joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a37f30409c643018afa4e5dc3a3e2838b3882115
kami-parse-server/spec/ParseACL.spec.js
Diamond Lewis e6ac3b6932 fix(prettier): Properly handle lint-stage files (#6970) 
Now handles top level files and recursive files in folders.

Set max line length to be 100
2020-10-25 15:06:58 -05:00

935 lines
31 KiB
JavaScript
Raw Blame History

// This is a port of the test suite:
// hungry/js/test/parse_acl_test.js
const rest = require('../lib/rest');
const Config = require('../lib/Config');
const auth = require('../lib/Auth');
describe('Parse.ACL', () => {
it('acl must be valid', done => {
const user = new Parse.User();
ok(
!user.setACL("Ceci n'est pas un ACL.", {
error: function (user, error) {
equal(error.code, -1);
done();
},
}),
'setACL should have returned false.'
);
});
it('refresh object with acl', async done => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set('username', 'alice');
user.set('password', 'wonderland');
await user.signUp(null);
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
await object.fetch();
done();
});
it('acl an object owned by one user and public get', async done => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set('username', 'alice');
user.set('password', 'wonderland');
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
await Parse.User.logOut();
const query = new Parse.Query(TestObject);
try {
await query.get(object.id);
done.fail('Should not have retrieved the object.');
} catch (error) {
equal(error.code, Parse.Error.OBJECT_NOT_FOUND);
done();
}
});
it('acl an object owned by one user and public find', async done => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set('username', 'alice');
user.set('password', 'wonderland');
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
// Start making requests by the public, which should all fail.
await Parse.User.logOut();
// Find
const query = new Parse.Query(TestObject);
const results = await query.find();
equal(results.length, 0);
done();
});
it('acl an object owned by one user and public update', async done => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set('username', 'alice');
user.set('password', 'wonderland');
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
// Start making requests by the public, which should all fail.
await Parse.User.logOut();
// Update
object.set('foo', 'bar');
try {
await object.save();
done.fail('Should not have been able to update the object.');
} catch (err) {
equal(err.code, Parse.Error.OBJECT_NOT_FOUND);
done();
}
});
it('acl an object owned by one user and public delete', async done => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set('username', 'alice');
user.set('password', 'wonderland');
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
// Start making requests by the public, which should all fail.
await Parse.User.logOut();
try {
await object.destroy();
done.fail('destroy should fail');
} catch (error) {
expect(error.code).toEqual(Parse.Error.OBJECT_NOT_FOUND);
done();
}
});
it('acl an object owned by one user and logged in get', async done => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set('username', 'alice');
user.set('password', 'wonderland');
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
await Parse.User.logOut();
await Parse.User.logIn('alice', 'wonderland');
// Get
const query = new Parse.Query(TestObject);
const result = await query.get(object.id);
ok(result);
equal(result.id, object.id);
equal(result.getACL().getReadAccess(user), true);
equal(result.getACL().getWriteAccess(user), true);
equal(result.getACL().getPublicReadAccess(), false);
equal(result.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
done();
});
it('acl an object owned by one user and logged in find', async done => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set('username', 'alice');
user.set('password', 'wonderland');
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
await Parse.User.logOut();
await Parse.User.logIn('alice', 'wonderland');
// Find
const query = new Parse.Query(TestObject);
const results = await query.find();
equal(results.length, 1);
const result = results[0];
ok(result);
if (!result) {
return fail();
}
equal(result.id, object.id);
equal(result.getACL().getReadAccess(user), true);
equal(result.getACL().getWriteAccess(user), true);
equal(result.getACL().getPublicReadAccess(), false);
equal(result.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
done();
});
it('acl an object owned by one user and logged in update', async done => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set('username', 'alice');
user.set('password', 'wonderland');
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
await Parse.User.logOut();
await Parse.User.logIn('alice', 'wonderland');
// Update
object.set('foo', 'bar');
await object.save();
done();
});
it('acl an object owned by one user and logged in delete', async done => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set('username', 'alice');
user.set('password', 'wonderland');
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
await Parse.User.logOut();
await Parse.User.logIn('alice', 'wonderland');
// Delete
await object.destroy();
done();
});
it('acl making an object publicly readable and public get', async done => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set('username', 'alice');
user.set('password', 'wonderland');
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
// Now make it public.
object.getACL().setPublicReadAccess(true);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), true);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
await Parse.User.logOut();
// Get
const query = new Parse.Query(TestObject);
const result = await query.get(object.id);
ok(result);
equal(result.id, object.id);
done();
});
it('acl making an object publicly readable and public find', async done => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set('username', 'alice');
user.set('password', 'wonderland');
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
// Now make it public.
