@openinc/parse-server-opendash 1.10.2 → 1.11.0

package/dist/index.js

@@ -1,267 +1,113 @@
 "use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __generator = (this && this.__generator) || function (thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
-    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
-    function verb(n) { return function (v) { return step([n, v]); }; }
-    function step(op) {
-        if (f) throw new TypeError("Generator is already executing.");
-        while (_) try {
-            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
-            if (y = 0, t) op = [op[0] & 2, t.value];
-            switch (op[0]) {
-                case 0: case 1: t = op; break;
-                case 4: _.label++; return { value: op[1], done: false };
-                case 5: _.label++; y = op[1]; op = [0]; continue;
-                case 7: op = _.ops.pop(); _.trys.pop(); continue;
-                default:
-                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
-                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
-                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
-                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
-                    if (t[2]) _.ops.pop();
-                    _.trys.pop(); continue;
-            }
-            op = body.call(thisArg, _);
-        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
-        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
-    }
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.afterDeleteHook = exports.beforeDeleteHook = exports.afterSaveHook = exports.beforeSaveHook = exports.defaultHandler = exports.immutableField = exports.ensureRole = exports.getEnvBoolean = exports.getEnv = exports.getConfigBoolean = exports.getConfig = exports.requirePermission = exports.hasPermission = exports.init = exports.PREFIX = void 0;
-var web_push_1 = __importDefault(require("web-push"));
-var path_1 = require("path");
-var parse_server_schema_1 = require("@openinc/parse-server-schema");
-var _init_1 = require("./hooks/_init");
-var _init_2 = require("./functions/_init");
-var fast_deep_equal_1 = __importDefault(require("fast-deep-equal"));
+exports.afterDeleteHook = exports.beforeDeleteHook = exports.afterSaveHook = exports.beforeSaveHook = exports.defaultAclHandler = exports.defaultHandler = exports.immutableField = exports.ensureRole = exports.getEnvBoolean = exports.getEnv = exports.getConfigBoolean = exports.getConfig = exports.requirePermission = exports.hasPermission = exports.init = exports.PREFIX = void 0;
+const web_push_1 = __importDefault(require("web-push"));
+const path_1 = require("path");
+const parse_server_schema_1 = require("@openinc/parse-server-schema");
+const _init_1 = require("./hooks/_init");
+const _init_2 = require("./functions/_init");
+const fast_deep_equal_1 = __importDefault(require("fast-deep-equal"));
 exports.PREFIX = "OD3_";
-var schema = {};
-function init(cfg) {
-    if (cfg === void 0) { cfg = {}; }
-    return __awaiter(this, void 0, void 0, function () {
-        var pkg, config, schemaConfig, error_1, _a, _b;
-        return __generator(this, function (_c) {
-            switch (_c.label) {
-                case 0:
-                    try {
-                        pkg = require("../package.json");
-                        console.log("[".concat(pkg.name, "] init (v").concat(pkg.version, ")"));
-                    }
-                    catch (error) { }
-                    return [4 /*yield*/, Parse.Config.get()];
-                case 1:
-                    config = _c.sent();
-                    exports.PREFIX = config.get("OPENDASH_CLASS_PREFIX") || exports.PREFIX;
-                    return [4 /*yield*/, (0, parse_server_schema_1.loadConfig)(cfg.configPath)];
-                case 2:
-                    schemaConfig = _c.sent();
-                    _c.label = 3;
-                case 3:
-                    _c.trys.push([3, 5, , 6]);
-                    return [4 /*yield*/, (0, parse_server_schema_1.up)(schemaConfig, (0, path_1.resolve)(__dirname, "../schema"), {
-                            prefix: exports.PREFIX,
-                            deleteClasses: false,
-                            deleteFields: false,
-                        })];
-                case 4:
-                    _c.sent();
-                    return [3 /*break*/, 6];
-                case 5:
-                    error_1 = _c.sent();
-                    console.error("Error while updating schema");
-                    console.error(error_1);
-                    return [3 /*break*/, 6];
-                case 6:
-                    _b = (_a = Object).fromEntries;
-                    return [4 /*yield*/, Parse.Schema.all()];
-                case 7:
-                    schema = _b.apply(_a, [(_c.sent()).map(function (schema) { return [schema.className, schema]; })]);
-                    return [4 /*yield*/, initDefaultRoles()];
-                case 8:
-                    _c.sent();
-                    return [4 /*yield*/, initWebPush()];
-                case 9:
-                    _c.sent();
-                    return [4 /*yield*/, (0, _init_1.init)()];
-                case 10:
-                    _c.sent();
-                    return [4 /*yield*/, (0, _init_2.init)()];
-                case 11:
-                    _c.sent();
-                    return [2 /*return*/];
-            }
+let schema = {};
+async function init(cfg = {}) {
+    try {
+        const pkg = require("../package.json");
+        console.log(`[${pkg.name}] init (v${pkg.version})`);
+    }
+    catch (error) { }
+    const config = await Parse.Config.get();
+    exports.PREFIX = config.get("OPENDASH_CLASS_PREFIX") || exports.PREFIX;
+    const schemaConfig = await (0, parse_server_schema_1.loadConfig)(cfg.configPath);
+    try {
+        await (0, parse_server_schema_1.up)(schemaConfig, (0, path_1.resolve)(__dirname, "../schema"), {
+            prefix: exports.PREFIX,
+            deleteClasses: false,
+            deleteFields: false,
         });
-    });
+    }
+    catch (error) {
+        console.error("Error while updating schema");
+        console.error(error);
+    }
+    schema = Object.fromEntries((await Parse.Schema.all()).map((schema) => [schema.className, schema]));
+    await initDefaultRoles();
+    await initWebPush();
+    await (0, _init_1.init)();
+    await (0, _init_2.init)();
 }
 exports.init = init;
-function initDefaultRoles() {
-    return __awaiter(this, void 0, void 0, function () {
-        var error_2;
-        return __generator(this, function (_a) {
-            switch (_a.label) {
-                case 0:
-                    _a.trys.push([0, 8, , 9]);
-                    return [4 /*yield*/, ensureRole("Admin")];
-                case 1:
-                    _a.sent();
-                    return [4 /*yield*/, ensureRole("od-user")];
-                case 2:
-                    _a.sent();
-                    return [4 /*yield*/, ensureRole("od-admin", {
-                            childRoles: ["Admin"],
-                        })];
-                case 3:
-                    _a.sent();
-                    return [4 /*yield*/, ensureRole("od-tenant-user")];
-                case 4:
-                    _a.sent();
-                    return [4 /*yield*/, ensureRole("od-tenant-verified")];
-                case 5:
-                    _a.sent();
-                    return [4 /*yield*/, ensureRole("od-tenant-global-visible")];
-                case 6:
-                    _a.sent();
-                    return [4 /*yield*/, ensureRole("od-tenant-admin")];
-                case 7:
-                    _a.sent();
-                    return [3 /*break*/, 9];
-                case 8:
-                    error_2 = _a.sent();
-                    console.error(error_2);
-                    return [3 /*break*/, 9];
-                case 9: return [2 /*return*/];
-            }
+async function initDefaultRoles() {
+    try {
+        await ensureRole("Admin");
+        await ensureRole("od-user");
+        await ensureRole("od-admin", {
+            childRoles: ["Admin"],
         });
-    });
+        await ensureRole("od-tenant-user");
+        await ensureRole("od-tenant-verified");
+        await ensureRole("od-tenant-global-visible");
+        await ensureRole("od-tenant-admin");
+    }
+    catch (error) {
+        console.error(error);
+    }
 }
-function initWebPush() {
-    return __awaiter(this, void 0, void 0, function () {
-        var _a, _b, _c, _d, _e, error_3;
-        return __generator(this, function (_f) {
