joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

GraphQL: ACL (#5957)

Browse Source 
* Spec

Fix Spec

* Add ACL Type + Input

* Improvements

* Fix
This commit is contained in:
Antoine Cormouls
2019-10-02 06:47:56 +02:00
committed by Antonio Davi Macedo Coelho de Castro
parent 9cf3b52bef
commit 2290145e82
10 changed files with 465 additions and 187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

173
spec/ParseGraphQLServer.spec.js
View File

@@ -5829,6 +5829,179 @@ describe('ParseGraphQLServer', () => {
expect(schema.fields.updatedAt.type).toEqual('Date');
});
it('should support ACL', async () => {
const someClass = new Parse.Object('SomeClass');
await someClass.save();
const user = new Parse.User();
user.set('username', 'username');
user.set('password', 'password');
await user.signUp();
const user2 = new Parse.User();
user2.set('username', 'username2');
user2.set('password', 'password2');
await user2.signUp();
const roleACL = new Parse.ACL();
roleACL.setPublicReadAccess(true);
const role = new Parse.Role('aRole', roleACL);
await role.save();
const role2 = new Parse.Role('aRole2', roleACL);
await role2.save();
await parseGraphQLServer.parseGraphQLSchema.databaseController.schemaCache.clear();
const {
data: { createSomeClass },
} = await apolloClient.mutate({
mutation: gql`
mutation Create($fields: CreateSomeClassFieldsInput) {
createSomeClass(fields: $fields) {
id
ACL {
users {
userId
read
write
}
roles {
roleName
read
write
}
public {
read
write
}
}
}
}
`,
variables: {
fields: {
ACL: {
users: [
{ userId: user.id, read: true, write: true },
{ userId: user2.id, read: true, write: false },
],
roles: [
{ roleName: 'aRole', read: true, write: false },
{ roleName: 'aRole2', read: false, write: true },
],
public: { read: true, write: true },
},
},
},
});
const expectedCreateACL = {
__typename: 'ACL',
users: [
{
userId: user.id,
read: true,
write: true,
__typename: 'UserACL',
},
{
userId: user2.id,
read: true,
write: false,
__typename: 'UserACL',
},
],
roles: [
{
roleName: 'aRole',
read: true,
write: false,
__typename: 'RoleACL',
},
{
roleName: 'aRole2',
read: false,
write: true,
__typename: 'RoleACL',
},
],
public: { read: true, write: true, __typename: 'PublicACL' },
};
const query1 = new Parse.Query('SomeClass');
const obj1 = (await query1.get(createSomeClass.id, {
useMasterKey: true,
})).toJSON();
expect(obj1.ACL[user.id]).toEqual({ read: true, write: true });
expect(obj1.ACL[user2.id]).toEqual({ read: true });
expect(obj1.ACL['role:aRole']).toEqual({ read: true });
expect(obj1.ACL['role:aRole2']).toEqual({ write: true });
expect(obj1.ACL['*']).toEqual({ read: true, write: true });
expect(createSomeClass.ACL).toEqual(expectedCreateACL);
const {
data: { updateSomeClass },
} = await apolloClient.mutate({
mutation: gql`
mutation Update($id: ID!, $fields: UpdateSomeClassFieldsInput) {
updateSomeClass(id: $id, fields: $fields) {
id
ACL {
users {
userId
read
write
}
roles {
roleName
read
write
}
public {
read
write
}
}
}
}
`,
variables: {
id: createSomeClass.id,
fields: {
ACL: {
roles: [{ roleName: 'aRole', write: true, read: true }],
public: { read: true, write: false },
},
},
},
});
const expectedUpdateACL = {
__typename: 'ACL',
users: null,
roles: [
{
roleName: 'aRole',
read: true,
write: true,
__typename: 'RoleACL',
},
],
public: { read: true, write: false, __typename: 'PublicACL' },
};
const query2 = new Parse.Query('SomeClass');
const obj2 = (await query2.get(createSomeClass.id, {
useMasterKey: true,
})).toJSON();
expect(obj2.ACL['role:aRole']).toEqual({ write: true, read: true });
expect(obj2.ACL[user.id]).toBeUndefined();
expect(obj2.ACL['*']).toEqual({ read: true });
expect(updateSomeClass.ACL).toEqual(expectedUpdateACL);
});
it('should support pointer on create', async () => {
const company = new Parse.Object('Company');
company.set('name', 'imACompany1');