sheng168/gist:5311009

## gistfile1.js

/*
 * set an ACL on object with no permissions
 */
exports.lockDown = function(object) {
  acl = new Parse.ACL();

	console.log("removing all access");
	object.setACL(acl);

	return acl;
};

/*
 * return true and call response.error(...) if request.object.get(userField) != currentUser unless using master key
 */
exports.isForgery = function(request, response, userField) {
	var currentUser = Parse.User.current();
	var objectUser = request.object.get(userField);

	if (!objectUser) {
		response.error('should have a valid '+userField);
	} else if (!currentUser) {
		if (request.master) {
			console.log('editing using master key');
			return false; // can do anything from admin
		} else
			response.error('should have a valid login');
	} else if (currentUser.id === objectUser.id) {
		return false;
	} else {
		response.error('Cannot set user on object to other than the current user.');
	}
	return true;
};

/*
 * remove all public read/write access from acl
 */
exports.noPublic = function(acl) {
	if (! acl) {
		console.log("no acl, creating");
		acl = new Parse.ACL();
	}

	console.log("removing public access");
	acl.setPublicReadAccess(false);
	acl.setPublicWriteAccess(false);

	return acl;
};

/*
 * give user and user roles read/write access
 */
exports.addOwner = function(acl, user) {
	if (! acl) {
		console.log("no acl, creating");
		acl = new Parse.ACL();
	}

	console.log("giving read/write to " + user);
	acl.setReadAccess(user, true);
	acl.setWriteAccess(user, true);

	acl.setRoleReadAccess('user_'+user.id+'_read', true);
	acl.setRoleWriteAccess('user_'+user.id+'_write', true);

	return acl;
};

/*
 * give role read access
 */
exports.addRoleReader = function(acl, role) {
	if (! acl) {
		console.log("no acl, creating");
		acl = new Parse.ACL();
	}

	console.log("giving read to role " + role);
	acl.setRoleReadAccess(role, true);

	return acl;
};

/*
 * give group read access
 */
exports.addGroupReader = function(acl, group) {
//	if (! acl) {
//		console.log("no acl, creating");
//		acl = new Parse.ACL();
//	}

	if (group) {
		console.log("giving read to group " + group);

		exports.addRoleReader(acl, 'group_' + group.id);
	} else {
		console.log("group is null");
	}

	return acl;
};

// ******************* deprecated ***********


exports.update = exports.noPublic;

	/*
	* set an ACL on object with no permissions
	*/
	exports.lockDown = function(object) {
	acl = new Parse.ACL();

	console.log("removing all access");
	object.setACL(acl);

	return acl;
	};

	/*
	* return true and call response.error(...) if request.object.get(userField) != currentUser unless using master key
	*/
	exports.isForgery = function(request, response, userField) {
	var currentUser = Parse.User.current();
	var objectUser = request.object.get(userField);

	if (!objectUser) {
	response.error('should have a valid '+userField);
	} else if (!currentUser) {
	if (request.master) {
	console.log('editing using master key');
	return false; // can do anything from admin
	} else
	response.error('should have a valid login');
	} else if (currentUser.id === objectUser.id) {
	return false;
	} else {
	response.error('Cannot set user on object to other than the current user.');
	}
	return true;
	};

	/*
	* remove all public read/write access from acl
	*/
	exports.noPublic = function(acl) {
	if (! acl) {
	console.log("no acl, creating");
	acl = new Parse.ACL();
	}

	console.log("removing public access");
	acl.setPublicReadAccess(false);
	acl.setPublicWriteAccess(false);

	return acl;
	};

	/*
	* give user and user roles read/write access
	*/
	exports.addOwner = function(acl, user) {
	if (! acl) {
	console.log("no acl, creating");
	acl = new Parse.ACL();
	}

	console.log("giving read/write to " + user);
	acl.setReadAccess(user, true);
	acl.setWriteAccess(user, true);

	acl.setRoleReadAccess('user_'+user.id+'_read', true);
	acl.setRoleWriteAccess('user_'+user.id+'_write', true);

	return acl;
	};

	/*
	* give role read access
	*/
	exports.addRoleReader = function(acl, role) {
	if (! acl) {
	console.log("no acl, creating");
	acl = new Parse.ACL();
	}

	console.log("giving read to role " + role);
	acl.setRoleReadAccess(role, true);

	return acl;
	};

	/*
	* give group read access
	*/
	exports.addGroupReader = function(acl, group) {
	// if (! acl) {
	// console.log("no acl, creating");
	// acl = new Parse.ACL();
	// }

	if (group) {
	console.log("giving read to group " + group);

	exports.addRoleReader(acl, 'group_' + group.id);
	} else {
	console.log("group is null");
	}

	return acl;
	};

	// ***************** deprecated *********


	exports.update = exports.noPublic;