joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove public ACL set by default.

Browse Source
This commit is contained in:
Francis Lessard
2016-02-16 10:45:43 -05:00
parent 2c5b77f284
commit 5b40a589c0
1 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/RestWrite.js
View File

@@ -28,7 +28,7 @@ function RestWrite(config, auth, className, query, data, originalData) {
this.className = className;
this.storage = {};
this.runOptions = {
acl:['*']
acl:[]
};
if (!query && data.objectId) {
@@ -95,14 +95,21 @@ RestWrite.prototype.execute = function() {
// Uses the Auth object to get the list of roles, adds the user id
RestWrite.prototype.getUserAndRoleACL = function() {
if (this.auth.isMaster || !this.auth.user) {
if (this.auth.isMaster) {
return Promise.resolve();
}
return this.auth.getUserRoles().then((roles) => {
roles.push(this.auth.user.id);
this.runOptions.acl = this.runOptions.acl.concat(roles);
this.runOptions.acl.push("*");
if( this.auth.user ){
return this.auth.getUserRoles().then((roles) => {
roles.push(this.auth.user.id);
this.runOptions.acl = this.runOptions.acl.concat(roles);
return Promise.resolve();
});
}else{
return Promise.resolve();
});
}
};
// Validates this operation against the schema.