Merge remote-tracking branch 'upstream/master' into test-configurations
This commit is contained in:
Drew Gross
@@ -80,7 +80,7 @@ Auth.prototype.getUserRoles = function() {
|
||||
return Promise.resolve(this.userRoles);
|
||||
}
|
||||
if (this.rolePromise) {
|
||||
return rolePromise;
|
||||
return this.rolePromise;
|
||||
}
|
||||
this.rolePromise = this._loadRoles();
|
||||
return this.rolePromise;
|
||||
|
||||
@@ -27,6 +27,7 @@ function RestWrite(config, auth, className, query, data, originalData) {
|
||||
this.auth = auth;
|
||||
this.className = className;
|
||||
this.storage = {};
|
||||
this.runOptions = {};
|
||||
|
||||
if (!query && data.objectId) {
|
||||
throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, 'objectId ' +
|
||||
@@ -66,6 +67,8 @@ function RestWrite(config, auth, className, query, data, originalData) {
|
||||
// status and location are optional.
|
||||
RestWrite.prototype.execute = function() {
|
||||
return Promise.resolve().then(() => {
|
||||
return this.getUserAndRoleACL();
|
||||
}).then(() => {
|
||||
return this.validateSchema();
|
||||
}).then(() => {
|
||||
return this.handleInstallation();
|
||||
@@ -88,6 +91,25 @@ RestWrite.prototype.execute = function() {
|
||||
});
|
||||
};
|
||||
|
||||
// Uses the Auth object to get the list of roles, adds the user id
|
||||
RestWrite.prototype.getUserAndRoleACL = function() {
|
||||
if (this.auth.isMaster) {
|
||||
return Promise.resolve();
|
||||
}
|
||||
|
||||
this.runOptions.acl = ['*'];
|
||||
|
||||
if( this.auth.user ){
|
||||
return this.auth.getUserRoles().then((roles) => {
|
||||
roles.push(this.auth.user.id);
|
||||
this.runOptions.acl = this.runOptions.acl.concat(roles);
|
||||
return Promise.resolve();
|
||||
});
|
||||
}else{
|
||||
return Promise.resolve();
|
||||
}
|
||||
};
|
||||
|
||||
// Validates this operation against the schema.
|
||||
RestWrite.prototype.validateSchema = function() {
|
||||
return this.config.database.validateObject(this.className, this.data);
|
||||
@@ -690,18 +712,10 @@ RestWrite.prototype.runDatabaseOperation = function() {
|
||||
throw new Parse.Error(Parse.Error.INVALID_ACL, 'Invalid ACL.');
|
||||
}
|
||||
|
||||
var options = {};
|
||||
if (!this.auth.isMaster) {
|
||||
options.acl = ['*'];
|
||||
if (this.auth.user) {
|
||||
options.acl.push(this.auth.user.id);
|
||||
}
|
||||
}
|
||||
|
||||
if (this.query) {
|
||||
// Run an update
|
||||
return this.config.database.update(
|
||||
this.className, this.query, this.data, options).then((resp) => {
|
||||
this.className, this.query, this.data, this.runOptions).then((resp) => {
|
||||
this.response = resp;
|
||||
this.response.updatedAt = this.updatedAt;
|
||||
});
|
||||
@@ -714,7 +728,7 @@ RestWrite.prototype.runDatabaseOperation = function() {
|
||||
this.data.ACL = ACL;
|
||||
}
|
||||
// Run a create
|
||||
return this.config.database.create(this.className, this.data, options)
|
||||
return this.config.database.create(this.className, this.data, this.runOptions)
|
||||
.then(() => {
|
||||
var resp = {
|
||||
objectId: this.data.objectId,
|
||||
|
||||
@@ -2,11 +2,22 @@
|
||||
import PromiseRouter from '../PromiseRouter';
|
||||
import rest from '../rest';
|
||||
|
||||
import url from 'url';
|
||||
|
||||
export class ClassesRouter {
|
||||
// Returns a promise that resolves to a {response} object.
|
||||
handleFind(req) {
|
||||
let body = Object.assign(req.body, req.query);
|
||||
let options = {};
|
||||
let allowConstraints = ['skip', 'limit', 'order', 'count', 'keys',
|
||||
'include', 'redirectClassNameForKey', 'where'];
|
||||
|
||||
for (var key in body) {
|
||||
if (allowConstraints.indexOf(key) === -1) {
|
||||
throw new Parse.Error(Parse.Error.INVALID_QUERY, 'Improper encode of parameter');
|
||||
}
|
||||
}
|
||||
|
||||
if (body.skip) {
|
||||
options.skip = Number(body.skip);
|
||||
}
|
||||
|
||||
@@ -72,7 +72,7 @@ function ParseServer({
|
||||
facebookAppIds = [],
|
||||
enableAnonymousUsers = true,
|
||||
oauth = {},
|
||||
serverURL,
|
||||
serverURL = '',
|
||||
}) {
|
||||
if (!appId || !masterKey) {
|
||||
throw 'You must provide an appId and masterKey!';
|
||||
@@ -128,9 +128,7 @@ function ParseServer({
|
||||
|
||||
// Initialize the node client SDK automatically
|
||||
Parse.initialize(appId, javascriptKey, masterKey);
|
||||
if (serverURL) {
|
||||
Parse.serverURL = serverURL;
|
||||
}
|
||||
Parse.serverURL = serverURL;
|
||||
|
||||
// This app serves the Parse API directly.
|
||||
// It's the equivalent of https://api.parse.com/1 in the hosted Parse API.
|
||||
|
||||
@@ -56,12 +56,19 @@ function del(config, auth, className, objectId) {
|
||||
});
|
||||
}
|
||||
return Promise.resolve({});
|
||||
}).then(() => {
|
||||
if (!auth.isMaster) {
|
||||
return auth.getUserRoles();
|
||||
}else{
|
||||
return Promise.resolve();
|
||||
}
|
||||
}).then(() => {
|
||||
var options = {};
|
||||
if (!auth.isMaster) {
|
||||
options.acl = ['*'];
|
||||
if (auth.user) {
|
||||
options.acl.push(auth.user.id);
|
||||
options.acl = options.acl.concat(auth.userRoles);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user