strapi/packages/strapi-plugin-users-permissions/controllers/User.js

'use strict';

/**
 * User.js controller
 *
 * @description: A set of functions called "actions" for managing `User`.
 */

const _ = require('lodash');

module.exports = {

  /**
   * Retrieve user records.
   *
   * @return {Object|Array}
   */

  find: async (ctx, next, { populate } = {}) => {
    let users;  

    if (_.has(ctx.query, '_q')) {
      // use core strapi query to search for users
      users = await strapi
        .query('user', 'users-permissions')
        .search(ctx.query, populate);

    } else {
      users = await strapi.plugins['users-permissions'].services.user.fetchAll(ctx.query, populate);
    }

    const data = users.map(user => _.omit(user, ['password', 'resetPasswordToken']));
    ctx.send(data);
  },

  /**
   * Retrieve authenticated user.
   *
   * @return {Object|Array}
   */

  me: async (ctx) => {
    const user = ctx.state.user;

    if (!user) {
      return ctx.badRequest(null, [{ messages: [{ id: 'No authorization header was found' }] }]);
    }

    const data = _.omit(user.toJSON ? user.toJSON() : user, ['password', 'resetPasswordToken']);

    // Send 200 `ok`
    ctx.send(data);
  },

  /**
   * Retrieve a user record.
   *
   * @return {Object}
   */

  findOne: async (ctx) => {
    let data = await strapi.plugins['users-permissions'].services.user.fetch(ctx.params);

    if (data) {
      data = _.omit(data.toJSON ? data.toJSON() : data, ['password', 'resetPasswordToken']);
    }

    // Send 200 `ok`
    ctx.send(data);
  },

  /**
   * Create a/an user record.
   *
   * @return {Object}
   */

  create: async (ctx) => {
    const advanced = await strapi.store({
      environment: '',
      type: 'plugin',
      name: 'users-permissions',
      key: 'advanced'
    }).get();

    if (advanced.unique_email && ctx.request.body.email) {
      const user = await strapi.plugins['users-permissions'].queries('user', 'users-permissions').findOne({ email: ctx.request.body.email });

      if (user) {
        return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.email.taken', field: ['email'] }] }] : 'Email is already taken.');
      }
    }

    if (!ctx.request.body.role) {
      const defaultRole = await strapi.plugins['users-permissions'].queries('role', 'users-permissions').findOne({ type: advanced.default_role }, []);

      ctx.request.body.role = defaultRole._id || defaultRole.id;
    }

    ctx.request.body.provider = 'local';

    try {
      const data = await strapi.plugins['users-permissions'].services.user.add(ctx.request.body);

      // Send 201 `created`
      ctx.created(data);
    } catch(error) {
      ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: error.message, field: error.field }] }] : error.message);
    }
  },

  /**
   * Update a/an user record.
   *
   * @return {Object}
   */

  update: async (ctx) => {
    try {
      const advancedConfigs = await strapi.store({
        environment: '',
        type: 'plugin',
        name: 'users-permissions',
        key: 'advanced'
      }).get();

      if (advancedConfigs.unique_email && ctx.request.body.email) {
        const users = await strapi.plugins['users-permissions'].services.user.fetchAll({ email: ctx.request.body.email });

        if (users && _.find(users, user => (user.id || user._id).toString() !== (ctx.params.id || ctx.params._id))) {
          return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.email.taken', field: ['email'] }] }] : 'Email is already taken.');
        }
      }

      const user = await strapi.plugins['users-permissions'].services.user.fetch(ctx.params);

      if (_.get(ctx.request, 'body.password') === user.password) {
        delete ctx.request.body.password;
      }

      if (_.get(ctx.request, 'body.role', '').toString() === '0' && (!_.get(ctx.state, 'user.role') || _.get(ctx.state, 'user.role', '').toString() !== '0')) {
        delete ctx.request.body.role;
      }

      if (ctx.request.body.email && advancedConfigs.unique_email) {
        const user = await strapi.plugins['users-permissions'].queries('user', 'users-permissions').findOne({
          email: ctx.request.body.email
        });

        if (user !== null && (user.id || user._id).toString() !== (ctx.params.id || ctx.params._id)) {
          return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.email.taken', field: ['email'] }] }] : 'Email is already taken.');
        }
      }

      const data = await strapi.plugins['users-permissions'].services.user.edit(ctx.params, ctx.request.body) ;

      // Send 200 `ok`
      ctx.send(data);
    } catch(error) {
      ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: error.message, field: error.field }] }] : error.message);
    }
  },

  /**
   * Destroy a/an user record.
   *
   * @return {Object}
   */

  destroy: async (ctx) => {
    const data = await strapi.plugins['users-permissions'].services.user.remove(ctx.params);
    
    // Send 200 `ok`
    ctx.send(data);
  },

  destroyAll: async (ctx) => {
    const data = await strapi.plugins['users-permissions'].services.user.removeAll(ctx.params, ctx.request.query);

    // Send 200 `ok`
    ctx.send(data);
  }
};
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`'use strict';`

