Merge pull request #11960 from iicdii/fix/populate-user

Fix unable to populate User in Users-Permissions
2025-11-14 09:07:59 +00:00 · 2022-05-11 10:39:01 +02:00 · 2022-05-11 10:39:01 +02:00 · a727b1f2ba
commit a727b1f2ba
parent 8eec9c2d71 e918293fc4
20 changed files with 272 additions and 19 deletions
--- a/packages/core/strapi/lib/Strapi.js
+++ b/packages/core/strapi/lib/Strapi.js
@ -37,6 +37,7 @@ const apisRegistry = require('./core/registries/apis');
 const bootstrap = require('./core/bootstrap');
 const loaders = require('./core/loaders');
 const { destroyOnSignal } = require('./utils/signals');
 const sanitizersRegistry = require('./core/registries/sanitizers');
 // TODO: move somewhere else
 const draftAndPublishSync = require('./migrations/draft-publish');
@ -64,6 +65,7 @@ class Strapi {
    this.container.register('plugins', pluginsRegistry(this));
    this.container.register('apis', apisRegistry(this));
    this.container.register('auth', createAuth(this));
    this.container.register('sanitizers', sanitizersRegistry(this));
    this.dirs = utils.getDirs(rootDir, { strapi: this });
@ -157,6 +159,10 @@ class Strapi {
    return this.container.get('auth');
  }
  get sanitizers() {
    return this.container.get('sanitizers');
  }
  async start() {
    try {
      if (!this.isLoaded) {
@ -304,6 +310,10 @@ class Strapi {
    this.app = await loaders.loadSrcIndex(this);
  }
  async loadSanitizers() {
    await loaders.loadSanitizers(this);
  }
  registerInternalHooks() {
    this.container.get('hooks').set('strapi::content-types.beforeSync', createAsyncParallelHook());
    this.container.get('hooks').set('strapi::content-types.afterSync', createAsyncParallelHook());
@ -315,6 +325,7 @@ class Strapi {
  async register() {
    await Promise.all([
      this.loadApp(),
      this.loadSanitizers(),
      this.loadPlugins(),
      this.loadAdmin(),
      this.loadAPIs(),
--- a/packages/core/strapi/lib/core/loaders/index.js
+++ b/packages/core/strapi/lib/core/loaders/index.js
@ -8,4 +8,5 @@ module.exports = {
  loadPolicies: require('./policies'),
  loadPlugins: require('./plugins'),
  loadAdmin: require('./admin'),
  loadSanitizers: require('./sanitizers'),
 };
--- a/packages/core/strapi/lib/core/loaders/sanitizers.js
+++ b/packages/core/strapi/lib/core/loaders/sanitizers.js
@ -0,0 +1,5 @@
 'use strict';
 module.exports = strapi => {
  strapi.container.get('sanitizers').set('content-api', { input: [], output: [] });
 };
--- a/packages/core/strapi/lib/core/registries/sanitizers.js
+++ b/packages/core/strapi/lib/core/registries/sanitizers.js
@ -0,0 +1,26 @@
 'use strict';
 const _ = require('lodash');
 const sanitizersRegistry = () => {
  const sanitizers = {};
  return {
    get(path) {
      return _.get(sanitizers, path, []);
    },
    add(path, sanitizer) {
      this.get(path).push(sanitizer);
      return this;
    },
    set(path, value = []) {
      _.set(sanitizers, path, value);
      return this;
    },
    has(path) {
      return _.has(sanitizers, path);
    },
  };
 };
 module.exports = sanitizersRegistry;
--- a/packages/core/utils/lib/sanitize/index.js
+++ b/packages/core/utils/lib/sanitize/index.js
@ -28,6 +28,11 @@ module.exports = {
        transforms.push(traverseEntity(visitors.removeRestrictedRelations(auth), { schema }));
      }
      // Apply sanitizers from registry if exists
      strapi.sanitizers
        .get('content-api.input')
        .forEach(sanitizer => transforms.push(sanitizer(schema)));
      return pipeAsync(...transforms)(data);
    },
@ -42,6 +47,11 @@ module.exports = {
        transforms.push(traverseEntity(visitors.removeRestrictedRelations(auth), { schema }));
      }
      // Apply sanitizers from registry if exists
      strapi.sanitizers
        .get('content-api.output')
        .forEach(sanitizer => transforms.push(sanitizer(schema)));
      return pipeAsync(...transforms)(data);
    },
  },
--- a/packages/plugins/i18n/server/controllers/tests/locales.test.js
+++ b/packages/plugins/i18n/server/controllers/tests/locales.test.js
@ -4,6 +4,12 @@ const { ApplicationError } = require('@strapi/utils').errors;
 const { listLocales, createLocale, updateLocale, deleteLocale } = require('../locales');
 const localeModel = require('../../content-types/locale');
 const sanitizers = {
  get() {
    return [];
  },
 };
 describe('Locales', () => {
