MCPcopy Create free account
hub / github.com/parse-community/parse-server / validateCLP

Function validateCLP

src/Controllers/SchemaController.js:271–399  ·  view source on GitHub ↗
(perms: ClassLevelPermissions, fields: SchemaFields, userIdRegExp: RegExp)

Source from the content-addressed store, hash-verified

269
270// validation before setting class-level permissions on collection
271function validateCLP(perms: ClassLevelPermissions, fields: SchemaFields, userIdRegExp: RegExp) {
272 if (!perms) {
273 return;
274 }
275 for (const operationKey in perms) {
276 if (CLPValidKeys.indexOf(operationKey) == -1) {
277 throw new Parse.Error(
278 Parse.Error.INVALID_JSON,
279 `${operationKey} is not a valid operation for class level permissions`
280 );
281 }
282
283 const operation = perms[operationKey];
284 // proceed with next operationKey
285
286 // throws when root fields are of wrong type
287 validateCLPjson(operation, operationKey);
288
289 if (operationKey === 'readUserFields' || operationKey === 'writeUserFields') {
290 // validate grouped pointer permissions
291 // must be an array with field names
292 for (const fieldName of operation) {
293 validatePointerPermission(fieldName, fields, operationKey);
294 }
295 // readUserFields and writerUserFields do not have nesdted fields
296 // proceed with next operationKey
297 continue;
298 }
299
300 // validate protected fields
301 if (operationKey === 'protectedFields') {
302 for (const entity in operation) {
303 // throws on unexpected key
304 validateProtectedFieldsKey(entity, userIdRegExp);
305
306 const protectedFields = operation[entity];
307
308 if (!Array.isArray(protectedFields)) {
309 throw new Parse.Error(
310 Parse.Error.INVALID_JSON,
311 `'${protectedFields}' is not a valid value for protectedFields[${entity}] - expected an array.`
312 );
313 }
314
315 // if the field is in form of array
316 for (const field of protectedFields) {
317 // do not alloow to protect default fields
318 if (defaultColumns._Default[field]) {
319 throw new Parse.Error(
320 Parse.Error.INVALID_JSON,
321 `Default field '${field}' can not be protected`
322 );
323 }
324 // field should exist on collection
325 if (!Object.prototype.hasOwnProperty.call(fields, field)) {
326 throw new Parse.Error(
327 Parse.Error.INVALID_JSON,
328 `Field '${field}' in protectedFields:${entity} does not exist`

Callers 2

validateSchemaDataMethod · 0.85
setPermissionsMethod · 0.85

Calls 5

validateCLPjsonFunction · 0.85
validatePermissionKeyFunction · 0.85
filterMethod · 0.80

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…