joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move acl adding into parse server (#1601)

Browse Source 
* Move writeACL knowledge out of mongoAdapter

* Remove write ACL from mongo adapter

* Remove readACL from Mongo Transform
This commit is contained in:
Drew
2016-04-22 18:44:03 -07:00
committed by Florent Vilmart
parent d33dd68cc5
commit d14d451028
3 changed files with 25 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/Adapters/Storage/Mongo/MongoStorageAdapter.js
View File

@@ -163,10 +163,8 @@ export class MongoStorageAdapter {
// If no objects match, reject with OBJECT_NOT_FOUND. If objects are found and deleted, resolve with undefined. // If no objects match, reject with OBJECT_NOT_FOUND. If objects are found and deleted, resolve with undefined.
// If there is some other error, reject with INTERNAL_SERVER_ERROR. // If there is some other error, reject with INTERNAL_SERVER_ERROR.
// Currently accepts the acl, schemaController, validate // Currently accepts the schemaController, and validate for lecacy reasons
// for lecacy reasons, Parse Server should later integrate acl into the query. Database adapters deleteObjectsByQuery(className, query, schemaController, validate) {
// shouldn't know about acl.
deleteObjectsByQuery(className, query, acl, schemaController, validate) {
return this.adaptiveCollection(className) return this.adaptiveCollection(className)
.then(collection => { .then(collection => {
let mongoWhere = transform.transformWhere( let mongoWhere = transform.transformWhere(
@@ -175,9 +173,6 @@ export class MongoStorageAdapter {
query, query,
{ validate } { validate }
); );
if (acl) {
mongoWhere = transform.addWriteACL(mongoWhere, acl);
}
return collection.deleteMany(mongoWhere) return collection.deleteMany(mongoWhere)
}) })
.then(({ result }) => { .then(({ result }) => {

10
src/Adapters/Storage/Mongo/MongoTransform.js
View File

@@ -916,14 +916,6 @@ function transformNotInQuery(notInQueryObject, className, results) {
} }
} }
function addWriteACL(mongoWhere, acl) {
return {'$and': [mongoWhere, {"_wperm" : { "$in" : [null, ...acl]}}]};
}
function addReadACL(mongoWhere, acl) {
return {'$and': [mongoWhere, {"_rperm" : { "$in" : [null, "*", ...acl]}}]};
}
var DateCoder = { var DateCoder = {
JSONToDatabase(json) { JSONToDatabase(json) {
return new Date(json.iso); return new Date(json.iso);
@@ -1021,7 +1013,5 @@ module.exports = {
transformDontSelect, transformDontSelect,
transformInQuery, transformInQuery,
transformNotInQuery, transformNotInQuery,
addReadACL,
addWriteACL,
untransformObject untransformObject
}; };

28
src/Controllers/DatabaseController.js
View File

@@ -2,6 +2,7 @@
// Parse database. // Parse database.
import intersect from 'intersect'; import intersect from 'intersect';
import _ from 'lodash';
var mongodb = require('mongodb'); var mongodb = require('mongodb');
var Parse = require('parse/node').Parse; var Parse = require('parse/node').Parse;
@@ -9,6 +10,20 @@ var Parse = require('parse/node').Parse;
var SchemaController = require('../Controllers/SchemaController'); var SchemaController = require('../Controllers/SchemaController');
const deepcopy = require('deepcopy'); const deepcopy = require('deepcopy');
function addWriteACL(query, acl) {
let newQuery = _.cloneDeep(query);
//Can't be any existing '_wperm' query, we don't allow client queries on that, no need to $and
newQuery._wperm = { "$in" : [null, ...acl]};
return newQuery;
}
function addReadACL(query, acl) {
let newQuery = _.cloneDeep(query);
//Can't be any existing '_rperm' query, we don't allow client queries on that, no need to $and
newQuery._rperm = { "$in" : [null, "*", ...acl]};
return newQuery;
}
function DatabaseController(adapter, { skipValidation } = {}) { function DatabaseController(adapter, { skipValidation } = {}) {
this.adapter = adapter; this.adapter = adapter;
@@ -161,10 +176,10 @@ DatabaseController.prototype.update = function(className, query, update, {
if (!query) { if (!query) {
return Promise.resolve(); return Promise.resolve();
} }
var mongoWhere = this.transform.transformWhere(schema, className, query, {validate: !this.skipValidation});
if (acl) { if (acl) {
mongoWhere = this.transform.addWriteACL(mongoWhere, acl); query = addWriteACL(query, acl);
} }
var mongoWhere = this.transform.transformWhere(schema, className, query, {validate: !this.skipValidation});
mongoUpdate = this.transform.transformUpdate(schema, className, update, {validate: !this.skipValidation}); mongoUpdate = this.transform.transformUpdate(schema, className, update, {validate: !this.skipValidation});
if (many) { if (many) {
return collection.updateMany(mongoWhere, mongoUpdate); return collection.updateMany(mongoWhere, mongoUpdate);
@@ -299,7 +314,10 @@ DatabaseController.prototype.destroy = function(className, query, { acl } = {})
} }
} }
// delete by query // delete by query
return this.adapter.deleteObjectsByQuery(className, query, acl, schemaController, !this.skipValidation) if (acl) {
query = addWriteACL(query, acl);
}
return this.adapter.deleteObjectsByQuery(className, query, schemaController, !this.skipValidation)
.catch(error => { .catch(error => {
// When deleting sessions while changing passwords, don't throw an error if they don't have any sessions. // When deleting sessions while changing passwords, don't throw an error if they don't have any sessions.
if (className === "_Session" && error.code === Parse.Error.OBJECT_NOT_FOUND) { if (className === "_Session" && error.code === Parse.Error.OBJECT_NOT_FOUND) {
@@ -613,10 +631,10 @@ DatabaseController.prototype.find = function(className, query, {
return Promise.resolve([]); return Promise.resolve([]);
} }
} }
let mongoWhere = this.transform.transformWhere(schema, className, query);
if (!isMaster) { if (!isMaster) {
mongoWhere = this.transform.addReadACL(mongoWhere, aclGroup); query = addReadACL(query, aclGroup);
} }
let mongoWhere = this.transform.transformWhere(schema, className, query);
if (count) { if (count) {
delete mongoOptions.limit; delete mongoOptions.limit;
return collection.count(mongoWhere, mongoOptions); return collection.count(mongoWhere, mongoOptions);