Protected fields pointer-permissions support (#5951)

* moved whitelisting of own user to remove conflict with custom classes and * permission * added new pointer-perm regex to permissions * added pointer-permissions support * added tests * fixed typo * fixed typo 2 * added tests using find operation * renamed protectedFields pointerPerm to userField * decoupled readUserFields from CLP and removed readUser from protectedFields before querying * updated tests
2019-08-22 21:01:50 +02:00
parent 6ed0a2289a
commit 2b1c591cb7
3 changed files with 706 additions and 23 deletions
--- a/src/Controllers/SchemaController.js
+++ b/src/Controllers/SchemaController.js
@@ -177,6 +177,8 @@ const volatileClasses = Object.freeze([
 const userIdRegex = /^[a-zA-Z0-9]{10}$/;
 // Anything that start with role
 const roleRegex = /^role:.*/;
+// Anything that starts with userField
+const pointerPermissionRegex = /^userField:.*/;
 // * permission
 const publicRegex = /^\*$/;

@@ -185,6 +187,7 @@ const requireAuthenticationRegex = /^requiresAuthentication$/;
 const permissionKeyRegex = Object.freeze([
  userIdRegex,
  roleRegex,
+  pointerPermissionRegex,
  publicRegex,
  requireAuthenticationRegex,
 ]);
@@ -906,10 +909,15 @@ export default class SchemaController {
          let defaultValueType = getType(fieldType.defaultValue);
          if (typeof defaultValueType === 'string') {
            defaultValueType = { type: defaultValueType };
-          } else if (typeof defaultValueType === 'object' && fieldType.type === 'Relation') {
+          } else if (
+            typeof defaultValueType === 'object' &&
+            fieldType.type === 'Relation'
+          ) {
            return {
              code: Parse.Error.INCORRECT_TYPE,
-              error: `The 'default value' option is not applicable for ${typeToString(fieldType)}`
+              error: `The 'default value' option is not applicable for ${typeToString(
+                fieldType
+              )}`,
            };
          }
          if (!dbTypeMatchesObjectType(fieldType, defaultValueType)) {
@@ -924,7 +932,9 @@ export default class SchemaController {
          if (typeof fieldType === 'object' && fieldType.type === 'Relation') {
            return {
              code: Parse.Error.INCORRECT_TYPE,
-              error: `The 'required' option is not applicable for ${typeToString(fieldType)}`
+              error: `The 'required' option is not applicable for ${typeToString(
+                fieldType
+              )}`,
            };
          }
        }