2020-06-18 11:41:12 +02:00
|
|
|
'use strict';
|
|
|
|
|
|
2020-06-19 15:02:10 +02:00
|
|
|
const _ = require('lodash');
|
2021-11-05 12:19:49 +01:00
|
|
|
const { createPolicy } = require('@strapi/utils').policy;
|
2021-08-25 15:16:17 +02:00
|
|
|
const { validateHasPermissionsInput } = require('../validation/policies/hasPermissions');
|
2020-06-18 11:41:12 +02:00
|
|
|
|
2020-06-19 15:02:10 +02:00
|
|
|
const inputModifiers = [
|
|
|
|
|
{
|
|
|
|
|
check: _.isString,
|
|
|
|
|
transform: action => ({ action }),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
check: _.isArray,
|
|
|
|
|
transform: arr => ({ action: arr[0], subject: arr[1] }),
|
|
|
|
|
},
|
|
|
|
|
{
|
2020-07-02 19:39:18 +02:00
|
|
|
// Has to be after the isArray check since _.isObject also matches arrays
|
2020-06-19 15:02:10 +02:00
|
|
|
check: _.isObject,
|
|
|
|
|
transform: perm => perm,
|
|
|
|
|
},
|
|
|
|
|
];
|
|
|
|
|
|
2021-11-05 12:19:49 +01:00
|
|
|
module.exports = createPolicy({
|
|
|
|
|
name: 'admin::hasPermissions',
|
|
|
|
|
validator: validateHasPermissionsInput,
|
|
|
|
|
handler(ctx, config) {
|
2021-10-04 18:16:28 +02:00
|
|
|
const { actions } = config;
|
2021-11-09 18:38:20 +01:00
|
|
|
const { userAbility: ability } = ctx.state;
|
2021-08-24 13:59:43 +02:00
|
|
|
|
|
|
|
|
const permissions = actions.map(action =>
|
|
|
|
|
inputModifiers.find(modifier => modifier.check(action)).transform(action)
|
2020-06-19 15:02:10 +02:00
|
|
|
);
|
2020-06-18 11:41:12 +02:00
|
|
|
|
2021-11-05 12:19:49 +01:00
|
|
|
const isAuthorized = permissions.every(({ action, subject }) => ability.can(action, subject));
|
2020-06-18 11:41:12 +02:00
|
|
|
|
2021-11-05 12:19:49 +01:00
|
|
|
return isAuthorized;
|
2020-06-19 15:02:10 +02:00
|
|
|
},
|
2021-11-05 12:19:49 +01:00
|
|
|
});
|
