fix: protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] (#8075)

2022-06-30 12:53:31 +02:00
parent 1a04a347cf
commit 636d16e0f9
4 changed files with 125 additions and 23 deletions
--- a/src/LiveQuery/ParseCloudCodePublisher.js
+++ b/src/LiveQuery/ParseCloudCodePublisher.js
@@ -40,6 +40,9 @@ class ParseCloudCodePublisher {
    if (request.original) {
      message.originalParseObject = request.original._toFullJSON();
    }
+    if (request.classLevelPermissions) {
+      message.classLevelPermissions = request.classLevelPermissions;
+    }
    this.parsePublisher.publish(type, JSON.stringify(message));
  }
 }