-            switch (_f.label) {
-                case 0:
-                    _f.trys.push([0, 6, , 7]);
-                    return [4 /*yield*/, getConfigBoolean("WEB_PUSH_ENABLED")];
-                case 1:
-                    if (!(_f.sent())) {
-                        return [2 /*return*/];
-                    }
-                    _b = (_a = web_push_1.default).setVapidDetails;
-                    return [4 /*yield*/, getConfig("WEB_PUSH_HOST")];
-                case 2:
-                    _c = [(_f.sent())];
-                    return [4 /*yield*/, getConfig("WEB_PUSH_VAPID_PUBLIC_KEY")];
-                case 3:
-                    _c = _c.concat([(_f.sent())]);
-                    return [4 /*yield*/, getConfig("WEB_PUSH_VAPID_PRIVATE_KEY")];
-                case 4:
-                    _b.apply(_a, _c.concat([(_f.sent())]));
-                    _e = (_d = web_push_1.default).setGCMAPIKey;
-                    return [4 /*yield*/, getConfig("WEB_PUSH_FCM_KEY")];
-                case 5:
-                    _e.apply(_d, [(_f.sent())]);
-                    return [3 /*break*/, 7];
-                case 6:
-                    error_3 = _f.sent();
-                    console.error(error_3);
-                    return [3 /*break*/, 7];
-                case 7: return [2 /*return*/];
-            }
-        });
-    });
+async function initWebPush() {
+    try {
+        if (!(await getConfigBoolean("WEB_PUSH_ENABLED"))) {
+            return;
+        }
+        web_push_1.default.setVapidDetails((await getConfig("WEB_PUSH_HOST")), (await getConfig("WEB_PUSH_VAPID_PUBLIC_KEY")), (await getConfig("WEB_PUSH_VAPID_PRIVATE_KEY")));
+        web_push_1.default.setGCMAPIKey((await getConfig("WEB_PUSH_FCM_KEY")));
+    }
+    catch (error) {
+        console.error(error);
+    }
 }
-function hasPermission(sessionToken, key) {
-    return __awaiter(this, void 0, void 0, function () {
-        var result;
-        return __generator(this, function (_a) {
-            switch (_a.label) {
-                case 0: return [4 /*yield*/, new Parse.Query("".concat(exports.PREFIX, "Permission"))
-                        .equalTo("key", key)
-                        .first({ sessionToken: sessionToken })];
-                case 1:
-                    result = _a.sent();
-                    return [2 /*return*/, !!result];
-            }
-        });
-    });
+async function hasPermission(sessionToken, key) {
+    const result = await new Parse.Query(`${exports.PREFIX}Permission`)
+        .equalTo("key", key)
+        .first({ sessionToken });
+    return !!result;
 }
 exports.hasPermission = hasPermission;
-function requirePermission(request, key, message) {
-    var _a;
-    return __awaiter(this, void 0, void 0, function () {
-        var sessionToken, p;
-        return __generator(this, function (_b) {
-            switch (_b.label) {
-                case 0:
-                    if (request.master) {
-                        return [2 /*return*/];
-                    }
-                    if (!key) {
-                        throw new Parse.Error(119, "Missing Permission: " + (message || key || "Master Key Only"));
-                    }
-                    sessionToken = (_a = request.user) === null || _a === void 0 ? void 0 : _a.getSessionToken();
-                    if (!sessionToken) {
-                        throw new Parse.Error(119, "Missing Permission: " + (message || key || "Master Key Only"));
-                    }
-                    return [4 /*yield*/, hasPermission(sessionToken, key)];
-                case 1:
-                    p = _b.sent();
-                    if (!p) {
-                        throw new Parse.Error(119, "Missing Permission: " + (message || key || "Master Key Only"));
-                    }
-                    return [2 /*return*/];
-            }
-        });
-    });
+async function requirePermission(request, key, message) {
+    if (request.master) {
+        return;
+    }
+    if (!key) {
+        throw new Parse.Error(119, "Missing Permission: " + (message || key || "Master Key Only"));
+    }
+    const sessionToken = request.user?.getSessionToken();
+    if (!sessionToken) {
+        throw new Parse.Error(119, "Missing Permission: " + (message || key || "Master Key Only"));
+    }
