strapi/packages/strapi-plugin-users-permissions/services/UsersPermissions.js

'use strict';

const fs = require('fs')
const path = require('path');
const stringify = JSON.stringify;
const _ = require('lodash');

/**
 * UsersPermissions.js service
 *
 * @description: A set of functions similar to controller's actions to avoid code duplication.
 */

module.exports = {
  createRole: (role) => {
    const appRoles = strapi.plugins['users-permissions'].config.roles;
    const highestId = _.last(Object.keys(appRoles).reduce((acc, key) => {
      acc.push(_.toNumber(key));

      return acc;
    }, []).sort()) + 1;

    const newRole = _.pick(role, ['name', 'description', 'permissions']);

    _.set(appRoles, highestId.toString(), newRole);

    _.forEach(role.users, (user) => {
      module.exports.updateUserRole(user, highestId);
    });

    module.exports.writePermissions(appRoles);
  },

  deleteRole: async (roleId) => {
    const appRoles = strapi.plugins['users-permissions'].config.roles

    module.exports.writePermissions(_.omit(appRoles, [roleId]));

    const users = await strapi.query('user', 'users-permissions').find(strapi.utils.models.convertParams('user', {
      role: roleId
    }));

    _.forEach(users, (user) => {
      module.exports.updateUserRole(user, '1');
    });
  },

  getActions: () => {
    const generateActions = (data) => (
      Object.keys(data).reduce((acc, key) => {
        acc[key] = { enabled: false, policy: '' };

        return acc;
    }, {}));

    const appControllers = Object.keys(strapi.api || {}).reduce((acc, key) => {
      acc.controllers[key] = generateActions(strapi.api[key].controllers[key]);

      return acc;
    }, { controllers: {} });

    const pluginsPermissions = Object.keys(strapi.plugins).reduce((acc, key) => {
      acc[key] = Object.keys(strapi.plugins[key].controllers).reduce((obj, k) => {
        obj.controllers[k] = generateActions(strapi.plugins[key].controllers[k]);

        return obj;

      }, { controllers: {} });

      return acc;
    }, {});

    const permissions = {
      application: {
        controllers: appControllers.controllers,
      },
    };

    const allPermissions = _.merge(permissions, pluginsPermissions);

    return allPermissions;
  },

  getRole: async (roleId) => {
    const appRoles = strapi.plugins['users-permissions'].config.roles
    appRoles[roleId].users = await strapi.query('user', 'users-permissions').find(strapi.utils.models.convertParams('user', { role: roleId }));

    return appRoles[roleId];
  },

  getRoles: async () => {
    const roles = strapi.plugins['users-permissions'].config.roles;
    const usersCount = await strapi.query('user', 'users-permissions').countByRoles();
    const formattedRoles = Object.keys(roles).reduce((acc, key) => {
      const role = _.pick(roles[key], ['name', 'description']);

      _.set(role, 'id', key);
      _.set(role, 'nb_users', _.get(_.find(usersCount, { _id: parseFloat(key) }), 'total', 0));
      acc.push(role);

      return acc;
    }, []);

    return formattedRoles;
  },

  getRoutes: async () => {
    const apiRoutes = strapi.api ? Object.keys(strapi.api).reduce((acc, current) => {
      return acc.concat(strapi.api[current].config.routes);
    }, []) : [];

    const pluginsRoutes = Object.keys(strapi.plugins).reduce((acc, current) => {
      acc[current] = strapi.plugins[current].config.routes;

      return acc;
    }, []);

    return _.merge({ application: apiRoutes}, pluginsRoutes);
  },

  getRoleConfigPath: () => (
    path.join(
      strapi.config.appPath,
      'plugins',
      'users-permissions',
      'config',
      'roles.json',
    )
  ),

  updateData: (data, diff = 'unset') => {
    const dataToCompare = strapi.plugins['users-permissions'].services.userspermissions.getActions();

    _.forEach(data, (roleData, roleId) => {
      const obj = diff === 'unset' ? roleData.permissions : dataToCompare;

