strapi/packages/strapi-admin/config/functions/bootstrap.js

'use strict';

const _ = require('lodash');
const adminActions = require('../admin-actions');

const registerPermissionActions = () => {
  const { actionProvider } = strapi.admin.services.permission;
  actionProvider.register(adminActions.actions);
};

const registerAdminConditions = () => {
  const { conditionProvider } = strapi.admin.services.permission;

  conditionProvider.register({
    displayName: 'Is Creator',
    name: 'is-creator',
    plugin: 'admin',
    handler: user => ({ 'created_by.id': user.id }),
  });
};

const cleanPermissionInDatabase = async () => {
  const { actionProvider } = strapi.admin.services.permission;
  const dbPermissions = await strapi.admin.services.permission.find();
  const allActionsMap = actionProvider.getAllByMap();
  const permissionsToRemoveIds = [];

  dbPermissions.forEach(perm => {
    if (
      !allActionsMap.has(perm.action) ||
      (allActionsMap.get(perm.action).section === 'contentTypes' &&
        !allActionsMap.get(perm.action).subjects.includes(perm.subject))
    ) {
      permissionsToRemoveIds.push(perm.id);
    }
  });

  await strapi.admin.services.permission.deleteByIds(permissionsToRemoveIds);
};

const getNestedFields = (attributes, fieldPath = '', nestingLevel = 3) => {
  if (nestingLevel === 0) {
    return fieldPath ? [fieldPath] : [];
  }

  const fields = [];
  _.forIn(attributes, (attribute, attributeName) => {
    const newFieldPath = fieldPath ? `${fieldPath}.${attributeName}` : attributeName;

    if (attribute.type === 'component') {
      const component = strapi.components[attribute.component];
      const componentFields = getNestedFields(component.attributes, newFieldPath, nestingLevel - 1);
      fields.push(...componentFields);
    } else {
      fields.push(newFieldPath);
    }
  });

  return fields;
};

const createRolesIfNeeded = async () => {
  const someRolesExist = await strapi.admin.services.role.exists();
  if (someRolesExist) {
    return;
  }

  const defaultPluginPermissions = [
    {
      action: 'plugins::upload.settings.read',
    },
    {
      action: 'plugins::upload.assets.create',
    },
    {
      action: 'plugins::upload.assets.update',
      conditions: ['admin::is-creator'],
    },
    {
      action: 'plugins::upload.assets.download',
    },
    {
      action: 'plugins::upload.assets.copy-link',
    },
  ];

  const allActions = strapi.admin.services.permission.actionProvider.getAll();
  const contentTypesActions = allActions.filter(a => a.section === 'contentTypes');

  await strapi.admin.services.role.create({
    name: 'Super Admin',
    code: 'strapi-super-admin',
    description: 'Super Admins can access and manage all features and settings.',
  });

  const editorRole = await strapi.admin.services.role.create({
    name: 'Editor',
    code: 'strapi-editor',
    description: 'Editors can manage and publish contents including those of other users.',
  });

  const authorRole = await strapi.admin.services.role.create({
    name: 'Author',
    code: 'strapi-author',
    description: 'Authors can manage and publish the content they created.',
  });

  const editorPermissions = [];
  contentTypesActions.forEach(action => {
    _.forIn(strapi.contentTypes, contentType => {
      if (action.subjects.includes(contentType.uid)) {
        const fields = getNestedFields(contentType.attributes);
        editorPermissions.push({
          action: action.actionId,
          subject: contentType.uid,
          fields,
        });
      }
    });
  });

  const authorPermissions = editorPermissions.map(p => ({
    ...p,
    conditions: ['admin::is-creator'],
  }));

  editorPermissions.push(...defaultPluginPermissions);
  authorPermissions.push(...defaultPluginPermissions);

  await strapi.admin.services.permission.assign(editorRole.id, editorPermissions);
  await strapi.admin.services.permission.assign(authorRole.id, authorPermissions);
};

const displayWarningIfNoSuperAdmin = async () => {
  const superAdminRole = await strapi.admin.services.role.getSuperAdminWithUsersCount();
  const someUsersExists = await strapi.admin.services.user.exists();
  if (!superAdminRole) {
    return strapi.log.warn("Your application doesn't have a super admin role.");
  } else if (someUsersExists && superAdminRole.usersCount === 0) {
    return strapi.log.warn("Your application doesn't have a super admin user.");
  }
};

const displayWarningIfUsersDontHaveRole = async () => {
  const count = await strapi.admin.services.user.countUsersWithoutRole();

  if (count > 0) {
    strapi.log.warn(`Some users (${count}) don't have any role.`);
  }
};

const resetSuperAdminPermissions = async () => {
  const superAdminRole = await strapi.admin.services.role.getSuperAdmin();
  if (!superAdminRole) {
    return;
  }

