28 Commits

Author SHA1 Message Date
Alexandre Bodin
e68afb0e1e chore: inverse control of contentAPI sanitize & validate 2024-03-21 22:26:41 +01:00
Alexandre Bodin
a95285578b chore: database enhancements 2024-03-13 22:13:40 +01:00
Ben Irvin
dce86bec5c validate does not sanitize 2023-08-11 13:13:44 +02:00
Ben Irvin
995473d959 add utils.validate and replace sanitize usage 2023-08-10 15:24:35 +02:00
Ben Irvin
801e3db415 add traverse query
fix single type

fix query

sanitize pagination count params

add comments

Cleanup the params/filters sanitize helpers

sanitize association resolver

Sanitize sort

fix graphql single type

fix graphql types

fix addFindQuery

Sanitize fields

Update sanitize sort to handle all the different formats

Update fields sanitize to handle regular strings & wildcard

Fix non scalar recursion

Add a traverse factory

Add visitor to remove dz & morph relations

Replace the old traverse utils (sort, filters) by one created using the traverse factory

add sanitize populate

await args

fix async and duplicate sanitization

sanitize u&p params

Add traverse fields

Fix traverse & sanitize fields

add traverse fields to nested populate

sanitize admin api filter queries

Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com>

sanitize sort params in admin API

todo

make token fields unsearchable with _q

sanitize delete mutation

Update packages/core/admin/server/services/permission/permissions-manager/sanitize.js

Co-authored-by: Jamie Howard <48524071+jhoward1994@users.noreply.github.com>

fix errors on queries without ctx

rename findParams to sanitizedParams

Sanitize queries everywhere in the content manager admin controllers

sanitize single type update and delete

Ignore non attribute keys in the sanitize sort

Fix the sanitize query sort for nested string sort

Fix permission check for the admin

typo

sanitize upload

sanitize admin media library

sanitize admin users

Add missing await

Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com>

set U&P users fields to searchable:false

add token support to createContentAPIRequest

add searchable:false to getstarted U&P schema

remove comment

sanitize component resolver

remove await

add searchable false to the file's folder path

Fix admin query when the permission query is set to null

add basic tests for filtering private params

add tests for fields

add pagination tests

Fix admin user fields not being sanitized

Fix convert query params for the morph fragment on undefined value

Traverse dynamic zone on nested populate

Handle nested sort, filters & fields in populate queries + handle populate fragment for morphTo relations

Sanitize 'on' subpopulate

Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com>

don't throw error on invalid attributes

check models for snake case column name instead of assuming they are operators

Add first batch of api tests for params sanitize

Fix sort traversal: handle object arrays

Put back removePassword for fields,sort,filters

Add schemas and fixtures for sanitize api tests

Add tests for relations (sanitize api tests)

Move constant to domain scope

Rename sanitize params to sanitize query

Fix typo

Cleanup fixtures file

Fix variable name conflict

Update packages/core/admin/server/services/permission/permissions-manager/sanitize.js

Co-authored-by: Alexandre BODIN <alexandrebodin@users.noreply.github.com>

Update comment for array filters

Rename sanitize test

Test implicit & explicit array operator for filter

Remove unused code
2023-03-15 14:59:19 +01:00
Alexandre Bodin
e57f02d2d9 Fix eslint in plugins folder 2022-09-05 15:18:24 +02:00
Alexandre Bodin
cf49ddbbfc Prettier and backend fix 2022-08-11 10:20:49 +02:00
Alexandre Bodin
0ae14c06cb 1st fix pass 2022-08-11 10:20:48 +02:00
Convly
bdb5a3ee89 Merge branch 'releases/4.3.0' into features/typescript 2022-06-30 16:08:51 +02:00
Alexandre Bodin
f925e93db4 Complete U&P documentation 2022-06-04 09:48:31 +02:00
Alexandre Bodin
64852e9cda Allow query params for /me 2022-06-01 19:11:18 +02:00
Convly
66e3aa5dcb Merge branch 'master' into features/typescript 2022-05-24 08:02:38 +02:00
Alexandre Bodin
810fc0a857 Merge branch 'master' into fix/handle-update-error-if-user-not-found 2022-05-19 22:03:36 +02:00
harimkims
683f0484f1 Fix wrong input parameter in user update controller 2022-03-03 23:59:32 +09:00
harimkims
183bad03d3 Replace fetch, fetchAll query with entityService 2022-03-03 22:56:58 +09:00
Kim, Harim
2b877b3a55
Merge branch 'strapi:master' into fix/populate-user 2022-03-02 15:14:43 +09:00
kayac-chang
04d8de7c38 fix: handle user not found error 2022-01-14 14:34:17 +08:00
Kim, Harim
0fd0f57126
Fix Update user does not update component attribute (#11871)
* use entityService to update user instead of old query, add update test

Signed-off-by: harimkims <harimkims@gmail.com>

* fix e2e test

* Add component update test

* Remove console.log

Co-authored-by: Jean-Sébastien Herbaux <jean-sebastien.herbaux@epitech.eu>
2022-01-05 15:54:58 +01:00
harimkims
54d10ec83c Fix e2e test 2021-12-21 11:24:39 +09:00
harimkims
5ba0d2d657 Fix unable to populate user
Signed-off-by: harimkims <harimkims@gmail.com>
2021-12-21 10:43:36 +09:00
harimkims
26c8dfbe5f send filter in context query
Signed-off-by: harimkims <harimkims@gmail.com>
2021-12-14 19:30:24 +09:00
Convly
07fef39592 Merge branch 'releases/v4' of github.com:strapi/strapi into v4/up-resolvers-picker-fix 2021-11-09 18:38:20 +01:00
Pierre Noël
c6a5a047d6 Merge branch 'releases/v4' into v4/error-handling 2021-11-05 10:40:11 +01:00
Jean-Sébastien Herbaux
7f285fb755
[V4] Enhanced sanitize & remove restricted relations from content API's payloads (#11411)
* Rework sanitizeEntity, first iteration

* remove console.log

* Remove useless comments

* Fix e2e tests

* Fix up user e2e test

* Fix remove-restricted-relations visitor

* Handle grapqhql resolver, prevent access to restricted relations

* Handle polymorphic relation in the related visitor

* Remove morph attribute if empty

* Use only the find action to check if the relation is allowed
2021-11-04 15:47:53 +01:00
Convly
14d6a5b2c4 Fix users-permissions user controllers permissions 2021-11-04 15:18:09 +01:00
Pierre Noël
b58274aecb refactor error handling 2021-11-04 11:41:29 +01:00
Alexandre Bodin
733b5d8690 Cleanup u-p plugin 2021-09-07 15:11:10 +02:00
Pierre Noël
98719b6c64 migrate plugin structures to V4 2021-08-19 16:49:33 +02:00