From 6efdb43654c267e9c398b7f14f0e9819f3b70e2a Mon Sep 17 00:00:00 2001 From: tuxuuman Date: Tue, 28 Dec 2021 16:10:03 +0000 Subject: [PATCH 01/10] optimization and refactoring the verify function --- .../server/strategies/users-permissions.js | 46 +++---------------- 1 file changed, 7 insertions(+), 39 deletions(-) diff --git a/packages/plugins/users-permissions/server/strategies/users-permissions.js b/packages/plugins/users-permissions/server/strategies/users-permissions.js index 7cc06310d9..57a1d59262 100644 --- a/packages/plugins/users-permissions/server/strategies/users-permissions.js +++ b/packages/plugins/users-permissions/server/strategies/users-permissions.js @@ -1,7 +1,7 @@ 'use strict'; const { castArray, map } = require('lodash/fp'); -const { ForbiddenError, UnauthorizedError } = require('@strapi/utils').errors; +const { ForbiddenError } = require('@strapi/utils').errors; const { getService } = require('../utils'); @@ -67,40 +67,14 @@ const authenticate = async ctx => { const verify = async (auth, config) => { const { credentials: user } = auth; - // public accesss - if (!user) { - // test against public role - const publicPermissions = await strapi.query('plugin::users-permissions.permission').findMany({ - where: { - role: { type: 'public' }, - }, + let allowedActions = auth.allowedActions; + + if (!allowedActions) { + const permissions = await strapi.query('plugin::users-permissions.permission').findMany({ + where: { role: user ? user.role.id : { type: 'public' } }, }); - const allowedActions = map('action', publicPermissions); - - // A non authenticated user cannot access routes that do not have a scope - if (!config.scope) { - throw new UnauthorizedError(); - } - - const isAllowed = castArray(config.scope).every(scope => allowedActions.includes(scope)); - - if (!isAllowed) { - throw new ForbiddenError(); - } - - return; - } - - const permissions = await strapi.query('plugin::users-permissions.permission').findMany({ - where: { role: user.role.id }, - }); - - const allowedActions = map('action', permissions); - - // An authenticated user can access non scoped routes - if (!config.scope) { - return; + allowedActions = auth.allowedActions = map('action', permissions); } const isAllowed = castArray(config.scope).every(scope => allowedActions.includes(scope)); @@ -108,12 +82,6 @@ const verify = async (auth, config) => { if (!isAllowed) { throw new ForbiddenError(); } - - // TODO: if we need to keep policies for u&p execution - // Execute the policies. - // if (permission.policy) { - // return await strapi.plugin('users-permissions').policy(permission.policy)(ctx, next); - // } }; module.exports = { From 8c173942a6ca6f713d072b84c667ee3fdd1e6677 Mon Sep 17 00:00:00 2001 From: tuxuuman Date: Sat, 8 Jan 2022 15:46:36 +0000 Subject: [PATCH 02/10] returned an important check condition --- .../server/strategies/users-permissions.