From c935ed836420f06f02958bdcb11e006a35e06d8a Mon Sep 17 00:00:00 2001 From: Florent Vilmart Date: Thu, 10 Mar 2016 23:01:45 -0500 Subject: [PATCH] Always return default public permissions --- spec/schemas.spec.js | 59 ++++++++++++++++++++++++++++++++++++++------ src/Schema.js | 14 +++++++++-- 2 files changed, 63 insertions(+), 10 deletions(-) diff --git a/spec/schemas.spec.js b/spec/schemas.spec.js index 40e6150b..e9195615 100644 --- a/spec/schemas.spec.js +++ b/spec/schemas.spec.js @@ -23,6 +23,27 @@ var hasAllPODobject = () => { return obj; }; +let defaultClassLevelPermissions = { + find: { + '*': true + }, + create: { + '*': true + }, + get: { + '*': true + }, + update: { + '*': true + }, + addField: { + '*': true + }, + delete: { + '*': true + } +} + var plainOldDataSchema = { className: 'HasAllPOD', fields: { @@ -40,7 +61,8 @@ var plainOldDataSchema = { aArray: {type: 'Array'}, aGeoPoint: {type: 'GeoPoint'}, aFile: {type: 'File'} - } + }, + classLevelPermissions: defaultClassLevelPermissions }; var pointersAndRelationsSchema = { @@ -61,6 +83,7 @@ var pointersAndRelationsSchema = { targetClass: 'HasAllPOD', }, }, + classLevelPermissions: defaultClassLevelPermissions } var noAuthHeaders = { @@ -296,7 +319,8 @@ describe('schemas', () => { objectId: {type: 'String'}, foo: {type: 'Number'}, ptr: {type: 'Pointer', targetClass: 'SomeClass'}, - } + }, + classLevelPermissions: defaultClassLevelPermissions }); done(); }); @@ -318,7 +342,8 @@ describe('schemas', () => { createdAt: {type: 'Date'}, updatedAt: {type: 'Date'}, objectId: {type: 'String'}, - } + }, + classLevelPermissions: defaultClassLevelPermissions }); done(); }); @@ -490,7 +515,8 @@ describe('schemas', () => { "objectId": {"type": "String"}, "updatedAt": {"type": "Date"}, "geo2": {"type": "GeoPoint"}, - } + }, + classLevelPermissions: defaultClassLevelPermissions })).toEqual(undefined); done(); }); @@ -539,6 +565,7 @@ describe('schemas', () => { "updatedAt": {"type": "Date"}, "newField": {"type": "String"}, }, + classLevelPermissions: defaultClassLevelPermissions })).toEqual(undefined); request.get({ url: 'http://localhost:8378/1/schemas/NewClass', @@ -553,7 +580,8 @@ describe('schemas', () => { updatedAt: {type: 'Date'}, objectId: {type: 'String'}, newField: {type: 'String'}, - } + }, + classLevelPermissions: defaultClassLevelPermissions }); done(); }); @@ -590,7 +618,8 @@ describe('schemas', () => { emailVerified: {type: 'Boolean'}, newField: {type: 'String'}, ACL: {type: 'ACL'} - } + }, + classLevelPermissions: defaultClassLevelPermissions }); request.get({ url: 'http://localhost:8378/1/schemas/_User', @@ -610,7 +639,8 @@ describe('schemas', () => { emailVerified: {type: 'Boolean'}, newField: {type: 'String'}, ACL: {type: 'ACL'} - } + }, + classLevelPermissions: defaultClassLevelPermissions }); done(); }); @@ -656,7 +686,8 @@ describe('schemas', () => { aNewString: {type: 'String'}, aNewPointer: {type: 'Pointer', targetClass: 'HasAllPOD'}, aNewRelation: {type: 'Relation', targetClass: 'HasAllPOD'}, - } + }, + classLevelPermissions: defaultClassLevelPermissions }); var obj2 = new Parse.Object('HasAllPOD'); obj2.set('aNewPointer', obj1); @@ -902,6 +933,18 @@ describe('schemas', () => { }, create: { 'role:admin': true + }, + get: { + '*': true + }, + update: { + '*': true + }, + addField: { + '*': true + }, + delete: { + '*': true } }); done(); diff --git a/src/Schema.js b/src/Schema.js index f4e1b9bf..ffb7b088 100644 --- a/src/Schema.js +++ b/src/Schema.js @@ -96,6 +96,13 @@ function verifyPermissionKey(key) { } let CLPValidKeys = ['find', 'get', 'create', 'update', 'delete', 'addField']; +let DefaultClassLevelPermissions = CLPValidKeys.reduce((perms, key) => { + perms[key] = { + '*': true + }; + return perms; + }, {}); + function validateCLP(perms) { if (!perms) { return; @@ -879,9 +886,12 @@ function mongoSchemaToSchemaAPIResponse(schema) { className: schema._id, fields: mongoSchemaAPIResponseFields(schema), }; + + let classLevelPermissions = DefaultClassLevelPermissions; if (schema._metadata && schema._metadata.class_permissions) { - result.classLevelPermissions = schema._metadata.class_permissions; - } + classLevelPermissions = Object.assign(classLevelPermissions, schema._metadata.class_permissions); + } + result.classLevelPermissions = classLevelPermissions; return result; }