Cleanup sanitize function in permission-checker

Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>
2025-12-30 00:37:24 +00:00 · 2020-11-03 16:48:14 +01:00 · 2020-11-03 16:48:14 +01:00 · 44768b9614
commit 44768b9614
parent 4a32691c07
3 changed files with 13 additions and 12 deletions
--- a/packages/strapi-plugin-content-manager/controllers/collection-types.js
+++ b/packages/strapi-plugin-content-manager/controllers/collection-types.js
@ -71,7 +71,7 @@ module.exports = {
    }

    const pickWritables = pickWritableAttributes({ model });
-    const pickPermittedFields = permissionChecker.sanitizeInput.create;
+    const pickPermittedFields = permissionChecker.sanitizeCreateInput;
    const setCreator = setCreatorFields({ user });

    const sanitizeFn = pipe([pickWritables, pickPermittedFields, setCreator]);
@ -107,7 +107,7 @@ module.exports = {
    }

    const pickWritables = pickWritableAttributes({ model });
-    const pickPermittedFields = data => permissionChecker.sanitizeInput.update(data, entity);
+    const pickPermittedFields = permissionChecker.sanitizeUpdateInput(entity);
    const setCreator = setCreatorFields({ user, isEdition: true });

    const sanitizeFn = pipe([pickWritables, pickPermittedFields, setCreator]);
--- a/packages/strapi-plugin-content-manager/controllers/single-types.js
+++ b/packages/strapi-plugin-content-manager/controllers/single-types.js
@ -61,8 +61,8 @@ module.exports = {
    const pickWritables = pickWritableAttributes({ model });

    const pickPermittedFields = entity
-      ? data => permissionChecker.sanitizeInput.update(data, entity)
-      : permissionChecker.sanitizeInput.create;
+      ? permissionChecker.sanitizeUpdateInput(entity)
+      : permissionChecker.sanitizeCreateInput;

    const setCreator = entity
      ? setCreatorFields({ user, isEdition: true })
--- a/packages/strapi-plugin-content-manager/services/permission-checker.js
+++ b/packages/strapi-plugin-content-manager/services/permission-checker.js
@ -40,23 +40,24 @@ const createPermissionChecker = ({ userAbility, model }) => {
    });
  };

+  const sanitizeCreateInput = data => sanitizeInput(ACTIONS.create, data);
+  const sanitizeUpdateInput = entity => data => sanitizeInput(ACTIONS.update, data, entity);
+
+  const buildPermissionQuery = permissionsManager.queryFrom;
+
  Object.keys(ACTIONS).forEach(action => {
    can[action] = (...args) => can(ACTIONS[action], ...args);
    cannot[action] = (...args) => cannot(ACTIONS[action], ...args);
-    sanitizeInput[action] = (...args) => sanitizeInput(ACTIONS[action], ...args);
  });

-  const checker = {
+  return {
    can,
    cannot,
    sanitizeOutput,
-    sanitizeInput,
-    buildPermissionQuery(query) {
-      return permissionsManager.queryFrom(query);
-    },
+    sanitizeCreateInput,
+    sanitizeUpdateInput,
+    buildPermissionQuery,
  };
-
-  return checker;
 };

 module.exports = {