From 0ec78d478b80b4183ce779baba647544b79471fb Mon Sep 17 00:00:00 2001
From: Marco Cheung <Marco129@users.noreply.github.com>
Date: Tue, 14 Jun 2016 00:21:52 +0800
Subject: [PATCH] Fix checking existent class for allowClientClassCreation
 (#2051)

---
 spec/RestCreate.spec.js | 15 +++++++++++++++
 spec/RestQuery.spec.js  | 16 ++++++++++++++++
 src/RestQuery.js        | 19 +++++++++----------
 src/RestWrite.js        | 19 +++++++++----------
 4 files changed, 49 insertions(+), 20 deletions(-)

diff --git a/spec/RestCreate.spec.js b/spec/RestCreate.spec.js
index 55822cb406..0bd51aa683 100644
--- a/spec/RestCreate.spec.js
+++ b/spec/RestCreate.spec.js
@@ -91,6 +91,21 @@ describe('rest create', () => {
     });
   });
 
+  it('handles create on existent class when disabled client class creation', (done) => {
+    var customConfig = Object.assign({}, config, {allowClientClassCreation: false});
+    config.database.loadSchema()
+    .then(schema => schema.addClassIfNotExists('ClientClassCreation', {}))
+    .then(actualSchema => {
+      expect(actualSchema.className).toEqual('ClientClassCreation');
+      return rest.create(customConfig, auth.nobody(customConfig), 'ClientClassCreation', {});
+    })
+    .then(() => {
+      done();
+    }, err => {
+      fail('Should not throw error')
+    });
+  });
+
   it('handles user signup', (done) => {
     var user = {
       username: 'asdf',
diff --git a/spec/RestQuery.spec.js b/spec/RestQuery.spec.js
index 12bfa6a178..a0e49b8ee1 100644
--- a/spec/RestQuery.spec.js
+++ b/spec/RestQuery.spec.js
@@ -145,6 +145,22 @@ describe('rest query', () => {
     });
   });
 
+  it('query existent class when disabled client class creation', (done) => {
+    var customConfig = Object.assign({}, config, {allowClientClassCreation: false});
+    config.database.loadSchema()
+    .then(schema => schema.addClassIfNotExists('ClientClassCreation', {}))
+    .then(actualSchema => {
+      expect(actualSchema.className).toEqual('ClientClassCreation');
+      return rest.find(customConfig, auth.nobody(customConfig), 'ClientClassCreation', {});
+    })
+    .then((result) => {
+      expect(result.results.length).toEqual(0);
+      done();
+    }, err => {
+      fail('Should not throw error')
+    });
+  });
+
   it('query with wrongly encoded parameter', (done) => {
     rest.create(config, nobody, 'TestParameterEncode', {foo: 'bar'}
     ).then(() => {
diff --git a/src/RestQuery.js b/src/RestQuery.js
index a1d48fa7e8..387052878e 100644
--- a/src/RestQuery.js
+++ b/src/RestQuery.js
@@ -171,17 +171,16 @@ RestQuery.prototype.redirectClassNameForKey = function() {
 
 // Validates this operation against the allowClientClassCreation config.
 RestQuery.prototype.validateClientClassCreation = function() {
-  let sysClass = SchemaController.systemClasses;
   if (this.config.allowClientClassCreation === false && !this.auth.isMaster
-      && sysClass.indexOf(this.className) === -1) {
-    return this.config.database.collectionExists(this.className).then((hasClass) => {
-      if (hasClass === true) {
-        return Promise.resolve();
-      }
-
-      throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
-                            'This user is not allowed to access ' +
-                            'non-existent class: ' + this.className);
+      && SchemaController.systemClasses.indexOf(this.className) === -1) {
+    return this.config.database.loadSchema()
+      .then(schemaController => schemaController.hasClass(this.className))
+      .then(hasClass => {
+        if (hasClass !== true) {
+          throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
+                                'This user is not allowed to access ' +
+                                'non-existent class: ' + this.className);
+        }
     });
   } else {
     return Promise.resolve();
diff --git a/src/RestWrite.js b/src/RestWrite.js
index 78478025ab..9479991032 100644
--- a/src/RestWrite.js
+++ b/src/RestWrite.js
@@ -114,17 +114,16 @@ RestWrite.prototype.getUserAndRoleACL = function() {
 
 // Validates this operation against the allowClientClassCreation config.
 RestWrite.prototype.validateClientClassCreation = function() {
-  let sysClass = SchemaController.systemClasses;
   if (this.config.allowClientClassCreation === false && !this.auth.isMaster
-      && sysClass.indexOf(this.className) === -1) {
-    return this.config.database.collectionExists(this.className).then((hasClass) => {
-      if (hasClass === true) {
-        return;
-      }
-
-      throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
-                            'This user is not allowed to access ' +
-                            'non-existent class: ' + this.className);
+      && SchemaController.systemClasses.indexOf(this.className) === -1) {
+    return this.config.database.loadSchema()
+      .then(schemaController => schemaController.hasClass(this.className))
+      .then(hasClass => {
+        if (hasClass !== true) {
+          throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
+                                'This user is not allowed to access ' +
+                                'non-existent class: ' + this.className);
+        }
     });
   } else {
     return Promise.resolve();