yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-07-23 00:51:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
strapi/packages/strapi-admin/controllers/role.js
Jean-Sébastien Herbaux e77679e7bb
Fix author role for the publish permission action (#8153) 
* Prevent Author role to have access to the publish permission in CE

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>

* Fix CE test on role's permissions update

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>

* Fix unit tests

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>
2020-10-02 18:34:13 +02:00

139 lines
3.7 KiB
JavaScript
Raw Blame History

'use strict';
const { yup, formatYupErrors } = require('strapi-utils');
const { validateRoleUpdateInput } = require('../validation/role');
const { validatedUpdatePermissionsInput } = require('../validation/permission');
const { EDITOR_CODE, AUTHOR_CODE, SUPER_ADMIN_CODE } = require('../services/constants');
module.exports = {
/**
* Returns on role by id
* @param {KoaContext} ctx - koa context
*/
async findOne(ctx) {
const { id } = ctx.params;
const role = await strapi.admin.services.role.findOneWithUsersCount({ id });
if (!role) {
return ctx.notFound('role.notFound');
}
ctx.body = {
data: role,
};
},
/**
* Returns every roles
* @param {KoaContext} ctx - koa context
*/
async findAll(ctx) {
const roles = await strapi.admin.services.role.findAllWithUsersCount();
ctx.body = {
data: roles,
};
},
/**
* Updates a role by id
* @param {KoaContext} ctx - koa context
*/
async update(ctx) {
const { id } = ctx.params;
try {
await validateRoleUpdateInput(ctx.request.body);
} catch (err) {
return ctx.badRequest('ValidationError', err);
}
const role = await strapi.admin.services.role.findOne({ id });
if (!role) {
return ctx.notFound('role.notFound');
}
if (role.code === SUPER_ADMIN_CODE) {
return ctx.badRequest("Super admin can't be edited.");
}
const updatedRole = await strapi.admin.services.role.update({ id }, ctx.request.body);
const sanitizedRole = strapi.admin.services.role.sanitizeRole(updatedRole);
ctx.body = {
data: sanitizedRole,
};
},
/**
* Returns the permissions assigned to a role
* @param {KoaContext} ctx - koa context
*/
async getPermissions(ctx) {
const { id } = ctx.params;
const role = await strapi.admin.services.role.findOne({ id });
if (!role) {
return ctx.notFound('role.notFound');
}
const permissions = await strapi.admin.services.permission.find({ role: role.id, _limit: -1 });
const sanitizedPermissions = permissions.map(
strapi.admin.services.permission.sanitizePermission
);
ctx.body = {
data: sanitizedPermissions,
};
},
/**
* Updates the permissions assigned to a role
* @param {KoaContext} ctx - koa context
*/
async updatePermissions(ctx) {
const { id } = ctx.params;
const input = ctx.request.body;
const role = await strapi.admin.services.role.findOne({ id });
if (!role) {
return ctx.notFound('role.notFound');
}
try {
if (role.code === SUPER_ADMIN_CODE) {
const err = new yup.ValidationError("Super admin permissions can't be edited.");
throw formatYupErrors(err);
}
await validatedUpdatePermissionsInput(input, role);
} catch (err) {
return ctx.badRequest('ValidationError', err);
}
let existingPermissions = strapi.admin.services.permission.actionProvider.getAllByMap();
let permissionsToAssign;
if ([EDITOR_CODE, AUTHOR_CODE].includes(role.code)) {
permissionsToAssign = input.permissions.filter(
p => existingPermissions.get(p.action).section !== 'contentTypes'
);
const modifiedPermissions = input.permissions
.filter(p => existingPermissions.get(p.action).section === 'contentTypes')
.map(p => ({
...p,
conditions: role.code === AUTHOR_CODE ? ['admin::is-creator'] : [],
}));
permissionsToAssign.push(...modifiedPermissions);
} else {
permissionsToAssign = input.permissions;
}
const permissions = await strapi.admin.services.permission.assign(role.id, permissionsToAssign);
ctx.body = {
data: permissions,
};
},
};
Reference in New Issue View Git Blame Copy Permalink