MCPcopy
hub / github.com/parse-community/parse-server / checkWhere

Function checkWhere

src/RestQuery.js:942–968  ·  view source on GitHub ↗
(where)

Source from the content-addressed store, hash-verified

940 this.findOptions
941 ) || [];
942 const checkWhere = (where) => {
943 if (typeof where !== 'object' || where === null) {
944 return;
945 }
946 for (const whereKey of Object.keys(where)) {
947 const rootField = whereKey.split('.')[0];
948 if (protectedFields.includes(whereKey) || protectedFields.includes(rootField)) {
949 throw createSanitizedError(
950 Parse.Error.OPERATION_FORBIDDEN,
951 `This user is not allowed to query ${whereKey} on class ${this.className}`,
952 this.config
953 );
954 }
955 }
956 for (const op of ['$or', '$and', '$nor']) {
957 if (where[op] !== undefined && !Array.isArray(where[op])) {
958 throw createSanitizedError(
959 Parse.Error.INVALID_QUERY,
960 `${op} must be an array`,
961 this.config
962 );
963 }
964 if (Array.isArray(where[op])) {
965 where[op].forEach(subQuery => checkWhere(subQuery));
966 }
967 }
968 };
969 checkWhere(this.restWhere);
970
971 // Check sort keys against protected fields

Callers 3

RestQuery.jsFile · 0.85
checkWhereMethod · 0.85
_handleSubscribeMethod · 0.85

Calls 1

createSanitizedErrorFunction · 0.85

Tested by

no test coverage detected