strapi/packages/strapi-plugin-users-permissions/controllers/UsersPermissions.js

'use strict';

/**
 * UsersPermissions.js controller
 *
 * @description: A set of functions called "actions" of the `users-permissions` plugin.
 */

const _ = require('lodash');

module.exports = {

  /**
   * Default action.
   *
   * @return {Object}
   */
  createRole: async (ctx) => {
    if (_.isEmpty(ctx.request.body)) {
      return ctx.badRequest(null, [{ messages: [{ id: 'Cannot be empty' }] }]);
    }

    try {
      await strapi.plugins['users-permissions'].services.userspermissions.createRole(ctx.request.body);

      ctx.send({ ok: true });
    } catch(err) {
      ctx.badRequest(null, [{ messages: [{ id: 'An error occured' }] }]);
    }
  },

  deleteProvider: async ctx => {
    const { provider } = ctx.params;

    if (!provider) {
      return ctx.badRequest(null, [{ messages: [{ id: 'Bad request' }] }]);
    }

    // TODO handle dynamic
    ctx.send({ ok: true });
  },

  deleteRole: async ctx => {
    // Fetch root and public role.
    const [root, publicRole] = await Promise.all([
      strapi.query('role', 'users-permissions').findOne({ type: 'root' }),
      strapi.query('role', 'users-permissions').findOne({ type: 'public' })
    ]);

    const rootID = root.id || root._id;
    const publicRoleID = publicRole.id || publicRole._id;

    const roleID = ctx.params.role;

    if (!roleID) {
      return ctx.badRequest(null, [{ messages: [{ id: 'Bad request' }] }]);
    }

    // Prevent from removing the root role.
    if (roleID.toString() === rootID.toString() || roleID.toString() === publicRoleID.toString()) {
      return ctx.badRequest(null, [{ messages: [{ id: 'Unauthorized' }] }]);
    }

    try {
      await strapi.plugins['users-permissions'].services.userspermissions.deleteRole(roleID, publicRoleID);

      ctx.send({ ok: true });
    } catch(err) {
      ctx.badRequest(null, [{ messages: [{ id: 'Bad request' }] }]);
    }
  },

  getPermissions: async (ctx) => {
    try {
      const { lang } = ctx.query;
      const plugins = await strapi.plugins['users-permissions'].services.userspermissions.getPlugins(lang);
      const permissions = await strapi.plugins['users-permissions'].services.userspermissions.getActions(plugins);

      ctx.send({ permissions });
    } catch(err) {
      ctx.badRequest(null, [{ message: [{ id: 'Not Found' }] }]);
    }
  },

  getPolicies: async (ctx) => {
    ctx.send({
      policies: _.without(_.keys(strapi.plugins['users-permissions'].config.policies), 'permissions')
    });
  },

  getRole: async (ctx) => {
    const { id } = ctx.params;
    const { lang } = ctx.query;
    const plugins = await strapi.plugins['users-permissions'].services.userspermissions.getPlugins(lang);
    const role = await strapi.plugins['users-permissions'].services.userspermissions.getRole(id, plugins);

    if (_.isEmpty(role)) {
      return ctx.badRequest(null, [{ messages: [{ id: `Role don't exist` }] }]);
    }

    ctx.send({ role });
  },

  getRoles: async (ctx) => {
    try {
      const roles = await strapi.plugins['users-permissions'].services.userspermissions.getRoles();

      ctx.send({ roles });
    } catch(err) {
      ctx.badRequest(null, [{ messages: [{ id: 'Not found' }] }]);
    }
  },

  getRoutes: async (ctx) => {
    try {
      const routes = await strapi.plugins['users-permissions'].services.userspermissions.getRoutes();

      ctx.send({ routes });
    } catch(err) {
      ctx.badRequest(null, [{ messages: [{ id: 'Not found' }] }]);
    }
  },

  index: async (ctx) => {
    // Add your own logic here.

