Get ParseConfig parameters with Master Key

spec/ParseGlobalConfig.spec.js

@@ -20,10 +20,17 @@ describe('a GlobalConfig', () => {
       .upsertOneObject(
         '_GlobalConfig',
         {
-          fields: { objectId: { type: 'Number' }, params: { type: 'Object' } },
+          fields: {
+            objectId: { type: 'Number' },
+            params: { type: 'Object' },
+            masterKeyOnly: { type: 'Object' },
+          },
         },
         query,
-        { params: { companies: ['US', 'DK'] } }
+        {
+          params: { companies: ['US', 'DK'], internalParam: 'internal' },
+          masterKeyOnly: { internalParam: true },
+        }
       )
       .then(done, err => {
         jfail(err);
@@ -54,6 +61,44 @@ describe('a GlobalConfig', () => {
     });
   });
 
+  it('internal parameter can be retrieved with master key', done => {
+    request({
+      url: 'http://localhost:8378/1/config',
+      json: true,
+      headers,
+    }).then(response => {
+      const body = response.data;
+      try {
+        expect(response.status).toEqual(200);
+        expect(body.params.internalParam).toEqual('internal');
+      } catch (e) {
+        jfail(e);
+      }
+      done();
+    });
+  });
+
+  it('internal parameter cannot be retrieved without master key', done => {
+    request({
+      url: 'http://localhost:8378/1/config',
+      json: true,
+      headers: {
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest',
+        'Content-Type': 'application/json',
+      },
+    }).then(response => {
+      const body = response.data;
+      try {
+        expect(response.status).toEqual(200);
+        expect(body.params.internalParam).toBeUndefined();
+      } catch (e) {
+        jfail(e);
+      }
+      done();
+    });
+  });
+
   it('can be updated when a master key exists', done => {
     request({
       method: 'PUT',
@@ -117,7 +162,13 @@ describe('a GlobalConfig', () => {
       method: 'PUT',
       url: 'http://localhost:8378/1/config',
       json: true,
-      body: { params: { companies: { __op: 'Delete' }, foo: 'bar' } },
+      body: {
+        params: {
+          companies: { __op: 'Delete' },
+          internalParam: { __op: 'Delete' },
+          foo: 'bar',
+        },
+      },
       headers,
     }).then(response => {
       const body = response.data;

src/Controllers/SchemaController.js

@@ -131,6 +131,7 @@ const defaultColumns: { [string]: SchemaFields } = Object.freeze({
   _GlobalConfig: {
     objectId: { type: 'String' },
     params: { type: 'Object' },
+    masterKeyOnly: { type: 'Object' },
   },
   _GraphQLConfig: {
     objectId: { type: 'String' },

src/Routers/GlobalConfigRouter.js

@@ -13,7 +13,20 @@ export class GlobalConfigRouter extends PromiseRouter {
           return { response: { params: {} } };
         }
         const globalConfig = results[0];
-        return { response: { params: globalConfig.params } };
+        if (!req.auth.isMaster && globalConfig.masterKeyOnly !== undefined) {
+          for (const param in globalConfig.params) {
+            if (globalConfig.masterKeyOnly[param]) {
+              delete globalConfig.params[param];
+              delete globalConfig.masterKeyOnly[param];
+            }
+          }
+        }
+        return {
+          response: {
+            params: globalConfig.params,
+            masterKeyOnly: globalConfig.masterKeyOnly,
+          },
+        };
       });
   }
 
@@ -25,9 +38,11 @@ export class GlobalConfigRouter extends PromiseRouter {
       );
     }
     const params = req.body.params;
+    const masterKeyOnly = req.body.masterKeyOnly || {};
     // Transform in dot notation to make sure it works
     const update = Object.keys(params).reduce((acc, key) => {
       acc[`params.${key}`] = params[key];
+      acc[`masterKeyOnly.${key}`] = masterKeyOnly[key] || false;
       return acc;
     }, {});
     return req.config.database