Add enforceMasterKeyAccess middleware.

Author: nlutsenko

src/Controllers/FilesController.js

@@ -76,13 +76,6 @@ export class FilesController {
 
   deleteHandler() {
     return (req, res, next) => {
-      // enforce use of master key for file deletions
-      if(!req.auth.isMaster){
-        next(new Parse.Error(Parse.Error.OPERATION_FORBIDDEN,
-          'Master key required for file deletion.'));
-        return;
-      }
-
       this._filesAdapter.deleteFile(req.config, req.params.filename).then(() => {
         res.status(200);
         // TODO: return useful JSON here?
@@ -142,6 +135,7 @@ export class FilesController {
     router.delete('/files/:filename',
       Middlewares.allowCrossDomain,
       Middlewares.handleParseHeaders,
+      Middlewares.enforceMasterKeyAccess,
       this.deleteHandler()
     );
 

src/middlewares.js

@@ -178,15 +178,22 @@ var handleParseErrors = function(err, req, res, next) {
   }
 };
 
+function enforceMasterKeyAccess(req, res, next) {
+  if (!req.auth.isMaster) {
+    next(new Parse.Error(Parse.Error.OPERATION_FORBIDDEN, 'Master key is required for this operation.'));
+  }
+  next();
+}
+
 function invalidRequest(req, res) {
   res.status(403);
   res.end('{"error":"unauthorized"}');
 }
 
-
 module.exports = {
   allowCrossDomain: allowCrossDomain,
   allowMethodOverride: allowMethodOverride,
   handleParseErrors: handleParseErrors,
-  handleParseHeaders: handleParseHeaders
+  handleParseHeaders: handleParseHeaders,
+  enforceMasterKeyAccess: enforceMasterKeyAccess
 };