/** * Get whether the public is allowed to read this object. */ public boolean getPublicReadAccess() { return getReadAccess(PUBLIC_KEY); }
/** * Get whether users belonging to the role with the given roleName are allowed to read this * object. Even if this returns {@code false}, the role may still be able to read it if a parent * role has read access. * * @param roleName The name of the role. * @return {@code true} if the role has read access. {@code false} otherwise. */ public boolean getRoleReadAccess(String roleName) { return getReadAccess(KEY_ROLE_PREFIX + roleName); }
/** * Set whether the given user id is allowed to write this object. */ public void setWriteAccess(String userId, boolean allowed) { if (userId == null) { throw new IllegalArgumentException("cannot setWriteAccess for null userId"); } boolean readPermission = getReadAccess(userId); setPermissionsIfNonEmpty(userId, readPermission, allowed); }
/** * Get whether the given user id is *explicitly* allowed to read this object. Even if this returns * {@code false}, the user may still be able to access it if getPublicReadAccess returns * {@code true} or a role that the user belongs to has read access. */ public boolean getReadAccess(ParseUser user) { if (isUnresolvedUser(user)) { return getReadAccess(UNRESOLVED_KEY); } if (user.isLazy()) { return false; } if (user.getObjectId() == null) { throw new IllegalArgumentException("cannot getReadAccess for a user with null id"); } return getReadAccess(user.getObjectId()); }
/** * Returns true iff the object is visible based on its read ACL and the given user objectId. */ /* package */ static <T extends ParseObject> boolean hasReadAccess(ParseUser user, T object) { if (user == object) { return true; } ParseACL acl = object.getACL(); if (acl == null) { return true; } if (acl.getPublicReadAccess()) { return true; } return user != null && acl.getReadAccess(user); // TODO: Implement roles. }
@Test public void testHasReadAccessWithNoReadAccess() { ParseACL acl = mock(ParseACL.class); when(acl.getPublicReadAccess()).thenReturn(false); when(acl.getReadAccess(any(ParseUser.class))).thenReturn(false); ParseObject object = mock(ParseObject.class); when(object.getACL()).thenReturn(acl); assertFalse(OfflineQueryLogic.hasReadAccess(null, object)); }
@Test public void testHasReadAccessWithReadAccess() { ParseUser user = mock(ParseUser.class); when(user.getObjectId()).thenReturn("test"); ParseACL acl = mock(ParseACL.class); when(acl.getReadAccess(user)).thenReturn(true); ParseObject object = mock(ParseObject.class); when(object.getACL()).thenReturn(acl); assertTrue(OfflineQueryLogic.hasReadAccess(user, object)); }
@Test(expected = IllegalArgumentException.class) public void testGetReadAccessWithNullUserId() { ParseACL acl = new ParseACL(); String userId = null; acl.getReadAccess(userId); }
@Test public void testGetAccessWithNoPermission() { ParseACL acl = new ParseACL(); assertFalse(acl.getReadAccess("userId")); }
@Test public void testSetUserReadAccessWithLazyUser() { ParseUser unresolvedUser = mock(ParseUser.class); when(unresolvedUser.isLazy()).thenReturn(true); ParseACL acl = new ParseACL(); acl.setReadAccess(unresolvedUser, true); assertSame(unresolvedUser, acl.getUnresolvedUser()); verify(unresolvedUser, times(1)).registerSaveListener(any(GetCallback.class)); assertTrue(acl.getPermissionsById().containsKey(UNRESOLVED_KEY)); assertTrue(acl.getReadAccess(unresolvedUser)); assertEquals(1, acl.getPermissionsById().size()); }
@Test public void testGetAccessWithPermission() { ParseACL acl = new ParseACL(); acl.setReadAccess("userId", true); assertTrue(acl.getReadAccess("userId")); }
@Test(expected = IllegalArgumentException.class) public void testGetUserReadAccessWithNotSavedUser() { ParseACL acl = new ParseACL(); ParseUser user = new ParseUser(); assertFalse(acl.getReadAccess(user)); }
@Test public void testSetAccessWithAllowed() { ParseACL acl = new ParseACL(); acl.setReadAccess("userId", true); assertTrue(acl.getReadAccess("userId")); assertEquals(1, acl.getPermissionsById().size()); }
@Test public void testGetUserReadAccessWithLazyUser() { ParseACL acl = new ParseACL(); ParseUser user = new ParseUser(); setLazy(user); assertFalse(acl.getReadAccess(user)); }
@Test public void testSetAccessWithPermissionsAndNotAllowed() { ParseACL acl = new ParseACL(); acl.setReadAccess("userId", true); acl.setReadAccess("userId", false); // Make sure we remove the read access assertFalse(acl.getReadAccess("userId")); assertEquals(0, acl.getPermissionsById().size()); }
@Test public void testSetUserReadAccessWithNormalUser() { ParseUser user = new ParseUser(); user.setObjectId("test"); ParseACL acl = new ParseACL(); acl.setReadAccess(user, true); assertTrue(acl.getReadAccess(user)); assertEquals(1, acl.getPermissionsById().size()); }
@Test public void testGetUserReadAccessWithUnresolvedUser() { ParseACL acl = new ParseACL(); ParseUser user = new ParseUser(); setLazy(user); // Since user is a lazy user, this will set the acl's unresolved user and give it read access acl.setReadAccess(user, true); assertTrue(acl.getReadAccess(user)); }
@Test public void testGetUserReadAccessWithNormalUser() { ParseACL acl = new ParseACL(); ParseUser user = new ParseUser(); user.setObjectId("test"); acl.setReadAccess(user, true); assertTrue(acl.getReadAccess(user)); }
@Test public void testConstructorWithUser() { ParseUser user = new ParseUser(); user.setObjectId("test"); ParseACL acl = new ParseACL(user); assertTrue(acl.getReadAccess("test")); assertTrue(acl.getWriteAccess("test")); }
@Test public void testResolveUserWithUnresolvedUser() { ParseACL acl = new ParseACL(); ParseUser unresolvedUser = new ParseUser(); setLazy(unresolvedUser); // This will set the unresolvedUser in acl acl.setReadAccess(unresolvedUser, true); acl.setWriteAccess(unresolvedUser, true); unresolvedUser.setObjectId("test"); acl.resolveUser(unresolvedUser); assertNull(acl.getUnresolvedUser()); assertTrue(acl.getReadAccess(unresolvedUser)); assertTrue(acl.getWriteAccess(unresolvedUser)); assertEquals(1, acl.getPermissionsById().size()); assertFalse(acl.getPermissionsById().containsKey(UNRESOLVED_KEY)); }