Fix checking existent class for allowClientClassCreation (#2051)

parse-community · Jun 13, 2016 · 0ec78d4 · 0ec78d4
1 parent 2cc1b0c
commit 0ec78d4
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 20 deletions.
diff --git a/spec/RestCreate.spec.js b/spec/RestCreate.spec.js
@@ -91,6 +91,21 @@ describe('rest create', () => {
     });
   });
 
+  it('handles create on existent class when disabled client class creation', (done) => {
+    var customConfig = Object.assign({}, config, {allowClientClassCreation: false});
+    config.database.loadSchema()
+    .then(schema => schema.addClassIfNotExists('ClientClassCreation', {}))
+    .then(actualSchema => {
+      expect(actualSchema.className).toEqual('ClientClassCreation');
+      return rest.create(customConfig, auth.nobody(customConfig), 'ClientClassCreation', {});
+    })
+    .then(() => {
+      done();
+    }, err => {
+      fail('Should not throw error')
+    });
+  });
+
   it('handles user signup', (done) => {
     var user = {
       username: 'asdf',

diff --git a/spec/RestQuery.spec.js b/spec/RestQuery.spec.js
@@ -145,6 +145,22 @@ describe('rest query', () => {
     });
   });
 
+  it('query existent class when disabled client class creation', (done) => {
+    var customConfig = Object.assign({}, config, {allowClientClassCreation: false});
+    config.database.loadSchema()
+    .then(schema => schema.addClassIfNotExists('ClientClassCreation', {}))
+    .then(actualSchema => {
+      expect(actualSchema.className).toEqual('ClientClassCreation');
+      return rest.find(customConfig, auth.nobody(customConfig), 'ClientClassCreation', {});
+    })
+    .then((result) => {
+      expect(result.results.length).toEqual(0);
+      done();
+    }, err => {
+      fail('Should not throw error')
+    });
+  });
+
   it('query with wrongly encoded parameter', (done) => {
     rest.create(config, nobody, 'TestParameterEncode', {foo: 'bar'}
     ).then(() => {

diff --git a/src/RestQuery.js b/src/RestQuery.js
@@ -171,17 +171,16 @@ RestQuery.prototype.redirectClassNameForKey = function() {
 
 // Validates this operation against the allowClientClassCreation config.
 RestQuery.prototype.validateClientClassCreation = function() {
-  let sysClass = SchemaController.systemClasses;
   if (this.config.allowClientClassCreation === false && !this.auth.isMaster
-      && sysClass.indexOf(this.className) === -1) {
-    return this.config.database.collectionExists(this.className).then((hasClass) => {
-      if (hasClass === true) {
-        return Promise.resolve();
-      }
-
-      throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
-                            'This user is not allowed to access ' +
-                            'non-existent class: ' + this.className);
+      && SchemaController.systemClasses.indexOf(this.className) === -1) {
+    return this.config.database.loadSchema()
+      .then(schemaController => schemaController.hasClass(this.className))
+      .then(hasClass => {
+        if (hasClass !== true) {
+          throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
+                                'This user is not allowed to access ' +
+                                'non-existent class: ' + this.className);
+        }
     });
   } else {
     return Promise.resolve();

diff --git a/src/RestWrite.js b/src/RestWrite.js
@@ -114,17 +114,16 @@ RestWrite.prototype.getUserAndRoleACL = function() {
 
 // Validates this operation against the allowClientClassCreation config.
 RestWrite.prototype.validateClientClassCreation = function() {
-  let sysClass = SchemaController.systemClasses;
   if (this.config.allowClientClassCreation === false && !this.auth.isMaster
-      && sysClass.indexOf(this.className) === -1) {
-    return this.config.database.collectionExists(this.className).then((hasClass) => {
-      if (hasClass === true) {
-        return;
-      }
-
-      throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
-                            'This user is not allowed to access ' +
-                            'non-existent class: ' + this.className);
+      && SchemaController.systemClasses.indexOf(this.className) === -1) {
+    return this.config.database.loadSchema()
+      .then(schemaController => schemaController.hasClass(this.className))
+      .then(hasClass => {
+        if (hasClass !== true) {
+          throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
+                                'This user is not allowed to access ' +
+                                'non-existent class: ' + this.className);
+        }
     });
   } else {
     return Promise.resolve();