  const allActions = strapi.admin.services.permission.actionProvider.getAll();
  const contentTypesActions = allActions.filter(a => a.section === 'contentTypes');

  const permissions = [];
  contentTypesActions.forEach(action => {
    _.forIn(strapi.contentTypes, contentType => {
      if (action.subjects.includes(contentType.uid)) {
        const fields = getNestedFields(contentType.attributes, '', 1);
        permissions.push({
          action: action.actionId,
          subject: contentType.uid,
          fields,
        });
      }
    });
  });

  const otherActions = allActions.filter(a => a.section !== 'contentTypes');
  otherActions.forEach(action => {
    if (action.subjects) {
      const newPerms = action.subjects.map(subject => ({ action: action.actionId, subject }));
      permissions.push(...newPerms);
    } else {
      permissions.push({ action: action.actionId });
    }
  });

  await strapi.admin.services.permission.assign(superAdminRole.id, permissions);
};

module.exports = async () => {
  registerAdminConditions();
  registerPermissionActions();
  await cleanPermissionInDatabase();
  await createRolesIfNeeded();
  await resetSuperAdminPermissions();
  await displayWarningIfNoSuperAdmin();
  await displayWarningIfUsersDontHaveRole();
};
add use strict Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-09 11:48:49 +02:00			`'use strict';`

create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`const _ = require('lodash');`
rename permissions to actions, inverted params of provider.get, separated formatter, add possibility to not specigy pluginName for ::application Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 11:01:20 +02:00			`const adminActions = require('../admin-actions');`
add permission registry provider Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-02 17:59:57 +02:00
clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`const registerPermissionActions = () => {`
Add Condition Provider & Permissions Engine 2020-06-09 19:00:57 +02:00			`const { actionProvider } = strapi.admin.services.permission;`
rename permissions to actions, inverted params of provider.get, separated formatter, add possibility to not specigy pluginName for ::application Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 11:01:20 +02:00			`actionProvider.register(adminActions.actions);`
add permission registry provider Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-02 17:59:57 +02:00			`};`
clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`const registerAdminConditions = () => {`
			`const { conditionProvider } = strapi.admin.services.permission;`

			`conditionProvider.register({`
			`displayName: 'Is Creator',`
			`name: 'is-creator',`
			`plugin: 'admin',`
			`handler: user => ({ 'created_by.id': user.id }),`
			`});`
			`};`

clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`const cleanPermissionInDatabase = async () => {`
Add /admin/users/me/permissions route (+ findUserPermissions & sanitizePermission) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-11 10:54:26 +02:00			`const { actionProvider } = strapi.admin.services.permission;`
clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`const dbPermissions = await strapi.admin.services.permission.find();`
			`const allActionsMap = actionProvider.getAllByMap();`
			`const permissionsToRemoveIds = [];`

			`dbPermissions.forEach(perm => {`
			`if (`
			`!allActionsMap.has(perm.action) \|\|`
			`(allActionsMap.get(perm.action).section === 'contentTypes' &&`
			`!allActionsMap.get(perm.action).subjects.includes(perm.subject))`
			`) {`
			`permissionsToRemoveIds.push(perm.id);`
			`}`
			`});`

			`await strapi.admin.services.permission.deleteByIds(permissionsToRemoveIds);`
			`};`

create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`const getNestedFields = (attributes, fieldPath = '', nestingLevel = 3) => {`
			`if (nestingLevel === 0) {`
			`return fieldPath ? [fieldPath] : [];`
			`}`
Fix pr comments Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-16 11:13:01 +02:00
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`const fields = [];`
			`_.forIn(attributes, (attribute, attributeName) => {`
			const newFieldPath = fieldPath ? `${fieldPath}.${attributeName}` : attributeName;

			`if (attribute.type === 'component') {`
			`const component = strapi.components[attribute.component];`
			`const componentFields = getNestedFields(component.attributes, newFieldPath, nestingLevel - 1);`
			`fields.push(...componentFields);`
			`} else {`
			`fields.push(newFieldPath);`
			`}`
			`});`

			`return fields;`
			`};`

			`const createRolesIfNeeded = async () => {`
			`const someRolesExist = await strapi.admin.services.role.exists();`
			`if (someRolesExist) {`
			`return;`
			`}`

add upload permissions to default roles + second refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 18:10:12 +02:00			`const defaultPluginPermissions = [`
			`{`
			`action: 'plugins::upload.settings.read',`
			`},`
			`{`
			`action: 'plugins::upload.assets.create',`
			`},`
			`{`
			`action: 'plugins::upload.assets.update',`
			`conditions: ['admin::is-creator'],`
			`},`
			`{`
			`action: 'plugins::upload.assets.download',`
			`},`
			`{`
			`action: 'plugins::upload.assets.copy-link',`
			`},`
			`];`