      _.forEach(obj, (pluginData, pluginName) => {
        _.forEach(pluginData.controllers, (controllerActions, controllerName) => {
          _.forEach(controllerActions, (actionData, actionName) => {
            if (diff === 'unset') {
              if (!_.get(dataToCompare, [pluginName, 'controllers', controllerName])) {
                _.unset(data, [roleId, 'permissions',  pluginName, 'controllers', controllerName]);
                return;
              }

              if (!_.get(dataToCompare, [pluginName, 'controllers', controllerName, actionName])) {
                _.unset(data, [roleId, 'permissions', pluginName, 'controllers', controllerName, actionName]);
              }
            } else if (!_.get(data, [roleId, 'permissions', pluginName, 'controllers', controllerName, actionName])) {
              const isCallback = actionName === 'callback' && controllerName === 'auth' && pluginName === 'users-permissions' && roleId === '1';
              const isRegister = actionName === 'register' && controllerName === 'auth' && pluginName === 'users-permissions' && roleId === '1';
              const isPassword = actionName === 'forgotPassword' && controllerName === 'auth' && pluginName === 'users-permissions' && roleId === '1';
              const isNewPassword = actionName === 'changePassword-password' && controllerName === 'auth' && pluginName === 'users-permissions' && roleId === '1';
              const isInit = actionName === 'init' && controllerName === 'userspermissions';
              const enabled = isCallback || isRegister || roleId === '0' || isInit || isPassword || isNewPassword;

              _.set(data, [roleId, 'permissions', pluginName, 'controllers', controllerName, actionName], { enabled, policy: '' })
            }
          });
        });
      });
    });

    return data;
  },

  updatePermissions: async (cb) => {
    const appActions = module.exports.getActions();
    const writePermissions = module.exports.writePermissions;
    const currentRoles = strapi.plugins['users-permissions'].config.roles || {
      '0': {
        description: '',
        name: 'Administrator',
        permissions: {
          application: {
            controllers: {},
          },
        },
      },
      '1': {
        description: '',
        name: 'Guest',
        permissions: {
          application: {
            controllers: {},
          },
        },
      },
    };

    const remove = await module.exports.updateData(_.cloneDeep(currentRoles));
    const added = await module.exports.updateData(_.cloneDeep(remove), 'set');

    if (!_.isEqual(currentRoles, added)) {
      writePermissions(added);
    }

    if (cb) {
      cb();
    }
  },

  updateRole: async (roleId, body) => {
    const appRoles = strapi.plugins['users-permissions'].config.roles
    const updatedRole = _.pick(body, ['name', 'description', 'permissions']);
    _.set(appRoles, [roleId], updatedRole);

    module.exports.writePermissions(appRoles);

    const currentUsers = await strapi.query('user', 'users-permissions').find(strapi.utils.models.convertParams('user', {
      role: roleId
    }));
    const userToAdd = _.differenceBy(body.users, currentUsers.toJSON ? currentUsers.toJSON() : currentUsers, 'id');
    const userToRemove = _.differenceBy(currentUsers.toJSON ? currentUsers.toJSON() : currentUsers, body.users, 'id');

    _.forEach(userToAdd, (user) => {
      module.exports.updateUserRole(user, roleId);
    });
    _.forEach(userToRemove, (user) => {
      module.exports.updateUserRole(user, '1');
    });
  },

  updateUserRole: async (user, role) => {
    strapi.query('user', 'users-permissions').update({
      _id: user._id || user.id,
      role: role.toString()
    });
  },

  writePermissions: (data) => {
    const roleConfigPath = module.exports.getRoleConfigPath();

    try {
      fs.writeFileSync(roleConfigPath, stringify({ roles: data }, null, 2), 'utf8');
    } catch(err) {
      strapi.log.error(err);
    }
  },
};
Generate plugin users-permissions and add it to strapi-packages 2017-11-06 11:14:43 +01:00			`'use strict';`

