Adds count class level permission (#3814)

* Adds count class level permission * fixup! Adds count class level permission * Adds missing count property on beforeFind request object * nits
2017-05-14 21:47:30 -04:00
parent d71683a7e2
commit 691cf5988a
5 changed files with 75 additions and 5 deletions
--- a/spec/CloudCode.spec.js
+++ b/spec/CloudCode.spec.js
@@ -1470,4 +1470,36 @@ describe('afterFind hooks', () => {
          });
      });
  });
+
+  it('should set count to true on beforeFind hooks if query is count', (done) => {
+    const hook = {
+      method: function(req) {
+        expect(req.count).toBe(true);
+        return Promise.resolve();
+      }
+    };
+    spyOn(hook, 'method').and.callThrough();
+    Parse.Cloud.beforeFind('Stuff', hook.method);
+    new Parse.Query('Stuff').count().then((count) => {
+      expect(count).toBe(0);
+      expect(hook.method).toHaveBeenCalled();
+      done();
+    });
+  });
+
+  it('should set count to false on beforeFind hooks if query is not count', (done) => {
+    const hook = {
+      method: function(req) {
+        expect(req.count).toBe(false);
+        return Promise.resolve();
+      }
+    };
+    spyOn(hook, 'method').and.callThrough();
+    Parse.Cloud.beforeFind('Stuff', hook.method);
+    new Parse.Query('Stuff').find().then((res) => {
+      expect(res.length).toBe(0);
+      expect(hook.method).toHaveBeenCalled();
+      done();
+    });
+  });
 });
--- a/spec/Schema.spec.js
+++ b/spec/Schema.spec.js
@@ -178,6 +178,38 @@ describe('SchemaController', () => {
    });
  });

+  it('class-level permissions test count', (done) => {
+    var obj;
+    return config.database.loadSchema()
+      // Create a valid class
+      .then(schema => schema.validateObject('Stuff', {foo: 'bar'}))
+      .then(schema => {
+        var count = {};
+        return schema.setPermissions('Stuff', {
+          'create': {'*': true},
+          'find': {'*': true},
+          'count': count
+        })
+      }).then(() => {
+        obj = new Parse.Object('Stuff');
+        obj.set('foo', 'bar');
+        return obj.save();
+      }).then((o) => {
+        obj = o;
+        var query = new Parse.Query('Stuff');
+        return query.find();
+      }).then((results) => {
+        expect(results.length).toBe(1);
+        var query = new Parse.Query('Stuff');
+        return query.count();
+      }).then(() => {
+        fail('Class permissions should have rejected this query.');
+      }, (err) => {
+        expect(err.message).toEqual('Permission denied for action count on class Stuff.');
+        done();
+      });
+  });
+
  it('can add classes without needing an object', done => {
    config.database.loadSchema()
    .then(schema => schema.addClassIfNotExists('NewClass', {