beforeEach(async done => { const userACL = new Parse.ACL(); userACL.setPublicReadAccess(true); await user.setACL(userACL).save(null, { useMasterKey: true }); done(); });
it('query for included object with ACL works', async done => { const obj1 = new Parse.Object('TestClass1'); const obj2 = new Parse.Object('TestClass2'); const acl = new Parse.ACL(); acl.setPublicReadAccess(true); obj2.set('ACL', acl); obj1.set('other', obj2); await obj1.save(); obj2._clearServerData(); const query = new Parse.Query('TestClass1'); const obj1Again = await query.first(); ok(!obj1Again.get('other').get('ACL')); query.include('other'); const obj1AgainWithInclude = await query.first(); ok(obj1AgainWithInclude.get('other').get('ACL')); done(); });
it("won't match ACL that doesn't have public read or any roles", function (done) { const parseLiveQueryServer = new ParseLiveQueryServer({}); const acl = new Parse.ACL(); acl.setPublicReadAccess(false); const client = { getSubscriptionInfo: jasmine .createSpy('getSubscriptionInfo') .and.returnValue({ sessionToken: 'sessionToken', }), }; const requestId = 0; parseLiveQueryServer ._matchesACL(acl, client, requestId) .then(function (isMatched) { expect(isMatched).toBe(false); done(); }); });
it('should not match any entry when searching for null in users relation', done => { const user = new Parse.User(); user.save({ username: 'admin', password: 'admin' }).then(user => { const aCL = new Parse.ACL(); aCL.setPublicReadAccess(true); aCL.setPublicWriteAccess(true); const role = new Parse.Role('admin', aCL); const users = role.relation('users'); users.add(user); role.save({}, { useMasterKey: true }).then(() => { const query = new Parse.Query(Parse.Role); query.equalTo('name', 'admin'); query.equalTo('users', null); query.find().then(function(roles) { expect(roles.length).toEqual(0); done(); }); }); }); });
it('should let masterKey lockout user', done => { const user = new Parse.User(); const ACL = new Parse.ACL(); ACL.setPublicReadAccess(false); ACL.setPublicWriteAccess(false); user.setUsername('asdf');
it('can create role and query empty users', done => { const roleACL = new Parse.ACL(); roleACL.setPublicReadAccess(true); const role = new Parse.Role('subscribers', roleACL); role.save({}, { useMasterKey: true }).then( () => { const query = role.relation('users').query(); query.find({ useMasterKey: true }).then( () => { done(); }, () => { fail('should not have errors'); done(); } ); }, () => { fail('should not have errored'); } ); });
it("won't match non-public ACL with role when there is no user", function (done) { const parseLiveQueryServer = new ParseLiveQueryServer({}); const acl = new Parse.ACL(); acl.setPublicReadAccess(false); acl.setRoleReadAccess('livequery', true); const client = { getSubscriptionInfo: jasmine .createSpy('getSubscriptionInfo') .and.returnValue({}), }; const requestId = 0; parseLiveQueryServer ._matchesACL(acl, client, requestId) .then(function (isMatched) { expect(isMatched).toBe(false); done(); }) .catch(done.fail); });
}); const acl = new Parse.ACL(); acl.setPublicReadAccess(true); acl.setPublicWriteAccess(false);
it("won't match ACL with role based read access set to false", function (done) { const parseLiveQueryServer = new ParseLiveQueryServer({}); const acl = new Parse.ACL(); acl.setPublicReadAccess(false); acl.setRoleReadAccess('otherLiveQueryRead', true); const client = {
it('should not match any entry when not matching in users relation', done => { const user = new Parse.User(); user.save({ username: 'admin', password: 'admin' }).then(user => { const aCL = new Parse.ACL(); aCL.setPublicReadAccess(true); aCL.setPublicWriteAccess(true); const role = new Parse.Role('admin', aCL); const users = role.relation('users'); users.add(user); role.save({}, { useMasterKey: true }).then(() => { const otherUser = new Parse.User(); otherUser .save({ username: 'otherUser', password: 'otherUser' }) .then(otherUser => { const query = new Parse.Query(Parse.Role); query.equalTo('name', 'admin'); query.equalTo('users', otherUser); query.find().then(function(roles) { expect(roles.length).toEqual(0); done(); }); }); }); }); });
beforeEach(async done => { const userACL = new Parse.ACL(); userACL.setPublicReadAccess(true); await user.setACL(userACL).save(null, { useMasterKey: true }); done(); });
it('will match non-public ACL when client has master key', function (done) { const parseLiveQueryServer = new ParseLiveQueryServer({}); const acl = new Parse.ACL(); acl.setPublicReadAccess(false); const client = { getSubscriptionInfo: jasmine .createSpy('getSubscriptionInfo') .and.returnValue({}), hasMasterKey: true, }; const requestId = 0; parseLiveQueryServer ._matchesACL(acl, client, requestId) .then(function (isMatched) { expect(isMatched).toBe(true); done(); }); });
it("won't match non-public ACL when client has no master key", function (done) { const parseLiveQueryServer = new ParseLiveQueryServer({}); const acl = new Parse.ACL(); acl.setPublicReadAccess(false); const client = { getSubscriptionInfo: jasmine .createSpy('getSubscriptionInfo') .and.returnValue({}), hasMasterKey: false, }; const requestId = 0; parseLiveQueryServer ._matchesACL(acl, client, requestId) .then(function (isMatched) { expect(isMatched).toBe(false); done(); }); });
it('can match ACL with public read access', function (done) { const parseLiveQueryServer = new ParseLiveQueryServer({}); const acl = new Parse.ACL(); acl.setPublicReadAccess(true); const client = { getSubscriptionInfo: jasmine .createSpy('getSubscriptionInfo') .and.returnValue({ sessionToken: 'sessionToken', }), }; const requestId = 0; parseLiveQueryServer ._matchesACL(acl, client, requestId) .then(function (isMatched) { expect(isMatched).toBe(true); done(); }); });
it('should match when matching in users relation', done => { const user = new Parse.User(); user.save({ username: 'admin', password: 'admin' }).then(user => { const aCL = new Parse.ACL(); aCL.setPublicReadAccess(true); aCL.setPublicWriteAccess(true); const role = new Parse.Role('admin', aCL); const users = role.relation('users'); users.add(user); role.save({}, { useMasterKey: true }).then(() => { const query = new Parse.Query(Parse.Role); query.equalTo('name', 'admin'); query.equalTo('users', user); query.find().then(function(roles) { expect(roles.length).toEqual(1); done(); }); }); }); });