Protected fields pointer-permissions support

[Dobbias]

This PR adds the ability to specify readUserFields columns to set different protectedFieldswhen the current user is contained in such a field.

Fixes #5884 by using the approach discussed in PR 5887.

The extended syntax can be seen in this example:
protectedFields: { Book: { '*': ['profit', 'contract'], 'readUserFields:author': [] }, }

[codecov]

Codecov Report

Merging #5951 into master will decrease coverage by 10.68%.
The diff coverage is 100%.

@@             Coverage Diff             @@
##           master    #5951       +/-   ##
===========================================
- Coverage   93.67%   82.99%   -10.69%     
===========================================
  Files         156      156               
  Lines       10862    10876       +14     
===========================================
- Hits        10175     9026     -1149     
- Misses        687     1850     +1163

Impacted Files	Coverage Δ
src/Controllers/DatabaseController.js	95.02% <100%> (+0.22%)	⬆️
src/Controllers/SchemaController.js	96.38% <100%> (-0.04%)	⬇️
...dapters/Storage/Postgres/PostgresStorageAdapter.js	2.98% <0%> (-93.7%)	⬇️
src/Adapters/Storage/Postgres/PostgresClient.js	78.57% <0%> (-7.15%)	⬇️
src/Controllers/UserController.js	93.45% <0%> (-0.94%)	⬇️
src/Routers/UsersRouter.js	93.54% <0%> (-0.65%)	⬇️
src/Routers/GlobalConfigRouter.js	100% <0%> (ø)	⬆️
src/RestWrite.js	93.56% <0%> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 89e8868...39ca315. Read the comment docs.

[davimacedo]

Thanks for working on this! I've just left few questions.

[davimacedo]

Does it only work together with CLP? I mean, if the CLP is set to public, shouldn't the owner be able to see their protected fields?

[Dobbias]

I'm not exactly sure if I understand your question. But as far as I understand the protectedFields were introduced to allow overriding permissions like public read. When not specifying protectedFields the owner (defined by pointer-permissions) of an object is able to read all fields on the object. If an user chooses to hide any property using the protectedFields for spefici a role or an user/user-array specified by pointer permissions (introduced by this pr), then the field should be hidden.

For the _User class the setup is different. There is code in place to allow the user reading all properties of the corresponding object in the _User collection/table. This was already in place before this pr.

[davimacedo]

That's actually not my question. Checking your code and your examples, it seems that I always need to define the readUserFields in the CLP to have the readUserFields:someUserField working in the protected fields. But I think that those two things should work independently. For example, the test below should pass:

  it('should allow access using single user pointer-permissions', async done => {
        const config = Config.get(Parse.applicationId);
        const obj = new Parse.Object('AnObject');

        obj.set('owner', user1);
        obj.set('test', 'test');
        await obj.save();

        const schema = await config.database.loadSchema();
        await schema.updateClass(
          'AnObject',
          {},
          {
            get: { '*': true },
            find: { '*': true },
            // readUserFields: ['owner'], ---> It shouldn't be required since the public read is already specified
            protectedFields: { '*': ['owner'], 'readUserFields:owner': [] },
          }
        );

        await Parse.User.logIn('user1', 'password');
        const objectAgain = await obj.fetch();
        expect(objectAgain.get('owner').id).toBe(user1.id);
        expect(objectAgain.get('test')).toBe('test');
        done();
      });

[Dobbias]

You are correct by assuming that readUserFields currently has to be set in the CLP. I do like your approach of separating the readUserFields CLP and protectedFields.
But the name readUserFields in CLP suggests that users stored in the field are able to read all (user-) fields. I do think that we need a different prefix for the protectedFields as this is not directly related to the readUserFields anymore.
After separating the two options the only similarity is the way users a stored in the referenced column (Pointer<_User> or Array<Pointer<_User>>).

Maybe userField: this implies that the referenced field contains users.

[davimacedo]

userField:someField looks good to me!

[Dobbias]

Decoupled readUserField CLP and renamed userField as discussed and updated tests to reflect changes.

[davimacedo]

It looks good to me. @dplewis do you want to take a look as well?

[yomybaby]

@davimacedo I think this PR should be released ASAP because of #5967 case. 👍

[davimacedo]

We are doing right now :)
#5978

[yomybaby]

Yeah~ 🎉