parse-community
diff --git a/‎CHANGELOG.md
Lines changed: 12 additions & 2 deletions b/‎CHANGELOG.md
Lines changed: 12 additions & 2 deletions
diff --git a/‎README.md
Lines changed: 3 additions & 3 deletions b/‎README.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎package-lock.json
Lines changed: 3 additions & 3 deletions b/‎package-lock.json
Lines changed: 3 additions & 3 deletions
diff --git a/‎package.json
Lines changed: 1 addition & 1 deletion b/‎package.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎spec/CloudCode.Validator.spec.js
Lines changed: 144 additions & 0 deletions b/‎spec/CloudCode.Validator.spec.js
Lines changed: 144 additions & 0 deletions
diff --git a/‎spec/CloudCode.spec.js
Lines changed: 33 additions & 0 deletions b/‎spec/CloudCode.spec.js
Lines changed: 33 additions & 0 deletions
@@ -1,17 +1,27 @@
 ## Parse Server Changelog
+<!--
+    Please make sure you add your feature at the bottom of the associated group.
+    Groups should be ordered:
+    - NEW (EXPERIMENTAL)
+    - NEW
+    - IMPROVE
+    - FIX
+    Thanks for contributing to Parse Server!
+-->
 
 ### master
 [Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.0...master)
 
 __BREAKING CHANGES:__
 - NEW: Added file upload restriction. File upload is now only allowed for authenticated users by default for improved security. To allow file upload also for Anonymous Users or Public, set the `fileUpload` parameter in the [Parse Server Options](https://parseplatform.org/parse-server/api/master/ParseServerOptions.html). [#7071](https://github.com/parse-community/parse-server/pull/7071). Thanks to [dblythy](https://github.com/dblythy), [Manuel Trezza](https://github.com/mtrezza).
 ___
-- IMPROVE: Retry transactions on MongoDB when it fails due to transient error [#7187](https://github.com/parse-community/parse-server/pull/7187). Thanks to [Antonio Davi Macedo Coelho de Castro](https://github.com/davimacedo).
-- UPGRADE: Bump tests to use Mongo 4.4.4 [#7184](https://github.com/parse-community/parse-server/pull/7184). Thanks to [Antonio Davi Macedo Coelho de Castro](https://github.com/davimacedo).
 - NEW (EXPERIMENTAL): Added new page router with placeholder rendering and localization of custom and feature pages such as password reset and email verification. **Caution, this is an experimental feature that may not be appropriate for production.** [#6891](https://github.com/parse-community/parse-server/issues/6891). Thanks to [Manuel Trezza](https://github.com/mtrezza).
 - NEW: Added convenience method `Parse.Cloud.sendEmail(...)` to send email via email adapter in Cloud Code. [#7089](https://github.com/parse-community/parse-server/pull/7089). Thanks to [dblythy](https://github.com/dblythy)
 - NEW: LiveQuery support for $and, $nor, $containedBy, $geoWithin, $geoIntersects queries [#7113](https://github.com/parse-community/parse-server/pull/7113). Thanks to [dplewis](https://github.com/dplewis)
 - NEW: Supporting patterns in LiveQuery server's config parameter `classNames` [#7131](https://github.com/parse-community/parse-server/pull/7131). Thanks to [Nes-si](https://github.com/Nes-si)
+- NEW: `requireAnyUserRoles` and `requireAllUserRoles` for Parse Cloud validator. [#7097](https://github.com/parse-community/parse-server/pull/7097). Thanks to [dblythy](https://github.com/dblythy)
+- IMPROVE: Retry transactions on MongoDB when it fails due to transient error [#7187](https://github.com/parse-community/parse-server/pull/7187). Thanks to [Antonio Davi Macedo Coelho de Castro](https://github.com/davimacedo).
+- IMPROVE: Bump tests to use Mongo 4.4.4 [#7184](https://github.com/parse-community/parse-server/pull/7184). Thanks to [Antonio Davi Macedo Coelho de Castro](https://github.com/davimacedo).
 - IMPROVE: Added new account lockout policy option `accountLockout.unlockOnPasswordReset` to automatically unlock account on password reset. [#7146](https://github.com/parse-community/parse-server/pull/7146). Thanks to [Manuel Trezza](https://github.com/mtrezza).
 - IMPROVE: Parse Server is from now on continuously tested against all recent MongoDB versions that have not reached their end-of-life support date. Added MongoDB compatibility table to Parse Server docs. [7161](https://github.com/parse-community/parse-server/pull/7161). Thanks to [Manuel Trezza](https://github.com/mtrezza).
 - IMPROVE: Parse Server is from now on continuously tested against all recent Node.js versions that have not reached their end-of-life support date. [7161](https://github.com/parse-community/parse-server/pull/7177). Thanks to [Manuel Trezza](https://github.com/mtrezza).
 