+    const p = await hasPermission(sessionToken, key);
+    if (!p) {
+        throw new Parse.Error(119, "Missing Permission: " + (message || key || "Master Key Only"));
+    }
 }
 exports.requirePermission = requirePermission;
-function getConfig(key) {
-    return __awaiter(this, void 0, void 0, function () {
-        var result, value;
-        return __generator(this, function (_a) {
-            switch (_a.label) {
-                case 0: return [4 /*yield*/, new Parse.Query("".concat(exports.PREFIX, "Config"))
-                        .equalTo("key", key)
-                        .first({
-                        useMasterKey: true,
-                    })];
-                case 1:
-                    result = _a.sent();
-                    value = result === null || result === void 0 ? void 0 : result.get("value");
-                    console.log("[@openinc/parse-server-opendash][Config]", key, value);
-                    return [2 /*return*/, value || ""];
-            }
-        });
+async function getConfig(key) {
+    const result = await new Parse.Query(`${exports.PREFIX}Config`)
+        .equalTo("key", key)
+        .first({
+        useMasterKey: true,
     });
+    const value = result?.get("value");
+    console.log("[@openinc/parse-server-opendash][Config]", key, value);
+    return value || "";
 }
 exports.getConfig = getConfig;
-function getConfigBoolean(key) {
-    return __awaiter(this, void 0, void 0, function () {
-        var value;
-        return __generator(this, function (_a) {
-            switch (_a.label) {
-                case 0: return [4 /*yield*/, getConfig(key)];
-                case 1:
-                    value = _a.sent();
-                    if (!value || value.toLowerCase() === "false" || value === "0") {
-                        return [2 /*return*/, false];
-                    }
-                    return [2 /*return*/, true];
-            }
-        });
-    });
+async function getConfigBoolean(key) {
+    const value = await getConfig(key);
+    if (!value || value.toLowerCase() === "false" || value === "0") {
+        return false;
+    }
+    return true;
 }
 exports.getConfigBoolean = getConfigBoolean;
 function getEnv(key) {
@@ -269,288 +115,196 @@ function getEnv(key) {
 }
 exports.getEnv = getEnv;
 function getEnvBoolean(key) {
-    var value = getEnv(key);
+    const value = getEnv(key);
     if (!value || value.toLowerCase() === "false" || value === "0") {
         return false;
     }
     return true;
 }
 exports.getEnvBoolean = getEnvBoolean;
-function ensureRole(name, options) {
-    var _a;
-    return __awaiter(this, void 0, void 0, function () {
-        var label, acl, childRoles, role, changed, relation, currentChildRoles, currentChildRoleNames, _i, childRoles_1, childRoleName, childRole;
-        return __generator(this, function (_b) {
-            switch (_b.label) {
-                case 0:
-                    label = (options === null || options === void 0 ? void 0 : options.label) || undefined;
-                    acl = (options === null || options === void 0 ? void 0 : options.acl) || new Parse.ACL();
-                    childRoles = (options === null || options === void 0 ? void 0 : options.childRoles) || undefined;
-                    console.log("[@openinc/parse-server-opendash] ensureRole(".concat(name, ")"), JSON.stringify({ label: label, acl: acl, childRoles: childRoles }, null, 2));
-                    return [4 /*yield*/, new Parse.Query(Parse.Role)
-                            .equalTo("name", name)
-                            .first({ useMasterKey: true })];
-                case 1:
-                    role = _b.sent();
-                    if (!!role) return [3 /*break*/, 3];
-                    role = new Parse.Role(name, acl);
-                    role.set("label", label);
-                    return [4 /*yield*/, role.save(null, {
-                            useMasterKey: true,
-                        })];
-                case 2:
-                    _b.sent();
-                    _b.label = 3;
-                case 3:
-                    changed = false;
-                    if (role.get("label") !== label) {
-                        role.set("label", label);
-                        changed = true;
-                    }
