allow for a function

Author: dblythy

spec/CloudCode.Validator.spec.js

@@ -935,6 +935,67 @@ describe('cloud validator', () => {
     done();
   });
 
+  it('allow requireAnyUserRoles to be a function', async function (done) {
+    Parse.Cloud.define(
+      'cloudFunction',
+      () => {
+        return true;
+      },
+      {
+        requireUser: true,
+        requireAnyUserRoles: () => {
+          return ['Admin Func'];
+        },
+      }
+    );
+    const user = await Parse.User.signUp('testuser', 'p@ssword');
+    try {
+      await Parse.Cloud.run('cloudFunction');
+      fail('cloud validator should have failed.');
+    } catch (e) {
+      expect(e.message).toBe('Validation failed. User does not match the required roles.');
+    }
+    const roleACL = new Parse.ACL();
+    roleACL.setPublicReadAccess(true);
+    const role = new Parse.Role('Admin Func', roleACL);
+    role.getUsers().add(user);
+    await role.save({ useMasterKey: true });
+    await Parse.Cloud.run('cloudFunction');
+    done();
+  });
+
+  it('allow requireAllUserRoles to be a function', async function (done) {
+    Parse.Cloud.define(
+      'cloudFunction',
+      () => {
+        return true;
+      },
+      {
+        requireUser: true,
+        requireAllUserRoles: () => {
+          return ['AdminA', 'AdminB'];
+        },
+      }
+    );
+    const user = await Parse.User.signUp('testuser', 'p@ssword');
+    try {
+      await Parse.Cloud.run('cloudFunction');
+      fail('cloud validator should have failed.');
+    } catch (e) {
+      expect(e.message).toBe('Validation failed. User does not match all the required roles.');
+    }
+    const roleACL = new Parse.ACL();
+    roleACL.setPublicReadAccess(true);
+    const role = new Parse.Role('AdminA', roleACL);
+    role.getUsers().add(user);
+
+    const role2 = new Parse.Role('AdminB', roleACL);
+    role2.getUsers().add(user);
+    await Promise.all([role.save({ useMasterKey: true }), role2.save({ useMasterKey: true })]);
+    await Parse.Cloud.run('cloudFunction');
+    done();
+  });
+
   it('basic requireAllUserRoles but no user', async function (done) {
     Parse.Cloud.define(
       'cloudFunction',

src/cloud-code/Parse.Cloud.js

@@ -751,8 +751,8 @@ module.exports = ParseCloud;
  * @property {Array|function|Any} requireUserKeys.field.options array of options that the field can be, function to validate field, or single value. Throw an error if value is invalid.
  * @property {String} requireUserKeys.field.error custom error message if field is invalid.
  *
- * @property {Array<String>}requireAnyUserRoles If set, request.user has to be part of at least one roles name to make the request.
- * @property {Array<String>}requireAllUserRoles If set, request.user has to be part all roles name to make the request.
+ * @property {Array<String>|function}requireAnyUserRoles If set, request.user has to be part of at least one roles name to make the request. If set to a function, function must return role names.
+ * @property {Array<String>|function}requireAllUserRoles If set, request.user has to be part all roles name to make the request. If set to a function, function must return role names.
  *
  * @property {Object|Array<String>} fields if an array of strings, validator will look for keys in request.params, and throw if not provided. If Object, fields to validate. If the trigger is a cloud function, `request.params` will be validated, otherwise `request.object`.
  * @property {String} fields.field name of field to validate.

src/triggers.js

@@ -735,11 +735,24 @@ async function builtInTriggerValidator(options, request, auth) {
       }
     }
   }
-  const userRoles = options.requireAnyUserRoles;
-  const requireAllRoles = options.requireAllUserRoles;
-  let roles;
+  let userRoles = options.requireAnyUserRoles;
+  let requireAllRoles = options.requireAllUserRoles;
+  const promises = [Promise.resolve(), Promise.resolve(), Promise.resolve()];
   if (userRoles || requireAllRoles) {
-    roles = await auth.getUserRoles();
+    promises[0] = auth.getUserRoles();
+  }
+  if (typeof userRoles === 'function') {
+    promises[1] = userRoles();
+  }
+  if (typeof requireAllRoles === 'function') {
+    promises[2] = requireAllRoles();
+  }
+  const [roles, resolvedUserRoles, resolvedRequireAll] = await Promise.all(promises);
+  if (resolvedUserRoles && Array.isArray(resolvedUserRoles)) {
+    userRoles = resolvedUserRoles;
+  }
+  if (resolvedRequireAll && Array.isArray(resolvedRequireAll)) {
+    requireAllRoles = resolvedRequireAll;
   }
   if (userRoles) {
     const hasRole = userRoles.some(requiredRole => roles.includes(`role:${requiredRole}`));