Add plugins::content-manager.hasPermissions policy

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>
2025-12-24 21:54:24 +00:00 · 2020-06-29 18:30:35 +02:00 · 2020-06-29 18:30:35 +02:00 · 8f7da9674c
commit 8f7da9674c
parent 25c04c8d78
3 changed files with 51 additions and 7 deletions
--- a/packages/strapi-plugin-content-manager/config/policies/hasPermissions.js
+++ b/packages/strapi-plugin-content-manager/config/policies/hasPermissions.js
@ -0,0 +1,27 @@
+'use strict';
+
+const {
+  policy: { createPolicyFactory },
+} = require('strapi-utils');
+const { validateHasPermissionsInput } = require('../../validation/policies/hasPermissions');
+
+module.exports = createPolicyFactory(
+  actions => (ctx, next) => {
+    const {
+      state: { userAbility },
+      params: { model },
+    } = ctx;
+
+    const isAuthorized = actions.every(action => userAbility.can(action, model));
+
+    if (!isAuthorized) {
+      throw strapi.errors.forbidden();
+    }
+
+    return next();
+  },
+  {
+    validator: validateHasPermissionsInput,
+    name: 'plugins::content-manager.hasPermissions',
+  }
+);
--- a/packages/strapi-plugin-content-manager/config/routes.json
+++ b/packages/strapi-plugin-content-manager/config/routes.json
@ -71,7 +71,7 @@
      "config": {
        "policies": [
          "routing",
-          ["admin::hasPermissions", ["plugins::content-manager.explorer.read"]]
+          ["plugins::content-manager.hasPermissions", ["plugins::content-manager.explorer.read"]]
        ]
      }
    },
@ -82,7 +82,7 @@
      "config": {
        "policies": [
          "routing",
-          ["admin::hasPermissions", ["plugins::content-manager.explorer.read"]]
+          ["plugins::content-manager.hasPermissions", ["plugins::content-manager.explorer.read"]]
        ]
      }
    },
@ -93,7 +93,7 @@
      "config": {
        "policies": [
          "routing",
-          ["admin::hasPermissions", ["plugins::content-manager.explorer.read"]]
+          ["plugins::content-manager.hasPermissions", ["plugins::content-manager.explorer.read"]]
        ]
      }
    },
@ -104,7 +104,7 @@
      "config": {
        "policies": [
          "routing",
-          ["admin::hasPermissions", ["plugins::content-manager.explorer.create"]]
+          ["plugins::content-manager.hasPermissions", ["plugins::content-manager.explorer.create"]]
        ]
      }
    },
@ -115,7 +115,7 @@
      "config": {
        "policies": [
          "routing",
-          ["admin::hasPermissions", ["plugins::content-manager.explorer.update"]]
+          ["plugins::content-manager.hasPermissions", ["plugins::content-manager.explorer.update"]]
        ]
      }
    },
@ -126,7 +126,7 @@
      "config": {
        "policies": [
          "routing",
-          ["admin::hasPermissions", ["plugins::content-manager.explorer.delete"]]
+          ["plugins::content-manager.hasPermissions", ["plugins::content-manager.explorer.delete"]]
        ]
      }
    },
@ -137,7 +137,7 @@
      "config": {
        "policies": [
          "routing",
-          ["admin::hasPermissions", ["plugins::content-manager.explorer.delete"]]
+          ["plugins::content-manager.hasPermissions", ["plugins::content-manager.explorer.delete"]]
        ]
      }
    }
--- a/packages/strapi-plugin-content-manager/validation/policies/hasPermissions.js
+++ b/packages/strapi-plugin-content-manager/validation/policies/hasPermissions.js
@ -0,0 +1,17 @@
+'use strict';
+
+const { yup, formatYupErrors } = require('strapi-utils');
+
+const hasPermissionsSchema = yup.array().of(yup.string());
+
+const validateHasPermissionsInput = data => {
+  try {
+    return hasPermissionsSchema.validateSync(data, { strict: true, abortEarly: true });
+  } catch (e) {
+    throw new Error(formatYupErrors(e));
+  }
+};
+
+module.exports = {
+  validateHasPermissionsInput,
+};