strapi/packages/plugins/users-permissions/server/controllers/content-manager-user.js

'use strict';

const _ = require('lodash');
const { contentTypes: contentTypesUtils } = require('@strapi/utils');
const { ApplicationError, ValidationError, NotFoundError, ForbiddenError } =
  require('@strapi/utils').errors;
const { validateCreateUserBody, validateUpdateUserBody } = require('./validation/user');

const { UPDATED_BY_ATTRIBUTE, CREATED_BY_ATTRIBUTE } = contentTypesUtils.constants;

const userModel = 'plugin::users-permissions.user';
const ACTIONS = {
  read: 'plugin::content-manager.explorer.read',
  create: 'plugin::content-manager.explorer.create',
  edit: 'plugin::content-manager.explorer.update',
  delete: 'plugin::content-manager.explorer.delete',
};

const findEntityAndCheckPermissions = async (ability, action, model, id) => {
  const doc = await strapi.service('plugin::content-manager.document-manager').findOne(id, model, {
    populate: [`${CREATED_BY_ATTRIBUTE}.roles`],
  });

  if (_.isNil(doc)) {
    throw new NotFoundError();
  }

  const pm = strapi
    .service('admin::permission')
    .createPermissionsManager({ ability, action, model });

  if (pm.ability.cannot(pm.action, pm.toSubject(doc))) {
    throw new ForbiddenError();
  }

  const docWithoutCreatorRoles = _.omit(doc, `${CREATED_BY_ATTRIBUTE}.roles`);

  return { pm, doc: docWithoutCreatorRoles };
};

module.exports = {
  /**
   * Create a/an user record.
   * @return {Object}
   */
  async create(ctx) {
    const { body } = ctx.request;
    const { user: admin, userAbility } = ctx.state;

    const { email, username } = body;

    const pm = strapi.service('admin::permission').createPermissionsManager({
      ability: userAbility,
      action: ACTIONS.create,
      model: userModel,
    });

    if (!pm.isAllowed) {
      return ctx.forbidden();
    }

    const sanitizedBody = await pm.pickPermittedFieldsOf(body, { subject: userModel });

    const advanced = await strapi
      .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })
      .get();

    await validateCreateUserBody(ctx.request.body);

    const userWithSameUsername = await strapi.db
      .query('plugin::users-permissions.user')
      .findOne({ where: { username } });

    if (userWithSameUsername) {
      throw new ApplicationError('Username already taken');
    }

    if (advanced.unique_email) {
      const userWithSameEmail = await strapi.db
        .query('plugin::users-permissions.user')
        .findOne({ where: { email: email.toLowerCase() } });

      if (userWithSameEmail) {
        throw new ApplicationError('Email already taken');
      }
    }

    const user = {
      ...sanitizedBody,
      provider: 'local',
      [CREATED_BY_ATTRIBUTE]: admin.id,
      [UPDATED_BY_ATTRIBUTE]: admin.id,
    };

    user.email = _.toLower(user.email);

    try {
      const data = await strapi
        .service('plugin::content-manager.document-manager')
        .create(userModel, { data: user });

      const sanitizedData = await pm.sanitizeOutput(data, { action: ACTIONS.read });

      ctx.created(sanitizedData);
    } catch (error) {
      throw new ApplicationError(error.message);
    }
  },
  /**
   * Update a/an user record.
   * @return {Object}
   */

  async update(ctx) {
    const { id: documentId } = ctx.params;
    const { body } = ctx.request;
    const { user: admin, userAbility } = ctx.state;

    const advancedConfigs = await strapi
      .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })
      .get();

    const { email, username, password } = body;

    const { pm, doc } = await findEntityAndCheckPermissions(
      userAbility,
      ACTIONS.edit,
      userModel,
      documentId
    );

    const user = doc;

    await validateUpdateUserBody(ctx.request.body);

    if (_.has(body, 'password') && !password && user.provider === 'local') {
      throw new ValidationError('password.notNull');
    }

    if (_.has(body, 'username')) {
      const userWithSameUsername = await strapi.db
        .query('plugin::users-permissions.user')
        .findOne({ where: { username } });

      if (userWithSameUsername && _.toString(userWithSameUsername.id) !== _.toString(user.id)) {
        throw new ApplicationError('Username already taken');
      }
    }

    if (_.has(body, 'email') && advancedConfigs.unique_email) {
      const userWithSameEmail = await strapi.db
        .query('plugin::users-permissions.user')
        .findOne({ where: { email: _.toLower(email) } });

      if (userWithSameEmail && _.toString(userWithSameEmail.id) !== _.toString(user.id)) {
        throw new ApplicationError('Email already taken');
      }

      body.email = _.toLower(body.email);
    }

    const sanitizedData = await pm.pickPermittedFieldsOf(body, { subject: pm.toSubject(user) });
    const updateData = _.omit({ ...sanitizedData, updatedBy: admin.id }, 'createdBy');

    const data = await strapi
      .service('plugin::content-manager.document-manager')
      .update(documentId, userModel, {
        data: updateData,
      });

    ctx.body = await pm.sanitizeOutput(data, { action: ACTIONS.read });
  },
};
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`'use strict';`

