mirror of
https://github.com/strapi/strapi.git
synced 2025-09-02 05:13:03 +00:00
create admin permissions at startup
Signed-off-by: Pierre Noël <petersg83@gmail.com>
This commit is contained in:
Pierre Noël
Alexandre Bodin
parent
3b8cab0621
commit
93fc900e10
@ -65,14 +65,8 @@ const createRolesIfNeeded = async () => {
|
||||
return;
|
||||
}
|
||||
|
||||
const defaultActionsIds = [
|
||||
'plugins::content-manager.read',
|
||||
'plugins::content-manager.create',
|
||||
'plugins::content-manager.update',
|
||||
'plugins::content-manager.delete',
|
||||
];
|
||||
const allActions = strapi.admin.services.permission.actionProvider.getAll();
|
||||
const contentTypesActions = allActions.filter(a => defaultActionsIds.includes(a.actionId));
|
||||
const contentTypesActions = allActions.filter(a => a.section === 'contentTypes');
|
||||
|
||||
await strapi.admin.services.role.create({
|
||||
name: 'Super Admin',
|
||||
@ -131,11 +125,48 @@ const displayWarningIfUsersDontHaveRole = async () => {
|
||||
}
|
||||
};
|
||||
|
||||
const resetSuperAdminPermissions = async () => {
|
||||
const adminRole = await strapi.admin.services.role.getAdmin();
|
||||
if (!adminRole) {
|
||||
return;
|
||||
}
|
||||
|
||||
const allActions = strapi.admin.services.permission.actionProvider.getAll();
|
||||
const contentTypesActions = allActions.filter(a => a.section === 'contentTypes');
|
||||
|
||||
const permissions = [];
|
||||
contentTypesActions.forEach(action => {
|
||||
_.forIn(strapi.contentTypes, contentType => {
|
||||
if (action.subjects.includes(contentType.uid)) {
|
||||
const fields = getNestedFields(contentType.attributes, '', 1);
|
||||
permissions.push({
|
||||
action: action.actionId,
|
||||
subject: contentType.uid,
|
||||
fields,
|
||||
});
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
const otherActions = allActions.filter(a => a.section !== 'contentTypes');
|
||||
otherActions.forEach(action => {
|
||||
if (action.subjects) {
|
||||
const newPerms = action.subjects.map(subject => ({ action: action.actionId, subject }));
|
||||
permissions.push(...newPerms);
|
||||
} else {
|
||||
permissions.push({ action: action.actionId });
|
||||
}
|
||||
});
|
||||
|
||||
await strapi.admin.services.permission.assign(adminRole.id, permissions);
|
||||
};
|
||||
|
||||
module.exports = async () => {
|
||||
registerAdminConditions();
|
||||
registerPermissionActions();
|
||||
await cleanPermissionInDatabase();
|
||||
await createRolesIfNeeded();
|
||||
await resetSuperAdminPermissions();
|
||||
await displayWarningIfNoSuperAdmin();
|
||||
await displayWarningIfUsersDontHaveRole();
|
||||
};
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
'use strict';
|
||||
|
||||
const _ = require('lodash');
|
||||
const { yup, formatYupErrors } = require('strapi-utils');
|
||||
const { validateRoleUpdateInput } = require('../validation/role');
|
||||
const { validatedUpdatePermissionsInput } = require('../validation/permission');
|
||||
|
||||
@ -89,6 +90,11 @@ module.exports = {
|
||||
const input = _.cloneDeep(ctx.request.body);
|
||||
|
||||
try {
|
||||
const superAdminRole = await strapi.admin.services.role.getAdmin();
|
||||
if (String(superAdminRole.id) === String(id)) {
|
||||
const err = new yup.ValidationError("Super admin permissions can't be edited.");
|
||||
throw formatYupErrors(err);
|
||||
}
|
||||
await validatedUpdatePermissionsInput(input);
|
||||
} catch (err) {
|
||||
ctx.badRequest('ValidationError', err);
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
