Created
April 4, 2013 14:50
-
-
Save sheng168/5311009 to your computer and use it in GitHub Desktop.
parse.com security cloudcode
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* set an ACL on object with no permissions | |
*/ | |
exports.lockDown = function(object) { | |
acl = new Parse.ACL(); | |
console.log("removing all access"); | |
object.setACL(acl); | |
return acl; | |
}; | |
/* | |
* return true and call response.error(...) if request.object.get(userField) != currentUser unless using master key | |
*/ | |
exports.isForgery = function(request, response, userField) { | |
var currentUser = Parse.User.current(); | |
var objectUser = request.object.get(userField); | |
if (!objectUser) { | |
response.error('should have a valid '+userField); | |
} else if (!currentUser) { | |
if (request.master) { | |
console.log('editing using master key'); | |
return false; // can do anything from admin | |
} else | |
response.error('should have a valid login'); | |
} else if (currentUser.id === objectUser.id) { | |
return false; | |
} else { | |
response.error('Cannot set user on object to other than the current user.'); | |
} | |
return true; | |
}; | |
/* | |
* remove all public read/write access from acl | |
*/ | |
exports.noPublic = function(acl) { | |
if (! acl) { | |
console.log("no acl, creating"); | |
acl = new Parse.ACL(); | |
} | |
console.log("removing public access"); | |
acl.setPublicReadAccess(false); | |
acl.setPublicWriteAccess(false); | |
return acl; | |
}; | |
/* | |
* give user and user roles read/write access | |
*/ | |
exports.addOwner = function(acl, user) { | |
if (! acl) { | |
console.log("no acl, creating"); | |
acl = new Parse.ACL(); | |
} | |
console.log("giving read/write to " + user); | |
acl.setReadAccess(user, true); | |
acl.setWriteAccess(user, true); | |
acl.setRoleReadAccess('user_'+user.id+'_read', true); | |
acl.setRoleWriteAccess('user_'+user.id+'_write', true); | |
return acl; | |
}; | |
/* | |
* give role read access | |
*/ | |
exports.addRoleReader = function(acl, role) { | |
if (! acl) { | |
console.log("no acl, creating"); | |
acl = new Parse.ACL(); | |
} | |
console.log("giving read to role " + role); | |
acl.setRoleReadAccess(role, true); | |
return acl; | |
}; | |
/* | |
* give group read access | |
*/ | |
exports.addGroupReader = function(acl, group) { | |
// if (! acl) { | |
// console.log("no acl, creating"); | |
// acl = new Parse.ACL(); | |
// } | |
if (group) { | |
console.log("giving read to group " + group); | |
exports.addRoleReader(acl, 'group_' + group.id); | |
} else { | |
console.log("group is null"); | |
} | |
return acl; | |
}; | |
// ******************* deprecated *********** | |
exports.update = exports.noPublic; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment