Merge branch 'master' into patch-7

README.md

@@ -72,7 +72,7 @@ Complete installation requirements can be found in the documentation under <a hr
 
 - Ubuntu 18.04/Debian 9.x
 - CentOS/RHEL 8
-- Mac O/S Mojave
+- macOS Mojave
 - Windows 10
 - Docker - [Docker-Repo](https://github.com/strapi/strapi-docker)
 

docs/.vuepress/config.js

@@ -200,6 +200,7 @@ module.exports = {
             '/3.0.0-beta.x/guides/external-data',
             '/3.0.0-beta.x/guides/custom-data-response',
             '/3.0.0-beta.x/guides/custom-admin',
+            '/3.0.0-beta.x/guides/draft',
             '/3.0.0-beta.x/guides/slug',
             '/3.0.0-beta.x/guides/webhooks',
           ],

docs/3.0.0-beta.x/guides/draft.md

@@ -0,0 +1,123 @@
+# Draft system
+
+This guide will explain how to create draft system. That will you manage draft, published, archive status.
+
+## Introduction
+
+What we want here is to fetch only data that have a `published` status.
+
+But we don't want to use [parameters](../content-api/parameters.md) (eg. /articles?status=published) because you can easily fake the params.
+
+To be able to do that, you have first to understand some concepts.
+
+When you create a content type, it generates an API with the following list of [endpoints](../content-api/endpoint.md).
+
+Each of these endpoint triggers a controller action. Here is the list of [controller actions](../concepts/controller.md) that exist by default when a content type is created.
+
+If you check the controller file of your generated API `./api/{content-type}/controller/{Content-Type}.js`, you will see an empty file. It is because all the default logic is managed by Strapi. But you can override these actions with your own code.
+
+And that is what we will do to filter to `published` status by default.
+
+## Example
+
+In our example we will use an Article content type. By default when you fetch articles, you will got all articles.
+Let's consider you don't want to expose articles that are in `draft` or `archive` status.
+
+To enforce this rule we will customize the action that fetchs all articles to just fetch `published` articles.
+
+To follow the example your will have to create a content type `articles` and add the following field definition:
+
+- `string` attribute named `title`
+- `text` attribute named `content`
+- `enumeration` attribute named `status` with `draft`, `published`, `archive`
+
+Then add some data with different `status`.
+
+## Override controller action
+
+To customize the function that fetch all our articles we will have to override the `find` function.
+
+First, to see the difference, let's request `GET /articles`. You will see all the data you created.
+Now let's start the customization.
+
+**Path —** `./api/article/controller/Article.js`
+
+```js
+module.exports = {
+  async find() {
+    return 'strapi';
+  },
+};
+```
+
+After saving the new function, let's restart the `GET /articles` request. We will see `strapi` as response.
+
+## Get the data back
+
+We now know the function we have to update, but we just want to customize the returned article values.
+
+In the [controller documentation](../concepts/controllers.html#extending-a-model-controller) you will find the default implementation of every actions. It will help you overwrite the fetch logic.
+
+**Path —** `./api/article/controller/Article.js`
+
+```js
+const { sanitizeEntity } = require('strapi-utils');
+
+module.exports = {
+  async find(ctx) {
+    let entities;
+    if (ctx.query._q) {
+      entities = await strapi.services.article.search(ctx.query);
+    } else {
+      entities = await strapi.services.article.find(ctx.query);
+    }
+
+    return entities.map(entity =>
+      sanitizeEntity(entity, { model: strapi.models.article })
+    );
+  },
+};
+```
+
+And now the data is back on `GET /articles`
+
+## Apply our changes
+
+Here we want force to fetch articles that have status equal to `published`.
+
+The way to do that is to set `ctx.query.status` to `published`.
+It will force the filter of the query.
+
+**Path —** `./api/restaurant/controller/Restaurant.js`
+
+```js
+const { sanitizeEntity } = require('strapi-utils');
+
+module.exports = {
+  async find(ctx) {
+    let entities;
+
+    ctx.query = {
+      ...ctx.query,
+      status: 'published
+    };
+
+    if (ctx.query._q) {
+      entities = await strapi.services.article.search(ctx.query);
+    } else {
+      entities = await strapi.services.article.find(ctx.query);
+    }
+
+    return entities.map(entity =>
+      sanitizeEntity(entity, { model: strapi.models.article })
+    );
+  },
+};
+```
+
+And tada! Draft and archived articles disapeared.
+
+::: tip
+This guide can be applied to any other controller action.
+:::
+

docs/3.0.0-beta.x/plugins/upload.md

@@ -76,7 +76,7 @@ You have to send FormData in your request body
 
 ## Upload files related to an entry
 
-To upload files that will be liked to an specific entry.
+To upload files that will be linked to an specific entry.
 
 ### Request parameters
 

packages/strapi-generate-model/templates/mongoose/model.template

@@ -6,11 +6,11 @@
 
 module.exports = {
   // Before saving a value.
-  // Fired before an `insert` or `update` query.
+  // Fired before an `insert`.
   // beforeSave: async (model) => {},
 
   // After saving a value.
-  // Fired after an `insert` or `update` query.
+  // Fired after an `insert`.
   // afterSave: async (model, result) => {},
 
   // Before fetching all values.

packages/strapi-hook-bookshelf/lib/queries.js

@@ -546,8 +546,8 @@ const buildSearchQuery = (qb, model, params) => {
     case 'pg': {
       const searchQuery = searchText.map(attribute =>
         _.toLower(attribute) === attribute
-          ? `to_tsvector(${attribute})`
-          : `to_tsvector("${attribute}")`
+          ? `to_tsvector(coalesce(${attribute}, ''))`
+          : `to_tsvector(coalesce("${attribute}", ''))`
       );
 
       qb.orWhereRaw(`${searchQuery.join(' || ')} @@ plainto_tsquery(?)`, query);

packages/strapi-plugin-users-permissions/config/policies/permissions.js

@@ -16,11 +16,11 @@ module.exports = async (ctx, next) => {
       if (isAdmin) {
         ctx.state.admin = await strapi
           .query('administrator', 'admin')
-          .findOne({ id });
+          .findOne({ id }, ['role']);
       } else {
         ctx.state.user = await strapi
           .query('user', 'users-permissions')
-          .findOne({ id });
+          .findOne({ id }, ['role']);
       }
     } catch (err) {
       return handleErrors(ctx, err, 'unauthorized');