'use strict';
|
||||
|
||||
const { yup, formatYupErrors } = require('strapi-utils');
|
||||
const {
|
||||
validateRoleCreateInput,
|
||||
validateRoleUpdateInput,
|
||||
@ -102,6 +103,11 @@ module.exports = {
|
||||
const input = ctx.request.body;
|
||||
|
||||
try {
|
||||
const superAdminRole = await strapi.admin.services.role.getAdmin();
|
||||
if (String(superAdminRole.id) === String(id)) {
|
||||
const err = new yup.ValidationError("Super admin permissions can't be edited.");
|
||||
throw formatYupErrors(err);
|
||||
}
|
||||
await validatedUpdatePermissionsInput(input);
|
||||
} catch (err) {
|
||||
return ctx.badRequest('ValidationError', err);
|
||||
|
||||
@ -45,6 +45,7 @@
|
||||
"cross-env": "^5.0.5",
|
||||
"css-loader": "^2.1.1",
|
||||
"duplicate-package-checker-webpack-plugin": "^3.0.0",
|
||||
"es6-promise-pool": "^2.5.0",
|
||||
"execa": "^1.0.0",
|
||||
"file-loader": "^3.0.1",
|
||||
"font-awesome": "^4.7.0",
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
'use strict';
|
||||
|
||||
const _ = require('lodash');
|
||||
const PromisePool = require('es6-promise-pool');
|
||||
const { createPermission } = require('../domain/permission');
|
||||
const actionProvider = require('./action-provider');
|
||||
const { validatePermissionsExist } = require('../validation/permission');
|
||||
@ -43,14 +44,10 @@ const find = (params = {}) => {
|
||||
* @param {Array<Permission{action,subject,fields,conditions}>} permissions - permissions to assign to the role
|
||||
*/
|
||||
const assign = async (roleId, permissions = []) => {
|
||||
const superAdminRole = await strapi.admin.services.role.getAdmin();
|
||||
if (String(superAdminRole.id) === String(roleId)) {
|
||||
throw strapi.errors.badRequest('ValidationError', "Super admin permissions can't be edited.");
|
||||
}
|
||||
|
||||
try {
|
||||
await validatePermissionsExist(permissions);
|
||||
} catch (err) {
|
||||
console.log('err', err);
|
||||
throw strapi.errors.badRequest('ValidationError', err);
|
||||
}
|
||||
|
||||
@ -61,9 +58,19 @@ const assign = async (roleId, permissions = []) => {
|
||||
});
|
||||
|
||||
const newPermissions = [];
|
||||
for (const permission of permissionsWithRole) {
|
||||
const result = await strapi.query('permission', 'admin').create(permission);
|
||||
newPermissions.push(result);
|
||||
const errors = [];
|
||||
const generatePromises = function*() {
|
||||
for (let permission of permissionsWithRole) {
|
||||
yield strapi.query('permission', 'admin').create(permission);
|
||||
}
|
||||
};
|
||||
const pool = new PromisePool(generatePromises(), 100);
|
||||
pool.addEventListener('fulfilled', e => newPermissions.push(e.data.result));
|
||||
pool.addEventListener('reject', e => errors.push(e.error));
|
||||
await pool.start();
|
||||
|
||||
if (errors.length > 0) {
|
||||
throw errors[0];
|
||||
}
|
||||
|
||||
return newPermissions;
|
||||
|
||||
@ -7274,6 +7274,11 @@ es-to-primitive@^1.2.1:
|
||||
is-date-object "^1.0.1"
|
||||
is-symbol "^1.0.2"
|
||||
|
||||
es6-promise-pool@^2.5.0:
|
||||
version "2.5.0"
|
||||
resolved "https://registry.yarnpkg.com/es6-promise-pool/-/es6-promise-pool-2.5.0.tgz#147c612b36b47f105027f9d2bf54a598a99d9ccb"
|
||||
integrity sha1-FHxhKza0fxBQJ/nSv1SlmKmdnMs=
|
||||
|
||||
es6-promise@^4.0.3:
|
||||
version "4.2.8"
|
||||
resolved "https://registry.yarnpkg.com/es6-promise/-/es6-promise-4.2.8.tgz#4eb21594c972bc40553d276e510539143db53e0a"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user