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/packages/plugins/users-permissions/server/strategies/users-permissions.js b/packages/plugins/users-permissions/server/strategies/users-permissions.js index 57a1d59262..1dfd009684 100644 --- a/packages/plugins/users-permissions/server/strategies/users-permissions.js +++ b/packages/plugins/users-permissions/server/strategies/users-permissions.js @@ -1,7 +1,7 @@ 'use strict'; const { castArray, map } = require('lodash/fp'); -const { ForbiddenError } = require('@strapi/utils').errors; +const { ForbiddenError, UnauthorizedError } = require('@strapi/utils').errors; const { getService } = require('../utils'); @@ -67,6 +67,11 @@ const authenticate = async ctx => { const verify = async (auth, config) => { const { credentials: user } = auth; + // A non authenticated user cannot access routes that do not have a scope + if (!user && !config.scope) { + throw new UnauthorizedError(); + } + let allowedActions = auth.allowedActions; if (!allowedActions) { From 73780089a09155f7f50fff120f81c9b5903ed27d Mon Sep 17 00:00:00 2001 From: tuxuuman Date: Fri, 21 Jan 2022 04:42:07 +0000 Subject: [PATCH 03/10] returned another important condition --- .../server/strategies/users-permissions.js | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/packages/plugins/users-permissions/server/strategies/users-permissions.js b/packages/plugins/users-permissions/server/strategies/users-permissions.js index 1dfd009684..409b84ae21 100644 --- a/packages/plugins/users-permissions/server/strategies/users-permissions.js +++ b/packages/plugins/users-permissions/server/strategies/users-permissions.js @@ -67,9 +67,14 @@ const authenticate = async ctx => { const verify = async (auth, config) => { const { credentials: user } = auth; - // A non authenticated user cannot access routes that do not have a scope - if (!user && !config.scope) { - throw new UnauthorizedError(); + if (!config.scope) { + if (!user) { + // A non authenticated user cannot access routes that do not have a scope + throw new UnauthorizedError(); + } else { + // An authenticated user can access non scoped routes + return; + } } let allowedActions = auth.allowedActions; From 4a158b8d3fcebf0c4b1b28308bcb2566bba075c0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Feb 2022 09:43:16 +0000 Subject: [PATCH 04/10] Bump eslint-plugin-jsdoc from 36.1.0 to 36.1.1 Bumps [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc) from 36.1.0 to 36.1.1. - [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases) - [Commits](https://github.com/gajus/eslint-plugin-jsdoc/compare/v36.1.0...v36.1.1) --- updated-dependencies: - dependency-name: eslint-plugin-jsdoc dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 60273609c6..a4a4aa2681 100644 --- a/package.json +++ b/package.json @@ -87,7 +87,7 @@ "eslint-config-airbnb-base": "14.2.1", "eslint-config-prettier": "6.15.0", "eslint-plugin-import": "2.22.1", - "eslint-plugin-jsdoc": "36.1.0", + "eslint-plugin-jsdoc": "36.1.1", "eslint-plugin-jsx-a11y": "6.4.1", "eslint-plugin-node": "11.1.0", "eslint-plugin-react": "7.23.2", diff --git a/yarn.lock b/yarn.lock index 5237474749..b6f429a265 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7719,10 +7719,10 @@ eslint-plugin-import@2.22.1: resolve "^1.17.0" tsconfig-paths "^3.9.0" -eslint-plugin-jsdoc@36.1.0: - version "36.1.0" - resolved "https://registry.yarnpkg.com/eslint-plugin-jsdoc/-/eslint-plugin-jsdoc-36.1.0.tgz#8dfe5f27edfb6aa3812e6d86ccaea849ddc86b03" - integrity sha512-Qpied2AJCQcScxfzTObLKRiP5QgLXjMU/ITjBagEV5p2Q/HpumD1EQtazdRYdjDSwPmXhwOl2yquwOGQ4HOJNw== +eslint-plugin-jsdoc@36.1.1: + version "36.1.1" + resolved "https://registry.yarnpkg.com/eslint-plugin-jsdoc/-/eslint-plugin-jsdoc-36.1.1.tgz#124cd0e53a5d07f01ebde916a96dd1a6009625d6" + integrity