parse-stack-next 5.5.3 → 5.5.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -4
- data/README.md +26 -13
- data/bin/parse-console +9 -1
- data/docs/TEST_SERVER.md +115 -238
- data/docs/mcp_guide.md +1 -1
- data/docs/mongodb_index_optimization_guide.md +3 -2
- data/docs/usage_guide.md +1 -1
- data/docs/yard-template/default/fulldoc/html/css/common.css +52 -9
- data/docs/yard-template/default/fulldoc/html/css/full_list.css +40 -13
- data/lib/parse/agent/constraint_translator.rb +18 -18
- data/lib/parse/agent/errors.rb +29 -7
- data/lib/parse/agent/metadata_dsl.rb +6 -6
- data/lib/parse/agent/tools.rb +250 -59
- data/lib/parse/agent.rb +42 -30
- data/lib/parse/api/aggregate.rb +3 -3
- data/lib/parse/api/cloud_functions.rb +19 -10
- data/lib/parse/api/objects.rb +8 -8
- data/lib/parse/api/users.rb +9 -9
- data/lib/parse/atlas_search/session.rb +34 -34
- data/lib/parse/atlas_search.rb +243 -110
- data/lib/parse/client/body_builder.rb +10 -10
- data/lib/parse/client/logging.rb +5 -2
- data/lib/parse/client/profiling.rb +5 -2
- data/lib/parse/client/protocol.rb +1 -1
- data/lib/parse/client/url_redaction.rb +94 -0
- data/lib/parse/client.rb +43 -28
- data/lib/parse/embeddings/image_fetch.rb +6 -1
- data/lib/parse/embeddings/voyage.rb +16 -17
- data/lib/parse/live_query/client.rb +7 -7
- data/lib/parse/live_query/subscription.rb +1 -1
- data/lib/parse/lock.rb +1 -1
- data/lib/parse/lock_backend.rb +118 -2
- data/lib/parse/model/acl.rb +24 -24
- data/lib/parse/model/classes/job_schedule.rb +8 -8
- data/lib/parse/model/classes/job_status.rb +9 -9
- data/lib/parse/model/classes/role.rb +49 -49
- data/lib/parse/model/classes/session.rb +2 -2
- data/lib/parse/model/classes/user.rb +66 -66
- data/lib/parse/model/core/builder.rb +7 -7
- data/lib/parse/model/core/create_lock.rb +1 -1
- data/lib/parse/model/core/properties.rb +4 -4
- data/lib/parse/model/file.rb +57 -16
- data/lib/parse/model/model.rb +19 -19
- data/lib/parse/model/object.rb +38 -38
- data/lib/parse/model/pointer.rb +4 -4
- data/lib/parse/model/push.rb +5 -5
- data/lib/parse/mongodb.rb +84 -26
- data/lib/parse/pipeline_security.rb +2 -2
- data/lib/parse/query/constraints.rb +38 -38
- data/lib/parse/query.rb +151 -75
- data/lib/parse/retrieval/reranker/cohere.rb +30 -0
- data/lib/parse/schema.rb +1 -1
- data/lib/parse/stack/version.rb +1 -1
- data/lib/parse/stack.rb +23 -10
- data/lib/parse/two_factor_auth/user_extension.rb +25 -25
- data/lib/parse/webhooks/payload.rb +35 -35
- data/lib/parse/webhooks/registration.rb +2 -2
- data/lib/parse/webhooks/replay_protection.rb +16 -16
- data/lib/parse/webhooks.rb +11 -11
- data/parse-stack-next.gemspec +19 -1
- metadata +2 -38
- data/.bundle/config +0 -5
- data/.env.sample +0 -138
- data/.env.test +0 -10
- data/.github/ISSUE_TEMPLATE/bug_report.yml +0 -105
- data/.github/ISSUE_TEMPLATE/feature_request.yml +0 -67
- data/.github/dependabot.yml +0 -13
- data/.github/workflows/codeql.yml +0 -44
- data/.github/workflows/docs.yml +0 -39
- data/.github/workflows/release.yml +0 -43
- data/.github/workflows/ruby.yml +0 -38