-                    if (!(0, fast_deep_equal_1.default)(acl.toJSON(), (_a = role.getACL()) === null || _a === void 0 ? void 0 : _a.toJSON())) {
-                        role.setACL(acl);
-                        changed = true;
-                    }
-                    if (!(Array.isArray(childRoles) && childRoles.length > 0)) return [3 /*break*/, 8];
-                    relation = role.getRoles();
-                    return [4 /*yield*/, relation
-                            .query()
-                            .find({ useMasterKey: true })];
-                case 4:
-                    currentChildRoles = _b.sent();
-                    currentChildRoleNames = currentChildRoles.map(function (role) {
-                        return role.get("name");
-                    });
-                    _i = 0, childRoles_1 = childRoles;
-                    _b.label = 5;
-                case 5:
-                    if (!(_i < childRoles_1.length)) return [3 /*break*/, 8];
-                    childRoleName = childRoles_1[_i];
-                    if (currentChildRoleNames.includes(childRoleName)) {
-                        return [3 /*break*/, 7];
-                    }
-                    return [4 /*yield*/, new Parse.Query(Parse.Role)
-                            .equalTo("name", childRoleName)
-                            .find({ useMasterKey: true })];
-                case 6:
-                    childRole = _b.sent();
-                    relation.add(childRole);
-                    changed = true;
-                    _b.label = 7;
-                case 7:
-                    _i++;
-                    return [3 /*break*/, 5];
-                case 8:
-                    if (!changed) return [3 /*break*/, 10];
-                    return [4 /*yield*/, role.save(null, { useMasterKey: true })];
-                case 9:
-                    _b.sent();
-                    _b.label = 10;
-                case 10: return [2 /*return*/];
-            }
+async function ensureRole(name, options) {
+    const label = options?.label || undefined;
+    const acl = options?.acl || new Parse.ACL();
+    const childRoles = options?.childRoles || undefined;
+    console.log(`[@openinc/parse-server-opendash] ensureRole(${name})`, JSON.stringify({ label, acl, childRoles }, null, 2));
+    let role = await new Parse.Query(Parse.Role)
+        .equalTo("name", name)
+        .first({ useMasterKey: true });
+    if (!role) {
+        role = new Parse.Role(name, acl);
+        role.set("label", label);
+        await role.save(null, {
+            useMasterKey: true,
         });
-    });
+    }
+    let changed = false;
+    if (role.get("label") !== label) {
+        role.set("label", label);
+        changed = true;
+    }
+    if (!(0, fast_deep_equal_1.default)(acl.toJSON(), role.getACL()?.toJSON())) {
+        role.setACL(acl);
+        changed = true;
+    }
+    if (Array.isArray(childRoles) && childRoles.length > 0) {
+        const relation = role.getRoles();
+        const currentChildRoles = await relation
+            .query()
+            .find({ useMasterKey: true });
+        const currentChildRoleNames = currentChildRoles.map((role) => role.get("name"));
+        for (const childRoleName of childRoles) {
+            if (currentChildRoleNames.includes(childRoleName)) {
+                continue;
+            }
+            const childRole = await new Parse.Query(Parse.Role)
+                .equalTo("name", childRoleName)
+                .find({ useMasterKey: true });
+            relation.add(childRole);
+            changed = true;
+        }
+    }
+    if (changed) {
+        await role.save(null, { useMasterKey: true });
+    }
 }
 exports.ensureRole = ensureRole;
-function immutableField(request, fieldName, permissionName) {
-    if (permissionName === void 0) { permissionName = "parse:edit-immutable-fields"; }
-    return __awaiter(this, void 0, void 0, function () {
-        var previousValue, nextValue;
-        return __generator(this, function (_a) {
-            switch (_a.label) {
-                case 0:
-                    if (!request.original || request.master) {
-                        return [2 /*return*/];
-                    }
-                    previousValue = JSON.stringify(request.original.get(fieldName));
-                    nextValue = JSON.stringify(request.object.get(fieldName));
