Skip to content

Commit 5d99075

Browse files
committed
Properly let masterKey add fields
1 parent 7afc08a commit 5d99075

File tree

2 files changed

+55
-34
lines changed

2 files changed

+55
-34
lines changed

spec/schemas.spec.js

Lines changed: 49 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -981,7 +981,7 @@ describe('schemas', () => {
981981
});
982982
});
983983
});
984-
984+
985985
it('should not be able to add a field', done => {
986986
request.post({
987987
url: 'http://localhost:8378/1/schemas/AClass',
@@ -1010,7 +1010,7 @@ describe('schemas', () => {
10101010
})
10111011
})
10121012
});
1013-
1013+
10141014
it('should not be able to add a field', done => {
10151015
request.post({
10161016
url: 'http://localhost:8378/1/schemas/AClass',
@@ -1038,7 +1038,7 @@ describe('schemas', () => {
10381038
})
10391039
})
10401040
});
1041-
1041+
10421042
it('should throw with invalid userId (>10 chars)', done => {
10431043
request.post({
10441044
url: 'http://localhost:8378/1/schemas/AClass',
@@ -1056,7 +1056,7 @@ describe('schemas', () => {
10561056
done();
10571057
})
10581058
});
1059-
1059+
10601060
it('should throw with invalid userId (<10 chars)', done => {
10611061
request.post({
10621062
url: 'http://localhost:8378/1/schemas/AClass',
@@ -1074,7 +1074,7 @@ describe('schemas', () => {
10741074
done();
10751075
})
10761076
});
1077-
1077+
10781078
it('should throw with invalid userId (invalid char)', done => {
10791079
request.post({
10801080
url: 'http://localhost:8378/1/schemas/AClass',
@@ -1092,7 +1092,7 @@ describe('schemas', () => {
10921092
done();
10931093
})
10941094
});
1095-
1095+
10961096
it('should throw with invalid * (spaces)', done => {
10971097
request.post({
10981098
url: 'http://localhost:8378/1/schemas/AClass',
@@ -1110,7 +1110,7 @@ describe('schemas', () => {
11101110
done();
11111111
})
11121112
});
1113-
1113+
11141114
it('should throw with invalid * (spaces)', done => {
11151115
request.post({
11161116
url: 'http://localhost:8378/1/schemas/AClass',
@@ -1128,7 +1128,7 @@ describe('schemas', () => {
11281128
done();
11291129
})
11301130
});
1131-
1131+
11321132
it('should throw with invalid value', done => {
11331133
request.post({
11341134
url: 'http://localhost:8378/1/schemas/AClass',
@@ -1146,7 +1146,7 @@ describe('schemas', () => {
11461146
done();
11471147
})
11481148
});
1149-
1149+
11501150
it('should throw with invalid value', done => {
11511151
request.post({
11521152
url: 'http://localhost:8378/1/schemas/AClass',
@@ -1164,10 +1164,10 @@ describe('schemas', () => {
11641164
done();
11651165
})
11661166
});
1167-
1167+
11681168
function setPermissionsOnClass(className, permissions, doPut) {
11691169
let op = request.post;
1170-
if (doPut)
1170+
if (doPut)
11711171
{
11721172
op = request.put;
11731173
}
@@ -1190,18 +1190,18 @@ describe('schemas', () => {
11901190
})
11911191
});
11921192
}
1193-
1193+
11941194
it('validate CLP 1', done => {
11951195
let user = new Parse.User();
11961196
user.setUsername('user');
11971197
user.setPassword('user');
1198-
1198+
11991199
let admin = new Parse.User();
12001200
admin.setUsername('admin');
12011201
admin.setPassword('admin');
1202-
1202+
12031203
let role = new Parse.Role('admin', new Parse.ACL());
1204-
1204+
12051205
setPermissionsOnClass('AClass', {
12061206
'find': {
12071207
'role:admin': true
@@ -1239,18 +1239,18 @@ describe('schemas', () => {
12391239
done();
12401240
})
12411241
});
1242-
1242+
12431243
it('validate CLP 2', done => {
12441244
let user = new Parse.User();
12451245
user.setUsername('user');
12461246
user.setPassword('user');
1247-
1247+
12481248
let admin = new Parse.User();
12491249
admin.setUsername('admin');
12501250
admin.setPassword('admin');
1251-
1251+
12521252
