From ff0b5a13a476f166c29e8b42864e7e59d1e71960 Mon Sep 17 00:00:00 2001 From: Alexandre Bodin Date: Wed, 27 May 2020 17:15:58 +0200 Subject: [PATCH] Init permissions routes Signed-off-by: Alexandre Bodin --- packages/strapi-admin/config/routes.json | 16 ++++++ packages/strapi-admin/controllers/role.js | 52 +++++++++++++++++++ packages/strapi-admin/services/permissions.js | 14 +++++ .../middlewares/router/utils/routerChecker.js | 6 +++ 4 files changed, 88 insertions(+) create mode 100644 packages/strapi-admin/services/permissions.js diff --git a/packages/strapi-admin/config/routes.json b/packages/strapi-admin/config/routes.json index 99ffeb63ae..43419a4f94 100644 --- a/packages/strapi-admin/config/routes.json +++ b/packages/strapi-admin/config/routes.json @@ -146,6 +146,22 @@ "policies": [] } }, + { + "method": "GET", + "path": "/roles/:id/permissions", + "handler": "role.getPermissions", + "config": { + "policies": [] + } + }, + { + "method": "PUT", + "path": "/roles/:id/permissions", + "handler": "role.updatePermissions", + "config": { + "policies": [] + } + }, { "method": "GET", "path": "/roles/:id", diff --git a/packages/strapi-admin/controllers/role.js b/packages/strapi-admin/controllers/role.js index 3644e9f9c4..204e2c4153 100644 --- a/packages/strapi-admin/controllers/role.js +++ b/packages/strapi-admin/controllers/role.js @@ -3,6 +3,10 @@ const { validateRoleUpdateInput } = require('../validation/role'); module.exports = { + /** + * Returns on role by id + * @param {KoaContext} ctx - koa context + */ async findOne(ctx) { const { id } = ctx.params; const role = await strapi.admin.services.role.findOneWithUsersCount({ id }); @@ -15,6 +19,11 @@ module.exports = { data: role, }; }, + + /** + * Returns every roles + * @param {KoaContext} ctx - koa context + */ async findAll(ctx) { const roles = await strapi.admin.services.role.findAllWithUsersCount(); @@ -22,6 +31,11 @@ module.exports = { data: roles, }; }, + + /** + * Updates a role by id + * @param {KoaContext} ctx - koa context + */ async update(ctx) { const { id } = ctx.params; @@ -43,4 +57,42 @@ module.exports = { data: sanitizedRole, }; }, + + /** + * Returns the permissions assigned to a role + * @param {KoaContext} ctx - koa context + */ + async getPermissions(ctx) { + const { id } = ctx.params; + + const role = await strapi.admin.services.role.findOne({ id }); + + if (!role) { + return ctx.notFound('role.notFound'); + } + + const permissions = await strapi.admin.services.permissions.find({ role: role.id }); + + ctx.body = { + data: permissions, + }; + }, + + /** + * Updates the permissions assigned to a role + * @param {KoaContext} ctx - koa context + */ + async updatePermissions(ctx) { + const { id } = ctx.params; + + const role = await strapi.admin.services.role.findOne({ id }); + + if (!role) { + return ctx.notFound('role.notFound'); + } + + ctx.body = { + data: [], + }; + }, }; diff --git a/packages/strapi-admin/services/permissions.js b/packages/strapi-admin/services/permissions.js new file mode 100644 index 0000000000..8243d1b257 --- /dev/null +++ b/packages/strapi-admin/services/permissions.js @@ -0,0 +1,14 @@ +'use strict'; + +/** + * Find assigned permissions in the database + * @param params query params to find the permissions + * @returns {Promise>} + */ +const find = (params = {}) => { + return strapi.query('permission', 'admin').find(params, []); +}; + +module.exports = { + find, +}; diff --git a/packages/strapi/lib/middlewares/router/utils/routerChecker.js b/packages/strapi/lib/middlewares/router/utils/routerChecker.js index 0a4ac595b6..5fe9e05fcd 100644 --- a/packages/strapi/lib/middlewares/router/utils/routerChecker.js +++ b/packages/strapi/lib/middlewares/router/utils/routerChecker.js @@ -30,6 +30,12 @@ module.exports = strapi => controller = strapi.controllers[controllerKey] || strapi.admin.controllers[controllerKey]; } + if (!_.isFunction(controller[actionName])) { + strapi.stopWithError( + `Error creating endpoint ${method} ${endpoint}: handler not found "${controllerKey}.${actionName}"` + ); + } + const action = controller[actionName].bind(controller); // Retrieve the API's name where the controller is located