strapi/packages/strapi-admin/config/functions/bootstrap.js

'use strict';

const _ = require('lodash');
const adminActions = require('../admin-actions');

const registerPermissionActions = () => {
  const { actionProvider } = strapi.admin.services.permission;
  actionProvider.register(adminActions.actions);
};

const registerAdminConditions = () => {
  const { conditionProvider } = strapi.admin.services.permission;

  conditionProvider.register({
    displayName: 'Is Creator',
    name: 'is-creator',
    plugin: 'admin',
    handler: user => ({ 'created_by.id': user.id }),
  });
};

const cleanPermissionInDatabase = async () => {
  const { actionProvider } = strapi.admin.services.permission;
  const dbPermissions = await strapi.admin.services.permission.find();
  const allActionsMap = actionProvider.getAllByMap();
  const permissionsToRemoveIds = [];

  dbPermissions.forEach(perm => {
    if (
      !allActionsMap.has(perm.action) ||
      (allActionsMap.get(perm.action).section === 'contentTypes' &&
        !allActionsMap.get(perm.action).subjects.includes(perm.subject))
    ) {
      permissionsToRemoveIds.push(perm.id);
    }
  });

  await strapi.admin.services.permission.deleteByIds(permissionsToRemoveIds);
};

const getNestedFields = (attributes, fieldPath = '', nestingLevel = 3) => {
  if (nestingLevel === 0) {
    return fieldPath ? [fieldPath] : [];
  }

  const fields = [];
  _.forIn(attributes, (attribute, attributeName) => {
    const newFieldPath = fieldPath ? `${fieldPath}.${attributeName}` : attributeName;

    if (attribute.type === 'component') {
      const component = strapi.components[attribute.component];
      const componentFields = getNestedFields(component.attributes, newFieldPath, nestingLevel - 1);
      fields.push(...componentFields);
    } else {
      fields.push(newFieldPath);
    }
  });

  return fields;
};

const createRolesIfNeeded = async () => {
  const someRolesExist = await strapi.admin.services.role.exists();
  if (someRolesExist) {
    return;
  }

  const defaultActionsIds = [
    'plugins::content-manager.read',
    'plugins::content-manager.create',
    'plugins::content-manager.update',
    'plugins::content-manager.delete',
  ];
  const allActions = strapi.admin.services.permission.actionProvider.getAll();
  const contentTypesActions = allActions.filter(a => defaultActionsIds.includes(a.actionId));

  await strapi.admin.services.role.create({
    name: 'Super Admin',
    code: 'strapi-super-admin',
    description: 'Super Admins can access and manage all features and settings.',
  });

  const editorRole = await strapi.admin.services.role.create({
    name: 'Editor',
    code: 'strapi-editor',
    description: 'Editors can manage and publish contents including those of other users.',
  });

  const authorRole = await strapi.admin.services.role.create({
    name: 'Author',
    code: 'strapi-author',
    description: 'Authors can manage and publish their own content.',
  });

  const editorPermissions = [];
  contentTypesActions.forEach(action => {
    _.forIn(strapi.contentTypes, contentType => {
      if (action.subjects.includes(contentType.uid)) {
        const fields = getNestedFields(contentType.attributes);
        editorPermissions.push({
          action: action.actionId,
          subject: contentType.uid,
          fields,
        });
      }
    });
  });

  const authorPermissions = _.cloneDeep(editorPermissions);
  authorPermissions.forEach(p => (p.conditions = ['isOwner']));

  await strapi.admin.services.permission.assign(editorRole.id, editorPermissions);
  await strapi.admin.services.permission.assign(authorRole.id, authorPermissions);
};

const displayWarningIfNoSuperAdmin = async () => {
  const adminRole = await strapi.admin.services.role.getAdminWithUsersCount();
  const someUsersExists = await strapi.admin.services.user.exists();
  if (!adminRole) {
    return strapi.log.warn("Your application doesn't have a super admin role.");
  } else if (someUsersExists && adminRole.usersCount === 0) {
    return strapi.log.warn("Your application doesn't have a super admin user.");
  }
};

const displayWarningIfUsersDontHaveRole = async () => {
  const count = await strapi.admin.services.user.countUsersWithoutRole();

  if (count > 0) {
    strapi.log.warn(`You have ${count} user${count === 1 ? '' : 's'} without any role.`);
  }
};

module.exports = async () => {
  registerAdminConditions();
  registerPermissionActions();
  await cleanPermissionInDatabase();
  await createRolesIfNeeded();
  await displayWarningIfNoSuperAdmin();
  await displayWarningIfUsersDontHaveRole();
};
add use strict Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-09 11:48:49 +02:00			`'use strict';`

create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`const _ = require('lodash');`
rename permissions to actions, inverted params of provider.get, separated formatter, add possibility to not specigy pluginName for ::application Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 11:01:20 +02:00			`const adminActions = require('../admin-actions');`
add permission registry provider Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-02 17:59:57 +02:00
clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`const registerPermissionActions = () => {`
Add Condition Provider & Permissions Engine 2020-06-09 19:00:57 +02:00			`const { actionProvider } = strapi.admin.services.permission;`
rename permissions to actions, inverted params of provider.get, separated formatter, add possibility to not specigy pluginName for ::application Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 11:01:20 +02:00			`actionProvider.register(adminActions.actions);`
add permission registry provider Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-02 17:59:57 +02:00			`};`
clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`const registerAdminConditions = () => {`
			`const { conditionProvider } = strapi.admin.services.permission;`