-                    if ((0, fast_deep_equal_1.default)(previousValue, nextValue)) {
-                        return [2 /*return*/];
-                    }
-                    return [4 /*yield*/, requirePermission(request, permissionName, "You are not allowed to edit the '".concat(fieldName, "' field."))];
-                case 1:
-                    _a.sent();
-                    return [2 /*return*/];
-            }
-        });
-    });
+async function immutableField(request, fieldName, permissionName = "parse:edit-immutable-fields") {
+    if (!request.original || request.master) {
+        return;
+    }
+    const previousValue = JSON.stringify(request.original.get(fieldName));
+    const nextValue = JSON.stringify(request.object.get(fieldName));
+    if ((0, fast_deep_equal_1.default)(previousValue, nextValue)) {
+        return;
+    }
+    await requirePermission(request, permissionName, `You are not allowed to edit the '${fieldName}' field.`);
 }
 exports.immutableField = immutableField;
-function defaultHandler(request) {
-    var _a, _b, _c;
-    return __awaiter(this, void 0, void 0, function () {
-        var className, currentSchema, userField, tenantField, user;
-        return __generator(this, function (_d) {
-            switch (_d.label) {
-                case 0:
-                    className = request.object.className;
-                    if (request.master) {
-                        console.log("[@openinc/parse-server-opendash] Skipping default beforeSave() handler of ".concat(className, " for masterkey"));
-                        return [2 /*return*/];
-                    }
-                    if (!request.user) {
-                        throw new Error();
-                    }
-                    currentSchema = schema[className];
-                    if (!currentSchema) {
-                        console.warn("[@openinc/parse-server-opendash] Skipping default beforeSave() handler, no schema found for ".concat(className));
-                        return [2 /*return*/];
-                    }
-                    userField = !!((_a = currentSchema === null || currentSchema === void 0 ? void 0 : currentSchema.fields) === null || _a === void 0 ? void 0 : _a.user);
-                    tenantField = !!((_b = currentSchema === null || currentSchema === void 0 ? void 0 : currentSchema.fields) === null || _b === void 0 ? void 0 : _b.tenant);
-                    if (!userField) return [3 /*break*/, 2];
-                    return [4 /*yield*/, immutableField(request, "user")];
-                case 1:
-                    _d.sent();
-                    _d.label = 2;
-                case 2:
-                    if (!tenantField) return [3 /*break*/, 4];
-                    return [4 /*yield*/, immutableField(request, "tenant")];
-                case 3:
-                    _d.sent();
-                    _d.label = 4;
-                case 4:
-                    if (!!request.original) return [3 /*break*/, 6];
-                    if (userField) {
-                        request.object.set("user", request.user);
-                    }
-                    if (!tenantField) return [3 /*break*/, 6];
-                    return [4 /*yield*/, ((_c = request.user) === null || _c === void 0 ? void 0 : _c.fetch({
-                            useMasterKey: true,
-                        }))];
-                case 5:
-                    user = (_d.sent());
-                    request.object.set("tenant", user.get("tenant"));
-                    _d.label = 6;
-                case 6: return [2 /*return*/];
-            }
-        });
-    });
+async function defaultHandler(request) {
+    const className = request.object.className;
+    if (request.master) {
+        console.log(`[@openinc/parse-server-opendash] Skipping default beforeSave() handler of ${className} for masterkey`);
+        return;
+    }
+    if (!request.user) {
+        throw new Error();
+    }
+    const currentSchema = schema[className];
+    if (!currentSchema) {
+        console.warn(`[@openinc/parse-server-opendash] Skipping default beforeSave() handler, no schema found for ${className}`);
+        return;
+    }
+    const userField = !!currentSchema?.fields?.user;
+    const tenantField = !!currentSchema?.fields?.tenant;
+    if (userField) {
