Moves transform to MongoTransform

flovilmart · flovilmart · commit 6e6a67a93f51 · 2016-04-12T19:03:32.000-04:00
- Adds ACL query injection in MongoTransform
diff --git a/spec/MongoTransform.spec.js b/spec/MongoTransform.spec.js
@@ -1,7 +1,7 @@
 // These tests are unit tests designed to only test transform.js.
 "use strict";
 
-let transform = require('../src/transform');
+let transform = require('../src/Adapters/Storage/Mongo/MongoTransform');
 let dd = require('deep-diff');
 
 var dummySchema = {
diff --git a/src/Adapters/Storage/Mongo/MongoSchemaCollection.js b/src/Adapters/Storage/Mongo/MongoSchemaCollection.js
@@ -1,5 +1,6 @@
 
 import MongoCollection from './MongoCollection';
+import * as transform from './MongoTransform';
 
 function mongoFieldToParseSchemaField(type) {
   if (type[0] === '*') {
@@ -200,6 +201,10 @@ class MongoSchemaCollection {
     update = {'$set': update};
     return this.upsertSchema(className, query, update);
   }
+
+  get transform() {
+    return transform;
+  }
 }
 
 // Exported for testing reasons and because we haven't moved all mongo schema format
diff --git a/src/Adapters/Storage/Mongo/MongoStorageAdapter.js b/src/Adapters/Storage/Mongo/MongoStorageAdapter.js
@@ -1,7 +1,8 @@
 
 import MongoCollection from './MongoCollection';
 import MongoSchemaCollection from './MongoSchemaCollection';
-import {parse as parseUrl, format as formatUrl} from '../../../vendor/mongodbUrl';
+import { parse as parseUrl, format as formatUrl } from '../../../vendor/mongodbUrl';
+import * as transform from './MongoTransform';
 
 let mongodb = require('mongodb');
 let MongoClient = mongodb.MongoClient;
@@ -78,6 +79,10 @@ export class MongoStorageAdapter {
       });
     });
   }
+
+  get transform() {
+    return transform;
+  }
 }
 
 export default MongoStorageAdapter;
diff --git a/src/Adapters/Storage/Mongo/MongoTransform.js b/src/Adapters/Storage/Mongo/MongoTransform.js
@@ -759,6 +759,27 @@ function untransformObject(schema, className, mongoObject, isNestedObject = fals
   }
 }
 
+function addWriteACL(mongoWhere, acl) {
+  var writePerms = [
+    {_wperm: {'$exists': false}}
+  ];
+  for (var entry of acl) {
+    writePerms.push({_wperm: {'$in': [entry]}});
+  }
+  return {'$and': [mongoWhere, {'$or': writePerms}]};
+}
+
+function addReadACL(mongoWhere, acl) {
+  var orParts = [
+    {"_rperm" : { "$exists": false }},
+    {"_rperm" : { "$in" : ["*"]}}
+  ];
+  for (var entry of acl) {
+    orParts.push({"_rperm" : { "$in" : [entry]}});
+  }
+  return {'$and': [mongoWhere, {'$or': orParts}]};
+}
+
 var DateCoder = {
   JSONToDatabase(json) {
     return new Date(json.iso);
@@ -852,5 +873,7 @@ module.exports = {
   transformCreate: transformCreate,
   transformUpdate: transformUpdate,
   transformWhere: transformWhere,
+  addReadACL: addReadACL,
+  addWriteACL: addWriteACL,
   untransformObject: untransformObject
 };
diff --git a/src/Controllers/DatabaseController.js b/src/Controllers/DatabaseController.js
@@ -7,7 +7,6 @@ var mongodb = require('mongodb');
 var Parse = require('parse/node').Parse;
 
 var Schema = require('./../Schema');
-var transform = require('./../transform');
 const deepcopy = require('deepcopy');
 
 // options can contain:
@@ -121,7 +120,7 @@ DatabaseController.prototype.validateObject = function(className, object, query,
 // Filters out any data that shouldn't be on this REST-formatted object.
 DatabaseController.prototype.untransformObject = function(
   schema, isMaster, aclGroup, className, mongoObject) {
-  var object = transform.untransformObject(schema, className, mongoObject);
+  var object = this.adapter.transform.untransformObject(schema, className, mongoObject);
 
