strapi/packages/strapi-admin/config/policies/hasPermissions.js

'use strict';

const { validateHasPermissionsInput } = require('../../validation/policies/hasPermissions');

module.exports = permissions => {
  try {
    validateHasPermissionsInput(permissions);
  } catch {
    throw new Error('Invalid objects submitted to admin::hasPermissions policy.');
  }

  return (ctx, next) => {
    const { userAbility: ability } = ctx.state;

    const isAuthorized = permissions.every(({ action, subject }) => ability.can(action, subject));

    if (!isAuthorized) {
      throw strapi.errors.forbidden();
    }

    return next();
  };
};
Rework policies resolving (allow policy generators) / Add hasPermissions policy Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-18 11:41:12 +02:00			`'use strict';`

			`const { validateHasPermissionsInput } = require('../../validation/policies/hasPermissions');`

			`module.exports = permissions => {`
			`try {`
			`validateHasPermissionsInput(permissions);`
			`} catch {`
			`throw new Error('Invalid objects submitted to admin::hasPermissions policy.');`
			`}`

Removes useless async from hasPermissions ability Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-18 11:45:25 +02:00			`return (ctx, next) => {`
Rework policies resolving (allow policy generators) / Add hasPermissions policy Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-18 11:41:12 +02:00			`const { userAbility: ability } = ctx.state;`

			`const isAuthorized = permissions.every(({ action, subject }) => ability.can(action, subject));`

			`if (!isAuthorized) {`
			`throw strapi.errors.forbidden();`
			`}`

			`return next();`
			`};`
			`};`