joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
488b2ff231b6dcd6eb588668d17543f2d0b393bd
kami-parse-server/spec/ParseACL.spec.js
Florent Vilmart ff25ae254d Update parse SDK to 2.0.0 (#4925) 
* WIP: Integrate JS SDK v2

- Removes backbone style callbacks
- Use Promise instead of Parse.Promise

* Fixes ParseObject and ParseRelation

* Updates Parse.Query with promises

* Alls tests should pass

* Ensure a fresh user is used for each test

* Use REST implementation to avoid side effects for username/email duplicates

* Uses js sdk v2
2018-08-05 13:58:07 -04:00

906 lines
30 KiB
JavaScript
Raw Blame History

// This is a port of the test suite:
// hungry/js/test/parse_acl_test.js
const rest = require('../lib/rest');
const Config = require('../lib/Config');
const auth = require('../lib/Auth');
describe('Parse.ACL', () => {
it("acl must be valid", (done) => {
const user = new Parse.User();
ok(!user.setACL("Ceci n'est pas un ACL.", {
error: function(user, error) {
equal(error.code, -1);
done();
}
}), "setACL should have returned false.");
});
it("refresh object with acl", async (done) => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set("username", "alice");
user.set("password", "wonderland");
await user.signUp(null);
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
await object.fetch();
done();
});
it("acl an object owned by one user and public get", async (done) => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set("username", "alice");
user.set("password", "wonderland");
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
await Parse.User.logOut();
const query = new Parse.Query(TestObject);
try {
await query.get(object.id);
done.fail('Should not have retrieved the object.');
} catch(error) {
equal(error.code, Parse.Error.OBJECT_NOT_FOUND);
done();
}
});
it("acl an object owned by one user and public find", async (done) => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set("username", "alice");
user.set("password", "wonderland");
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save()
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
// Start making requests by the public, which should all fail.
await Parse.User.logOut()
// Find
const query = new Parse.Query(TestObject);
const results = await query.find();
equal(results.length, 0);
done();
});
it("acl an object owned by one user and public update", async (done) => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set("username", "alice");
user.set("password", "wonderland");
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
// Start making requests by the public, which should all fail.
await Parse.User.logOut()
// Update
object.set("foo", "bar");
try {
await object.save()
done.fail('Should not have been able to update the object.');
} catch(err) {
equal(err.code, Parse.Error.OBJECT_NOT_FOUND);
done();
}
});
it("acl an object owned by one user and public delete", async (done) => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set("username", "alice");
user.set("password", "wonderland");
await user.signUp()
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
// Start making requests by the public, which should all fail.
await Parse.User.logOut()
try {
await object.destroy()
done.fail('destroy should fail');
} catch(error) {
expect(error.code).toEqual(Parse.Error.OBJECT_NOT_FOUND);
done();
}
});
it("acl an object owned by one user and logged in get", async (done) => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set("username", "alice");
user.set("password", "wonderland");
await user.signUp()
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
await Parse.User.logOut();
await Parse.User.logIn("alice", "wonderland");
// Get
const query = new Parse.Query(TestObject);
const result = await query.get(object.id);
ok(result);
equal(result.id, object.id);
equal(result.getACL().getReadAccess(user), true);
equal(result.getACL().getWriteAccess(user), true);
equal(result.getACL().getPublicReadAccess(), false);
equal(result.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
done();
});
it("acl an object owned by one user and logged in find", async (done) => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set("username", "alice");
user.set("password", "wonderland");
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
await Parse.User.logOut()
await Parse.User.logIn("alice", "wonderland");
// Find
const query = new Parse.Query(TestObject);
const results = await query.find();
equal(results.length, 1);
const result = results[0];
ok(result);
if (!result) {
return fail();
}
equal(result.id, object.id);
equal(result.getACL().getReadAccess(user), true);
equal(result.getACL().getWriteAccess(user), true);
equal(result.getACL().getPublicReadAccess(), false);
equal(result.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
done();
});
it("acl an object owned by one user and logged in update", async (done) => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set("username", "alice");
user.set("password", "wonderland");
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
await Parse.User.logOut();
await Parse.User.logIn("alice", "wonderland");
// Update
object.set("foo", "bar");
await object.save();
done();
});