- data/.gitignore +0 -56
- data/.ruby-version +0 -1
- data/.solargraph.yml +0 -22
- data/.vscode/settings.json +0 -3
- data/.yardopts +0 -19
- data/Gemfile +0 -43
- data/Gemfile.lock +0 -198
- data/Makefile +0 -63
- data/Rakefile +0 -825
- data/config/parse-config.json +0 -12
- data/scripts/debug-ips.js +0 -35
- data/scripts/docker/Dockerfile.parse +0 -17
- data/scripts/docker/atlas-init.js +0 -284
- data/scripts/docker/docker-compose.atlas.yml +0 -80
- data/scripts/docker/docker-compose.test.yml +0 -159
- data/scripts/docker/docker-compose.verifyemail.yml +0 -4
- data/scripts/docker/mongo-init.js +0 -21
- data/scripts/docker/preflight.sh +0 -76
- data/scripts/eval_mcp_with_lm_studio.rb +0 -274
- data/scripts/start-parse.sh +0 -154
- data/scripts/start_mcp_server.rb +0 -78
- data/scripts/test_server_connection.rb +0 -82
- data/scripts/vector_prototype/create_vector_index.js +0 -105
- data/scripts/vector_prototype/fetch_embeddings.py +0 -241
- data/scripts/vector_prototype/fixture_manifest.json +0 -9
- data/scripts/vector_prototype/query_prototype.rb +0 -84
- data/scripts/vector_prototype/run.sh +0 -34
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
module Parse
|
|
8
8
|
# This class represents the data and columns contained in the standard Parse
|
|
9
9
|
# `_JobSchedule` collection. Rows here define recurring runs for background
|
|
10
|
-
# jobs registered via
|
|
10
|
+
# jobs registered via `Parse.Cloud.job(...)`. The collection is populated by
|
|
11
11
|
# the Parse Dashboard's "Schedule a Job" UI and consumed by Parse Server's
|
|
12
12
|
# scheduler.
|
|
13
13
|
#
|
|
@@ -29,7 +29,7 @@ module Parse
|
|
|
29
29
|
# *Defining and scheduling a job*
|
|
30
30
|
#
|
|
31
31
|
# The job itself is registered in Parse Server's Cloud Code (server-side
|
|
32
|
-
# JavaScript). See {Parse::JobStatus} for the
|
|
32
|
+
# JavaScript). See {Parse::JobStatus} for the `Parse.Cloud.job(...)`
|
|
33
33
|
# registration example.
|
|
34
34
|
#
|
|
35
35
|
# Schedules are normally created through the Parse Dashboard "Jobs" tab,
|
|
@@ -44,8 +44,8 @@ module Parse
|
|
|
44
44
|
# `_JobSchedule` is a metadata collection: it stores schedule definitions
|
|
45
45
|
# but Parse Server itself does not auto-trigger jobs from these rows. The
|
|
46
46
|
# actual dispatch is performed by external tooling (e.g.
|
|
47
|
-
#
|
|
48
|
-
# process) which reads `_JobSchedule` and fires
|
|
47
|
+
# `parse-server-scheduler`, dashboard-driven cron wrappers, or a sidecar
|
|
48
|
+
# process) which reads `_JobSchedule` and fires `POST /parse/jobs/<name>`
|
|
49
49
|
# at the appropriate times. Run status rows then appear in
|
|
50
50
|
# {Parse::JobStatus}.
|
|
51
51
|
#
|
|
@@ -102,8 +102,8 @@ module Parse
|
|
|
102
102
|
|
|
103
103
|
# @!attribute days_of_week
|
|
104
104
|
# Array of day-of-week identifiers indicating which days the job is
|
|
105
|
-
# eligible to run. The exact token set (e.g.
|
|
106
|
-
#
|
|
105
|
+
# eligible to run. The exact token set (e.g. `"mon"`/`"tue"`/... vs.
|
|
106
|
+
