yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-11-09 14:51:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix pr comments

Browse Source 
Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>
This commit is contained in:
Convly 2020-08-14 16:31:36 +02:00 committed by Pierre Noël
parent a559047e77
commit a5df905e00
2 changed files with 21 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
packages/strapi-admin/services/role.js
View File

@ -1,11 +1,14 @@
'use strict'; 'use strict';
const _ = require('lodash'); const _ = require('lodash');
const { map, filter } = require('lodash/fp');
const { generateTimestampCode, stringIncludes } = require('strapi-utils'); const { generateTimestampCode, stringIncludes } = require('strapi-utils');
const { SUPER_ADMIN_CODE } = require('./constants'); const { SUPER_ADMIN_CODE } = require('./constants');
const { createPermission } = require('../domain/permission'); const { createPermission } = require('../domain/permission');
const ACTIONS = {
publish: 'plugins::content-manager.explorer.publish',
};
const sanitizeRole = role => { const sanitizeRole = role => {
return _.omit(role, ['users', 'permissions']); return _.omit(role, ['users', 'permissions']);
}; };
@ -221,15 +224,9 @@ const createRolesIfNoneExist = async ({ createPermissionsForAdmin = false } = {}
} }
); );
const addIsCreatorCondition = map(p => _.merge({}, p, { conditions: ['admin::is-creator'] })); const authorPermissions = editorPermissions
const removeRestrictedActions = filter( .filter(({ action }) => action !== ACTIONS.publish)
p => !['plugins::content-manager.explorer.publish'].includes(p.action) .map(p => _.merge({}, p, { conditions: ['admin::is-creator'] }));
);
const authorPermissions = _.flow(
removeRestrictedActions,
addIsCreatorCondition
)(editorPermissions);
editorPermissions.push(...getDefaultPluginPermissions()); editorPermissions.push(...getDefaultPluginPermissions());
authorPermissions.push(...getDefaultPluginPermissions({ isAuthor: true })); authorPermissions.push(...getDefaultPluginPermissions({ isAuthor: true }));

26
packages/strapi-admin/validation/common-validators.js
View File

@ -55,6 +55,18 @@ const checkNoDuplicatedPermissions = permissions =>
permissions.slice(i + 1).every(permB => !permissionsAreEquals(permA, permB)) permissions.slice(i + 1).every(permB => !permissionsAreEquals(permA, permB))
); );
const checkNilFields = function(fields) {
// If the parent has no action field, then we ignore this test
if (_.isNil(this.parent.action)) {
return true;
}
const { actionProvider } = strapi.admin.services.permission;
const action = actionProvider.getByActionId(this.parent.action);
return actionDomain.hasFieldsRestriction(action) || _.isNil(fields);
};
const updatePermissions = yup const updatePermissions = yup
.object() .object()
.shape({ .shape({
@ -84,24 +96,14 @@ const updatePermissions = yup
.test( .test(
'fields-restriction', 'fields-restriction',
'The permission at ${path} must have fields set to null or undefined', 'The permission at ${path} must have fields set to null or undefined',
function(fields) { checkNilFields
// If the parent has no action field, then we ignore this test
if (_.isNil(this.parent.action)) {
return true;
}
const { actionProvider } = strapi.admin.services.permission;
const action = actionProvider.getByActionId(this.parent.action);
return actionDomain.hasFieldsRestriction(action) || _.isNil(fields);
}
), ),
conditions: yup.array().of(yup.string()), conditions: yup.array().of(yup.string()),
}) })
.noUnknown() .noUnknown()
) )
.test( .test(
'delete-fields-are-null', 'duplicated-permissions',
'Some permissions are duplicated (same action and subject)', 'Some permissions are duplicated (same action and subject)',
checkNoDuplicatedPermissions checkNoDuplicatedPermissions
), ),