it("acl an object owned by one user and logged in delete", async (done) => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set("username", "alice");
user.set("password", "wonderland");
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save()
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
await Parse.User.logOut()
await Parse.User.logIn("alice", "wonderland");
// Delete
await object.destroy();
done();
});
it("acl making an object publicly readable and public get", async (done) => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set("username", "alice");
user.set("password", "wonderland");
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
// Now make it public.
object.getACL().setPublicReadAccess(true);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), true);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
await Parse.User.logOut()
// Get
const query = new Parse.Query(TestObject);
const result = await query.get(object.id);
ok(result);
equal(result.id, object.id);
done();
});
it("acl making an object publicly readable and public find", async (done) => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set("username", "alice");
user.set("password", "wonderland");
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
// Now make it public.
object.getACL().setPublicReadAccess(true);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), true);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
await Parse.User.logOut()
// Find
const query = new Parse.Query(TestObject);
const results = await query.find();
equal(results.length, 1);
const result = results[0];
ok(result);
equal(result.id, object.id);
done();
});
it("acl making an object publicly readable and public update", async (done) => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set("username", "alice");
user.set("password", "wonderland");
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
// Now make it public.
object.getACL().setPublicReadAccess(true);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), true);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
await Parse.User.logOut()
object.set("foo", "bar");
object.save().then(() => {
fail('the save should fail');
}, error => {
expect(error.code).toEqual(Parse.Error.OBJECT_NOT_FOUND);
done();
});
});
it("acl making an object publicly readable and public delete", async (done) => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set("username", "alice");
user.set("password", "wonderland");
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
// Now make it public.
object.getACL().setPublicReadAccess(true);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), true);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
Parse.User.logOut()
.then(() => object.destroy())
.then(() => {
fail('expected failure');
}, error => {
expect(error.code).toEqual(Parse.Error.OBJECT_NOT_FOUND);
done();
});
});
it("acl making an object publicly writable and public get", async (done) => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set("username", "alice");
user.set("password", "wonderland");
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
// Now make it public.
object.getACL().setPublicWriteAccess(true);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), true);
ok(object.get("ACL"));
await Parse.User.logOut()
// Get
const query = new Parse.Query(TestObject);
query.get(object.id)
.then(done.fail)
.catch((error) => {
equal(error.code, Parse.Error.OBJECT_NOT_FOUND);
done();
});
});
it("acl making an object publicly writable and public find", async (done) => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set("username", "alice");
user.set("password", "wonderland");
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
// Now make it public.
object.getACL().setPublicWriteAccess(true);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), true);
ok(object.get("ACL"));
await Parse.User.logOut()
// Find
const query = new Parse.Query(TestObject);
query.find().then(function(results) {
equal(results.length, 0);
done();
});
});
it("acl making an object publicly writable and public update", async (done) => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set("username", "alice");
user.set("password", "wonderland");
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
// Now make it public.
object.getACL().setPublicWriteAccess(true);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), true);
ok(object.get("ACL"));
Parse.User.logOut()
.then(() => {
// Update
object.set("foo", "bar");
object.save().then(done);
});
});
it("acl making an object publicly writable and public delete", async (done) => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set("username", "alice");
user.set("password", "wonderland");
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get("ACL"));
// Now make it public.
object.getACL().setPublicWriteAccess(true);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), true);
ok(object.get("ACL"));
Parse.User.logOut()
.then(() => {
// Delete
object.destroy().then(done);
});
});
it("acl making an object privately writable (#3194)", (done) => {
// Create an object owned by Alice.
let object;
let user2;
const user = new Parse.User();
user.set("username", "alice");
user.set("password", "wonderland");
user.signUp().then(() => {
object = new TestObject();
const acl = new Parse.ACL(user);
