yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-12-26 22:54:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add hasPermissions policy to concerned routes

Browse Source 
Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>
This commit is contained in:
Convly 2020-07-06 16:22:25 +02:00 committed by Alexandre Bodin
parent a300e356c7
commit 8797d25501
4 changed files with 139 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
packages/strapi-admin/config/routes.json
View File

@ -5,7 +5,10 @@
"path": "/plugins",
"handler": "Admin.plugins",
"config": {
"policies": []
"policies": [
"admin::isAuthenticatedAdmin",
["admin::hasPermissions", ["admin::marketplace.read"]]
]
}
},
{
@ -17,17 +20,19 @@
"method": "POST",
"path": "/plugins/install",
"handler": "Admin.installPlugin",
"config": {
"policies": []
}
"policies": [
"admin::isAuthenticatedAdmin",
["admin::hasPermissions", ["admin::marketplace.plugins.install"]]
]
},
{
"method": "DELETE",
"path": "/plugins/uninstall/:plugin",
"handler": "Admin.uninstallPlugin",
"config": {
"policies": []
}
"policies": [
"admin::isAuthenticatedAdmin",
["admin::hasPermissions", ["admin::marketplace.plugins.uninstall"]]
]
},
{
"method": "POST",
@ -69,7 +74,10 @@
"path": "/webhooks",
"handler": "Webhooks.listWebhooks",
"config": {
"policies": []
"policies": [
"admin::isAuthenticatedAdmin",
["admin::hasPermissions", ["admin::webhooks.read"]]
]
}
},
{
@ -77,7 +85,10 @@
"path": "/webhooks",
"handler": "Webhooks.createWebhook",
"config": {
"policies": []
"policies": [
"admin::isAuthenticatedAdmin",
["admin::hasPermissions", ["admin::webhooks.create"]]
]
}
},
{
@ -85,7 +96,10 @@
"path": "/webhooks/:id",
"handler": "Webhooks.getWebhook",
"config": {
"policies": []
"policies": [
"admin::isAuthenticatedAdmin",
["admin::hasPermissions", ["admin::webhooks.read"]]
]
}
},
{
@ -93,7 +107,10 @@
"path": "/webhooks/:id",
"handler": "Webhooks.updateWebhook",
"config": {
"policies": []
"policies": [
"admin::isAuthenticatedAdmin",
["admin::hasPermissions", ["admin::webhooks.update"]]
]
}
},
{
@ -101,7 +118,10 @@
"path": "/webhooks/:id",
"handler": "Webhooks.deleteWebhook",
"config": {
"policies": []
"policies": [
"admin::isAuthenticatedAdmin",
["admin::hasPermissions", ["admin::webhooks.delete"]]
]
}
},
{
@ -109,7 +129,10 @@
"path": "/webhooks/batch-delete",
"handler": "Webhooks.deleteWebhooks",
"config": {
"policies": []
"policies": [
"admin::isAuthenticatedAdmin",
["admin::hasPermissions", ["admin::webhooks.delete"]]
]
}
},
{
@ -147,34 +170,66 @@
{
"method": "POST",
"path": "/users",
"handler": "user.create"
"handler": "user.create",
"config": {
"policies": [
"admin::isAuthenticatedAdmin",
["admin::hasPermissions", ["admin::users.create"]]
]
}
},
{
"method": "GET",
"path": "/users",
"handler": "user.find"
"handler": "user.find",
"config": {
"policies": [
"admin::isAuthenticatedAdmin",
["admin::hasPermissions", ["admin::users.read"]]
]
}
},
{
"method": "GET",
"path": "/users/:id",
"handler": "user.findOne"
"handler": "user.findOne",
"config": {
"policies": [
"admin::isAuthenticatedAdmin",
["admin::hasPermissions", ["admin::users.read"]]
]
}
},
{
"method": "PUT",
"path": "/users/:id",
"handler": "user.update"
"handler": "user.update",
"config": {
"policies": [
"admin::isAuthenticatedAdmin",
["admin::hasPermissions", ["admin::users.update"]]
]
}
},
{
"method": "DELETE",
"path": "/users/:id",
"handler": "user.delete"
"handler": "user.delete",
"config": {
"policies": [
["admin::hasPermissions", ["admin::users.delete"]]
]
}
},
{
"method": "GET",
"path": "/roles/:id/permissions",
"handler": "role.getPermissions",
"config": {
"policies": []
"policies": [
"admin::isAuthenticatedAdmin",
["admin::hasPermissions", ["admin::roles.read"]]
]
}
},
{
@ -182,7 +237,10 @@
"path": "/roles/:id/permissions",
"handler": "role.updatePermissions",
"config": {
"policies": []
"policies": [
"admin::isAuthenticatedAdmin",
["admin::hasPermissions", ["admin::roles.update"]]
]
}
},
{
@ -190,7 +248,10 @@
"path": "/roles/:id",
"handler": "role.findOne",
"config": {
"policies": []
"policies": [
"admin::isAuthenticatedAdmin",
["admin::hasPermissions", ["admin::roles.read"]]
]
}
},
{
@ -198,7 +259,10 @@
"path": "/roles",
"handler": "role.findAll",
"config": {
"policies": []
"policies": [
"admin::isAuthenticatedAdmin",
["admin::hasPermissions", ["admin::roles.read"]]
]
}
},
{
@ -206,7 +270,10 @@
"path": "/roles/:id",
"handler": "role.update",
"config": {
"policies": []
"policies": [
"admin::isAuthenticatedAdmin",
["admin::hasPermissions", ["admin::roles.update"]]
]
}
},
{
@ -214,7 +281,7 @@
"path": "/permissions",
"handler": "permission.getAll",
"config": {
"policies": []
"policies": ["admin::isAuthenticatedAdmin"]
}
},
{

