strapi/packages/strapi-admin/config/functions/bootstrap.js

'use strict';

const adminActions = require('../admin-actions');
const { createPermission } = require('../../domain/permission');

const registerPermissionActions = () => {
  const { actionProvider } = strapi.admin.services.permission;
  actionProvider.register(adminActions.actions);
};

const registerAdminConditions = () => {
  const { conditionProvider } = strapi.admin.services.permission;

  conditionProvider.register({
    displayName: 'Is Creator',
    name: 'is-creator',
    plugin: 'admin',
    handler: user => ({ 'created_by.id': user.id }),
  });
};

const createRolesIfNeeded = async () => {
  const someRolesExist = await strapi.admin.services.role.exists();
  if (someRolesExist) {
    return;
  }

  const defaultPluginPermissions = [
    {
      action: 'plugins::upload.settings.read',
    },
    {
      action: 'plugins::upload.assets.create',
    },
    {
      action: 'plugins::upload.assets.update',
      conditions: ['admin::is-creator'],
    },
    {
      action: 'plugins::upload.assets.download',
    },
    {
      action: 'plugins::upload.assets.copy-link',
    },
  ];

  const allActions = strapi.admin.services.permission.actionProvider.getAll();
  const contentTypesActions = allActions.filter(a => a.section === 'contentTypes');

  const superAdminRole = await strapi.admin.services.role.create({
    name: 'Super Admin',
    code: 'strapi-super-admin',
    description: 'Super Admins can access and manage all features and settings.',
  });

  await strapi.admin.services.user.assignARoleToAll(superAdminRole.id);

  const editorRole = await strapi.admin.services.role.create({
    name: 'Editor',
    code: 'strapi-editor',
    description: 'Editors can manage and publish contents including those of other users.',
  });

  const authorRole = await strapi.admin.services.role.create({
    name: 'Author',
    code: 'strapi-author',
    description: 'Authors can manage and publish the content they created.',
  });

  const editorPermissions = strapi.admin.services['content-type'].getPermissionsWithNestedFields(
    contentTypesActions
  );

  const authorPermissions = editorPermissions.map(p => ({
    ...p,
    conditions: ['admin::is-creator'],
  }));

  editorPermissions.push(...defaultPluginPermissions);
  authorPermissions.push(...defaultPluginPermissions);

  await strapi.admin.services.permission.assign(editorRole.id, editorPermissions);
  await strapi.admin.services.permission.assign(authorRole.id, authorPermissions);
};

const displayWarningIfNoSuperAdmin = async () => {
  const superAdminRole = await strapi.admin.services.role.getSuperAdminWithUsersCount();
  const someUsersExists = await strapi.admin.services.user.exists();
  if (!superAdminRole) {
    return strapi.log.warn("Your application doesn't have a super admin role.");
  } else if (someUsersExists && superAdminRole.usersCount === 0) {
    return strapi.log.warn("Your application doesn't have a super admin user.");
  }
};

const displayWarningIfUsersDontHaveRole = async () => {
  const count = await strapi.admin.services.user.countUsersWithoutRole();

  if (count > 0) {
    strapi.log.warn(`Some users (${count}) don't have any role.`);
  }
};

const resetSuperAdminPermissions = async () => {
  const superAdminRole = await strapi.admin.services.role.getSuperAdmin();
  if (!superAdminRole) {
    return;
  }

  const allActions = strapi.admin.services.permission.actionProvider.getAll();
  const contentTypesActions = allActions.filter(a => a.section === 'contentTypes');

  const permissions = strapi.admin.services['content-type'].getPermissionsWithNestedFields(
    contentTypesActions,
    1
  );

  const otherActions = allActions.filter(a => a.section !== 'contentTypes');
  otherActions.forEach(action => {
    if (action.subjects) {
      const newPerms = action.subjects.map(subject =>
        createPermission({ action: action.actionId, subject })
      );
      permissions.push(...newPerms);
    } else {
      permissions.push(createPermission({ action: action.actionId }));
    }
  });

  await strapi.admin.services.permission.assign(superAdminRole.id, permissions);
};

module.exports = async () => {
  registerAdminConditions();
  registerPermissionActions();
  await strapi.admin.services.permission.cleanPermissionInDatabase();
  await createRolesIfNeeded();
  await resetSuperAdminPermissions();
  await displayWarningIfNoSuperAdmin();
  await displayWarningIfUsersDontHaveRole();
};
add use strict Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-09 11:48:49 +02:00			`'use strict';`

rename permissions to actions, inverted params of provider.get, separated formatter, add possibility to not specigy pluginName for ::application Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 11:01:20 +02:00			`const adminActions = require('../admin-actions');`
fourth refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-22 13:00:21 +02:00			`const { createPermission } = require('../../domain/permission');`
add permission registry provider Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-02 17:59:57 +02:00
clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`const registerPermissionActions = () => {`
Add Condition Provider & Permissions Engine 2020-06-09 19:00:57 +02:00			`const { actionProvider } = strapi.admin.services.permission;`
rename permissions to actions, inverted params of provider.get, separated formatter, add possibility to not specigy pluginName for ::application Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 11:01:20 +02:00			`actionProvider.register(adminActions.actions);`
add permission registry provider Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-02 17:59:57 +02:00			`};`
clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`const registerAdminConditions = () => {`
			`const { conditionProvider } = strapi.admin.services.permission;`

			`conditionProvider.register({`
			`displayName: 'Is Creator',`
			`name: 'is-creator',`
			`plugin: 'admin',`
			`handler: user => ({ 'created_by.id': user.id }),`
			`});`
			`};`

