From f506369ce6b7f05c0235669cb2441172b6583afa Mon Sep 17 00:00:00 2001 From: Convly Date: Mon, 29 Aug 2022 17:32:41 +0200 Subject: [PATCH 1/3] Sync permissions in DB with existing one, automatic cleanup on schema deletion --- packages/core/admin/server/bootstrap.js | 33 ++++++++++++++++++++++++- packages/core/strapi/lib/Strapi.js | 5 ++-- 2 files changed, 34 insertions(+), 4 deletions(-) diff --git a/packages/core/admin/server/bootstrap.js b/packages/core/admin/server/bootstrap.js index 61d335e4a4..5ff800862a 100644 --- a/packages/core/admin/server/bootstrap.js +++ b/packages/core/admin/server/bootstrap.js @@ -1,6 +1,7 @@ 'use strict'; -const { merge } = require('lodash/fp'); +const { merge, map, difference, uniq } = require('lodash/fp'); +const { pipeAsync } = require('@strapi/utils'); const { getService } = require('./utils'); const adminActions = require('./config/admin-actions'); const adminConditions = require('./config/admin-conditions'); @@ -52,6 +53,35 @@ const syncAuthSettings = async () => { await adminStore.set({ key: 'auth', value: newAuthSettings }); }; +const syncAPITokensPermissions = async () => { + const validPermissions = strapi.contentAPI.permissions.providers.action.keys(); + const permissionsInDB = await pipeAsync( + strapi.query('admin::api-token-permission').findMany, + map('action') + )(); + + const unknownPermissions = uniq(difference(permissionsInDB, validPermissions)); + + if (unknownPermissions.length > 0) { + console.log('about to delete', unknownPermissions.length, 'permissions from db'); + console.log(JSON.stringify(unknownPermissions, null, 2)); + + await Promise.all( + unknownPermissions.map((action) => + strapi.query('admin::api-token-permission').deleteMany({ where: { action } }) + ) + ); + } else { + console.log( + 'No permission outdated, step ignored... (check made on ', + permissionsInDB.length, + '-', + validPermissions.length, + 'permissions)' + ); + } +}; + module.exports = async () => { await registerAdminConditions(); await registerPermissionActions(); @@ -73,6 +103,7 @@ module.exports = async () => { await userService.displayWarningIfUsersDontHaveRole(); await syncAuthSettings(); + await syncAPITokensPermissions(); apiTokenService.checkSaltIsDefined(); tokenService.checkSecretIsDefined(); diff --git a/packages/core/strapi/lib/Strapi.js b/packages/core/strapi/lib/Strapi.js index f7c9c37357..33e15aec04 100644 --- a/packages/core/strapi/lib/Strapi.js +++ b/packages/core/strapi/lib/Strapi.js @@ -451,11 +451,10 @@ class Strapi { await this.server.initMiddlewares(); await this.server.initRouting(); - await this.runLifecyclesFunctions(LIFECYCLES.BOOTSTRAP); - - // TODO: is this the best place for this? await this.contentAPI.permissions.registerActions(); + await this.runLifecyclesFunctions(LIFECYCLES.BOOTSTRAP); + this.cron.start(); return this; From a80e83d397f5171b26d403341f5a65613e6ccabd Mon Sep 17 00:00:00 2001 From: Convly Date: Mon, 29 Aug 2022 17:36:22 +0200 Subject: [PATCH 2/3] Remove console.log --- packages/core/admin/server/bootstrap.js | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/packages/core/admin/server/bootstrap.js b/packages/core/admin/server/bootstrap.js index 5ff800862a..d7fd0db5b0 100644 --- a/packages/core/admin/server/bootstrap.js +++ b/packages/core/admin/server/bootstrap.js @@ -63,22 +63,11 @@ const syncAPITokensPermissions = async () => { const unknownPermissions = uniq(difference(permissionsInDB, validPermissions)); if (unknownPermissions.length > 0) { - console.log('about to delete', unknownPermissions.length, 'permissions from db'); - console.log(JSON.stringify(unknownPermissions, null, 2)); - await Promise.all( unknownPermissions.map((action) => strapi.query('admin::api-token-permission').deleteMany({ where: { action } }) ) ); - } else { - console.log( - 'No permission outdated, step ignored... (check made on ', - permissionsInDB.length, - '-', - validPermissions.length, - 'permissions)' - ); } }; From e4b9dd5ab828e5f5a22fe497d7648c385f5f69f0 Mon Sep 17 00:00:00 2001 From: Convly Date: Mon, 29 Aug 2022 17:39:41 +0200 Subject: [PATCH 3/3] Simplify the delete request --- packages/core/admin/server/bootstrap.js | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/packages/core/admin/server/bootstrap.js b/packages/core/admin/server/bootstrap.js index d7fd0db5b0..bdd07e1a78 100644 --- a/packages/core/admin/server/bootstrap.js +++ b/packages/core/admin/server/bootstrap.js @@ -63,11 +63,9 @@ const syncAPITokensPermissions = async () => { const unknownPermissions = uniq(difference(permissionsInDB, validPermissions)); if (unknownPermissions.length > 0) { - await Promise.all( - unknownPermissions.map((action) => - strapi.query('admin::api-token-permission').deleteMany({ where: { action } }) - ) - ); + await strapi + .query('admin::api-token-permission') + .deleteMany({ where: { action: { $in: unknownPermissions } } }); } };