Add allowClientClassCreation option

2016-02-26 22:55:39 +08:00
parent 57c936485e
commit 97489106b4
7 changed files with 83 additions and 0 deletions
--- a/src/RestQuery.js
+++ b/src/RestQuery.js
@@ -115,6 +115,8 @@ RestQuery.prototype.execute = function() {
    return this.getUserAndRoleACL();
  }).then(() => {
    return this.redirectClassNameForKey();
+  }).then(() => {
+    return this.validateClientClassCreation();
  }).then(() => {
    return this.replaceSelect();
  }).then(() => {
@@ -161,6 +163,25 @@ RestQuery.prototype.redirectClassNameForKey = function() {
    });
 };

+// Validates this operation against the allowClientClassCreation config.
+RestQuery.prototype.validateClientClassCreation = function() {
+  if (this.config.allowClientClassCreation === false && !this.auth.isMaster) {
+    return this.config.database.loadSchema().then((schema) => {
+      return schema.hasClass(this.className)
+    }).then((hasClass) => {
+      if (hasClass === true) {
+        return Promise.resolve();
+      }
+
+      throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
+                            'This user is not allowed to access ' +
+                            'non-existent class: ' + this.className);
+    });
+  } else {
+    return Promise.resolve();
+  }
+};
+
 // Replaces a $inQuery clause by running the subquery, if there is an
 // $inQuery clause.
 // The $inQuery clause turns into an $in with values that are just