Write roles.sjon file 2017-11-17 14:22:59 +01:00			`const fs = require('fs')`
			`const path = require('path');`
			`const stringify = JSON.stringify;`
Change permissions data format 2017-11-16 17:59:41 +01:00			`const _ = require('lodash');`
Add apiRoutes and fix feedback PR 2017-12-07 18:16:18 +01:00
Generate plugin users-permissions and add it to strapi-packages 2017-11-06 11:14:43 +01:00			`/**`
			`* UsersPermissions.js service`
			`*`
			`* @description: A set of functions similar to controller's actions to avoid code duplication.`
			`*/`

			`module.exports = {`
Handle create role 2017-11-27 16:49:56 +01:00			`createRole: (role) => {`
Add apiRoutes and fix feedback PR 2017-12-07 18:16:18 +01:00			`const appRoles = strapi.plugins['users-permissions'].config.roles;`
Handle delete role 2017-11-27 17:02:45 +01:00			`const highestId = _.last(Object.keys(appRoles).reduce((acc, key) => {`
Handle create role 2017-11-27 16:49:56 +01:00			`acc.push(_.toNumber(key));`

			`return acc;`
			`}, []).sort()) + 1;`

			`const newRole = _.pick(role, ['name', 'description', 'permissions']);`

Handle delete role 2017-11-27 17:02:45 +01:00			`_.set(appRoles, highestId.toString(), newRole);`
Handle create role 2017-11-27 16:49:56 +01:00
Link user to role 2017-12-01 16:06:16 +01:00			`_.forEach(role.users, (user) => {`
Refacto service 2017-12-08 10:42:45 +01:00			`module.exports.updateUserRole(user, highestId);`
Link user to role 2017-12-01 16:06:16 +01:00			`});`

Refacto service 2017-12-08 10:42:45 +01:00			`module.exports.writePermissions(appRoles);`
Handle delete role 2017-11-27 17:02:45 +01:00			`},`

Link user to role 2017-12-01 16:06:16 +01:00			`deleteRole: async (roleId) => {`
Add apiRoutes and fix feedback PR 2017-12-07 18:16:18 +01:00			`const appRoles = strapi.plugins['users-permissions'].config.roles`
Handle update role 2017-11-27 17:50:51 +01:00
Refacto service 2017-12-08 10:42:45 +01:00			`module.exports.writePermissions(_.omit(appRoles, [roleId]));`
Link user to role 2017-12-01 16:06:16 +01:00
			`const users = await strapi.query('user', 'users-permissions').find(strapi.utils.models.convertParams('user', {`
			`role: roleId`
			`}));`

			`_.forEach(users, (user) => {`
Refacto service 2017-12-08 10:42:45 +01:00			`module.exports.updateUserRole(user, '1');`
Link user to role 2017-12-01 16:06:16 +01:00			`});`
Handle create role 2017-11-27 16:49:56 +01:00			`},`

Change permissions data format 2017-11-16 17:59:41 +01:00			`getActions: () => {`
Write roles.sjon file 2017-11-17 14:22:59 +01:00			`const generateActions = (data) => (`
			`Object.keys(data).reduce((acc, key) => {`
			`acc[key] = { enabled: false, policy: '' };`
Generate plugin users-permissions and add it to strapi-packages 2017-11-06 11:14:43 +01:00
Write roles.sjon file 2017-11-17 14:22:59 +01:00			`return acc;`
			`}, {}));`

Add admin folder to email plugin to majke the admin works (TEMPORARY FIX) 2017-11-17 17:49:50 +01:00			`const appControllers = Object.keys(strapi.api \|\| {}).reduce((acc, key) => {`
Write roles.sjon file 2017-11-17 14:22:59 +01:00			`acc.controllers[key] = generateActions(strapi.api[key].controllers[key]);`
Change permissions data format 2017-11-16 17:59:41 +01:00
			`return acc;`
Fix design and generatePermissions service 2017-11-17 12:14:12 +01:00			`}, { controllers: {} });`