2
packages/strapi-plugin-content-manager/config/routes.json
View File

@ -21,7 +21,7 @@
"path": "/content-types/:uid",
"handler": "ContentTypes.updateContentType",
"config": {
"policies": []
"policies": ["admin::isAuthenticatedAdmin"]
}
},
{

22
packages/strapi-plugin-documentation/config/routes.json
View File

@ -5,7 +5,10 @@
"path": "/",
"handler": "Documentation.index",
"config": {
"policies": ["plugins::documentation.index"]
"policies": [
"plugins::documentation.index",
["admin::hasPermissions", ["plugins::documentation.read"]]
]
}
},
{
@ -13,7 +16,10 @@
"path": "/v:major(\\d+).:minor(\\d+).:patch(\\d+)",
"handler": "Documentation.index",
"config": {
"policies": ["plugins::documentation.index"]
"policies": [
"plugins::documentation.index",
["admin::hasPermissions", ["plugins::documentation.read"]]
]
}
},
{
@ -21,7 +27,7 @@
"path": "/login",
"handler": "Documentation.loginView",
"config": {
"policies": []
"policies": [["admin::hasPermissions", ["plugins::documentation.read"]]]
}
},
{
@ -29,7 +35,7 @@
"path": "/login",
"handler": "Documentation.login",
"config": {
"policies": []
"policies": [["admin::hasPermissions", ["plugins::documentation.read"]]]
}
},
{
@ -37,7 +43,7 @@
"path": "/getInfos",
"handler": "Documentation.getInfos",
"config": {
"policies": []
"policies": [["admin::hasPermissions", ["plugins::documentation.read"]]]
}
},
{
@ -45,7 +51,7 @@
"path": "/regenerateDoc",
"handler": "Documentation.regenerateDoc",
"config": {
"policies": []
"policies": [["admin::hasPermissions", ["plugins::documentation.settings.regenerate"]]]
}
},
{
@ -53,14 +59,14 @@
"path": "/updateSettings",
"handler": "Documentation.updateSettings",
"config": {
"policies": []
"policies": [["admin::hasPermissions", ["plugins::documentation.settings.update"]]]
}
},
{
"method": "DELETE",
"path": "/deleteDoc/:version",
"handler": "Documentation.deleteDoc",
"config":{
"config": {
"policies": []
}
}

