From 732eaf4ac3fe7479207b2827001663b423384350 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kartal=20Kaan=20Bozdo=C4=9Fan?=
 <kartalkaanbozdogan@gmail.com>
Date: Sun, 25 Apr 2021 15:00:43 +0300
Subject: [PATCH 1/2] Do not require addField permissions unless the root field
 does not exist Also added a corresponding regression test

---
 spec/schemas.spec.js                  | 28 +++++++++++++++++++++++++++
 src/Controllers/DatabaseController.js |  2 +-
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/spec/schemas.spec.js b/spec/schemas.spec.js
index 5180b36ca5..9d0b5ac19f 100644
--- a/spec/schemas.spec.js
+++ b/spec/schemas.spec.js
@@ -1779,6 +1779,34 @@ describe('schemas', () => {
     });
   });
 
+  describe('Nested documents', () => {
+    beforeAll(async () => {
+      const testSchema = new Parse.Schema('test_7371');
+      testSchema.setCLP({
+        create: { ['*']: true },
+        update: { ['*']: true },
+        addField: {},
+      });
+      testSchema.addObject('a');
+      await testSchema.save();
+    });
+
+    it('addField not required for adding a nested field (#7371)', async () => {
+      const obj = new Parse.Object('test_7371');
+      obj.set('a', {});
+      await obj.save();
+      obj.set('a.b', 2);
+      await obj.save();
+    });
+    it('addField not required for modifying a nested field (#7371)', async () => {
+      const obj = new Parse.Object('test_7371');
+      obj.set('a', { b: 1 });
+      await obj.save();
+      obj.set('a.b', 2);
+      await obj.save();
+    });
+  });
+
   it('should aceept class-level permission with userid of any length', async done => {
     await global.reconfigureServer({
       customIdSize: 11,
diff --git a/src/Controllers/DatabaseController.js b/src/Controllers/DatabaseController.js
index 158308ded3..42273b6990 100644
--- a/src/Controllers/DatabaseController.js
+++ b/src/Controllers/DatabaseController.js
@@ -894,7 +894,7 @@ class DatabaseController {
       if (object[field] && object[field].__op && object[field].__op === 'Delete') {
         return false;
       }
-      return schemaFields.indexOf(field) < 0;
+      return schemaFields.indexOf(getRootFieldName(field)) < 0;
     });
     if (newKeys.length > 0) {
       // adds a marker that new field is being adding during update

From 746658a095b8807ab96143c79049dc7f92a74b1b Mon Sep 17 00:00:00 2001
From: Ben Devore <bdevore17@gmail.com>
Date: Fri, 5 Nov 2021 10:28:45 -0400
Subject: [PATCH 2/2] address CR feedback

---
 spec/schemas.spec.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spec/schemas.spec.js b/spec/schemas.spec.js
index 9d0b5ac19f..e8dcc41e4d 100644
--- a/spec/schemas.spec.js
+++ b/spec/schemas.spec.js
@@ -1791,14 +1791,14 @@ describe('schemas', () => {
       await testSchema.save();
     });
 
-    it('addField not required for adding a nested field (#7371)', async () => {
+    it('addField permission not required for adding a nested property', async () => {
       const obj = new Parse.Object('test_7371');
       obj.set('a', {});
       await obj.save();
       obj.set('a.b', 2);
       await obj.save();
     });
-    it('addField not required for modifying a nested field (#7371)', async () => {
+    it('addField permission not required for modifying a nested property', async () => {
       const obj = new Parse.Object('test_7371');
       obj.set('a', { b: 1 });
       await obj.save();