# `0`..`6`) is determined by the scheduler tooling that writes the row;
|
|
107
107
|
# the Parse Server schema only requires that the column hold an array.
|
|
108
108
|
# @return [Array]
|
|
109
109
|
property :days_of_week, :array
|
|
@@ -116,9 +116,9 @@ module Parse
|
|
|
116
116
|
|
|
117
117
|
# @!attribute last_run
|
|
118
118
|
# Raw `Number` timestamp recording the previous run. The unit is
|
|
119
|
-
# scheduler-defined — most external schedulers write
|
|
119
|
+
# scheduler-defined — most external schedulers write `Date.now()`
|
|
120
120
|
# milliseconds, but the canonical Parse Server schema only declares
|
|
121
|
-
#
|
|
121
|
+
# `Number` and does not pin a unit. Treat values written by one
|
|
122
122
|
# scheduler as opaque to others.
|
|
123
123
|
# @return [Integer]
|
|
124
124
|
property :last_run, :integer
|
|
@@ -7,8 +7,8 @@
|
|
|
7
7
|
module Parse
|
|
8
8
|
# This class represents the data and columns contained in the standard Parse
|
|
9
9
|
# `_JobStatus` collection. Parse Server writes a row here every time a
|
|
10
|
-
# background job (registered via
|
|
11
|
-
# outcome and any status/message updates emitted via
|
|
10
|
+
# background job (registered via `Parse.Cloud.job(...)`) runs, recording its
|
|
11
|
+
# outcome and any status/message updates emitted via `response.message(...)`.
|
|
12
12
|
#
|
|
13
13
|
# The default schema for {JobStatus} is as follows:
|
|
14
14
|
#
|
|
@@ -94,27 +94,27 @@ module Parse
|
|
|
94
94
|
|
|
95
95
|
# @!attribute job_name
|
|
96
96
|
# The name the job was registered under (the first argument to
|
|
97
|
-
#
|
|
97
|
+
# `Parse.Cloud.job`).
|
|
98
98
|
# @return [String]
|
|
99
99
|
property :job_name
|
|
100
100
|
|
|
101
101
|
# @!attribute source
|
|
102
|
-
# How the job was invoked. Parse Server itself hard-codes
|
|
103
|
-
#
|
|
102
|
+
# How the job was invoked. Parse Server itself hard-codes `"api"` in
|
|
103
|
+
# `StatusHandler.js` for runs triggered via `POST /parse/jobs/<name>`;
|
|
104
104
|
# external schedulers (parse-server-scheduler, dashboard cron tooling)
|
|
105
|
-
# may inject other values when they create the
|
|
105
|
+
# may inject other values when they create the `_JobStatus` row.
|
|
106
106
|
# @return [String]
|
|
107
107
|
property :source
|
|
108
108
|
|
|
109
109
|
# @!attribute status
|
|
110
|
-
# Current state of the job run. Common values are
|
|
111
|
-
#
|
|
110
|
+
# Current state of the job run. Common values are `"running"`,
|
|
111
|
+
# `"succeeded"`, and `"failed"`.
|
|
112
112
|
# @return [String]
|
|
113
113
|
property :status
|
|
114
114
|
|
|
115
115
|
# @!attribute message
|
|
116
116
|
# The most recent status message emitted by the job via
|
|
117
|
-
#
|
|
117
|
+
# `response.message(...)`.
|
|
118
118
|
# @return [String]
|
|
119
119
|
property :message
|
|
120
120
|
|
|
@@ -114,34 +114,34 @@ module Parse
|
|
|
114
114
|
# Return the transitive upward closure of role names a user
|
|
115
115
|
# inherits permissions from.
|
|
116
116
|
#
|
|
117
|
-
# Parse Server
|
|
118
|
-
# in its
|
|
