.Error(
               Parse.Error.INVALID_JSON,