Skip to content

Commit

Permalink
Prevents _User lock out when setting ACL on signup or afterwards (#1429)
Browse files Browse the repository at this point in the history
  • Loading branch information
flovilmart committed Apr 8, 2016
1 parent 30197a7 commit b433fb9
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 3 deletions.
49 changes: 49 additions & 0 deletions spec/ParseUser.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,55 @@ describe('Parse.User testing', () => {
});
});

it('should respect ACL without locking user out', (done) => {
let user = new Parse.User();
let ACL = new Parse.ACL();
ACL.setPublicReadAccess(false);
ACL.setPublicWriteAccess(false);
user.setUsername('asdf');
user.setPassword('zxcv');
user.setACL(ACL);
user.signUp().then((user) => {
return Parse.User.logIn("asdf", "zxcv");
}).then((user) => {
equal(user.get("username"), "asdf");
const ACL = user.getACL();
expect(ACL.getReadAccess(user)).toBe(true);
expect(ACL.getWriteAccess(user)).toBe(true);
expect(ACL.getPublicReadAccess()).toBe(false);
expect(ACL.getPublicWriteAccess()).toBe(false);
const perms = ACL.permissionsById;
expect(Object.keys(perms).length).toBe(1);
expect(perms[user.id].read).toBe(true);
expect(perms[user.id].write).toBe(true);
expect(perms['*']).toBeUndefined();
// Try to lock out user
let newACL = new Parse.ACL();
newACL.setReadAccess(user.id, false);
newACL.setWriteAccess(user.id, false);
user.setACL(newACL);
return user.save();
}).then((user) => {
return Parse.User.logIn("asdf", "zxcv");
}).then((user) => {
equal(user.get("username"), "asdf");
const ACL = user.getACL();
expect(ACL.getReadAccess(user)).toBe(true);
expect(ACL.getWriteAccess(user)).toBe(true);
expect(ACL.getPublicReadAccess()).toBe(false);
expect(ACL.getPublicWriteAccess()).toBe(false);
const perms = ACL.permissionsById;
expect(Object.keys(perms).length).toBe(1);
expect(perms[user.id].read).toBe(true);
expect(perms[user.id].write).toBe(true);
expect(perms['*']).toBeUndefined();
done();
}).catch((err) => {
fail("Should not fail");
done();
})
});

it("user login with files", (done) => {
let file = new Parse.File("yolo.txt", [1,2,3], "text/plain");
file.save().then((file) => {
Expand Down
16 changes: 13 additions & 3 deletions src/RestWrite.js
Original file line number Diff line number Diff line change
Expand Up @@ -716,6 +716,11 @@ RestWrite.prototype.runDatabaseOperation = function() {
}

if (this.query) {
// Force the user to not lockout
// Matched with parse.com
if (this.className === '_User' && this.data.ACL) {
this.data.ACL[this.query.objectId] = { read: true, write: true };
}
// Run an update
return this.config.database.update(
this.className, this.query, this.data, this.runOptions).then((resp) => {
Expand All @@ -732,10 +737,15 @@ RestWrite.prototype.runDatabaseOperation = function() {
});
} else {
// Set the default ACL for the new _User
if (!this.data.ACL && this.className === '_User') {
var ACL = {};
if (this.className === '_User') {
var ACL = this.data.ACL;
// default public r/w ACL
if (!ACL) {
ACL = {};
ACL['*'] = { read: true, write: false };
}
// make sure the user is not locked down
ACL[this.data.objectId] = { read: true, write: true };
ACL['*'] = { read: true, write: false };
this.data.ACL = ACL;
}

Expand Down

0 comments on commit b433fb9

Please sign in to comment.