Skip to content

Commit

Permalink
fix2
Browse files Browse the repository at this point in the history
  • Loading branch information
@mtrezza
mtrezza committed Jun 30, 2022
1 parent 8584f36 commit deb5172
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 16 deletions.
14 changes: 2 additions & 12 deletions src/Controllers/DatabaseController.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,19 +126,8 @@ const filterSensitiveData = (
schema: SchemaController.SchemaController | any,
className: string,
protectedFields: null | Array<any>,
object: any,
query: any = {}
object: any
) => {
if (!isMaster && !Array.isArray(protectedFields)) {
protectedFields = new DatabaseController().addProtectedFields(
schema,
className,
query,
aclGroup,
auth
);
}

let userId = null;
if (auth && auth.user) userId = auth.user.id;

Expand Down Expand Up @@ -1756,6 +1745,7 @@ class DatabaseController {
}

static _validateQuery: any => void;
static filterSensitiveData: (boolean, any[], any, any, any, string, any[], any) => void;
}

module.exports = DatabaseController;
Expand Down
17 changes: 13 additions & 4 deletions src/LiveQuery/ParseLiveQueryServer.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ import {
maybeRunAfterEventTrigger,
} from '../triggers';
import { getAuthForSessionToken, Auth } from '../Auth';
import { getCacheController } from '../Controllers';
import { getCacheController, getDatabaseController } from '../Controllers';
import LRU from 'lru-cache';
import UserRouter from '../Routers/UsersRouter';
import DatabaseController from '../Controllers/DatabaseController';
Expand Down Expand Up @@ -553,16 +553,25 @@ class ParseLiveQueryServer {
if (!obj) {
return;
}
let protectedFields = classLevelPermissions?.protectedFields || [];
if (!client.hasMasterKey && !Array.isArray(protectedFields)) {
protectedFields = getDatabaseController(this.config).addProtectedFields(
classLevelPermissions,
res.object.className,
query,
aclGroup,
clientAuth
);
}
return DatabaseController.filterSensitiveData(
client.hasMasterKey,
aclGroup,
clientAuth,
op,
classLevelPermissions,
res.object.className,
classLevelPermissions?.protectedFields,
obj,
query
protectedFields,
obj
);
};
res.object = filter(res.object);
Expand Down

0 comments on commit deb5172

Please sign in to comment.