strapi/packages/core/admin/server/controllers/user.js

'use strict';

const _ = require('lodash');
const { ApplicationError } = require('@strapi/utils').errors;
const {
  validateUserCreationInput,
  validateUserUpdateInput,
  validateUsersDeleteInput,
} = require('../validation/user');

const { getService } = require('../utils');

module.exports = {
  async create(ctx) {
    const { body } = ctx.request;
    const cleanData = { ...body, email: _.get(body, `email`, ``).toLowerCase() };

    await validateUserCreationInput(cleanData);

    const attributes = _.pick(cleanData, [
      'firstname',
      'lastname',
      'email',
      'roles',
      'preferedLanguage',
    ]);

    const userAlreadyExists = await getService('user').exists({
      email: attributes.email,
    });

    if (userAlreadyExists) {
      throw new ApplicationError('Email already taken');
    }

    const createdUser = await getService('user').create(attributes);

    const userInfo = getService('user').sanitizeUser(createdUser);

    // Note: We need to assign manually the registrationToken to the
    // final user payload so that it's not removed in the sanitation process.
    Object.assign(userInfo, { registrationToken: createdUser.registrationToken });

    // Send 201 created
    ctx.created({ data: userInfo });
  },

  async find(ctx) {
    const userService = getService('user');

    const permissionsManager = strapi.admin.services.permission.createPermissionsManager({
      ability: ctx.state.userAbility,
      model: 'admin::user',
    });
    const sanitizedQuery = await permissionsManager.sanitizeQuery(ctx.query);

    const { results, pagination } = await userService.findPage(sanitizedQuery);

    ctx.body = {
      data: {
        results: results.map((user) => userService.sanitizeUser(user)),
        pagination,
      },
    };
  },

  async findOne(ctx) {
    const { id } = ctx.params;

    const user = await getService('user').findOne(id);

    if (!user) {
      return ctx.notFound('User does not exist');
    }

    ctx.body = {
      data: getService('user').sanitizeUser(user),
    };
  },

  async update(ctx) {
    const { id } = ctx.params;
    const { body: input } = ctx.request;

    await validateUserUpdateInput(input);

    if (_.has(input, 'email')) {
      const uniqueEmailCheck = await getService('user').exists({
        id: { $ne: id },
        email: input.email,
      });

      if (uniqueEmailCheck) {
        throw new ApplicationError('A user with this email address already exists');
      }
    }

    const updatedUser = await getService('user').updateById(id, input);

    if (!updatedUser) {
      return ctx.notFound('User does not exist');
    }

    ctx.body = {
      data: getService('user').sanitizeUser(updatedUser),
    };
  },

  async deleteOne(ctx) {
    const { id } = ctx.params;

    const deletedUser = await getService('user').deleteById(id);

    if (!deletedUser) {
      return ctx.notFound('User not found');
    }

    return ctx.deleted({
      data: getService('user').sanitizeUser(deletedUser),
    });
  },

  /**
   * Delete several users
   * @param {KoaContext} ctx - koa context
   */
  async deleteMany(ctx) {
    const { body } = ctx.request;
    await validateUsersDeleteInput(body);

    const users = await getService('user').deleteByIds(body.ids);

    const sanitizedUsers = users.map(getService('user').sanitizeUser);

    return ctx.deleted({
      data: sanitizedUsers,
    });
  },
};
Add new POST /admin/users route (controller + related services). Update User model: remove required constraint on password field. Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-13 12:27:46 +02:00			`'use strict';`

			`const _ = require('lodash');`
refactor error handling 2021-10-20 17:30:05 +02:00			`const { ApplicationError } = require('@strapi/utils').errors;`
add batch delete for users Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-07-15 15:46:59 +02:00			`const {`
			`validateUserCreationInput,`
			`validateUserUpdateInput,`
			`validateUsersDeleteInput,`
			`} = require('../validation/user');`
Add new POST /admin/users route (controller + related services). Update User model: remove required constraint on password field. Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-13 12:27:46 +02:00
Remove mongoose connector 2021-06-29 16:27:35 +02:00			`const { getService } = require('../utils');`

Add new POST /admin/users route (controller + related services). Update User model: remove required constraint on password field. Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-13 12:27:46 +02:00			`module.exports = {`
			`async create(ctx) {`
			`const { body } = ctx.request;`
fix(admin): lowercase email when creating user 2022-09-21 14:07:29 +01:00			const cleanData = { ...body, email: _.get(body, `email`, ``).toLowerCase() };
Add new POST /admin/users route (controller + related services). Update User model: remove required constraint on password field. Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-13 12:27:46 +02:00
fix(admin): lowercase email when creating user 2022-09-21 14:07:29 +01:00			`await validateUserCreationInput(cleanData);`
Add new POST /admin/users route (controller + related services). Update User model: remove required constraint on password field. Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-13 12:27:46 +02:00
fix(admin): lowercase email when creating user 2022-09-21 14:07:29 +01:00			`const attributes = _.pick(cleanData, [`
add preferedLanguage 2021-02-05 16:35:47 +01:00			`'firstname',`
			`'lastname',`
			`'email',`
			`'roles',`
			`'preferedLanguage',`
			`]);`
Add new POST /admin/users route (controller + related services). Update User model: remove required constraint on password field. Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-13 12:27:46 +02:00
Continue core - db connection 2021-07-28 15:32:21 +02:00			`const userAlreadyExists = await getService('user').exists({`
Add schema validation for POST /admin/users Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 11:57:43 +02:00			`email: attributes.email,`
Add new POST /admin/users route (controller + related services). Update User model: remove required constraint on password field. Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-13 12:27:46 +02:00			`});`

