Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
it('matches CLP when find is closed', done => {
const parseLiveQueryServer = new ParseLiveQueryServer({});
const acl = new Parse.ACL();
acl.setReadAccess(testUserId, true);
// Mock sessionTokenCache will return false when sessionToken is undefined
const client = {
sessionToken: 'sessionToken',
getSubscriptionInfo: jasmine
.createSpy('getSubscriptionInfo')
.and.returnValue({
sessionToken: undefined,
}),
};
const requestId = 0;
parseLiveQueryServer
._matchesCLP(
{
find: {},
} catch (e) {
console.error(e);
}
}
// set templates
if (SITE_TEMPLATES) {
const templates = require('./siteTemplates/templates.json');
const fs = require('fs');
const Template = Parse.Object.extend('Template');
const Model = Parse.Object.extend('Model');
const ModelField = Parse.Object.extend('ModelField');
const ACL = new Parse.ACL();
ACL.setPublicReadAccess(true);
ACL.setPublicWriteAccess(false);
for (let template of templates) {
const res = await new Parse.Query("Template")
.equalTo('name', template.name)
.first();
if (res)
continue;
const template_o = new Template();
template_o.set('name', template.name);
template_o.set('description', template.description);
template_o.setACL(ACL);
const acl = object.getACL();
expect(acl.getPublicReadAccess()).toBeTruthy();
expect(acl.getPublicWriteAccess()).toBeTruthy();
} else if (triggerTime == 1) {
const acl = object.getACL();
expect(acl.getPublicReadAccess()).toBeFalsy();
expect(acl.getPublicWriteAccess()).toBeTruthy();
} else {
res.error();
}
triggerTime++;
res.success();
});
const obj = new Parse.Object('GameScore');
const acl = new Parse.ACL();
acl.setPublicReadAccess(true);
acl.setPublicWriteAccess(true);
obj.setACL(acl);
obj.save().then(() => {
acl.setPublicReadAccess(false);
obj.setACL(acl);
return obj.save();
}).then(() => {
// Make sure the checking has been triggered
expect(triggerTime).toBe(2);
done();
}, error => {
jfail(error);
done();
});
});
it("won't match non-public ACL when client has no master key", function(done) {
const parseLiveQueryServer = new ParseLiveQueryServer({});
const acl = new Parse.ACL();
acl.setPublicReadAccess(false);
const client = {
getSubscriptionInfo: jasmine
.createSpy('getSubscriptionInfo')
.and.returnValue({}),
hasMasterKey: false,
};
const requestId = 0;
parseLiveQueryServer
._matchesACL(acl, client, requestId)
.then(function(isMatched) {
expect(isMatched).toBe(false);
done();
});
});
it('test beforeSave set object acl success', function(done) {
const acl = new Parse.ACL({
'*': { read: true, write: false }
});
Parse.Cloud.beforeSave('BeforeSaveAddACL', function(req, res) {
req.object.setACL(acl);
res.success();
});
const obj = new Parse.Object('BeforeSaveAddACL');
obj.set('lol', true);
obj.save().then(function() {
const query = new Parse.Query('BeforeSaveAddACL');
query.get(obj.id).then(function(objAgain) {
expect(objAgain.get('lol')).toBeTruthy();
expect(objAgain.getACL().equals(acl));
done();
}, function(error) {
it('can match ACL with none exist requestId', function(done) {
const parseLiveQueryServer = new ParseLiveQueryServer({});
const acl = new Parse.ACL();
const client = {
getSubscriptionInfo: jasmine
.createSpy('getSubscriptionInfo')
.and.returnValue(undefined),
};
const requestId = 0;
parseLiveQueryServer
._matchesACL(acl, client, requestId)
.then(function(isMatched) {
expect(isMatched).toBe(false);
done();
});
});
const triggeruser3 = new Parse.User();
triggeruser3.setUsername('triggeruser3');
triggeruser3.setPassword('triggeruser3');
await triggeruser3.signUp();
const triggeruser4 = new Parse.User();
triggeruser4.setUsername('triggeruser4');
triggeruser4.setPassword('triggeruser4');
await triggeruser4.signUp();
const triggeruser5 = new Parse.User();
triggeruser5.setUsername('triggeruser5');
triggeruser5.setPassword('triggeruser5');
await triggeruser5.signUp();
const triggerroleacl = new Parse.ACL();
triggerroleacl.setPublicReadAccess(true);
const triggerrole = new Parse.Role();
triggerrole.setName('triggerrole');
triggerrole.setACL(triggerroleacl);
triggerrole.getUsers().add(triggeruser);
triggerrole.getUsers().add(triggeruser3);
await triggerrole.save();
const config = Config.get('test');
const schema = await config.database.loadSchema();
await schema.addClassIfNotExists(
'triggerclass',
{
someField: { type: 'String' },
pointerToUser: { type: 'Pointer', targetClass: '_User' },
sessionToken: triggeruser.getSessionToken(),
});
expect(called).toBe(2);
await triggerobject.save(undefined, {
sessionToken: triggeruser2.getSessionToken(),
});
expect(called).toBe(3);
await triggerobject.save(undefined, {
sessionToken: triggeruser3.getSessionToken(),
});
expect(called).toBe(4);
const triggerobject2 = new Parse.Object('triggerclass');
triggerobject2.set('someField', 'someValue');
triggerobject2.set('someField22', 'someValue');
const triggerobjectacl2 = new Parse.ACL();
triggerobjectacl2.setPublicReadAccess(false);
triggerobjectacl2.setPublicWriteAccess(false);
triggerobjectacl2.setReadAccess(triggeruser.id, true);
triggerobjectacl2.setWriteAccess(triggeruser.id, true);
triggerobjectacl2.setReadAccess(triggeruser2.id, true);
triggerobjectacl2.setWriteAccess(triggeruser2.id, true);
triggerobjectacl2.setReadAccess(triggeruser5.id, true);
triggerobjectacl2.setWriteAccess(triggeruser5.id, true);
triggerobject2.setACL(triggerobjectacl2);
await triggerobject2.save(undefined, {
sessionToken: triggeruser2.getSessionToken(),
});
expect(called).toBe(5);
await triggerobject2.save(undefined, {
sessionToken: triggeruser2.getSessionToken(),
beforeEach(async done => {
const adminRole = await new Parse.Role(
'Administrator',
new Parse.ACL()
).save(null, { useMasterKey: true });
const managementRole = new Parse.Role(
'managementOf_user' + user.id,
new Parse.ACL(user)
);
managementRole.getRoles().add(adminRole);
await managementRole.save(null, { useMasterKey: true });
const userACL = new Parse.ACL();
userACL.setReadAccess(managementRole, true);
await user.setACL(userACL).save(null, { useMasterKey: true });
adminUser = await Parse.User.signUp('administrator', 'secure');
adminUser = await Parse.User.logIn(adminUser.get('username'), 'secure');
await adminRole
.getUsers()
.add(adminUser)
.save(null, { useMasterKey: true });
done();
});
resolve: (_, { text }, { Query, user }) => {
const pokemon = new Query(Pokemon).create({ text });
if (user) {
pokemon.setACL(new Parse.ACL(user));
}
return pokemon.save().then(td => td);
},
},