strapi/packages/core/admin/server/policies/hasPermissions.js

'use strict';

const _ = require('lodash');
const { createPolicy } = require('@strapi/utils').policy;
const { validateHasPermissionsInput } = require('../validation/policies/hasPermissions');

const inputModifiers = [
  {
    check: _.isString,
    transform: (action) => ({ action }),
  },
  {
    check: _.isArray,
    transform: (arr) => ({ action: arr[0], subject: arr[1] }),
  },
  {
    // Has to be after the isArray check since _.isObject also matches arrays
    check: _.isObject,
    transform: (perm) => perm,
  },
];

module.exports = createPolicy({
  name: 'admin::hasPermissions',
  validator: validateHasPermissionsInput,
  handler(ctx, config) {
    const { actions } = config;
    const { userAbility: ability } = ctx.state;

    const permissions = actions.map((action) =>
      inputModifiers.find((modifier) => modifier.check(action)).transform(action)
    );

    const isAuthorized = permissions.every(({ action, subject }) => ability.can(action, subject));

    return isAuthorized;
  },
});
Rework policies resolving (allow policy generators) / Add hasPermissions policy Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-18 11:41:12 +02:00			`'use strict';`

Rework policy handling, add util to create policy factories, allow array declaration for hasPermissions Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-19 15:02:10 +02:00			`const _ = require('lodash');`
Refactor policies to have a consistent factory API like middlewares 2021-11-05 12:19:49 +01:00			`const { createPolicy } = require('@strapi/utils').policy;`
Migrate admin policies 2021-08-25 15:16:17 +02:00			`const { validateHasPermissionsInput } = require('../validation/policies/hasPermissions');`
Rework policies resolving (allow policy generators) / Add hasPermissions policy Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-18 11:41:12 +02:00
Rework policy handling, add util to create policy factories, allow array declaration for hasPermissions Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-19 15:02:10 +02:00			`const inputModifiers = [`
			`{`
			`check: _.isString,`
Prettier and backend fix 2022-08-08 23:33:39 +02:00			`transform: (action) => ({ action }),`
Rework policy handling, add util to create policy factories, allow array declaration for hasPermissions Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-19 15:02:10 +02:00			`},`
			`{`
			`check: _.isArray,`
Prettier and backend fix 2022-08-08 23:33:39 +02:00			`transform: (arr) => ({ action: arr[0], subject: arr[1] }),`
Rework policy handling, add util to create policy factories, allow array declaration for hasPermissions Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-19 15:02:10 +02:00			`},`
			`{`
Add descriptive comment for hasPermissions transformers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-02 19:39:18 +02:00			`// Has to be after the isArray check since _.isObject also matches arrays`
Rework policy handling, add util to create policy factories, allow array declaration for hasPermissions Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-19 15:02:10 +02:00			`check: _.isObject,`
Prettier and backend fix 2022-08-08 23:33:39 +02:00			`transform: (perm) => perm,`
Rework policy handling, add util to create policy factories, allow array declaration for hasPermissions Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-19 15:02:10 +02:00			`},`
			`];`

Refactor policies to have a consistent factory API like middlewares 2021-11-05 12:19:49 +01:00			`module.exports = createPolicy({`
			`name: 'admin::hasPermissions',`
			`validator: validateHasPermissionsInput,`
			`handler(ctx, config) {`
Harmonize and make policies and middlwares more consistent 2021-10-04 18:16:28 +02:00			`const { actions } = config;`
Merge branch 'releases/v4' of github.com:strapi/strapi into v4/up-resolvers-picker-fix 2021-11-09 18:38:20 +01:00			`const { userAbility: ability } = ctx.state;`
Move routes to js when possible and refactor policies to be objects 2021-08-24 13:59:43 +02:00
Prettier and backend fix 2022-08-08 23:33:39 +02:00			`const permissions = actions.map((action) =>`
			`inputModifiers.find((modifier) => modifier.check(action)).transform(action)`
Rework policy handling, add util to create policy factories, allow array declaration for hasPermissions Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-19 15:02:10 +02:00			`);`
Rework policies resolving (allow policy generators) / Add hasPermissions policy Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-18 11:41:12 +02:00
Refactor policies to have a consistent factory API like middlewares 2021-11-05 12:19:49 +01:00			`const isAuthorized = permissions.every(({ action, subject }) => ability.can(action, subject));`
Rework policies resolving (allow policy generators) / Add hasPermissions policy Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-18 11:41:12 +02:00
Refactor policies to have a consistent factory API like middlewares 2021-11-05 12:19:49 +01:00			`return isAuthorized;`
Rework policy handling, add util to create policy factories, allow array declaration for hasPermissions Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-19 15:02:10 +02:00			`},`
Refactor policies to have a consistent factory API like middlewares 2021-11-05 12:19:49 +01:00			`});`