			`if (userAlreadyExists) {`
refactor error handling 2021-10-20 17:30:05 +02:00			`throw new ApplicationError('Email already taken');`
Add new POST /admin/users route (controller + related services). Update User model: remove required constraint on password field. Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-13 12:27:46 +02:00			`}`

Continue core - db connection 2021-07-28 15:32:21 +02:00			`const createdUser = await getService('user').create(attributes);`
Add new POST /admin/users route (controller + related services). Update User model: remove required constraint on password field. Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-13 12:27:46 +02:00
Continue core - db connection 2021-07-28 15:32:21 +02:00			`const userInfo = getService('user').sanitizeUser(createdUser);`
Add registration info route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 16:07:37 +02:00
Moved logic to the right controller 2022-05-13 11:33:25 +02:00			`// Note: We need to assign manually the registrationToken to the`
			`// final user payload so that it's not removed in the sanitation process.`
			`Object.assign(userInfo, { registrationToken: createdUser.registrationToken });`

Add new POST /admin/users route (controller + related services). Update User model: remove required constraint on password field. Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-13 12:27:46 +02:00			`// Send 201 created`
Add registration info route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 16:07:37 +02:00			`ctx.created({ data: userInfo });`
Add new POST /admin/users route (controller + related services). Update User model: remove required constraint on password field. Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-13 12:27:46 +02:00			`},`
Add GET /admin/users route and new pagination system Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 10:55:52 +02:00
			`async find(ctx) {`
Continue core - db connection 2021-07-28 15:32:21 +02:00			`const userService = getService('user');`

add traverse query fix single type fix query sanitize pagination count params add comments Cleanup the params/filters sanitize helpers sanitize association resolver Sanitize sort fix graphql single type fix graphql types fix addFindQuery Sanitize fields Update sanitize sort to handle all the different formats Update fields sanitize to handle regular strings & wildcard Fix non scalar recursion Add a traverse factory Add visitor to remove dz & morph relations Replace the old traverse utils (sort, filters) by one created using the traverse factory add sanitize populate await args fix async and duplicate sanitization sanitize u&p params Add traverse fields Fix traverse & sanitize fields add traverse fields to nested populate sanitize admin api filter queries Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com> sanitize sort params in admin API todo make token fields unsearchable with _q sanitize delete mutation Update packages/core/admin/server/services/permission/permissions-manager/sanitize.js Co-authored-by: Jamie Howard <48524071+jhoward1994@users.noreply.github.com> fix errors on queries without ctx rename findParams to sanitizedParams Sanitize queries everywhere in the content manager admin controllers sanitize single type update and delete Ignore non attribute keys in the sanitize sort Fix the sanitize query sort for nested string sort Fix permission check for the admin typo sanitize upload sanitize admin media library sanitize admin users Add missing await Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com> set U&P users fields to searchable:false add token support to createContentAPIRequest add searchable:false to getstarted U&P schema remove comment sanitize component resolver remove await add searchable false to the file's folder path Fix admin query when the permission query is set to null add basic tests for filtering private params add tests for fields add pagination tests Fix admin user fields not being sanitized Fix convert query params for the morph fragment on undefined value Traverse dynamic zone on nested populate Handle nested sort, filters & fields in populate queries + handle populate fragment for morphTo relations Sanitize 'on' subpopulate Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com> don't throw error on invalid attributes check models for snake case column name instead of assuming they are operators Add first batch of api tests for params sanitize Fix sort traversal: handle object arrays Put back removePassword for fields,sort,filters Add schemas and fixtures for sanitize api tests Add tests for relations (sanitize api tests) Move constant to domain scope Rename sanitize params to sanitize query Fix typo Cleanup fixtures file Fix variable name conflict Update packages/core/admin/server/services/permission/permissions-manager/sanitize.js Co-authored-by: Alexandre BODIN <alexandrebodin@users.noreply.github.com> Update comment for array filters Rename sanitize test Test implicit & explicit array operator for filter Remove unused code 2023-02-09 11:35:50 +01:00			`const permissionsManager = strapi.admin.services.permission.createPermissionsManager({`
			`ability: ctx.state.userAbility,`
			`model: 'admin::user',`
			`});`
			`const sanitizedQuery = await permissionsManager.sanitizeQuery(ctx.query);`

