it('empty acl works', async done => { await Parse.User.signUp('tdurden', 'mayhem', { ACL: new Parse.ACL(), foo: 'bar', }); await Parse.User.logOut(); const user = await Parse.User.logIn('tdurden', 'mayhem'); equal(user.get('foo'), 'bar'); done(); });
const createRole = function(name, sibling, user) { const role = new Parse.Role(name, new Parse.ACL()); if (user) { const users = role.relation('users'); users.add(user); } if (sibling) { role.relation('roles').add(sibling); } return role.save({}, { useMasterKey: true }); }
beforeEach(async done => { const userACL = new Parse.ACL(); userACL.setPublicReadAccess(true); await user.setACL(userACL).save(null, { useMasterKey: true }); done(); });
it('refresh object with acl', async done => { // Create an object owned by Alice. const user = new Parse.User(); user.set('username', 'alice'); user.set('password', 'wonderland'); await user.signUp(null); const object = new TestObject(); const acl = new Parse.ACL(user); object.setACL(acl); await object.save(); await object.fetch(); done(); });
it('query for included object with ACL works', async done => { const obj1 = new Parse.Object('TestClass1'); const obj2 = new Parse.Object('TestClass2'); const acl = new Parse.ACL(); acl.setPublicReadAccess(true); obj2.set('ACL', acl); obj1.set('other', obj2); await obj1.save(); obj2._clearServerData(); const query = new Parse.Query('TestClass1'); const obj1Again = await query.first(); ok(!obj1Again.get('other').get('ACL')); query.include('other'); const obj1AgainWithInclude = await query.first(); ok(obj1AgainWithInclude.get('other').get('ACL')); done(); });
it('will match non-public ACL when client has master key', function (done) { const parseLiveQueryServer = new ParseLiveQueryServer({}); const acl = new Parse.ACL(); acl.setPublicReadAccess(false); const client = { getSubscriptionInfo: jasmine .createSpy('getSubscriptionInfo') .and.returnValue({}), hasMasterKey: true, }; const requestId = 0; parseLiveQueryServer ._matchesACL(acl, client, requestId) .then(function (isMatched) { expect(isMatched).toBe(true); done(); }); });
it('should not match any entry when searching for null in users relation', done => { const user = new Parse.User(); user.save({ username: 'admin', password: 'admin' }).then(user => { const aCL = new Parse.ACL(); aCL.setPublicReadAccess(true); aCL.setPublicWriteAccess(true); const role = new Parse.Role('admin', aCL); const users = role.relation('users'); users.add(user); role.save({}, { useMasterKey: true }).then(() => { const query = new Parse.Query(Parse.Role); query.equalTo('name', 'admin'); query.equalTo('users', null); query.find().then(function(roles) { expect(roles.length).toEqual(0); done(); }); }); }); });
it("won't match non-public ACL with role when there is no user", function (done) { const parseLiveQueryServer = new ParseLiveQueryServer({}); const acl = new Parse.ACL(); acl.setPublicReadAccess(false); acl.setRoleReadAccess('livequery', true); const client = { getSubscriptionInfo: jasmine .createSpy('getSubscriptionInfo') .and.returnValue({}), }; const requestId = 0; parseLiveQueryServer ._matchesACL(acl, client, requestId) .then(function (isMatched) { expect(isMatched).toBe(false); done(); }) .catch(done.fail); });
it('restricted ACL does not have public access', done => { const obj = new Parse.Object('TestClassMasterACL'); const acl = new Parse.ACL(); obj.set('ACL', acl); obj .save() .then(() => { const query = new Parse.Query('TestClassMasterACL'); return query.find(); }) .then(results => { ok(!results.length, 'Should not have returned object with secure ACL.'); done(); }); });
it('can match ACL with valid subscription sessionToken', function (done) { const parseLiveQueryServer = new ParseLiveQueryServer({}); const acl = new Parse.ACL(); acl.setReadAccess(testUserId, true); const client = { getSubscriptionInfo: jasmine .createSpy('getSubscriptionInfo') .and.returnValue({ sessionToken: 'sessionToken', }), }; const requestId = 0; parseLiveQueryServer ._matchesACL(acl, client, requestId) .then(function (isMatched) { expect(isMatched).toBe(true); done(); }); });
beforeEach(async done => { const userACL = new Parse.ACL(); userACL.setPublicReadAccess(true); await user.setACL(userACL).save(null, { useMasterKey: true }); done(); });
it('can match ACL with public read access', function (done) { const parseLiveQueryServer = new ParseLiveQueryServer({}); const acl = new Parse.ACL(); acl.setPublicReadAccess(true); const client = { getSubscriptionInfo: jasmine .createSpy('getSubscriptionInfo') .and.returnValue({ sessionToken: 'sessionToken', }), }; const requestId = 0; parseLiveQueryServer ._matchesACL(acl, client, requestId) .then(function (isMatched) { expect(isMatched).toBe(true); done(); }); });
it("won't match non-public ACL when client has no master key", function (done) { const parseLiveQueryServer = new ParseLiveQueryServer({}); const acl = new Parse.ACL(); acl.setPublicReadAccess(false); const client = { getSubscriptionInfo: jasmine .createSpy('getSubscriptionInfo') .and.returnValue({}), hasMasterKey: false, }; const requestId = 0; parseLiveQueryServer ._matchesACL(acl, client, requestId) .then(function (isMatched) { expect(isMatched).toBe(false); done(); }); });
it("won't match ACL that doesn't have public read or any roles", function (done) { const parseLiveQueryServer = new ParseLiveQueryServer({}); const acl = new Parse.ACL(); acl.setPublicReadAccess(false); const client = { getSubscriptionInfo: jasmine .createSpy('getSubscriptionInfo') .and.returnValue({ sessionToken: 'sessionToken', }), }; const requestId = 0; parseLiveQueryServer ._matchesACL(acl, client, requestId) .then(function (isMatched) { expect(isMatched).toBe(false); done(); }); });
it('can match ACL with valid client sessionToken', function (done) { const parseLiveQueryServer = new ParseLiveQueryServer({}); const acl = new Parse.ACL(); acl.setReadAccess(testUserId, true); // Mock sessionTokenCache will return false when sessionToken is undefined const client = { sessionToken: 'sessionToken', getSubscriptionInfo: jasmine .createSpy('getSubscriptionInfo') .and.returnValue({ sessionToken: undefined, }), }; const requestId = 0; parseLiveQueryServer ._matchesACL(acl, client, requestId) .then(function (isMatched) { expect(isMatched).toBe(true); done(); }); });