const createRole = function(name, sibling, user) { const role = new Parse.Role(name, new Parse.ACL()); if (user) { const users = role.relation('users'); users.add(user); } if (sibling) { role.relation('roles').add(sibling); } return role.save({}, { useMasterKey: true }); }
it('empty acl works', async done => { await Parse.User.signUp('tdurden', 'mayhem', { ACL: new Parse.ACL(), foo: 'bar', }); await Parse.User.logOut(); const user = await Parse.User.logIn('tdurden', 'mayhem'); equal(user.get('foo'), 'bar'); done(); });
it('refresh object with acl', async done => { // Create an object owned by Alice. const user = new Parse.User(); user.set('username', 'alice'); user.set('password', 'wonderland'); await user.signUp(null); const object = new TestObject(); const acl = new Parse.ACL(user); object.setACL(acl); await object.save(); await object.fetch(); done(); });
it('query for included object with ACL works', async done => { const obj1 = new Parse.Object('TestClass1'); const obj2 = new Parse.Object('TestClass2'); const acl = new Parse.ACL(); acl.setPublicReadAccess(true); obj2.set('ACL', acl); obj1.set('other', obj2); await obj1.save(); obj2._clearServerData(); const query = new Parse.Query('TestClass1'); const obj1Again = await query.first(); ok(!obj1Again.get('other').get('ACL')); query.include('other'); const obj1AgainWithInclude = await query.first(); ok(obj1AgainWithInclude.get('other').get('ACL')); done(); });
it('should match when matching in users relation', done => { const user = new Parse.User(); user.save({ username: 'admin', password: 'admin' }).then(user => { const aCL = new Parse.ACL(); aCL.setPublicReadAccess(true); aCL.setPublicWriteAccess(true); const role = new Parse.Role('admin', aCL); const users = role.relation('users'); users.add(user); role.save({}, { useMasterKey: true }).then(() => { const query = new Parse.Query(Parse.Role); query.equalTo('name', 'admin'); query.equalTo('users', user); query.find().then(function(roles) { expect(roles.length).toEqual(1); done(); }); }); }); });
it('restricted ACL does not have public access', done => { const obj = new Parse.Object('TestClassMasterACL'); const acl = new Parse.ACL(); obj.set('ACL', acl); obj .save() .then(() => { const query = new Parse.Query('TestClassMasterACL'); return query.find(); }) .then(results => { ok(!results.length, 'Should not have returned object with secure ACL.'); done(); }); });
it('acl sharing with another user and update', async done => { // Sign in as Bob. const bob = await Parse.User.signUp('bob', 'pass'); await Parse.User.logOut(); // Sign in as Alice. const alice = await Parse.User.signUp('alice', 'wonderland'); // Create an object shared by Bob and Alice. const object = new TestObject(); const acl = new Parse.ACL(alice); acl.setWriteAccess(bob, true); acl.setReadAccess(bob, true); object.setACL(acl); await object.save(); equal(object.getACL().getReadAccess(alice), true); equal(object.getACL().getWriteAccess(alice), true); equal(object.getACL().getReadAccess(bob), true); equal(object.getACL().getWriteAccess(bob), true); equal(object.getACL().getPublicReadAccess(), false); equal(object.getACL().getPublicWriteAccess(), false); // Sign in as Bob again. await Parse.User.logIn('bob', 'pass'); object.set('foo', 'bar'); object.save().then(done); });
it('can create role and query empty users', done => { const roleACL = new Parse.ACL(); roleACL.setPublicReadAccess(true); const role = new Parse.Role('subscribers', roleACL); role.save({}, { useMasterKey: true }).then( () => { const query = role.relation('users').query(); query.find({ useMasterKey: true }).then( () => { done(); }, () => { fail('should not have errors'); done(); } ); }, () => { fail('should not have errored'); } ); });
it('acl an object owned by one user and public get', async done => { // Create an object owned by Alice. const user = new Parse.User(); user.set('username', 'alice'); user.set('password', 'wonderland'); await user.signUp(); const object = new TestObject(); const acl = new Parse.ACL(user); object.setACL(acl); await object.save(); equal(object.getACL().getReadAccess(user), true); equal(object.getACL().getWriteAccess(user), true); equal(object.getACL().getPublicReadAccess(), false); equal(object.getACL().getPublicWriteAccess(), false); ok(object.get('ACL')); await Parse.User.logOut(); const query = new Parse.Query(TestObject); try { await query.get(object.id); done.fail('Should not have retrieved the object.'); } catch (error) { equal(error.code, Parse.Error.OBJECT_NOT_FOUND); done(); } });
