strapi

mirror of https://github.com/strapi/strapi.git synced 2025-08-06 15:53:11 +00:00

Author	SHA1	Message	Date
Ben Irvin	6a73f62377	allow hidden in permissions manager	2023-08-25 12:38:42 +02:00
Ben Irvin	97576fdaad	add tests and fixes	2023-08-25 11:59:37 +02:00
Ben Irvin	fc069e6b0f	match sanitize	2023-08-25 09:55:33 +02:00
Ben Irvin	2cd33050fe	revert refactoring	2023-08-25 09:54:28 +02:00
Ben Irvin	e8efa10a4c	revert traversals	2023-08-25 09:46:50 +02:00
Ben Irvin	39661e4063	fix typo	2023-08-24 14:37:48 +02:00
Ben Irvin	aedf994e20	Merge branch 'main' into fix/sanitization-throw-instead-of-filter	2023-08-24 14:35:58 +02:00
Ben Irvin	406815c8e6	remove accidental line	2023-08-24 12:47:50 +02:00
Ben Irvin	f1015c3094	add util for throwing standardized validationerror	2023-08-22 12:19:30 +02:00
Marc Roig	8ed02e8301	Merge branch 'feature/rw-stage-default-sort' into feat/default-sort-by-non-visible-attrs	2023-08-22 10:43:14 +02:00
Ben Irvin	ff32681b9a	rename exports	2023-08-22 10:33:23 +02:00
Ben Irvin	1f58a64e0b	move assertions to one function	2023-08-21 13:40:13 +02:00
Ben Irvin	50f1b1e809	remove old code	2023-08-21 12:49:31 +02:00
Ben Irvin	0852b6aa4b	Update packages/core/admin/server/services/permission/permissions-manager/validate.js Co-authored-by: Christian <christian.capeans.perez@strapi.io>	2023-08-21 12:43:43 +02:00
Ben Irvin	6ea17eea67	organize imports	2023-08-11 16:21:16 +02:00
Ben Irvin	9aa41eff5e	add docs and fix broken require	2023-08-11 16:05:11 +02:00
Ben Irvin	dce86bec5c	validate does not sanitize	2023-08-11 13:13:44 +02:00
Fernando Chavez	3b7d23f061	Add creator fields to filters and list view	2023-08-11 11:51:31 +02:00
Ben Irvin	995473d959	add utils.validate and replace sanitize usage	2023-08-10 15:24:35 +02:00
Fernando Chávez	a42b53e3c8	Revert "Feat: Add creator fields as filters and to list view"	2023-07-27 11:06:17 +02:00
Fernando Chavez	1625aa419c	fix error on traverse functions and add tests	2023-07-26 17:27:14 +02:00
Fernando Chavez	7b67b767dd	add creator fields to filters and list	2023-07-26 17:27:14 +02:00
Alexandre BODIN	3c814ec30c	Revert "Feat: Add creator fields as filter options"	2023-07-26 10:14:05 +02:00
Fernando Chavez	f850c135c2	include creator attributes on queryFields and fix creator attributes config	2023-07-25 14:02:43 +02:00
Fernando Chavez	adf2aac0c4	revert changes	2023-07-25 14:02:43 +02:00
Fernando Chavez	fb20e3623e	don't show author fields on edit view if user doesn't have permissions	2023-07-25 14:02:43 +02:00
Fernando Chavez	d0acdba51c	don't return non writtable attrs on snaitized outpud because they are already handled	2023-07-25 14:02:43 +02:00
Marc-Roig	0a20858700	chore: add creator fields in sanitize query	2023-07-25 11:20:59 +02:00
Marc-Roig	723ae05bd3	feat: filter by non visible and writtable fields	2023-07-25 11:20:59 +02:00
Alexandre Bodin	63a0ff708e	Fix relative imports	2023-06-26 09:39:58 +02:00
Marc-Roig	28ebe15abe	add published at attribute to be filterable and sortable	2023-03-16 17:18:29 +01:00
Ben Irvin	801e3db415	add traverse query fix single type fix query sanitize pagination count params add comments Cleanup the params/filters sanitize helpers sanitize association resolver Sanitize sort fix graphql single type fix graphql types fix addFindQuery Sanitize fields Update sanitize sort to handle all the different formats Update fields sanitize to handle regular strings & wildcard Fix non scalar recursion Add a traverse factory Add visitor to remove dz & morph relations Replace the old traverse utils (sort, filters) by one created using the traverse factory add sanitize populate await args fix async and duplicate sanitization sanitize u&p params Add traverse fields Fix traverse & sanitize fields add traverse fields to nested populate sanitize admin api filter queries Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com> sanitize sort params in admin API todo make token fields unsearchable with _q sanitize delete mutation Update