diff --git a/packages/strapi-admin/package.json b/packages/strapi-admin/package.json index a1c8611803..b01bdff4f7 100755 --- a/packages/strapi-admin/package.json +++ b/packages/strapi-admin/package.json @@ -51,4 +51,4 @@ "npm": ">= 5.0.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-helper-plugin/package.json b/packages/strapi-helper-plugin/package.json index e07869d9ea..35675e2375 100755 --- a/packages/strapi-helper-plugin/package.json +++ b/packages/strapi-helper-plugin/package.json @@ -117,4 +117,4 @@ "webpack-hot-middleware": "^2.18.2", "whatwg-fetch": "^2.0.3" } -} +} \ No newline at end of file diff --git a/packages/strapi-plugin-content-manager/package.json b/packages/strapi-plugin-content-manager/package.json index 8ff894bcfe..7bf093b39c 100755 --- a/packages/strapi-plugin-content-manager/package.json +++ b/packages/strapi-plugin-content-manager/package.json @@ -46,4 +46,4 @@ "npm": ">= 5.0.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-plugin-content-type-builder/package.json b/packages/strapi-plugin-content-type-builder/package.json index ca62cace13..c862d8aeca 100755 --- a/packages/strapi-plugin-content-type-builder/package.json +++ b/packages/strapi-plugin-content-type-builder/package.json @@ -50,4 +50,4 @@ "npm": ">= 5.0.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-plugin-graphql/services/GraphQL.js b/packages/strapi-plugin-graphql/services/GraphQL.js index e0d4ebd5b2..4ad41b6a0c 100644 --- a/packages/strapi-plugin-graphql/services/GraphQL.js +++ b/packages/strapi-plugin-graphql/services/GraphQL.js @@ -328,7 +328,7 @@ module.exports = { return async (obj, options, context) => { // Hack to be able to handle permissions for each query. - const ctx = Object.assign(context, { + const ctx = Object.assign(_.clone(context), { request: Object.assign(_.clone(context.request), { graphql: null }) @@ -362,6 +362,7 @@ module.exports = { return values && values.toJSON ? values.toJSON() : values; } + return resolver.call(null, obj, options, context); } @@ -560,7 +561,7 @@ module.exports = { switch (association.nature) { case 'manyToMany': { - const arrayOfIds = obj[association.alias].map(related => { + const arrayOfIds = (obj[association.alias] || []).map(related => { return related[ref.primaryKey] || related; }); diff --git a/packages/strapi-plugin-settings-manager/package.json b/packages/strapi-plugin-settings-manager/package.json index 102c36dcc8..135e9e81d1 100755 --- a/packages/strapi-plugin-settings-manager/package.json +++ b/packages/strapi-plugin-settings-manager/package.json @@ -48,4 +48,4 @@ "npm": ">= 5.0.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-plugin-upload/package.json b/packages/strapi-plugin-upload/package.json index fbf40045e3..7bdd3e14bb 100644 --- a/packages/strapi-plugin-upload/package.json +++ b/packages/strapi-plugin-upload/package.json @@ -47,4 +47,4 @@ "npm": ">= 3.0.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-plugin-users-permissions/config/policies/permissions.js b/packages/strapi-plugin-users-permissions/config/policies/permissions.js index 87ee1c59e0..3407b5ee41 100644 --- a/packages/strapi-plugin-users-permissions/config/policies/permissions.js +++ b/packages/strapi-plugin-users-permissions/config/policies/permissions.js @@ -39,9 +39,11 @@ module.exports = async (ctx, next) => { }, []); if (!permission) { - ctx.forbidden(); + if (ctx.request.graphql === null) { + return ctx.request.graphql = strapi.errors.forbidden(); + } - return ctx.request.graphql = ctx.body; + ctx.forbidden(); } // Execute the policies. diff --git a/packages/strapi-plugin-users-permissions/package.json b/packages/strapi-plugin-users-permissions/package.json index ff57f8cdf6..83480753a7 100644 --- a/packages/strapi-plugin-users-permissions/package.json +++ b/packages/strapi-plugin-users-permissions/package.json @@ -54,4 +54,4 @@ "npm": ">= 5.0.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi/lib/middlewares/boom/index.js b/packages/strapi/lib/middlewares/boom/index.js index ad2940835a..ed2d590349 100644 --- a/packages/strapi/lib/middlewares/boom/index.js +++ b/packages/strapi/lib/middlewares/boom/index.js @@ -19,6 +19,7 @@ module.exports = strapi => { this.delegator = delegate(strapi.app.context, 'response'); this.createResponses(); + strapi.errors = Boom; strapi.app.use(async (ctx, next) => { try { // App logic.