2020-06-29 18:30:35 +02:00
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
const {
|
|
|
|
|
policy: { createPolicyFactory },
|
|
|
|
|
} = require('strapi-utils');
|
|
|
|
|
const { validateHasPermissionsInput } = require('../../validation/policies/hasPermissions');
|
|
|
|
|
|
|
|
|
|
module.exports = createPolicyFactory(
|
|
|
|
|
actions => (ctx, next) => {
|
|
|
|
|
const {
|
2020-07-02 15:58:12 +02:00
|
|
|
state: { userAbility, isAuthenticatedAdmin },
|
2020-06-29 18:30:35 +02:00
|
|
|
params: { model },
|
|
|
|
|
} = ctx;
|
|
|
|
|
|
2020-07-02 15:58:12 +02:00
|
|
|
if (!isAuthenticatedAdmin || !userAbility) {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-29 18:30:35 +02:00
|
|
|
const isAuthorized = actions.every(action => userAbility.can(action, model));
|
|
|
|
|
|
|
|
|
|
if (!isAuthorized) {
|
|
|
|
|
throw strapi.errors.forbidden();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return next();
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
validator: validateHasPermissionsInput,
|
|
|
|
|
name: 'plugins::content-manager.hasPermissions',
|
|
|
|
|
}
|
|
|
|
|
);
|