			`conditionProvider.register({`
			`displayName: 'Is Creator',`
			`name: 'is-creator',`
			`plugin: 'admin',`
			`handler: user => ({ 'created_by.id': user.id }),`
			`});`
			`};`

clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`const cleanPermissionInDatabase = async () => {`
Add /admin/users/me/permissions route (+ findUserPermissions & sanitizePermission) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-11 10:54:26 +02:00			`const { actionProvider } = strapi.admin.services.permission;`
clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`const dbPermissions = await strapi.admin.services.permission.find();`
			`const allActionsMap = actionProvider.getAllByMap();`
			`const permissionsToRemoveIds = [];`

			`dbPermissions.forEach(perm => {`
			`if (`
			`!allActionsMap.has(perm.action) \|\|`
			`(allActionsMap.get(perm.action).section === 'contentTypes' &&`
			`!allActionsMap.get(perm.action).subjects.includes(perm.subject))`
			`) {`
			`permissionsToRemoveIds.push(perm.id);`
			`}`
			`});`

			`await strapi.admin.services.permission.deleteByIds(permissionsToRemoveIds);`
			`};`

create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`const getNestedFields = (attributes, fieldPath = '', nestingLevel = 3) => {`
			`if (nestingLevel === 0) {`
			`return fieldPath ? [fieldPath] : [];`
			`}`
Fix pr comments Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-16 11:13:01 +02:00
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`const fields = [];`
			`_.forIn(attributes, (attribute, attributeName) => {`
			const newFieldPath = fieldPath ? `${fieldPath}.${attributeName}` : attributeName;

			`if (attribute.type === 'component') {`
			`const component = strapi.components[attribute.component];`
			`const componentFields = getNestedFields(component.attributes, newFieldPath, nestingLevel - 1);`
			`fields.push(...componentFields);`
			`} else {`
			`fields.push(newFieldPath);`
			`}`
			`});`

			`return fields;`
			`};`

			`const createRolesIfNeeded = async () => {`
			`const someRolesExist = await strapi.admin.services.role.exists();`
			`if (someRolesExist) {`
			`return;`
			`}`

			`const defaultActionsIds = [`
			`'plugins::content-manager.read',`
			`'plugins::content-manager.create',`
			`'plugins::content-manager.update',`
			`'plugins::content-manager.delete',`
			`];`
prevent modification and delete of super admin role Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-15 11:54:44 +02:00			`const allActions = strapi.admin.services.permission.actionProvider.getAll();`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`const contentTypesActions = allActions.filter(a => defaultActionsIds.includes(a.actionId));`

			`await strapi.admin.services.role.create({`
			`name: 'Super Admin',`
			`code: 'strapi-super-admin',`
			`description: 'Super Admins can access and manage all features and settings.',`
Add displayName Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-06-18 11:19:27 +02:00			`});`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00
			`const editorRole = await strapi.admin.services.role.create({`
			`name: 'Editor',`
			`code: 'strapi-editor',`
			`description: 'Editors can manage and publish contents including those of other users.',`
			`});`

			`const authorRole = await strapi.admin.services.role.create({`
			`name: 'Author',`
			`code: 'strapi-author',`
			`description: 'Authors can manage and publish their own content.',`
			`});`

			`const editorPermissions = [];`
			`contentTypesActions.forEach(action => {`
			`_.forIn(strapi.contentTypes, contentType => {`
			`if (action.subjects.includes(contentType.uid)) {`
			`const fields = getNestedFields(contentType.attributes);`
			`editorPermissions.push({`
			`action: action.actionId,`
			`subject: contentType.uid,`
			`fields,`
			`});`
			`}`
			`});`
			`});`

add conditions logic for author/editor Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-15 19:11:36 +02:00			`const authorPermissions = _.cloneDeep(editorPermissions);`
			`authorPermissions.forEach(p => (p.conditions = ['isOwner']));`

create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`await strapi.admin.services.permission.assign(editorRole.id, editorPermissions);`
add conditions logic for author/editor Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-15 19:11:36 +02:00			`await strapi.admin.services.permission.assign(authorRole.id, authorPermissions);`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`};`

			`const displayWarningIfNoSuperAdmin = async () => {`
			`const adminRole = await strapi.admin.services.role.getAdminWithUsersCount();`
			`const someUsersExists = await strapi.admin.services.user.exists();`
			`if (!adminRole) {`
			`return strapi.log.warn("Your application doesn't have a super admin role.");`
			`} else if (someUsersExists && adminRole.usersCount === 0) {`
			`return strapi.log.warn("Your application doesn't have a super admin user.");`
			`}`
			`};`

			`const displayWarningIfUsersDontHaveRole = async () => {`
			`const count = await strapi.admin.services.user.countUsersWithoutRole();`

			`if (count > 0) {`
			strapi.log.warn(`You have ${count} user${count === 1 ? '' : 's'} without any role.`);
			`}`
Fix pr comments Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-16 11:13:01 +02:00			`};`

clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`module.exports = async () => {`
Fix pr comments Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-16 11:13:01 +02:00			`registerAdminConditions();`
clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`registerPermissionActions();`
			`await cleanPermissionInDatabase();`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`await createRolesIfNeeded();`
			`await displayWarningIfNoSuperAdmin();`
			`await displayWarningIfUsersDontHaveRole();`
clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`};`