From 809432255c87d899ce378c6d98bf37b9e49d40f5 Mon Sep 17 00:00:00 2001 From: Toms Burgmanis Date: Sun, 16 Feb 2020 16:43:39 +0200 Subject: [PATCH 1/6] Fix hardcoded styles Fixed LeftMenuLinkContainer/Wrapper.js using hardcoded values, instead of the ones defined in Themes/Sizes.js. Signed-off-by: Toms Burgmanis --- .../admin/src/components/LeftMenuLinkContainer/Wrapper.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/strapi-admin/admin/src/components/LeftMenuLinkContainer/Wrapper.js b/packages/strapi-admin/admin/src/components/LeftMenuLinkContainer/Wrapper.js index a350a0b4e2..484466b023 100644 --- a/packages/strapi-admin/admin/src/components/LeftMenuLinkContainer/Wrapper.js +++ b/packages/strapi-admin/admin/src/components/LeftMenuLinkContainer/Wrapper.js @@ -4,12 +4,12 @@ import PropTypes from 'prop-types'; const Wrapper = styled.div` padding-top: 0.7rem; position: absolute; - top: 6rem; + top: ${props => props.theme.main.sizes.header.height}; right: 0; bottom: 0; left: 0; overflow-y: auto; - height: calc(100vh - (6rem + 10.2rem)); + height: calc(100vh - (${props => props.theme.main.sizes.header.height} + 10.2rem)); box-sizing: border-box; .title { From b55ce1949e3312de88354b32b352fa03e69708e8 Mon Sep 17 00:00:00 2001 From: Toms Burgmanis Date: Sun, 16 Feb 2020 23:01:55 +0200 Subject: [PATCH 2/6] Fixed incorrect variable being used for left-hand side menu Signed-off-by: Toms Burgmanis --- .../admin/src/components/LeftMenuHeader/Wrapper.js | 4 ++-- .../admin/src/components/LeftMenuLinkContainer/Wrapper.js | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/strapi-admin/admin/src/components/LeftMenuHeader/Wrapper.js b/packages/strapi-admin/admin/src/components/LeftMenuHeader/Wrapper.js index 0b6530f673..20db1a2e4e 100644 --- a/packages/strapi-admin/admin/src/components/LeftMenuHeader/Wrapper.js +++ b/packages/strapi-admin/admin/src/components/LeftMenuHeader/Wrapper.js @@ -5,7 +5,7 @@ import Logo from '../../assets/images/logo-strapi.png'; const Wrapper = styled.div` background-color: #007eff; - height: ${props => props.theme.main.sizes.header.height}; + height: ${props => props.theme.main.sizes.leftMenu.height}; .leftMenuHeaderLink { &:hover { @@ -18,7 +18,7 @@ const Wrapper = styled.div` height: 100%; width: 100%; text-align: center; - height: ${props => props.theme.main.sizes.header.height}; + height: ${props => props.theme.main.sizes.leftMenu.height}; vertical-align: middle; font-size: 2rem; letter-spacing: 0.2rem; diff --git a/packages/strapi-admin/admin/src/components/LeftMenuLinkContainer/Wrapper.js b/packages/strapi-admin/admin/src/components/LeftMenuLinkContainer/Wrapper.js index 484466b023..c3963e43d5 100644 --- a/packages/strapi-admin/admin/src/components/LeftMenuLinkContainer/Wrapper.js +++ b/packages/strapi-admin/admin/src/components/LeftMenuLinkContainer/Wrapper.js @@ -4,12 +4,12 @@ import PropTypes from 'prop-types'; const Wrapper = styled.div` padding-top: 0.7rem; position: absolute; - top: ${props => props.theme.main.sizes.header.height}; + top: ${props => props.theme.main.sizes.leftMenu.height}; right: 0; bottom: 0; left: 0; overflow-y: auto; - height: calc(100vh - (${props => props.theme.main.sizes.header.height} + 10.2rem)); + height: calc(100vh - (${props => props.theme.main.sizes.leftMenu.height} + 10.2rem)); box-sizing: border-box; .title { From ff466efb618062551bc465171d91f46e88221653 Mon Sep 17 00:00:00 2001 From: Jim LAURIE Date: Wed, 19 Feb 2020 17:08:16 +0100 Subject: [PATCH 3/6] docs(guide): add guide for isOwner policy Signed-off-by: Jim LAURIE --- docs/.vuepress/config.js | 1 + docs/3.0.0-beta.x/guides/is-owner.md | 128 +++++++++++++++++++++++++++ 2 files changed, 129 insertions(+) create mode 100644 docs/3.0.0-beta.x/guides/is-owner.md