let role = new Parse.Role('admin', new Parse.ACL());
1253-
1253+
12541254
setPermissionsOnClass('AClass', {
12551255
'find': {
12561256
'role:admin': true
@@ -1304,18 +1304,18 @@ describe('schemas', () => {
13041304
done();
13051305
})
13061306
});
1307-
1307+
13081308
it('validate CLP 3', done => {
13091309
let user = new Parse.User();
13101310
user.setUsername('user');
13111311
user.setPassword('user');
1312-
1312+
13131313
let admin = new Parse.User();
13141314
admin.setUsername('admin');
13151315
admin.setPassword('admin');
1316-
1316+
13171317
let role = new Parse.Role('admin', new Parse.ACL());
1318-
1318+
13191319
setPermissionsOnClass('AClass', {
13201320
'find': {
13211321
'role:admin': true
@@ -1362,18 +1362,18 @@ describe('schemas', () => {
13621362
done();
13631363
});
13641364
});
1365-
1365+
13661366
it('validate CLP 4', done => {
13671367
let user = new Parse.User();
13681368
user.setUsername('user');
13691369
user.setPassword('user');
1370-
1370+
13711371
let admin = new Parse.User();
13721372
admin.setUsername('admin');
13731373
admin.setPassword('admin');
1374-
1374+
13751375
let role = new Parse.Role('admin', new Parse.ACL());
1376-
1376+
13771377
setPermissionsOnClass('AClass', {
13781378
'find': {
13791379
'role:admin': true
@@ -1400,7 +1400,7 @@ describe('schemas', () => {
14001400
// borked CLP should not affec security
14011401
return setPermissionsOnClass('AClass', {
14021402
'found': {
1403-
'role:admin': true
1403+
'role:admin': true
14041404
}
14051405
}, true).then(() => {
14061406
fail("Should not be able to save a borked CLP");
@@ -1430,21 +1430,21 @@ describe('schemas', () => {
14301430
done();
14311431
})
14321432
});
1433-
1433+
14341434
it('validate CLP 5', done => {
14351435
let user = new Parse.User();
14361436
user.setUsername('user');
14371437
user.setPassword('user');
1438-
1438+
14391439
let user2 = new Parse.User();
14401440
user2.setUsername('user2');
14411441
user2.setPassword('user2');
14421442
let admin = new Parse.User();
14431443
admin.setUsername('admin');
14441444
admin.setPassword('admin');
1445-
1445+
14461446
let role = new Parse.Role('admin', new Parse.ACL());
1447-
1447+
14481448
Promise.resolve().then(() => {
14491449
return Parse.Object.saveAll([user, user2, admin, role], {useMasterKey: true});
14501450
}).then(()=> {
@@ -1495,5 +1495,21 @@ describe('schemas', () => {
14951495
}).then(() => {
14961496
done();
14971497
});
1498-
});
1498+
});
1499+
1500+
it('can add field as master (issue #1257)', (done) => {
1501+
setPermissionsOnClass('AClass', {
1502+
'addField': {}
1503+
}).then(() => {
1504+
var obj = new Parse.Object('AClass');
1505+
obj.set('key', 'value');
1506+
return obj.save(null, {useMasterKey: true})
1507+
}).then((obj) => {
1508+
expect(obj.get('key')).toEqual('value');
1509+
done();
1510+
}, (err) => {
1511+
fail('should not fail');
1512+
done();
1513+
});
1514+
})
14991515
});

src/Controllers/DatabaseController.js

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,9 +103,14 @@ DatabaseController.prototype.redirectClassNameForKey = function(className, key)
103103
// batch request, that could confuse other users of the schema.
104104
DatabaseController.prototype.validateObject = function(className, object, query, options) {
105105
let schema;
106+
let isMaster = !('acl' in options);
107+
var aclGroup = options.acl || [];
106108
return this.loadSchema().then(s => {
107109
schema = s;
108-
return this.canAddField(schema, className, object, options.acl || []);
110+
if (isMaster) {
111+
return Promise.resolve();
112+
}
113+
return this.canAddField(schema, className, object, aclGroup);
109114
}).then(() => {
110115
return schema.validateObject(className, object, query);
111116
});

0 commit comments

Comments
 (0)