From 17999b70315088eb872da84d1843c6c16df5f7ef Mon Sep 17 00:00:00 2001 From: Kartal Kaan Bozdogan Date: Fri, 6 Sep 2024 11:28:37 +0200 Subject: [PATCH 1/4] Cloud code and triggers: Pass the set of roles the user has --- spec/CloudCode.spec.js | 78 ++++++++++++++++++++++++++++++++++ src/Routers/FunctionsRouter.js | 6 +++ src/triggers.js | 3 ++ 3 files changed, 87 insertions(+) diff --git a/spec/CloudCode.spec.js b/spec/CloudCode.spec.js index 99ec4910d1..3062165f20 100644 --- a/spec/CloudCode.spec.js +++ b/spec/CloudCode.spec.js @@ -1163,6 +1163,53 @@ describe('Cloud Code', () => { ); }); + it('test save triggers get user roles', async () => { + let beforeSaveFlag = false, + afterSaveFlag = false; + Parse.Cloud.beforeSave('SaveTriggerUserRoles', async function (req) { + expect(await req.getRoles()).toEqual(['TestRole']); + beforeSaveFlag = true; + }); + + Parse.Cloud.afterSave('SaveTriggerUserRoles', async function (req) { + expect(await req.getRoles()).toEqual(['TestRole']); + afterSaveFlag = true; + }); + + const user = new Parse.User(); + user.set('password', 'asdf'); + user.set('email', 'asdf@example.com'); + user.set('username', 'zxcv'); + await user.signUp(); + const role = new Parse.Role('TestRole', new Parse.ACL({ '*': { read: true, write: true } })); + role.getUsers().add(user); + await role.save(); + + const obj = new Parse.Object('SaveTriggerUserRoles'); + await obj.save(); + expect(beforeSaveFlag).toBeTrue(); + expect(afterSaveFlag).toBeTrue(); + }); + + it('should not have user roles for anonymous calls', async () => { + let beforeSaveFlag = false, + afterSaveFlag = false; + Parse.Cloud.beforeSave('SaveTriggerUserRoles', async function (req) { + expect(req.getRoles).toBeUndefined(); + beforeSaveFlag = true; + }); + + Parse.Cloud.afterSave('SaveTriggerUserRoles', async function (req) { + expect(req.getRoles).toBeUndefined(); + afterSaveFlag = true; + }); + + const obj = new Parse.Object('SaveTriggerUserRoles'); + await obj.save(); + expect(beforeSaveFlag).toBeTrue(); + expect(afterSaveFlag).toBeTrue(); + }); + it('beforeSave change propagates through the save response', done => { Parse.Cloud.beforeSave('ChangingObject', function (request) { request.object.set('foo', 'baz'); @@ -2014,6 +2061,37 @@ describe('cloud functions', () => { Parse.Cloud.run('myFunction', {}).then(() => done()); }); + + it('should have user roles', async () => { + let flag = false; + Parse.Cloud.define('myFunction', async function (req) { + expect(await req.getRoles()).toEqual(['TestRole']); + flag = true; + }); + + const user = new Parse.User(); + user.set('password', 'asdf'); + user.set('email', 'asdf@example.com'); + user.set('username', 'zxcv'); + await user.signUp(); + const role = new Parse.Role('TestRole', new Parse.ACL({ '*': { read: true, write: true } })); + role.getUsers().add(user); + await role.save(); + + await Parse.Cloud.run('myFunction', { sessionToken: user.getSessionToken() }); + expect(flag).toBeTrue(); + }); + + it('should not have user roles for anonymous calls', async () => { + let flag = false; + Parse.Cloud.define('myFunction', async function (req) { + expect(req.getRoles).toBeUndefined(); + flag = true; + }); + + await Parse.Cloud.run('myFunction'); + expect(flag).toBeTrue(); + }); }); describe('beforeSave hooks', () => { diff --git a/src/Routers/FunctionsRouter.js b/src/Routers/FunctionsRouter.js index 77c0dff7cc..d02d983fa3 100644 --- a/src/Routers/FunctionsRouter.js +++ b/src/Routers/FunctionsRouter.js @@ -131,6 +131,12 @@ export class FunctionsRouter extends PromiseRouter { params: params, master: req.auth && req.auth.isMaster, user: req.auth && req.auth.user, + getRoles: + req.auth && req.auth.user + ? async () => { + return (await req.auth.getUserRoles()).map(r => r.substr('role:'.length)); + } + : undefined, installationId: req.info.installationId, log: req.config.loggerController, headers: req.config.headers, diff --git a/src/triggers.js b/src/triggers.js index e34c5fd3a8..888f6b4361 100644 --- a/src/triggers.js +++ b/src/triggers.js @@ -292,6 +292,9 @@ export function getRequestObject( } if (auth.user) { request['user'] = auth.user; + request['getRoles'] = async () => { + return (await auth.getUserRoles()).map(r => r.substr('role:'.length)); + }; } if (auth.installationId) { request['installationId'] = auth.installationId; From 4171665d6f6be11012539a57bef9c2a48fc366c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kartal=20Kaan=20Bozdo=C4=9Fan?