+        await immutableField(request, "user");
+    }
+    if (tenantField) {
+        await immutableField(request, "tenant");
+    }
+    if (!request.original) {
+        if (userField) {
+            request.object.set("user", request.user);
+        }
+        if (tenantField) {
+            const user = (await request.user?.fetch({
+                useMasterKey: true,
+            }));
+            request.object.set("tenant", user.get("tenant"));
+        }
+    }
 }
 exports.defaultHandler = defaultHandler;
-var beforeSaveHooks = {};
+async function defaultAclHandler(request, options) {
+    const className = request.object.className;
+    const currentSchema = schema[className];
+    if (!currentSchema) {
+        console.warn(`[@openinc/parse-server-opendash] Skipping default beforeSave() ACL handler, no schema found for ${className}`);
+        return;
+    }
+    const userField = !!currentSchema?.fields?.user;
+    const tenantField = !!currentSchema?.fields?.tenant;
+    if (!options?.allowCustomACL || !request.object.getACL()) {
+        request.object.setACL(new Parse.ACL());
+    }
+    const acl = request.object.getACL();
+    acl.setRoleReadAccess("od-admin", true);
+    acl.setRoleWriteAccess("od-admin", true);
+    if (userField) {
+        const user = request.object.get("user");
+        if (user) {
+            acl.setReadAccess(user.id, true);
+            acl.setWriteAccess(user.id, true);
+        }
+    }
+    if (tenantField) {
+        const tenant = request.object.get("tenant");
+        if (tenant) {
+            acl.setRoleReadAccess(`od-tenant-user-${tenant.id}`, true);
+            if (options?.allowTenantUserWrite) {
+                acl.setRoleWriteAccess(`od-tenant-user-${tenant.id}`, true);
+            }
+            acl.setRoleReadAccess(`od-tenant-admin-${tenant.id}`, true);
+            acl.setRoleWriteAccess(`od-tenant-admin-${tenant.id}`, true);
+        }
+    }
+}
+exports.defaultAclHandler = defaultAclHandler;
+const beforeSaveHooks = {};
 function beforeSaveHook(target, callback) {
-    var className = typeof target === "string" ? target : new target().className;
+    // @ts-ignore
+    const className = typeof target === "string" ? target : target.className;
     if (!beforeSaveHooks[className]) {
         beforeSaveHooks[className] = [];
-        Parse.Cloud.beforeSave(className, function beforeSaveHookFunction(request) {
-            return __awaiter(this, void 0, void 0, function () {
-                var _i, _a, fn;
-                return __generator(this, function (_b) {
-                    switch (_b.label) {
-                        case 0:
-                            _i = 0, _a = beforeSaveHooks[className];
-                            _b.label = 1;
-                        case 1:
-                            if (!(_i < _a.length)) return [3 /*break*/, 4];
-                            fn = _a[_i];
-                            return [4 /*yield*/, fn(request)];
-                        case 2:
-                            _b.sent();
-                            _b.label = 3;
-                        case 3:
-                            _i++;
-                            return [3 /*break*/, 1];
-                        case 4: return [2 /*return*/];
-                    }
-                });
-            });
+        Parse.Cloud.beforeSave(className, async function beforeSaveHookFunction(request) {
+            for (const fn of beforeSaveHooks[className]) {
+                await fn(request);
+            }
         });
     }
     beforeSaveHooks[className].push(callback);
 }
 exports.beforeSaveHook = beforeSaveHook;
-var afterSaveHooks = {};
+const afterSaveHooks = {};
 function afterSaveHook(target, callback) {
-    var className = typeof target === "string" ? target : new target().className;
+    // @ts-ignore
+    const className = typeof target === "string" ? target : target.className;
     if (!afterSaveHooks[className]) {
         afterSaveHooks[className] = [];
-        Parse.Cloud.afterSave(className, function afterSaveHookFunction(request) {
-            return __awaiter(this, void 0, void 0, function () {
-                var _i, _a, fn;
-                return __generator(this, function (_b) {
-                    switch (_b.label) {
-                        case 0:
