Skip to content

Move acl adding into parse server #1601

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Apr 23, 2016
Merged

Move acl adding into parse server #1601

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
18b75ed
Move writeACL knowledge out of mongoAdapter
drew-gross Apr 22, 2016
ab64ab7
Remove write ACL from mongo adapter
drew-gross Apr 22, 2016
e1cde6e
Remove readACL from Mongo Transform
drew-gross Apr 22, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 2 additions & 7 deletions src/Adapters/Storage/Mongo/MongoStorageAdapter.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,10 +163,8 @@ export class MongoStorageAdapter {
// If no objects match, reject with OBJECT_NOT_FOUND. If objects are found and deleted, resolve with undefined.
// If there is some other error, reject with INTERNAL_SERVER_ERROR.

// Currently accepts the acl, schemaController, validate
// for lecacy reasons, Parse Server should later integrate acl into the query. Database adapters
// shouldn't know about acl.
deleteObjectsByQuery(className, query, acl, schemaController, validate) {
// Currently accepts the schemaController, and validate for lecacy reasons
deleteObjectsByQuery(className, query, schemaController, validate) {
return this.adaptiveCollection(className)
.then(collection => {
let mongoWhere = transform.transformWhere(
Expand All @@ -175,9 +173,6 @@ export class MongoStorageAdapter {
query,
{ validate }
);
if (acl) {
mongoWhere = transform.addWriteACL(mongoWhere, acl);
}
return collection.deleteMany(mongoWhere)
})
.then(({ result }) => {
Expand Down
10 changes: 0 additions & 10 deletions src/Adapters/Storage/Mongo/MongoTransform.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -916,14 +916,6 @@ function transformNotInQuery(notInQueryObject, className, results) {
}
}

function addWriteACL(mongoWhere, acl) {
return {'$and': [mongoWhere, {"_wperm" : { "$in" : [null, ...acl]}}]};
}

function addReadACL(mongoWhere, acl) {
return {'$and': [mongoWhere, {"_rperm" : { "$in" : [null, "*", ...acl]}}]};
}

var DateCoder = {
JSONToDatabase(json) {
return new Date(json.iso);
Expand Down Expand Up @@ -1021,7 +1013,5 @@ module.exports = {
transformDontSelect,
transformInQuery,
transformNotInQuery,
addReadACL,
addWriteACL,
untransformObject
};
28 changes: 23 additions & 5 deletions src/Controllers/DatabaseController.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,28 @@
// Parse database.

import intersect from 'intersect';
import _ from 'lodash';

var mongodb = require('mongodb');
var Parse = require('parse/node').Parse;

var SchemaController = require('../Controllers/SchemaController');
const deepcopy = require('deepcopy');

function addWriteACL(query, acl) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

name is somehow misleading, as we do a deepCopy and return a new object, but I believe that's ok.

let newQuery = _.cloneDeep(query);
//Can't be any existing '_wperm' query, we don't allow client queries on that, no need to $and
newQuery._wperm = { "$in" : [null, ...acl]};
return newQuery;
}

function addReadACL(query, acl) {
let newQuery = _.cloneDeep(query);
//Can't be any existing '_rperm' query, we don't allow client queries on that, no need to $and
newQuery._rperm = { "$in" : [null, "*", ...acl]};
return newQuery;
}

function DatabaseController(adapter, { skipValidation } = {}) {
this.adapter = adapter;

Expand Down Expand Up @@ -161,10 +176,10 @@ DatabaseController.prototype.update = function(className, query, update, {
if (!query) {
return Promise.resolve();
}
var mongoWhere = this.transform.transformWhere(schema, className, query, {validate: !this.skipValidation});
if (acl) {
mongoWhere = this.transform.addWriteACL(mongoWhere, acl);
query = addWriteACL(query, acl);
}
var mongoWhere = this.transform.transformWhere(schema, className, query, {validate: !this.skipValidation});
mongoUpdate = this.transform.transformUpdate(schema, className, update, {validate: !this.skipValidation});
if (many) {
return collection.updateMany(mongoWhere, mongoUpdate);
Expand Down Expand Up @@ -299,7 +314,10 @@ DatabaseController.prototype.destroy = function(className, query, { acl } = {})
}
}
// delete by query
return this.adapter.deleteObjectsByQuery(className, query, acl, schemaController, !this.skipValidation)
if (acl) {
query = addWriteACL(query, acl);
}
return this.adapter.deleteObjectsByQuery(className, query, schemaController, !this.skipValidation)
.catch(error => {
// When deleting sessions while changing passwords, don't throw an error if they don't have any sessions.
if (className === "_Session" && error.code === Parse.Error.OBJECT_NOT_FOUND) {
Expand Down Expand Up @@ -613,10 +631,10 @@ DatabaseController.prototype.find = function(className, query, {
return Promise.resolve([]);
}
}
let mongoWhere = this.transform.transformWhere(schema, className, query);
if (!isMaster) {
mongoWhere = this.transform.addReadACL(mongoWhere, aclGroup);
query = addReadACL(query, aclGroup);
}
let mongoWhere = this.transform.transformWhere(schema, className, query);
if (count) {
delete mongoOptions.limit;
return collection.count(mongoWhere, mongoOptions);
Expand Down