			`const createRolesIfNeeded = async () => {`
			`const someRolesExist = await strapi.admin.services.role.exists();`
			`if (someRolesExist) {`
			`return;`
			`}`

add upload permissions to default roles + second refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 18:10:12 +02:00			`const defaultPluginPermissions = [`
			`{`
			`action: 'plugins::upload.settings.read',`
			`},`
			`{`
			`action: 'plugins::upload.assets.create',`
			`},`
			`{`
			`action: 'plugins::upload.assets.update',`
			`conditions: ['admin::is-creator'],`
			`},`
			`{`
			`action: 'plugins::upload.assets.download',`
			`},`
			`{`
			`action: 'plugins::upload.assets.copy-link',`
			`},`
			`];`

prevent modification and delete of super admin role Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-15 11:54:44 +02:00			`const allActions = strapi.admin.services.permission.actionProvider.getAll();`
create admin permissions at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-16 13:51:34 +02:00			`const contentTypesActions = allActions.filter(a => a.section === 'contentTypes');`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00
third refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-19 18:54:37 +02:00			`const superAdminRole = await strapi.admin.services.role.create({`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`name: 'Super Admin',`
			`code: 'strapi-super-admin',`
			`description: 'Super Admins can access and manage all features and settings.',`
Add displayName Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-06-18 11:19:27 +02:00			`});`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00
third refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-19 18:54:37 +02:00			`await strapi.admin.services.user.assignARoleToAll(superAdminRole.id);`

create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`const editorRole = await strapi.admin.services.role.create({`
			`name: 'Editor',`
			`code: 'strapi-editor',`
			`description: 'Editors can manage and publish contents including those of other users.',`
			`});`

			`const authorRole = await strapi.admin.services.role.create({`
			`name: 'Author',`
			`code: 'strapi-author',`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`description: 'Authors can manage and publish the content they created.',`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`});`

fifth refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-23 16:31:16 +02:00			`const editorPermissions = strapi.admin.services['content-type'].getPermissionsWithNestedFields(`
			`contentTypesActions`
			`);`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00
add upload permissions to default roles + second refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 18:10:12 +02:00			`const authorPermissions = editorPermissions.map(p => ({`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`...p,`
use new condition format Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 15:34:09 +02:00			`conditions: ['admin::is-creator'],`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`}));`
add conditions logic for author/editor Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-15 19:11:36 +02:00
add upload permissions to default roles + second refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 18:10:12 +02:00			`editorPermissions.push(...defaultPluginPermissions);`
			`authorPermissions.push(...defaultPluginPermissions);`

create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`await strapi.admin.services.permission.assign(editorRole.id, editorPermissions);`
add conditions logic for author/editor Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-15 19:11:36 +02:00			`await strapi.admin.services.permission.assign(authorRole.id, authorPermissions);`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`};`

			`const displayWarningIfNoSuperAdmin = async () => {`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`const superAdminRole = await strapi.admin.services.role.getSuperAdminWithUsersCount();`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`const someUsersExists = await strapi.admin.services.user.exists();`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`if (!superAdminRole) {`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`return strapi.log.warn("Your application doesn't have a super admin role.");`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`} else if (someUsersExists && superAdminRole.usersCount === 0) {`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`return strapi.log.warn("Your application doesn't have a super admin user.");`
			`}`
			`};`

			`const displayWarningIfUsersDontHaveRole = async () => {`
			`const count = await strapi.admin.services.user.countUsersWithoutRole();`

			`if (count > 0) {`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			strapi.log.warn(`Some users (${count}) don't have any role.`);
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`}`
Fix pr comments Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-16 11:13:01 +02:00			`};`

create admin permissions at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-16 13:51:34 +02:00			`const resetSuperAdminPermissions = async () => {`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`const superAdminRole = await strapi.admin.services.role.getSuperAdmin();`
			`if (!superAdminRole) {`
create admin permissions at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-16 13:51:34 +02:00			`return;`
			`}`

			`const allActions = strapi.admin.services.permission.actionProvider.getAll();`
			`const contentTypesActions = allActions.filter(a => a.section === 'contentTypes');`

fifth refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-23 16:31:16 +02:00			`const permissions = strapi.admin.services['content-type'].getPermissionsWithNestedFields(`
			`contentTypesActions,`
			`1`
			`);`
create admin permissions at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-16 13:51:34 +02:00
			`const otherActions = allActions.filter(a => a.section !== 'contentTypes');`
			`otherActions.forEach(action => {`
			`if (action.subjects) {`
fourth refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-22 13:00:21 +02:00			`const newPerms = action.subjects.map(subject =>`
			`createPermission({ action: action.actionId, subject })`
			`);`
create admin permissions at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-16 13:51:34 +02:00			`permissions.push(...newPerms);`
			`} else {`
fourth refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-22 13:00:21 +02:00			`permissions.push(createPermission({ action: action.actionId }));`
create admin permissions at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-16 13:51:34 +02:00			`}`
			`});`

first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`await strapi.admin.services.permission.assign(superAdminRole.id, permissions);`
create admin permissions at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-16 13:51:34 +02:00			`};`

clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`module.exports = async () => {`
Fix pr comments Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-16 11:13:01 +02:00			`registerAdminConditions();`
clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`registerPermissionActions();`
fifth refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-23 16:31:16 +02:00			`await strapi.admin.services.permission.cleanPermissionInDatabase();`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`await createRolesIfNeeded();`
create admin permissions at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-16 13:51:34 +02:00			`await resetSuperAdminPermissions();`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`await displayWarningIfNoSuperAdmin();`
			`await displayWarningIfUsersDontHaveRole();`
clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`};`