Query retrieves objects with empty ACL without master key

[xaratt]

Objects with empty or non-existing ACL presents in ParseQuery::find results.

For example look at this test

        $obj = ParseObject::create('TestObject');
        $restrictedACL = new ParseACL();
        $obj->setACL($restrictedACL);
        $obj->save();
        $query = new ParseQuery('TestObject');
        $count = $query->count();

$count will be 1 after running code with local parse-server and 0 - with api.parse.com.

I mean that problem is here: this request transforms to mongo query

{'$and': [
    {},
    {'$or': [ 
        {"_rperm" : { "$exists": false }},
        {"_rperm" : { "$in" : ["*"]}}
    ]}
]};

which just returns all documents without _rperm field and doesn't care about ACL field.

[xaratt]

After few experiments with data export from Parse.com Dashboard I see that records with ACL column "Master key only" would be exported as mongo documents with field "ACL": {}. Records with "Public Read + Write" has no ACL field at all.

I think we need to add backwards compatibility in function transform.js/transformCreate for storing objects:

if (JSON.stringify(restCreate["ACL"]) == "{}") {
    mongoCreate["ACL"] = {};
}

and in function ExportAdapter.js/find for retrieving:

if (!isMaster) {
    ...
    var emptyACLCondition = {"ACL" : { "$ne" : {} }};
    mongoWhere = {'$and': [emptyACLCondition, mongoWhere, {'$or': orParts}]};
}

[gfosco]

Good catch... I have submitted #586 to correct the behavior of ACLs, it will be in 2.1.3.