yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-11-20 12:08:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
strapi/packages/strapi-admin/services/permission/permissions-manager/index.js
Alexandre BODIN 54af039f17
Fix is-creator condition not applied on find (#9213) 
* Fix is-creator condition not applied on find

* Add test
2021-01-26 10:18:43 +01:00

76 lines
2.1 KiB
JavaScript
Raw Blame History

'use strict';
const _ = require('lodash');
const { subject: asSubject } = require('@casl/ability');
const { permittedFieldsOf } = require('@casl/ability/extra');
const {
sanitizeEntity,
contentTypes: { constants },
} = require('strapi-utils');
const { buildStrapiQuery, buildCaslQuery } = require('./query-builers');
module.exports = ({ ability, action, model }) => ({
ability,
action,
model,
get isAllowed() {
return this.ability.can(action, model);
},
toSubject(target, subjectType = model) {
return asSubject(subjectType, target);
},
pickPermittedFieldsOf(data, options = {}) {
return this.sanitize(data, { ...options, isOutput: false });
},
getQuery(queryAction = action) {
if (_.isUndefined(queryAction)) {
throw new Error('Action must be defined to build a permission query');
}
return buildStrapiQuery(buildCaslQuery(ability, queryAction, model));
},
queryFrom(query = {}, action) {
const permissionQuery = this.getQuery(action);
return {
...query,
_where: query._where ? _.concat(permissionQuery, query._where) : [permissionQuery],
};
},
sanitize(data, options = {}) {
const {
subject = this.toSubject(data),
action: actionOverride = action,
withPrivate = true,
isOutput = true,
} = options;
if (_.isArray(data)) {
return data.map(entity => this.sanitize(entity, { action, withPrivate, isOutput }));
}
const permittedFields = permittedFieldsOf(ability, actionOverride, subject);
const hasAtLeastOneRegisteredField = _.some(
_.flatMap(ability.rulesFor(actionOverride, subject), 'fields')
);
const shouldIncludeAllFields = _.isEmpty(permittedFields) && !hasAtLeastOneRegisteredField;
const sanitizedEntity = sanitizeEntity(data, {
model: strapi.getModel(model),
includeFields: shouldIncludeAllFields ? null : permittedFields,
withPrivate,
isOutput,
});
return _.omit(sanitizedEntity, [
`${constants.CREATED_BY_ATTRIBUTE}.roles`,
`${constants.UPDATED_BY_ATTRIBUTE}.roles`,
]);
},
});
Reference in New Issue View Git Blame Copy Permalink