Skip to content

Commit

Permalink
Adds locked down ACL on _User
Browse files Browse the repository at this point in the history
  • Loading branch information
flovilmart committed Feb 16, 2016
1 parent cf7202f commit 20eca71
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 1 deletion.
17 changes: 16 additions & 1 deletion spec/ParseUser.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,20 @@
var request = require('request');
var passwordCrypto = require('../src/password');

function verifyACL(user) {
const ACL = user.getACL();
expect(ACL.getReadAccess(user)).toBe(true);
expect(ACL.getWriteAccess(user)).toBe(true);
expect(ACL.getPublicReadAccess()).toBe(true);
expect(ACL.getPublicWriteAccess()).toBe(false);
const perms = ACL.permissionsById;
expect(Object.keys(perms).length).toBe(2);
expect(perms[user.id].read).toBe(true);
expect(perms[user.id].write).toBe(true);
expect(perms['*'].read).toBe(true);
expect(perms['*'].write).not.toBe(true);
}

describe('Parse.User testing', () => {
it("user sign up class method", (done) => {
Parse.User.signUp("asdf", "zxcv", null, {
Expand Down Expand Up @@ -57,6 +71,7 @@ describe('Parse.User testing', () => {
Parse.User.logIn("asdf", "zxcv", {
success: function(user) {
equal(user.get("username"), "asdf");
verifyACL(user);
done();
}
});
Expand Down Expand Up @@ -1352,7 +1367,7 @@ describe('Parse.User testing', () => {
var b = JSON.parse(body);
expect(b.results.length).toEqual(1);
var user = b.results[0];
expect(Object.keys(user).length).toEqual(6);
expect(Object.keys(user).length).toEqual(7);
done();
});
});
Expand Down
7 changes: 7 additions & 0 deletions src/RestWrite.js
Original file line number Diff line number Diff line change
Expand Up @@ -660,6 +660,13 @@ RestWrite.prototype.runDatabaseOperation = function() {
this.response.updatedAt = this.updatedAt;
});
} else {
// Set the default ACL for the new _User
if (!this.data.ACL && this.className === '_User') {
var ACL = {};
ACL[this.data.objectId] = { read: true, write: true };
ACL['*'] = { read: true, write: false };
this.data.ACL = ACL;
}
// Run a create
return this.config.database.create(this.className, this.data, options)
.then(() => {
Expand Down

0 comments on commit 20eca71

Please sign in to comment.