Merge pull request #201 from jysperm/disable-current-user

Disable current user

Author: wangxiao

package.json

@@ -38,7 +38,7 @@
     "gulp-sourcemaps": "^1.6.0",
     "gulp-tar": "^1.3.2",
     "gulp-uglify": "^1.0.2",
-    "mocha": "1.9.0",
+    "mocha": "2.4.5",
     "vinyl-source-stream": "^1.1.0"
   },
   "license": "MIT",

src/browserify-wrapper/ajax-browser.js

@@ -32,16 +32,6 @@ const ajax = (method, url, data, success, error) => {
   const appKey = AV.applicationKey;
   const masterKey = AV.masterKey;
 
-  // 清理原来多余的数据（如果不清理，会污染数据表）
-  if (data) {
-    delete data._ApplicationId;
-    delete data._ApplicationKey;
-    delete data._ApplicationProduction;
-    delete data._MasterKey;
-    delete data._ClientVersion;
-    delete data._InstallationId;
-  }
-
   let handled = false;
   const xhr = new global.XMLHttpRequest();
   xhr.onreadystatechange = () => {
@@ -82,19 +72,39 @@ const ajax = (method, url, data, success, error) => {
     }
   }
 
-  xhr.open(method, url, true);
-  xhr.setRequestHeader('X-LC-Id', appId);
+  let headers = {
+    'X-LC-Id': appId,
+    'X-LC-UA': 'LC-Web-' + AV.version,
+    'Content-Type': 'application/json;charset=UTF-8'
+  };
+
+  // 清理原来多余的数据（如果不清理，会污染数据表）
+  if (data) {
+    delete data._ApplicationId;
+    delete data._ApplicationKey;
+    delete data._ApplicationProduction;
+    delete data._MasterKey;
+    delete data._ClientVersion;
+    delete data._InstallationId;
 
-  let signature;
-  if (masterKey) {
-    signature = sign(masterKey, true);
+    if (data._SessionToken) {
+      headers['X-LC-Session'] = data._SessionToken;
+      delete data._SessionToken;
+    }
+  }
+
+  if (masterKey && AV._useMasterKey) {
+    headers['X-LC-Sign'] = sign(masterKey, true);
   } else {
-    signature = sign(appKey);
+    headers['X-LC-Sign'] = sign(appKey);
+  }
+
+  xhr.open(method, url, true);
+
+  for (let name in headers) {
+    xhr.setRequestHeader(name, headers[name]);
   }
 
-  xhr.setRequestHeader('X-LC-Sign', signature);
-  xhr.setRequestHeader('X-LC-UA', 'LC-Web-' + AV.version);
-  xhr.setRequestHeader('Content-Type', 'application/json;charset=UTF-8');
   xhr.send(JSON.stringify(data));
   return promise._thenRunCallbacks(options);
 };

src/cloudfunction.js

@@ -31,8 +31,8 @@ module.exports = function(AV) {
      * of the function.
      */
     run: function(name, data, options) {
-      var request = AV._request("functions", name, null, 'POST',
-                                   AV._encode(data, null, true));
+      var request = AV._request('functions', name, null, 'POST',
+                                   AV._encode(data, null, true), options && options.sessionToken);
 
       return request.then(function(resp) {
         return AV._decode(null, resp).result;

src/file.js

@@ -342,15 +342,20 @@ module.exports = function(AV) {
     // 用来存储转换后要上传的 base64 String
     this._base64 = '';
 
-    var currentUser;
-    try {
-      currentUser = AV.User.current();
-    }
-    catch (e) {
-      console.warn('Get current user failed. It seems this runtime use an async storage system, please new AV.File in the callback of AV.User.currentAsync().');
+    let owner;
+
+    if (data && data.owner) {
+      owner = data.owner;
+    } else {
+      try {
+        owner = AV.User.current();
+      } catch (e) {
+        console.warn('Get current user failed. It seems this runtime use an async storage system, please new AV.File in the callback of AV.User.currentAsync().');
+      }
     }
+
     this._metaData = {
-       owner: (currentUser ? currentUser.id : 'unknown')
+       owner: (owner ? owner.id : 'unknown')
     };
 
