Adds CloudCode handler for beforeFind

[flovilmart]

• Allows cloud code to modify a query before it is run
• Works with promises for a safer environment
• Supports modifiying the current query
• Supports issuing new queries
• Supports rejecting queries

[codecov-io]

Current coverage is 92.19% (diff: 93.24%)

Merging #2715 into master will decrease coverage by 0.02%

@@             master      #2715   diff @@
==========================================
  Files           102        102          
  Lines         12446      12522    +76   
  Methods        1559       1566     +7   
  Messages          0          0          
  Branches       2039       2060    +21   
==========================================
+ Hits          11478      11545    +67   
- Misses          968        977     +9   
  Partials          0          0          

Powered by Codecov. Last update f6312a1...d5bdc14

[ghost]

@flovilmart updated the pull request - view changes

[ghost]

@flovilmart updated the pull request - view changes

[drew-gross]

Can you add some docs for this feature as well?

[flovilmart]

I'll add it to the docs repo :)

[flovilmart]

@drew-gross : parse-community/docs#376

[drew-gross]

Looks good.

[virtualtoy]

Current ACL implementation is very limited. For example there's no easy way to grant access dynamically using some logic. It's possible to work around this using cloud code, but it's not optimal. beforeFind hook is still very limited. Are there any plans on adding more powerful hooks?

[flovilmart]

What do you mean by more powerful hooks?

[virtualtoy]

Sometimes there's need to grant additional access effectively disabling built-in ACLs checks. For example imagine team record. There's a team owner who has access to the team. Now he invites team member who can for example have read-only access to team data (and potentially access can be revoked). Updating ACLs (adding member user) is not an option as there can be many-many thousands of objects. For now I have to write cloud function that uses useMasterKey: true internally. This is not optimal. I'd like to have a hook which allows granting access dynamically, in my example - team member can access team data without any additional ACLs. Same for update/delete operations. Also team member may be allowed to update some fields only.

[flovilmart]

@virtualtoy you're talking about roles there and class level permissions probably.

[virtualtoy]

@flovilmart so you suggest creating new roles for different groups of objects?

[flovilmart]

Updating ACLs (adding member user) is not an option as there can be many-many thousands of objects.

You should assign a role in the ACL for the objects, then add the users for that role. When you want to remove access to those objects for certain users, you can simply remove the user from the role.

[virtualtoy]

@flovilmart thank you for suggestion, yes, I'm aware of roles, but that's not flexible enough for me