			`/**`
			`* User.js controller`
			`*`
			* @description: A set of functions called "actions" for managing `User`.
			`*/`

Fix user update encrypted password 2017-12-04 15:35:45 +01:00			`const _ = require('lodash');`

Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`module.exports = {`

			`/**`
			`* Retrieve user records.`
			`*`
			`* @return {Object\|Array}`
			`*/`

Adapt User plugin to the new API 2019-02-02 13:28:03 +01:00			`find: async (ctx, next, { populate } = {}) => {`
Add _q param to GET /users 2019-05-21 16:18:18 +02:00			`let users;`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00
Add _q param to GET /users 2019-05-21 16:18:18 +02:00			`if (_.has(ctx.query, '_q')) {`
			`// use core strapi query to search for users`
			`users = await strapi`
			`.query('user', 'users-permissions')`
			`.search(ctx.query, populate);`

			`} else {`
			`users = await strapi.plugins['users-permissions'].services.user.fetchAll(ctx.query, populate);`
			`}`

			`const data = users.map(user => _.omit(user, ['password', 'resetPasswordToken']));`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`ctx.send(data);`
			`},`

feat(plugin-users-permissions): add /user/me to fetch authenticated user model 2018-01-10 20:29:34 +01:00			`/**`
			`* Retrieve authenticated user.`
			`*`
			`* @return {Object\|Array}`
			`*/`

			`me: async (ctx) => {`
			`const user = ctx.state.user;`
Throw error when trying to get /user/me with no headers 2018-01-11 16:24:16 +01:00
			`if (!user) {`
			`return ctx.badRequest(null, [{ messages: [{ id: 'No authorization header was found' }] }]);`
			`}`
Add unique email verification on user update 2018-01-18 14:10:26 +01:00
feat(plugin-users-permissions): add /user/me to fetch authenticated user model 2018-01-10 20:29:34 +01:00			`const data = _.omit(user.toJSON ? user.toJSON() : user, ['password', 'resetPasswordToken']);`

			// Send 200 `ok`
			`ctx.send(data);`
			`},`

Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`/**`
			`* Retrieve a user record.`
			`*`
			`* @return {Object}`
			`*/`

			`findOne: async (ctx) => {`
Remove password and token from fetchable data USER API / AUTH 2017-12-06 14:15:27 +01:00			`let data = await strapi.plugins['users-permissions'].services.user.fetch(ctx.params);`

			`if (data) {`
Fix some PR feedback 2017-12-07 18:16:15 +01:00			`data = _.omit(data.toJSON ? data.toJSON() : data, ['password', 'resetPasswordToken']);`
Remove password and token from fetchable data USER API / AUTH 2017-12-06 14:15:27 +01:00			`}`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00
			// Send 200 `ok`
			`ctx.send(data);`
			`},`

			`/**`
			`* Create a/an user record.`
			`*`
			`* @return {Object}`
			`*/`

			`create: async (ctx) => {`
Fix default role provider and create user fix #1212 2018-06-12 19:19:10 +02:00			`const advanced = await strapi.store({`
Environment agnostic for users-permissions configs 2018-02-13 15:04:21 +01:00			`environment: '',`
New format store constructor strapi.store(source).get(params) strapi.store(source).set({params, value}) Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com> 2018-02-06 13:10:43 +01:00			`type: 'plugin',`
			`name: 'users-permissions',`
			`key: 'advanced'`
Fix default role provider and create user fix #1212 2018-06-12 19:19:10 +02:00			`}).get();`

			`if (advanced.unique_email && ctx.request.body.email) {`
Add a queries interface to the plugins 2019-04-26 10:17:04 +02:00			`const user = await strapi.plugins['users-permissions'].queries('user', 'users-permissions').findOne({ email: ctx.request.body.email });`
Fix unique email for user API 2018-01-26 09:37:24 +01:00
			`if (user) {`
Improve errors notifications 2018-04-24 11:45:09 +02:00			`return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.email.taken', field: ['email'] }] }] : 'Email is already taken.');`
Fix unique email for user API 2018-01-26 09:37:24 +01:00			`}`
			`}`

Fix default role provider and create user fix #1212 2018-06-12 19:19:10 +02:00			`if (!ctx.request.body.role) {`
Add a queries interface to the plugins 2019-04-26 10:17:04 +02:00			`const defaultRole = await strapi.plugins['users-permissions'].queries('role', 'users-permissions').findOne({ type: advanced.default_role }, []);`
Fix default role provider and create user fix #1212 2018-06-12 19:19:10 +02:00
			`ctx.request.body.role = defaultRole._id \|\| defaultRole.id;`
			`}`

FIX Creating a user in AdminUI does not properly set provider type to local 2018-10-28 00:47:09 +02:00			`ctx.request.body.provider = 'local';`

Handle backend errors in ctm 2017-12-06 15:11:55 +01:00			`try {`
			`const data = await strapi.plugins['users-permissions'].services.user.add(ctx.request.body);`
Allow private attribute into input definition 2018-11-27 14:59:28 +01:00
Handle backend errors in ctm 2017-12-06 15:11:55 +01:00			// Send 201 `created`
			`ctx.created(data);`
			`} catch(error) {`
			`ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: error.message, field: error.field }] }] : error.message);`
			`}`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`},`

