2020-05-28 11:29:59 +02:00
|
|
|
'use strict';
|
|
|
|
|
|
2020-06-09 17:45:53 +02:00
|
|
|
const _ = require('lodash');
|
2020-05-28 11:29:59 +02:00
|
|
|
const { yup, formatYupErrors } = require('strapi-utils');
|
2020-06-15 19:11:36 +02:00
|
|
|
const validators = require('./common-validators');
|
2020-05-28 11:29:59 +02:00
|
|
|
|
|
|
|
|
const handleReject = error => Promise.reject(formatYupErrors(error));
|
|
|
|
|
|
2020-06-10 15:42:32 +02:00
|
|
|
// validatedUpdatePermissionsInput
|
2020-06-09 17:45:53 +02:00
|
|
|
|
2020-06-15 19:11:36 +02:00
|
|
|
const BOUND_ACTIONS = [
|
2020-06-18 11:53:35 +02:00
|
|
|
'plugins::content-manager.explorer.read',
|
|
|
|
|
'plugins::content-manager.explorer.create',
|
|
|
|
|
'plugins::content-manager.explorer.update',
|
|
|
|
|
'plugins::content-manager.explorer.delete',
|
2020-06-09 17:45:53 +02:00
|
|
|
];
|
|
|
|
|
|
2020-07-03 18:33:38 +02:00
|
|
|
const BOUND_ACTIONS_FOR_FIELDS = [
|
|
|
|
|
'plugins::content-manager.explorer.read',
|
|
|
|
|
'plugins::content-manager.explorer.create',
|
|
|
|
|
'plugins::content-manager.explorer.update',
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
const actionFieldsAreEqual = (a, b) => {
|
|
|
|
|
const aFields = a.fields || [];
|
|
|
|
|
const bFields = b.fields || [];
|
|
|
|
|
|
|
|
|
|
return _.isEqual(aFields.sort(), bFields.sort());
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const haveSameFieldsAsOtherActions = (a, i, allActions) =>
|
|
|
|
|
allActions.slice(i + 1).every(b => actionFieldsAreEqual(a, b));
|
|
|
|
|
|
2020-06-15 19:11:36 +02:00
|
|
|
const checkPermissionsAreBound = function(permissions) {
|
2020-07-03 12:28:57 +02:00
|
|
|
const permsBySubject = _.groupBy(
|
|
|
|
|
permissions.filter(perm => BOUND_ACTIONS.includes(perm.action)),
|
|
|
|
|
'subject'
|
|
|
|
|
);
|
2020-07-03 18:33:38 +02:00
|
|
|
|
|
|
|
|
for (const perms of Object.values(permsBySubject)) {
|
|
|
|
|
const missingActions =
|
|
|
|
|
_.xor(
|
|
|
|
|
perms.map(p => p.action),
|
|
|
|
|
BOUND_ACTIONS
|
|
|
|
|
).length !== 0;
|
|
|
|
|
if (missingActions) return false;
|
|
|
|
|
|
|
|
|
|
const permsBoundByFields = perms.filter(p => BOUND_ACTIONS_FOR_FIELDS.includes(p.action));
|
|
|
|
|
const everyActionsHaveSameFields = _.every(permsBoundByFields, haveSameFieldsAsOtherActions);
|
|
|
|
|
if (!everyActionsHaveSameFields) return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
2020-06-09 17:45:53 +02:00
|
|
|
};
|
|
|
|
|
|
2020-07-03 18:33:38 +02:00
|
|
|
const updatePermissionsSchemas = [
|
|
|
|
|
...validators.updatePermissionsValidators,
|
2020-06-15 19:11:36 +02:00
|
|
|
yup.object().shape({
|
2020-05-28 13:02:06 +02:00
|
|
|
permissions: yup
|
|
|
|
|
.array()
|
2020-06-09 17:45:53 +02:00
|
|
|
.test(
|
|
|
|
|
'are-bond',
|
|
|
|
|
'Read, Create, Update and Delete have to be defined all together for a subject field or not at all',
|
2020-06-15 19:11:36 +02:00
|
|
|
checkPermissionsAreBound
|
2020-06-09 17:45:53 +02:00