  describe('listLocales', () => {
    test('can get locales', async () => {
@ -24,6 +30,7 @@ describe('Locales', () => {
            },
          },
        },
        sanitizers,
      };
      const ctx = {};
@ -61,6 +68,7 @@ describe('Locales', () => {
            },
          },
        },
        sanitizers,
      };
      const ctx = { request: { body: { ...locale, isDefault: true } }, state: { user: { id: 1 } } };
@ -96,6 +104,7 @@ describe('Locales', () => {
            },
          },
        },
        sanitizers,
      };
      const ctx = {
@ -133,6 +142,7 @@ describe('Locales', () => {
            },
          },
        },
        sanitizers,
      };
      const ctx = {
@ -180,6 +190,7 @@ describe('Locales', () => {
            },
          },
        },
        sanitizers,
      };
      const ctx = {
@ -221,6 +232,7 @@ describe('Locales', () => {
            },
          },
        },
        sanitizers,
      };
      const ctx = {
@ -269,6 +281,7 @@ describe('Locales', () => {
            },
          },
        },
        sanitizers,
      };
      const ctx = { params: { id: 1 } };
@ -302,6 +315,7 @@ describe('Locales', () => {
            },
          },
        },
        sanitizers,
      };
      const ctx = { params: { id: 1 } };
--- a/packages/plugins/users-permissions/server/controllers/role.js
+++ b/packages/plugins/users-permissions/server/controllers/role.js
@ -21,10 +21,10 @@ module.exports = {
    ctx.send({ ok: true });
  },
-  async getRole(ctx) {
+  async findOne(ctx) {
    const { id } = ctx.params;
-    const role = await getService('role').getRole(id);
+    const role = await getService('role').findOne(id);
    if (!role) {
      return ctx.notFound();
@ -33,8 +33,8 @@ module.exports = {
    ctx.send({ role });
  },
-  async getRoles(ctx) {
+  async find(ctx) {
-    const roles = await getService('role').getRoles();
+    const roles = await getService('role').find();
    ctx.send({ roles });
  },
--- a/packages/plugins/users-permissions/server/controllers/settings.js
+++ b/packages/plugins/users-permissions/server/controllers/settings.js
@ -37,7 +37,7 @@ module.exports = {
      .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })
      .get();
-    const roles = await getService('role').getRoles();
+    const roles = await getService('role').find();
    ctx.send({ settings, roles });
  },
--- a/packages/plugins/users-permissions/server/controllers/user.js
+++ b/packages/plugins/users-permissions/server/controllers/user.js
@ -90,7 +90,7 @@ module.exports = {
    const { id } = ctx.params;
    const { email, username, password } = ctx.request.body;
-    const user = await getService('user').fetch({ id });
+    const user = await getService('user').fetch(id);
    await validateUpdateUserBody(ctx.request.body);
@ -133,8 +133,8 @@ module.exports = {
   * Retrieve user records.
   * @return {Object|Array}
   */
-  async find(ctx, next, { populate } = {}) {
+  async find(ctx) {
-    const users = await getService('user').fetchAll(ctx.query.filters, populate);
+    const users = await getService('user').fetchAll(ctx.query);
    ctx.body = await Promise.all(users.map(user => sanitizeOutput(user, ctx)));
  },
@ -145,7 +145,9 @@ module.exports = {
   */
  async findOne(ctx) {
    const { id } = ctx.params;
-    let data = await getService('user').fetch({ id });
+    const { query } = ctx;
    let data = await getService('user').fetch(id, query);
    if (data) {
      data = await sanitizeOutput(data, ctx);
--- a/packages/plugins/users-permissions/server/register.js
+++ b/packages/plugins/users-permissions/server/register.js
@ -1,9 +1,11 @@
 'use strict';
 const authStrategy = require('./strategies/users-permissions');
 const sanitizers = require('./utils/sanitize/sanitizers');
 module.exports = ({ strapi }) => {
  strapi.container.get('auth').register('content-api', authStrategy);
  strapi.sanitizers.add('content-api.output', sanitizers.defaultSanitizeOutput);
  if (strapi.plugin('graphql')) {
    require('./graphql')({ strapi });
--- a/packages/plugins/users-permissions/server/routes/admin/role.js
+++ b/packages/plugins/users-permissions/server/routes/admin/role.js
@ -4,7 +4,7 @@ module.exports = [
  {
    method: 'GET',
    path: '/roles/:id',
-    handler: 'role.getRole',
+    handler: 'role.findOne',
    config: {