   if (className !== '_User') {
     return object;
@@ -167,17 +166,11 @@ DatabaseController.prototype.update = function(className, query, update, options
     .then(() => this.handleRelationUpdates(className, query.objectId, update))
     .then(() => this.adaptiveCollection(className))
     .then(collection => {
-      var mongoWhere = transform.transformWhere(schema, className, query);
+      var mongoWhere = this.adapter.transform.transformWhere(schema, className, query);
       if (options.acl) {
-        var writePerms = [
-          {_wperm: {'$exists': false}}
-        ];
-        for (var entry of options.acl) {
-          writePerms.push({_wperm: {'$in': [entry]}});
-        }
-        mongoWhere = {'$and': [mongoWhere, {'$or': writePerms}]};
+        mongoWhere = this.adapter.transform.addWriteACL(mongoWhere, options.acl);
       }
-      mongoUpdate = transform.transformUpdate(schema, className, update);
+      mongoUpdate = this.adapter.transform.transformUpdate(schema, className, update);
       return collection.findOneAndUpdate(mongoWhere, mongoUpdate);
     })
     .then(result => {
@@ -304,16 +297,9 @@ DatabaseController.prototype.destroy = function(className, query, options = {})
     })
     .then(() => this.adaptiveCollection(className))
     .then(collection => {
-      let mongoWhere = transform.transformWhere(schema, className, query);
-
+      let mongoWhere = this.adapter.transform.transformWhere(schema, className, query, options);
       if (options.acl) {
-        var writePerms = [
-          { _wperm: { '$exists': false } }
-        ];
-        for (var entry of options.acl) {
-          writePerms.push({ _wperm: { '$in': [entry] } });
-        }
-        mongoWhere = { '$and': [mongoWhere, { '$or': writePerms }] };
+        mongoWhere = this.adapter.transform.addWriteACL(mongoWhere, options.acl);
       }
       return collection.deleteMany(mongoWhere);
     })
@@ -349,7 +335,7 @@ DatabaseController.prototype.create = function(className, object, options) {
     .then(() => this.handleRelationUpdates(className, null, object))
     .then(() => this.adaptiveCollection(className))
     .then(coll => {
-      var mongoObject = transform.transformCreate(schema, className, object);
+      var mongoObject = this.adapter.transform.transformCreate(schema, className, object);
       return coll.insertOne(mongoObject);
     })
     .then(result => {
@@ -606,7 +592,7 @@ DatabaseController.prototype.find = function(className, query, options = {}) {
     if (options.sort) {
       mongoOptions.sort = {};
       for (let key in options.sort) {
-        let mongoKey = transform.transformKey(schema, className, key);
+        let mongoKey = this.adapter.transform.transformKey(schema, className, key);
         mongoOptions.sort[mongoKey] = options.sort[key];
       }
     }
@@ -623,16 +609,9 @@ DatabaseController.prototype.find = function(className, query, options = {}) {
   .then(() => this.reduceInRelation(className, query, schema))
   .then(() => this.adaptiveCollection(className))
   .then(collection => {
-    let mongoWhere = transform.transformWhere(schema, className, query);
+    let mongoWhere = this.adapter.transform.transformWhere(schema, className, query);
     if (!isMaster) {
-      let orParts = [
-        {"_rperm" : { "$exists": false }},
-        {"_rperm" : { "$in" : ["*"]}}
-      ];
-      for (let acl of aclGroup) {
-        orParts.push({"_rperm" : { "$in" : [acl]}});
-      }
-      mongoWhere = {'$and': [mongoWhere, {'$or': orParts}]};
+      mongoWhere = this.adapter.transform.addReadACL(mongoWhere, aclGroup);
     }
     if (options.count) {
       delete mongoOptions.limit;
diff --git a/src/Schema.js b/src/Schema.js
@@ -15,7 +15,6 @@
 // TODO: hide all schema logic inside the database adapter.
 
 const Parse = require('parse/node').Parse;
-const transform = require('./transform');
 import MongoSchemaCollection from './Adapters/Storage/Mongo/MongoSchemaCollection';
 import _                     from 'lodash';
 
@@ -429,7 +428,7 @@ class Schema {
   validateField(className, fieldName, type, freeze) {
     return this.reloadData().then(() => {
       // Just to check that the fieldName is valid
-      transform.transformKey(this, className, fieldName);
+      this._collection.transform.transformKey(this, className, fieldName);
 
       if( fieldName.indexOf(".") > 0 ) {
         // subdocument key (x.y) => ok if x is of type 'object'

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,6 @@`
`1`	`1`
`2`	`2`	`import MongoCollection from './MongoCollection';`
	`3`	`+import * as transform from './MongoTransform';`
`3`	`4`
`4`	`5`	`function mongoFieldToParseSchemaField(type) {`
`5`	`6`	`if (type[0] === '*') {`
`@@ -200,6 +201,10 @@ class MongoSchemaCollection {`
`200`	`201`	`update = {'$set': update};`
`201`	`202`	`return this.upsertSchema(className, query, update);`
`202`	`203`	`}`
	`204`	`+`
	`205`	`+ get transform() {`
	`206`	`+ return transform;`
	`207`	`+ }`
`203`	`208`	`}`
`204`	`209`
`205`	`210`	`// Exported for testing reasons and because we haven't moved all mongo schema format`