yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-09-02 21:32:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

create admin permissions at startup

Browse Source 
Signed-off-by: Pierre Noël <petersg83@gmail.com>
This commit is contained in:
Pierre Noël 2020-06-16 13:51:34 +02:00 committed by Alexandre Bodin
parent 3b8cab0621
commit 93fc900e10
6 changed files with 71 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
packages/strapi-admin/config/functions/bootstrap.js vendored
View File

@ -65,14 +65,8 @@ const createRolesIfNeeded = async () => {
return; return;
} }
const defaultActionsIds = [
'plugins::content-manager.read',
'plugins::content-manager.create',
'plugins::content-manager.update',
'plugins::content-manager.delete',
];
const allActions = strapi.admin.services.permission.actionProvider.getAll(); const allActions = strapi.admin.services.permission.actionProvider.getAll();
const contentTypesActions = allActions.filter(a => defaultActionsIds.includes(a.actionId)); const contentTypesActions = allActions.filter(a => a.section === 'contentTypes');
await strapi.admin.services.role.create({ await strapi.admin.services.role.create({
name: 'Super Admin', name: 'Super Admin',
@ -131,11 +125,48 @@ const displayWarningIfUsersDontHaveRole = async () => {
} }
}; };
const resetSuperAdminPermissions = async () => {
const adminRole = await strapi.admin.services.role.getAdmin();
if (!adminRole) {
return;
}
const allActions = strapi.admin.services.permission.actionProvider.getAll();
const contentTypesActions = allActions.filter(a => a.section === 'contentTypes');
const permissions = [];
contentTypesActions.forEach(action => {
_.forIn(strapi.contentTypes, contentType => {
if (action.subjects.includes(contentType.uid)) {
const fields = getNestedFields(contentType.attributes, '', 1);
permissions.push({
action: action.actionId,
subject: contentType.uid,
fields,
});
}
});
});
const otherActions = allActions.filter(a => a.section !== 'contentTypes');
otherActions.forEach(action => {
if (action.subjects) {
const newPerms = action.subjects.map(subject => ({ action: action.actionId, subject }));
permissions.push(...newPerms);
} else {
permissions.push({ action: action.actionId });
}
});
await strapi.admin.services.permission.assign(adminRole.id, permissions);
};
module.exports = async () => { module.exports = async () => {
registerAdminConditions(); registerAdminConditions();
registerPermissionActions(); registerPermissionActions();
await cleanPermissionInDatabase(); await cleanPermissionInDatabase();
await createRolesIfNeeded(); await createRolesIfNeeded();
await resetSuperAdminPermissions();
await displayWarningIfNoSuperAdmin(); await displayWarningIfNoSuperAdmin();
await displayWarningIfUsersDontHaveRole(); await displayWarningIfUsersDontHaveRole();
}; };

6
packages/strapi-admin/controllers/role.js
View File

@ -1,6 +1,7 @@
'use strict'; 'use strict';
const _ = require('lodash'); const _ = require('lodash');
const { yup, formatYupErrors } = require('strapi-utils');
const { validateRoleUpdateInput } = require('../validation/role'); const { validateRoleUpdateInput } = require('../validation/role');
const { validatedUpdatePermissionsInput } = require('../validation/permission'); const { validatedUpdatePermissionsInput } = require('../validation/permission');
@ -89,6 +90,11 @@ module.exports = {
const input = _.cloneDeep(ctx.request.body); const input = _.cloneDeep(ctx.request.body);
try { try {
const superAdminRole = await strapi.admin.services.role.getAdmin();
if (String(superAdminRole.id) === String(id)) {
const err = new yup.ValidationError("Super admin permissions can't be edited.");
throw formatYupErrors(err);
}
await validatedUpdatePermissionsInput(input); await validatedUpdatePermissionsInput(input);
} catch (err) { } catch (err) {
ctx.badRequest('ValidationError', err); ctx.badRequest('ValidationError', err);

