Updates based on review

awgeorge · acinader · commit c5a5f5745115 · 2019-02-23T07:28:39.000-08:00
diff --git a/spec/Schema.spec.js b/spec/Schema.spec.js
@@ -687,7 +687,7 @@ describe('SchemaController', () => {
     });
   });
 
-  it('refuses to add CLP with incorrect protectedFields', done => {
+  it('refuses to add CLP when incorrectly sending a string to protectedFields object value instead of an array', done => {
     const levelPermissions = {
       find: { '*': true },
       get: { '*': true },
diff --git a/spec/UserPII.spec.js b/spec/UserPII.spec.js
@@ -522,8 +522,8 @@ describe('Personally Identifiable Information', () => {
         .catch(done.fail);
     });
 
-    // Explict ACL should be able to read sensitive information
-    describe('with privilaged user no CLP', () => {
+    // Explicit ACL should be able to read sensitive information
+    describe('with privileged user no CLP', () => {
       let adminUser;
 
       beforeEach(async done => {
@@ -748,21 +748,18 @@ describe('Personally Identifiable Information', () => {
         protectedFields: {
           _User: { '*': ['ssn', 'zip'], 'role:Administrator': [] },
         },
-      }).then(() => done());
+      }).then(done);
     });
 
     it('should be able to get own PII via API with object', done => {
       const userObj = new (Parse.Object.extend(Parse.User))();
       userObj.id = user.id;
-      userObj.fetch().then(
-        fetchedUser => {
-          expect(fetchedUser.get('email')).toBe(EMAIL);
-          expect(fetchedUser.get('zip')).toBe(ZIP);
-          expect(fetchedUser.get('ssn')).toBe(SSN);
-          done();
-        },
-        e => done.fail(e)
-      );
+      userObj.fetch().then(fetchedUser => {
+        expect(fetchedUser.get('email')).toBe(EMAIL);
+        expect(fetchedUser.get('zip')).toBe(ZIP);
+        expect(fetchedUser.get('ssn')).toBe(SSN);
+        done();
+      }, done.fail);
     });
 
     it('should not be able to get PII via API with object', done => {
@@ -997,7 +994,7 @@ describe('Personally Identifiable Information', () => {
         .catch(done.fail);
     });
 
-    // Explict ACL should be able to read sensitive information
+    // Explicit ACL should be able to read sensitive information
     describe('with privilaged user CLP', () => {
       let adminUser;
 
diff --git a/src/Controllers/DatabaseController.js b/src/Controllers/DatabaseController.js
@@ -1439,7 +1439,7 @@ class DatabaseController {
     [...(auth.userRoles || [])].forEach(role => {
       const fields = protectedFields[role];
       if (fields) {
-        protectedKeys = protectedKeys.filter(v => fields.includes(v));
+        protectedKeys = protectedKeys.filter(fields.includes);
       }
     });
 
diff --git a/src/ParseServer.js b/src/ParseServer.js
@@ -352,6 +352,7 @@ function injectDefaults(options: ParseServerOptions) {
       console.warn(
         `\nDEPRECATED: userSensitiveFields has been replaced by protectedFields allowing the ability to protect fields in all classes with CLP. \n`
       );
+    /* eslint-enable no-console */
 
     const userSensitiveFields = Array.from(
       new Set([
@@ -360,7 +361,6 @@ function injectDefaults(options: ParseServerOptions) {
       ])
     );
 
-    /* eslint-enable no-console */
     options.protectedFields = { _User: { '*': userSensitiveFields } };
   }
 

Original file line number	Diff line number	Diff line change
`@@ -1439,7 +1439,7 @@ class DatabaseController {`
`1439`	`1439`	`[...(auth.userRoles \|\| [])].forEach(role => {`
`1440`	`1440`	`const fields = protectedFields[role];`
`1441`	`1441`	`if (fields) {`
`1442`		`- protectedKeys = protectedKeys.filter(v => fields.includes(v));`
	`1442`	`+ protectedKeys = protectedKeys.filter(fields.includes);`
`1443`	`1443`	`}`
`1444`	`1444`	`});`
`1445`	`1445`