yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-09-22 06:50:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature(ee): migrate stages into RBAC versions

Browse Source
This commit is contained in:
Jamie Howard 2023-09-12 15:40:23 +01:00
parent a8580fef02
commit e53cb36ee2
4 changed files with 67 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
packages/core/admin/ee/server/migrations/review-workflows-stages-roles.js Normal file
View File

@ -0,0 +1,54 @@
'use strict';
const { STAGE_TRANSITION_UID, STAGE_MODEL_UID } = require('../constants/workflows');
const { getService } = require('../utils');
async function migrateReviewWorkflowStagesRoles({ oldContentTypes, contentTypes }) {
const stageUID = 'admin::workflow-stage';
const hadRolePermissions = !!oldContentTypes?.[stageUID]?.attributes?.permissions;
const hasRolePermissions = !!contentTypes?.[stageUID]?.attributes?.permissions;
// If the stage content type did not have permissions in the previous version
// then we set the permissions of every stage to be every current role in the app.
// This ensures consistent behaviour when upgrading to a strapi version with review workflows RBAC.
if (!hadRolePermissions && hasRolePermissions) {
const stagePermissionsService = getService('stage-permissions');
const stages = await strapi.query(stageUID).findMany();
const roles = await strapi.query('admin::role').findMany();
// Collect the permissions to add and group them by stage id.
const groupedPermissions = {};
roles
.map((role) => role.id)
.forEach((id) => {
stages
.map((stage) => stage.id)
.forEach((stageId) => {
if (!groupedPermissions[stageId]) {
groupedPermissions[stageId] = [];
}
groupedPermissions[stageId].push({
roleId: id,
fromStage: stageId,
action: STAGE_TRANSITION_UID,
});
});
});
for (const [stageId, permissions] of Object.entries(groupedPermissions)) {
// Register the permissions for this stage
const stagePermissions = await stagePermissionsService.registerMany(permissions);
// Update the stage with its new permissions
await strapi.entityService.update(STAGE_MODEL_UID, Number(stageId), {
data: {
permissions: stagePermissions.flat().map((p) => p.id),
},
});
}
}
}
module.exports = migrateReviewWorkflowStagesRoles;

2
packages/core/admin/ee/server/register.js
View File

@ -4,6 +4,7 @@ const { features } = require('@strapi/strapi/lib/utils/ee');
const executeCERegister = require('../../server/register'); const executeCERegister = require('../../server/register');
const migrateAuditLogsTable = require('./migrations/audit-logs-table'); const migrateAuditLogsTable = require('./migrations/audit-logs-table');
const migrateReviewWorkflowStagesColor = require('./migrations/review-workflows-stages-color'); const migrateReviewWorkflowStagesColor = require('./migrations/review-workflows-stages-color');
const migrateReviewWorkflowStagesRoles = require('./migrations/review-workflows-stages-roles');
const migrateReviewWorkflowName = require('./migrations/review-workflows-workflow-name'); const migrateReviewWorkflowName = require('./migrations/review-workflows-workflow-name');
const migrateWorkflowsContentTypes = require('./migrations/review-workflows-content-types'); const migrateWorkflowsContentTypes = require('./migrations/review-workflows-content-types');
const migrateStageAttribute = require('./migrations/review-workflows-stage-attribute'); const migrateStageAttribute = require('./migrations/review-workflows-stage-attribute');
@ -26,6 +27,7 @@ module.exports = async ({ strapi }) => {
strapi strapi
.hook('strapi::content-types.afterSync') .hook('strapi::content-types.afterSync')
.register(migrateReviewWorkflowStagesColor) .register(migrateReviewWorkflowStagesColor)
.register(migrateReviewWorkflowStagesRoles)
.register(migrateReviewWorkflowName) .register(migrateReviewWorkflowName)
.register(migrateWorkflowsContentTypes) .register(migrateWorkflowsContentTypes)
.register(migrateDeletedCTInWorkflows); .register(migrateDeletedCTInWorkflows);

2
packages/core/admin/ee/server/services/review-workflows/stage-permissions.js
View File

@ -15,7 +15,7 @@ module.exports = ({ strapi }) => {
const permissionService = getService('permission'); const permissionService = getService('permission');
return { return {
async register(roleId, action, fromStage) { async register({ roleId, action, fromStage }) {
if (!validActions.includes(action)) { if (!validActions.includes(action)) {
throw new ApplicationError(`Invalid action ${action}`); throw new ApplicationError(`Invalid action ${action}`);
} }

12
packages/core/admin/ee/server/services/review-workflows/stages.js
View File

@ -61,7 +61,11 @@ module.exports = ({ strapi }) => {
stagePermissions, stagePermissions,
// Register each stage permission // Register each stage permission
(permission) => (permission) =>
stagePermissionsService.register(permission.role, permission.action, stageId) stagePermissionsService.register({
roleId: permission.role,
action: permission.action,
fromStage: stageId,
})
); );
// Update stage with the new permissions // Update stage with the new permissions
@ -85,7 +89,11 @@ module.exports = ({ strapi }) => {
await this.deleteStagePermissions([srcStage]); await this.deleteStagePermissions([srcStage]);
const permissions = await mapAsync(destStage.permissions, (permission) => const permissions = await mapAsync(destStage.permissions, (permission) =>
stagePermissionsService.register(permission.role, permission.action, stageId) stagePermissionsService.register({
roleId: permission.role,
action: permission.action,
fromStage: stageId,
})
); );
stagePermissions = permissions.flat().map((p) => p.id); stagePermissions = permissions.flat().map((p) => p.id);
} }