Fix authorization issues due to null subject registration

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>
2025-09-21 14:31:16 +00:00 · 2020-07-07 10:44:45 +02:00 · 2020-07-07 10:44:45 +02:00 · c9ebae4c9f
commit c9ebae4c9f
parent 0cf76721e9
3 changed files with 7 additions and 13 deletions
--- a/packages/strapi-admin/services/permission/engine.js
+++ b/packages/strapi-admin/services/permission/engine.js
@ -96,7 +96,7 @@ module.exports = conditionProvider => ({
    // Transform each result into registerFn options
    const transformToRegisterOptions = map(result => ({
      action,
-      subject,
+      subject: subject || 'all',
      fields,
      condition: result,
    }));
--- a/packages/strapi-admin/services/role.js
+++ b/packages/strapi-admin/services/role.js
@ -219,12 +219,8 @@ const createRolesIfNoneExist = async ({ createPermissionsForAdmin = false } = {}

  // add plugin permissions for each role
  const defaultPluginPermissions = [
-    { action: 'plugins::upload.assets.create', subject: 'plugins::upload.file' },
-    {
-      action: 'plugins::upload.assets.update',
-      subject: 'plugins::upload.file',
-      conditions: ['admin::is-creator'],
-    },
+    { action: 'plugins::upload.assets.create' },
+    { action: 'plugins::upload.assets.update', conditions: ['admin::is-creator'] },
    { action: 'plugins::upload.assets.download' },
    { action: 'plugins::upload.assets.copy-link' },
  ].map(createPermission);
--- a/packages/strapi-plugin-upload/admin/src/permissions.js
+++ b/packages/strapi-plugin-upload/admin/src/permissions.js
@ -7,11 +7,11 @@ const pluginPermissions = {
    { action: 'plugins::upload.read', subject: null },
    {
      action: 'plugins::upload.assets.create',
-      subject: 'plugins::upload.file',
+      subject: null,
    },
    {
      action: 'plugins::upload.assets.update',
-      subject: 'plugins::upload.file',
+      subject: null,
    },
  ],
  copyLink: [
@ -23,7 +23,7 @@ const pluginPermissions = {
  create: [
    {
      action: 'plugins::upload.assets.create',
-      subject: 'plugins::upload.file',
+      subject: null,
    },
  ],
  download: [
@ -34,9 +34,7 @@ const pluginPermissions = {
  ],
  read: [{ action: 'plugins::upload.read', subject: null }],
  settings: [{ action: 'plugins::upload.settings.read', subject: null }],
-  update: [
-    { action: 'plugins::upload.assets.update', subject: 'plugins::upload.file', fields: null },
-  ],
+  update: [{ action: 'plugins::upload.assets.update', subject: null, fields: null }],
 };

 export default pluginPermissions;