diff --git a/docs/.vuepress/config.js b/docs/.vuepress/config.js index e921c2ca85..fb746ff47e 100644 --- a/docs/.vuepress/config.js +++ b/docs/.vuepress/config.js @@ -205,6 +205,7 @@ module.exports = { '/3.0.0-beta.x/guides/custom-data-response', '/3.0.0-beta.x/guides/custom-admin', '/3.0.0-beta.x/guides/client', + '/3.0.0-beta.x/guides/is-owner', '/3.0.0-beta.x/guides/draft', '/3.0.0-beta.x/guides/scheduled-publication', '/3.0.0-beta.x/guides/slug', diff --git a/docs/3.0.0-beta.x/guides/is-owner.md b/docs/3.0.0-beta.x/guides/is-owner.md new file mode 100644 index 0000000000..06cfd8060a --- /dev/null +++ b/docs/3.0.0-beta.x/guides/is-owner.md @@ -0,0 +1,128 @@ +# Create is owner policy + +This guide will explain how to create an update restriction for the entry's author only. + +## Introduction + +In many cases you would like that only the author of an entry has the ability to update or delete it's own entries. + +This is a feature that is requested many times and in this guide you will see how implement it by yourself. + +## Example + +For this example, we will need an Article Content Type. + +Add a `text` field and a `relation` field for this Content Type. + +The `relation` field is a **many-to-one** relation with User.
+One User can have many Articles and one Article can have only one User.
+Name the field `author` for the Article Content Type and `articles` on the User side. + +Now we are ready to start customization. + +## Apply the author by default + +When we are creating a new Article via `POST /articles` we would like to apply the authenticated user that execute the request as author of this article. + +To do that we will customize the `create` controller function of the Article API. + +**Concepts we will use:** +Here is the code of [core controllers](../concepts/controllers.html#core-controllers). +We will also use this [documentation](../plugins/users-permissions.html#user-object-in-strapi-context) to access the current authenticated user information. + +**Path —** `./api/article/controllers/Article.js` + +```js +const { parseMultipartData, sanitizeEntity } = require('strapi-utils'); + +module.exports = { + /** + * Create a record. + * + * @return {Object} + */ + + async create(ctx) { + let entity; + if (ctx.is('multipart')) { + const { data, files } = parseMultipartData(ctx); + data.author = ctx.state.user.id; + entity = await strapi.services.article.create(data, { files }); + } else { + ctx.request.body.author = ctx.state.user.id; + entity = await strapi.services.article.create(ctx.request.body); + } + return sanitizeEntity(entity, { model: strapi.models.article }); + }, +}; +``` + +Now, when an article is created, the authenticated user is automaticaly set as author of the article. + +## Limit the update + +Now we will restrict the update of articles only for the author. + +We will use the same concepts as previously. + +**Path —** `./api/article/controllers/Article.js` + +```js +const { parseMultipartData, sanitizeEntity } = require('strapi-utils'); + +module.exports = { + /** + * Create a record. + * + * @return {Object} + */ + + async create(ctx) { + let entity; + if (ctx.is('multipart')) { + const { data, files } = parseMultipartData(ctx); + data.author = ctx.state.user.id; + entity = await strapi.services.article.create(data, { files }); + } else { + ctx.request.body.author = ctx.state.user.id; + entity = await strapi.services.article.create(ctx.request.body); + } + return sanitizeEntity(entity, { model: strapi.models.article }); + }, + + /** + * Update a record. + * + * @return {Object} + */ + + async update(ctx) { + let entity; + + const [article] = await strapi.services.article.find({ + id: ctx.params.id, + 'author.id': ctx.state.user.id, + }); + + if (!article) { + return ctx.unauthorized(`You can't update this entry`); + } + + if (ctx.is('multipart')) { + const { data, files } = parseMultipartData(ctx); + entity = await strapi.services.article.update(ctx.params, data, { + files, + }); + } else { + entity = await strapi.services.article.update( + ctx.params, + ctx.request.body + ); + } + + return sanitizeEntity(entity, { model: strapi.models.article }); + }, +}; +``` + +And tada! From d3e05d80fcd7e028612d2e3731046271ea2f1648 Mon Sep 17 00:00:00 2001 From: Jim LAURIE Date: Wed, 19 Feb 2020 22:38:58 +0100 Subject: [PATCH 4/6] enhancement: update pr temaplate Signed-off-by: Jim LAURIE --- .github/PULL_REQUEST_TEMPLATE.md | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 8502240d15..e161e1a562 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -9,29 +9,3 @@ To help us merge your PR, make sure to follow the instructions below: --> #### Description of what you did: - - - -#### My PR is a: - -- [ ] 💥 Breaking change -- [ ] 🐛 Bug fix -- [ ] 💅 Enhancement -- [ ] 🚀 New feature - -#### Main update on the: - -- [ ] Admin -- [ ] Documentation -- [ ] Framework -- [ ] Plugin - -#### Manual testing done on the following databases: - -- [ ] Not applicable -- [ ] MongoDB -- [ ] MySQL -- [ ] Postgres -- [ ] SQLite From 25e77a9bd1939e218a4237aa2f7a3af3b59a0965 Mon Sep 17 00:00:00 2001 From: Jim LAURIE Date: Thu, 20 Feb 2020 16:23:07 +0100 Subject: [PATCH 5/6] docs: add tip is owner delete Signed-off-by: Jim LAURIE --- docs/3.0.0-beta.x/guides/is-owner.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/3.0.0-beta.x/guides/is-owner.md b/docs/3.0.0-beta.x/guides/is-owner.md index 06cfd8060a..2e03bf80a4 100644 --- a/docs/3.0.0-beta.x/guides/is-owner.md +++ b/docs/3.0.0-beta.x/guides/is-owner.md @@ -126,3 +126,7 @@ module.exports = { ``` And tada! + +::: tip +For the delete action, it will be the exact same check than the update action. +::: From f6de4c8213ef6d8b1bc21226d3457e2afa3a716b Mon Sep 17 00:00:00 2001 From: Jim LAURIE Date: Thu, 20 Feb 2020 19:06:40 +0100 Subject: [PATCH 6/6] docs: update is owner pr feedback Signed-off-by: Jim LAURIE --- docs/3.0.0-beta.x/guides/is-owner.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/3.0.0-beta.x/guides/is-owner.md b/docs/3.0.0-beta.x/guides/is-owner.md index 2e03bf80a4..5bd136e576 100644 --- a/docs/3.0.0-beta.x/guides/is-owner.md +++ b/docs/3.0.0-beta.x/guides/is-owner.md @@ -1,12 +1,12 @@ # Create is owner policy -This guide will explain how to create an update restriction for the entry's author only. +This guide will explain how to restrict content edition to content authors only. ## Introduction -In many cases you would like that only the author of an entry has the ability to update or delete it's own entries. +It is often required that the author of an entry is the only user allowed to edit or delete the entry. -This is a feature that is requested many times and in this guide you will see how implement it by yourself. +This is a feature that is requested a lot and in this guide we will see how to implement it. ## Example @@ -22,9 +22,9 @@ Now we are ready to start customization. ## Apply the author by default -When we are creating a new Article via `POST /articles` we would like to apply the authenticated user that execute the request as author of this article. +When we are creating a new Article via `POST /articles` we will need to set the authenticated user as the author of the article. -To do that we will customize the `create` controller function of the Article API. +To do so we will customize the `create` controller function of the Article API. **Concepts we will use:** Here is the code of [core controllers](../concepts/controllers.html#core-controllers).