			`const _ = require('lodash');`
Rename import & requires, fix tests 2021-04-29 13:51:12 +02:00			`const { contentTypes: contentTypesUtils } = require('@strapi/utils');`
Prettier and backend fix 2022-08-08 23:33:39 +02:00			`const { ApplicationError, ValidationError, NotFoundError, ForbiddenError } =`
			`require('@strapi/utils').errors;`
Merge branch 'releases/v4' of github.com:strapi/strapi into v4/up-resolvers-picker-fix 2021-11-09 18:38:20 +01:00			`const { validateCreateUserBody, validateUpdateUserBody } = require('./validation/user');`
add published_at (#7374) * add published_at Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-08-18 17:09:21 +02:00
			`const { UPDATED_BY_ATTRIBUTE, CREATED_BY_ATTRIBUTE } = contentTypesUtils.constants;`

refactor with module approach 2021-08-06 18:09:49 +02:00			`const userModel = 'plugin::users-permissions.user';`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`const ACTIONS = {`
refactor with module approach 2021-08-06 18:09:49 +02:00			`read: 'plugin::content-manager.explorer.read',`
			`create: 'plugin::content-manager.explorer.create',`
			`edit: 'plugin::content-manager.explorer.update',`
			`delete: 'plugin::content-manager.explorer.delete',`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`};`

			`const findEntityAndCheckPermissions = async (ability, action, model, id) => {`
chore: update u&p 2024-03-18 21:44:32 +01:00			`const doc = await strapi.service('plugin::content-manager.document-manager').findOne(id, model, {`
Fix users-permissions user controllers permissions 2021-11-04 15:18:09 +01:00			populate: [`${CREATED_BY_ATTRIBUTE}.roles`],
			`});`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
chore: update u&p 2024-03-18 21:44:32 +01:00			`if (_.isNil(doc)) {`
refactor error handling 2021-10-20 17:30:05 +02:00			`throw new NotFoundError();`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`}`

chore: use strapi.service instead of strapi.admin.services 2024-03-27 23:16:51 +01:00			`const pm = strapi`
			`.service('admin::permission')`
			`.createPermissionsManager({ ability, action, model });`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
chore: update u&p 2024-03-18 21:44:32 +01:00			`if (pm.ability.cannot(pm.action, pm.toSubject(doc))) {`
refactor error handling 2021-10-20 17:30:05 +02:00			`throw new ForbiddenError();`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`}`

chore: update u&p 2024-03-18 21:44:32 +01:00			const docWithoutCreatorRoles = _.omit(doc, `${CREATED_BY_ATTRIBUTE}.roles`);
Fix users-permissions user controllers permissions 2021-11-04 15:18:09 +01:00
chore: update u&p 2024-03-18 21:44:32 +01:00			`return { pm, doc: docWithoutCreatorRoles };`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`};`

			`module.exports = {`
			`/**`
			`* Create a/an user record.`
			`* @return {Object}`
			`*/`
			`async create(ctx) {`
Move CM files into the new structure 2021-09-24 09:04:44 +02:00			`const { body } = ctx.request;`
			`const { user: admin, userAbility } = ctx.state;`

refactor error handling 2021-10-20 17:30:05 +02:00			`const { email, username } = body;`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
chore: use strapi.service instead of strapi.admin.services 2024-03-27 23:16:51 +01:00			`const pm = strapi.service('admin::permission').createPermissionsManager({`
Cleanup tests Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-11-02 17:19:42 +01:00			`ability: userAbility,`
			`action: ACTIONS.create,`
			`model: userModel,`
			`});`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
			`if (!pm.isAllowed) {`
refactor error handling 2021-10-20 17:30:05 +02:00			`return ctx.forbidden();`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`}`