packages/core/admin/server/services/permission/permissions-manager/sanitize.js Co-authored-by: Jamie Howard <48524071+jhoward1994@users.noreply.github.com> fix errors on queries without ctx rename findParams to sanitizedParams Sanitize queries everywhere in the content manager admin controllers sanitize single type update and delete Ignore non attribute keys in the sanitize sort Fix the sanitize query sort for nested string sort Fix permission check for the admin typo sanitize upload sanitize admin media library sanitize admin users Add missing await Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com> set U&P users fields to searchable:false add token support to createContentAPIRequest add searchable:false to getstarted U&P schema remove comment sanitize component resolver remove await add searchable false to the file's folder path Fix admin query when the permission query is set to null add basic tests for filtering private params add tests for fields add pagination tests Fix admin user fields not being sanitized Fix convert query params for the morph fragment on undefined value Traverse dynamic zone on nested populate Handle nested sort, filters & fields in populate queries + handle populate fragment for morphTo relations Sanitize 'on' subpopulate Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com> don't throw error on invalid attributes check models for snake case column name instead of assuming they are operators Add first batch of api tests for params sanitize Fix sort traversal: handle object arrays Put back removePassword for fields,sort,filters Add schemas and fixtures for sanitize api tests Add tests for relations (sanitize api tests) Move constant to domain scope Rename sanitize params to sanitize query Fix typo Cleanup fixtures file Fix variable name conflict Update packages/core/admin/server/services/permission/permissions-manager/sanitize.js Co-authored-by: Alexandre BODIN <alexandrebodin@users.noreply.github.com> Update comment for array filters Rename sanitize test Test implicit & explicit array operator for filter Remove unused code	2023-03-15 14:59:19 +01:00
Alexandre Bodin	e0e2084422	Move RBAC into CE	2023-03-06 21:46:45 +01:00
Fernando Chavez	ab54a49736	Edit in permission events' name and in roles emitting	2022-12-21 14:31:43 +01:00
Fernando Chavez	e4a9fd95f3	Creating new events for the permissions and handle them on the service level	2022-12-21 13:12:22 +01:00
Simone Taeggi	e1a0ae803e	Merge branch 'main' into features/api-token-v2	2022-09-08 22:16:55 +02:00
Alexandre Bodin	4e989321e3	Fix eslint core/admin	2022-09-05 16:15:21 +02:00
Ben Irvin	b2b1432322	Merge branch 'features/api-token-v2' into api-token-v2/permissions-for-api-token	2022-08-18 12:20:45 +02:00
Bassel Kanso	baad6fd93f	Merge branch 'main' into features/api-token-v2	2022-08-18 12:18:09 +03:00
Ben Irvin	88c243243d	make error message unique	2022-08-16 10:18:41 +02:00
Alexandre Bodin	cf49ddbbfc	Prettier and backend fix	2022-08-11 10:20:49 +02:00
Convly	31ef51e245	Update wording	2022-08-01 10:48:01 +02:00
Convly	43e360a641	Fix format permission handler argument	2022-07-28 17:05:29 +02:00
Convly	456f945d1e	Fix condition checks	2022-07-22 10:43:06 +02:00
Convly	ddb6a91503	Make RBAC an implementation of the @strapi/permissions engine	2022-07-21 10:41:40 +02:00
Convly	7f6d194905	Use schema.config.attributes instead schema.attributes	2022-05-02 14:41:24 +02:00
Convly	1d50038e44	Remove hidden fields from the admin API responses	2022-04-26 10:39:50 +02:00
Demian Caldelas	69ce8b5287	Fix sanity check for @casl/ability upgrade #12232 (#12265 ) * Fix sanity checks for @casl/ability upgrade * Add comments for previous commit * Fix sanity checks for @casl/ability upgrade #12232	2022-01-26 09:55:17 +01:00
harimkims	31259dbf4a	Remove unnecessary bracket in the end	2022-01-17 14:13:33 +01:00
Kim, Harim	9e8655716d	Refactor code Co-authored-by: Jean-Sébastien Herbaux <jean-sebastien.herbaux@epitech.eu>	2022-01-17 14:13:33 +01:00

1 2

66 Commits