yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-09-26 00:39:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

show creator fields only if user has admin read permissions

Browse Source
This commit is contained in:
Fernando Chavez 2023-06-13 04:12:47 +02:00
parent 43f40db27f
commit 2319c6d15e
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
packages/core/admin/admin/src/content-manager/components/AttributeFilter/hooks/useAllowedAttributes.js
View File

@ -5,6 +5,7 @@ import { useIntl } from 'react-intl';
const NOT_ALLOWED_FILTERS = ['json', 'component', 'media', 'richtext', 'dynamiczone', 'password'];
const TIMESTAMPS = ['createdAt', 'updatedAt'];
const CREATOR_ATTRIBUTES = ['createdBy', 'updatedBy'];
const useAllowedAttributes = (contentType, slug) => {
const { allPermissions } = useRBACProvider();
@ -21,6 +22,14 @@ const useAllowedAttributes = (contentType, slug) => {
},
]);
const canReadAdminUsers =
findMatchingPermissions(allPermissions, [
{
action: 'admin::users.read',
subject: null,
},
]).length > 0;
const readPermissionForAttr = get(readPermissionsForSlug, ['0', 'properties', 'fields'], []);
const attributesArray = Object.keys(get(contentType, ['attributes']), {});
const allowedAttributes = attributesArray
@ -39,6 +48,10 @@ const useAllowedAttributes = (contentType, slug) => {
return false;
}
if (CREATOR_ATTRIBUTES.includes(attr) && !canReadAdminUsers) {
return false;
}
return true;
})
.sort((a, b) => formatter.compare(a, b));