Adds class level permission requiring authenticated user

flovilmart · flovilmart · commit cf8677422841 · 2016-03-07T12:23:00.000-05:00
diff --git a/spec/Schema.spec.js b/spec/Schema.spec.js
@@ -704,3 +704,216 @@ describe('Schema', () => {
     done();
   });
 });
+
+describe('Class Level Permissions for requiredAuth', () => {
+  
+  function createUser(username = 'hello', password = 'world') {
+     let user =  new Parse.User();
+     user.set("username", "hello");
+     user.set("password", "world");
+     return user.signUp(null);
+  }  
+  it('required auth test find', (done) => {
+    config.database.loadSchema().then((schema) => {
+        // Just to create a valid class
+        return schema.validateObject('Stuff', {foo: 'bar'});
+      }).then((schema) => {
+        return schema.setPermissions('Stuff', {
+          'find': {
+            'requiresAuthentication': true
+          }
+        });
+      }).then((schema) => {
+        var query = new Parse.Query('Stuff');
+        return query.find();
+      }).then((results) => {
+        fail('Class permissions should have rejected this query.');
+        done();
+      }, (e) => {
+        expect(e.message).toEqual('Permission denied, user needs to be authenticated.');
+        done();
+      });
+  });
+  
+  it('required auth test find authenticated', (done) => {
+    config.database.loadSchema().then((schema) => {
+        // Just to create a valid class
+        return schema.validateObject('Stuff', {foo: 'bar'});
+      }).then((schema) => {
+        return schema.setPermissions('Stuff', {
+          'find': {
+            'requiresAuthentication': true
+          }
+        });
+      }).then((schema) => {
+        return createUser();
+      }).then((user) => {
+        var query = new Parse.Query('Stuff');
+        return query.find();
+      }).then((results) => {
+        expect(results.length).toEqual(0);
+        done();
+      }, (e) => {
+        console.error(e);
+        fail("Should not have failed");
+        done();
+      });
+  });
+  
+  it('required auth test create authenticated', (done) => {
+    config.database.loadSchema().then((schema) => {
+        // Just to create a valid class
+        return schema.validateObject('Stuff', {foo: 'bar'});
+      }).then((schema) => {
+        return schema.setPermissions('Stuff', {
+          'create': {
+            'requiresAuthentication': true
+          }
+        });
+      }).then((schema) => {
+        return createUser();
+      }).then((user) => {
+        let stuff = new Parse.Object('Stuff');
+        stuff.set('foo', 'bar');
+        return stuff.save();
+      }).then((savedObject) => {
+        done();
+      }, (e) => {
+        console.error(e);
+        fail("Should not have failed");
+        done();
+      });
+  });
+  
+  it('required auth test create authenticated', (done) => {
+    config.database.loadSchema().then((schema) => {
+        // Just to create a valid class
+        return schema.validateObject('Stuff', {foo: 'bar'});
+      }).then((schema) => {
+        return schema.setPermissions('Stuff', {
+          'create': {
+            'requiresAuthentication': true
+          }
+        });
+      }).then((user) => {
+        let stuff = new Parse.Object('Stuff');
+        stuff.set('foo', 'bar');
+        return stuff.save();
+      }).then((results) => {
+        fail('Class permissions should have rejected this query.');
+        done();
+      }, (e) => {
+        expect(e.message).toEqual('Permission denied, user needs to be authenticated.');
+        done();
+      });
+  });
+  
+  it('required auth test create/get/update/delete authenticated', (done) => {
+    config.database.loadSchema().then((schema) => {
+      // Just to create a valid class
+      return schema.validateObject('Stuff', {foo: 'bar'});
+    }).then((schema) => {
+      return schema.setPermissions('Stuff', {
+        'create': {
+          'requiresAuthentication': true
+        },
+        'get': {
+          'requiresAuthentication': true
+        },
+        'delete': {
+          'requiresAuthentication': true
+        },
+        'update': {
+          'requiresAuthentication': true
+        }
+      });
+    }).then((schema) => {
+      return createUser();
+    }).then((user) => {
+      let stuff = new Parse.Object('Stuff');
+      stuff.set('foo', 'bar');
+      return stuff.save().then(() => {
+        let query = new Parse.Query('Stuff');
+        return query.get(stuff.id);
+      });
+    }).then((gotStuff) => {
+      gotStuff.save({'foo': 'baz'}).then(() => {
+          return gotStuff.destroy();
+      })
+    }).then(() => {
+      done();
+    }, (e) => {
+      console.error(e);
+      fail("Should not have failed");
+      done();
+    });
+  });
+  
+  it('required auth test create/get/update/delete not authenitcated', (done) => {
+    config.database.loadSchema().then((schema) => {
+      // Just to create a valid class
+      return schema.validateObject('Stuff', {foo: 'bar'});
+    }).then((schema) => {
+      return schema.setPermissions('Stuff', {
+        'get': {
+          'requiresAuthentication': true
+        },
+        'delete': {
+          'requiresAuthentication': true
+        },
+        'update': {
+          'requiresAuthentication': true
+        }
+      });
+    }).then((user) => {
+      let stuff = new Parse.Object('Stuff');
+      stuff.set('foo', 'bar');
+      return stuff.save().then(() => {
+        let query = new Parse.Query('Stuff');
+        return query.get(stuff.id);
+      });
+    }).then((res) => {
+      fail("Should not succeed!");
+      done();
+    }, (e) => {
+      expect(e.message).toEqual('Permission denied, user needs to be authenticated.');
+      done();
+    });
+  });
+  
+  it('required auth test create/get/update/delete not authenitcated', (done) => {
+    config.database.loadSchema().then((schema) => {
+      // Just to create a valid class
+      return schema.validateObject('Stuff', {foo: 'bar'});
+    }).then((schema) => {
+      return schema.setPermissions('Stuff', {
+        'find': {
+          'requiresAuthentication': true
+        },
+        'delete': {
+          'requiresAuthentication': true
+        },
+        'update': {
+          'requiresAuthentication': true
+        }
+      });
+    }).then((user) => {
+      let stuff = new Parse.Object('Stuff');
+      stuff.set('foo', 'bar');
+      return stuff.save().then(() => {
+        let query = new Parse.Query('Stuff');
+        return query.get(stuff.id);
+      })
+    }).then((result) => {
+      expect(result.get('foo')).toEqual('bar');
+      let query = new Parse.Query('Stuff');
+      return query.find();  
+   }).then((res) => {
+      fail("Should not succeed!");
+      done();
+    }, (e) => {
+      expect(e.message).toEqual('Permission denied, user needs to be authenticated.');
+      done();
+    });
+  });
+})
diff --git a/src/Schema.js b/src/Schema.js
@@ -495,6 +495,25 @@ class Schema {
       return Promise.resolve();
     }
     var perms = this.perms[className][operation];
+    
+    // If only for authenticated users
+    // make sure we have an aclGroup
+    if (perms['requiresAuthentication']) {
+      // If aclGroup has * (public)
+      if (!aclGroup || aclGroup.length == 0) {
+        throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
+        'Permission denied, user needs to be authenticated.');
+      } else if (aclGroup.indexOf('*') > -1 && aclGroup.length == 1) {
+        throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
+        'Permission denied, user needs to be authenticated.');
+      }
+      // no other CLP than requiresAuthentication
+      // let's resolve that!
+      if (Object.keys(perms).length == 1) {
+        return Promise.resolve();
+      }
+    }
+    
     // Handle the public scenario quickly
     if (perms['*']) {
       return Promise.resolve();
