From 42aacdf62bc359782c755ffecb595e76dfc993c2 Mon Sep 17 00:00:00 2001 From: Francis Lessard Date: Thu, 11 Feb 2016 22:16:07 -0500 Subject: [PATCH 1/5] FIX : User Roles not added to create, update or delete calls --- src/RestWrite.js | 28 ++++++++++++++++++---------- src/rest.js | 7 +++++++ 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/src/RestWrite.js b/src/RestWrite.js index f4bb7353a6..3832d59f70 100644 --- a/src/RestWrite.js +++ b/src/RestWrite.js @@ -28,6 +28,7 @@ function RestWrite(config, auth, className, query, data, originalData) { this.auth = auth; this.className = className; this.storage = {}; + this.runOptions = {}; if (!query && data.objectId) { throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, 'objectId ' + @@ -67,6 +68,8 @@ function RestWrite(config, auth, className, query, data, originalData) { // status and location are optional. RestWrite.prototype.execute = function() { return Promise.resolve().then(() => { + return this.getUserAndRoleACL(); + }).then(() => { return this.validateSchema(); }).then(() => { return this.handleInstallation(); @@ -89,6 +92,19 @@ RestWrite.prototype.execute = function() { }); }; +// Uses the Auth object to get the list of roles, adds the user id +RestWrite.prototype.getUserAndRoleACL = function() { + if (this.auth.isMaster || !this.auth.user) { + return Promise.resolve(); + } + return this.auth.getUserRoles().then((roles) => { + roles.push('*'); + roles.push(this.auth.user.id); + this.runOptions.acl = roles; + return Promise.resolve(); + }); +}; + // Validates this operation against the schema. RestWrite.prototype.validateSchema = function() { return this.config.database.validateObject(this.className, this.data); @@ -645,24 +661,16 @@ RestWrite.prototype.runDatabaseOperation = function() { throw new Parse.Error(Parse.Error.INVALID_ACL, 'Invalid ACL.'); } - var options = {}; - if (!this.auth.isMaster) { - options.acl = ['*']; - if (this.auth.user) { - options.acl.push(this.auth.user.id); - } - } - if (this.query) { // Run an update return this.config.database.update( - this.className, this.query, this.data, options).then((resp) => { + this.className, this.query, this.data, this.runOptions).then((resp) => { this.response = resp; this.response.updatedAt = this.updatedAt; }); } else { // Run a create - return this.config.database.create(this.className, this.data, options) + return this.config.database.create(this.className, this.data, this.runOptions) .then(() => { var resp = { objectId: this.data.objectId, diff --git a/src/rest.js b/src/rest.js index 552fa6be8c..094e8ab63e 100644 --- a/src/rest.js +++ b/src/rest.js @@ -56,12 +56,19 @@ function del(config, auth, className, objectId) { }); } return Promise.resolve({}); + }).then(() => { + if (!auth.isMaster) { + return auth.getUserRoles(); + }else{ + return Promise.resolve(); + } }).then(() => { var options = {}; if (!auth.isMaster) { options.acl = ['*']; if (auth.user) { options.acl.push(auth.user.id); + options.acl = options.acl.concat(auth.userRoles); } } From 220a13392d9ed587402ba04b0308f0524a2f87a4 Mon Sep 17 00:00:00 2001 From: Francis Lessard Date: Fri, 12 Feb 2016 16:32:45 -0500 Subject: [PATCH 2/5] no message --- src/RestWrite.