From a6c988176e24464aa4f810344b9573b7b58ca990 Mon Sep 17 00:00:00 2001
From: Florent Vilmart <flovilmart@users.noreply.github.com>
Date: Wed, 7 Dec 2016 17:18:52 -0500
Subject: [PATCH] Adds tests that shows issue #3194 is ok (#3200)

---
 spec/ParseACL.spec.js | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/spec/ParseACL.spec.js b/spec/ParseACL.spec.js
index 2e3eba8294..f28ea5c042 100644
--- a/spec/ParseACL.spec.js
+++ b/spec/ParseACL.spec.js
@@ -733,6 +733,40 @@ describe('Parse.ACL', () => {
     });
   });
 
+  it("acl making an object privately writable (#3194)", (done) => {
+    // Create an object owned by Alice.
+    var object;
+    var user2;
+    var user = new Parse.User();
+    user.set("username", "alice");
+    user.set("password", "wonderland");
+    user.signUp().then(() => {
+      object = new TestObject();
+      var acl = new Parse.ACL(user);
+      acl.setPublicWriteAccess(false);
+      acl.setPublicReadAccess(true);
+      object.setACL(acl);
+      return object.save().then(() => {
+        return Parse.User.logOut();
+      })
+    }).then(() => {
+      user2 = new Parse.User();
+      user2.set("username", "bob");
+      user2.set("password", "burger");
+      return user2.signUp();
+    }).then(() => {
+      console.log(user2.getSessionToken());
+      return object.destroy({sessionToken: user2.getSessionToken() });
+    }).then((res) => {
+      console.log(res);
+      fail('should not be able to destroy the object');
+      done();
+    }, (err) => {
+      console.error(err);
+      done();
+    });
+  });
+
   it("acl sharing with another user and get", (done) => {
     // Sign in as Bob.
     Parse.User.signUp("bob", "pass", null, {