119
|
-
# permissions. So given a user
|
|
117
|
+
# Parse Server `_Role` inheritance: when role `X` holds role `Y`
|
|
118
|
+
# in its `roles` relation, users of `Y` inherit `X`'s
|
|
119
|
+
# permissions. So given a user `U`, the permission set is built
|
|
120
120
|
# by:
|
|
121
121
|
#
|
|
122
|
-
# 1. Querying for every role
|
|
123
|
-
# (
|
|
124
|
-
# 2. For each direct role
|
|
125
|
-
#
|
|
122
|
+
# 1. Querying for every role `D` where `U` is a direct member
|
|
123
|
+
# (`_Role.users` contains `U`).
|
|
124
|
+
# 2. For each direct role `D`, walking upward to every role
|
|
125
|
+
# `P` that lists `D` in its `roles` relation. Repeat until
|
|
126
126
|
# no new parents are found.
|
|
127
127
|
#
|
|
128
|
-
# This is the correct primitive for building
|
|
128
|
+
# This is the correct primitive for building `_rperm` predicates
|
|
129
129
|
# (e.g., {ACLReadableByConstraint}, {ACLWritableByConstraint},
|
|
130
|
-
# and the Atlas Search ACL
|
|
130
|
+
# and the Atlas Search ACL `$match` injection). The legacy walk
|
|
131
131
|
# via {#all_child_roles} on the user's direct roles traverses
|
|
132
132
|
# the wrong direction and over-grants — it returns roles whose
|
|
133
133
|
# users include the input user through inheritance, not the
|
|
134
134
|
# roles the input user inherits permissions from.
|
|
135
135
|
#
|
|
136
136
|
# Cycle-safe: a visited-id set guards against pathological
|
|
137
|
-
#
|
|
137
|
+
# `_Role.roles` cycles (e.g. A→B→A).
|
|
138
138
|
#
|
|
139
139
|
# @param user [Parse::User, Parse::Pointer, String, nil] the
|
|
140
|
-
# user to expand. A
|
|
141
|
-
# class. A
|
|
140
|
+
# user to expand. A `Parse::Pointer` must be on the `_User`
|
|
141
|
+
# class. A `String` is treated as a `_User` objectId. `nil`
|
|
142
142
|
# returns an empty set (anonymous).
|
|
143
143
|
# @param max_depth [Integer] maximum BFS depth (default: 10).
|
|
144
|
-
# @param master [Boolean] when
|
|
144
|
+
# @param master [Boolean] when `true`, opt in to the mongo-direct
|
|
145
145
|
# fast path under master-mode (bypasses `_Role` CLP). Use for
|
|
146
146
|
# admin/analytics code paths that legitimately need a
|
|
147
147
|
# master-scope view of the role graph.
|
|
@@ -150,7 +150,7 @@ module Parse
|
|
|
150
150
|
# scope (subject to `_Role` CLP). The scope is forwarded
|
|
151
151
|
# verbatim to {Parse::MongoDB.role_names_for_user}; CLP denial
|
|
152
152
|
# raises {Parse::CLPScope::Denied}.
|
|
153
|
-
# @return [Set<String>] role names (no
|
|
153
|
+
# @return [Set<String>] role names (no `role:` prefix) the user
|
|
154
154
|
# transitively inherits permissions from, including direct
|
|
155
155
|
# memberships. Empty set for anonymous or no-membership users.
|
|
156
156
|
# @note When neither `master:` nor `as:` is supplied, the
|
|
@@ -248,19 +248,19 @@ module Parse
|
|
|
248
248
|
end
|
|
249
249
|
|
|
250
250
|
# Walk upward from a starting frontier of {Parse::Role} objects
|
|
251
|
-
# through the
|
|
251
|
+
# through the `_Role.roles` inverse relation, collecting every
|