			`const pluginsPermissions = Object.keys(strapi.plugins).reduce((acc, key) => {`
Fix PR feedback 2017-11-20 14:35:24 +01:00			`acc[key] = Object.keys(strapi.plugins[key].controllers).reduce((obj, k) => {`
Write roles.sjon file 2017-11-17 14:22:59 +01:00			`obj.controllers[k] = generateActions(strapi.plugins[key].controllers[k]);`
Fix design and generatePermissions service 2017-11-17 12:14:12 +01:00
			`return obj;`

Fix PR feedback 2017-11-20 14:35:24 +01:00			`}, { controllers: {} });`
Fix design and generatePermissions service 2017-11-17 12:14:12 +01:00
			`return acc;`
			`}, {});`
Change permissions data format 2017-11-16 17:59:41 +01:00
			`const permissions = {`
			`application: {`
			`controllers: appControllers.controllers,`
Fix design and generatePermissions service 2017-11-17 12:14:12 +01:00			`},`
Change permissions data format 2017-11-16 17:59:41 +01:00			`};`

Fix design and generatePermissions service 2017-11-17 12:14:12 +01:00			`const allPermissions = _.merge(permissions, pluginsPermissions);`

Algo diff between objects 2017-11-17 16:36:57 +01:00			`return allPermissions;`
			`},`
Write roles.sjon file 2017-11-17 14:22:59 +01:00
Get role with users 2017-11-30 16:52:28 +01:00			`getRole: async (roleId) => {`
Add apiRoutes and fix feedback PR 2017-12-07 18:16:18 +01:00			`const appRoles = strapi.plugins['users-permissions'].config.roles`
Get role with users 2017-11-30 16:52:28 +01:00			`appRoles[roleId].users = await strapi.query('user', 'users-permissions').find(strapi.utils.models.convertParams('user', { role: roleId }));`
Handle update role 2017-11-27 17:50:51 +01:00
Get role with users 2017-11-30 16:52:28 +01:00			`return appRoles[roleId];`
Handle update role 2017-11-27 17:50:51 +01:00			`},`

Add users count by role 2017-11-30 12:27:04 +01:00			`getRoles: async () => {`
Refacto InputSearch 2017-12-07 18:31:19 +01:00			`const roles = strapi.plugins['users-permissions'].config.roles;`
Add users count by role 2017-11-30 12:27:04 +01:00			`const usersCount = await strapi.query('user', 'users-permissions').countByRoles();`
Get roles (frontend and backend) 2017-11-27 16:04:57 +01:00			`const formattedRoles = Object.keys(roles).reduce((acc, key) => {`
			`const role = _.pick(roles[key], ['name', 'description']);`

			`_.set(role, 'id', key);`
Get role with users 2017-11-30 16:52:28 +01:00			`_.set(role, 'nb_users', _.get(_.find(usersCount, { _id: parseFloat(key) }), 'total', 0));`
Get roles (frontend and backend) 2017-11-27 16:04:57 +01:00			`acc.push(role);`

			`return acc;`
			`}, []);`

			`return formattedRoles;`
			`},`

Add handler to get the plugins routes 2017-11-30 16:34:43 +01:00			`getRoutes: async () => {`
Refacto service 2017-12-08 10:42:45 +01:00			`const apiRoutes = strapi.api ? Object.keys(strapi.api).reduce((acc, current) => {`
Add apiRoutes and fix feedback PR 2017-12-07 18:16:18 +01:00			`return acc.concat(strapi.api[current].config.routes);`
Refacto service 2017-12-08 10:42:45 +01:00			`}, []) : [];`
Add apiRoutes and fix feedback PR 2017-12-07 18:16:18 +01:00
			`const pluginsRoutes = Object.keys(strapi.plugins).reduce((acc, current) => {`
Add handler to get the plugins routes 2017-11-30 16:34:43 +01:00			`acc[current] = strapi.plugins[current].config.routes;`