= Date: Tue, 10 Sep 2024 10:21:26 +0200 Subject: [PATCH 2/4] Update spec/CloudCode.spec.js MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Manuel <5673677+mtrezza@users.noreply.github.com> Signed-off-by: Kartal Kaan Bozdoğan --- spec/CloudCode.spec.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/CloudCode.spec.js b/spec/CloudCode.spec.js index 3062165f20..d350d05c9f 100644 --- a/spec/CloudCode.spec.js +++ b/spec/CloudCode.spec.js @@ -1164,8 +1164,8 @@ describe('Cloud Code', () => { }); it('test save triggers get user roles', async () => { - let beforeSaveFlag = false, - afterSaveFlag = false; + let beforeSaveFlag = false; + let afterSaveFlag = false; Parse.Cloud.beforeSave('SaveTriggerUserRoles', async function (req) { expect(await req.getRoles()).toEqual(['TestRole']); beforeSaveFlag = true; From c63e4d78bb028804bf242deba5c63ca2efc9b65e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kartal=20Kaan=20Bozdo=C4=9Fan?= Date: Tue, 10 Sep 2024 10:21:43 +0200 Subject: [PATCH 3/4] Update spec/CloudCode.spec.js MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Manuel <5673677+mtrezza@users.noreply.github.com> Signed-off-by: Kartal Kaan Bozdoğan --- spec/CloudCode.spec.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/CloudCode.spec.js b/spec/CloudCode.spec.js index d350d05c9f..67c4211f7b 100644 --- a/spec/CloudCode.spec.js +++ b/spec/CloudCode.spec.js @@ -1192,8 +1192,8 @@ describe('Cloud Code', () => { }); it('should not have user roles for anonymous calls', async () => { - let beforeSaveFlag = false, - afterSaveFlag = false; + let beforeSaveFlag = false; + let afterSaveFlag = false; Parse.Cloud.beforeSave('SaveTriggerUserRoles', async function (req) { expect(req.getRoles).toBeUndefined(); beforeSaveFlag = true; From b661fc9b9d13198f3e542bca1f6a657dc5eee845 Mon Sep 17 00:00:00 2001 From: Kartal Kaan Bozdogan Date: Tue, 10 Sep 2024 10:27:26 +0200 Subject: [PATCH 4/4] Use arrow functions --- spec/CloudCode.spec.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/spec/CloudCode.spec.js b/spec/CloudCode.spec.js index 67c4211f7b..291421232c 100644 --- a/spec/CloudCode.spec.js +++ b/spec/CloudCode.spec.js @@ -1166,12 +1166,12 @@ describe('Cloud Code', () => { it('test save triggers get user roles', async () => { let beforeSaveFlag = false; let afterSaveFlag = false; - Parse.Cloud.beforeSave('SaveTriggerUserRoles', async function (req) { + Parse.Cloud.beforeSave('SaveTriggerUserRoles', async req => { expect(await req.getRoles()).toEqual(['TestRole']); beforeSaveFlag = true; }); - Parse.Cloud.afterSave('SaveTriggerUserRoles', async function (req) { + Parse.Cloud.afterSave('SaveTriggerUserRoles', async req => { expect(await req.getRoles()).toEqual(['TestRole']); afterSaveFlag = true; }); @@ -1194,12 +1194,12 @@ describe('Cloud Code', () => { it('should not have user roles for anonymous calls', async () => { let beforeSaveFlag = false; let afterSaveFlag = false; - Parse.Cloud.beforeSave('SaveTriggerUserRoles', async function (req) { + Parse.Cloud.beforeSave('SaveTriggerUserRoles', async req => { expect(req.getRoles).toBeUndefined(); beforeSaveFlag = true; }); - Parse.Cloud.afterSave('SaveTriggerUserRoles', async function (req) { + Parse.Cloud.afterSave('SaveTriggerUserRoles', async req => { expect(req.getRoles).toBeUndefined(); afterSaveFlag = true; }); @@ -2064,7 +2064,7 @@ describe('cloud functions', () => { it('should have user roles', async () => { let flag = false; - Parse.Cloud.define('myFunction', async function (req) { + Parse.Cloud.define('myFunction', async req => { expect(await req.getRoles()).toEqual(['TestRole']); flag = true; }); @@ -2084,7 +2084,7 @@ describe('cloud functions', () => { it('should not have user roles for anonymous calls', async () => { let flag = false; - Parse.Cloud.define('myFunction', async function (req) { + Parse.Cloud.define('myFunction', async req => { expect(req.getRoles).toBeUndefined(); flag = true; });