joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes for Class Level and Pointer Permissions (#1989)

Browse Source 
* Fixes for Pointer Permissions

- Fix bug that would leave public CLP when setting a new set of permissions
- Sets empty permissions if missing to match parse.com API
- Updates tests to reflect changes

* Adds regression test for #1991

* Fit -> It
This commit is contained in:
Florent Vilmart
2016-06-06 12:31:50 -04:00
committed by Drew
parent ac705a8da6
commit e7e2369132
6 changed files with 96 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Controllers/DatabaseController.js
View File

@@ -704,6 +704,11 @@ DatabaseController.prototype.deleteSchema = function(className) {
}
DatabaseController.prototype.addPointerPermissions = function(schema, className, operation, query, aclGroup = []) {
// Check if class has public permission for operation
// If the BaseCLP pass, let go through
if (schema.testBaseCLP(className, aclGroup, operation)) {
return query;
}
let perms = schema.perms[className];
let field = ['get', 'find'].indexOf(operation) > -1 ? 'readUserFields' : 'writeUserFields';
let userACL = aclGroup.filter((acl) => {