-                            _i = 0, _a = afterSaveHooks[className];
-                            _b.label = 1;
-                        case 1:
-                            if (!(_i < _a.length)) return [3 /*break*/, 4];
-                            fn = _a[_i];
-                            return [4 /*yield*/, fn(request)];
-                        case 2:
-                            _b.sent();
-                            _b.label = 3;
-                        case 3:
-                            _i++;
-                            return [3 /*break*/, 1];
-                        case 4: return [2 /*return*/];
-                    }
-                });
-            });
+        Parse.Cloud.afterSave(className, async function afterSaveHookFunction(request) {
+            for (const fn of afterSaveHooks[className]) {
+                await fn(request);
+            }
         });
     }
     afterSaveHooks[className].push(callback);
 }
 exports.afterSaveHook = afterSaveHook;
-var beforeDeleteHooks = {};
+const beforeDeleteHooks = {};
 function beforeDeleteHook(target, callback) {
-    var className = typeof target === "string" ? target : new target().className;
+    // @ts-ignore
+    const className = typeof target === "string" ? target : target.className;
     if (!beforeDeleteHooks[className]) {
         beforeDeleteHooks[className] = [];
-        Parse.Cloud.beforeDelete(className, function beforeDeleteHookFunction(request) {
-            return __awaiter(this, void 0, void 0, function () {
-                var _i, _a, fn;
-                return __generator(this, function (_b) {
-                    switch (_b.label) {
-                        case 0:
-                            _i = 0, _a = beforeDeleteHooks[className];
-                            _b.label = 1;
-                        case 1:
-                            if (!(_i < _a.length)) return [3 /*break*/, 4];
-                            fn = _a[_i];
-                            return [4 /*yield*/, fn(request)];
-                        case 2:
-                            _b.sent();
-                            _b.label = 3;
-                        case 3:
-                            _i++;
-                            return [3 /*break*/, 1];
-                        case 4: return [2 /*return*/];
-                    }
-                });
-            });
+        Parse.Cloud.beforeDelete(className, async function beforeDeleteHookFunction(request) {
+            for (const fn of beforeDeleteHooks[className]) {
+                await fn(request);
+            }
         });
     }
     beforeDeleteHooks[className].push(callback);
 }
 exports.beforeDeleteHook = beforeDeleteHook;
-var afterDeleteHooks = {};
+const afterDeleteHooks = {};
 function afterDeleteHook(target, callback) {
-    var className = typeof target === "string" ? target : new target().className;
+    // @ts-ignore
+    const className = typeof target === "string" ? target : target.className;
     if (!afterDeleteHooks[className]) {
         afterDeleteHooks[className] = [];
-        Parse.Cloud.afterDelete(className, function afterDeleteHookFunction(request) {
-            return __awaiter(this, void 0, void 0, function () {
-                var _i, _a, fn;
-                return __generator(this, function (_b) {
-                    switch (_b.label) {
-                        case 0:
-                            _i = 0, _a = afterDeleteHooks[className];
-                            _b.label = 1;
-                        case 1:
-                            if (!(_i < _a.length)) return [3 /*break*/, 4];
-                            fn = _a[_i];
-                            return [4 /*yield*/, fn(request)];
-                        case 2:
-                            _b.sent();
-                            _b.label = 3;
-                        case 3:
-                            _i++;
-                            return [3 /*break*/, 1];
-                        case 4: return [2 /*return*/];
-                    }
-                });
-            });
+        Parse.Cloud.afterDelete(className, async function afterDeleteHookFunction(request) {
+            for (const fn of afterDeleteHooks[className]) {
+                await fn(request);
+            }
         });
     }
     afterDeleteHooks[className].push(callback);