52
packages/strapi-plugin-users-permissions/config/routes.json
View File

@ -35,7 +35,9 @@
"path": "/roles/:id",
"handler": "UsersPermissions.getRole",
"config": {
"policies": [],
"policies": [
["admin::hasPermissions", ["plugins::users-permissions.roles.read"]]
],
"description": "Retrieve a role depending on its id",
"tag": {
"plugin": "users-permissions",
@ -49,7 +51,9 @@
"path": "/roles",
"handler": "UsersPermissions.getRoles",
"config": {
"policies": [],
"policies": [
["admin::hasPermissions", ["plugins::users-permissions.roles.create"]]
],
"description": "Retrieve all role documents",
"tag": {
"plugin": "users-permissions",
@ -71,7 +75,9 @@
"path": "/email-templates",
"handler": "UsersPermissions.getEmailTemplate",
"config": {
"policies": []
"policies": [
["admin::hasPermissions", ["plugins::users-permissions.email-templates.read"]]
]
}
},
{
@ -79,7 +85,9 @@
"path": "/email-templates",
"handler": "UsersPermissions.updateEmailTemplate",
"config": {
"policies": []
"policies": [
["admin::hasPermissions", ["plugins::users-permissions.email-templates.update"]]
]
}
},
{
@ -87,7 +95,9 @@
"path": "/advanced",
"handler": "UsersPermissions.getAdvancedSettings",
"config": {
"policies": []
"policies": [
["admin::hasPermissions", ["plugins::users-permissions.advanced-settings.read"]]
]
}
},
{
@ -95,7 +105,9 @@
"path": "/advanced",
"handler": "UsersPermissions.updateAdvancedSettings",
"config": {
"policies": []
"policies": [
["admin::hasPermissions", ["plugins::users-permissions.advanced-settings.update"]]
]
}
},
{
@ -111,7 +123,9 @@
"path": "/providers",
"handler": "UsersPermissions.getProviders",
"config": {
"policies": []
"policies": [
["admin::hasPermissions", ["plugins::users-permissions.providers.read"]]
]
}
},
@ -120,7 +134,9 @@
"path": "/providers",
"handler": "UsersPermissions.updateProviders",
"config": {
"policies": []
"policies": [
["admin::hasPermissions", ["plugins::users-permissions.providers.update"]]
]
}
},
{
@ -128,7 +144,9 @@
"path": "/roles",
"handler": "UsersPermissions.createRole",
"config": {
"policies": [],
"policies": [
["admin::hasPermissions", ["plugins::users-permissions.roles.create"]]
],
"description": "Create a new role",
"tag": {
"plugin": "users-permissions",
@ -142,7 +160,9 @@
"path": "/roles/:role",
"handler": "UsersPermissions.updateRole",
"config": {
"policies": [],
"policies": [
["admin::hasPermissions", ["plugins::users-permissions.roles.update"]]
],
"description": "Update a role",
"tag": {
"plugin": "users-permissions",
@ -156,7 +176,9 @@
"path": "/roles/:role",
"handler": "UsersPermissions.deleteRole",
"config": {
"policies": [],
"policies": [
["admin::hasPermissions", ["plugins::users-permissions.roles.delete"]]
],
"description": "Delete a role",
"tag": {
"plugin": "users-permissions",
@ -165,14 +187,6 @@
}
}
},
{
"method": "DELETE",
"path": "/providers/:provider",
"handler": "UsersPermissions.deleteProvider",
"config": {
"policies": []
}
},
{
"method": "GET",
"path": "/connect/*",