@@ -44,9 +44,9 @@ The full documentation for Parse Server is available in the [wiki](https://githu
 - [Getting Started](#getting-started)
   - [Running Parse Server](#running-parse-server)
     - [Compatibility](#compatibility)
-      - [Node.js](#nodejs-support)
-      - [MongoDB](#mongodb-support)
-      - [PostgreSQL](#postgresql-support)
+      - [Node.js](#nodejs)
+      - [MongoDB](#mongodb)
+      - [PostgreSQL](#postgresql)
     - [Locally](#locally)
     - [Docker Container](#docker-container)
     - [Saving an Object](#saving-an-object)
 
@@ -34,7 +34,7 @@
     "cors": "2.8.5",
     "deepcopy": "2.1.0",
     "express": "4.17.1",
-    "follow-redirects": "1.13.1",
+    "follow-redirects": "1.13.2",
     "graphql": "15.4.0",
     "graphql-list-fields": "2.0.2",
     "graphql-relay": "0.6.0",
 
@@ -878,6 +878,150 @@ describe('cloud validator', () => {
       });
   });
 
+  it('basic validator requireAnyUserRoles', async function (done) {
+    Parse.Cloud.define(
+      'cloudFunction',
+      () => {
+        return true;
+      },
+      {
+        requireUser: true,
+        requireAnyUserRoles: ['Admin'],
+      }
+    );
+    const user = await Parse.User.signUp('testuser', 'p@ssword');
+    try {
+      await Parse.Cloud.run('cloudFunction');
+      fail('cloud validator should have failed.');
+    } catch (e) {
+      expect(e.message).toBe('Validation failed. User does not match the required roles.');
+    }
+    const roleACL = new Parse.ACL();
+    roleACL.setPublicReadAccess(true);
+    const role = new Parse.Role('Admin', roleACL);
+    role.getUsers().add(user);
+    await role.save({ useMasterKey: true });
+    await Parse.Cloud.run('cloudFunction');
+    done();
+  });
+
+  it('basic validator requireAllUserRoles', async function (done) {
+    Parse.Cloud.define(
+      'cloudFunction',
+      () => {
+        return true;
+      },
+      {
+        requireUser: true,
+        requireAllUserRoles: ['Admin', 'Admin2'],
+      }
+    );
+    const user = await Parse.User.signUp('testuser', 'p@ssword');
+    try {
+      await Parse.Cloud.run('cloudFunction');
+      fail('cloud validator should have failed.');
+    } catch (e) {
+      expect(e.message).toBe('Validation failed. User does not match all the required roles.');
+    }
+    const roleACL = new Parse.ACL();
+    roleACL.setPublicReadAccess(true);
+    const role = new Parse.Role('Admin', roleACL);
+    role.getUsers().add(user);
+
+    const role2 = new Parse.Role('Admin2', roleACL);
+    role2.getUsers().add(user);
+    await Promise.all([role.save({ useMasterKey: true }), role2.save({ useMasterKey: true })]);
+    await Parse.Cloud.run('cloudFunction');
+    done();
+  });
+
+  it('allow requireAnyUserRoles to be a function', async function (done) {
+    Parse.Cloud.define(
+      'cloudFunction',
+      () => {
+        return true;
+      },
+      {
+        requireUser: true,
+        requireAnyUserRoles: () => {
+          return ['Admin Func'];
+        },
+      }
+    );
+    const user = await Parse.User.signUp('testuser', 'p@ssword');
+    try {
+      await Parse.Cloud.run('cloudFunction');
+      fail('cloud validator should have failed.');
+    } catch (e) {
+      expect(e.message).toBe('Validation failed. User does not match the required roles.');
+    }
+    const roleACL = new Parse.ACL();