|
252
252
|
# role name reachable. Used by {.all_for_user} (frontier = the
|
|
253
253
|
# user's direct roles) and {Parse::Role#all_parent_role_names}
|
|
254
254
|
# (frontier = the role itself).
|
|
255
255
|
#
|
|
256
256
|
# The starting frontier is INCLUDED in the returned set, because
|
|
257
|
-
# the semantics is "every role name whose presence in
|
|
257
|
+
# the semantics is "every role name whose presence in `_rperm`
|
|
258
258
|
# grants access" — direct membership counts.
|
|
259
259
|
#
|
|
260
260
|
# @param starting_roles [Array<Parse::Role>] roles to begin the
|
|
261
261
|
# upward traversal from.
|
|
262
262
|
# @param max_depth [Integer] maximum BFS depth.
|
|
263
|
-
# @return [Set<String>] role names (no
|
|
263
|
+
# @return [Set<String>] role names (no `role:` prefix) including
|
|
264
264
|
# the starting frontier and every transitive parent.
|
|
265
265
|
def expand_inheritance_upward(starting_roles, max_depth: 10)
|
|
266
266
|
names = Set.new
|
|
@@ -303,9 +303,9 @@ module Parse
|
|
|
303
303
|
private
|
|
304
304
|
|
|
305
305
|
# @!visibility private
|
|
306
|
-
# Coerce caller-supplied user argument into a
|
|
307
|
-
# on
|
|
308
|
-
#
|
|
306
|
+
# Coerce caller-supplied user argument into a `Parse::Pointer`
|
|
307
|
+
# on `_User` suitable for an inverse-relation query. Returns
|
|
308
|
+
# `nil` when the input cannot be resolved to a `_User` id, in
|
|
309
309
|
# which case {.all_for_user} returns an empty set without
|
|
310
310
|
# issuing a network call.
|
|
311
311
|
def role_lookup_pointer_for(user)
|
|
@@ -375,7 +375,7 @@ module Parse
|
|
|
375
375
|
# IMPORTANT — Parse Server _Role inheritance semantics: when role X
|
|
376
376
|
# holds role Y in its `roles` relation, **users of Y inherit X's
|
|
377
377
|
# permissions** (not the other way around). So calling
|
|
378
|
-
#
|
|
378
|
+
# `admin.add_child_role(moderator)` does NOT grant Moderator's
|
|
379
379
|
# capabilities to Admin; it grants Admin's capabilities to every
|
|
380
380
|
# Moderator user — privilege escalation.
|
|
381
381
|
#
|
|
@@ -393,7 +393,7 @@ module Parse
|
|
|
393
393
|
#
|
|
394
394
|
# @param role [Parse::Role] the role to add to this role's `roles` relation.
|
|
395
395
|
# @return [self] returns self for chaining.
|
|
396
|
-
# @raise [ArgumentError] when
|
|
396
|
+
# @raise [ArgumentError] when `role` is `self` (a self-loop in the `_Role.roles` relation produces an infinite recursion on lookup and serves no permission purpose).
|
|
397
397
|
def add_child_role(role)
|
|
398
398
|
assert_not_self_reference!(role, :add_child_role)
|
|
399
399
|
roles.add(role)
|
|
@@ -404,7 +404,7 @@ module Parse
|
|
|
404
404
|
# {#add_child_role} for the inheritance-direction caveat.
|
|
405
405
|
# @param role_list [Array<Parse::Role>] roles to add.
|
|
406
406
|
# @return [self] returns self for chaining.
|
|
407
|
-
# @raise [ArgumentError] when any entry in
|
|
407
|
+
# @raise [ArgumentError] when any entry in `role_list` is `self`.
|
|
408
408
|
def add_child_roles(*role_list)
