requiresAuthentication is self-sufficient for ACL's (#3784)

* Adds test to reproduce issue #3753 * Consider requiresAuthentication as the same level as other CLP * Better testing
2017-05-11 11:09:06 -04:00
parent 877ef78b5e
commit 10c7cb0bfa
2 changed files with 56 additions and 5 deletions
--- a/src/Controllers/SchemaController.js
+++ b/src/Controllers/SchemaController.js
@@ -813,11 +813,9 @@ export default class SchemaController {
        throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
        'Permission denied, user needs to be authenticated.');
      }
-      // no other CLP than requiresAuthentication
-      // let's resolve that!
-      if (Object.keys(perms).length == 1) {
-        return Promise.resolve();
-      }
+      // requiresAuthentication passed, just move forward
+      // probably would be wise at some point to rename to 'authenticatedUser'
+      return Promise.resolve();
    }

    // No matching CLP, let's check the Pointer permissions