joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add default ACL (#8701)

Browse Source
This commit is contained in:
Daniel
2025-03-25 01:15:27 +11:00
committed by GitHub
parent b9917dd734
commit 12b5d781dc
10 changed files with 245 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
spec/MongoSchemaCollectionAdapter.spec.js
View File

@@ -18,6 +18,12 @@ describe('MongoSchemaCollection', () => {
},
_metadata: {
class_permissions: {
ACL: {
'*': {
read: true,
write: true,
},
},
get: { '*': true },
find: { '*': true },
count: { '*': true },
@@ -69,6 +75,12 @@ describe('MongoSchemaCollection', () => {
objectId: { type: 'String' },
},
classLevelPermissions: {
ACL: {
'*': {
read: true,
write: true,
},
},
find: { '*': true },
get: { '*': true },
count: { '*': true },

28
spec/ParseACL.spec.js
View File

@@ -923,4 +923,32 @@ describe('Parse.ACL', () => {
rest.create(config, auth.nobody(config), '_User', anonUser);
});
it('support defaultACL in schema', async () => {
await new Parse.Object('TestObject').save();
const schema = await Parse.Server.database.loadSchema();
await schema.updateClass(
'TestObject',
{},
{
create: {
'*': true,
},
ACL: {
'*': { read: true },
currentUser: { read: true, write: true },
},
}
);
const acls = new Parse.ACL();
acls.setPublicReadAccess(true);
const user = await Parse.User.signUp('testuser', 'p@ssword');
const obj = new Parse.Object('TestObject');
await obj.save(null, { sessionToken: user.getSessionToken() });
expect(obj.getACL()).toBeDefined();
const acl = obj.getACL().toJSON();
expect(acl['*']).toEqual({ read: true });
expect(acl[user.id].write).toBeTrue();
expect(acl[user.id].read).toBeTrue();
});
});

60
spec/Schema.spec.js
View File

@@ -309,6 +309,12 @@ describe('SchemaController', () => {
foo: { type: 'String' },
},
classLevelPermissions: {
ACL: {
'*': {
read: true,
write: true,
},
},
find: { '*': true },
get: { '*': true },
count: { '*': true },
@@ -329,6 +335,12 @@ describe('SchemaController', () => {
it('can update classes without needing an object', done => {
const levelPermissions = {
ACL: {
'*': {
read: true,
write: true,
},
},
find: { '*': true },
get: { '*': true },
count: { '*': true },
@@ -489,6 +501,12 @@ describe('SchemaController', () => {
foo: { type: 'String' },
},
classLevelPermissions: {
ACL: {
'*': {
read: true,
write: true,
},
},
find: { '*': true },
get: { '*': true },
count: { '*': true },
@@ -694,6 +712,12 @@ describe('SchemaController', () => {
it('refuses to add CLP with incorrect find', done => {
const levelPermissions = {
ACL: {
'*': {
read: true,
write: true,
},
},
find: { '*': false },
get: { '*': true },
create: { '*': true },
@@ -717,6 +741,12 @@ describe('SchemaController', () => {
it('refuses to add CLP when incorrectly sending a string to protectedFields object value instead of an array', done => {
const levelPermissions = {
ACL: {
'*': {
read: true,
write: true,
},
},
find: { '*': true },
get: { '*': true },
create: { '*': true },
@@ -785,6 +815,12 @@ describe('SchemaController', () => {
aPolygon: { type: 'Polygon' },
},
classLevelPermissions: {
ACL: {
'*': {
read: true,
write: true,
},
},
find: { '*': true },
get: { '*': true },
count: { '*': true },
@@ -832,6 +868,12 @@ describe('SchemaController', () => {
parseVersion: { type: 'String' },
},
classLevelPermissions: {
ACL: {
'*': {
read: true,
write: true,
},
},
find: { '*': true },
get: { '*': true },
count: { '*': true },
@@ -866,6 +908,12 @@ describe('SchemaController', () => {
roles: { type: 'Relation', targetClass: '_Role' },
},
classLevelPermissions: {
ACL: {
'*': {
read: true,
write: true,
},
},
find: { '*': true },
get: { '*': true },
count: { '*': true },
@@ -900,6 +948,12 @@ describe('SchemaController', () => {
ACL: { type: 'ACL' },
},
classLevelPermissions: {
ACL: {
'*': {
read: true,
write: true,
},
},
find: { '*': true },
get: { '*': true },
count: { '*': true },
@@ -1070,6 +1124,12 @@ describe('SchemaController', () => {
relationField: { type: 'Relation', targetClass: '_User' },
},
classLevelPermissions: {
ACL: {
'*': {
read: true,
write: true,
},
},
find: { '*': true },
get: { '*': true },
count: { '*': true },