|
|
409
409
|
flat = role_list.flatten
|
|
410
410
|
flat.each { |r| assert_not_self_reference!(r, :add_child_roles) }
|
|
@@ -429,11 +429,11 @@ module Parse
|
|
|
429
429
|
end
|
|
430
430
|
|
|
431
431
|
# Grant this role's capabilities to the given role's users. Reads as:
|
|
432
|
-
# "users with
|
|
433
|
-
# Equivalent to
|
|
432
|
+
# "users with `grantee` now have `self`'s capabilities."
|
|
433
|
+
# Equivalent to `self.add_child_role(grantee)` but unambiguous about
|
|
434
434
|
# the direction of inheritance.
|
|
435
435
|
#
|
|
436
|
-
# Non-saving — the caller must call
|
|
436
|
+
# Non-saving — the caller must call `self.save` to persist. See
|
|
437
437
|
# {#grant_capabilities_to!} for the auto-saving variant.
|
|
438
438
|
#
|
|
439
439
|
# @param grantee [Parse::Role] the role whose users will inherit this role's permissions.
|
|
@@ -448,7 +448,7 @@ module Parse
|
|
|
448
448
|
end
|
|
449
449
|
|
|
450
450
|
# Auto-saving variant of {#grant_capabilities_to}. Performs the
|
|
451
|
-
# relation mutation AND persists
|
|
451
|
+
# relation mutation AND persists `self` in one call. Returns `self`
|
|
452
452
|
# consistently so the caller can chain or store the result without
|
|
453
453
|
# tracking which object was mutated. Prefer this in tests and
|
|
454
454
|
# one-shot scripts where batching multiple mutations isn't needed.
|
|
@@ -466,19 +466,19 @@ module Parse
|
|
|
466
466
|
end
|
|
467
467
|
|
|
468
468
|
# Inverse spelling of {#grant_capabilities_to}: "this role's users
|
|
469
|
-
# inherit
|
|
470
|
-
# on
|
|
469
|
+
# inherit `source`'s capabilities". Performs the relation mutation
|
|
470
|
+
# on `source`, not on `self`.
|
|
471
471
|
#
|
|
472
|
-
# **Save target.** The mutation lives on
|
|
473
|
-
# the caller must save
|
|
472
|
+
# **Save target.** The mutation lives on `source.roles`. To persist,
|
|
473
|
+
# the caller must save `source`, NOT `self`. This asymmetry exists
|
|
474
474
|
# because Parse Server stores the relation on the role that holds
|
|
475
|
-
# the
|
|
475
|
+
# the `roles` list, and that role is `source`. The non-bang form is
|
|
476
476
|
# retained for callers that need to batch multiple mutations on
|
|
477
|
-
#
|
|
477
|
+
# `source` before a single save; prefer {#inherits_capabilities_from!}
|
|
478
478
|
# for the one-shot case where the auto-save matches intent.
|
|
479
479
|
#
|
|
480
480
|
# @param source [Parse::Role] the role whose capabilities this role's users acquire.
|
|
481
|
-
# @return [Parse::Role] the
|
|
481
|
+
# @return [Parse::Role] the `source` role (caller still needs to .save it
|
|
482
482
|
# if not using the bang variant).
|
|
483
483
|
# @example Non-saving (must save source separately)
|
|
484
484
|
# admin.inherits_capabilities_from(moderator)
|
|
@@ -493,14 +493,14 @@ module Parse
|
|
|
493
493
|
end
|
|
494
494
|
|
|
495
495
|
# Auto-saving variant of {#inherits_capabilities_from}. Performs the
|
|
496
|
-
# mutation on
|
|
497
|
-
# returns
|
|
496
|
+
# mutation on `source.roles` AND saves `source` for you, then
|
|
497
|
+
# returns `self` so the caller can keep working with the role they
|
|
498
498
|
# called the method on. Resolves the most common stumbling block
|
|
499
499
|
# with {#inherits_capabilities_from}: the "save target" asymmetry.
|
|
500
500
|
#
|
|
501
501
|
# @param source [Parse::Role] the role whose capabilities this role's users acquire.
|
|
502
502
|
# @return [self] the role that now inherits (caller's original receiver).
|
|
503
|
-
# @raise [Parse::RecordNotSaved] if the save of
|
|
503
|
+
# @raise [Parse::RecordNotSaved] if the save of `source` fails.
|
|
504
504
|
# @example
|
|
505
505
|
