Skip to content

Commit 8af8de1

Browse files
author
Dobbias Nan
committed
added tests
1 parent bced3d9 commit 8af8de1

File tree

1 file changed

+245
-0
lines changed

1 file changed

+245
-0
lines changed

spec/ProtectedFields.spec.js

Lines changed: 245 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
1+
const Config = require('../lib/Config');
2+
const Parse = require('parse/node');
3+
14
describe('ProtectedFields', function() {
25
it('should handle and empty protectedFields', async function() {
36
const protectedFields = {};
@@ -138,4 +141,246 @@ describe('ProtectedFields', function() {
138141
expect(fetchedUser.has('favoriteColor')).toBeTruthy();
139142
});
140143
});
144+
145+
describe('using the pointer-permission variant', () => {
146+
let user1, user2;
147+
beforeEach(async () => {
148+
Config.get(Parse.applicationId).database.schemaCache.clear();
149+
user1 = await Parse.User.signUp('user1', 'password');
150+
user2 = await Parse.User.signUp('user2', 'password');
151+
await Parse.User.logOut();
152+
});
153+
154+
it('should allow access using single user pointer-permissions', async done => {
155+
const config = Config.get(Parse.applicationId);
156+
const obj = new Parse.Object('AnObject');
157+
158+
obj.set('owner', user1);
159+
obj.set('test', 'test');
160+
await obj.save();
161+
162+
const schema = await config.database.loadSchema();
163+
await schema.updateClass(
164+
'AnObject',
165+
{},
166+
{
167+
get: { '*': true },
168+
find: { '*': true },
169+
readUserFields: ['owner'],
170+
protectedFields: { '*': ['owner'], 'readUserFields:owner': [] },
171+
}
172+
);
173+
174+
await Parse.User.logIn('user1', 'password');
175+
const objectAgain = await obj.fetch();
176+
expect(objectAgain.get('owner').id).toBe(user1.id);
177+
expect(objectAgain.get('test')).toBe('test');
178+
done();
179+
});
180+
181+
it('should deny access to other users using single user pointer-permissions', async done => {
182+
const config = Config.get(Parse.applicationId);
183+
const obj = new Parse.Object('AnObject');
184+
185+
obj.set('owner', user1);
186+
obj.set('test', 'test');
187+
await obj.save();
188+
189+
const schema = await config.database.loadSchema();
190+
await schema.updateClass(
191+
'AnObject',
192+
{},
193+
{
194+
get: { '*': true },
195+
find: { '*': true },
196+
readUserFields: ['owner'],
197+
protectedFields: { '*': ['owner'], 'readUserFields:owner': [] },
198+
}
199+
);
200+
201+
await Parse.User.logIn('user2', 'password');
202+
const objectAgain = await obj.fetch();
203+
expect(objectAgain.get('owner')).toBe(undefined);
204+
expect(objectAgain.get('test')).toBe('test');
205+
done();
206+
});
207+
208+
it('should deny access to public using single user pointer-permissions', async done => {
209+
const config = Config.get(Parse.applicationId);
210+
const obj = new Parse.Object('AnObject');
211+
212+
obj.set('owner', user1);
213+
obj.set('test', 'test');
214+
await obj.save();
215+
216+
const schema = await config.database.loadSchema();
217+
await schema.updateClass(
218+
'AnObject',
219+
{},
220+
{
221+
get: { '*': true },
222+
find: { '*': true },
223+
readUserFields: ['owner'],
224+
protectedFields: { '*': ['owner'], 'readUserFields:owner': [] },
225+
}
226+
);
227+
228+
const objectAgain = await obj.fetch();
229+
expect(objectAgain.get('owner')).toBe(undefined);
230+
expect(objectAgain.get('test')).toBe('test');
231+
await Parse.User.logIn('user1', 'password');
232+
done();
233+
});
234+
235+
it('should allow access using user array pointer-permissions', async done => {
236+
const config = Config.get(Parse.applicationId);
237+
const obj = new Parse.Object('AnObject');
238+
239+
obj.set('owners', [user1, user2]);
240+
obj.set('test', 'test');
241+
await obj.save();
242+
243+
const schema = await config.database.loadSchema();
244+
await schema.updateClass(
245+
'AnObject',
246+
{},
247+
{
248+
get: { '*': true },
249+
find: { '*': true },
250+
readUserFields: ['owners'],
251+
protectedFields: { '*': ['owners'], 'readUserFields:owners': [] },
252+
}
253+
);
254+
255+
