enabledForAuthenticatedUser

Author: dblythy

spec/ParseFile.spec.js

@@ -958,5 +958,32 @@ describe('Parse.File testing', () => {
         fail('should have allowed file to save.');
       }
     });
+
+    it('enable for anonymous but not authenticated', async () => {
+      await reconfigureServer({
+        fileUpload: {
+          enabled: true,
+          enabledForPublic: false,
+          enabledForAnonymousUser: true,
+          enabledForAuthenticatedUser: false,
+        },
+      });
+      try {
+        const user = await Parse.AnonymousUtils.logIn();
+        const file = new Parse.File('hello.txt', data, 'text/plain');
+        await file.save({ sessionToken: user.getSessionToken() });
+      } catch (e) {
+        fail('should have allowed file to save.');
+      }
+      try {
+        const user = await Parse.User.signUp('myUser', 'password');
+        const file = new Parse.File('hello.txt', data, 'text/plain');
+        await file.save({ sessionToken: user.getSessionToken() });
+        fail('should have not allowed file to save.');
+      } catch (e) {
+        expect(e.code).toBe(130);
+        expect(e.message).toBe('Authenticated file upload is not enabled.');
+      }
+    });
   });
 });

src/Options/Definitions.js

@@ -564,6 +564,12 @@ module.exports.FileUploadOptions = {
     action: parsers.booleanParser,
     default: false,
   },
+  enabledForAuthenticatedUser: {
+    env: 'PARSE_SERVER_PARSE_SERVER_FILE_UPLOAD_ENABLED_FOR_AUTHENTICATED_USER',
+    help: 'File upload is enabled for authenticated users.',
+    action: parsers.booleanParser,
+    default: true,
+  },
   enabledForPublic: {
     env: 'PARSE_SERVER_PARSE_SERVER_FILE_UPLOAD_ENABLED_FOR_PUBLIC',
     help:

src/Options/docs.js

@@ -125,5 +125,6 @@
  * @interface FileUploadOptions
  * @property {Boolean} enabled Files can be uploaded with Parse Server.
  * @property {Boolean} enabledForAnonymousUser File upload is enabled for Anonymous Users.
+ * @property {Boolean} enabledForAuthenticatedUser File upload is enabled for authenticated users.
  * @property {Boolean} enabledForPublic File upload is enabled for anyone with access to the Parse Server file upload endpoint, regardless of user authentication.
  */

src/Options/index.js

@@ -302,4 +302,7 @@ export interface FileUploadOptions {
   /* File upload is enabled for anyone with access to the Parse Server file upload endpoint, regardless of user authentication.
   :DEFAULT: false */
   enabledForPublic: ?boolean;
+  /* File upload is enabled for authenticated users.
+  :DEFAULT: true */
+  enabledForAuthenticatedUser: ?boolean;
 }

src/Routers/FilesRouter.js

@@ -106,6 +106,17 @@ export class FilesRouter {
       next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'Anonymous file upload is not enabled.'));
       return;
     }
+    if (
+      !req.config.fileUpload.enabledForAuthenticatedUser &&
+      req.config.fileUpload.enabledForAuthenticatedUser != null &&
+      req.auth.user &&
+      !Parse.AnonymousUtils.isLinked(req.auth.user)
+    ) {
+      next(
+        new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'Authenticated file upload is not enabled.')
+      );
+      return;
+    }
     if (!req.config.fileUpload.enabledForPublic && !req.auth.user) {
       next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'Public file upload is not enabled.'));
       return;