			`/**`
			`* Update a/an user record.`
			`*`
			`* @return {Object}`
			`*/`

Add eslint to users-permissions backend 2018-04-30 18:26:56 +02:00			`update: async (ctx) => {`
Handle backend errors in ctm 2017-12-06 15:11:55 +01:00			`try {`
New format store constructor strapi.store(source).get(params) strapi.store(source).set({params, value}) Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com> 2018-02-06 13:10:43 +01:00			`const advancedConfigs = await strapi.store({`
Environment agnostic for users-permissions configs 2018-02-13 15:04:21 +01:00			`environment: '',`
New format store constructor strapi.store(source).get(params) strapi.store(source).set({params, value}) Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com> 2018-02-06 13:10:43 +01:00			`type: 'plugin',`
			`name: 'users-permissions',`
			`key: 'advanced'`
			`}).get();`

			`if (advancedConfigs.unique_email && ctx.request.body.email) {`
Fix user update via API and content-type-builder 2018-02-02 12:59:34 +01:00			`const users = await strapi.plugins['users-permissions'].services.user.fetchAll({ email: ctx.request.body.email });`
Fix unique email for user API 2018-01-26 09:37:24 +01:00
Fix update user email 2019-01-22 11:41:49 +01:00			`if (users && _.find(users, user => (user.id \|\| user._id).toString() !== (ctx.params.id \|\| ctx.params._id))) {`
Improve errors notifications 2018-04-24 11:45:09 +02:00			`return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.email.taken', field: ['email'] }] }] : 'Email is already taken.');`
Fix unique email for user API 2018-01-26 09:37:24 +01:00			`}`
			`}`

Handle backend errors in ctm 2017-12-06 15:11:55 +01:00			`const user = await strapi.plugins['users-permissions'].services.user.fetch(ctx.params);`
Fix user update encrypted password 2017-12-04 15:35:45 +01:00
Add eslint to users-permissions backend 2018-04-30 18:26:56 +02:00			`if (_.get(ctx.request, 'body.password') === user.password) {`
Handle backend errors in ctm 2017-12-06 15:11:55 +01:00			`delete ctx.request.body.password;`
			`}`
Fix user update encrypted password 2017-12-04 15:35:45 +01:00
Fix PR feedback 2017-12-15 14:22:11 +01:00			`if (_.get(ctx.request, 'body.role', '').toString() === '0' && (!_.get(ctx.state, 'user.role') \|\| _.get(ctx.state, 'user.role', '').toString() !== '0')) {`
Can not set role 0 to someone user API 2017-12-15 10:49:01 +01:00			`delete ctx.request.body.role;`
			`}`

New format store constructor strapi.store(source).get(params) strapi.store(source).set({params, value}) Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com> 2018-02-06 13:10:43 +01:00			`if (ctx.request.body.email && advancedConfigs.unique_email) {`
Add a queries interface to the plugins 2019-04-26 10:17:04 +02:00			`const user = await strapi.plugins['users-permissions'].queries('user', 'users-permissions').findOne({`
Add unique email verification on user update 2018-01-18 14:10:26 +01:00			`email: ctx.request.body.email`
			`});`

Fix update user email 2019-01-22 11:41:49 +01:00			`if (user !== null && (user.id \|\| user._id).toString() !== (ctx.params.id \|\| ctx.params._id)) {`
Improve errors notifications 2018-04-24 11:45:09 +02:00			`return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.email.taken', field: ['email'] }] }] : 'Email is already taken.');`
Add unique email verification on user update 2018-01-18 14:10:26 +01:00			`}`
			`}`

Handle backend errors in ctm 2017-12-06 15:11:55 +01:00			`const data = await strapi.plugins['users-permissions'].services.user.edit(ctx.params, ctx.request.body) ;`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00
Handle backend errors in ctm 2017-12-06 15:11:55 +01:00			// Send 200 `ok`
			`ctx.send(data);`
			`} catch(error) {`
			`ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: error.message, field: error.field }] }] : error.message);`
			`}`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`},`

			`/**`
			`* Destroy a/an user record.`
			`*`
			`* @return {Object}`
			`*/`

Add eslint to users-permissions backend 2018-04-30 18:26:56 +02:00			`destroy: async (ctx) => {`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`const data = await strapi.plugins['users-permissions'].services.user.remove(ctx.params);`
Fix deleteUser mutation for Mongoose and Bookshelf 2018-11-27 14:54:34 +01:00
Handle delete many with models from users-permissions 2018-06-06 16:20:52 +02:00			// Send 200 `ok`
			`ctx.send(data);`
			`},`

			`destroyAll: async (ctx) => {`
			`const data = await strapi.plugins['users-permissions'].services.user.removeAll(ctx.params, ctx.request.query);`

Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			// Send 200 `ok`
			`ctx.send(data);`
			`}`
			`};`