create requireUserRoles

Author: dblythy

spec/CloudCode.Validator.spec.js

@@ -860,15 +860,15 @@ describe('cloud validator', () => {
       });
   });
 
-  it('basic validator requireUserRoles', async function (done) {
+  it('basic validator requireUserRole', async function (done) {
     Parse.Cloud.define(
       'cloudFunction',
       () => {
         return true;
       },
       {
         requireUser: true,
-        requireUserRoles: ['Admin'],
+        requireUserRole: ['Admin'],
       }
     );
     const user = await Parse.User.signUp('testuser', 'p@ssword');
@@ -887,6 +887,36 @@ describe('cloud validator', () => {
     done();
   });
 
+  it('basic validator requireUserRoles', async function (done) {
+    Parse.Cloud.define(
+      'cloudFunction',
+      () => {
+        return true;
+      },
+      {
+        requireUser: true,
+        requireUserRoles: ['Admin', 'Admin2'],
+      }
+    );
+    const user = await Parse.User.signUp('testuser', 'p@ssword');
+    try {
+      await Parse.Cloud.run('cloudFunction');
+      fail('cloud validator should have failed.');
+    } catch (e) {
+      expect(e.message).toBe('Validation failed. User does not match all the required roles.');
+    }
+    const roleACL = new Parse.ACL();
+    roleACL.setPublicReadAccess(true);
+    const role = new Parse.Role('Admin', roleACL);
+    role.getUsers().add(user);
+
+    const role2 = new Parse.Role('Admin2', roleACL);
+    role2.getUsers().add(user);
+    await Promise.all([role.save({ useMasterKey: true }), role2.save({ useMasterKey: true })]);
+    await Parse.Cloud.run('cloudFunction');
+    done();
+  });
+
   it('basic requireUserRoles but no user', async function (done) {
     Parse.Cloud.define(
       'cloudFunction',

src/triggers.js

@@ -641,7 +641,7 @@ async function builtInTriggerValidator(options, request, auth) {
   ) {
     reqUser = request.object;
   }
-  if ((options.requireUser || options.requireUserRoles) && !reqUser) {
+  if ((options.requireUser || options.requireUserRole || options.requireUserRoles) && !reqUser) {
     throw 'Validation failed. Please login to continue.';
   }
   if (options.requireMaster && !request.master) {
@@ -733,14 +733,25 @@ async function builtInTriggerValidator(options, request, auth) {
       }
     }
   }
-  const userRoles = options.requireUserRoles;
+  const userRoles = options.requireUserRole;
+  const requireAllRoles = options.requireUserRoles;
+  let roles;
+  if (userRoles || requireAllRoles) {
+    roles = await auth.getUserRoles();
+  }
   if (userRoles) {
-    const roles = await auth.getUserRoles();
     const hasRole = userRoles.some(requiredRole => roles.includes(`role:${requiredRole}`));
     if (!hasRole) {
       throw `Validation failed. User does not match the required roles.`;
     }
   }
+  if (requireAllRoles) {
+    for (const requiredRole of requireAllRoles) {
+      if (!roles.includes(`role:${requiredRole}`)) {
+        throw `Validation failed. User does not match all the required roles.`;
+      }
+    }
+  }
   const userKeys = options.requireUserKeys || [];
   if (Array.isArray(userKeys)) {
     for (const key of userKeys) {