From eed26aeef7537af17123fe70f418cd45e62aa338 Mon Sep 17 00:00:00 2001 From: cyril lopez Date: Fri, 1 Dec 2017 15:45:11 +0100 Subject: [PATCH 1/2] Prevent plugins to execute the bootstrap file (frontend) if the plugin users-permissions is in the project or if the user is not logged in --- packages/strapi-admin/admin/src/app.js | 11 +- .../admin/src/containers/AdminPage/index.js | 22 +- packages/strapi-helper-plugin/lib/src/app.js | 16 +- .../admin/src/bootstrap.js | 3 + .../admin/src/bootstrap.js | 3 + .../config/roles.json | 270 +++++++++++++++++- 6 files changed, 311 insertions(+), 14 deletions(-) create mode 100644 packages/strapi-plugin-content-type-builder/admin/src/bootstrap.js create mode 100644 packages/strapi-plugin-settings-manager/admin/src/bootstrap.js diff --git a/packages/strapi-admin/admin/src/app.js b/packages/strapi-admin/admin/src/app.js index 3b547ab7ea..96bb5d56f6 100755 --- a/packages/strapi-admin/admin/src/app.js +++ b/packages/strapi-admin/admin/src/app.js @@ -36,6 +36,7 @@ import LanguageProvider from 'containers/LanguageProvider'; import App from 'containers/App'; import { showNotification } from 'containers/NotificationProvider/actions'; import { pluginLoaded, updatePlugin } from 'containers/App/actions'; +import auth from 'utils/auth'; import configureStore from './store'; import { translationMessages, languages } from './i18n'; @@ -103,7 +104,7 @@ if (window.location.port !== '4000') { // Remove tag. $body.removeChild(script); - + // New attempt with new src. const newScript = document.createElement('script'); newScript.type = 'text/javascript'; @@ -120,6 +121,9 @@ if (window.location.port !== '4000') { }); } +// const isPluginAllowedToRegister = (plugin) => true; +const isPluginAllowedToRegister = (plugin) => plugin.id === 'users-permissions' || plugin.id === 'email' || auth.getToken(); + /** * Public Strapi object exposed to the `window` object */ @@ -134,10 +138,11 @@ const registerPlugin = (plugin) => { merge(translationMessages, plugin.translationMessages); plugin.leftMenuSections = plugin.leftMenuSections || []; + const shouldAllowRegister = isPluginAllowedToRegister(plugin); switch (true) { // Execute bootstrap function and check if plugin can be rendered - case isFunction(plugin.bootstrap) && isFunction(plugin.pluginRequirements): + case isFunction(plugin.bootstrap) && isFunction(plugin.pluginRequirements) && shouldAllowRegister: plugin.pluginRequirements(plugin) .then(plugin => { return plugin.bootstrap(plugin); @@ -153,7 +158,7 @@ const registerPlugin = (plugin) => { }); break; // Execute bootstrap function - case isFunction(plugin.bootstrap): + case isFunction(plugin.bootstrap) && shouldAllowRegister: plugin.bootstrap(plugin).then(plugin => { store.dispatch(pluginLoaded(plugin)); }); diff --git a/packages/strapi-admin/admin/src/containers/AdminPage/index.js b/packages/strapi-admin/admin/src/containers/AdminPage/index.js index a90aeb6d79..25ff200ef8 100644 --- a/packages/strapi-admin/admin/src/containers/AdminPage/index.js +++ b/packages/strapi-admin/admin/src/containers/AdminPage/index.js @@ -14,9 +14,9 @@ import PropTypes from 'prop-types'; import { connect } from 'react-redux'; import { createStructuredSelector } from 'reselect'; import { Switch, Route } from 'react-router-dom'; -import { get, includes, isUndefined } from 'lodash'; +import { get, includes, isFunction, isUndefined, map, omit } from 'lodash'; -import { updatePlugin } from 'containers/App/actions'; +import { pluginLoaded, updatePlugin } from 'containers/App/actions'; import { selectPlugins } from 'containers/App/selectors'; import { hideNotification } from 'containers/NotificationProvider/actions'; @@ -36,6 +36,8 @@ import auth from 'utils/auth'; import styles from './styles.scss'; export class AdminPage extends React.Component { // eslint-disable-line react/prefer-stateless-function + state = { hasAlreadyRegistereOtherPlugins: false }; + getChildContext = () => ( { plugins: this.props.plugins, @@ -66,6 +68,20 @@ export class AdminPage extends React.Component { // eslint-disable-line react/pr if (!this.isUrlProtected(props) && includes(props.location.pathname, 'register') && this.hasAdminUser()) { this.props.history.push('/plugins/users-permissions/auth/login'); } + + if (!this.hasUsersPlugin() || auth.getToken() && !this.state.hasAlreadyRegistereOtherPlugins) { + map(omit(this.props.plugins.toJS(), ['users-permissions', 'email']), plugin => { + if (isFunction(plugin.bootstrap)) { + plugin.bootstrap(plugin) + .then(updatedPlugin => this.props.pluginLoaded(updatedPlugin)) + .catch(err => { + console.log(err); + }); + } + }); + + this.setState({ hasAlreadyRegistereOtherPlugins: true }); + } } hasUsersPlugin = () => !isUndefined(get(this.props.plugins.toJS(), 'users-permissions')); @@ -118,6 +134,7 @@ AdminPage.contextTypes = { AdminPage.propTypes = { history: PropTypes.object.isRequired, location: PropTypes.object.isRequired, + pluginLoaded: PropTypes.func.isRequired, plugins: PropTypes.object.isRequired, updatePlugin: PropTypes.func.isRequired, }; @@ -130,6 +147,7 @@ function mapDispatchToProps(dispatch) { return { onHideNotification: (id) => { dispatch(hideNotification(id)); }, updatePlugin: (pluginId, updatedKey, updatedValue) => { dispatch(updatePlugin(pluginId, updatedKey, updatedValue)); }, + pluginLoaded: (plugin) => { dispatch(pluginLoaded(plugin)); }, dispatch, }; } diff --git a/packages/strapi-helper-plugin/lib/src/app.js b/packages/strapi-helper-plugin/lib/src/app.js index dcb764165e..dccf9d8d6d 100755 --- a/packages/strapi-helper-plugin/lib/src/app.js +++ b/packages/strapi-helper-plugin/lib/src/app.js @@ -83,20 +83,20 @@ if (module.hot) { // Register the plugin. strapi.registerPlugin({ - name: pluginPkg.strapi.name, - icon: pluginPkg.strapi.icon, + blockerComponent: null, + blockerComponentProps: {}, + bootstrap, description: pluginDescription, + icon: pluginPkg.strapi.icon, id: pluginId, + injectedComponents, + layout, leftMenuLinks: [], mainComponent: Comp, - translationMessages, - bootstrap, + name: pluginPkg.strapi.name, pluginRequirements, - layout, preventComponentRendering: false, - blockerComponent: null, - injectedComponents, - blockerComponentProps: {}, + translationMessages, }); // Export store diff --git a/packages/strapi-plugin-content-type-builder/admin/src/bootstrap.js b/packages/strapi-plugin-content-type-builder/admin/src/bootstrap.js new file mode 100644 index 0000000000..57847d0343 --- /dev/null +++ b/packages/strapi-plugin-content-type-builder/admin/src/bootstrap.js @@ -0,0 +1,3 @@ +const bootstrap = (plugin) => Promise.resolve(plugin); + +export default bootstrap; diff --git a/packages/strapi-plugin-settings-manager/admin/src/bootstrap.js b/packages/strapi-plugin-settings-manager/admin/src/bootstrap.js new file mode 100644 index 0000000000..57847d0343 --- /dev/null +++ b/packages/strapi-plugin-settings-manager/admin/src/bootstrap.js @@ -0,0 +1,3 @@ +const bootstrap = (plugin) => Promise.resolve(plugin); + +export default bootstrap; diff --git a/packages/strapi-plugin-users-permissions/config/roles.json b/packages/strapi-plugin-users-permissions/config/roles.json index 45e9908484..be17b61521 100644 --- a/packages/strapi-plugin-users-permissions/config/roles.json +++ b/packages/strapi-plugin-users-permissions/config/roles.json @@ -254,6 +254,140 @@ } } } + }, + "application": { + "controllers": { + "azeaz": { + "find": { + "enabled": true, + "policy": "" + }, + "findOne": { + "enabled": true, + "policy": "" + }, + "create": { + "enabled": true, + "policy": "" + }, + "update": { + "enabled": true, + "policy": "" + }, + "destroy": { + "enabled": true, + "policy": "" + }, + "identity": { + "enabled": true, + "policy": "" + } + }, + "bite": { + "find": { + "enabled": true, + "policy": "" + }, + "findOne": { + "enabled": true, + "policy": "" + }, + "create": { + "enabled": true, + "policy": "" + }, + "update": { + "enabled": true, + "policy": "" + }, + "destroy": { + "enabled": true, + "policy": "" + }, + "identity": { + "enabled": true, + "policy": "" + } + }, + "reaz": { + "find": { + "enabled": true, + "policy": "" + }, + "findOne": { + "enabled": true, + "policy": "" + }, + "create": { + "enabled": true, + "policy": "" + }, + "update": { + "enabled": true, + "policy": "" + }, + "destroy": { + "enabled": true, + "policy": "" + }, + "identity": { + "enabled": true, + "policy": "" + } + }, + "erza": { + "find": { + "enabled": true, + "policy": "" + }, + "findOne": { + "enabled": true, + "policy": "" + }, + "create": { + "enabled": true, + "policy": "" + }, + "update": { + "enabled": true, + "policy": "" + }, + "destroy": { + "enabled": true, + "policy": "" + }, + "identity": { + "enabled": true, + "policy": "" + } + }, + "ez": { + "find": { + "enabled": true, + "policy": "" + }, + "findOne": { + "enabled": true, + "policy": "" + }, + "create": { + "enabled": true, + "policy": "" + }, + "update": { + "enabled": true, + "policy": "" + }, + "destroy": { + "enabled": true, + "policy": "" + }, + "identity": { + "enabled": true, + "policy": "" + } + } + } } } }, @@ -265,7 +399,7 @@ "controllers": { "contentmanager": { "models": { - "enabled": true, + "enabled": false, "policy": "" }, "find": { @@ -512,6 +646,140 @@ } } } + }, + "application": { + "controllers": { + "azeaz": { + "find": { + "enabled": false, + "policy": "" + }, + "findOne": { + "enabled": false, + "policy": "" + }, + "create": { + "enabled": false, + "policy": "" + }, + "update": { + "enabled": false, + "policy": "" + }, + "destroy": { + "enabled": false, + "policy": "" + }, + "identity": { + "enabled": false, + "policy": "" + } + }, + "bite": { + "find": { + "enabled": false, + "policy": "" + }, + "findOne": { + "enabled": false, + "policy": "" + }, + "create": { + "enabled": false, + "policy": "" + }, + "update": { + "enabled": false, + "policy": "" + }, + "destroy": { + "enabled": false, + "policy": "" + }, + "identity": { + "enabled": false, + "policy": "" + } + }, + "reaz": { + "find": { + "enabled": false, + "policy": "" + }, + "findOne": { + "enabled": false, + "policy": "" + }, + "create": { + "enabled": false, + "policy": "" + }, + "update": { + "enabled": false, + "policy": "" + }, + "destroy": { + "enabled": false, + "policy": "" + }, + "identity": { + "enabled": false, + "policy": "" + } + }, + "erza": { + "find": { + "enabled": false, + "policy": "" + }, + "findOne": { + "enabled": false, + "policy": "" + }, + "create": { + "enabled": false, + "policy": "" + }, + "update": { + "enabled": false, + "policy": "" + }, + "destroy": { + "enabled": false, + "policy": "" + }, + "identity": { + "enabled": false, + "policy": "" + } + }, + "ez": { + "find": { + "enabled": false, + "policy": "" + }, + "findOne": { + "enabled": false, + "policy": "" + }, + "create": { + "enabled": false, + "policy": "" + }, + "update": { + "enabled": false, + "policy": "" + }, + "destroy": { + "enabled": false, + "policy": "" + }, + "identity": { + "enabled": false, + "policy": "" + } + } + } } } } From 46498ca2d72b6df638f641b94e3310c330565d76 Mon Sep 17 00:00:00 2001 From: cyril lopez Date: Fri, 1 Dec 2017 15:53:54 +0100 Subject: [PATCH 2/2] Prevent from searching admin users --- .../admin/src/containers/EditPage/actions.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/strapi-plugin-users-permissions/admin/src/containers/EditPage/actions.js b/packages/strapi-plugin-users-permissions/admin/src/containers/EditPage/actions.js index b02d086681..8c461e2220 100644 --- a/packages/strapi-plugin-users-permissions/admin/src/containers/EditPage/actions.js +++ b/packages/strapi-plugin-users-permissions/admin/src/containers/EditPage/actions.js @@ -113,7 +113,7 @@ export function getUser(user) { export function getUserSucceeded(users) { return { type: GET_USER_SUCCEEDED, - users, + users: users.filter(o => o.role.toString() !== '0'), }; }