    // Send 200 `ok`
    ctx.send({
      message: 'ok'
    });
  },

  init: async (ctx) => {
    const role = await strapi.query('role', 'users-permissions').findOne({ type: 'root' }, ['users']);

    ctx.send({ hasAdmin: !_.isEmpty(role.users) });
  },

  searchUsers: async (ctx) => {
    const data = await strapi.query('user', 'users-permissions').search(ctx.params);

    ctx.send(data);
  },

  updateRole: async function (ctx) {
    // Fetch root role.
    const root = await strapi.query('role', 'users-permissions').findOne({ type: 'root' });

    const roleID = ctx.params.role;
    const rootID = root.id || root._id;

    // Prevent from updating the root role.
    if (roleID === rootID) {
      return ctx.badRequest(null, [{ messages: [{ id: 'Unauthorized' }] }]);
    }

    if (_.isEmpty(ctx.request.body)) {
      return ctx.badRequest(null, [{ messages: [{ id: 'Bad request' }] }]);
    }

    try {
      await strapi.plugins['users-permissions'].services.userspermissions.updateRole(roleID, ctx.request.body);

      ctx.send({ ok: true });
    } catch(error) {
      ctx.badRequest(null, [{ messages: [{ id: 'An error occurred' }] }]);
    }
  },

  getEmailTemplate: async (ctx) => {
    ctx.send(await strapi.store({
      environment: '',
      type: 'plugin',
      name: 'users-permissions',
      key: 'email'
    }).get());
  },

  updateEmailTemplate: async (ctx) => {
    if (_.isEmpty(ctx.request.body)) {
      return ctx.badRequest(null, [{ messages: [{ id: 'Cannot be empty' }] }]);
    }

    await strapi.store({
      environment: '',
      type: 'plugin',
      name: 'users-permissions',
      key: 'email'
    }).set({value: ctx.request.body});

    ctx.send({ ok: true });
  },

  getAdvancedSettings: async (ctx) => {
    ctx.send({
      settings: await strapi.store({
        environment: '',
        type: 'plugin',
        name: 'users-permissions',
        key: 'advanced'
      }).get(),
      roles: await strapi.plugins['users-permissions'].services.userspermissions.getRoles()
    });
  },

  updateAdvancedSettings: async (ctx) => {
    if (_.isEmpty(ctx.request.body)) {
      return ctx.badRequest(null, [{ messages: [{ id: 'Cannot be empty' }] }]);
    }

    await strapi.store({
      environment: '',
      type: 'plugin',
      name: 'users-permissions',
      key: 'advanced'
    }).set({value: ctx.request.body});

    ctx.send({ ok: true });
  },

  getProviders: async (ctx) => {
    ctx.send(await strapi.store({
      environment: '',
      type: 'plugin',
      name: 'users-permissions',
      key: 'grant'
    }).get());
  },

  updateProviders: async (ctx) => {
    if (_.isEmpty(ctx.request.body)) {
      return ctx.badRequest(null, [{ messages: [{ id: 'Cannot be empty' }] }]);
    }

    await strapi.store({
      environment: '',
      type: 'plugin',
      name: 'users-permissions',
      key: 'grant'
    }).set({value: ctx.request.body});

    ctx.send({ ok: true });
  }
};
Generate plugin users-permissions and add it to strapi-packages 2017-11-06 11:14:43 +01:00			`'use strict';`

			`/**`
			`* UsersPermissions.js controller`
			`*`
			* @description: A set of functions called "actions" of the `users-permissions` plugin.
			`*/`

Mount mongoose instance in plugins models 2017-11-15 15:06:09 +01:00			`const _ = require('lodash');`

Generate plugin users-permissions and add it to strapi-packages 2017-11-06 11:14:43 +01:00			`module.exports = {`