object.getACL().setPublicReadAccess(true);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), true);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
await Parse.User.logOut();
// Find
const query = new Parse.Query(TestObject);
const results = await query.find();
equal(results.length, 1);
const result = results[0];
ok(result);
equal(result.id, object.id);
done();
});
it('acl making an object publicly readable and public update', async done => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set('username', 'alice');
user.set('password', 'wonderland');
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
// Now make it public.
object.getACL().setPublicReadAccess(true);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), true);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
await Parse.User.logOut();
object.set('foo', 'bar');
object.save().then(
() => {
fail('the save should fail');
},
error => {
expect(error.code).toEqual(Parse.Error.OBJECT_NOT_FOUND);
done();
}
);
});
it('acl making an object publicly readable and public delete', async done => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set('username', 'alice');
user.set('password', 'wonderland');
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
// Now make it public.
object.getACL().setPublicReadAccess(true);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), true);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
Parse.User.logOut()
.then(() => object.destroy())
.then(
() => {
fail('expected failure');
},
error => {
expect(error.code).toEqual(Parse.Error.OBJECT_NOT_FOUND);
done();
}
);
});
it('acl making an object publicly writable and public get', async done => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set('username', 'alice');
user.set('password', 'wonderland');
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
// Now make it public.
object.getACL().setPublicWriteAccess(true);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), true);
ok(object.get('ACL'));
await Parse.User.logOut();
// Get
const query = new Parse.Query(TestObject);
query
.get(object.id)
.then(done.fail)
.catch(error => {
equal(error.code, Parse.Error.OBJECT_NOT_FOUND);
done();
});
});
it('acl making an object publicly writable and public find', async done => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set('username', 'alice');
user.set('password', 'wonderland');
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
// Now make it public.
object.getACL().setPublicWriteAccess(true);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), true);
ok(object.get('ACL'));
await Parse.User.logOut();
// Find
const query = new Parse.Query(TestObject);
query.find().then(function (results) {
equal(results.length, 0);
done();
});
});
it('acl making an object publicly writable and public update', async done => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set('username', 'alice');
user.set('password', 'wonderland');
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
// Now make it public.
object.getACL().setPublicWriteAccess(true);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), true);
ok(object.get('ACL'));
Parse.User.logOut().then(() => {
// Update
object.set('foo', 'bar');
object.save().then(done);
});
});
it('acl making an object publicly writable and public delete', async done => {
// Create an object owned by Alice.
const user = new Parse.User();
user.set('username', 'alice');
user.set('password', 'wonderland');
await user.signUp();
const object = new TestObject();
const acl = new Parse.ACL(user);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
ok(object.get('ACL'));
// Now make it public.
object.getACL().setPublicWriteAccess(true);
await object.save();
equal(object.getACL().getReadAccess(user), true);
equal(object.getACL().getWriteAccess(user), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), true);
ok(object.get('ACL'));
Parse.User.logOut().then(() => {
// Delete
object.destroy().then(done);
});
});
it('acl making an object privately writable (#3194)', done => {
// Create an object owned by Alice.
let object;
let user2;
const user = new Parse.User();
user.set('username', 'alice');
user.set('password', 'wonderland');
user
.signUp()
.then(() => {
object = new TestObject();
const acl = new Parse.ACL(user);
acl.setPublicWriteAccess(false);
acl.setPublicReadAccess(true);
object.setACL(acl);
return object.save().then(() => {
return Parse.User.logOut();
});
})
.then(() => {
user2 = new Parse.User();
user2.set('username', 'bob');
user2.set('password', 'burger');
return user2.signUp();
})
.then(() => {
return object.destroy({ sessionToken: user2.getSessionToken() });
})
.then(
() => {
fail('should not be able to destroy the object');
done();
},
err => {
expect(err).not.toBeUndefined();
done();
}
);
});
it('acl sharing with another user and get', async done => {
// Sign in as Bob.
const bob = await Parse.User.signUp('bob', 'pass');
await Parse.User.logOut();
const alice = await Parse.User.signUp('alice', 'wonderland');
// Create an object shared by Bob and Alice.
const object = new TestObject();
const acl = new Parse.ACL(alice);
acl.setWriteAccess(bob, true);
acl.setReadAccess(bob, true);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(alice), true);
equal(object.getACL().getWriteAccess(alice), true);
equal(object.getACL().getReadAccess(bob), true);
equal(object.getACL().getWriteAccess(bob), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
// Sign in as Bob again.
await Parse.User.logIn('bob', 'pass');
const query = new Parse.Query(TestObject);
query.get(object.id).then(result => {
ok(result);
equal(result.id, object.id);
done();
});
});
it('acl sharing with another user and find', async done => {
// Sign in as Bob.
