Merge pull request #374 from flessard/user-roles

Fix : User Roles not added to create, update or delete calls

Author: gfosco

spec/ParseRole.spec.js

@@ -49,7 +49,7 @@ describe('Parse Role testing', () => {
     }).then((x) => {
       x.set('foo', 'baz');
       // This should fail:
-      return x.save();
+      return x.save({},{sessionToken: ""});
     }).then((x) => {
       fail('Should not have been able to save.');
     }, (e) => {

src/Auth.js

@@ -80,7 +80,7 @@ Auth.prototype.getUserRoles = function() {
     return Promise.resolve(this.userRoles);
   }
   if (this.rolePromise) {
-    return rolePromise;
+    return this.rolePromise;
   }
   this.rolePromise = this._loadRoles();
   return this.rolePromise;

src/RestWrite.js

@@ -27,6 +27,7 @@ function RestWrite(config, auth, className, query, data, originalData) {
   this.auth = auth;
   this.className = className;
   this.storage = {};
+  this.runOptions = {};
 
   if (!query && data.objectId) {
     throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, 'objectId ' +
@@ -66,6 +67,8 @@ function RestWrite(config, auth, className, query, data, originalData) {
 // status and location are optional.
 RestWrite.prototype.execute = function() {
   return Promise.resolve().then(() => {
+    return this.getUserAndRoleACL();
+  }).then(() => {
     return this.validateSchema();
   }).then(() => {
     return this.handleInstallation();
@@ -88,6 +91,25 @@ RestWrite.prototype.execute = function() {
   });
 };
 
+// Uses the Auth object to get the list of roles, adds the user id
+RestWrite.prototype.getUserAndRoleACL = function() {
+  if (this.auth.isMaster) {
+    return Promise.resolve();
+  }
+
+  this.runOptions.acl = ['*'];
+
+  if( this.auth.user ){
+    return this.auth.getUserRoles().then((roles) => {
+      roles.push(this.auth.user.id);
+      this.runOptions.acl = this.runOptions.acl.concat(roles);
+      return Promise.resolve();
+    });
+  }else{
+    return Promise.resolve();
+  }
+};
+
 // Validates this operation against the schema.
 RestWrite.prototype.validateSchema = function() {
   return this.config.database.validateObject(this.className, this.data);
@@ -690,18 +712,10 @@ RestWrite.prototype.runDatabaseOperation = function() {
     throw new Parse.Error(Parse.Error.INVALID_ACL, 'Invalid ACL.');
   }
 
-  var options = {};
-  if (!this.auth.isMaster) {
-    options.acl = ['*'];
-    if (this.auth.user) {
-      options.acl.push(this.auth.user.id);
-    }
-  }
-
   if (this.query) {
     // Run an update
     return this.config.database.update(
-      this.className, this.query, this.data, options).then((resp) => {
+      this.className, this.query, this.data, this.runOptions).then((resp) => {
         this.response = resp;
         this.response.updatedAt = this.updatedAt;
       });
@@ -714,7 +728,7 @@ RestWrite.prototype.runDatabaseOperation = function() {
       this.data.ACL = ACL;
     } 
     // Run a create
-    return this.config.database.create(this.className, this.data, options)
+    return this.config.database.create(this.className, this.data, this.runOptions)
       .then(() => {
         var resp = {
           objectId: this.data.objectId,

src/rest.js

@@ -56,12 +56,19 @@ function del(config, auth, className, objectId) {
       });
     }
     return Promise.resolve({});
+  }).then(() => {
+    if (!auth.isMaster) {
+      return auth.getUserRoles();
+    }else{
+      return Promise.resolve();
+    }
   }).then(() => {
     var options = {};
     if (!auth.isMaster) {
       options.acl = ['*'];
       if (auth.user) {
         options.acl.push(auth.user.id);
+        options.acl = options.acl.concat(auth.userRoles);
       }
     }