6
packages/strapi-admin/ee/controllers/role.js
View File

@ -1,5 +1,6 @@
'use strict'; 'use strict';
const { yup, formatYupErrors } = require('strapi-utils');
const { const {
validateRoleCreateInput, validateRoleCreateInput,
validateRoleUpdateInput, validateRoleUpdateInput,
@ -102,6 +103,11 @@ module.exports = {
const input = ctx.request.body; const input = ctx.request.body;
try { try {
const superAdminRole = await strapi.admin.services.role.getAdmin();
if (String(superAdminRole.id) === String(id)) {
const err = new yup.ValidationError("Super admin permissions can't be edited.");
throw formatYupErrors(err);
}
await validatedUpdatePermissionsInput(input); await validatedUpdatePermissionsInput(input);
} catch (err) { } catch (err) {
return ctx.badRequest('ValidationError', err); return ctx.badRequest('ValidationError', err);

1
packages/strapi-admin/package.json
View File

@ -45,6 +45,7 @@
"cross-env": "^5.0.5", "cross-env": "^5.0.5",
"css-loader": "^2.1.1", "css-loader": "^2.1.1",
"duplicate-package-checker-webpack-plugin": "^3.0.0", "duplicate-package-checker-webpack-plugin": "^3.0.0",
"es6-promise-pool": "^2.5.0",
"execa": "^1.0.0", "execa": "^1.0.0",
"file-loader": "^3.0.1", "file-loader": "^3.0.1",
"font-awesome": "^4.7.0", "font-awesome": "^4.7.0",

23
packages/strapi-admin/services/permission.js
View File

@ -1,6 +1,7 @@
'use strict'; 'use strict';
const _ = require('lodash'); const _ = require('lodash');
const PromisePool = require('es6-promise-pool');
const { createPermission } = require('../domain/permission'); const { createPermission } = require('../domain/permission');
const actionProvider = require('./action-provider'); const actionProvider = require('./action-provider');
const { validatePermissionsExist } = require('../validation/permission'); const { validatePermissionsExist } = require('../validation/permission');
@ -43,14 +44,10 @@ const find = (params = {}) => {
* @param {Array<Permission{action,subject,fields,conditions}>} permissions - permissions to assign to the role * @param {Array<Permission{action,subject,fields,conditions}>} permissions - permissions to assign to the role
*/ */
const assign = async (roleId, permissions = []) => { const assign = async (roleId, permissions = []) => {
const superAdminRole = await strapi.admin.services.role.getAdmin();
if (String(superAdminRole.id) === String(roleId)) {
throw strapi.errors.badRequest('ValidationError', "Super admin permissions can't be edited.");
}
try { try {
await validatePermissionsExist(permissions); await validatePermissionsExist(permissions);
} catch (err) { } catch (err) {
console.log('err', err);
throw strapi.errors.badRequest('ValidationError', err); throw strapi.errors.badRequest('ValidationError', err);
} }
@ -61,9 +58,19 @@ const assign = async (roleId, permissions = []) => {
}); });
const newPermissions = []; const newPermissions = [];
for (const permission of permissionsWithRole) { const errors = [];
const result = await strapi.query('permission', 'admin').create(permission); const generatePromises = function*() {
newPermissions.push(result); for (let permission of permissionsWithRole) {
yield strapi.query('permission', 'admin').create(permission);
}
};
const pool = new PromisePool(generatePromises(), 100);
pool.addEventListener('fulfilled', e => newPermissions.push(e.data.result));
pool.addEventListener('reject', e => errors.push(e.error));
await pool.start();
if (errors.length > 0) {
throw errors[0];
} }
return newPermissions; return newPermissions;

5
yarn.lock
View File

@ -7274,6 +7274,11 @@ es-to-primitive@^1.2.1:
is-date-object "^1.0.1" is-date-object "^1.0.1"
is-symbol "^1.0.2" is-symbol "^1.0.2"
es6-promise-pool@^2.5.0:
version "2.5.0"
resolved "https://registry.yarnpkg.com/es6-promise-pool/-/es6-promise-pool-2.5.0.tgz#147c612b36b47f105027f9d2bf54a598a99d9ccb"
integrity sha1-FHxhKza0fxBQJ/nSv1SlmKmdnMs=
es6-promise@^4.0.3: es6-promise@^4.0.3:
version "4.2.8" version "4.2.8"
resolved "https://registry.yarnpkg.com/es6-promise/-/es6-promise-4.2.8.tgz#4eb21594c972bc40553d276e510539143db53e0a" resolved "https://registry.yarnpkg.com/es6-promise/-/es6-promise-4.2.8.tgz#4eb21594c972bc40553d276e510539143db53e0a"