[V4] Enhanced sanitize & remove restricted relations from content API's payloads (#11411) * Rework sanitizeEntity, first iteration * remove console.log * Remove useless comments * Fix e2e tests * Fix up user e2e test * Fix remove-restricted-relations visitor * Handle grapqhql resolver, prevent access to restricted relations * Handle polymorphic relation in the related visitor * Remove morph attribute if empty * Use only the find action to check if the relation is allowed 2021-11-04 15:47:53 +01:00			`const sanitizedBody = await pm.pickPermittedFieldsOf(body, { subject: userModel });`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
			`const advanced = await strapi`
Init migration v4 - Hooks registry - D&P CT migrations - i18N CT migrations - Umzug with js / sql migrations - Eslint updates 2021-09-13 12:03:12 +02:00			`.store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`.get();`

refactor error handling 2021-10-20 17:30:05 +02:00			`await validateCreateUserBody(ctx.request.body);`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
chore: database enhancements 2024-03-13 15:40:30 +01:00			`const userWithSameUsername = await strapi.db`
refactor with module approach 2021-08-06 18:09:49 +02:00			`.query('plugin::users-permissions.user')`
Refactor all query() calls 2021-07-08 18:15:32 +02:00			`.findOne({ where: { username } });`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
			`if (userWithSameUsername) {`
refactor error handling 2021-10-20 17:30:05 +02:00			`throw new ApplicationError('Username already taken');`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`}`

			`if (advanced.unique_email) {`
chore: database enhancements 2024-03-13 15:40:30 +01:00			`const userWithSameEmail = await strapi.db`
refactor with module approach 2021-08-06 18:09:49 +02:00			`.query('plugin::users-permissions.user')`
Refactor all query() calls 2021-07-08 18:15:32 +02:00			`.findOne({ where: { email: email.toLowerCase() } });`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
			`if (userWithSameEmail) {`
refactor error handling 2021-10-20 17:30:05 +02:00			`throw new ApplicationError('Email already taken');`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`}`
			`}`

			`const user = {`
			`...sanitizedBody,`
			`provider: 'local',`
add published_at (#7374) * add published_at Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-08-18 17:09:21 +02:00			`[CREATED_BY_ATTRIBUTE]: admin.id,`
			`[UPDATED_BY_ATTRIBUTE]: admin.id,`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`};`

Move CM files into the new structure 2021-09-24 09:04:44 +02:00			`user.email = _.toLower(user.email);`
set email validator to lowercase (#7645) * set email validator to lowercase Yup .lowercase() converts the string to lowercase which should be done in all instances of email across the application. Fixes bug where users created inside Strapi admin panel end up with mixed case emails in database. Signed-off-by: bglidwell <sintex+github@gmail.com> * match front-end profile validation to backend Removed .min(5) from backend validation due to redundancy with .email() check Signed-off-by: bglidwell <sintex+github@gmail.com> * cleanup redundant email.toLowerCase() Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> * Revert "cleanup redundant email.toLowerCase()" This reverts commit 4565054b298e4518e4ddf41ca602c5960bd9cc28. Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> * fix email case in admin user controller Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> * fix email case in api user controller Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> * fix for graphql tests Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> 2020-09-14 02:30:12 -05:00
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`try {`
Fix users-permissions user controllers permissions 2021-11-04 15:18:09 +01:00			`const data = await strapi`
chore: update u&p 2024-03-18 21:44:32 +01:00			`.service('plugin::content-manager.document-manager')`
			`.create(userModel, { data: user });`

[V4] Enhanced sanitize & remove restricted relations from content API's payloads (#11411) * Rework sanitizeEntity, first iteration * remove console.log * Remove useless comments * Fix e2e tests * Fix up user e2e test * Fix remove-restricted-relations visitor * Handle grapqhql resolver, prevent access to restricted relations * Handle polymorphic relation in the related visitor * Remove morph attribute if empty * Use only the find action to check if the relation is allowed 2021-11-04 15:47:53 +01:00			`const sanitizedData = await pm.sanitizeOutput(data, { action: ACTIONS.read });`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
[V4] Enhanced sanitize & remove restricted relations from content API's payloads (#11411) * Rework sanitizeEntity, first iteration * remove console.log * Remove useless comments * Fix e2e tests * Fix up user e2e test * Fix remove-restricted-relations visitor * Handle grapqhql resolver, prevent access to restricted relations * Handle polymorphic relation in the related visitor * Remove morph attribute if empty * Use only the find action to check if the relation is allowed 2021-11-04 15:47:53 +01:00			`ctx.created(sanitizedData);`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`} catch (error) {`
refactor error handling 2021-10-20 17:30:05 +02:00			`throw new ApplicationError(error.message);`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`}`
			`},`
			`/**`
			`* Update a/an user record.`
			`* @return {Object}`
			`*/`