			`return acc;`
Add apiRoutes and fix feedback PR 2017-12-07 18:16:18 +01:00			`}, []);`

			`return _.merge({ application: apiRoutes}, pluginsRoutes);`
Add handler to get the plugins routes 2017-11-30 16:34:43 +01:00			`},`

Algo diff between objects 2017-11-17 16:36:57 +01:00			`getRoleConfigPath: () => (`
			`path.join(`
			`strapi.config.appPath,`
			`'plugins',`
			`'users-permissions',`
			`'config',`
			`'roles.json',`
			`)`
			`),`

			`updateData: (data, diff = 'unset') => {`
			`const dataToCompare = strapi.plugins['users-permissions'].services.userspermissions.getActions();`

			`_.forEach(data, (roleData, roleId) => {`
			`const obj = diff === 'unset' ? roleData.permissions : dataToCompare;`

			`_.forEach(obj, (pluginData, pluginName) => {`
			`_.forEach(pluginData.controllers, (controllerActions, controllerName) => {`
			`_.forEach(controllerActions, (actionData, actionName) => {`
			`if (diff === 'unset') {`
			`if (!_.get(dataToCompare, [pluginName, 'controllers', controllerName])) {`
			`_.unset(data, [roleId, 'permissions', pluginName, 'controllers', controllerName]);`
			`return;`
			`}`

			`if (!_.get(dataToCompare, [pluginName, 'controllers', controllerName, actionName])) {`
			`_.unset(data, [roleId, 'permissions', pluginName, 'controllers', controllerName, actionName]);`
			`}`
Add apiRoutes and fix feedback PR 2017-12-07 18:16:18 +01:00			`} else if (!_.get(data, [roleId, 'permissions', pluginName, 'controllers', controllerName, actionName])) {`
			`const isCallback = actionName === 'callback' && controllerName === 'auth' && pluginName === 'users-permissions' && roleId === '1';`
			`const isRegister = actionName === 'register' && controllerName === 'auth' && pluginName === 'users-permissions' && roleId === '1';`
			`const isPassword = actionName === 'forgotPassword' && controllerName === 'auth' && pluginName === 'users-permissions' && roleId === '1';`
			`const isNewPassword = actionName === 'changePassword-password' && controllerName === 'auth' && pluginName === 'users-permissions' && roleId === '1';`
			`const isInit = actionName === 'init' && controllerName === 'userspermissions';`
			`const enabled = isCallback \|\| isRegister \|\| roleId === '0' \|\| isInit \|\| isPassword \|\| isNewPassword;`

			`_.set(data, [roleId, 'permissions', pluginName, 'controllers', controllerName, actionName], { enabled, policy: '' })`
Algo diff between objects 2017-11-17 16:36:57 +01:00			`}`
			`});`
			`});`
			`});`
			`});`

