Move acl adding into parse server (#1601)
* Move writeACL knowledge out of mongoAdapter * Remove write ACL from mongo adapter * Remove readACL from Mongo Transform
This commit is contained in:
Drew
Florent Vilmart
@@ -163,10 +163,8 @@ export class MongoStorageAdapter {
|
||||
// If no objects match, reject with OBJECT_NOT_FOUND. If objects are found and deleted, resolve with undefined.
|
||||
// If there is some other error, reject with INTERNAL_SERVER_ERROR.
|
||||
|
||||
// Currently accepts the acl, schemaController, validate
|
||||
// for lecacy reasons, Parse Server should later integrate acl into the query. Database adapters
|
||||
// shouldn't know about acl.
|
||||
deleteObjectsByQuery(className, query, acl, schemaController, validate) {
|
||||
// Currently accepts the schemaController, and validate for lecacy reasons
|
||||
deleteObjectsByQuery(className, query, schemaController, validate) {
|
||||
return this.adaptiveCollection(className)
|
||||
.then(collection => {
|
||||
let mongoWhere = transform.transformWhere(
|
||||
@@ -175,9 +173,6 @@ export class MongoStorageAdapter {
|
||||
query,
|
||||
{ validate }
|
||||
);
|
||||
if (acl) {
|
||||
mongoWhere = transform.addWriteACL(mongoWhere, acl);
|
||||
}
|
||||
return collection.deleteMany(mongoWhere)
|
||||
})
|
||||
.then(({ result }) => {
|
||||
|
||||
@@ -916,14 +916,6 @@ function transformNotInQuery(notInQueryObject, className, results) {
|
||||
}
|
||||
}
|
||||
|
||||
function addWriteACL(mongoWhere, acl) {
|
||||
return {'$and': [mongoWhere, {"_wperm" : { "$in" : [null, ...acl]}}]};
|
||||
}
|
||||
|
||||
function addReadACL(mongoWhere, acl) {
|
||||
return {'$and': [mongoWhere, {"_rperm" : { "$in" : [null, "*", ...acl]}}]};
|
||||
}
|
||||
|
||||
var DateCoder = {
|
||||
JSONToDatabase(json) {
|
||||
return new Date(json.iso);
|
||||
@@ -1021,7 +1013,5 @@ module.exports = {
|
||||
transformDontSelect,
|
||||
transformInQuery,
|
||||
transformNotInQuery,
|
||||
addReadACL,
|
||||
addWriteACL,
|
||||
untransformObject
|
||||
};
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
// Parse database.
|
||||
|
||||
import intersect from 'intersect';
|
||||
import _ from 'lodash';
|
||||
|
||||
var mongodb = require('mongodb');
|
||||
var Parse = require('parse/node').Parse;
|
||||
@@ -9,6 +10,20 @@ var Parse = require('parse/node').Parse;
|
||||
var SchemaController = require('../Controllers/SchemaController');
|
||||
const deepcopy = require('deepcopy');
|
||||
|
||||
function addWriteACL(query, acl) {
|
||||
let newQuery = _.cloneDeep(query);
|
||||
//Can't be any existing '_wperm' query, we don't allow client queries on that, no need to $and
|
||||
newQuery._wperm = { "$in" : [null, ...acl]};
|
||||
return newQuery;
|
||||
}
|
||||
|
||||
function addReadACL(query, acl) {
|
||||
let newQuery = _.cloneDeep(query);
|
||||
//Can't be any existing '_rperm' query, we don't allow client queries on that, no need to $and
|
||||
newQuery._rperm = { "$in" : [null, "*", ...acl]};
|
||||
return newQuery;
|
||||
}
|
||||
|
||||
function DatabaseController(adapter, { skipValidation } = {}) {
|
||||
this.adapter = adapter;
|
||||
|
||||
@@ -161,10 +176,10 @@ DatabaseController.prototype.update = function(className, query, update, {
|
||||
if (!query) {
|
||||
return Promise.resolve();
|
||||
}
|
||||
var mongoWhere = this.transform.transformWhere(schema, className, query, {validate: !this.skipValidation});
|
||||
if (acl) {
|
||||
mongoWhere = this.transform.addWriteACL(mongoWhere, acl);
|
||||
query = addWriteACL(query, acl);
|
||||
}
|
||||
var mongoWhere = this.transform.transformWhere(schema, className, query, {validate: !this.skipValidation});
|
||||
mongoUpdate = this.transform.transformUpdate(schema, className, update, {validate: !this.skipValidation});
|
||||
if (many) {
|
||||
return collection.updateMany(mongoWhere, mongoUpdate);
|
||||
@@ -299,7 +314,10 @@ DatabaseController.prototype.destroy = function(className, query, { acl } = {})
|
||||
}
|
||||
}
|
||||
// delete by query
|
||||
return this.adapter.deleteObjectsByQuery(className, query, acl, schemaController, !this.skipValidation)
|
||||
if (acl) {
|
||||
query = addWriteACL(query, acl);
|
||||
}
|
||||
return this.adapter.deleteObjectsByQuery(className, query, schemaController, !this.skipValidation)
|
||||
.catch(error => {
|
||||
// When deleting sessions while changing passwords, don't throw an error if they don't have any sessions.
|
||||
if (className === "_Session" && error.code === Parse.Error.OBJECT_NOT_FOUND) {
|
||||
@@ -613,10 +631,10 @@ DatabaseController.prototype.find = function(className, query, {
|
||||
return Promise.resolve([]);
|
||||
}
|
||||
}
|
||||
let mongoWhere = this.transform.transformWhere(schema, className, query);
|
||||
if (!isMaster) {
|
||||
mongoWhere = this.transform.addReadACL(mongoWhere, aclGroup);
|
||||
query = addReadACL(query, aclGroup);
|
||||
}
|
||||
let mongoWhere = this.transform.transformWhere(schema, className, query);
|
||||
if (count) {
|
||||
delete mongoOptions.limit;
|
||||
return collection.count(mongoWhere, mongoOptions);
|
||||
|
||||
Reference in New Issue
Block a user