yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-11-25 14:41:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Removes the plugins::users-permissions.user subject from editor & author's content-manager permissions

Browse Source 
Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>
This commit is contained in:
Convly 2020-07-06 16:21:31 +02:00 committed by Alexandre Bodin
parent 91bd4281c3
commit a300e356c7
2 changed files with 28 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
packages/strapi-admin/services/content-type.js
View File

@ -13,6 +13,7 @@ const fp = require('lodash/fp');
* @param {object} options.requiredOnly only returns required nestedFields * @param {object} options.requiredOnly only returns required nestedFields
* @param {object} options.existingFields fields that are already selected, meaning that some sub-fields may be required * @param {object} options.existingFields fields that are already selected, meaning that some sub-fields may be required
* @returns {array<string>} * @returns {array<string>}
* @param model
*/ */
const getNestedFields = ( const getNestedFields = (
model, model,
@ -104,11 +105,17 @@ const getNestedFieldsWithIntermediate = (
* @param {object} options * @param {object} options
* @param {number} options.nestingLevel level of nesting * @param {number} options.nestingLevel level of nesting
* @param {array} options.fieldsNullFor actionIds where the fields should be null * @param {array} options.fieldsNullFor actionIds where the fields should be null
* @param {array} options.restrictedSubjects subjectsId to ignore
* @returns {array<permissions>} * @returns {array<permissions>}
*/ */
const getPermissionsWithNestedFields = (actions, { nestingLevel, fieldsNullFor = [] } = {}) => const getPermissionsWithNestedFields = (
actions,
{ nestingLevel, fieldsNullFor = [], restrictedSubjects = [] } = {}
) =>
actions.reduce((perms, action) => { actions.reduce((perms, action) => {
action.subjects.forEach(contentTypeUid => { action.subjects
.filter(subject => !restrictedSubjects.includes(subject))
.forEach(contentTypeUid => {
const fields = fieldsNullFor.includes(action.actionId) const fields = fieldsNullFor.includes(action.actionId)
? null ? null
: getNestedFields(strapi.contentTypes[contentTypeUid], { : getNestedFields(strapi.contentTypes[contentTypeUid], {

12
packages/strapi-admin/services/role.js
View File

@ -36,6 +36,7 @@ const create = async attributes => {
/** /**
* Find a role in database * Find a role in database
* @param params query params to find the role * @param params query params to find the role
* @param populate
* @returns {Promise<role>} * @returns {Promise<role>}
*/ */
const findOne = (params = {}, populate = []) => { const findOne = (params = {}, populate = []) => {
@ -45,14 +46,14 @@ const findOne = (params = {}, populate = []) => {
/** /**
* Find a role in database with usersCounts * Find a role in database with usersCounts
* @param params query params to find the role * @param params query params to find the role
* @param populate
* @returns {Promise<role>} * @returns {Promise<role>}
*/ */
const findOneWithUsersCount = async (params = {}, populate = []) => { const findOneWithUsersCount = async (params = {}, populate = []) => {
const role = await strapi.query('role', 'admin').findOne(params, populate); const role = await strapi.query('role', 'admin').findOne(params, populate);
if (role) { if (role) {
const usersCounts = await getUsersCount(role.id); role.usersCount = await getUsersCount(role.id);
role.usersCount = usersCounts;
} }
return role; return role;
@ -61,6 +62,7 @@ const findOneWithUsersCount = async (params = {}, populate = []) => {
/** /**
* Find roles in database * Find roles in database
* @param params query params to find the roles * @param params query params to find the roles
* @param populate
* @returns {Promise<array>} * @returns {Promise<array>}
*/ */
const find = (params = {}, populate = []) => { const find = (params = {}, populate = []) => {
@ -74,8 +76,7 @@ const find = (params = {}, populate = []) => {
const findAllWithUsersCount = async (populate = []) => { const findAllWithUsersCount = async (populate = []) => {
const roles = await strapi.query('role', 'admin').find({ _limit: -1 }, populate); const roles = await strapi.query('role', 'admin').find({ _limit: -1 }, populate);
for (let role of roles) { for (let role of roles) {
const usersCount = await getUsersCount(role.id); role.usersCount = await getUsersCount(role.id);
role.usersCount = usersCount;
} }
return roles; return roles;
@ -152,8 +153,8 @@ const deleteByIds = async (ids = []) => {
}; };
/** Count the number of users for some roles /** Count the number of users for some roles
* @param rolesIds
* @returns {Promise<integer>} * @returns {Promise<integer>}
* @param roleId
*/ */
const getUsersCount = async roleId => { const getUsersCount = async roleId => {
return strapi.query('user', 'admin').count({ roles: [roleId] }); return strapi.query('user', 'admin').count({ roles: [roleId] });
@ -207,6 +208,7 @@ const createRolesIfNoneExist = async ({ createPermissionsForAdmin = false } = {}
contentTypesActions, contentTypesActions,
{ {
fieldsNullFor: ['plugins::content-manager.explorer.delete'], fieldsNullFor: ['plugins::content-manager.explorer.delete'],
restrictedSubjects: ['plugins::users-permissions.user'],
} }
); );