FIX : User Roles not added to create, update or delete calls

2016-02-11 22:16:07 -05:00
parent c66cc8d7bc
commit 42aacdf62b
2 changed files with 25 additions and 10 deletions
--- a/src/RestWrite.js
+++ b/src/RestWrite.js
@@ -28,6 +28,7 @@ function RestWrite(config, auth, className, query, data, originalData) {
  this.auth = auth;
  this.className = className;
  this.storage = {};
+  this.runOptions = {};

  if (!query && data.objectId) {
    throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, 'objectId ' +
@@ -67,6 +68,8 @@ function RestWrite(config, auth, className, query, data, originalData) {
 // status and location are optional.
 RestWrite.prototype.execute = function() {
  return Promise.resolve().then(() => {
+    return this.getUserAndRoleACL();
+  }).then(() => {
    return this.validateSchema();
  }).then(() => {
    return this.handleInstallation();
@@ -89,6 +92,19 @@ RestWrite.prototype.execute = function() {
  });
 };

+// Uses the Auth object to get the list of roles, adds the user id
+RestWrite.prototype.getUserAndRoleACL = function() {
+  if (this.auth.isMaster || !this.auth.user) {
+    return Promise.resolve();
+  }
+  return this.auth.getUserRoles().then((roles) => {
+    roles.push('*');
+    roles.push(this.auth.user.id);
+    this.runOptions.acl = roles;
+    return Promise.resolve();
+  });
+};
+
 // Validates this operation against the schema.
 RestWrite.prototype.validateSchema = function() {
  return this.config.database.validateObject(this.className, this.data);
@@ -645,24 +661,16 @@ RestWrite.prototype.runDatabaseOperation = function() {
    throw new Parse.Error(Parse.Error.INVALID_ACL, 'Invalid ACL.');
  }

-  var options = {};
-  if (!this.auth.isMaster) {
-    options.acl = ['*'];
-    if (this.auth.user) {
-      options.acl.push(this.auth.user.id);
-    }
-  }
-
  if (this.query) {
    // Run an update
    return this.config.database.update(
-      this.className, this.query, this.data, options).then((resp) => {
+      this.className, this.query, this.data, this.runOptions).then((resp) => {
        this.response = resp;
        this.response.updatedAt = this.updatedAt;
      });
  } else {
    // Run a create
-    return this.config.database.create(this.className, this.data, options)
+    return this.config.database.create(this.className, this.data, this.runOptions)
      .then(() => {
        var resp = {
          objectId: this.data.objectId,
--- a/src/rest.js
+++ b/src/rest.js
@@ -56,12 +56,19 @@ function del(config, auth, className, objectId) {
      });
    }
    return Promise.resolve({});
+  }).then(() => {
+    if (!auth.isMaster) {
+      return auth.getUserRoles();
+    }else{
+      return Promise.resolve();
+    }
  }).then(() => {
    var options = {};
    if (!auth.isMaster) {
      options.acl = ['*'];
      if (auth.user) {
        options.acl.push(auth.user.id);
+        options.acl = options.acl.concat(auth.userRoles);
      }
    }