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/RestWrite.js b/src/RestWrite.js index 497ac5b180..8dab53449b 100644 --- a/src/RestWrite.js +++ b/src/RestWrite.js @@ -27,7 +27,9 @@ function RestWrite(config, auth, className, query, data, originalData) { this.auth = auth; this.className = className; this.storage = {}; - this.runOptions = {}; + this.runOptions = { + acl:['*'] + }; if (!query && data.objectId) { throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, 'objectId ' + @@ -97,9 +99,8 @@ RestWrite.prototype.getUserAndRoleACL = function() { return Promise.resolve(); } return this.auth.getUserRoles().then((roles) => { - roles.push('*'); roles.push(this.auth.user.id); - this.runOptions.acl = roles; + this.runOptions.acl = this.runOptions.acl.concat(roles); return Promise.resolve(); }); }; From 83c0f92553fc3eda195488dc7f962c21d15d0b95 Mon Sep 17 00:00:00 2001 From: Francis Lessard Date: Sat, 13 Feb 2016 08:18:43 -0500 Subject: [PATCH 3/5] no message --- spec/ParseRole.spec.js | 2 +- src/Auth.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/ParseRole.spec.js b/spec/ParseRole.spec.js index 44476f1bd2..919e0b5544 100644 --- a/spec/ParseRole.spec.js +++ b/spec/ParseRole.spec.js @@ -49,7 +49,7 @@ describe('Parse Role testing', () => { }).then((x) => { x.set('foo', 'baz'); // This should fail: - return x.save(); + return x.save({},{sessionToken: ""}); }).then((x) => { fail('Should not have been able to save.'); }, (e) => { diff --git a/src/Auth.js b/src/Auth.js index ad9056549a..27bbf885b0 100644 --- a/src/Auth.js +++ b/src/Auth.js @@ -80,7 +80,7 @@ Auth.prototype.getUserRoles = function() { return Promise.resolve(this.userRoles); } if (this.rolePromise) { - return rolePromise; + return this.rolePromise; } this.rolePromise = this._loadRoles(); return this.rolePromise; From 5b40a589c0d06aa223dd622444da4ea093d5b3a7 Mon Sep 17 00:00:00 2001 From: Francis Lessard Date: Tue, 16 Feb 2016 10:45:43 -0500 Subject: [PATCH 4/5] Remove public ACL set by default. --- src/RestWrite.js | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/src/RestWrite.js b/src/RestWrite.js index 8dab53449b..e43aea9437 100644 --- a/src/RestWrite.js +++ b/src/RestWrite.js @@ -28,7 +28,7 @@ function RestWrite(config, auth, className, query, data, originalData) { this.className = className; this.storage = {}; this.runOptions = { - acl:['*'] + acl:[] }; if (!query && data.objectId) { @@ -95,14 +95,21 @@ RestWrite.prototype.execute = function() { // Uses the Auth object to get the list of roles, adds the user id RestWrite.prototype.getUserAndRoleACL = function() { - if (this.auth.isMaster || !this.auth.user) { + if (this.auth.isMaster) { return Promise.resolve(); } - return this.auth.getUserRoles().then((roles) => { - roles.push(this.auth.user.id); - this.runOptions.acl = this.runOptions.acl.concat(roles); + + this.runOptions.acl.push("*"); + + if( this.auth.user ){ + return this.auth.getUserRoles().then((roles) => { + roles.push(this.auth.user.id); + this.runOptions.acl = this.runOptions.acl.concat(roles); + return Promise.resolve(); + }); + }else{ return Promise.resolve(); - }); + } }; // Validates this operation against the schema. From 5de33ac226025e1d8c7b9a59566d42ca3cbb2177 Mon Sep 17 00:00:00 2001 From: Francis Lessard Date: Thu, 18 Feb 2016 13:29:26 -0500 Subject: [PATCH 5/5] Fix : save whit masterKey cause object not found. --- src/RestWrite.js | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/RestWrite.js b/src/RestWrite.js index 88296b4ef8..777973d76d 100644 --- a/src/RestWrite.js +++ b/src/RestWrite.js @@ -27,9 +27,7 @@ function RestWrite(config, auth, className, query, data, originalData) { this.auth = auth; this.className = className; this.storage = {}; - this.runOptions = { - acl:[] - }; + this.runOptions = {}; if (!query && data.objectId) { throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, 'objectId ' + @@ -99,7 +97,7 @@ RestWrite.prototype.getUserAndRoleACL = function() { return Promise.resolve(); } - this.runOptions.acl.push("*"); + this.runOptions.acl = ['*']; if( this.auth.user ){ return this.auth.getUserRoles().then((roles) => {