From c111aaba13af02e7f242d80f30bb38a93fc1435a Mon Sep 17 00:00:00 2001 From: Aurelsicoko Date: Thu, 24 May 2018 17:20:32 +0200 Subject: [PATCH 1/2] Fixes #1247 --- packages/strapi-admin/package.json | 2 +- packages/strapi-helper-plugin/package.json | 2 +- packages/strapi-plugin-content-manager/package.json | 2 +- packages/strapi-plugin-content-type-builder/package.json | 2 +- packages/strapi-plugin-graphql/services/GraphQL.js | 5 +++-- packages/strapi-plugin-settings-manager/package.json | 2 +- packages/strapi-plugin-upload/package.json | 2 +- .../config/policies/permissions.js | 6 ++++-- packages/strapi-plugin-users-permissions/package.json | 2 +- packages/strapi/lib/middlewares/boom/index.js | 1 + 10 files changed, 15 insertions(+), 11 deletions(-) diff --git a/packages/strapi-admin/package.json b/packages/strapi-admin/package.json index a1c8611803..b01bdff4f7 100755 --- a/packages/strapi-admin/package.json +++ b/packages/strapi-admin/package.json @@ -51,4 +51,4 @@ "npm": ">= 5.0.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-helper-plugin/package.json b/packages/strapi-helper-plugin/package.json index e07869d9ea..35675e2375 100755 --- a/packages/strapi-helper-plugin/package.json +++ b/packages/strapi-helper-plugin/package.json @@ -117,4 +117,4 @@ "webpack-hot-middleware": "^2.18.2", "whatwg-fetch": "^2.0.3" } -} +} \ No newline at end of file diff --git a/packages/strapi-plugin-content-manager/package.json b/packages/strapi-plugin-content-manager/package.json index 8ff894bcfe..7bf093b39c 100755 --- a/packages/strapi-plugin-content-manager/package.json +++ b/packages/strapi-plugin-content-manager/package.json @@ -46,4 +46,4 @@ "npm": ">= 5.0.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-plugin-content-type-builder/package.json b/packages/strapi-plugin-content-type-builder/package.json index ca62cace13..c862d8aeca 100755 --- a/packages/strapi-plugin-content-type-builder/package.json +++ b/packages/strapi-plugin-content-type-builder/package.json @@ -50,4 +50,4 @@ "npm": ">= 5.0.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-plugin-graphql/services/GraphQL.js b/packages/strapi-plugin-graphql/services/GraphQL.js index e0d4ebd5b2..4ad41b6a0c 100644 --- a/packages/strapi-plugin-graphql/services/GraphQL.js +++ b/packages/strapi-plugin-graphql/services/GraphQL.js @@ -328,7 +328,7 @@ module.exports = { return async (obj, options, context) => { // Hack to be able to handle permissions for each query. - const ctx = Object.assign(context, { + const ctx = Object.assign(_.clone(context), { request: Object.assign(_.clone(context.request), { graphql: null }) @@ -362,6 +362,7 @@ module.exports = { return values && values.toJSON ? values.toJSON() : values; } + return resolver.call(null, obj, options, context); } @@ -560,7 +561,7 @@ module.exports = { switch (association.nature) { case 'manyToMany': { - const arrayOfIds = obj[association.alias].map(related => { + const arrayOfIds = (obj[association.alias] || []).map(related => { return related[ref.primaryKey] || related; }); diff --git a/packages/strapi-plugin-settings-manager/package.json b/packages/strapi-plugin-settings-manager/package.json index 102c36dcc8..135e9e81d1 100755 --- a/packages/strapi-plugin-settings-manager/package.json +++ b/packages/strapi-plugin-settings-manager/package.json @@ -48,4 +48,4 @@ "npm": ">= 5.0.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-plugin-upload/package.json b/packages/strapi-plugin-upload/package.json index fbf40045e3..7bdd3e14bb 100644 --- a/packages/strapi-plugin-upload/package.json +++ b/packages/strapi-plugin-upload/package.json @@ -47,4 +47,4 @@ "npm": ">= 3.0.