			`const { results, pagination } = await userService.findPage(sanitizedQuery);`
Fix response object shape for get /admin/users Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 11:06:07 +02:00
Add tests for user controller/service/api Fix e2e tests, add default role to match .min(1) condition 2020-05-29 11:41:53 +02:00			`ctx.body = {`
fix PR comments, move pagination logic to the database layer, handle searches Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 16:10:53 +02:00			`data: {`
Prettier and backend fix 2022-08-08 23:33:39 +02:00			`results: results.map((user) => userService.sanitizeUser(user)),`
fix PR comments, move pagination logic to the database layer, handle searches Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 16:10:53 +02:00			`pagination,`
			`},`
Fix response object shape for get /admin/users Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 11:06:07 +02:00			`};`
Add GET /admin/users route and new pagination system Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 10:55:52 +02:00			`},`
Add update user route in the user api 2020-05-27 16:06:15 +02:00
Add GET /admin/users/:id route 2020-05-28 14:03:48 +02:00			`async findOne(ctx) {`
			`const { id } = ctx.params;`

fix sort on admin user 2021-09-27 16:06:43 +02:00			`const user = await getService('user').findOne(id);`
Add GET /admin/users/:id route 2020-05-28 14:03:48 +02:00
			`if (!user) {`
Fix PR: Refactor user e2e tests, fix domain logic, add user::deleteOne route 2020-06-04 10:25:02 +02:00			`return ctx.notFound('User does not exist');`
Add GET /admin/users/:id route 2020-05-28 14:03:48 +02:00			`}`

			`ctx.body = {`
Continue core - db connection 2021-07-28 15:32:21 +02:00			`data: getService('user').sanitizeUser(user),`
Add GET /admin/users/:id route 2020-05-28 14:03:48 +02:00			`};`
			`},`

Add update user route in the user api 2020-05-27 16:06:15 +02:00			`async update(ctx) {`
			`const { id } = ctx.params;`
			`const { body: input } = ctx.request;`

refactor error handling 2021-10-20 17:30:05 +02:00			`await validateUserUpdateInput(input);`
Add update user route in the user api 2020-05-27 16:06:15 +02:00
Add unique email check on update user 2020-06-04 12:34:22 +02:00			`if (_.has(input, 'email')) {`
Continue core - db connection 2021-07-28 15:32:21 +02:00			`const uniqueEmailCheck = await getService('user').exists({`
Server can start 2021-06-22 17:13:11 +02:00			`id: { $ne: id },`
Add unique email check on update user 2020-06-04 12:34:22 +02:00			`email: input.email,`
			`});`

			`if (uniqueEmailCheck) {`
refactor error handling 2021-10-20 17:30:05 +02:00			`throw new ApplicationError('A user with this email address already exists');`
Add unique email check on update user 2020-06-04 12:34:22 +02:00			`}`
			`}`

Continue core - db connection 2021-07-28 15:32:21 +02:00			`const updatedUser = await getService('user').updateById(id, input);`
Add update user route in the user api 2020-05-27 16:06:15 +02:00
Fix PR: Refactor user e2e tests, fix domain logic, add user::deleteOne route 2020-06-04 10:25:02 +02:00			`if (!updatedUser) {`
Fix user controller tests 2020-06-04 10:48:02 +02:00			`return ctx.notFound('User does not exist');`
Add update user route in the user api 2020-05-27 16:06:15 +02:00			`}`

			`ctx.body = {`
Continue core - db connection 2021-07-28 15:32:21 +02:00			`data: getService('user').sanitizeUser(updatedUser),`
Add update user route in the user api 2020-05-27 16:06:15 +02:00			`};`
			`},`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00
add batch delete for users Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-07-15 15:46:59 +02:00			`async deleteOne(ctx) {`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`const { id } = ctx.params;`

Continue core - db connection 2021-07-28 15:32:21 +02:00			`const deletedUser = await getService('user').deleteById(id);`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00
			`if (!deletedUser) {`
			`return ctx.notFound('User not found');`
			`}`

			`return ctx.deleted({`
Continue core - db connection 2021-07-28 15:32:21 +02:00			`data: getService('user').sanitizeUser(deletedUser),`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`});`
			`},`
add batch delete for users Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-07-15 15:46:59 +02:00
			`/**`
			`* Delete several users`
			`* @param {KoaContext} ctx - koa context`
			`*/`
			`async deleteMany(ctx) {`
			`const { body } = ctx.request;`
refactor error handling 2021-10-20 17:30:05 +02:00			`await validateUsersDeleteInput(body);`
add batch delete for users Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-07-15 15:46:59 +02:00
Remove mongoose connector 2021-06-29 16:27:35 +02:00			`const users = await getService('user').deleteByIds(body.ids);`

Continue core - db connection 2021-07-28 15:32:21 +02:00			`const sanitizedUsers = users.map(getService('user').sanitizeUser);`
add batch delete for users Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-07-15 15:46:59 +02:00
			`return ctx.deleted({`
			`data: sanitizedUsers,`
			`});`
			`},`
Add new POST /admin/users route (controller + related services). Update User model: remove required constraint on password field. Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-13 12:27:46 +02:00			`};`