strapi/packages/strapi-admin/services/permission/permissions-manager/index.js

'use strict';

const _ = require('lodash');
const { subject: asSubject } = require('@casl/ability');
const { permittedFieldsOf } = require('@casl/ability/extra');
const {
  sanitizeEntity,
  contentTypes: { constants },
} = require('strapi-utils');
const { buildStrapiQuery, buildCaslQuery } = require('./query-builers');

module.exports = ({ ability, action, model }) => ({
  ability,
  action,
  model,

  get query() {
    return buildStrapiQuery(buildCaslQuery(ability, action, model));
  },

  get isAllowed() {
    return this.ability.can(action, model);
  },

  toSubject(target, subjectType = model) {
    return asSubject(subjectType, target);
  },

  pickPermittedFieldsOf(data, options = {}) {
    return this.sanitize(data, { ...options, isOutput: false });
  },

  queryFrom(query) {
    return {
      ...query,
      _where: query._where ? _.concat(this.query, query._where) : [this.query],
    };
  },

  sanitize(data, options = {}) {
    const {
      subject = this.toSubject(data),
      action: actionOverride = action,
      withPrivate = true,
      isOutput = true,
    } = options;

    if (_.isArray(data)) {
      return data.map(entity => this.sanitize(entity, { action, withPrivate, isOutput }));
    }

    const permittedFields = permittedFieldsOf(ability, actionOverride, subject);
    const hasAtLeastOneRegisteredField = _.some(
      _.flatMap(ability.rulesFor(actionOverride, subject), 'fields')
    );
    const shouldIncludeAllFields = _.isEmpty(permittedFields) && !hasAtLeastOneRegisteredField;

    const sanitizedEntity = sanitizeEntity(data, {
      model: strapi.getModel(model),
      includeFields: shouldIncludeAllFields ? null : permittedFields,
      withPrivate,
      isOutput,
    });

    return _.omit(sanitizedEntity, [
      `${constants.CREATED_BY_ATTRIBUTE}.roles`,
      `${constants.UPDATED_BY_ATTRIBUTE}.roles`,
    ]);
  },
});
Add tests for strapi-admin/services (especially on /permissions/). Some bug fixes on the permissions-manager Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-16 11:39:35 +02:00			`'use strict';`

			`const _ = require('lodash');`
			`const { subject: asSubject } = require('@casl/ability');`
			`const { permittedFieldsOf } = require('@casl/ability/extra');`
Fix "has same role as author" condition not working properly (#8202) * Fix "has same role as author" condition not working properly Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Use creators constants Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Add e2e test for default conditions, fix conditions on mongoose Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> * Fix tests in CE Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-10-08 19:50:39 +02:00			`const {`
			`sanitizeEntity,`
			`contentTypes: { constants },`
			`} = require('strapi-utils');`
Add tests for strapi-admin/services (especially on /permissions/). Some bug fixes on the permissions-manager Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-16 11:39:35 +02:00			`const { buildStrapiQuery, buildCaslQuery } = require('./query-builers');`

Refactoring Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-11-02 19:39:48 +01:00			`module.exports = ({ ability, action, model }) => ({`
			`ability,`
			`action,`
			`model,`
init coll-type Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-10-28 18:47:14 +01:00
Refactoring Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-11-02 19:39:48 +01:00			`get query() {`
			`return buildStrapiQuery(buildCaslQuery(ability, action, model));`
			`},`
init coll-type Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-10-28 18:47:14 +01:00
Refactoring Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-11-02 19:39:48 +01:00			`get isAllowed() {`
			`return this.ability.can(action, model);`
			`},`
init coll-type Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-10-28 18:47:14 +01:00
Refactoring Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-11-02 19:39:48 +01:00			`toSubject(target, subjectType = model) {`
			`return asSubject(subjectType, target);`
			`},`
init coll-type Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-10-28 18:47:14 +01:00
Refactoring Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-11-02 19:39:48 +01:00			`pickPermittedFieldsOf(data, options = {}) {`
			`return this.sanitize(data, { ...options, isOutput: false });`
			`},`
init coll-type Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-10-28 18:47:14 +01:00
Refactoring Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-11-02 19:39:48 +01:00			`queryFrom(query) {`
			`return {`
			`...query,`
			`_where: query._where ? _.concat(this.query, query._where) : [this.query],`
			`};`
			`},`

			`sanitize(data, options = {}) {`
			`const {`
			`subject = this.toSubject(data),`
			`action: actionOverride = action,`
			`withPrivate = true,`
			`isOutput = true,`
			`} = options;`

			`if (_.isArray(data)) {`
			`return data.map(entity => this.sanitize(entity, { action, withPrivate, isOutput }));`
			`}`

			`const permittedFields = permittedFieldsOf(ability, actionOverride, subject);`
			`const hasAtLeastOneRegisteredField = _.some(`
			`_.flatMap(ability.rulesFor(actionOverride, subject), 'fields')`
			`);`
			`const shouldIncludeAllFields = _.isEmpty(permittedFields) && !hasAtLeastOneRegisteredField;`

			`const sanitizedEntity = sanitizeEntity(data, {`
			`model: strapi.getModel(model),`
			`includeFields: shouldIncludeAllFields ? null : permittedFields,`
			`withPrivate,`
			`isOutput,`
			`});`

			`return _.omit(sanitizedEntity, [`
			`${constants.CREATED_BY_ATTRIBUTE}.roles`,
			`${constants.UPDATED_BY_ATTRIBUTE}.roles`,
			`]);`
			`},`
			`});`