acl.setPublicWriteAccess(false);
acl.setPublicReadAccess(true);
object.setACL(acl);
return object.save().then(() => {
return Parse.User.logOut();
})
}).then(() => {
user2 = new Parse.User();
user2.set("username", "bob");
user2.set("password", "burger");
return user2.signUp();
}).then(() => {
return object.destroy({sessionToken: user2.getSessionToken() });
}).then(() => {
fail('should not be able to destroy the object');
done();
}, (err) => {
expect(err).not.toBeUndefined();
done();
});
});
it("acl sharing with another user and get", async (done) => {
// Sign in as Bob.
const bob = await Parse.User.signUp("bob", "pass");
await Parse.User.logOut()
const alice = await Parse.User.signUp("alice", "wonderland");
// Create an object shared by Bob and Alice.
const object = new TestObject();
const acl = new Parse.ACL(alice);
acl.setWriteAccess(bob, true);
acl.setReadAccess(bob, true);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(alice), true);
equal(object.getACL().getWriteAccess(alice), true);
equal(object.getACL().getReadAccess(bob), true);
equal(object.getACL().getWriteAccess(bob), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
// Sign in as Bob again.
await Parse.User.logIn("bob", "pass");
const query = new Parse.Query(TestObject);
query.get(object.id).then((result) => {
ok(result);
equal(result.id, object.id);
done();
});
});
it("acl sharing with another user and find", async (done) => {
// Sign in as Bob.
const bob = await Parse.User.signUp("bob", "pass");
await Parse.User.logOut()
// Sign in as Alice.
const alice = await Parse.User.signUp("alice", "wonderland");
// Create an object shared by Bob and Alice.
const object = new TestObject();
const acl = new Parse.ACL(alice);
acl.setWriteAccess(bob, true);
acl.setReadAccess(bob, true);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(alice), true);
equal(object.getACL().getWriteAccess(alice), true);
equal(object.getACL().getReadAccess(bob), true);
equal(object.getACL().getWriteAccess(bob), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
// Sign in as Bob again.
await Parse.User.logIn("bob", "pass");
const query = new Parse.Query(TestObject);
query.find().then((results) => {
equal(results.length, 1);
const result = results[0];
ok(result);
if (!result) {
fail("should have result");
} else {
equal(result.id, object.id);
}
done();
});
});
it("acl sharing with another user and update", async (done) => {
// Sign in as Bob.
const bob = await Parse.User.signUp("bob", "pass");
await Parse.User.logOut()
// Sign in as Alice.
const alice = await Parse.User.signUp("alice", "wonderland");
// Create an object shared by Bob and Alice.
const object = new TestObject();
const acl = new Parse.ACL(alice);
acl.setWriteAccess(bob, true);
acl.setReadAccess(bob, true);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(alice), true);
equal(object.getACL().getWriteAccess(alice), true);
equal(object.getACL().getReadAccess(bob), true);
equal(object.getACL().getWriteAccess(bob), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
// Sign in as Bob again.
await Parse.User.logIn("bob", "pass");
object.set("foo", "bar");
object.save().then(done);
});
it("acl sharing with another user and delete", async (done) => {
// Sign in as Bob.
const bob = await Parse.User.signUp("bob", "pass");
await Parse.User.logOut();
// Sign in as Alice.
const alice = await Parse.User.signUp("alice", "wonderland");
// Create an object shared by Bob and Alice.
const object = new TestObject();
const acl = new Parse.ACL(alice);
acl.setWriteAccess(bob, true);
acl.setReadAccess(bob, true);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(alice), true);
equal(object.getACL().getWriteAccess(alice), true);
equal(object.getACL().getReadAccess(bob), true);
equal(object.getACL().getWriteAccess(bob), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
// Sign in as Bob again.
await Parse.User.logIn("bob", "pass");
object.set("foo", "bar");
object.destroy().then(done);
});
it("acl sharing with another user and public get", async (done) => {
const bob = await Parse.User.signUp("bob", "pass");
await Parse.User.logOut();
// Sign in as Alice.
const alice = await Parse.User.signUp("alice", "wonderland");
// Create an object shared by Bob and Alice.
const object = new TestObject();
const acl = new Parse.ACL(alice);
acl.setWriteAccess(bob, true);
acl.setReadAccess(bob, true);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(alice), true);
equal(object.getACL().getWriteAccess(alice), true);
equal(object.getACL().getReadAccess(bob), true);
equal(object.getACL().getWriteAccess(bob), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
// Start making requests by the public.
await Parse.User.logOut()
const query = new Parse.Query(TestObject);
query.get(object.id).then((result) => {
fail(result);
}, (error) => {
expect(error.code).toEqual(Parse.Error.OBJECT_NOT_FOUND);
done();
});
});
it("acl sharing with another user and public find", async (done) => {
const bob = await Parse.User.signUp("bob", "pass");
await Parse.User.logOut();
// Sign in as Alice.
const alice = await Parse.User.signUp("alice", "wonderland");
// Create an object shared by Bob and Alice.
const object = new TestObject();
const acl = new Parse.ACL(alice);
acl.setWriteAccess(bob, true);