			`/**`
			`* Default action.`
			`*`
			`* @return {Object}`
			`*/`
Edit role 2017-11-23 17:13:46 +01:00			`createRole: async (ctx) => {`
Created handler for POST role 2017-11-23 11:03:26 +01:00			`if (_.isEmpty(ctx.request.body)) {`
			`return ctx.badRequest(null, [{ messages: [{ id: 'Cannot be empty' }] }]);`
			`}`
Edit role 2017-11-23 17:13:46 +01:00
Created handler for POST role 2017-11-23 11:03:26 +01:00			`try {`
Handle create role 2017-11-27 16:49:56 +01:00			`await strapi.plugins['users-permissions'].services.userspermissions.createRole(ctx.request.body);`
Display logs for every missing tables or attributes & update delete/add role feature 2018-01-23 15:38:43 +01:00
Created handler for POST role 2017-11-23 11:03:26 +01:00			`ctx.send({ ok: true });`
			`} catch(err) {`
			`ctx.badRequest(null, [{ messages: [{ id: 'An error occured' }] }]);`
			`}`
			`},`
Generate plugin users-permissions and add it to strapi-packages 2017-11-06 11:14:43 +01:00
Delete dynamic (front end) 2017-11-23 18:08:14 +01:00			`deleteProvider: async ctx => {`
			`const { provider } = ctx.params;`

			`if (!provider) {`
			`return ctx.badRequest(null, [{ messages: [{ id: 'Bad request' }] }]);`
			`}`

			`// TODO handle dynamic`
Display logs for every missing tables or attributes & update delete/add role feature 2018-01-23 15:38:43 +01:00			`ctx.send({ ok: true });`
Delete dynamic (front end) 2017-11-23 18:08:14 +01:00			`},`

			`deleteRole: async ctx => {`
Rename Guest to Public role 2018-03-12 16:37:20 +01:00			`// Fetch root and public role.`
			`const [root, publicRole] = await Promise.all([`
Display logs for every missing tables or attributes & update delete/add role feature 2018-01-23 15:38:43 +01:00			`strapi.query('role', 'users-permissions').findOne({ type: 'root' }),`
Rename Guest to Public role 2018-03-12 16:37:20 +01:00			`strapi.query('role', 'users-permissions').findOne({ type: 'public' })`
Display logs for every missing tables or attributes & update delete/add role feature 2018-01-23 15:38:43 +01:00			`]);`

			`const rootID = root.id \|\| root._id;`
Rename Guest to Public role 2018-03-12 16:37:20 +01:00			`const publicRoleID = publicRole.id \|\| publicRole._id;`
Delete dynamic (front end) 2017-11-23 18:08:14 +01:00
Display logs for every missing tables or attributes & update delete/add role feature 2018-01-23 15:38:43 +01:00			`const roleID = ctx.params.role;`

			`if (!roleID) {`
Delete dynamic (front end) 2017-11-23 18:08:14 +01:00			`return ctx.badRequest(null, [{ messages: [{ id: 'Bad request' }] }]);`
			`}`

Display logs for every missing tables or attributes & update delete/add role feature 2018-01-23 15:38:43 +01:00			`// Prevent from removing the root role.`
Rename Guest to Public role 2018-03-12 16:37:20 +01:00			`if (roleID.toString() === rootID.toString() \|\| roleID.toString() === publicRoleID.toString()) {`
Handle delete role 2017-11-27 17:02:45 +01:00			`return ctx.badRequest(null, [{ messages: [{ id: 'Unauthorized' }] }]);`
			`}`

			`try {`
Rename Guest to Public role 2018-03-12 16:37:20 +01:00			`await strapi.plugins['users-permissions'].services.userspermissions.deleteRole(roleID, publicRoleID);`
Display logs for every missing tables or attributes & update delete/add role feature 2018-01-23 15:38:43 +01:00
			`ctx.send({ ok: true });`
Handle delete role 2017-11-27 17:02:45 +01:00			`} catch(err) {`
Display logs for every missing tables or attributes & update delete/add role feature 2018-01-23 15:38:43 +01:00			`ctx.badRequest(null, [{ messages: [{ id: 'Bad request' }] }]);`
Handle delete role 2017-11-27 17:02:45 +01:00			`}`
Delete dynamic (front end) 2017-11-23 18:08:14 +01:00			`},`