await Parse.User.logIn('user1', 'password');
256+
let objectAgain = await obj.fetch();
257+
expect(objectAgain.get('owners')[0].id).toBe(user1.id);
258+
expect(objectAgain.get('test')).toBe('test');
259+
await Parse.User.logIn('user1', 'password');
260+
objectAgain = await obj.fetch();
261+
expect(objectAgain.get('owners')[1].id).toBe(user2.id);
262+
expect(objectAgain.get('test')).toBe('test');
263+
done();
264+
});
265+
266+
it('should deny access to other users using user array pointer-permissions', async done => {
267+
const config = Config.get(Parse.applicationId);
268+
const obj = new Parse.Object('AnObject');
269+
270+
obj.set('owners', [user1]);
271+
obj.set('test', 'test');
272+
await obj.save();
273+
274+
const schema = await config.database.loadSchema();
275+
await schema.updateClass(
276+
'AnObject',
277+
{},
278+
{
279+
get: { '*': true },
280+
find: { '*': true },
281+
readUserFields: ['owners'],
282+
protectedFields: { '*': ['owners'], 'readUserFields:owners': [] },
283+
}
284+
);
285+
286+
await Parse.User.logIn('user2', 'password');
287+
const objectAgain = await obj.fetch();
288+
expect(objectAgain.get('owners')).toBe(undefined);
289+
expect(objectAgain.get('test')).toBe('test');
290+
done();
291+
});
292+
293+
it('should deny access to public using user array pointer-permissions', async done => {
294+
const config = Config.get(Parse.applicationId);
295+
const obj = new Parse.Object('AnObject');
296+
297+
obj.set('owners', [user1, user2]);
298+
obj.set('test', 'test');
299+
await obj.save();
300+
301+
const schema = await config.database.loadSchema();
302+
await schema.updateClass(
303+
'AnObject',
304+
{},
305+
{
306+
get: { '*': true },
307+
find: { '*': true },
308+
readUserFields: ['owners'],
309+
protectedFields: { '*': ['owners'], 'readUserFields:owners': [] },
310+
}
311+
);
312+
313+
const objectAgain = await obj.fetch();
314+
expect(objectAgain.get('owners')).toBe(undefined);
315+
expect(objectAgain.get('test')).toBe('test');
316+
done();
317+
});
318+
319+
it('should create merge protected fields when using multiple pointer-permission fields', async done => {
320+
const config = Config.get(Parse.applicationId);
321+
const obj = new Parse.Object('AnObject');
322+
323+
obj.set('owners', [user1]);
324+
obj.set('owner', user1);
325+
obj.set('test', 'test');
326+
await obj.save();
327+
328+
const schema = await config.database.loadSchema();
329+
await schema.updateClass(
330+
'AnObject',
331+
{},
332+
{
333+
get: { '*': true },
334+
find: { '*': true },
335+
readUserFields: ['owners', 'owner'],
336+
protectedFields: {
337+
'*': [],
338+
'readUserFields:owners': ['owners'],
339+
'readUserFields:owner': ['owner'],
340+
},
341+
}
342+
);
343+
344+
// Check if protectFields from pointer-permissions got combined
345+
await Parse.User.logIn('user1', 'password');
346+
const objectAgain = await obj.fetch();
347+
expect(objectAgain.get('owners')).toBe(undefined);
348+
expect(objectAgain.get('owner')).toBe(undefined);
349+
expect(objectAgain.get('test')).toBe('test');
350+
done();
351+
});
352+
353+
it('should ignore pointer-permission fields not declared in the readUserFields', async done => {
354+
const config = Config.get(Parse.applicationId);
355+
const obj = new Parse.Object('AnObject');
356+
357+
obj.set('owners', [user1]);
358+
obj.set('owner', user1);
359+
obj.set('test', 'test');
360+
await obj.save();
361+
362+
const schema = await config.database.loadSchema();
363+
await schema.updateClass(
364+
'AnObject',
365+
{},
366+
{
367+
get: { '*': true },
368+
find: { '*': true },
369+
readUserFields: [],
370+
protectedFields: {
371+
'*': [],
372+
'readUserFields:owners': ['idontexist'],
373+
'readUserFields:owner': ['idontexist2'],
374+
},
375+
}
376+
);
377+
378+
await Parse.User.logIn('user1', 'password');
379+
const objectAgain = await obj.fetch();
380+
expect(objectAgain.get('owners')).not.toBe(undefined);
381+
expect(objectAgain.get('owner')).not.toBe(undefined);
382+
expect(objectAgain.get('test')).toBe('test');
383+
done();
384+
});
385+
});
141386
});

0 commit comments

Comments
 (0)