yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-09-21 22:40:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix authorization issues due to null subject registration

Browse Source 
Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>
This commit is contained in:
Convly 2020-07-07 10:44:45 +02:00 committed by Alexandre Bodin
parent 0cf76721e9
commit c9ebae4c9f
3 changed files with 7 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/strapi-admin/services/permission/engine.js
View File

@ -96,7 +96,7 @@ module.exports = conditionProvider => ({
// Transform each result into registerFn options // Transform each result into registerFn options
const transformToRegisterOptions = map(result => ({ const transformToRegisterOptions = map(result => ({
action, action,
subject, subject: subject || 'all',
fields, fields,
condition: result, condition: result,
})); }));

8
packages/strapi-admin/services/role.js
View File

@ -219,12 +219,8 @@ const createRolesIfNoneExist = async ({ createPermissionsForAdmin = false } = {}
// add plugin permissions for each role // add plugin permissions for each role
const defaultPluginPermissions = [ const defaultPluginPermissions = [
{ action: 'plugins::upload.assets.create', subject: 'plugins::upload.file' }, { action: 'plugins::upload.assets.create' },
{ { action: 'plugins::upload.assets.update', conditions: ['admin::is-creator'] },
action: 'plugins::upload.assets.update',
subject: 'plugins::upload.file',
conditions: ['admin::is-creator'],
},
{ action: 'plugins::upload.assets.download' }, { action: 'plugins::upload.assets.download' },
{ action: 'plugins::upload.assets.copy-link' }, { action: 'plugins::upload.assets.copy-link' },
].map(createPermission); ].map(createPermission);

10
packages/strapi-plugin-upload/admin/src/permissions.js
View File

@ -7,11 +7,11 @@ const pluginPermissions = {
{ action: 'plugins::upload.read', subject: null }, { action: 'plugins::upload.read', subject: null },
{ {
action: 'plugins::upload.assets.create', action: 'plugins::upload.assets.create',
subject: 'plugins::upload.file', subject: null,
}, },
{ {
action: 'plugins::upload.assets.update', action: 'plugins::upload.assets.update',
subject: 'plugins::upload.file', subject: null,
}, },
], ],
copyLink: [ copyLink: [
@ -23,7 +23,7 @@ const pluginPermissions = {
create: [ create: [
{ {
action: 'plugins::upload.assets.create', action: 'plugins::upload.assets.create',
subject: 'plugins::upload.file', subject: null,
}, },
], ],
download: [ download: [
@ -34,9 +34,7 @@ const pluginPermissions = {
], ],
read: [{ action: 'plugins::upload.read', subject: null }], read: [{ action: 'plugins::upload.read', subject: null }],
settings: [{ action: 'plugins::upload.settings.read', subject: null }], settings: [{ action: 'plugins::upload.settings.read', subject: null }],
update: [ update: [{ action: 'plugins::upload.assets.update', subject: null, fields: null }],
{ action: 'plugins::upload.assets.update', subject: 'plugins::upload.file', fields: null },
],
}; };
export default pluginPermissions; export default pluginPermissions;