joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Set default protectedFields and remove previous filter logic

Browse Source
This commit is contained in:
awgeorge
2019-01-28 07:50:21 +00:00
committed by Arthur Cinader
parent 95831a5b22
commit b343de0c70
8 changed files with 91 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Adapters/Storage/Mongo/MongoSchemaCollection.js
View File

@@ -62,6 +62,7 @@ const emptyCLPS = Object.freeze({
update: {},
delete: {},
addField: {},
protectedFields: {},
});
const defaultCLPS = Object.freeze({
@@ -71,6 +72,7 @@ const defaultCLPS = Object.freeze({
update: { '*': true },
delete: { '*': true },
addField: { '*': true },
protectedFields: { '*': [] },
});
function mongoSchemaToParseSchema(mongoSchema) {

2
src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
View File

@@ -106,6 +106,7 @@ const emptyCLPS = Object.freeze({
update: {},
delete: {},
addField: {},
protectedFields: {},
});
const defaultCLPS = Object.freeze({
@@ -115,6 +116,7 @@ const defaultCLPS = Object.freeze({
update: { '*': true },
delete: { '*': true },
addField: { '*': true },
protectedFields: { '*': [] },
});
const toParseSchema = schema => {

6
src/Controllers/SchemaController.js
View File

@@ -203,6 +203,7 @@ const CLPValidKeys = Object.freeze([
'addField',
'readUserFields',
'writeUserFields',
'protectedFields',
]);
function validateCLP(perms: ClassLevelPermissions, fields: SchemaFields) {
if (!perms) {
@@ -250,7 +251,10 @@ function validateCLP(perms: ClassLevelPermissions, fields: SchemaFields) {
verifyPermissionKey(key);
// @flow-disable-next
const perm = perms[operation][key];
if (perm !== true) {
if (
perm !== true &&
(operation !== 'protectedFields' || !Array.isArray(perm))
) {
// @flow-disable-next
throw new Parse.Error(
Parse.Error.INVALID_JSON,

14
src/RestQuery.js
View File

@@ -565,19 +565,8 @@ RestQuery.prototype.replaceDontSelect = function() {
});
};
const cleanResultOfSensitiveUserInfo = function(result, auth, config) {
delete result.password;
if (auth.isMaster || (auth.user && auth.user.id === result.objectId)) {
return;
}
for (const field of config.userSensitiveFields) {
delete result[field];
}
};
const cleanResultAuthData = function(result) {
delete result.password;
if (result.authData) {
Object.keys(result.authData).forEach(provider => {
if (result.authData[provider] === null) {
@@ -645,7 +634,6 @@ RestQuery.prototype.runFind = function(options = {}) {
.then(results => {
if (this.className === '_User') {
for (var result of results) {
cleanResultOfSensitiveUserInfo(result, this.auth, this.config);
cleanResultAuthData(result);
}
}