+    roleACL.setPublicReadAccess(true);
+    const role = new Parse.Role('Admin Func', roleACL);
+    role.getUsers().add(user);
+    await role.save({ useMasterKey: true });
+    await Parse.Cloud.run('cloudFunction');
+    done();
+  });
+
+  it('allow requireAllUserRoles to be a function', async function (done) {
+    Parse.Cloud.define(
+      'cloudFunction',
+      () => {
+        return true;
+      },
+      {
+        requireUser: true,
+        requireAllUserRoles: () => {
+          return ['AdminA', 'AdminB'];
+        },
+      }
+    );
+    const user = await Parse.User.signUp('testuser', 'p@ssword');
+    try {
+      await Parse.Cloud.run('cloudFunction');
+      fail('cloud validator should have failed.');
+    } catch (e) {
+      expect(e.message).toBe('Validation failed. User does not match all the required roles.');
+    }
+    const roleACL = new Parse.ACL();
+    roleACL.setPublicReadAccess(true);
+    const role = new Parse.Role('AdminA', roleACL);
+    role.getUsers().add(user);
+
+    const role2 = new Parse.Role('AdminB', roleACL);
+    role2.getUsers().add(user);
+    await Promise.all([role.save({ useMasterKey: true }), role2.save({ useMasterKey: true })]);
+    await Parse.Cloud.run('cloudFunction');
+    done();
+  });
+
+  it('basic requireAllUserRoles but no user', async function (done) {
+    Parse.Cloud.define(
+      'cloudFunction',
+      () => {
+        return true;
+      },
+      {
+        requireAllUserRoles: ['Admin'],
+      }
+    );
+    try {
+      await Parse.Cloud.run('cloudFunction');
+      fail('cloud validator should have failed.');
+    } catch (e) {
+      expect(e.message).toBe('Validation failed. Please login to continue.');
+    }
+    const user = await Parse.User.signUp('testuser', 'p@ssword');
+    const roleACL = new Parse.ACL();
+    roleACL.setPublicReadAccess(true);
+    const role = new Parse.Role('Admin', roleACL);
+    role.getUsers().add(user);
+    await role.save({ useMasterKey: true });
+    await Parse.Cloud.run('cloudFunction');
+    done();
+  });
+
   it('basic beforeSave requireMaster', function (done) {
     Parse.Cloud.beforeSave('BeforeSaveFail', () => {}, {
       requireMaster: true,
 
@@ -1779,6 +1779,39 @@ describe('beforeSave hooks', () => {
     const myObject = new MyObject();
     myObject.save().then(() => done());
   });
+
+  it('should respect custom object ids (#6733)', async () => {
+    Parse.Cloud.beforeSave('TestObject', req => {
+      expect(req.object.id).toEqual('test_6733');
+    });
+
+    await reconfigureServer({ allowCustomObjectId: true });
+
+    const req = request({
+      // Parse JS SDK does not currently support custom object ids (see #1097), so we do a REST request
+      method: 'POST',
+      url: 'http://localhost:8378/1/classes/TestObject',
+      headers: {
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest',
+      },
+      body: {
+        objectId: 'test_6733',
+        foo: 'bar',
+      },
+    });
+
+    {
+      const res = await req;
+      expect(res.data.objectId).toEqual('test_6733');
+    }
+
+    const query = new Parse.Query('TestObject');
+    query.equalTo('objectId', 'test_6733');
+    const res = await query.find();
+    expect(res.length).toEqual(1);
+    expect(res[0].get('foo')).toEqual('bar');
+  });
 });
 
 describe('afterSave hooks', () => {