			`async update(ctx) {`
chore: update u&p 2024-03-18 21:44:32 +01:00			`const { id: documentId } = ctx.params;`
Move CM files into the new structure 2021-09-24 09:04:44 +02:00			`const { body } = ctx.request;`
			`const { user: admin, userAbility } = ctx.state;`

Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`const advancedConfigs = await strapi`
Init migration v4 - Hooks registry - D&P CT migrations - i18N CT migrations - Umzug with js / sql migrations - Eslint updates 2021-09-13 12:03:12 +02:00			`.store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`.get();`

			`const { email, username, password } = body;`

chore: update u&p 2024-03-18 21:44:32 +01:00			`const { pm, doc } = await findEntityAndCheckPermissions(`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`userAbility,`
			`ACTIONS.edit,`
			`userModel,`
chore: update u&p 2024-03-18 21:44:32 +01:00			`documentId`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`);`
chore: update u&p 2024-03-18 21:44:32 +01:00
			`const user = doc;`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
refactor error handling 2021-10-20 17:30:05 +02:00			`await validateUpdateUserBody(ctx.request.body);`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
			`if (_.has(body, 'password') && !password && user.provider === 'local') {`
refactor error handling 2021-10-20 17:30:05 +02:00			`throw new ValidationError('password.notNull');`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`}`

			`if (_.has(body, 'username')) {`
chore: database enhancements 2024-03-13 15:40:30 +01:00			`const userWithSameUsername = await strapi.db`
refactor with module approach 2021-08-06 18:09:49 +02:00			`.query('plugin::users-permissions.user')`
Refactor all query() calls 2021-07-08 18:15:32 +02:00			`.findOne({ where: { username } });`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
chore: update u&p 2024-03-18 21:44:32 +01:00			`if (userWithSameUsername && _.toString(userWithSameUsername.id) !== _.toString(user.id)) {`
refactor error handling 2021-10-20 17:30:05 +02:00			`throw new ApplicationError('Username already taken');`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`}`
			`}`

			`if (_.has(body, 'email') && advancedConfigs.unique_email) {`
chore: database enhancements 2024-03-13 15:40:30 +01:00			`const userWithSameEmail = await strapi.db`
refactor with module approach 2021-08-06 18:09:49 +02:00			`.query('plugin::users-permissions.user')`
Move CM files into the new structure 2021-09-24 09:04:44 +02:00			`.findOne({ where: { email: _.toLower(email) } });`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
chore: update u&p 2024-03-18 21:44:32 +01:00			`if (userWithSameEmail && _.toString(userWithSameEmail.id) !== _.toString(user.id)) {`
refactor error handling 2021-10-20 17:30:05 +02:00			`throw new ApplicationError('Email already taken');`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`}`
chore: update u&p 2024-03-18 21:44:32 +01:00
Move CM files into the new structure 2021-09-24 09:04:44 +02:00			`body.email = _.toLower(body.email);`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`}`

[V4] Enhanced sanitize & remove restricted relations from content API's payloads (#11411) * Rework sanitizeEntity, first iteration * remove console.log * Remove useless comments * Fix e2e tests * Fix up user e2e test * Fix remove-restricted-relations visitor * Handle grapqhql resolver, prevent access to restricted relations * Handle polymorphic relation in the related visitor * Remove morph attribute if empty * Use only the find action to check if the relation is allowed 2021-11-04 15:47:53 +01:00			`const sanitizedData = await pm.pickPermittedFieldsOf(body, { subject: pm.toSubject(user) });`
Rename creator fields 2021-09-22 17:04:57 +02:00			`const updateData = _.omit({ ...sanitizedData, updatedBy: admin.id }, 'createdBy');`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
Fix users-permissions user controllers permissions 2021-11-04 15:18:09 +01:00			`const data = await strapi`
chore: update u&p 2024-03-18 21:44:32 +01:00			`.service('plugin::content-manager.document-manager')`
			`.update(documentId, userModel, {`
			`data: updateData,`
			`});`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
[V4] Enhanced sanitize & remove restricted relations from content API's payloads (#11411) * Rework sanitizeEntity, first iteration * remove console.log * Remove useless comments * Fix e2e tests * Fix up user e2e test * Fix remove-restricted-relations visitor * Handle grapqhql resolver, prevent access to restricted relations * Handle polymorphic relation in the related visitor * Remove morph attribute if empty * Use only the find action to check if the relation is allowed 2021-11-04 15:47:53 +01:00			`ctx.body = await pm.sanitizeOutput(data, { action: ACTIONS.read });`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`},`
			`};`