Add new definition and update tests to reflect

2019-01-28 07:46:36 +00:00
parent 493fc99bcb
commit 95831a5b22
5 changed files with 499 additions and 12 deletions
--- a/src/Controllers/types.js
+++ b/src/Controllers/types.js
@@ -26,4 +26,5 @@ export type ClassLevelPermissions = {
  addField?: { [string]: boolean },
  readUserFields?: string[],
  writeUserFields?: string[],
+  protectedFields?: { [string]: boolean },
 };
--- a/src/Options/Definitions.js
+++ b/src/Options/Definitions.js
@@ -148,10 +148,17 @@ module.exports.ParseServerOptions = {
  userSensitiveFields: {
    env: 'PARSE_SERVER_USER_SENSITIVE_FIELDS',
    help:
-      'Personally identifiable information fields in the user table the should be removed for non-authorized users.',
+      'Personally identifiable information fields in the user table the should be removed for non-authorized users. **Deprecated** @see protectedFields',
    action: parsers.arrayParser,
    default: ['email'],
  },
+  protectedFields: {
+    env: 'PARSE_SERVER_PROTECTED_FIELDS',
+    help:
+      'Personally identifiable information fields in the user table the should be removed for non-authorized users.',
+    action: parsers.objectParser,
+    //default: {"_User": {"*": ["email"]}} // For backwards compatiability, do not use a default here.
+  },
  enableAnonymousUsers: {
    env: 'PARSE_SERVER_ENABLE_ANON_USERS',
    help: 'Enable (or disable) anon users, defaults to true',
--- a/src/Options/index.js
+++ b/src/Options/index.js
@@ -81,9 +81,12 @@ export interface ParseServerOptions {
  :ENV: PARSE_SERVER_PRESERVE_FILE_NAME
  :DEFAULT: false */
  preserveFileName: ?boolean;
-  /* Personally identifiable information fields in the user table the should be removed for non-authorized users.
+  /* Personally identifiable information fields in the user table the should be removed for non-authorized users. Deprecated @see protectedFields
  :DEFAULT: ["email"] */
  userSensitiveFields: ?(string[]);
+  /* Protected fields that should be treated with extra security when fetching details.
+  :DEFAULT: {"_User": {"*": ["email"]}} */
+  protectedFields: ?any;
  /* Enable (or disable) anon users, defaults to true
  :ENV: PARSE_SERVER_ENABLE_ANON_USERS
  :DEFAULT: true */
--- a/src/ParseServer.js
+++ b/src/ParseServer.js
@@ -343,14 +343,15 @@ function injectDefaults(options: ParseServerOptions) {
    options.serverURL = `http://localhost:${options.port}${options.mountPath}`;
  }

-  options.userSensitiveFields = Array.from(
-    new Set(
-      options.userSensitiveFields.concat(
-        defaults.userSensitiveFields,
-        options.userSensitiveFields
-      )
-    )
-  );
+  // Backwards compatibility
+  if (!options.protectedFields && options.userSensitiveFields) {
+    /* eslint-disable no-console */
+    console.warn(
+      `\nDEPRECATED: userSensitiveFields has been replaced by protectedFields allowing the ability to protect fields in all classes with CLP. \n`
+    );
+    /* eslint-enable no-console */
+    options.protectedFields = { _User: { '*': options.userSensitiveFields } };
+  }

  options.masterKeyIps = Array.from(
    new Set(