Example #1
0
  it('validate CLP 3', done => {
    let user = new Parse.User();
    user.setUsername('user');
    user.setPassword('user');

    let admin = new Parse.User();
    admin.setUsername('admin');
    admin.setPassword('admin');

    let role = new Parse.Role('admin', new Parse.ACL());

    setPermissionsOnClass('AClass', {
      'find': {
        'role:admin': true
      }
    }).then(() => {
      return Parse.Object.saveAll([user, admin, role], {useMasterKey: true});
    }).then(()=> {
      role.relation('users').add(admin);
      return role.save(null, {useMasterKey: true});
    }).then(() => {
     return Parse.User.logIn('user', 'user').then(() => {
        let obj = new Parse.Object('AClass');
        return obj.save(null, {useMasterKey: true});
      })
    }).then(() => {
      let query = new Parse.Query('AClass');
      return query.find().then((err) => {
        fail('User should not be able to find!')
      }, (err) => {
        expect(err.message).toEqual('Permission denied for action find on class AClass.');
        return Promise.resolve();
      })
    }).then(() => {
      // delete all CLP
      return setPermissionsOnClass('AClass', null, true);
    }).then(() => {
      let query = new Parse.Query('AClass');
      return query.find().then((result) => {
        expect(result.length).toBe(1);
      }, (err) => {
        fail('User should be able to find!')
        done();
      });
    }).then(() => {
      return Parse.User.logIn('admin', 'admin');
    }).then( () => {
      let query = new Parse.Query('AClass');
      return query.find();
    }).then((results) => {
      expect(results.length).toBe(1);
      done();
    }).catch((err) => {
      jfail(err);
      done();
    });
  });
Example #2
0
 it("regression test for #1991", done => {
   let user = new Parse.User();
   user.setUsername('user');
   user.setPassword('user');
   let role = new Parse.Role('admin', new Parse.ACL());
   let obj = new Parse.Object('AnObject');
   Parse.Object.saveAll([user, role]).then(() => {
     role.relation('users').add(user);
     return role.save(null, {useMasterKey: true});
   }).then(() => {
     return setPermissionsOnClass('AnObject', {
       'get': {"*": true},
       'find': {"*": true},
       'create': {'*': true},
       'update': {'role:admin': true},
       'delete': {'role:admin': true}
     })
   }).then(() => {
     return obj.save();
   }).then(() => {
     return Parse.User.logIn('user', 'user')
   }).then(() => {
     return obj.destroy();
   }).then((result) => {
     let query = new Parse.Query('AnObject');
     return query.find();
   }).then((results) => {
     expect(results.length).toBe(0);
     done();
   }).catch((err) => {
     fail('should not fail');
     jfail(err);
     done();
   });
 });
Example #3
0
  it('validate CLP 5', done => {
    let user = new Parse.User();
    user.setUsername('user');
    user.setPassword('user');

    let user2 = new Parse.User();
    user2.setUsername('user2');
    user2.setPassword('user2');
    let admin = new Parse.User();
    admin.setUsername('admin');
    admin.setPassword('admin');

    let role = new Parse.Role('admin', new Parse.ACL());

    Promise.resolve().then(() => {
      return Parse.Object.saveAll([user, user2, admin, role], {useMasterKey: true});
    }).then(()=> {
      role.relation('users').add(admin);
      return role.save(null, {useMasterKey: true}).then(() => {
        let perm = {
          find: {}
        };
        // let the user find
        perm['find'][user.id] = true;
        return setPermissionsOnClass('AClass', perm);
      })
    }).then(() => {
     return Parse.User.logIn('user', 'user').then(() => {
        let obj = new Parse.Object('AClass');
        return obj.save();
      })
    }).then(() => {
      let query = new Parse.Query('AClass');
      return query.find().then((res) => {
        expect(res.length).toEqual(1);
      }, (err) => {
         fail('User should be able to find!')
        return Promise.resolve();
      })
    }).then(() => {
      return Parse.User.logIn('admin', 'admin');
    }).then( () => {
      let query = new Parse.Query('AClass');
      return query.find();
    }).then((results) => {
      fail("should not be able to read!");
      return Promise.resolve();
    }, (err) => {
      expect(err.message).toEqual('Permission denied for action create on class AClass.');
      return Promise.resolve();
    }).then(() => {
      return Parse.User.logIn('user2', 'user2');
    }).then( () => {
      let query = new Parse.Query('AClass');
      return query.find();
    }).then((results) => {
      fail("should not be able to read!");
      return Promise.resolve();
    }, (err) => {
      expect(err.message).toEqual('Permission denied for action find on class AClass.');
      return Promise.resolve();
    }).then(() => {
      done();
    });
  });