|
|
|
),
|
2020-06-15 19:11:36 +02:00
|
|
|
}),
|
|
|
|
|
];
|
2020-05-28 11:29:59 +02:00
|
|
|
|
2020-06-10 18:04:47 +02:00
|
|
|
const checkPermissionsSchema = yup.object().shape({
|
|
|
|
|
permissions: yup.array().of(
|
|
|
|
|
yup
|
|
|
|
|
.object()
|
|
|
|
|
.shape({
|
|
|
|
|
action: yup.string().required(),
|
|
|
|
|
subject: yup.string(),
|
|
|
|
|
field: yup.string(),
|
|
|
|
|
})
|
|
|
|
|
.noUnknown()
|
|
|
|
|
),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const validateCheckPermissionsInput = data => {
|
|
|
|
|
return checkPermissionsSchema
|
|
|
|
|
.validate(data, { strict: true, abortEarly: false })
|
|
|
|
|
.catch(handleReject);
|
|
|
|
|
};
|
|
|
|
|
|
2020-06-15 19:11:36 +02:00
|
|
|
const validatedUpdatePermissionsInput = async data => {
|
|
|
|
|
try {
|
2020-07-03 18:33:38 +02:00
|
|
|
for (const schema of updatePermissionsSchemas) {
|
2020-06-15 19:11:36 +02:00
|
|
|
await schema.validate(data, { strict: true, abortEarly: false });
|
|
|
|
|
}
|
|
|
|
|
} catch (e) {
|
2020-06-18 18:10:12 +02:00
|
|
|
return handleReject(e);
|
2020-06-15 19:11:36 +02:00
|
|
|
}
|
2020-05-28 11:29:59 +02:00
|
|
|
};
|
|
|
|
|
|
2020-06-10 15:42:32 +02:00
|
|
|
// validatePermissionsExist
|
2020-06-09 17:45:53 +02:00
|
|
|
|
|
|
|
|
const checkPermissionsExist = function(permissions) {
|
2020-06-09 19:00:57 +02:00
|
|
|
const existingActions = strapi.admin.services.permission.actionProvider.getAll();
|
2020-06-09 17:45:53 +02:00
|
|
|
const failIndex = permissions.findIndex(
|
|
|
|
|
permission =>
|
2020-06-15 19:11:36 +02:00
|
|
|
!existingActions.some(
|
2020-06-09 17:45:53 +02:00
|
|
|
ea =>
|
|
|
|
|
ea.actionId === permission.action &&
|
2020-06-23 16:31:16 +02:00
|
|
|
(ea.section !== 'contentTypes' || ea.subjects.includes(permission.subject))
|
2020-06-09 17:45:53 +02:00
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
return failIndex === -1
|
|
|
|
|
? true
|
|
|
|
|
: this.createError({
|
|
|
|
|
path: 'permissions',
|
|
|
|
|
message: `[${failIndex}] is not an existing permission action`,
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const actionsExistSchema = yup
|
|
|
|
|
.array()
|
2020-06-15 19:11:36 +02:00
|
|
|
.of(
|
|
|
|
|
yup.object().shape({
|
2020-06-18 11:40:50 +02:00
|
|
|
conditions: validators.arrayOfConditionNames,
|
2020-06-15 19:11:36 +02:00
|
|
|
})
|
|
|
|
|
)
|
2020-06-09 17:45:53 +02:00
|
|
|
.test('actions-exist', '', checkPermissionsExist);
|
|
|
|
|
|
|
|
|
|
const validatePermissionsExist = data => {
|
|
|
|
|
return actionsExistSchema.validate(data, { strict: true, abortEarly: false }).catch(handleReject);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// exports
|
|
|
|
|
|
2020-05-28 11:29:59 +02:00
|
|
|
module.exports = {
|
|
|
|
|
validatedUpdatePermissionsInput,
|
2020-06-09 17:45:53 +02:00
|
|
|
validatePermissionsExist,
|
2020-06-10 18:04:47 +02:00
|
|
|
validateCheckPermissionsInput,
|
2020-05-28 11:29:59 +02:00
|
|
|
};
|
