Move default ACL to server side

Ref. SkygearIO/skygear-server#309
SkygearIO · Apr 7, 2017 · 5527d52 · 5527d52
2 parents ba8a377 + ac70609
commit 5527d52
Show file tree

Hide file tree

Showing 6 changed files with 55 additions and 63 deletions.
diff --git a/lib/container.js b/lib/container.js
@@ -378,6 +378,20 @@ export default class Container {
     });
   }
 
+  setRecordDefaultAccess(recordClass, acl) {
+    let container = this;
+    return new Promise(function (resolve, reject) {
+      container.makeRequest('schema:default_access', {
+        type: recordClass.recordType,
+        default_access: acl.toJSON()
+      }).then(function (body) {
+        resolve(body.result);
+      }, function (err) {
+        reject(err);
+      });
+    });
+  }
+
   /**
    * You can register your device for receiving push notifications.
    *

diff --git a/lib/record.js b/lib/record.js
@@ -70,8 +70,6 @@ const _metaKey = _.map(_metaAttrs, function (obj) {
   return obj.newKey;
 });
 
-let _defaultACL = (new ACL()).toJSON();
-
 export default class Record {
 
   constructor(recordType, attrs = defaultAttrs) {
@@ -94,7 +92,7 @@ export default class Record {
     }
     delete attrs.id; // because `id` is a readonly property
     this._id = id;
-    this._access = Record.defaultACL;
+    this._access = null;
     this.update(attrs);
     this.updateTransient(attrs._transient);
   }
@@ -112,7 +110,7 @@ export default class Record {
   }
 
   setAccess(acl) {
-    this._access = acl || Record.defaultACL;
+    this._access = acl;
   }
 
   get attributeKeys() {
@@ -232,7 +230,7 @@ export default class Record {
   toJSON() {
     let payload = {
       _id: this.id,
-      _access: this.access.toJSON()
+      _access: this.access && this.access.toJSON()
     };
     _.each(this.attributeKeys, function (key) {
       payload[key] = toJSON(this[key]);
@@ -241,16 +239,6 @@ export default class Record {
     return payload;
   }
 
-  static get defaultACL() {
-    return ACL.fromJSON(_defaultACL);
-  }
-
-  static set defaultACL(acl) {
-    // saving serialized data in order to get copy of
-    // the ACL object on `get defaultACL()`.
-    _defaultACL = (acl || new ACL()).toJSON();
-  }
-
   static validType(recordType) {
     return recordType && recordType.indexOf('_') !== 0;
   }

diff --git a/test/cloud/transport/common.js b/test/cloud/transport/common.js
@@ -180,10 +180,7 @@ describe('CommonTransport', function () {
       );
       expect(result).to.be.eql({
         result: {
-          _access: [{
-            level: 'read',
-            public: true
-          }],
+          _access: null,
           _id: 'note/uuid'
         }
       });

diff --git a/test/container.js b/test/container.js
@@ -755,6 +755,25 @@ describe('Container acl', function () {
         });
       }
     }
+  }, {
+    pattern: 'http://skygear.dev/schema/default_access',
+    fixtures: function (match, params, headers, fn) {
+      let type = params['type'];
+      let defaultAccess = params['default_access'];
+      let acl = container.ACL.fromJSON(defaultAccess);
+      let Admin = container.Role.define('Admin');
+      if (type === 'note' &&
+        acl.hasPublicReadAccess() &&
+        acl.hasWriteAccessForRole(Admin)) {
+
+        return fn({
+          result: {
+            type: type,
+            default_access: defaultAccess   // eslint-disable-line camelcase
+          }
+        });
+      }
+    }
   }]);
 
   it('set record create access', function () {
@@ -774,47 +793,24 @@ describe('Container acl', function () {
     });
   });
 
-  it('get / set default ACL', function () {
-    let Admin = container.Role.define('Admin');
-    let ACL = container.ACL;
+  it('set default ACL', function () {
     let Note = container.Record.extend('note');
-
-    // Before changes
-    let acl = container.defaultACL;
-    assert.isTrue(acl.public);
-    assert.lengthOf(Object.keys(acl.roles), 0);
-
-    let aNote = new Note({
-      content: 'Hello World'
-    });
-
-    let recordACL = aNote.access;
-    assert.isTrue(recordACL.public);
-    assert.lengthOf(Object.keys(recordACL.roles), 0);
-
-    // changes
-    acl.setPublicNoAccess();
+    let Admin = container.Role.define('Admin');
+    let acl = new container.ACL();
+    acl.setPublicReadOnly();
     acl.setReadWriteAccessForRole(Admin);
-    container.setDefaultACL(acl);
 
-    // After changes
-    acl = container.defaultACL;
+    return container.setRecordDefaultAccess(Note, acl)
+      .then((result)=> {
+        let {type, default_access: defaultAccess} = result;
+        let responseACL = container.ACL.fromJSON(defaultAccess);
 
-    assert.isNotTrue(acl.public);
-    assert.lengthOf(Object.keys(acl.roles), 1);
-    assert.equal(acl.roles[Admin.name], AccessLevel.ReadWriteLevel);
-
-    aNote = new Note({
-      content: 'Hello World Again'
-    });
-
-    recordACL = aNote.access;
-    assert.isNotTrue(recordACL.public);
-    assert.lengthOf(Object.keys(recordACL.roles), 1);
-    assert.equal(recordACL.roles[Admin.name], AccessLevel.ReadWriteLevel);
-
-    // set back to default
-    container.setDefaultACL(new ACL());
+        assert.strictEqual(type, Note.recordType);
+        assert.ok(responseACL.hasPublicReadAccess());
+        assert.ok(responseACL.hasWriteAccessForRole(Admin));
+      }, function (err) {
+        throw new Error('set record default access failed', err);
+      });
   });
 });
 

diff --git a/test/record.js b/test/record.js
@@ -196,7 +196,7 @@ describe('Extended Record', function () {
 
     expect(note.toJSON()).to.be.eql({
       _id: 'note/uid',
-      _access: [{ level: AccessLevel.ReadOnlyLevel, public: true }],
+      _access: null,
       reminderTime: {
         $type: "date",
         $date: "2016-06-03T12:00:00.000Z"
@@ -250,7 +250,7 @@ describe('Extended Record', function () {
     note.noteID = new Sequence();
     expect(note.toJSON()).to.be.eql({
       _id: 'note/uid',
-      _access: [{ level: AccessLevel.ReadOnlyLevel, public: true }],
+      _access: null,
       noteID: {
         $type: 'seq'
       }
@@ -264,7 +264,7 @@ describe('Extended Record', function () {
     note.noteID = new UnknownValue('money');
     expect(note.toJSON()).to.be.eql({
       _id: 'note/uid',
-      _access: [{ level: AccessLevel.ReadOnlyLevel, public: true }],
+      _access: null,
       noteID: {
         $type: 'unknown',
         '$underlying_type': 'money'

diff --git a/test/reference.js b/test/reference.js
@@ -55,10 +55,7 @@ describe('Reference', function () {
     record.key = ref;
     expect(record.toJSON()).to.eql({
       '_id': 'record/id',
-      '_access': [{
-        level: AccessLevel.ReadOnlyLevel,
-        public: true
-      }],
+      '_access': null,
       'key': {
         '$type': 'ref',
         '$id': 'record/id'