yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-12-27 15:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix permissions update for custom token (uniqueness)

Browse Source
This commit is contained in:
Convly 2022-08-25 14:23:36 +02:00
parent 4c6c5e5218
commit 2c71d7d069
1 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
packages/core/admin/server/services/api-token.js
View File

@ -2,7 +2,7 @@
const crypto = require('crypto');
const { isNil } = require('lodash/fp');
const { omit, difference, isEmpty, map, isArray } = require('lodash/fp');
const { omit, difference, isEmpty, map, isArray, uniq } = require('lodash/fp');
const { ValidationError, NotFoundError } = require('@strapi/utils').errors;
const constants = require('./constants');
@ -357,14 +357,17 @@ const update = async (id, attributes) => {
// custom tokens need to have their permissions updated as well
if (updatedToken.type === constants.API_TOKEN_TYPE.CUSTOM && attributes.permissions) {
const currentPermissionsResult =
(await strapi.entityService.load('admin::api-token', updatedToken, 'permissions')) || [];
const actionsToDelete = difference(
map('action', currentPermissionsResult),
attributes.permissions
const currentPermissionsResult = await strapi.entityService.load(
'admin::api-token',
updatedToken,
'permissions'
);
const actionsToAdd = difference(attributes.permissions, originalToken.permissions);
const currentPermissions = map('action', currentPermissionsResult || []);
const newPermissions = uniq(attributes.permissions);
const actionsToDelete = difference(currentPermissions, newPermissions);
const actionsToAdd = difference(newPermissions, currentPermissions);
// TODO: improve efficiency here
// method using a loop -- works but very inefficient