const bob = await Parse.User.signUp('bob', 'pass');
await Parse.User.logOut();
// Sign in as Alice.
const alice = await Parse.User.signUp('alice', 'wonderland');
// Create an object shared by Bob and Alice.
const object = new TestObject();
const acl = new Parse.ACL(alice);
acl.setWriteAccess(bob, true);
acl.setReadAccess(bob, true);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(alice), true);
equal(object.getACL().getWriteAccess(alice), true);
equal(object.getACL().getReadAccess(bob), true);
equal(object.getACL().getWriteAccess(bob), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
// Sign in as Bob again.
await Parse.User.logIn('bob', 'pass');
const query = new Parse.Query(TestObject);
query.find().then(results => {
equal(results.length, 1);
const result = results[0];
ok(result);
if (!result) {
fail('should have result');
} else {
equal(result.id, object.id);
}
done();
});
});
it('acl sharing with another user and update', async done => {
// Sign in as Bob.
const bob = await Parse.User.signUp('bob', 'pass');
await Parse.User.logOut();
// Sign in as Alice.
const alice = await Parse.User.signUp('alice', 'wonderland');
// Create an object shared by Bob and Alice.
const object = new TestObject();
const acl = new Parse.ACL(alice);
acl.setWriteAccess(bob, true);
acl.setReadAccess(bob, true);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(alice), true);
equal(object.getACL().getWriteAccess(alice), true);
equal(object.getACL().getReadAccess(bob), true);
equal(object.getACL().getWriteAccess(bob), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
// Sign in as Bob again.
await Parse.User.logIn('bob', 'pass');
object.set('foo', 'bar');
object.save().then(done);
});
it('acl sharing with another user and delete', async done => {
// Sign in as Bob.
const bob = await Parse.User.signUp('bob', 'pass');
await Parse.User.logOut();
// Sign in as Alice.
const alice = await Parse.User.signUp('alice', 'wonderland');
// Create an object shared by Bob and Alice.
const object = new TestObject();
const acl = new Parse.ACL(alice);
acl.setWriteAccess(bob, true);
acl.setReadAccess(bob, true);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(alice), true);
equal(object.getACL().getWriteAccess(alice), true);
equal(object.getACL().getReadAccess(bob), true);
equal(object.getACL().getWriteAccess(bob), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
// Sign in as Bob again.
await Parse.User.logIn('bob', 'pass');
object.set('foo', 'bar');
object.destroy().then(done);
});
it('acl sharing with another user and public get', async done => {
const bob = await Parse.User.signUp('bob', 'pass');
await Parse.User.logOut();
// Sign in as Alice.
const alice = await Parse.User.signUp('alice', 'wonderland');
// Create an object shared by Bob and Alice.
const object = new TestObject();
const acl = new Parse.ACL(alice);
acl.setWriteAccess(bob, true);
acl.setReadAccess(bob, true);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(alice), true);
equal(object.getACL().getWriteAccess(alice), true);
equal(object.getACL().getReadAccess(bob), true);
equal(object.getACL().getWriteAccess(bob), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
// Start making requests by the public.
await Parse.User.logOut();
const query = new Parse.Query(TestObject);
query.get(object.id).then(
result => {
fail(result);
},
error => {
expect(error.code).toEqual(Parse.Error.OBJECT_NOT_FOUND);
done();
}
);
});
it('acl sharing with another user and public find', async done => {
const bob = await Parse.User.signUp('bob', 'pass');
await Parse.User.logOut();
// Sign in as Alice.
const alice = await Parse.User.signUp('alice', 'wonderland');
// Create an object shared by Bob and Alice.
const object = new TestObject();
const acl = new Parse.ACL(alice);
acl.setWriteAccess(bob, true);
acl.setReadAccess(bob, true);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(alice), true);
equal(object.getACL().getWriteAccess(alice), true);
equal(object.getACL().getReadAccess(bob), true);
equal(object.getACL().getWriteAccess(bob), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
// Start making requests by the public.
Parse.User.logOut().then(() => {
const query = new Parse.Query(TestObject);
query.find().then(function (results) {
equal(results.length, 0);
done();
});
});
});
it('acl sharing with another user and public update', async done => {
// Sign in as Bob.
const bob = await Parse.User.signUp('bob', 'pass');
await Parse.User.logOut();
// Sign in as Alice.
const alice = await Parse.User.signUp('alice', 'wonderland');
// Create an object shared by Bob and Alice.
const object = new TestObject();
const acl = new Parse.ACL(alice);
acl.setWriteAccess(bob, true);
acl.setReadAccess(bob, true);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(alice), true);
equal(object.getACL().getWriteAccess(alice), true);
equal(object.getACL().getReadAccess(bob), true);
equal(object.getACL().getWriteAccess(bob), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
// Start making requests by the public.