sha512-nuLDvH1EJaKx0PCa9oeQIxH6pACIhZd1gkalTUxZbaxxwokjs7TplqY0Q8Ew3CoZaf5aowm0g/Z3JGHCatt+gQ== dependencies: "@es-joy/jsdoccomment" "0.10.8" comment-parser "1.2.4" From bcc26757352145b2a5856c909d8af5a73845293c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Feb 2022 09:43:46 +0000 Subject: [PATCH 05/10] Bump axios-mock-adapter from 1.19.0 to 1.20.0 Bumps [axios-mock-adapter](https://github.com/ctimmerm/axios-mock-adapter) from 1.19.0 to 1.20.0. - [Release notes](https://github.com/ctimmerm/axios-mock-adapter/releases) - [Changelog](https://github.com/ctimmerm/axios-mock-adapter/blob/master/CHANGELOG.md) - [Commits](https://github.com/ctimmerm/axios-mock-adapter/compare/v1.19.0...v1.20.0) --- updated-dependencies: - dependency-name: axios-mock-adapter dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 18 ++++++++++++------ 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/package.json b/package.json index 60273609c6..52d8cc017c 100644 --- a/package.json +++ b/package.json @@ -74,7 +74,7 @@ "@testing-library/react": "11.2.6", "@testing-library/react-hooks": "3.4.2", "@testing-library/user-event": "13.5.0", - "axios-mock-adapter": "1.19.0", + "axios-mock-adapter": "1.20.0", "babel-eslint": "10.1.0", "chalk": "4.1.1", "chokidar": "3.5.1", diff --git a/yarn.lock b/yarn.lock index 5237474749..83c4698494 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4931,13 +4931,14 @@ axe-core@^4.0.2: resolved "https://registry.yarnpkg.com/axe-core/-/axe-core-4.3.5.tgz#78d6911ba317a8262bfee292aeafcc1e04b49cc5" integrity sha512-WKTW1+xAzhMS5dJsxWkliixlO/PqC4VhmO9T4juNYcaTg9jzWiJsou6m5pxWYGfigWbwzJWeFY6z47a+4neRXA== -axios-mock-adapter@1.19.0: - version "1.19.0" - resolved "https://registry.yarnpkg.com/axios-mock-adapter/-/axios-mock-adapter-1.19.0.tgz#9d72e321a6c5418e1eff067aa99761a86c5188a4" - integrity sha512-D+0U4LNPr7WroiBDvWilzTMYPYTuZlbo6BI8YHZtj7wYQS8NkARlP9KBt8IWWHTQJ0q/8oZ0ClPBtKCCkx8cQg== +axios-mock-adapter@1.20.0: + version "1.20.0" + resolved "https://registry.yarnpkg.com/axios-mock-adapter/-/axios-mock-adapter-1.20.0.tgz#21f5b4b625306f43e8c05673616719da86e20dcb" + integrity sha512-shZRhTjLP0WWdcvHKf3rH3iW9deb3UdKbdnKUoHmmsnBhVXN3sjPJM6ZvQ2r/ywgvBVQrMnjrSyQab60G1sr2w== dependencies: fast-deep-equal "^3.1.3" - is-buffer "^2.0.3" + is-blob "^2.1.0" + is-buffer "^2.0.5" axios@0.24.0: version "0.24.0" @@ -9785,6 +9786,11 @@ is-binary-path@~2.1.0: dependencies: binary-extensions "^2.0.0" +is-blob@^2.1.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/is-blob/-/is-blob-2.1.0.tgz#e36cd82c90653f1e1b930f11baf9c64216a05385" + integrity sha512-SZ/fTft5eUhQM6oF/ZaASFDEdbFVe89Imltn9uZr03wdKMcWNVYSMjQPFtg05QuNkt5l5c135ElvXEQG0rk4tw== + is-bluebird@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/is-bluebird/-/is-bluebird-1.0.2.tgz#096439060f4aa411abee19143a84d6a55346d6e2" @@ -9803,7 +9809,7 @@ is-buffer@^1.1.5: resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-1.1.6.tgz#efaa2ea9daa0d7ab2ea13a97b2b8ad51fefbe8be" integrity sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w== -is-buffer@^2.0.0, is-buffer@^2.0.3: +is-buffer@^2.0.0, is-buffer@^2.0.5: version "2.0.5" resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-2.0.5.tgz#ebc252e400d22ff8d77fa09888821a24a658c191" integrity sha512-i2R6zNFDwgEHJyQUtJEk0XFi1i0dPFn/oqjK3/vPCcDeJvW5NQ83V8QbicfF1SupOaB0h8ntgBC2YiE7dfyctQ== From 