ParseError: 107 'false' is not a valid value for class level permissions delete:*:false

[jonas-db]

New Issue Checklist

• I am not disclosing a vulnerability.
• I am not just asking a question.
• I have searched through existing issues.
• I can reproduce the issue with the latest version of Parse Server.

Issue Description

I can't set CLP for delete to false. I want to do this so that only the master can delete objects. It is unclear from the documentation why this would not work.
The same error occurs for update and create!

Steps to reproduce

const TestSchema = 
{
	className: "Test123",
	classLevelPermissions: {
		delete: {
			'*': false
		}
	},

	fields: 
	{
		"objectId": {
			"type": "String"
		},
		"createdAt": {
			"type": "Date"
		},
		"updatedAt": {
			"type": "Date"
		},
		"ACL": {
			"type": "ACL"
		},
		"name": {
			"type": "String",
			"required": true
		},
	}
}

Create a server with following options:

  schema: {
    definitions: [
      TestSchema,
    ]
  },

Actual Outcome

error: Failed to run migrations: 
Error while saving Schema for type Test123: 
ParseError: 107 'false' is not a valid value for class level permissions delete:*:false

Expected Outcome

It should work?

Environment

Server

• Parse Server version: ^5.0.0-beta.4
• Operating system: macos
• Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc): atlas

Database

• System (MongoDB or Postgres): mongodb
• Database version: ``
• Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc): local

Client

• SDK (iOS, Android, JavaScript, PHP, Unity, etc): latest
• SDK version: latest

Logs

[parse-github-assistant]

Thanks for opening this issue!

• 🚀 You can help us to fix this issue faster by opening a pull request with a failing test. See our Contribution Guide for how to make a pull request, or read our New Contributor's Guide if this is your first time contributing.

[jonas-db]

It seems you simply have to pass an empty object instead of { '*': false }. Shouldn't this be allowed since it accepts a boolean value? I propose to either allow false value or improve documentation.

[malcolm-dane]

be allowed since it accepts a boolean value? I propose to either allow false value or improve documentation.

Wait wait how are we suppose to set this to false? Lol this is getting Kafkaesque.

[jonas-db]

@malcolm-dane Not sure what you are trying to say here.
From what I understand from the examples (https://docs.parseplatform.org/js/guide/#requires-authentication-permission-requires-parse-server---230), the ACL is an object where you simply state which groups are allowed to do a certain action. Since it is a boolean value for each group I don't see why false is not allowed.

    "find": {
      "requiresAuthentication": true,
      "role:admin": true
    },

I want to make explicit which groups are allowed/are not allowed to do this action, rather than having some implicit reasoning (ie an action is not allowed for a group if it's not listed). This improves understandability for other developers as well.

Additionally, if false is not allowed then I don't see why this is an object at all...? Shouldn't it be an array instead as shown below? Am I missing something here?

    "find": ["requiresAuthentication", "role:admin"]