Adds support for readOnly masterKey

flovilmart · flovilmart · commit 3c13c5860890 · 2017-10-26T13:01:55.000-04:00
diff --git a/Parse-Dashboard/Authentication.js b/Parse-Dashboard/Authentication.js
@@ -81,6 +81,7 @@ function initialize(app, options) {
 function authenticate(userToTest, usernameOnly) {
   var appsUserHasAccessTo = null;
   var matchingUsername = null;
+  var isReadOnly = false;
 
   //they provided auth
   let isAuthenticated = userToTest &&
@@ -96,12 +97,14 @@ function authenticate(userToTest, usernameOnly) {
         matchingUsername = user.user;
         // User restricted apps
         appsUserHasAccessTo = user.apps || null;
+        isReadOnly = user.readOnly;
       }
 
       return isAuthenticated;
     }) ? true : false;
 
   return {
+    isReadOnly,
     isAuthenticated,
     matchingUsername,
     appsUserHasAccessTo
diff --git a/Parse-Dashboard/app.js b/Parse-Dashboard/app.js
@@ -77,7 +77,7 @@ module.exports = function(config, options) {
     // Serve the configuration.
     app.get('/parse-dashboard-config.json', function(req, res) {
       let response = {
-        apps: config.apps,
+        apps: [...config.apps], // make a copy
         newFeaturesInLatestVersion: newFeaturesInLatestVersion,
       };
 
@@ -101,14 +101,29 @@ module.exports = function(config, options) {
 
       const successfulAuth = authentication && authentication.isAuthenticated;
       const appsUserHasAccess = authentication && authentication.appsUserHasAccessTo;
+      const isReadOnly = authentication && authentication.isReadOnly;
+      // User is full read-only, replace the masterKey by the read-only one
+      if (isReadOnly) {
+        response.apps = response.apps.map((app) => {
+          app.masterKey = app.readOnlyMasterKey;
+          if (!app.masterKey) {
+            throw new Error('You need to provide a readOnlyMasterKey to use read-only features.');
+          }
+          return app;
+        });
+      }
 
       if (successfulAuth) {
         if (appsUserHasAccess) {
           // Restric access to apps defined in user dictionary
           // If they didn't supply any app id, user will access all apps
           response.apps = response.apps.filter(function (app) {
             return appsUserHasAccess.find(appUserHasAccess => {
-              return app.appId == appUserHasAccess.appId
+              const isSame = app.appId == appUserHasAccess.appId;
+              if (isSame && appUserHasAccess.readOnly) {
+                app.masterKey = app.readOnlyMasterKey;
+              }
+              return isSame;
             })
           });
         }
