(where)
| 940 | this.findOptions |
| 941 | ) || []; |
| 942 | const checkWhere = (where) => { |
| 943 | if (typeof where !== 'object' || where === null) { |
| 944 | return; |
| 945 | } |
| 946 | for (const whereKey of Object.keys(where)) { |
| 947 | const rootField = whereKey.split('.')[0]; |
| 948 | if (protectedFields.includes(whereKey) || protectedFields.includes(rootField)) { |
| 949 | throw createSanitizedError( |
| 950 | Parse.Error.OPERATION_FORBIDDEN, |
| 951 | `This user is not allowed to query ${whereKey} on class ${this.className}`, |
| 952 | this.config |
| 953 | ); |
| 954 | } |
| 955 | } |
| 956 | for (const op of ['$or', '$and', '$nor']) { |
| 957 | if (where[op] !== undefined && !Array.isArray(where[op])) { |
| 958 | throw createSanitizedError( |
| 959 | Parse.Error.INVALID_QUERY, |
| 960 | `${op} must be an array`, |
| 961 | this.config |
| 962 | ); |
| 963 | } |
| 964 | if (Array.isArray(where[op])) { |
| 965 | where[op].forEach(subQuery => checkWhere(subQuery)); |
| 966 | } |
| 967 | } |
| 968 | }; |
| 969 | checkWhere(this.restWhere); |
| 970 | |
| 971 | // Check sort keys against protected fields |
no test coverage detected