it('should not match any entry when not matching in users relation', done => { const user = new Parse.User(); user.save({ username: 'admin', password: 'admin' }).then(user => { const aCL = new Parse.ACL(); aCL.setPublicReadAccess(true); aCL.setPublicWriteAccess(true); const role = new Parse.Role('admin', aCL); const users = role.relation('users'); users.add(user); role.save({}, { useMasterKey: true }).then(() => { const otherUser = new Parse.User(); otherUser .save({ username: 'otherUser', password: 'otherUser' }) .then(otherUser => { const query = new Parse.Query(Parse.Role); query.equalTo('name', 'admin'); query.equalTo('users', otherUser); query.find().then(function(roles) { expect(roles.length).toEqual(0); done(); }); }); }); }); });
it('acl an object owned by one user and logged in update', async done => { // Create an object owned by Alice. const user = new Parse.User(); user.set('username', 'alice'); user.set('password', 'wonderland'); await user.signUp(); const object = new TestObject(); const acl = new Parse.ACL(user); object.setACL(acl); await object.save(); equal(object.getACL().getReadAccess(user), true); equal(object.getACL().getWriteAccess(user), true); equal(object.getACL().getPublicReadAccess(), false); equal(object.getACL().getPublicWriteAccess(), false); ok(object.get('ACL')); await Parse.User.logOut(); await Parse.User.logIn('alice', 'wonderland'); // Update object.set('foo', 'bar'); await object.save(); done(); });
it('acl an object owned by one user and public find', async done => { // Create an object owned by Alice. const user = new Parse.User(); user.set('username', 'alice'); user.set('password', 'wonderland'); await user.signUp(); const object = new TestObject(); const acl = new Parse.ACL(user); object.setACL(acl); await object.save(); equal(object.getACL().getReadAccess(user), true); equal(object.getACL().getWriteAccess(user), true); equal(object.getACL().getPublicReadAccess(), false); equal(object.getACL().getPublicWriteAccess(), false); ok(object.get('ACL')); // Start making requests by the public, which should all fail. await Parse.User.logOut(); // Find const query = new Parse.Query(TestObject); const results = await query.find(); equal(results.length, 0); done(); });
it('acl sharing with another user and delete', async done => { // Sign in as Bob. const bob = await Parse.User.signUp('bob', 'pass'); await Parse.User.logOut(); // Sign in as Alice. const alice = await Parse.User.signUp('alice', 'wonderland'); // Create an object shared by Bob and Alice. const object = new TestObject(); const acl = new Parse.ACL(alice); acl.setWriteAccess(bob, true); acl.setReadAccess(bob, true); object.setACL(acl); await object.save(); equal(object.getACL().getReadAccess(alice), true); equal(object.getACL().getWriteAccess(alice), true); equal(object.getACL().getReadAccess(bob), true); equal(object.getACL().getWriteAccess(bob), true); equal(object.getACL().getPublicReadAccess(), false); equal(object.getACL().getPublicWriteAccess(), false); // Sign in as Bob again. await Parse.User.logIn('bob', 'pass'); object.set('foo', 'bar'); object.destroy().then(done); });
it('acl an object owned by one user and logged in delete', async done => { // Create an object owned by Alice. const user = new Parse.User(); user.set('username', 'alice'); user.set('password', 'wonderland'); await user.signUp(); const object = new TestObject(); const acl = new Parse.ACL(user); object.setACL(acl); await object.save(); equal(object.getACL().getReadAccess(user), true); equal(object.getACL().getWriteAccess(user), true); equal(object.getACL().getPublicReadAccess(), false); equal(object.getACL().getPublicWriteAccess(), false); ok(object.get('ACL')); await Parse.User.logOut(); await Parse.User.logIn('alice', 'wonderland'); // Delete await object.destroy(); done(); });
it('should not match any entry when searching for null in users relation', done => { const user = new Parse.User(); user.save({ username: 'admin', password: 'admin' }).then(user => { const aCL = new Parse.ACL(); aCL.setPublicReadAccess(true); aCL.setPublicWriteAccess(true); const role = new Parse.Role('admin', aCL); const users = role.relation('users'); users.add(user); role.save({}, { useMasterKey: true }).then(() => { const query = new Parse.Query(Parse.Role); query.equalTo('name', 'admin'); query.equalTo('users', null); query.find().then(function(roles) { expect(roles.length).toEqual(0); done(); }); }); }); });