     // Guess the content type from the extension if we need to.
@@ -539,7 +544,7 @@ module.exports = function(AV) {
     destroy: function(options){
       if(!this.id)
         return AV.Promise.error('The file id is not eixsts.')._thenRunCallbacks(options);
-      var request = AV._request("files", null, this.id, 'DELETE');
+      var request = AV._request("files", null, this.id, 'DELETE', options && options.sessionToken);
       return request._thenRunCallbacks(options);
     },
 

src/object.js

@@ -111,7 +111,7 @@ module.exports = function(AV) {
    * @param {Object} options A Backbone-style callback object.
    */
   AV.Object.saveAll = function(list, options) {
-    return AV.Object._deepSaveAsync(list)._thenRunCallbacks(options);
+    return AV.Object._deepSaveAsync(list, null, options)._thenRunCallbacks(options);
   };
 
   // Attach all inheritable methods to the AV.Object prototype.
@@ -791,8 +791,8 @@ module.exports = function(AV) {
       }
 
       var self = this;
-      var request = AV._request("classes", this.className, this.id, 'GET',
-                                fetchOptions);
+      var request = AV._request('classes', this.className, this.id, 'GET',
+                                fetchOptions, options.sessionToken);
       return request.then(function(response) {
         self._finishFetch(self.parse(response), true);
         return self;
@@ -891,15 +891,13 @@ module.exports = function(AV) {
       // If there is any unsaved child, save it first.
       model._refreshCache();
 
-
-
       var unsavedChildren = [];
       var unsavedFiles = [];
       AV.Object._findUnsavedChildren(model.attributes,
                                         unsavedChildren,
                                         unsavedFiles);
       if (unsavedChildren.length + unsavedFiles.length > 0) {
-        return AV.Object._deepSaveAsync(this.attributes, model).then(function() {
+        return AV.Object._deepSaveAsync(this.attributes, model, options).then(function() {
           return model.save(null, options);
         }, function(error) {
           return AV.Promise.error(error)._thenRunCallbacks(options, model);
@@ -929,7 +927,7 @@ module.exports = function(AV) {
         }
         //hook makeRequest in options.
         var makeRequest = options._makeRequest || AV._request;
-        var request = makeRequest(route, className, model.id, method, json);
+        var request = makeRequest(route, className, model.id, method, json, options.sessionToken);
 
         request = request.then(function(resp) {
           var serverAttrs = model.parse(resp);
@@ -979,7 +977,7 @@ module.exports = function(AV) {
       }
 
       var request =
-          AV._request("classes", this.className, this.id, 'DELETE');
+          AV._request('classes', this.className, this.id, 'DELETE', null, options.sessionToken);
       return request.then(function() {
         if (options.wait) {
           triggerDestroy();
@@ -1229,6 +1227,7 @@ module.exports = function(AV) {
     *     completes.
     */
    AV.Object.destroyAll = function(objects, options){
+      options = options || {}
       if(objects == null || objects.length == 0){
 		  return AV.Promise.as()._thenRunCallbacks(options);
       }
@@ -1248,7 +1247,7 @@ module.exports = function(AV) {
           }
       });
       var request =
-          AV._request("classes", className, id, 'DELETE');
+          AV._request('classes', className, id, 'DELETE', null, options.sessionToken);
       return request._thenRunCallbacks(options);
    };
 
@@ -1415,7 +1414,7 @@ module.exports = function(AV) {
     return canBeSerializedAsValue;
   };
 
-  AV.Object._deepSaveAsync = function(object, model) {
+  AV.Object._deepSaveAsync = function(object, model, options) {
     var unsavedChildren = [];
     var unsavedFiles = [];
     AV.Object._findUnsavedChildren(object, unsavedChildren, unsavedFiles);
@@ -1496,7 +1495,7 @@ module.exports = function(AV) {
               };
             })
 
-          }).then(function(response) {
+          }, options && options.sessionToken).then(function(response) {
             var error;
             AV._arrayEach(batch, function(object, i) {
               if (response[i].success) {

src/query.js

@@ -155,7 +155,7 @@ module.exports = function(AV) {
       options = pvalues;
     }
 
