strapi/packages/strapi-admin/services/permission.js

'use strict';

const _ = require('lodash');
const { createPermission } = require('../domain/permission');
const actionProvider = require('./action-provider');
const { validatePermissionsExist } = require('../validation/permission');
const createConditionProvider = require('./permission/condition-provider');
const createPermissionEngine = require('./permission/engine');

const conditionProvider = createConditionProvider();
const engine = createPermissionEngine(conditionProvider);

/**
 * Delete permissions of roles in database
 * @param rolesIds ids of roles
 * @returns {Promise<array>}
 */
const deleteByRolesIds = rolesIds => {
  return strapi.query('permission', 'admin').delete({ role_in: rolesIds });
};

/**
 * Delete permissions
 * @param ids ids of permissions
 * @returns {Promise<array>}
 */
const deleteByIds = ids => {
  return strapi.query('permission', 'admin').delete({ id_in: ids });
};

/**
 * Find assigned permissions in the database
 * @param params query params to find the permissions
 * @returns {Promise<array<Object>>}
 */
const find = (params = {}) => {
  return strapi.query('permission', 'admin').find(params, []);
};

/**
 * Assign permissions to a role
 * @param {string|int} roleID - role ID
 * @param {Array<Permission{action,subject,fields,conditions}>} permissions - permissions to assign to the role
 */
const assign = async (roleID, permissions = []) => {
  try {
    await validatePermissionsExist(permissions);
  } catch (err) {
    throw strapi.errors.badRequest('ValidationError', err);
  }

  await strapi.query('permission', 'admin').delete({ role: roleID });

  const permissionsWithRole = permissions.map(permission => {
    return createPermission({ ...permission, role: roleID });
  });

  const newPermissions = [];
  for (const permission of permissionsWithRole) {
    const result = await strapi.query('permission', 'admin').create(permission);
    newPermissions.push(result);
  }

  return newPermissions;
};

/**
 * Find all permissions for a user
 * @param roles
 * @returns {Promise<*[]|*>}
 */
const findUserPermissions = async ({ roles }) => {
  if (!_.isArray(roles)) {
    return [];
  }

  return strapi.query('permission', 'admin').find({ role_in: roles.map(_.property('id')) });
};

/**
 * Removes unwanted fields from a permission
 * @param permission
 * @returns {*}
 */
const sanitizePermission = permission =>
  _.pick(permission, ['action', 'subject', 'fields', 'conditions']);

module.exports = {
  find,
  deleteByRolesIds,
  deleteByIds,
  assign,
  sanitizePermission,
  findUserPermissions,
  actionProvider,
  engine,
  conditionProvider,
};
refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-05-29 17:23:42 +02:00			`'use strict';`

Add /admin/users/me/permissions route (+ findUserPermissions & sanitizePermission) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-11 10:54:26 +02:00			`const _ = require('lodash');`
Add domain model for permission Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-28 13:02:06 +02:00			`const { createPermission } = require('../domain/permission');`
rename permissions to actions, inverted params of provider.get, separated formatter, add possibility to not specigy pluginName for ::application Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 11:01:20 +02:00			`const actionProvider = require('./action-provider');`
refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-09 17:45:53 +02:00			`const { validatePermissionsExist } = require('../validation/permission');`
Add Condition Provider & Permissions Engine 2020-06-09 19:00:57 +02:00			`const createConditionProvider = require('./permission/condition-provider');`
			`const createPermissionEngine = require('./permission/engine');`

Fix pr comments Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-16 11:13:01 +02:00			`const conditionProvider = createConditionProvider();`
Add Condition Provider & Permissions Engine 2020-06-09 19:00:57 +02:00			`const engine = createPermissionEngine(conditionProvider);`
Add domain model for permission Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-28 13:02:06 +02:00
refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-05-29 17:23:42 +02:00			`/**`
			`* Delete permissions of roles in database`
clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`* @param rolesIds ids of roles`
refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-05-29 17:23:42 +02:00			`* @returns {Promise<array>}`
			`*/`
add tests + make role decription optional + refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-05-29 11:09:17 +02:00			`const deleteByRolesIds = rolesIds => {`
			`return strapi.query('permission', 'admin').delete({ role_in: rolesIds });`
			`};`

clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`/**`
			`* Delete permissions`
			`* @param ids ids of permissions`
			`* @returns {Promise<array>}`
			`*/`
			`const deleteByIds = ids => {`
			`return strapi.query('permission', 'admin').delete({ id_in: ids });`
			`};`

