Florent Vilmart
10
src/rest.js
10
src/rest.js
@@ -119,11 +119,11 @@ function update(config, auth, className, objectId, restObject) {
|
||||
|
||||
// Disallowing access to the _Role collection except by master key
|
||||
function enforceRoleSecurity(method, className, auth) {
|
||||
if (method === 'delete' && className === '_Installation' && !auth.isMaster) {
|
||||
throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
|
||||
'Clients aren\'t allowed to perform the ' +
|
||||
'delete operation on the installation collection.');
|
||||
|
||||
if (className === '_Installation' && !auth.isMaster) {
|
||||
if (method === 'delete' || method === 'find') {
|
||||
let error = `Clients aren't allowed to perform the ${method} operation on the installation collection.`
|
||||
throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN, error);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user