Do master query for before/afterSaveHook

spec/ParseAPI.spec.js

@@ -643,6 +643,7 @@ describe('miscellaneous', function() {
   it('test afterSave get original object on update', function(done) {
     var triggerTime = 0;
     // Register a mock beforeSave hook
+
     Parse.Cloud.afterSave('GameScore', function(req, res) {
       var object = req.object;
       expect(object instanceof Parse.Object).toBeTruthy();
@@ -693,6 +694,56 @@ describe('miscellaneous', function() {
     });
   });
 
+  it('test afterSave get full original object even req auth can not query it', (done) => {
+    var triggerTime = 0;
+    // Register a mock beforeSave hook
+    Parse.Cloud.afterSave('GameScore', function(req, res) {
+      var object = req.object;
+      var originalObject = req.original;
+      if (triggerTime == 0) {
+        // Create
+      } else if (triggerTime == 1) {
+        // Update
+        expect(object.get('foo')).toEqual('baz');
+        // Make sure we get the full originalObject
+        expect(originalObject instanceof Parse.Object).toBeTruthy();
+        expect(originalObject.get('fooAgain')).toEqual('barAgain');
+        expect(originalObject.id).not.toBeUndefined();
+        expect(originalObject.createdAt).not.toBeUndefined();
+        expect(originalObject.updatedAt).not.toBeUndefined();
+        expect(originalObject.get('foo')).toEqual('bar');
+      } else {
+        res.error();
+      }
+      triggerTime++;
+      res.success();
+    });
+
+    var obj = new Parse.Object('GameScore');
+    obj.set('foo', 'bar');
+    obj.set('fooAgain', 'barAgain');
+    var acl = new Parse.ACL();
+    // Make sure our update request can not query the object
+    acl.setPublicReadAccess(false);
+    acl.setPublicWriteAccess(true);
+    obj.setACL(acl);
+    obj.save().then(function() {
+      // We only update foo
+      obj.set('foo', 'baz');
+      return obj.save();
+    }).then(function() {
+      // Make sure the checking has been triggered
+      expect(triggerTime).toBe(2);
+      // Clear mock afterSave
+      Parse.Cloud._removeHook("Triggers", "afterSave", "GameScore");
+      done();
+    }, function(error) {
+      console.error(error);
+      fail(error);
+      done();
+    });
+  });
+
   it('afterSave flattens custom operations', done => {
     var triggerTime = 0;
     // Register a mock beforeSave hook

src/rest.js

@@ -9,6 +9,7 @@
 
 var Parse = require('parse/node').Parse;
 import cache from './cache';
+import Auth from './Auth';
 
 var RestQuery = require('./RestQuery');
 var RestWrite = require('./RestWrite');
@@ -42,7 +43,7 @@ function del(config, auth, className, objectId) {
     if (triggers.getTrigger(className, triggers.Types.beforeDelete, config.applicationId) ||
         triggers.getTrigger(className, triggers.Types.afterDelete, config.applicationId) ||
         className == '_Session') {
-      return find(config, auth, className, {objectId: objectId})
+      return find(config, Auth.master(config), className, {objectId: objectId})
       .then((response) => {
         if (response && response.results && response.results.length) {
           response.results[0].className = className;
@@ -97,7 +98,7 @@ function update(config, auth, className, objectId, restObject) {
   return Promise.resolve().then(() => {
     if (triggers.getTrigger(className, triggers.Types.beforeSave, config.applicationId) ||
         triggers.getTrigger(className, triggers.Types.afterSave, config.applicationId)) {
-      return find(config, auth, className, {objectId: objectId});
+      return find(config, Auth.master(config), className, {objectId: objectId});
     }
     return Promise.resolve({});
   }).then((response) => {