      policies: [
        {
@ -19,7 +19,7 @@ module.exports = [
  {
    method: 'GET',
    path: '/roles',
-    handler: 'role.getRoles',
+    handler: 'role.find',
    config: {
      policies: [
        {
--- a/packages/plugins/users-permissions/server/routes/content-api/role.js
+++ b/packages/plugins/users-permissions/server/routes/content-api/role.js
@ -4,12 +4,12 @@ module.exports = [
  {
    method: 'GET',
    path: '/roles/:id',
-    handler: 'role.getRole',
+    handler: 'role.findOne',
  },
  {
    method: 'GET',
    path: '/roles',
-    handler: 'role.getRoles',
+    handler: 'role.find',
  },
  {
    method: 'POST',
--- a/packages/plugins/users-permissions/server/services/role.js
+++ b/packages/plugins/users-permissions/server/services/role.js
@ -41,7 +41,7 @@ module.exports = ({ strapi }) => ({
    await Promise.all(createPromises);
  },
-  async getRole(roleID) {
+  async findOne(roleID) {
    const role = await strapi
      .query('plugin::users-permissions.role')
      .findOne({ where: { id: roleID }, populate: ['permissions'] });
@ -68,7 +68,7 @@ module.exports = ({ strapi }) => ({
    };
  },
-  async getRoles() {
+  async find() {
    const roles = await strapi.query('plugin::users-permissions.role').findMany({ sort: ['name'] });
    for (const role of roles) {
--- a/packages/plugins/users-permissions/server/services/user.js
+++ b/packages/plugins/users-permissions/server/services/user.js
@ -58,8 +58,8 @@ module.exports = ({ strapi }) => ({
   * Promise to fetch a/an user.
   * @return {Promise}
   */
-  fetch(params, populate) {
+  fetch(id, params) {
-    return strapi.query('plugin::users-permissions.user').findOne({ where: params, populate });
+    return strapi.entityService.findOne('plugin::users-permissions.user', id, params);
  },
  /**
@ -76,8 +76,8 @@ module.exports = ({ strapi }) => ({
   * Promise to fetch all users.
   * @return {Promise}
   */
-  fetchAll(params, populate) {
+  fetchAll(params) {
-    return strapi.query('plugin::users-permissions.user').findMany({ where: params, populate });
+    return strapi.entityService.findMany('plugin::users-permissions.user', params);
  },
  /**
--- a/packages/plugins/users-permissions/server/utils/index.js
+++ b/packages/plugins/users-permissions/server/utils/index.js
@ -1,9 +1,12 @@
 'use strict';
 const sanitize = require('./sanitize');
 const getService = name => {
  return strapi.plugin('users-permissions').service(name);
 };
 module.exports = {
  getService,
  sanitize,
 };
--- a/packages/plugins/users-permissions/server/utils/sanitize/index.js
+++ b/packages/plugins/users-permissions/server/utils/sanitize/index.js
@ -0,0 +1,9 @@
 'use strict';
 const visitors = require('./visitors');
 const sanitizers = require('./sanitizers');
 module.exports = {
  sanitizers,
  visitors,
 };
--- a/packages/plugins/users-permissions/server/utils/sanitize/sanitizers.js
+++ b/packages/plugins/users-permissions/server/utils/sanitize/sanitizers.js
@ -0,0 +1,19 @@
 'use strict';
 const { curry } = require('lodash/fp');
 const { traverseEntity, pipeAsync } = require('@strapi/utils');
 const { removeUserRelationFromRoleEntities } = require('./visitors');
 const sanitizeUserRelationFromRoleEntities = curry((schema, entity) => {
  return traverseEntity(removeUserRelationFromRoleEntities, { schema }, entity);
 });
 const defaultSanitizeOutput = curry((schema, entity) => {
  return pipeAsync(sanitizeUserRelationFromRoleEntities(schema))(entity);
 });
 module.exports = {
  sanitizeUserRelationFromRoleEntities,
  defaultSanitizeOutput,
 };
--- a/packages/plugins/users-permissions/server/utils/sanitize/visitors/index.js
+++ b/packages/plugins/users-permissions/server/utils/sanitize/visitors/index.js
@ -0,0 +1,5 @@
 'use strict';
 module.exports = {
  removeUserRelationFromRoleEntities: require('./remove-user-relation-from-role-entities'),
 };
--- a/packages/plugins/users-permissions/server/utils/sanitize/visitors/remove-user-relation-from-role-entities.js
+++ b/packages/plugins/users-permissions/server/utils/sanitize/visitors/remove-user-relation-from-role-entities.js
@ -0,0 +1,11 @@
 'use strict';
 module.exports = ({ schema, key, attribute }, { remove }) => {
  if (
    attribute.type === 'relation' &&
    attribute.target === 'plugin::users-permissions.user' &&
    schema.uid === 'plugin::users-permissions.role'
  ) {