-    var request = AV._request("cloudQuery", null, null, 'GET', params);
+    var request = AV._request('cloudQuery', null, null, 'GET', params, options && options.sessionToken);
     return request.then(function(response) {
       //query to process results.
       var query = new AV.Query(response.className);
@@ -251,9 +251,9 @@ module.exports = function(AV) {
       }
       return obj;
     },
-    _createRequest: function(params){
-      return AV._request("classes", this.className, null, "GET",
-                                   params || this.toJSON());
+    _createRequest: function(params, options){
+      return AV._request('classes', this.className, null, "GET",
+                                   params || this.toJSON(), options && options.sessionToken);
     },
 
     /**
@@ -268,7 +268,7 @@ module.exports = function(AV) {
     find: function(options) {
       var self = this;
 
-      var request = this._createRequest();
+      var request = this._createRequest(null, options);
 
       return request.then(function(response) {
         return _.map(response.results, function(json) {
@@ -306,7 +306,7 @@ module.exports = function(AV) {
       var params = this.toJSON();
       params.limit = 0;
       params.count = 1;
-      var request = this._createRequest(params);
+      var request = this._createRequest(params, options);
 
       return request.then(function(response) {
         return response.count;
@@ -328,7 +328,7 @@ module.exports = function(AV) {
 
       var params = this.toJSON();
       params.limit = 1;
-      var request = this._createRequest(params);
+      var request = this._createRequest(params, options);
 
       return request.then(function(response) {
         return _.map(response.results, function(json) {

src/search.js

@@ -124,9 +124,9 @@ module.exports = function(AV) {
      _queryString: null,
      _highlights: null,
      _sortBuilder: null,
-    _createRequest: function(params){
-      return AV._request("search/select", null, null, "GET",
-                                   params || this.toJSON());
+    _createRequest: function(params, options){
+      return AV._request('search/select', null, null, 'GET',
+                                   params || this.toJSON(), options && options.sessionToken);
     },
 
     /**

src/status.js

@@ -58,7 +58,7 @@ module.exports = function(AV) {
     destroy: function(options){
       if(!this.id)
         return AV.Promise.error('The status id is not exists.')._thenRunCallbacks(options);
-      var request = AV._request("statuses", null, this.id, 'DELETE');
+      var request = AV._request('statuses', null, this.id, 'DELETE', options && options.sessionToken);
       return request._thenRunCallbacks(options);
     },
     /**
@@ -112,7 +112,7 @@ module.exports = function(AV) {
       data.data = this._getDataJSON();
       data.inboxType = this.inboxType || 'default';
 
-      var request = AV._request('statuses', null, null, 'POST', data);
+      var request = AV._request('statuses', null, null, 'POST', data, options && options.sessionToken);
       var self = this;
       return request.then(function(response){
         self.id = response.objectId;
@@ -169,7 +169,7 @@ module.exports = function(AV) {
     data.data = status._getDataJSON();
     data.inboxType = status.inboxType || 'default';
 
-    var request = AV._request('statuses', null, null, 'POST', data);
+    var request = AV._request('statuses', null, null, 'POST', data, options && options.sessionToken);
     return request.then(function(response){
       status.id = response.objectId;
       status.createdAt = AV._parseDate(response.createdAt);
@@ -222,7 +222,7 @@ module.exports = function(AV) {
     data.inboxType = 'private';
     status.inboxType = 'private';
 
-    var request = AV._request('statuses', null, null, 'POST', data);
+    var request = AV._request('statuses', null, null, 'POST', data, options && options.sessionToken);
     return request.then(function(response){
       status.id = response.objectId;
       status.createdAt = AV._parseDate(response.createdAt);
@@ -254,7 +254,7 @@ module.exports = function(AV) {
     var params = {};
     params.inboxType = AV._encode(inboxType);
     params.owner = AV._encode(owner);
-    var request = AV._request('subscribe/statuses/count', null, null, 'GET', params);
+    var request = AV._request('subscribe/statuses/count', null, null, 'GET', params, options && options.sessionToken);
     return request._thenRunCallbacks(options);
   };
 
@@ -293,9 +293,9 @@ module.exports = function(AV) {
      _newObject: function(){
       return new AV.Status();
     },
-    _createRequest: function(params){
-      return AV._request("subscribe/statuses", null, null, "GET",
-                                   params || this.toJSON());
+    _createRequest: function(params, options){
+      return AV._request('subscribe/statuses', null, null, 'GET',
+                                   params || this.toJSON(), options && options.sessionToken);
     },