Merge pull request #374 from flessard/user-roles
Fix : User Roles not added to create, update or delete calls
This commit is contained in:
Fosco Marotto
@@ -49,7 +49,7 @@ describe('Parse Role testing', () => {
|
||||
}).then((x) => {
|
||||
x.set('foo', 'baz');
|
||||
// This should fail:
|
||||
return x.save();
|
||||
return x.save({},{sessionToken: ""});
|
||||
}).then((x) => {
|
||||
fail('Should not have been able to save.');
|
||||
}, (e) => {
|
||||
|
||||
@@ -80,7 +80,7 @@ Auth.prototype.getUserRoles = function() {
|
||||
return Promise.resolve(this.userRoles);
|
||||
}
|
||||
if (this.rolePromise) {
|
||||
return rolePromise;
|
||||
return this.rolePromise;
|
||||
}
|
||||
this.rolePromise = this._loadRoles();
|
||||
return this.rolePromise;
|
||||
|
||||
@@ -27,6 +27,7 @@ function RestWrite(config, auth, className, query, data, originalData) {
|
||||
this.auth = auth;
|
||||
this.className = className;
|
||||
this.storage = {};
|
||||
this.runOptions = {};
|
||||
|
||||
if (!query && data.objectId) {
|
||||
throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, 'objectId ' +
|
||||
@@ -66,6 +67,8 @@ function RestWrite(config, auth, className, query, data, originalData) {
|
||||
// status and location are optional.
|
||||
RestWrite.prototype.execute = function() {
|
||||
return Promise.resolve().then(() => {
|
||||
return this.getUserAndRoleACL();
|
||||
}).then(() => {
|
||||
return this.validateSchema();
|
||||
}).then(() => {
|
||||
return this.handleInstallation();
|
||||
@@ -88,6 +91,25 @@ RestWrite.prototype.execute = function() {
|
||||
});
|
||||
};
|
||||
|
||||
// Uses the Auth object to get the list of roles, adds the user id
|
||||
RestWrite.prototype.getUserAndRoleACL = function() {
|
||||
if (this.auth.isMaster) {
|
||||
return Promise.resolve();
|
||||
}
|
||||
|
||||
this.runOptions.acl = ['*'];
|
||||
|
||||
if( this.auth.user ){
|
||||
return this.auth.getUserRoles().then((roles) => {
|
||||
roles.push(this.auth.user.id);
|
||||
this.runOptions.acl = this.runOptions.acl.concat(roles);
|
||||
return Promise.resolve();
|
||||
});
|
||||
}else{
|
||||
return Promise.resolve();
|
||||
}
|
||||
};
|
||||
|
||||
// Validates this operation against the schema.
|
||||
RestWrite.prototype.validateSchema = function() {
|
||||
return this.config.database.validateObject(this.className, this.data);
|
||||
@@ -690,18 +712,10 @@ RestWrite.prototype.runDatabaseOperation = function() {
|
||||
throw new Parse.Error(Parse.Error.INVALID_ACL, 'Invalid ACL.');
|
||||
}
|
||||
|
||||
var options = {};
|
||||
if (!this.auth.isMaster) {
|
||||
options.acl = ['*'];
|
||||
if (this.auth.user) {
|
||||
options.acl.push(this.auth.user.id);
|
||||
}
|
||||
}
|
||||
|
||||
if (this.query) {
|
||||
// Run an update
|
||||
return this.config.database.update(
|
||||
this.className, this.query, this.data, options).then((resp) => {
|
||||
this.className, this.query, this.data, this.runOptions).then((resp) => {
|
||||
this.response = resp;
|
||||
this.response.updatedAt = this.updatedAt;
|
||||
});
|
||||
@@ -714,7 +728,7 @@ RestWrite.prototype.runDatabaseOperation = function() {
|
||||
this.data.ACL = ACL;
|
||||
}
|
||||
// Run a create
|
||||
return this.config.database.create(this.className, this.data, options)
|
||||
return this.config.database.create(this.className, this.data, this.runOptions)
|
||||
.then(() => {
|
||||
var resp = {
|
||||
objectId: this.data.objectId,
|
||||
|
||||
@@ -56,12 +56,19 @@ function del(config, auth, className, objectId) {
|
||||
});
|
||||
}
|
||||
return Promise.resolve({});
|
||||
}).then(() => {
|
||||
if (!auth.isMaster) {
|
||||
return auth.getUserRoles();
|
||||
}else{
|
||||
return Promise.resolve();
|
||||
}
|
||||
}).then(() => {
|
||||
var options = {};
|
||||
if (!auth.isMaster) {
|
||||
options.acl = ['*'];
|
||||
if (auth.user) {
|
||||
options.acl.push(auth.user.id);
|
||||
options.acl = options.acl.concat(auth.userRoles);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user