    remove(key);
  }
 };
--- a/packages/plugins/users-permissions/tests/content-api/users-api.test.e2e.js
+++ b/packages/plugins/users-permissions/tests/content-api/users-api.test.e2e.js
@ -8,6 +8,12 @@ const { createContentAPIRequest } = require('../../../../../test/helpers/request
 let strapi;
 let rq;
 const internals = {
  role: {
    name: 'Test Role',
    description: 'Some random test role',
  },
 };
 const data = {};
 describe('Users API', () => {
@ -20,11 +26,42 @@ describe('Users API', () => {
    await strapi.destroy();
  });
  test('Create and get Role', async () => {
    const createRes = await rq({
      method: 'POST',
      url: '/users-permissions/roles',
      body: {
        ...internals.role,
        permissions: [],
      },
    });
    expect(createRes.statusCode).toBe(200);
    expect(createRes.body).toMatchObject({ ok: true });
    const findRes = await rq({
      method: 'GET',
      url: '/users-permissions/roles',
    });
    expect(findRes.statusCode).toBe(200);
    expect(findRes.body.roles).toEqual(
      expect.arrayContaining([expect.objectContaining(internals.role)])
    );
    // eslint-disable-next-line no-unused-vars
    const { nb_users, ...role } = findRes.body.roles.find(r => r.name === internals.role.name);
    expect(role).toMatchObject(internals.role);
    data.role = role;
  });
  test('Create User', async () => {
    const user = {
      username: 'User 1',
      email: 'user1@strapi.io',
      password: 'test1234',
      role: data.role.id,
    };
    const res = await rq({
@ -37,6 +74,7 @@ describe('Users API', () => {
    expect(res.body).toMatchObject({
      username: user.username,
      email: user.email,
      role: data.role,
    });
    data.user = res.body;
@ -87,6 +125,103 @@ describe('Users API', () => {
        },
      ]);
    });
    test('should populate role', async () => {
      const res = await rq({
        method: 'GET',
        url: '/users?populate=role',
      });
      const { statusCode, body } = res;
      expect(statusCode).toBe(200);
      expect(Array.isArray(body)).toBe(true);
      expect(body).toHaveLength(1);
      expect(body).toMatchObject([
        {
          id: expect.anything(),
          username: data.user.username,
          email: data.user.email,
          role: data.role,
        },
      ]);
    });
    test('should not populate users in role', async () => {
      const res = await rq({
        method: 'GET',
        url: '/users?populate[role][populate][0]=users',
      });
      const { statusCode, body } = res;
      expect(statusCode).toBe(200);
      expect(Array.isArray(body)).toBe(true);
      expect(body).toHaveLength(1);
      expect(body).toMatchObject([
        {
          id: expect.anything(),
          username: data.user.username,
          email: data.user.email,
          role: data.role,
        },
      ]);
      expect(body[0].role).not.toHaveProperty('users');
    });
  });
  describe('Read an user', () => {
    test('should populate role', async () => {
      const res = await rq({
        method: 'GET',
        url: `/users/${data.user.id}?populate=role`,
      });
      const { statusCode, body } = res;
      expect(statusCode).toBe(200);
      expect(body).toMatchObject({
        id: data.user.id,
        username: data.user.username,
        email: data.user.email,
        role: data.role,
      });
    });
    test('should not populate role', async () => {
      const res = await rq({
        method: 'GET',
        url: `/users/${data.user.id}`,
      });
      const { statusCode, body } = res;
      expect(statusCode).toBe(200);
      expect(body).toMatchObject({
        id: data.user.id,
        username: data.user.username,
        email: data.user.email,
      });
      expect(body).not.toHaveProperty('role');
    });
    test('should not populate users in role', async () => {
      const res = await rq({
        method: 'GET',
        url: `/users/${data.user.id}?populate[role][populate][0]=users`,
      });
      const { statusCode, body } = res;
      expect(statusCode).toBe(200);
      expect(body).toMatchObject({
        id: data.user.id,
        username: data.user.username,
        email: data.user.email,
        role: data.role,
      });
      expect(body.role).not.toHaveProperty('users');
    });
  });
  test('Delete user', async () => {