strapi/packages/strapi-admin/services/permission.js

'use strict';

const { createPermission } = require('../domain/permission');

/**
 * Delete permissions of roles in database
 * @param params ids of roles
 * @returns {Promise<array>}
 */
const deleteByRolesIds = rolesIds => {
  return strapi.query('permission', 'admin').delete({ role_in: rolesIds });
};

/**
 * Find assigned permissions in the database
 * @param params query params to find the permissions
 * @returns {Promise<array<Object>>}
 */
const find = (params = {}) => {
  return strapi.query('permission', 'admin').find(params, []);
};

/**
 * Assign permissions to a role
 * @param {string|int} roleID - role ID
 * @param {Array<Permission{action,subject,fields,conditions}>} permissions - permissions to assign to the role
 */
const assign = async (roleID, permissions = []) => {
  const existingPermissions = strapi.admin.services['permission-provider'].getAll();
  for (let permission of permissions) {
    const permissionExists = existingPermissions.find(
      ep =>
        ep.permissionId === permission.action &&
        (ep.section !== 'contentTypes' || ep.subjects.includes(permission.subject))
    );
    if (!permissionExists) {
      throw strapi.errors.badRequest(
        `ValidationError', 'This permission doesn't exist: ${JSON.stringify(permission)}`
      );
    }
  }

  await strapi.query('permission', 'admin').delete({ role: roleID });

  const permissionsWithRole = permissions.map(permission => {
    return createPermission({ ...permission, role: roleID });
  });

  const newPermissions = [];
  for (const permission of permissionsWithRole) {
    const result = await strapi.query('permission', 'admin').create(permission);
    newPermissions.push(result);
  }

  return newPermissions;
};

module.exports = {
  find,
  deleteByRolesIds,
  assign,
};
refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-05-29 17:23:42 +02:00			`'use strict';`

Add domain model for permission Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-28 13:02:06 +02:00			`const { createPermission } = require('../domain/permission');`

refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-05-29 17:23:42 +02:00			`/**`
			`* Delete permissions of roles in database`
			`* @param params ids of roles`
			`* @returns {Promise<array>}`
			`*/`
add tests + make role decription optional + refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-05-29 11:09:17 +02:00			`const deleteByRolesIds = rolesIds => {`
			`return strapi.query('permission', 'admin').delete({ role_in: rolesIds });`
			`};`

Add assign permission Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-28 11:29:59 +02:00			`/**`
			`* Find assigned permissions in the database`
			`* @param params query params to find the permissions`
			`* @returns {Promise<array<Object>>}`
			`*/`
			`const find = (params = {}) => {`
			`return strapi.query('permission', 'admin').find(params, []);`
			`};`

			`/**`
Apply PR feedbacks Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-06-01 11:00:00 +02:00			`* Assign permissions to a role`
Add assign permission Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-28 11:29:59 +02:00			`* @param {string\|int} roleID - role ID`
			`* @param {Array<Permission{action,subject,fields,conditions}>} permissions - permissions to assign to the role`
			`*/`
			`const assign = async (roleID, permissions = []) => {`
refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-05 14:25:44 +02:00			`const existingPermissions = strapi.admin.services['permission-provider'].getAll();`
add route GET /admin/permissions Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-04 18:30:26 +02:00			`for (let permission of permissions) {`
			`const permissionExists = existingPermissions.find(`
			`ep =>`
			`ep.permissionId === permission.action &&`
			`(ep.section !== 'contentTypes' \|\| ep.subjects.includes(permission.subject))`
			`);`
			`if (!permissionExists) {`
			`throw strapi.errors.badRequest(`
			`ValidationError', 'This permission doesn't exist: ${JSON.stringify(permission)}`
			`);`
			`}`
			`}`
Add assign permission Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-28 11:29:59 +02:00
			`await strapi.query('permission', 'admin').delete({ role: roleID });`

Add domain model for permission Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-28 13:02:06 +02:00			`const permissionsWithRole = permissions.map(permission => {`
			`return createPermission({ ...permission, role: roleID });`
			`});`
Add assign permission Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-28 11:29:59 +02:00
			`const newPermissions = [];`
			`for (const permission of permissionsWithRole) {`
			`const result = await strapi.query('permission', 'admin').create(permission);`
			`newPermissions.push(result);`
			`}`

			`return newPermissions;`
			`};`

add tests + make role decription optional + refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-05-29 11:09:17 +02:00			`module.exports = {`
Add assign permission Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-28 11:29:59 +02:00			`find,`
add tests + make role decription optional + refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-05-29 11:09:17 +02:00			`deleteByRolesIds,`
Add assign permission Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-28 11:29:59 +02:00			`assign,`
add tests + make role decription optional + refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-05-29 11:09:17 +02:00			`};`