Class: Parse::Constraint::NotReadableByConstraint
- Inherits:
-
Constraint
- Object
- Constraint
- Parse::Constraint::NotReadableByConstraint
- Defined in:
- lib/parse/query/constraints.rb
Overview
Note:
"Not readable by X" excludes rows readable by X directly, via any role X inherits, AND publicly — so a User value expands its roles and the public +"*"+ is always added to the exclusion set.
Note:
This constraint uses aggregation pipeline because Parse Server restricts direct queries on the internal _rperm field.
ACL NOT Readable By Constraint Query objects that are NOT readable by the specified users/roles. Useful for finding objects hidden from specific users.
Instance Method Summary collapse
Instance Method Details
#build ⇒ Object
3232 3233 3234 3235 3236 3237 3238 3239 3240 3241 3242 3243 3244 3245 3246 3247 3248 3249 3250 3251 3252 |
# File 'lib/parse/query/constraints.rb', line 3232 def build keys = ACLPermissions.collect_for_negation(@value) return { "__aggregation_pipeline" => [] } if keys.empty? # Find objects whose _rperm EXISTS and does NOT contain any of the # keys. The `$exists: true` guard is essential: Parse Server treats a # missing `_rperm` as publicly readable, and MongoDB's `$nin` matches # documents where the field is absent. Without the guard, # `not_readable_by("*")` (i.e. #not_publicly_readable) would MATCH the # public-by-absence rows it is meant to exclude — inverting the result # and giving a security audit a false sense of safety. pipeline = [ { "$match" => { "_rperm" => { "$exists" => true, "$nin" => keys }, }, }, ] { "__aggregation_pipeline" => pipeline } end |