Edit role 2017-11-23 17:13:46 +01:00			`getPermissions: async (ctx) => {`
Get role and format data with immutable 2017-11-15 15:11:10 +01:00			`try {`
Retrieve plugins' icons URL from API and name Redux store 2018-01-05 16:19:53 +01:00			`const { lang } = ctx.query;`
			`const plugins = await strapi.plugins['users-permissions'].services.userspermissions.getPlugins(lang);`
			`const permissions = await strapi.plugins['users-permissions'].services.userspermissions.getActions(plugins);`
Display logs for every missing tables or attributes & update delete/add role feature 2018-01-23 15:38:43 +01:00
Change permissions data format 2017-11-16 17:59:41 +01:00			`ctx.send({ permissions });`
Get role and format data with immutable 2017-11-15 15:11:10 +01:00			`} catch(err) {`
			`ctx.badRequest(null, [{ message: [{ id: 'Not Found' }] }]);`
			`}`
			`},`

Add get policy functions 2017-11-29 18:45:51 +01:00			`getPolicies: async (ctx) => {`
Display logs for every missing tables or attributes & update delete/add role feature 2018-01-23 15:38:43 +01:00			`ctx.send({`
Add get policy functions 2017-11-29 18:45:51 +01:00			`policies: _.without(_.keys(strapi.plugins['users-permissions'].config.policies), 'permissions')`
			`});`
			`},`

Edit role 2017-11-23 17:13:46 +01:00			`getRole: async (ctx) => {`
Change frontend routing and prepare for edit 2017-11-15 14:00:51 +01:00			`const { id } = ctx.params;`
Retrieve plugins' icons URL from API and name Redux store 2018-01-05 16:19:53 +01:00			`const { lang } = ctx.query;`
			`const plugins = await strapi.plugins['users-permissions'].services.userspermissions.getPlugins(lang);`
			`const role = await strapi.plugins['users-permissions'].services.userspermissions.getRole(id, plugins);`
Get role and format data with immutable 2017-11-15 15:11:10 +01:00
			`if (_.isEmpty(role)) {`
Fix PR feedback 2017-11-20 14:35:24 +01:00			return ctx.badRequest(null, [{ messages: [{ id: `Role don't exist` }] }]);
Get role and format data with immutable 2017-11-15 15:11:10 +01:00			`}`
Change frontend routing and prepare for edit 2017-11-15 14:00:51 +01:00
Display logs for every missing tables or attributes & update delete/add role feature 2018-01-23 15:38:43 +01:00			`ctx.send({ role });`
Change frontend routing and prepare for edit 2017-11-15 14:00:51 +01:00			`},`
Generate plugin users-permissions and add it to strapi-packages 2017-11-06 11:14:43 +01:00
Get roles (frontend and backend) 2017-11-27 16:04:57 +01:00			`getRoles: async (ctx) => {`
			`try {`
			`const roles = await strapi.plugins['users-permissions'].services.userspermissions.getRoles();`

			`ctx.send({ roles });`
			`} catch(err) {`
			`ctx.badRequest(null, [{ messages: [{ id: 'Not found' }] }]);`
			`}`
			`},`

Add handler to get the plugins routes 2017-11-30 16:34:43 +01:00			`getRoutes: async (ctx) => {`
			`try {`
			`const routes = await strapi.plugins['users-permissions'].services.userspermissions.getRoutes();`

			`ctx.send({ routes });`
			`} catch(err) {`
			`ctx.badRequest(null, [{ messages: [{ id: 'Not found' }] }]);`
			`}`
			`},`

