2020-05-22 12:58:14 +02:00
|
|
|
'use strict';
|
|
|
|
|
|
2020-06-16 13:51:34 +02:00
|
|
|
const { yup, formatYupErrors } = require('strapi-utils');
|
2020-05-27 13:15:52 +02:00
|
|
|
const {
|
|
|
|
|
validateRoleCreateInput,
|
|
|
|
|
validateRoleUpdateInput,
|
2020-06-12 18:42:07 +02:00
|
|
|
validateRolesDeleteInput,
|
2020-05-27 13:15:52 +02:00
|
|
|
validateRoleDeleteInput,
|
|
|
|
|
} = require('../validation/role');
|
2020-06-09 17:45:53 +02:00
|
|
|
const { validatedUpdatePermissionsInput } = require('../validation/permission');
|
2020-06-23 16:31:16 +02:00
|
|
|
const { SUPER_ADMIN_CODE } = require('../../services/constants');
|
2020-05-22 12:58:14 +02:00
|
|
|
|
|
|
|
|
module.exports = {
|
2020-06-08 17:55:22 +02:00
|
|
|
/**
|
|
|
|
|
* Create a new role
|
|
|
|
|
* @param {KoaContext} ctx - koa context
|
|
|
|
|
*/
|
2020-05-22 12:58:14 +02:00
|
|
|
async create(ctx) {
|
|
|
|
|
try {
|
|
|
|
|
await validateRoleCreateInput(ctx.request.body);
|
|
|
|
|
} catch (err) {
|
|
|
|
|
return ctx.badRequest('ValidationError', err);
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-25 11:22:35 +02:00
|
|
|
let role = await strapi.admin.services.role.create(ctx.request.body);
|
2020-05-22 12:58:14 +02:00
|
|
|
|
|
|
|
|
const sanitizedRole = strapi.admin.services.role.sanitizeRole(role);
|
|
|
|
|
ctx.created({ data: sanitizedRole });
|
|
|
|
|
},
|
2020-06-08 17:55:22 +02:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Update a role
|
|
|
|
|
* @param {KoaContext} ctx - koa context
|
|
|
|
|
*/
|
2020-05-22 12:58:14 +02:00
|
|
|
async update(ctx) {
|
|
|
|
|
const { id } = ctx.params;
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
await validateRoleUpdateInput(ctx.request.body, id);
|
|
|
|
|
} catch (err) {
|
|
|
|
|
return ctx.badRequest('ValidationError', err);
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-25 11:22:35 +02:00
|
|
|
let role = await strapi.admin.services.role.update({ id }, ctx.request.body);
|
2020-05-22 12:58:14 +02:00
|
|
|
if (!role) {
|
2020-05-25 11:22:35 +02:00
|
|
|
return ctx.notFound('Role not found');
|
2020-05-22 12:58:14 +02:00
|
|
|
}
|
|
|
|
|
|
2020-05-25 11:22:35 +02:00
|
|
|
const sanitizedRole = strapi.admin.services.role.sanitizeRole(role);
|
|
|
|
|
|
2020-05-22 12:58:14 +02:00
|
|
|
ctx.body = {
|
|
|
|
|
data: sanitizedRole,
|
|
|
|
|
};
|
|
|
|
|
},
|
2020-06-08 17:55:22 +02:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Delete a role
|
|
|
|
|
* @param {KoaContext} ctx - koa context
|
|
|
|
|
*/
|
2020-05-27 16:27:09 +02:00
|
|
|
async deleteOne(ctx) {
|
|
|
|
|
const { id } = ctx.params;
|
|
|
|
|
|
2020-06-12 18:42:07 +02:00
|
|
|
try {
|
|
|
|
|
await validateRoleDeleteInput(id);
|
|
|
|
|
} catch (err) {
|
|
|
|
|
return ctx.badRequest('ValidationError', err);
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-28 17:32:44 +02:00
|
|
|
const roles = await strapi.admin.services.role.deleteByIds([id]);
|
2020-05-27 16:27:09 +02:00
|
|
|
|
2020-05-29 11:09:17 +02:00
|
|
|
const sanitizedRole = roles.map(strapi.admin.services.role.sanitizeRole)[0] || null;
|
2020-05-27 16:27:09 +02:00
|
|
|
|
2020-07-15 15:46:59 +02:00
|
|
|
return ctx.deleted({
|
2020-05-27 16:27:09 +02:00
|
|
|
data: sanitizedRole,
|
2020-07-15 15:46:59 +02:00
|
|
|
});
|
2020-05-27 16:27:09 +02:00
|
|
|
},
|
2020-06-08 17:55:22 +02:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* delete several roles
|
|
|
|
|
* @param {KoaContext} ctx - koa context
|
|
|
|
|
*/
|
2020-05-27 16:27:09 +02:00
|
|
|
async deleteMany(ctx) {
|
2020-05-28 17:32:44 +02:00
|
|
|
const { body } = ctx.request;
|
2020-05-27 13:15:52 +02:00
|
|
|
try {
|
2020-06-12 18:42:07 +02:00
|
|
|
await validateRolesDeleteInput(body);
|
2020-05-27 13:15:52 +02:00
|
|
|
} catch (err) {
|
|
|
|
|
return ctx.badRequest('ValidationError', err);
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-29 11:09:17 +02:00
|
|
|
const roles = await strapi.admin.services.role.deleteByIds(body.ids);
|
2020-05-27 13:15:52 +02:00
|
|
|
const sanitizedRoles = roles.map(strapi.admin.services.role.sanitizeRole);
|
|
|
|
|
|
2020-07-15 15:46:59 +02:00
|
|
|
return ctx.deleted({
|
2020-05-27 13:15:52 +02:00
|
|
|
data: sanitizedRoles,
|
2020-07-15 15:46:59 +02:00
|
|
|
});
|
2020-05-27 13:15:52 +02:00
|
|
|
},
|
2020-06-08 17:55:22 +02:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Updates the permissions assigned to a role
|
|
|
|
|
* @param {KoaContext} ctx - koa context
|
|
|
|
|
*/
|
|
|
|
|
async updatePermissions(ctx) {
|
|
|
|
|
const { id } = ctx.params;
|
|
|
|
|
const input = ctx.request.body;
|
|
|
|
|
|
2020-06-23 16:31:16 +02:00
|
|
|
const role = await strapi.admin.services.role.findOne({ id });
|
|
|
|
|
if (!role) {
|
|
|
|
|
return ctx.notFound('role.notFound');
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-08 17:55:22 +02:00
|
|
|
try {
|
2020-06-23 16:31:16 +02:00
|
|
|
if (role.code === SUPER_ADMIN_CODE) {
|
2020-06-16 13:51:34 +02:00
|
|
|
const err = new yup.ValidationError("Super admin permissions can't be edited.");
|
|
|
|
|
throw formatYupErrors(err);
|
|
|
|
|
}
|
2020-06-08 17:55:22 +02:00
|
|
|
await validatedUpdatePermissionsInput(input);
|
|
|
|
|
} catch (err) {
|
|
|
|
|
return ctx.badRequest('ValidationError', err);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!role) {
|
|
|
|
|
return ctx.notFound('role.notFound');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const permissions = await strapi.admin.services.permission.assign(role.id, input.permissions);
|
|
|
|
|
|
|
|
|
|
ctx.body = {
|
|
|
|
|
data: permissions,
|
|
|
|
|
};
|
|
|
|
|
},
|
2020-05-22 12:58:14 +02:00
|
|
|
};
|