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-plugin-users-permissions/config/policies/permissions.js b/packages/strapi-plugin-users-permissions/config/policies/permissions.js index 87ee1c59e0..3407b5ee41 100644 --- a/packages/strapi-plugin-users-permissions/config/policies/permissions.js +++ b/packages/strapi-plugin-users-permissions/config/policies/permissions.js @@ -39,9 +39,11 @@ module.exports = async (ctx, next) => { }, []); if (!permission) { - ctx.forbidden(); + if (ctx.request.graphql === null) { + return ctx.request.graphql = strapi.errors.forbidden(); + } - return ctx.request.graphql = ctx.body; + ctx.forbidden(); } // Execute the policies. diff --git a/packages/strapi-plugin-users-permissions/package.json b/packages/strapi-plugin-users-permissions/package.json index ff57f8cdf6..83480753a7 100644 --- a/packages/strapi-plugin-users-permissions/package.json +++ b/packages/strapi-plugin-users-permissions/package.json @@ -54,4 +54,4 @@ "npm": ">= 5.0.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi/lib/middlewares/boom/index.js b/packages/strapi/lib/middlewares/boom/index.js index ad2940835a..ed2d590349 100644 --- a/packages/strapi/lib/middlewares/boom/index.js +++ b/packages/strapi/lib/middlewares/boom/index.js @@ -19,6 +19,7 @@ module.exports = strapi => { this.delegator = delegate(strapi.app.context, 'response'); this.createResponses(); + strapi.errors = Boom; strapi.app.use(async (ctx, next) => { try { // App logic. From 71ade279991c91f7e45c88b463b2a63c77ecac90 Mon Sep 17 00:00:00 2001 From: Aurelsicoko Date: Thu, 24 May 2018 18:41:36 +0200 Subject: [PATCH 2/2] Fixes #1232 --- .../strapi-plugin-graphql/services/GraphQL.js | 47 ++++++++++++------- 1 file changed, 30 insertions(+), 17 deletions(-) diff --git a/packages/strapi-plugin-graphql/services/GraphQL.js b/packages/strapi-plugin-graphql/services/GraphQL.js index 4ad41b6a0c..310ea96f28 100644 --- a/packages/strapi-plugin-graphql/services/GraphQL.js +++ b/packages/strapi-plugin-graphql/services/GraphQL.js @@ -193,19 +193,21 @@ module.exports = { // Extract custom resolver or type description. const { resolver: handler = {} } = _schema; - const queryName = isSingular ? - pluralize.singular(name): - pluralize.plural(name); + let queryName; + + if (isSingular === 'force') { + queryName = name; + } else { + queryName = isSingular ? + pluralize.singular(name): + pluralize.plural(name); + } // Retrieve policies. - const policies = isSingular ? - _.get(handler, `Query.${pluralize.singular(name)}.policies`, []): - _.get(handler, `Query.${pluralize.plural(name)}.policies`, []); + const policies = _.get(handler, `Query.${queryName}.policies`, []); // Retrieve resolverOf. - const resolverOf = isSingular ? - _.get(handler, `Query.${pluralize.singular(name)}.resolverOf`, ''): - _.get(handler, `Query.${pluralize.plural(name)}.resolverOf`, ''); + const resolverOf = _.get(handler, `Query.${queryName}.resolverOf`, ''); const policiesFn = []; @@ -216,13 +218,13 @@ module.exports = { // or the shadow CRUD resolver (aka Content-Manager). const resolver = (() => { // Try to retrieve custom resolver. - const resolver = isSingular ? - _.get(handler, `Query.${pluralize.singular(name)}.resolver`): - _.get(handler, `Query.${pluralize.plural(name)}.resolver`); + const resolver = _.get(handler, `Query.${queryName}.resolver`); + + if (_.isString(resolver) || _.isPlainObject(resolver)) { + const { handler = resolver } = _.isPlainObject(resolver) ? resolver : {}; - if (_.isString(resolver)) { // Retrieve the controller's action to be executed. - const [ name, action ] = resolver.split('.'); + const [ name, action ] = handler.split('.'); const controller = plugin ? _.get(strapi.plugins, `${plugin}.controllers.${_.toLower(name)}.${action}`): @@ -643,9 +645,20 @@ module.exports = { return acc; } - acc[type][resolver] = _.isFunction(acc[type][resolver]) ? - acc[type][resolver]: - acc[type][resolver].resolver; + if (!_.isFunction(acc[type][resolver])) { + acc[type][resolver] = acc[type][resolver].resolver; + } + + if (_.isString(acc[type][resolver]) || _.isPlainObject(acc[type][resolver])) { + const { plugin = '' } = _.isPlainObject(acc[type][resolver]) ? acc[type][resolver] : {}; + + acc[type][resolver] = this.composeResolver( + strapi.plugins.graphql.config._schema.graphql, + plugin, + resolver, + 'force' // Avoid singular/pluralize and force query name. + ); + } return acc; }, acc);