Generate plugin users-permissions and add it to strapi-packages 2017-11-06 11:14:43 +01:00			`index: async (ctx) => {`
			`// Add your own logic here.`

			// Send 200 `ok`
			`ctx.send({`
			`message: 'ok'`
			`});`
Add fake route to check if admin user exists 2017-11-14 17:09:13 +01:00			`},`

			`init: async (ctx) => {`
Improve init action to check if there is an administrator 2018-01-17 19:22:35 +01:00			`const role = await strapi.query('role', 'users-permissions').findOne({ type: 'root' }, ['users']);`
Fix query bookshelf and modify init role file 2017-11-29 15:42:11 +01:00
Improve init action to check if there is an administrator 2018-01-17 19:22:35 +01:00			`ctx.send({ hasAdmin: !_.isEmpty(role.users) });`
Edit role 2017-11-23 17:13:46 +01:00			`},`

Add searchUsers and created mongoose query 2017-11-27 12:19:36 +01:00			`searchUsers: async (ctx) => {`
			`const data = await strapi.query('user', 'users-permissions').search(ctx.params);`
Display logs for every missing tables or attributes & update delete/add role feature 2018-01-23 15:38:43 +01:00
			`ctx.send(data);`
Add searchUsers and created mongoose query 2017-11-27 12:19:36 +01:00			`},`

Update permissions from UI in database 2018-01-22 18:19:44 +01:00			`updateRole: async function (ctx) {`
			`// Fetch root role.`
			`const root = await strapi.query('role', 'users-permissions').findOne({ type: 'root' });`

			`const roleID = ctx.params.role;`
			`const rootID = root.id \|\| root._id;`

			`// Prevent from updating the root role.`
			`if (roleID === rootID) {`
Handle update role 2017-11-27 17:50:51 +01:00			`return ctx.badRequest(null, [{ messages: [{ id: 'Unauthorized' }] }]);`
			`}`

			`if (_.isEmpty(ctx.request.body)) {`
			`return ctx.badRequest(null, [{ messages: [{ id: 'Bad request' }] }]);`
			`}`

Edit role 2017-11-23 17:13:46 +01:00			`try {`
Update permissions from UI in database 2018-01-22 18:19:44 +01:00			`await strapi.plugins['users-permissions'].services.userspermissions.updateRole(roleID, ctx.request.body);`

Edit role 2017-11-23 17:13:46 +01:00			`ctx.send({ ok: true });`
			`} catch(error) {`
			`ctx.badRequest(null, [{ messages: [{ id: 'An error occurred' }] }]);`
			`}`
Get email template 2018-01-15 11:59:10 +01:00			`},`

			`getEmailTemplate: async (ctx) => {`
New format store constructor strapi.store(source).get(params) strapi.store(source).set({params, value}) Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com> 2018-02-06 13:10:43 +01:00			`ctx.send(await strapi.store({`
Environment agnostic for users-permissions configs 2018-02-13 15:04:21 +01:00			`environment: '',`
New format store constructor strapi.store(source).get(params) strapi.store(source).set({params, value}) Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com> 2018-02-06 13:10:43 +01:00			`type: 'plugin',`
			`name: 'users-permissions',`
			`key: 'email'`
			`}).get());`
Update email template config 2018-01-15 12:05:01 +01:00			`},`

			`updateEmailTemplate: async (ctx) => {`
			`if (_.isEmpty(ctx.request.body)) {`
			`return ctx.badRequest(null, [{ messages: [{ id: 'Cannot be empty' }] }]);`
			`}`

