Merge pull request #684 from Marco129/client-class-creation

Add allowClientClassCreation option
2016-02-26 11:46:50 -08:00
parent 9142dec5fd 97489106b4
commit ca9b750993
7 changed files with 83 additions and 0 deletions
--- a/src/RestWrite.js
+++ b/src/RestWrite.js
@@ -59,6 +59,8 @@ function RestWrite(config, auth, className, query, data, originalData) {
 RestWrite.prototype.execute = function() {
  return Promise.resolve().then(() => {
    return this.getUserAndRoleACL();
+  }).then(() => {
+    return this.validateClientClassCreation();
  }).then(() => {
    return this.validateSchema();
  }).then(() => {
@@ -105,6 +107,25 @@ RestWrite.prototype.getUserAndRoleACL = function() {
  }
 };

+// Validates this operation against the allowClientClassCreation config.
+RestWrite.prototype.validateClientClassCreation = function() {
+  if (this.config.allowClientClassCreation === false && !this.auth.isMaster) {
+    return this.config.database.loadSchema().then((schema) => {
+      return schema.hasClass(this.className)
+    }).then((hasClass) => {
+      if (hasClass === true) {
+        return Promise.resolve();
+      }
+
+      throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
+                            'This user is not allowed to access ' +
+                            'non-existent class: ' + this.className);
+    });
+  } else {
+    return Promise.resolve();
+  }
+};
+
 // Validates this operation against the schema.
 RestWrite.prototype.validateSchema = function() {
  return this.config.database.validateObject(this.className, this.data, this.query);