yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-07-23 00:51:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
strapi/packages/core/content-manager/server/services/permission-checker.js
Alexandre Bodin eca2c57a71 Fix invalid action mapping using unknow action
2023-03-15 18:37:42 +01:00

93 lines
2.7 KiB
JavaScript
Raw Blame History

'use strict';
const { pipeAsync } = require('@strapi/utils');
const ACTIONS = {
read: 'plugin::content-manager.explorer.read',
create: 'plugin::content-manager.explorer.create',
update: 'plugin::content-manager.explorer.update',
delete: 'plugin::content-manager.explorer.delete',
publish: 'plugin::content-manager.explorer.publish',
unpublish: 'plugin::content-manager.explorer.publish',
};
const createPermissionChecker =
(strapi) =>
({ userAbility, model }) => {
const permissionsManager = strapi.admin.services.permission.createPermissionsManager({
ability: userAbility,
model,
});
const toSubject = (entity) => (entity ? permissionsManager.toSubject(entity, model) : model);
const can = (action, entity, field) => {
return userAbility.can(action, toSubject(entity), field);
};
const cannot = (action, entity, field) => {
return userAbility.cannot(action, toSubject(entity), field);
};
const sanitizeOutput = (data, { action = ACTIONS.read } = {}) => {
return permissionsManager.sanitizeOutput(data, { subject: toSubject(data), action });
};
const sanitizeQuery = (query, { action = ACTIONS.read } = {}) => {
return permissionsManager.sanitizeQuery(query, { subject: model, action });
};
const sanitizeInput = (action, data, entity) => {
return permissionsManager.sanitizeInput(data, {
subject: entity ? toSubject(entity) : model,
action,
});
};
const sanitizeCreateInput = (data) => sanitizeInput(ACTIONS.create, data);
const sanitizeUpdateInput = (entity) => (data) => sanitizeInput(ACTIONS.update, data, entity);
const buildPermissionQuery = (query, action) => {
return permissionsManager.addPermissionsQueryTo(query, action);
};
/**
* @param {string} query
* @param {keyof typeof ACTIONS} action
*/
const sanitizedQuery = (query, action) => {
return pipeAsync(
(q) => sanitizeQuery(q, action),
(q) => buildPermissionQuery(q, action)
)(query);
};
// Sanitized queries shortcuts
Object.keys(ACTIONS).forEach((action) => {
sanitizedQuery[action] = (query) => sanitizedQuery(query, ACTIONS[action]);
});
// Permission utils shortcuts
Object.keys(ACTIONS).forEach((action) => {
can[action] = (...args) => can(ACTIONS[action], ...args);
cannot[action] = (...args) => cannot(ACTIONS[action], ...args);
});
return {
// Permission utils
can,
cannot,
// Sanitizers
sanitizeOutput,
sanitizeQuery,
sanitizeCreateInput,
sanitizeUpdateInput,
// Queries Builder
sanitizedQuery,
};
};
module.exports = ({ strapi }) => ({
create: createPermissionChecker(strapi),
});
Reference in New Issue View Git Blame Copy Permalink