joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes for Class Level and Pointer Permissions (#1989)

Browse Source 
* Fixes for Pointer Permissions

- Fix bug that would leave public CLP when setting a new set of permissions
- Sets empty permissions if missing to match parse.com API
- Updates tests to reflect changes

* Adds regression test for #1991

* Fit -> It
This commit is contained in:
Florent Vilmart
2016-06-06 12:31:50 -04:00
committed by Drew
parent ac705a8da6
commit e7e2369132
6 changed files with 96 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
spec/schemas.spec.js
View File

@@ -963,18 +963,10 @@ describe('schemas', () => {
create: {
'role:admin': true
},
get: {
'*': true
},
update: {
'*': true
},
addField: {
'*': true
},
delete: {
'*': true
}
get: {},
update: {},
delete: {},
addField: {}
});
done();
});
@@ -1018,6 +1010,9 @@ describe('schemas', () => {
json: true,
body: {
classLevelPermissions: {
create: {
'*': true
},
find: {
'*': true
},
@@ -1040,14 +1035,14 @@ describe('schemas', () => {
})
});
it('should not be able to add a field', done => {
it('should be able to add a field', done => {
request.post({
url: 'http://localhost:8378/1/schemas/AClass',
headers: masterKeyHeaders,
json: true,
body: {
classLevelPermissions: {
find: {
create: {
'*': true
},
addField: {
@@ -1243,7 +1238,7 @@ describe('schemas', () => {
}).then(() => {
return Parse.User.logIn('user', 'user').then(() => {
let obj = new Parse.Object('AClass');
return obj.save();
return obj.save(null, {useMasterKey: true});
})
}).then(() => {
let query = new Parse.Query('AClass');
@@ -1292,7 +1287,7 @@ describe('schemas', () => {
}).then(() => {
return Parse.User.logIn('user', 'user').then(() => {
let obj = new Parse.Object('AClass');
return obj.save();
return obj.save(null, {useMasterKey: true});
})
}).then(() => {
let query = new Parse.Query('AClass');
@@ -1357,7 +1352,7 @@ describe('schemas', () => {
}).then(() => {
return Parse.User.logIn('user', 'user').then(() => {
let obj = new Parse.Object('AClass');
return obj.save();
return obj.save(null, {useMasterKey: true});
})
}).then(() => {
let query = new Parse.Query('AClass');
@@ -1415,7 +1410,7 @@ describe('schemas', () => {
}).then(() => {
return Parse.User.logIn('user', 'user').then(() => {
let obj = new Parse.Object('AClass');
return obj.save();
return obj.save(null, {useMasterKey: true});
})
}).then(() => {
let query = new Parse.Query('AClass');
@@ -1544,6 +1539,7 @@ describe('schemas', () => {
it('can login when addFields is false (issue #1355)', (done) => {
setPermissionsOnClass('_User', {
'create': {'*': true},
'addField': {}
}).then(() => {
return Parse.User.signUp('foo', 'bar');
@@ -1573,4 +1569,40 @@ describe('schemas', () => {
});
});
});
it("regression test for #1991", done => {
let user = new Parse.User();
user.setUsername('user');
user.setPassword('user');
let role = new Parse.Role('admin', new Parse.ACL());
let obj = new Parse.Object('AnObject');
Parse.Object.saveAll([user, role]).then(() => {
role.relation('users').add(user);
return role.save(null, {useMasterKey: true});
}).then(() => {
return setPermissionsOnClass('AnObject', {
'get': {"*": true},
'find': {"*": true},
'create': {'*': true},
'update': {'role:admin': true},
'delete': {'role:admin': true}
})
}).then(() => {
return obj.save();
}).then(() => {
return Parse.User.logIn('user', 'user')
}).then(() => {
return obj.destroy();
}).then((result) => {
let query = new Parse.Query('AnObject');
return query.find();
}).then((results) => {
expect(results.length).toBe(0);
done();
}).catch((err) => {
fail('should not fail');
console.error(err);
done();
});
});
});