New format store constructor strapi.store(source).get(params) strapi.store(source).set({params, value}) Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com> 2018-02-06 13:10:43 +01:00			`await strapi.store({`
Environment agnostic for users-permissions configs 2018-02-13 15:04:21 +01:00			`environment: '',`
New format store constructor strapi.store(source).get(params) strapi.store(source).set({params, value}) Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com> 2018-02-06 13:10:43 +01:00			`type: 'plugin',`
			`name: 'users-permissions',`
			`key: 'email'`
Add eslint to users-permissions backend 2018-04-30 18:26:56 +02:00			`}).set({value: ctx.request.body});`
Update email template config 2018-01-15 12:05:01 +01:00
Add submit dynamic 2018-01-18 16:23:31 +01:00			`ctx.send({ ok: true });`
Get and update advanced settings 2018-01-15 16:23:54 +01:00			`},`

			`getAdvancedSettings: async (ctx) => {`
Add default role in advanced settings 2018-03-12 15:56:25 +01:00			`ctx.send({`
			`settings: await strapi.store({`
			`environment: '',`
			`type: 'plugin',`
			`name: 'users-permissions',`
			`key: 'advanced'`
			`}).get(),`
			`roles: await strapi.plugins['users-permissions'].services.userspermissions.getRoles()`
			`});`
Get and update advanced settings 2018-01-15 16:23:54 +01:00			`},`

			`updateAdvancedSettings: async (ctx) => {`
			`if (_.isEmpty(ctx.request.body)) {`
			`return ctx.badRequest(null, [{ messages: [{ id: 'Cannot be empty' }] }]);`
			`}`

New format store constructor strapi.store(source).get(params) strapi.store(source).set({params, value}) Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com> 2018-02-06 13:10:43 +01:00			`await strapi.store({`
Environment agnostic for users-permissions configs 2018-02-13 15:04:21 +01:00			`environment: '',`
New format store constructor strapi.store(source).get(params) strapi.store(source).set({params, value}) Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com> 2018-02-06 13:10:43 +01:00			`type: 'plugin',`
			`name: 'users-permissions',`
			`key: 'advanced'`
Add eslint to users-permissions backend 2018-04-30 18:26:56 +02:00			`}).set({value: ctx.request.body});`
Get and update advanced settings 2018-01-15 16:23:54 +01:00
Add submit dynamic 2018-01-18 16:23:31 +01:00			`ctx.send({ ok: true });`
Get providers 2018-01-19 15:14:51 +01:00			`},`

			`getProviders: async (ctx) => {`
New format store constructor strapi.store(source).get(params) strapi.store(source).set({params, value}) Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com> 2018-02-06 13:10:43 +01:00			`ctx.send(await strapi.store({`
Environment agnostic for users-permissions configs 2018-02-13 15:04:21 +01:00			`environment: '',`
New format store constructor strapi.store(source).get(params) strapi.store(source).set({params, value}) Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com> 2018-02-06 13:10:43 +01:00			`type: 'plugin',`
			`name: 'users-permissions',`
			`key: 'grant'`
			`}).get());`
Put providers 2018-01-22 10:23:04 +01:00			`},`

			`updateProviders: async (ctx) => {`
			`if (_.isEmpty(ctx.request.body)) {`
			`return ctx.badRequest(null, [{ messages: [{ id: 'Cannot be empty' }] }]);`
			`}`

New format store constructor strapi.store(source).get(params) strapi.store(source).set({params, value}) Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com> 2018-02-06 13:10:43 +01:00			`await strapi.store({`
Environment agnostic for users-permissions configs 2018-02-13 15:04:21 +01:00			`environment: '',`
New format store constructor strapi.store(source).get(params) strapi.store(source).set({params, value}) Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com> 2018-02-06 13:10:43 +01:00			`type: 'plugin',`
			`name: 'users-permissions',`
			`key: 'grant'`
Add eslint to users-permissions backend 2018-04-30 18:26:56 +02:00			`}).set({value: ctx.request.body});`
Put providers 2018-01-22 10:23:04 +01:00
			`ctx.send({ ok: true });`
Generate plugin users-permissions and add it to strapi-packages 2017-11-06 11:14:43 +01:00			`}`
			`};`