# admin.inherits_capabilities_from!(moderator)
|
|
506
506
|
# # → Admin users can now do anything Moderator users can. Persisted.
|
|
@@ -528,13 +528,13 @@ module Parse
|
|
|
528
528
|
|
|
529
529
|
# Get all users belonging to this role, including users from child roles recursively.
|
|
530
530
|
#
|
|
531
|
-
# Cycle-safe: a
|
|
532
|
-
#
|
|
531
|
+
# Cycle-safe: a `visited` set guards against pathological
|
|
532
|
+
# `_Role.roles` cycles (e.g. A→B→A) that would otherwise cause
|
|
533
533
|
# exponential per-node query fan-out.
|
|
534
534
|
#
|
|
535
535
|
# @param max_depth [Integer] maximum recursion depth.
|
|
536
536
|
# @param visited [Set] internal cycle-detection accumulator.
|
|
537
|
-
# @param master [Boolean] when
|
|
537
|
+
# @param master [Boolean] when `true`, opt in to the mongo-direct
|
|
538
538
|
# fast path under master-mode. The follow-up `_User` fetch also
|
|
539
539
|
# runs unscoped — used for admin/analytics paths that need a
|
|
540
540
|
# master-key view of every member.
|
|
@@ -662,10 +662,10 @@ module Parse
|
|
|
662
662
|
end
|
|
663
663
|
private :hydrate_users_under_scope
|
|
664
664
|
|
|
665
|
-
# Get the set of role names whose presence in a
|
|
665
|
+
# Get the set of role names whose presence in a `_rperm` array
|
|
666
666
|
# grants access to this role's members. That's the role itself
|
|
667
|
-
# plus every role
|
|
668
|
-
# transitively upward — because users of this role inherit
|
|
667
|
+
# plus every role `P` that lists this role in its `roles` relation,
|
|
668
|
+
# transitively upward — because users of this role inherit `P`'s
|
|
669
669
|
# permissions under Parse Server's role-inheritance semantics
|
|
670
670
|
# (see {#add_child_role}).
|
|
671
671
|
#
|
|
@@ -673,19 +673,19 @@ module Parse
|
|
|
673
673
|
# two share an internal BFS via
|
|
674
674
|
# {Parse::Role.expand_inheritance_upward}. Use this method when
|
|
675
675
|
# compiling an ACL predicate around a role argument, e.g.
|
|
676
|
-
#
|
|
677
|
-
#
|
|
678
|
-
#
|
|
676
|
+
# `:ACL.readable_by => admin_role`: the role itself contributes
|
|
677
|
+
# `"role:Admin"`, and any role whose `.roles` relation contains
|
|
678
|
+
# `admin_role` also grants Admins access through inheritance.
|
|
679
679
|
#
|
|
680
680
|
# The legacy {#all_child_roles} walk is NOT a substitute. Child
|
|
681
681
|
# roles inherit FROM this role (their members get this role's
|
|
682
|
-
# capabilities), so child-role names in
|
|
682
|
+
# capabilities), so child-role names in `_rperm` would not grant
|
|
683
683
|
# this role's members anything — the walk traverses the wrong
|
|
684
684
|
# direction for ACL composition.
|
|
685
685
|
#
|
|
686
686
|
# @param max_depth [Integer] maximum BFS depth (default: 10).
|
|
687
|
-
# @return [Set<String>] role names (no
|
|
688
|
-
#
|
|
687
|
+
# @return [Set<String>] role names (no `role:` prefix) including
|
|
688
|
+
# `self.name` and every transitive parent.
|
|
689
689
|
# @example
|
|
690
690
|
# permission_strings = admin.all_parent_role_names.map { |n| "role:#{n}" }
|
|
691
691
|
def all_parent_role_names(max_depth: 10)
|
|
@@ -80,8 +80,8 @@ module Parse
|
|
|
80
80
|
# Return the Session record for this session token.
|
|
81
81
|
# @param token [String] the session token
|
|
82
82
|
# @param opts [Hash] additional keyword options forwarded to the
|
|
83
|
-
# underlying client request (e.g.
|
|
84
|
-
#
|
|
83
|
+
# underlying client request (e.g. `cache: false`,
|
|
84
|
+
# `use_master_key: false`, `headers:`).
|
|
85
85
|
# @return [Session] the session for this token, otherwise nil.
|
|
86
86
|
def session(token, **opts)
|
|
87
87
|
# A stray :session_token in opts would be forwarded into the request
|