From 8797d25501187bc50efa32862dfe5a08acdc72b6 Mon Sep 17 00:00:00 2001 From: Convly Date: Mon, 6 Jul 2020 16:22:25 +0200 Subject: [PATCH] Add hasPermissions policy to concerned routes Signed-off-by: Convly --- packages/strapi-admin/config/routes.json | 115 ++++++++++++++---- .../config/routes.json | 2 +- .../config/routes.json | 22 ++-- .../config/routes.json | 52 +++++--- 4 files changed, 139 insertions(+), 52 deletions(-) diff --git a/packages/strapi-admin/config/routes.json b/packages/strapi-admin/config/routes.json index 0c8fd62923..8ba1252d81 100644 --- a/packages/strapi-admin/config/routes.json +++ b/packages/strapi-admin/config/routes.json @@ -5,7 +5,10 @@ "path": "/plugins", "handler": "Admin.plugins", "config": { - "policies": [] + "policies": [ + "admin::isAuthenticatedAdmin", + ["admin::hasPermissions", ["admin::marketplace.read"]] + ] } }, { @@ -17,17 +20,19 @@ "method": "POST", "path": "/plugins/install", "handler": "Admin.installPlugin", - "config": { - "policies": [] - } + "policies": [ + "admin::isAuthenticatedAdmin", + ["admin::hasPermissions", ["admin::marketplace.plugins.install"]] + ] }, { "method": "DELETE", "path": "/plugins/uninstall/:plugin", "handler": "Admin.uninstallPlugin", - "config": { - "policies": [] - } + "policies": [ + "admin::isAuthenticatedAdmin", + ["admin::hasPermissions", ["admin::marketplace.plugins.uninstall"]] + ] }, { "method": "POST", @@ -69,7 +74,10 @@ "path": "/webhooks", "handler": "Webhooks.listWebhooks", "config": { - "policies": [] + "policies": [ + "admin::isAuthenticatedAdmin", + ["admin::hasPermissions", ["admin::webhooks.read"]] + ] } }, { @@ -77,7 +85,10 @@ "path": "/webhooks", "handler": "Webhooks.createWebhook", "config": { - "policies": [] + "policies": [ + "admin::isAuthenticatedAdmin", + ["admin::hasPermissions", ["admin::webhooks.create"]] + ] } }, { @@ -85,7 +96,10 @@ "path": "/webhooks/:id", "handler": "Webhooks.getWebhook", "config": { - "policies": [] + "policies": [ + "admin::isAuthenticatedAdmin", + ["admin::hasPermissions", ["admin::webhooks.read"]] + ] } }, { @@ -93,7 +107,10 @@ "path": "/webhooks/:id", "handler": "Webhooks.updateWebhook", "config": { - "policies": [] + "policies": [ + "admin::isAuthenticatedAdmin", + ["admin::hasPermissions", ["admin::webhooks.update"]] + ] } }, { @@ -101,7 +118,10 @@ "path": "/webhooks/:id", "handler": "Webhooks.deleteWebhook", "config": { - "policies": [] + "policies": [ + "admin::isAuthenticatedAdmin", + ["admin::hasPermissions", ["admin::webhooks.delete"]] + ] } }, { @@ -109,7 +129,10 @@ "path": "/webhooks/batch-delete", "handler": "Webhooks.deleteWebhooks", "config": { - "policies": [] + "policies": [ + "admin::isAuthenticatedAdmin", + ["admin::hasPermissions", ["admin::webhooks.delete"]] + ] } }, { @@ -147,34 +170,66 @@ { "method": "POST", "path": "/users", - "handler": "user.create" + "handler": "user.create", + "config": { + "policies": [ + "admin::isAuthenticatedAdmin", + ["admin::hasPermissions", ["admin::users.create"]] + ] + } }, { "method": "GET", "path": "/users", - "handler": "user.find" + "handler": "user.find", + "config": { + "policies": [ + "admin::isAuthenticatedAdmin", + ["admin::hasPermissions", ["admin::users.read"]] + ] + } }, { "method": "GET", "path": "/users/:id", - "handler": "user.findOne" + "handler": "user.findOne", + "config": { + "policies": [ + "admin::isAuthenticatedAdmin", + ["admin::hasPermissions", ["admin::users.read"]] + ] + } }, { "method": "PUT", "path": "/users/:id", - "handler": "user.update" + "handler": "user.update", + "config": { + "policies": [ + "admin::isAuthenticatedAdmin", + ["admin::hasPermissions", ["admin::users.update"]] + ] + } }, { "method": "DELETE", "path": "/users/:id", - "handler": "user.delete" + "handler": "user.delete", + "config": { + "policies": [ + ["admin::hasPermissions", ["admin::users.delete"]] + ] + } }, { "method": "GET", "path": "/roles/:id/permissions", "handler": "role.getPermissions", "config": { - "policies": [] + "policies": [ + "admin::isAuthenticatedAdmin", + ["admin::hasPermissions", ["admin::roles.read"]] + ] } }, { @@ -182,7 +237,10 @@ "path": "/roles/:id/permissions", "handler": "role.updatePermissions", "config": { - "policies": [] + "policies": [ + "admin::isAuthenticatedAdmin", + ["admin::hasPermissions", ["admin::roles.update"]] + ] } }, { @@ -190,7 +248,10 @@ "path": "/roles/:id", "handler": "role.findOne", "config": { - "policies": [] + "policies": [ + "admin::isAuthenticatedAdmin", + ["admin::hasPermissions", ["admin::roles.read"]] + ] } }, { @@ -198,7 +259,10 @@ "path": "/roles", "handler": "role.findAll", "config": { - "policies": [] + "policies": [ + "admin::isAuthenticatedAdmin", + ["admin::hasPermissions", ["admin::roles.read"]] + ] } }, { @@ -206,7 +270,10 @@ "path": "/roles/:id", "handler": "role.update", "config": { - "policies": [] + "policies": [ + "admin::isAuthenticatedAdmin", + ["admin::hasPermissions", ["admin::roles.update"]] + ] } }, { @@ -214,7 +281,7 @@ "path": "/permissions", "handler": "permission.getAll", "config": { - "policies": [] + "policies": ["admin::isAuthenticatedAdmin"] } }, { diff --git a/packages/strapi-plugin-content-manager/config/routes.json b/packages/strapi-plugin-content-manager/config/routes.json index bef39b1df3..07ed9fd0ab 100644 --- a/packages/strapi-plugin-content-manager/config/routes.json +++ b/packages/strapi-plugin-content-manager/config/routes.json @@ -21,7 +21,7 @@ "path": "/content-types/:uid", "handler": "ContentTypes.updateContentType", "config": { - "policies": [] + "policies": ["admin::isAuthenticatedAdmin"] } }, { diff --git a/packages/strapi-plugin-documentation/config/routes.json b/packages/strapi-plugin-documentation/config/routes.json index e4cbec593c..f8b9c85603 100755 --- a/packages/strapi-plugin-documentation/config/routes.json +++ b/packages/strapi-plugin-documentation/config/routes.json @@ -5,7 +5,10 @@ "path": "/", "handler": "Documentation.index", "config": { - "policies": ["plugins::documentation.index"] + "policies": [ + "plugins::documentation.index", + ["admin::hasPermissions", ["plugins::documentation.read"]] + ] } }, { @@ -13,7 +16,10 @@ "path": "/v:major(\\d+).:minor(\\d+).:patch(\\d+)", "handler": "Documentation.index", "config": { - "policies": ["plugins::documentation.index"] + "policies": [ + "plugins::documentation.index", + ["admin::hasPermissions", ["plugins::documentation.read"]] + ] } }, { @@ -21,7 +27,7 @@ "path": "/login", "handler": "Documentation.loginView", "config": { - "policies": [] + "policies": [["admin::hasPermissions", ["plugins::documentation.read"]]] } }, { @@ -29,7 +35,7 @@ "path": "/login", "handler": "Documentation.login", "config": { - "policies": [] + "policies": [["admin::hasPermissions", ["plugins::documentation.read"]]] } }, { @@ -37,7 +43,7 @@ "path": "/getInfos", "handler": "Documentation.getInfos", "config": { - "policies": [] + "policies": [["admin::hasPermissions", ["plugins::documentation.read"]]] } }, { @@ -45,7 +51,7 @@ "path": "/regenerateDoc", "handler": "Documentation.regenerateDoc", "config": { - "policies": [] + "policies": [["admin::hasPermissions", ["plugins::documentation.settings.regenerate"]]] } }, { @@ -53,14 +59,14 @@ "path": "/updateSettings", "handler": "Documentation.updateSettings", "config": { - "policies": [] + "policies": [["admin::hasPermissions", ["plugins::documentation.settings.update"]]] } }, { "method": "DELETE", "path": "/deleteDoc/:version", "handler": "Documentation.deleteDoc", - "config":{ + "config": { "policies": [] } } diff --git a/packages/strapi-plugin-users-permissions/config/routes.json b/packages/strapi-plugin-users-permissions/config/routes.json index 6e9aeea274..08a1d5b697 100644 --- a/packages/strapi-plugin-users-permissions/config/routes.json +++ b/packages/strapi-plugin-users-permissions/config/routes.json @@ -35,7 +35,9 @@ "path": "/roles/:id", "handler": "UsersPermissions.getRole", "config": { - "policies": [], + "policies": [ + ["admin::hasPermissions", ["plugins::users-permissions.roles.read"]] + ], "description": "Retrieve a role depending on its id", "tag": { "plugin": "users-permissions", @@ -49,7 +51,9 @@ "path": "/roles", "handler": "UsersPermissions.getRoles", "config": { - "policies": [], + "policies": [ + ["admin::hasPermissions", ["plugins::users-permissions.roles.create"]] + ], "description": "Retrieve all role documents", "tag": { "plugin": "users-permissions", @@ -71,7 +75,9 @@ "path": "/email-templates", "handler": "UsersPermissions.getEmailTemplate", "config": { - "policies": [] + "policies": [ + ["admin::hasPermissions", ["plugins::users-permissions.email-templates.read"]] + ] } }, { @@ -79,7 +85,9 @@ "path": "/email-templates", "handler": "UsersPermissions.updateEmailTemplate", "config": { - "policies": [] + "policies": [ + ["admin::hasPermissions", ["plugins::users-permissions.email-templates.update"]] + ] } }, { @@ -87,7 +95,9 @@ "path": "/advanced", "handler": "UsersPermissions.getAdvancedSettings", "config": { - "policies": [] + "policies": [ + ["admin::hasPermissions", ["plugins::users-permissions.advanced-settings.read"]] + ] } }, { @@ -95,7 +105,9 @@ "path": "/advanced", "handler": "UsersPermissions.updateAdvancedSettings", "config": { - "policies": [] + "policies": [ + ["admin::hasPermissions", ["plugins::users-permissions.advanced-settings.update"]] + ] } }, { @@ -111,7 +123,9 @@ "path": "/providers", "handler": "UsersPermissions.getProviders", "config": { - "policies": [] + "policies": [ + ["admin::hasPermissions", ["plugins::users-permissions.providers.read"]] + ] } }, @@ -120,7 +134,9 @@ "path": "/providers", "handler": "UsersPermissions.updateProviders", "config": { - "policies": [] + "policies": [ + ["admin::hasPermissions", ["plugins::users-permissions.providers.update"]] + ] } }, { @@ -128,7 +144,9 @@ "path": "/roles", "handler": "UsersPermissions.createRole", "config": { - "policies": [], + "policies": [ + ["admin::hasPermissions", ["plugins::users-permissions.roles.create"]] + ], "description": "Create a new role", "tag": { "plugin": "users-permissions", @@ -142,7 +160,9 @@ "path": "/roles/:role", "handler": "UsersPermissions.updateRole", "config": { - "policies": [], + "policies": [ + ["admin::hasPermissions", ["plugins::users-permissions.roles.update"]] + ], "description": "Update a role", "tag": { "plugin": "users-permissions", @@ -156,7 +176,9 @@ "path": "/roles/:role", "handler": "UsersPermissions.deleteRole", "config": { - "policies": [], + "policies": [ + ["admin::hasPermissions", ["plugins::users-permissions.roles.delete"]] + ], "description": "Delete a role", "tag": { "plugin": "users-permissions", @@ -165,14 +187,6 @@ } } }, - { - "method": "DELETE", - "path": "/providers/:provider", - "handler": "UsersPermissions.deleteProvider", - "config": { - "policies": [] - } - }, { "method": "GET", "path": "/connect/*",