7f3f7125e6ec2bce87d0d4497f5ffa96074838c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Feb 2022 09:44:19 +0000 Subject: [PATCH 06/10] Bump @testing-library/react from 11.2.6 to 11.2.7 Bumps [@testing-library/react](https://github.com/testing-library/react-testing-library) from 11.2.6 to 11.2.7. - [Release notes](https://github.com/testing-library/react-testing-library/releases) - [Changelog](https://github.com/testing-library/react-testing-library/blob/main/CHANGELOG.md) - [Commits](https://github.com/testing-library/react-testing-library/compare/v11.2.6...v11.2.7) --- updated-dependencies: - dependency-name: "@testing-library/react" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 60273609c6..74df8b12ff 100644 --- a/package.json +++ b/package.json @@ -71,7 +71,7 @@ }, "devDependencies": { "@swc-node/jest": "1.4.3", - "@testing-library/react": "11.2.6", + "@testing-library/react": "11.2.7", "@testing-library/react-hooks": "3.4.2", "@testing-library/user-event": "13.5.0", "axios-mock-adapter": "1.19.0", diff --git a/yarn.lock b/yarn.lock index 5237474749..5b6e0377a0 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3472,10 +3472,10 @@ "@babel/runtime" "^7.5.4" "@types/testing-library__react-hooks" "^3.4.0" -"@testing-library/react@11.2.6": - version "11.2.6" - resolved "https://registry.yarnpkg.com/@testing-library/react/-/react-11.2.6.tgz#586a23adc63615985d85be0c903f374dab19200b" - integrity sha512-TXMCg0jT8xmuU8BkKMtp8l7Z50Ykew5WNX8UoIKTaLFwKkP2+1YDhOLA2Ga3wY4x29jyntk7EWfum0kjlYiSjQ== +"@testing-library/react@11.2.7": + version "11.2.7" + resolved "https://registry.yarnpkg.com/@testing-library/react/-/react-11.2.7.tgz#b29e2e95c6765c815786c0bc1d5aed9cb2bf7818" + integrity sha512-tzRNp7pzd5QmbtXNG/mhdcl7Awfu/Iz1RaVHY75zTdOkmHCuzMhRL83gWHSgOAcjS3CCbyfwUHMZgRJb4kAfpA== dependencies: "@babel/runtime" "^7.12.5" "@testing-library/dom" "^7.28.1" From d3a0b225a64b87ecb82d7dbe36da69b87f10495f Mon Sep 17 00:00:00 2001 From: tuxuuman Date: Fri, 11 Feb 2022 15:32:14 +0500 Subject: [PATCH 07/10] Update packages/plugins/users-permissions/server/strategies/users-permissions.js Co-authored-by: Alexandre BODIN --- .../users-permissions/server/strategies/users-permissions.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/plugins/users-permissions/server/strategies/users-permissions.js b/packages/plugins/users-permissions/server/strategies/users-permissions.js index 409b84ae21..88b556fce9 100644 --- a/packages/plugins/users-permissions/server/strategies/users-permissions.js +++ b/packages/plugins/users-permissions/server/strategies/users-permissions.js @@ -84,7 +84,8 @@ const verify = async (auth, config) => { where: { role: user ? user.role.id : { type: 'public' } }, }); - allowedActions = auth.allowedActions = map('action', permissions); + allowedActions = map('action', permissions); + auth.allowedActions = allowedActions; } const isAllowed = castArray(config.scope).every(scope => allowedActions.includes(scope)); From bef2ff79cfb34a0984e2be23c6fe1b80c80b529c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Feb 2022 07:47:30 +0000 Subject: [PATCH 08/10] Bump follow-redirects from 1.14.7 to 1.14.8 Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.7 to 1.14.8. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.7...v1.14.8) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index ecd0236f71..84f536c071 100644 --- a/yarn.lock +++ b/yarn.lock @@ -8365,9 +8365,9 @@ fn.name@1.x.x: integrity sha512-GRnmB5gPyJpAhTQdSZTSp9uaPSvl09KoYcMQtsB9rQoOmzs9dH6ffeccH+Z+cv6P68Hu5bC6JjRh4Ah/mHSNRw== follow-redirects@^1.0.0, follow-redirects@^1.14.4, follow-redirects@^1.14.7: - version "1.14.7" - resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.7.tgz#2004c02eb9436eee9a21446a6477debf17e81685" - integrity sha512-+hbxoLbFMbRKDwohX8GkTataGqO6Jb7jGwpAlwgy2bIz25XtRm7KEzJM76R1WiNT5SwZkX4Y75SwBolkpmE7iQ== + version "1.14.8" + resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.8.tgz#016996fb9a11a100566398b1c6839337d7bfa8fc" + integrity sha512-1x0S9UVJHsQprFcEC/qnNzBLcIxsjAV905f/UkQxbclCsoTWlacCNOpQa/anodLl2uaEKFhfWOvM2Qg77+15zA== font-awesome@^4.7.0: version "4.7.0" From dc96661182630dc84f0eb565b8fc6444b90c275c Mon Sep 17 00:00:00 2001 From: HichamELBSI Date: Fri, 21 Jan 2022 15:28:18 +0100 Subject: [PATCH 09/10] Fix datepicker format Signed-off-by: HichamELBSI --- .../core/helper-plugin/lib/src/components/GenericInput/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/core/helper-plugin/lib/src/components/GenericInput/index.js b/packages/core/helper-plugin/lib/src/components/GenericInput/index.js index c5d3cab39c..f90994ccec 100644 --- a/packages/core/helper-plugin/lib/src/components/GenericInput/index.js +++ b/packages/core/helper-plugin/lib/src/components/GenericInput/index.js @@ -167,7 +167,7 @@ const GenericInput = ({ hint={hint} name={name} onChange={date => { - const formattedDate = date.toISOString(); + const formattedDate = date.toISOString().split('T')[0]; onChange({ target: { name, value: formattedDate, type } }); }} From 6a1396a490f38d0a97cc810e76d160a3801b0b57 Mon Sep 17 00:00:00 2001 From: Gustav Hansen Date: Mon, 14 Feb 2022 16:28:51 +0100 Subject: [PATCH 10/10] GenericInput: change date field to only handle dates --- .../lib/src/components/GenericInput/index.js | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/packages/core/helper-plugin/lib/src/components/GenericInput/index.js b/packages/core/helper-plugin/lib/src/components/GenericInput/index.js index f90994ccec..4e229fd075 100644 --- a/packages/core/helper-plugin/lib/src/components/GenericInput/index.js +++ b/packages/core/helper-plugin/lib/src/components/GenericInput/index.js @@ -6,6 +6,8 @@ import React, { useState } from 'react'; import PropTypes from 'prop-types'; +import parseISO from 'date-fns/parseISO'; +import formatISO from 'date-fns/formatISO'; import { useIntl } from 'react-intl'; import { Checkbox } from '@strapi/design-system/Checkbox'; import { DatePicker } from '@strapi/design-system/DatePicker'; @@ -156,6 +158,12 @@ const GenericInput = ({ ); } case 'date': { + let selectedDate = null; + + if (value) { + selectedDate = parseISO(value); + } + return ( { - const formattedDate = date.toISOString().split('T')[0]; - - onChange({ target: { name, value: formattedDate, type } }); + onChange({ + target: { name, value: formatISO(date, { representation: 'date' }), type }, + }); }} onClear={() => onChange({ target: { name, value: null, type } })} placeholder={formattedPlaceholder} required={required} - selectedDate={value ? new Date(value) : null} + selectedDate={selectedDate} selectedDateLabel={formattedDate => `Date picker, current is ${formattedDate}`} /> );