2020-06-18 11:41:12 +02:00
|
|
|
'use strict';
|
|
|
|
|
|
2020-06-19 15:02:10 +02:00
|
|
|
const _ = require('lodash');
|
|
|
|
|
const {
|
|
|
|
|
policy: { createPolicyFactory },
|
|
|
|
|
} = require('strapi-utils');
|
2020-06-18 11:41:12 +02:00
|
|
|
const { validateHasPermissionsInput } = require('../../validation/policies/hasPermissions');
|
|
|
|
|
|
2020-06-19 15:02:10 +02:00
|
|
|
const inputModifiers = [
|
|
|
|
|
{
|
|
|
|
|
check: _.isString,
|
|
|
|
|
transform: action => ({ action }),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
check: _.isArray,
|
|
|
|
|
transform: arr => ({ action: arr[0], subject: arr[1] }),
|
|
|
|
|
},
|
|
|
|
|
{
|
2020-07-02 19:39:18 +02:00
|
|
|
// Has to be after the isArray check since _.isObject also matches arrays
|
2020-06-19 15:02:10 +02:00
|
|
|
check: _.isObject,
|
|
|
|
|
transform: perm => perm,
|
|
|
|
|
},
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
module.exports = createPolicyFactory(
|
|
|
|
|
input => {
|
|
|
|
|
const permissions = input.map(val =>
|
|
|
|
|
inputModifiers.find(modifier => modifier.check(val)).transform(val)
|
|
|
|
|
);
|
2020-06-18 11:41:12 +02:00
|
|
|
|
2020-06-19 15:02:10 +02:00
|
|
|
return (ctx, next) => {
|
2020-07-02 15:58:12 +02:00
|
|
|
const { userAbility: ability, isAuthenticatedAdmin } = ctx.state;
|
|
|
|
|
|
|
|
|
|
if (!isAuthenticatedAdmin || !ability) {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
2020-06-18 11:41:12 +02:00
|
|
|
|
2020-06-19 15:02:10 +02:00
|
|
|
const isAuthorized = permissions.every(({ action, subject }) => ability.can(action, subject));
|
2020-06-18 11:41:12 +02:00
|
|
|
|
2020-06-19 15:02:10 +02:00
|
|
|
if (!isAuthorized) {
|
|
|
|
|
throw strapi.errors.forbidden();
|
|
|
|
|
}
|
2020-06-18 11:41:12 +02:00
|
|
|
|
2020-06-19 15:02:10 +02:00
|
|
|
return next();
|
|
|
|
|
};
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
validator: validateHasPermissionsInput,
|
|
|
|
|
name: 'admin::hasPermissions',
|
|
|
|
|
}
|
|
|
|
|
);
|