Add assign permission Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-28 11:29:59 +02:00			`/**`
			`* Find assigned permissions in the database`
			`* @param params query params to find the permissions`
			`* @returns {Promise<array<Object>>}`
			`*/`
			`const find = (params = {}) => {`
			`return strapi.query('permission', 'admin').find(params, []);`
			`};`

			`/**`
Apply PR feedbacks Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-06-01 11:00:00 +02:00			`* Assign permissions to a role`
Add assign permission Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-28 11:29:59 +02:00			`* @param {string\|int} roleID - role ID`
			`* @param {Array<Permission{action,subject,fields,conditions}>} permissions - permissions to assign to the role`
			`*/`
			`const assign = async (roleID, permissions = []) => {`
refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-09 17:45:53 +02:00			`try {`
			`await validatePermissionsExist(permissions);`
			`} catch (err) {`
			`throw strapi.errors.badRequest('ValidationError', err);`
add route GET /admin/permissions Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-04 18:30:26 +02:00			`}`
Add assign permission Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-28 11:29:59 +02:00
			`await strapi.query('permission', 'admin').delete({ role: roleID });`

Add domain model for permission Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-28 13:02:06 +02:00			`const permissionsWithRole = permissions.map(permission => {`
			`return createPermission({ ...permission, role: roleID });`
			`});`
Add assign permission Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-28 11:29:59 +02:00
			`const newPermissions = [];`
			`for (const permission of permissionsWithRole) {`
			`const result = await strapi.query('permission', 'admin').create(permission);`
			`newPermissions.push(result);`
			`}`

			`return newPermissions;`
			`};`

Fix pr comments (add doc, simplify engine code, add async test condition) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-12 10:28:14 +02:00			`/**`
			`* Find all permissions for a user`
			`* @param roles`
			`* @returns {Promise<[]\|>}`
			`*/`
Add /admin/users/me/permissions route (+ findUserPermissions & sanitizePermission) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-11 10:54:26 +02:00			`const findUserPermissions = async ({ roles }) => {`
			`if (!_.isArray(roles)) {`
			`return [];`
			`}`

			`return strapi.query('permission', 'admin').find({ role_in: roles.map(_.property('id')) });`
			`};`

Fix pr comments (add doc, simplify engine code, add async test condition) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-12 10:28:14 +02:00			`/**`
			`* Removes unwanted fields from a permission`
			`* @param permission`
			`* @returns {*}`
			`*/`
Add /admin/users/me/permissions route (+ findUserPermissions & sanitizePermission) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-11 10:54:26 +02:00			`const sanitizePermission = permission =>`
			`_.pick(permission, ['action', 'subject', 'fields', 'conditions']);`

add tests + make role decription optional + refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-05-29 11:09:17 +02:00			`module.exports = {`
Add assign permission Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-28 11:29:59 +02:00			`find,`
add tests + make role decription optional + refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-05-29 11:09:17 +02:00			`deleteByRolesIds,`
clean permissions in db at startup Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-08 15:13:26 +02:00			`deleteByIds,`
Add assign permission Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-28 11:29:59 +02:00			`assign,`
Add /admin/users/me/permissions route (+ findUserPermissions & sanitizePermission) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-06-11 10:54:26 +02:00			`sanitizePermission,`
			`findUserPermissions,`
Add Condition Provider & Permissions Engine 2020-06-09 19:00:57 +02:00			`actionProvider,`
			`engine,`
			`conditionProvider,`
add tests + make role decription optional + refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-05-29 11:09:17 +02:00			`};`