From 3a06117fa13a09aabaf01129efb4eb5f680d4023 Mon Sep 17 00:00:00 2001
From: Fosco Marotto <gfosco@gmail.com>
Date: Sun, 6 Mar 2016 18:26:10 -0800
Subject: [PATCH] Adding a role scenario test for issue 827

---
 spec/ParseRole.spec.js | 79 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)

diff --git a/spec/ParseRole.spec.js b/spec/ParseRole.spec.js
index 1b7fbcca..f48fbf7f 100644
--- a/spec/ParseRole.spec.js
+++ b/spec/ParseRole.spec.js
@@ -197,5 +197,84 @@ describe('Parse Role testing', () => {
       });
   });
 
+  // Based on various scenarios described in issues #827 and #683,
+  it('should properly handle role permissions on objects', (done) => {
+    var user, user2, user3;
+    var role, role2, role3;
+    var obj, obj2;
+
+    var prACL = new Parse.ACL();
+    prACL.setPublicReadAccess(true);
+    var adminACL, superACL, customerACL;
+
+    createTestUser().then((x) => {
+      user = x;
+      user2 = new Parse.User();
+      return user2.save({ username: 'user2', password: 'omgbbq' });
+    }).then((x) => {
+      user3 = new Parse.User();
+      return user3.save({ username: 'user3', password: 'omgbbq' });
+    }).then((x) => {
+      role = new Parse.Role('Admin', prACL);
+      role.getUsers().add(user);
+      return role.save({}, { useMasterKey: true });
+    }).then(() => {
+      adminACL = new Parse.ACL();
+      adminACL.setRoleReadAccess("Admin", true);
+      adminACL.setRoleWriteAccess("Admin", true);
+
+      role2 = new Parse.Role('Super', prACL);
+      role2.getUsers().add(user2);
+      return role2.save({}, { useMasterKey: true });
+    }).then(() => {
+      superACL = new Parse.ACL();
+      superACL.setRoleReadAccess("Super", true);
+      superACL.setRoleWriteAccess("Super", true);
+
+      role.getRoles().add(role2);
+      return role.save({}, { useMasterKey: true });
+    }).then(() => {
+      role3 = new Parse.Role('Customer', prACL);
+      role3.getUsers().add(user3);
+      role3.getRoles().add(role);
+      return role3.save({}, { useMasterKey: true });
+    }).then(() => {
+      customerACL = new Parse.ACL();
+      customerACL.setRoleReadAccess("Customer", true);
+      customerACL.setRoleWriteAccess("Customer", true);
+
+      var query = new Parse.Query('_Role');
+      return query.find({ useMasterKey: true });
+    }).then((x) => {
+      expect(x.length).toEqual(3);
+
+      obj = new Parse.Object('TestObjectRoles');
+      obj.set('ACL', customerACL);
+      return obj.save(null, { useMasterKey: true });
+    }).then(() => {
+      // Above, the Admin role was added to the Customer role.
+      // An object secured by the Customer ACL should be able to be edited by the Admin user.
+      obj.set('changedByAdmin', true);
+      return obj.save(null, { sessionToken: user.getSessionToken() });
+    }).then(() => {
+      obj2 = new Parse.Object('TestObjectRoles');
+      obj2.set('ACL', adminACL);
+      return obj2.save(null, { useMasterKey: true });
+    }, (e) => {
+      fail('Admin user should have been able to save.');
+      done();
+    }).then(() => {
+      // An object secured by the Admin ACL should not be able to be edited by a Customer role user.
+      obj2.set('changedByCustomer', true);
+      return obj2.save(null, { sessionToken: user3.getSessionToken() });
+    }).then(() => {
+      fail('Customer user should not have been able to save.');
+      done();
+    }, (e) => {
+      expect(e.code).toEqual(101);
+      done();
+    })
+  });
+
 });