Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GraphQL: ACL #5957

Merged
merged 7 commits into from
Oct 2, 2019
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
175 changes: 175 additions & 0 deletions spec/ParseGraphQLServer.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -4875,6 +4875,181 @@ describe('ParseGraphQLServer', () => {
expect(Date.parse(getResult.data.get.updatedAt)).not.toEqual(NaN);
});

it('should support ACL', async () => {
const someClass = new Parse.Object('SomeClass');
await someClass.save();

const user = new Parse.User();
user.set('username', 'username');
user.set('password', 'password');
await user.signUp();

const user2 = new Parse.User();
user2.set('username', 'username2');
user2.set('password', 'password2');
await user2.signUp();

const roleACL = new Parse.ACL();
roleACL.setPublicReadAccess(true);

const role = new Parse.Role('aRole', roleACL);
await role.save();

const role2 = new Parse.Role('aRole2', roleACL);
await role2.save();

await parseGraphQLServer.parseGraphQLSchema.databaseController.schemaCache.clear();

const {
data: { createSomeClass },
} = await apolloClient.mutate({
mutation: gql`
mutation Create($fields: CreateSomeClassFieldsInput) {
createSomeClass(fields: $fields) {
id
ACL {
users {
userId
read
write
}
roles {
roleName
read
write
}
public {
read
write
}
}
}
}
`,
variables: {
fields: {
ACL: {
users: [
{ userId: user.id, read: true, write: true },
{ userId: user2.id },
],
roles: [
{ roleName: 'aRole', read: true },
{ roleName: 'aRole2' },
],
public: { read: true, write: true },
},
},
},
});

const expectedCreateACL = {
__typename: 'ACL',
users: [
{
userId: user.id,
read: true,
write: true,
__typename: 'UserACL',
},
{
userId: user2.id,
read: true,
write: true,
__typename: 'UserACL',
},
],
roles: [
{
roleName: 'aRole',
read: true,
write: false,
Moumouls marked this conversation as resolved.
Show resolved Hide resolved
__typename: 'RoleACL',
},
{
roleName: 'aRole2',
read: true,
write: true,
__typename: 'RoleACL',
},
],
public: { read: true, write: true, __typename: 'PublicACL' },
};

const query1 = new Parse.Query('SomeClass');
const obj1 = (await query1.get(createSomeClass.id, {
useMasterKey: true,
})).toJSON();

expect(obj1.ACL['role:aRole']).toEqual({ read: true });
expect(obj1.ACL['role:aRole2']).toEqual({ read: true, write: true });
expect(obj1.ACL[user.id]).toEqual({ read: true, write: true });
expect(obj1.ACL[user2.id]).toEqual({ read: true, write: true });
expect(obj1.ACL['*']).toEqual({ read: true, write: true });
expect(createSomeClass.ACL).toEqual(expectedCreateACL);

const {
data: { updateSomeClass },
} = await apolloClient.mutate({
mutation: gql`
mutation Update($id: ID!, $fields: UpdateSomeClassFieldsInput) {
updateSomeClass(id: $id, fields: $fields) {
id
ACL {
users {
userId
read
write
}
roles {
roleName
read
write
}
public {
read
write
}
}
}
}
`,
variables: {
id: createSomeClass.id,
fields: {
ACL: {
roles: [{ roleName: 'aRole', write: true }],
public: { read: true },
},
},
},
});

const expectedUpdateACL = {
__typename: 'ACL',
users: null,
roles: [
{
roleName: 'aRole',
read: true,
write: true,
__typename: 'RoleACL',
},
],
public: { read: true, write: false, __typename: 'PublicACL' },
Moumouls marked this conversation as resolved.
Show resolved Hide resolved
};

const query2 = new Parse.Query('SomeClass');
const obj2 = (await query2.get(createSomeClass.id, {
useMasterKey: true,
})).toJSON();

expect(obj2.ACL['role:aRole']).toEqual({ write: true, read: true });
expect(obj2.ACL[user.id]).toBeUndefined();
expect(obj2.ACL['*']).toEqual({ read: true });
expect(updateSomeClass.ACL).toEqual(expectedUpdateACL);
});

it('should support pointer on create', async () => {
const company = new Parse.Object('Company');
company.set('name', 'imACompany1');
Expand Down
4 changes: 4 additions & 0 deletions src/GraphQL/ParseGraphQLServer.js
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,10 @@ class ParseGraphQLServer {
config: req.config,
auth: req.auth,
},
formatError: error => {
// Allow to console.log here to debug
return error;
},
};
} catch (e) {
this.log.error(
Expand Down
Loading