Revert action/subject to action only

2025-12-27 23:24:03 +00:00 · 2022-08-02 16:51:06 +02:00 · 2022-08-02 16:51:06 +02:00 · 7d40f78384
commit 7d40f78384
parent 9aff190dc3
3 changed files with 5 additions and 22 deletions
--- a/packages/plugins/users-permissions/server/services/permission.js
+++ b/packages/plugins/users-permissions/server/services/permission.js
@ -30,26 +30,16 @@ module.exports = ({ strapi }) => ({
  },

  /**
-   * Transform a Users-Permissions' permission into a content API one
-   *
-   * @example
-   * const upPermission = { action: 'api::foo.foo.find' };
-   *
-   * const permission = toContentAPIPermission(upPermission);
-   * // ^? { action: 'find', subject: 'api::foo.foo' }
+   * Transform a Users-Permissions' action into a content API one
   *
   * @param {object} permission
   * @param {string} permission.action
   *
-   * @return {{ action: string, subject: string }}
+   * @return {{ action: string }}
   */
  toContentAPIPermission(permission) {
    const { action } = permission;
-    const actionIndex = action.lastIndexOf('.');

-    return {
-      action: action.slice(actionIndex + 1),
-      subject: action.slice(0, actionIndex),
-    };
+    return { action };
  },
 });
--- a/packages/plugins/users-permissions/server/services/users-permissions.js
+++ b/packages/plugins/users-permissions/server/services/users-permissions.js
@ -172,10 +172,7 @@ module.exports = ({ strapi }) => ({

    // Register actions into the content API action provider
    // TODO: do this in the content API bootstrap phase instead
-    allActions
-      // 'api::foo.foo.find' => { action: 'find', subject: 'api.foo.foo' } => 'find';
-      .map(action => getService('permission').toContentAPIPermission({ action }).action)
-      .forEach(action => strapi.contentAPI.permissions.providers.action.register(action));
+    allActions.forEach(action => strapi.contentAPI.permissions.providers.action.register(action));

    await Promise.all(
      toDelete.map(action => {
--- a/packages/plugins/users-permissions/server/strategies/users-permissions.js
+++ b/packages/plugins/users-permissions/server/strategies/users-permissions.js
@ -99,11 +99,7 @@ const verify = async (auth, config) => {
    // Make sure we're dealing with an array
    castArray,
    // Transform the scope array into an action array
-    map(scope => ({ action: scope })),
-    // Map the users-permissions permissions into content API permissions
-    map(getService('permission').toContentAPIPermission),
-    // Check that every required scope is allowed by the ability
-    every(({ action, subject }) => ability.can(action, subject))
+    every(scope => ability.can(scope))
  )(config.scope);

  if (!isAllowed) {