6
spec/SchemaPerformance.spec.js
View File

@@ -167,6 +167,12 @@ describe('Schema Performance', function () {
await schema.reloadData();
const levelPermissions = {
ACL: {
'*': {
read: true,
write: true,
},
},
find: { '*': true },
get: { '*': true },
create: { '*': true },

80
spec/schemas.spec.js
View File

@@ -26,6 +26,12 @@ const hasAllPODobject = () => {
};
const defaultClassLevelPermissions = {
ACL: {
'*': {
read: true,
write: true,
},
},
find: {
'*': true,
},
@@ -2058,12 +2064,70 @@ describe('schemas', () => {
},
}).then(fail, response => {
expect(response.data.error).toEqual(
"'1' is not a valid value for class level permissions find:*:1"
"'1' is not a valid value for class level permissions acl find:*"
);
done();
});
});
it('should validate defaultAcl with class level permissions when request is not an object', async () => {
const response = await request({
method: 'POST',
url: 'http://localhost:8378/1/schemas/AClass',
headers: masterKeyHeaders,
json: true,
body: {
classLevelPermissions: {
ACL: {
'*': true,
},
},
},
}).catch(error => error.data);
expect(response.error).toEqual(`'true' is not a valid value for class level permissions acl`);
});
it('should validate defaultAcl with class level permissions when request is an object and invalid key', async () => {
const response = await request({
method: 'POST',
url: 'http://localhost:8378/1/schemas/AClass',
headers: masterKeyHeaders,
json: true,
body: {
classLevelPermissions: {
ACL: {
'*': {
foo: true,
},
},
},
},
}).catch(error => error.data);
expect(response.error).toEqual(`'foo' is not a valid key for class level permissions acl`);
});
it('should validate defaultAcl with class level permissions when request is an object and invalid value', async () => {
const response = await request({
method: 'POST',
url: 'http://localhost:8378/1/schemas/AClass',
headers: masterKeyHeaders,
json: true,
body: {
classLevelPermissions: {
ACL: {
'*': {
read: 1,
},
},
},
},
}).catch(error => error.data);
expect(response.error).toEqual(`'1' is not a valid value for class level permissions acl`);
});
it('should throw if permission is empty string', done => {
request({
method: 'POST',
@@ -2079,7 +2143,7 @@ describe('schemas', () => {
},
}).then(fail, response => {
expect(response.data.error).toEqual(
"'' is not a valid value for class level permissions find:*:"
`'' is not a valid value for class level permissions acl find:*`
);
done();
});
@@ -2690,6 +2754,12 @@ describe('schemas', () => {
setPermissionsOnClass(
'_Role',
{
ACL: {
'*': {
read: true,
write: true,
},
},
get: { '*': true },
find: { '*': true },
count: { '*': true },
@@ -2710,6 +2780,12 @@ describe('schemas', () => {
})
.then(res => {
expect(res.data.classLevelPermissions).toEqual({
ACL: {
'*': {
read: true,
write: true,
},
},
get: { '*': true },
find: { '*': true },
count: { '*': true },