			`return data;`
			`},`

Fix PR feedback 2017-11-20 14:35:24 +01:00			`updatePermissions: async (cb) => {`
Refacto service 2017-12-08 10:42:45 +01:00			`const appActions = module.exports.getActions();`
			`const writePermissions = module.exports.writePermissions;`
Add apiRoutes and fix feedback PR 2017-12-07 18:16:18 +01:00			`const currentRoles = strapi.plugins['users-permissions'].config.roles \|\| {`
			`'0': {`
			`description: '',`
			`name: 'Administrator',`
			`permissions: {`
			`application: {`
			`controllers: {},`
Fix roles.json bug 2017-12-07 10:16:36 +01:00			`},`
			`},`
Add apiRoutes and fix feedback PR 2017-12-07 18:16:18 +01:00			`},`
			`'1': {`
			`description: '',`
			`name: 'Guest',`
			`permissions: {`
			`application: {`
			`controllers: {},`
Fix roles.json bug 2017-12-07 10:16:36 +01:00			`},`
			`},`
Add apiRoutes and fix feedback PR 2017-12-07 18:16:18 +01:00			`},`
			`};`
Fix roles.json bug 2017-12-07 10:16:36 +01:00
Refacto service 2017-12-08 10:42:45 +01:00			`const remove = await module.exports.updateData(_.cloneDeep(currentRoles));`
			`const added = await module.exports.updateData(_.cloneDeep(remove), 'set');`
Algo diff between objects 2017-11-17 16:36:57 +01:00
			`if (!_.isEqual(currentRoles, added)) {`
			`writePermissions(added);`
Write roles.sjon file 2017-11-17 14:22:59 +01:00			`}`
Fix PR feedback 2017-11-20 14:35:24 +01:00
			`if (cb) {`
			`cb();`
			`}`
Algo diff between objects 2017-11-17 16:36:57 +01:00			`},`
Write roles.sjon file 2017-11-17 14:22:59 +01:00
Link user to role 2017-12-01 16:06:16 +01:00			`updateRole: async (roleId, body) => {`
Add apiRoutes and fix feedback PR 2017-12-07 18:16:18 +01:00			`const appRoles = strapi.plugins['users-permissions'].config.roles`
Handle update role 2017-11-27 17:50:51 +01:00			`const updatedRole = _.pick(body, ['name', 'description', 'permissions']);`
			`_.set(appRoles, [roleId], updatedRole);`

Refacto service 2017-12-08 10:42:45 +01:00			`module.exports.writePermissions(appRoles);`
Link user to role 2017-12-01 16:06:16 +01:00
Fix delete user from group 2017-12-05 16:44:54 +01:00			`const currentUsers = await strapi.query('user', 'users-permissions').find(strapi.utils.models.convertParams('user', {`
Link user to role 2017-12-01 16:06:16 +01:00			`role: roleId`
Fix delete user from group 2017-12-05 16:44:54 +01:00			`}));`
Fix manage user role bookshelf 2017-12-07 18:40:55 +01:00			`const userToAdd = _.differenceBy(body.users, currentUsers.toJSON ? currentUsers.toJSON() : currentUsers, 'id');`
			`const userToRemove = _.differenceBy(currentUsers.toJSON ? currentUsers.toJSON() : currentUsers, body.users, 'id');`
Fix delete user from group 2017-12-05 16:44:54 +01:00
			`_.forEach(userToAdd, (user) => {`
Refacto service 2017-12-08 10:42:45 +01:00			`module.exports.updateUserRole(user, roleId);`
Fix delete user from group 2017-12-05 16:44:54 +01:00			`});`
			`_.forEach(userToRemove, (user) => {`
Refacto service 2017-12-08 10:42:45 +01:00			`module.exports.updateUserRole(user, '1');`
Link user to role 2017-12-01 16:06:16 +01:00			`});`
Handle update role 2017-11-27 17:50:51 +01:00			`},`

Fix roles.json bug 2017-12-07 10:16:36 +01:00			`updateUserRole: async (user, role) => {`
Fix some PR feedback 2017-12-07 18:16:15 +01:00			`strapi.query('user', 'users-permissions').update({`
Fix roles.json bug 2017-12-07 10:16:36 +01:00			`_id: user._id \|\| user.id,`
			`role: role.toString()`
			`});`
			`},`

Algo diff between objects 2017-11-17 16:36:57 +01:00			`writePermissions: (data) => {`
Refacto service 2017-12-08 10:42:45 +01:00			`const roleConfigPath = module.exports.getRoleConfigPath();`
Algo diff between objects 2017-11-17 16:36:57 +01:00
			`try {`
Add apiRoutes and fix feedback PR 2017-12-07 18:16:18 +01:00			`fs.writeFileSync(roleConfigPath, stringify({ roles: data }, null, 2), 'utf8');`
Algo diff between objects 2017-11-17 16:36:57 +01:00			`} catch(err) {`
			`strapi.log.error(err);`
			`}`
Link user to role 2017-12-01 16:06:16 +01:00			`},`
Generate plugin users-permissions and add it to strapi-packages 2017-11-06 11:14:43 +01:00			`};`