Parse.User.logOut().then(() => {
object.set('foo', 'bar');
object.save().then(
() => {
fail('expected failure');
},
error => {
expect(error.code).toEqual(Parse.Error.OBJECT_NOT_FOUND);
done();
}
);
});
});
it('acl sharing with another user and public delete', async done => {
// Sign in as Bob.
const bob = await Parse.User.signUp('bob', 'pass');
await Parse.User.logOut();
// Sign in as Alice.
const alice = await Parse.User.signUp('alice', 'wonderland');
// Create an object shared by Bob and Alice.
const object = new TestObject();
const acl = new Parse.ACL(alice);
acl.setWriteAccess(bob, true);
acl.setReadAccess(bob, true);
object.setACL(acl);
await object.save();
equal(object.getACL().getReadAccess(alice), true);
equal(object.getACL().getWriteAccess(alice), true);
equal(object.getACL().getReadAccess(bob), true);
equal(object.getACL().getWriteAccess(bob), true);
equal(object.getACL().getPublicReadAccess(), false);
equal(object.getACL().getPublicWriteAccess(), false);
// Start making requests by the public.
Parse.User.logOut()
.then(() => object.destroy())
.then(
() => {
fail('expected failure');
},
error => {
expect(error.code).toEqual(Parse.Error.OBJECT_NOT_FOUND);
done();
}
);
});
it('acl saveAll with permissions', async done => {
const alice = await Parse.User.signUp('alice', 'wonderland');
const acl = new Parse.ACL(alice);
const object1 = new TestObject();
const object2 = new TestObject();
object1.setACL(acl);
object2.setACL(acl);
await Parse.Object.saveAll([object1, object2]);
equal(object1.getACL().getReadAccess(alice), true);
equal(object1.getACL().getWriteAccess(alice), true);
equal(object1.getACL().getPublicReadAccess(), false);
equal(object1.getACL().getPublicWriteAccess(), false);
equal(object2.getACL().getReadAccess(alice), true);
equal(object2.getACL().getWriteAccess(alice), true);
equal(object2.getACL().getPublicReadAccess(), false);
equal(object2.getACL().getPublicWriteAccess(), false);
// Save all the objects after updating them.
object1.set('foo', 'bar');
object2.set('foo', 'bar');
await Parse.Object.saveAll([object1, object2]);
const query = new Parse.Query(TestObject);
query.equalTo('foo', 'bar');
query.find().then(function (results) {
equal(results.length, 2);
done();
});
});
it('empty acl works', async done => {
await Parse.User.signUp('tdurden', 'mayhem', {
ACL: new Parse.ACL(),
foo: 'bar',
});
await Parse.User.logOut();
const user = await Parse.User.logIn('tdurden', 'mayhem');
equal(user.get('foo'), 'bar');
done();
});
it('query for included object with ACL works', async done => {
const obj1 = new Parse.Object('TestClass1');
const obj2 = new Parse.Object('TestClass2');
const acl = new Parse.ACL();
acl.setPublicReadAccess(true);
obj2.set('ACL', acl);
obj1.set('other', obj2);
await obj1.save();
obj2._clearServerData();
const query = new Parse.Query('TestClass1');
const obj1Again = await query.first();
ok(!obj1Again.get('other').get('ACL'));
query.include('other');
const obj1AgainWithInclude = await query.first();
ok(obj1AgainWithInclude.get('other').get('ACL'));
done();
});
it('restricted ACL does not have public access', done => {
const obj = new Parse.Object('TestClassMasterACL');
const acl = new Parse.ACL();
obj.set('ACL', acl);
obj
.save()
.then(() => {
const query = new Parse.Query('TestClassMasterACL');
return query.find();
})
.then(results => {
ok(!results.length, 'Should not have returned object with secure ACL.');
done();
});
});
it('regression test #701', done => {
const config = Config.get('test');
const anonUser = {
authData: {
anonymous: {
id: '00000000-0000-0000-0000-000000000001',
},
},
};
Parse.Cloud.afterSave(Parse.User, req => {
if (!req.object.existed()) {
const user = req.object;
const acl = new Parse.ACL(user);
user.setACL(acl);
user.save(null, { useMasterKey: true }).then(user => {
new Parse.Query('_User').get(user.objectId).then(
() => {
fail('should not have fetched user without public read enabled');
done();
},
error => {
expect(error.code).toEqual(Parse.Error.OBJECT_NOT_FOUND);
done();
}
);
}, done.fail);
}
});
rest.create(config, auth.nobody(config), '_User', anonUser);
});
});
Reference in New Issue View Git Blame Copy Permalink