Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Properly let masterKey add fields #1291

Merged
merged 1 commit into from
Mar 31, 2016
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
82 changes: 49 additions & 33 deletions spec/schemas.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -981,7 +981,7 @@ describe('schemas', () => {
});
});
});

it('should not be able to add a field', done => {
request.post({
url: 'http://localhost:8378/1/schemas/AClass',
Expand Down Expand Up @@ -1010,7 +1010,7 @@ describe('schemas', () => {
})
})
});

it('should not be able to add a field', done => {
request.post({
url: 'http://localhost:8378/1/schemas/AClass',
Expand Down Expand Up @@ -1038,7 +1038,7 @@ describe('schemas', () => {
})
})
});

it('should throw with invalid userId (>10 chars)', done => {
request.post({
url: 'http://localhost:8378/1/schemas/AClass',
Expand All @@ -1056,7 +1056,7 @@ describe('schemas', () => {
done();
})
});

it('should throw with invalid userId (<10 chars)', done => {
request.post({
url: 'http://localhost:8378/1/schemas/AClass',
Expand All @@ -1074,7 +1074,7 @@ describe('schemas', () => {
done();
})
});

it('should throw with invalid userId (invalid char)', done => {
request.post({
url: 'http://localhost:8378/1/schemas/AClass',
Expand All @@ -1092,7 +1092,7 @@ describe('schemas', () => {
done();
})
});

it('should throw with invalid * (spaces)', done => {
request.post({
url: 'http://localhost:8378/1/schemas/AClass',
Expand All @@ -1110,7 +1110,7 @@ describe('schemas', () => {
done();
})
});

it('should throw with invalid * (spaces)', done => {
request.post({
url: 'http://localhost:8378/1/schemas/AClass',
Expand All @@ -1128,7 +1128,7 @@ describe('schemas', () => {
done();
})
});

it('should throw with invalid value', done => {
request.post({
url: 'http://localhost:8378/1/schemas/AClass',
Expand All @@ -1146,7 +1146,7 @@ describe('schemas', () => {
done();
})
});

it('should throw with invalid value', done => {
request.post({
url: 'http://localhost:8378/1/schemas/AClass',
Expand All @@ -1164,10 +1164,10 @@ describe('schemas', () => {
done();
})
});

function setPermissionsOnClass(className, permissions, doPut) {
let op = request.post;
if (doPut)
if (doPut)
{
op = request.put;
}
Expand All @@ -1190,18 +1190,18 @@ describe('schemas', () => {
})
});
}

it('validate CLP 1', done => {
let user = new Parse.User();
user.setUsername('user');
user.setPassword('user');

let admin = new Parse.User();
admin.setUsername('admin');
admin.setPassword('admin');

let role = new Parse.Role('admin', new Parse.ACL());

setPermissionsOnClass('AClass', {
'find': {
'role:admin': true
Expand Down Expand Up @@ -1239,18 +1239,18 @@ describe('schemas', () => {
done();
})
});

it('validate CLP 2', done => {
let user = new Parse.User();
user.setUsername('user');
user.setPassword('user');

let admin = new Parse.User();
admin.setUsername('admin');
admin.setPassword('admin');

let role = new Parse.Role('admin', new Parse.ACL());

setPermissionsOnClass('AClass', {
'find': {
'role:admin': true
Expand Down Expand Up @@ -1304,18 +1304,18 @@ describe('schemas', () => {
done();
})
});

it('validate CLP 3', done => {
let user = new Parse.User();
user.setUsername('user');
user.setPassword('user');

let admin = new Parse.User();
admin.setUsername('admin');
admin.setPassword('admin');

let role = new Parse.Role('admin', new Parse.ACL());

setPermissionsOnClass('AClass', {
'find': {
'role:admin': true
Expand Down Expand Up @@ -1362,18 +1362,18 @@ describe('schemas', () => {
done();
});
});

it('validate CLP 4', done => {
let user = new Parse.User();
user.setUsername('user');
user.setPassword('user');

let admin = new Parse.User();
admin.setUsername('admin');
admin.setPassword('admin');

let role = new Parse.Role('admin', new Parse.ACL());

setPermissionsOnClass('AClass', {
'find': {
'role:admin': true
Expand All @@ -1400,7 +1400,7 @@ describe('schemas', () => {
// borked CLP should not affec security
return setPermissionsOnClass('AClass', {
'found': {
'role:admin': true
'role:admin': true
}
}, true).then(() => {
fail("Should not be able to save a borked CLP");
Expand Down Expand Up @@ -1430,21 +1430,21 @@ describe('schemas', () => {
done();
})
});

it('validate CLP 5', done => {
let user = new Parse.User();
user.setUsername('user');
user.setPassword('user');

let user2 = new Parse.User();
user2.setUsername('user2');
user2.setPassword('user2');
let admin = new Parse.User();
admin.setUsername('admin');
admin.setPassword('admin');

let role = new Parse.Role('admin', new Parse.ACL());

Promise.resolve().then(() => {
return Parse.Object.saveAll([user, user2, admin, role], {useMasterKey: true});
}).then(()=> {
Expand Down Expand Up @@ -1495,5 +1495,21 @@ describe('schemas', () => {
}).then(() => {
done();
});
});
});

it('can add field as master (issue #1257)', (done) => {
setPermissionsOnClass('AClass', {
'addField': {}
}).then(() => {
var obj = new Parse.Object('AClass');
obj.set('key', 'value');
return obj.save(null, {useMasterKey: true})
}).then((obj) => {
expect(obj.get('key')).toEqual('value');
done();
}, (err) => {
fail('should not fail');
done();
});
})
});
7 changes: 6 additions & 1 deletion src/Controllers/DatabaseController.js
Original file line number Diff line number Diff line change
Expand Up @@ -103,9 +103,14 @@ DatabaseController.prototype.redirectClassNameForKey = function(className, key)
// batch request, that could confuse other users of the schema.
DatabaseController.prototype.validateObject = function(className, object, query, options) {
let schema;
let isMaster = !('acl' in options);
var aclGroup = options.acl || [];
return this.loadSchema().then(s => {
schema = s;
return this.canAddField(schema, className, object, options.acl || []);
if (isMaster) {
return Promise.resolve();
}
return this.canAddField(schema, className, object, aclGroup);
}).then(() => {
return schema.validateObject(className, object, query);
});
Expand Down