acl.setReadAccess(bob, true);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(alice), true);
equal(object.getACL().getWriteAccess(alice), true);
equal(object.getACL().getReadAccess(bob), true);
equal(object.getACL().getWriteAccess(bob), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
// Start making requests by the public.
Parse.User.logOut()
.then(() => {
const query = new Parse.Query(TestObject);
query.find().then(function(results) {
equal(results.length, 0);
done();
});
});
});
it("acl sharing with another user and public update", async (done) => {
// Sign in as Bob.
const bob = await Parse.User.signUp("bob", "pass");
await Parse.User.logOut();
// Sign in as Alice.
const alice = await Parse.User.signUp("alice", "wonderland");
// Create an object shared by Bob and Alice.
const object = new TestObject();
const acl = new Parse.ACL(alice);
acl.setWriteAccess(bob, true);
acl.setReadAccess(bob, true);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(alice), true);
equal(object.getACL().getWriteAccess(alice), true);
equal(object.getACL().getReadAccess(bob), true);
equal(object.getACL().getWriteAccess(bob), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
// Start making requests by the public.
Parse.User.logOut()
.then(() => {
object.set("foo", "bar");
object.save().then(() => {
fail('expected failure');
}, (error) => {
expect(error.code).toEqual(Parse.Error.OBJECT_NOT_FOUND);
done();
});
});
});
it("acl sharing with another user and public delete", async (done) => {
// Sign in as Bob.
const bob = await Parse.User.signUp("bob", "pass");
await Parse.User.logOut();
// Sign in as Alice.
const alice = await Parse.User.signUp("alice", "wonderland");
// Create an object shared by Bob and Alice.
const object = new TestObject();
const acl = new Parse.ACL(alice);
acl.setWriteAccess(bob, true);
acl.setReadAccess(bob, true);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(alice), true);
equal(object.getACL().getWriteAccess(alice), true);
equal(object.getACL().getReadAccess(bob), true);
equal(object.getACL().getWriteAccess(bob), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
// Start making requests by the public.
Parse.User.logOut()
.then(() => object.destroy())
.then(() => {
fail('expected failure');
}, (error) => {
expect(error.code).toEqual(Parse.Error.OBJECT_NOT_FOUND);
done();
});
});
it("acl saveAll with permissions", async (done) => {
const alice = await Parse.User.signUp("alice", "wonderland");
const acl = new Parse.ACL(alice);
const object1 = new TestObject();
const object2 = new TestObject();
object1.setACL(acl);
object2.setACL(acl);
await Parse.Object.saveAll([object1, object2]);
equal(object1.getACL().getReadAccess(alice), true);
equal(object1.getACL().getWriteAccess(alice), true);
equal(object1.getACL().getPublicReadAccess(), false);
equal(object1.getACL().getPublicWriteAccess(), false);
equal(object2.getACL().getReadAccess(alice), true);
equal(object2.getACL().getWriteAccess(alice), true);
equal(object2.getACL().getPublicReadAccess(), false);
equal(object2.getACL().getPublicWriteAccess(), false);
// Save all the objects after updating them.
object1.set("foo", "bar");
object2.set("foo", "bar");
await Parse.Object.saveAll([object1, object2]);
const query = new Parse.Query(TestObject);
query.equalTo("foo", "bar");
query.find().then(function(results) {
equal(results.length, 2);
done();
});
});
it("empty acl works", async (done) => {
await Parse.User.signUp("tdurden", "mayhem", {
ACL: new Parse.ACL(),
foo: "bar"
});
await Parse.User.logOut()
const user = await Parse.User.logIn("tdurden", "mayhem");
equal(user.get("foo"), "bar");
done();
});
it("query for included object with ACL works", async (done) => {
const obj1 = new Parse.Object("TestClass1");
const obj2 = new Parse.Object("TestClass2");
const acl = new Parse.ACL();
acl.setPublicReadAccess(true);
obj2.set("ACL", acl);
obj1.set("other", obj2);
await obj1.save();
obj2._clearServerData();
const query = new Parse.Query("TestClass1");
const obj1Again = await query.first();
ok(!obj1Again.get("other").get("ACL"));
query.include("other");
const obj1AgainWithInclude = await query.first();
ok(obj1AgainWithInclude.get("other").get("ACL"));
done();
});
it('restricted ACL does not have public access', (done) => {
const obj = new Parse.Object("TestClassMasterACL");
const acl = new Parse.ACL();
obj.set('ACL', acl);
obj.save().then(() => {
const query = new Parse.Query("TestClassMasterACL");
return query.find();
}).then((results) => {
ok(!results.length, 'Should not have returned object with secure ACL.');
done();
});
});
it('regression test #701', done => {
const config = Config.get('test');
const anonUser = {
authData: {
anonymous: {
id: '00000000-0000-0000-0000-000000000001'
}
}
};
Parse.Cloud.afterSave(Parse.User, req => {
if (!req.object.existed()) {
const user = req.object;
const acl = new Parse.ACL(user);
user.setACL(acl);
user.save(null, {useMasterKey: true}).then(user => {
new Parse.Query('_User').get(user.objectId).then(() => {
fail('should not have fetched user without public read enabled');
done();
}, error => {
expect(error.code).toEqual(Parse.Error.OBJECT_NOT_FOUND);
done();
});
}, done.fail);
}
});
rest.create(config, auth.nobody(config), '_User', anonUser)
})
});
Reference in New Issue View Git Blame Copy Permalink