prevent modification and delete of super admin role Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-15 11:54:44 +02:00			`const allActions = strapi.admin.services.permission.actionProvider.getAll();`
create admin permissions at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-16 13:51:34 +02:00			`const contentTypesActions = allActions.filter(a => a.section === 'contentTypes');`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00
			`await strapi.admin.services.role.create({`
			`name: 'Super Admin',`
			`code: 'strapi-super-admin',`
			`description: 'Super Admins can access and manage all features and settings.',`
Add displayName Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-06-18 11:19:27 +02:00			`});`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00
			`const editorRole = await strapi.admin.services.role.create({`
			`name: 'Editor',`
			`code: 'strapi-editor',`
			`description: 'Editors can manage and publish contents including those of other users.',`
			`});`

			`const authorRole = await strapi.admin.services.role.create({`
			`name: 'Author',`
			`code: 'strapi-author',`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`description: 'Authors can manage and publish the content they created.',`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`});`

			`const editorPermissions = [];`
			`contentTypesActions.forEach(action => {`
			`_.forIn(strapi.contentTypes, contentType => {`
			`if (action.subjects.includes(contentType.uid)) {`
			`const fields = getNestedFields(contentType.attributes);`
			`editorPermissions.push({`
			`action: action.actionId,`
			`subject: contentType.uid,`
			`fields,`
			`});`
			`}`
			`});`
			`});`

add upload permissions to default roles + second refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 18:10:12 +02:00			`const authorPermissions = editorPermissions.map(p => ({`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`...p,`
use new condition format Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 15:34:09 +02:00			`conditions: ['admin::is-creator'],`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`}));`
add conditions logic for author/editor Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-15 19:11:36 +02:00
add upload permissions to default roles + second refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 18:10:12 +02:00			`editorPermissions.push(...defaultPluginPermissions);`
			`authorPermissions.push(...defaultPluginPermissions);`

create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`await strapi.admin.services.permission.assign(editorRole.id, editorPermissions);`
add conditions logic for author/editor Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-15 19:11:36 +02:00			`await strapi.admin.services.permission.assign(authorRole.id, authorPermissions);`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`};`

			`const displayWarningIfNoSuperAdmin = async () => {`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`const superAdminRole = await strapi.admin.services.role.getSuperAdminWithUsersCount();`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`const someUsersExists = await strapi.admin.services.user.exists();`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`if (!superAdminRole) {`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`return strapi.log.warn("Your application doesn't have a super admin role.");`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`} else if (someUsersExists && superAdminRole.usersCount === 0) {`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`return strapi.log.warn("Your application doesn't have a super admin user.");`
			`}`
			`};`

			`const displayWarningIfUsersDontHaveRole = async () => {`
			`const count = await strapi.admin.services.user.countUsersWithoutRole();`

			`if (count > 0) {`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			strapi.log.warn(`Some users (${count}) don't have any role.`);
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`}`
Fix pr comments Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-16 11:13:01 +02:00			`};`

create admin permissions at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-16 13:51:34 +02:00			`const resetSuperAdminPermissions = async () => {`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`const superAdminRole = await strapi.admin.services.role.getSuperAdmin();`
			`if (!superAdminRole) {`
create admin permissions at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-16 13:51:34 +02:00			`return;`
			`}`

			`const allActions = strapi.admin.services.permission.actionProvider.getAll();`
			`const contentTypesActions = allActions.filter(a => a.section === 'contentTypes');`

			`const permissions = [];`
			`contentTypesActions.forEach(action => {`
			`_.forIn(strapi.contentTypes, contentType => {`
			`if (action.subjects.includes(contentType.uid)) {`
			`const fields = getNestedFields(contentType.attributes, '', 1);`
			`permissions.push({`
			`action: action.actionId,`
			`subject: contentType.uid,`
			`fields,`
			`});`
			`}`
			`});`
			`});`

			`const otherActions = allActions.filter(a => a.section !== 'contentTypes');`
			`otherActions.forEach(action => {`
			`if (action.subjects) {`
			`const newPerms = action.subjects.map(subject => ({ action: action.actionId, subject }));`
			`permissions.push(...newPerms);`
			`} else {`
			`permissions.push({ action: action.actionId });`
			`}`
			`});`

first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`await strapi.admin.services.permission.assign(superAdminRole.id, permissions);`
create admin permissions at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-16 13:51:34 +02:00			`};`

clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`module.exports = async () => {`
Fix pr comments Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-16 11:13:01 +02:00			`registerAdminConditions();`
clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`registerPermissionActions();`
			`await cleanPermissionInDatabase();`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`await createRolesIfNeeded();`
create admin permissions at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-16 13:51:34 +02:00			`await resetSuperAdminPermissions();`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`await displayWarningIfNoSuperAdmin();`
			`await displayWarningIfUsersDontHaveRole();`
clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`};`