From 1420df7d7a003a8ce1c3dd68d35bf9624710088c Mon Sep 17 00:00:00 2001
From: awgeorge <code@williamgeorge.co.uk>
Date: Thu, 31 Jan 2019 21:44:24 +0000
Subject: [PATCH] Update based on @milesrichardson comment
 https://github.com/parse-community/parse-server/pull/5334#discussion_r252693409

---
 src/Controllers/DatabaseController.js | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/Controllers/DatabaseController.js b/src/Controllers/DatabaseController.js
index e198bc43..48175002 100644
--- a/src/Controllers/DatabaseController.js
+++ b/src/Controllers/DatabaseController.js
@@ -1432,14 +1432,16 @@ class DatabaseController {
     )
       return null;
 
-    let protectedKeys;
-    [...(auth.userRoles || []), '*'].forEach(role => {
-      // If you are in multiple groups assign the role with the least protectedKeys.
-      // Technically this could fail if multiple roles protect different fields and produce the same count.
-      // But we have no way of knowing the role hierarchy here.
+    let protectedKeys = Object.values(protectedFields).reduce(
+      (acc, val) => acc.concat(val),
+      []
+    ); //.flat();
+    [...(auth.userRoles || [])].forEach(role => {
       const fields = protectedFields[role];
-      if (fields && (!protectedKeys || fields.length < protectedKeys.length)) {
-        protectedKeys = fields;
+      if (fields) {
+        protectedKeys = protectedKeys.filter(
+          value => -1 !== fields.indexOf(value)
+        );
       }
     });