yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-07-25 09:56:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
strapi/packages/strapi-plugin-upload/controllers/upload/admin.js
Jean-Sébastien Herbaux e55ea1d6b5
Hide creator fields from public api by default (#8052) 
* Add model option to hide/show creators fields in public API response

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>

* Add content-types util, rework sanitize-entity's private handling

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>

* Update search e2e tests, fix an issue on empty search for the core-api controller (find)

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>

* Fix GraphQL plugin (handle privates attributes on typeDefs + resolver builds)

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>

* Fix sanitizeEntity import

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>

* Move doc update from beta to stable

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>

* Fix e2e test

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>

* Fix pr comments

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>

* Remove creator's field from upload controller routes

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>

* Fix typedef build for graphql association

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>

* Fix pr (comments + several issues)

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>

* Add tests for search behavior in content-manager

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>

* Rename files variables to meaningful names (upload controllers)

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>

* Fix test with search id matching serialNumber

Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>

* Add toHasBeenCalledWith check for config.get (utils/content-types.test.js)

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>

Co-authored-by: Alexandre Bodin <bodin.alex@gmail.com>
2020-10-01 17:47:08 +02:00

216 lines
5.5 KiB
JavaScript
Raw Blame History

'use strict';
const _ = require('lodash');
const validateSettings = require('../validation/settings');
const validateUploadBody = require('../validation/upload');
const ACTIONS = {
read: 'plugins::upload.read',
readSettings: 'plugins::upload.settings.read',
create: 'plugins::upload.assets.create',
update: 'plugins::upload.assets.update',
download: 'plugins::upload.assets.download',
copyLink: 'plugins::upload.assets.copy-link',
};
const fileModel = 'plugins::upload.file';
module.exports = {
async find(ctx) {
const {
state: { userAbility },
} = ctx;
const pm = strapi.admin.services.permission.createPermissionsManager(
userAbility,
ACTIONS.read,
fileModel
);
if (!pm.isAllowed) {
return ctx.forbidden();
}
const method = _.has(ctx.query, '_q') ? 'search' : 'fetchAll';
const query = pm.queryFrom(ctx.query);
const files = await strapi.plugins.upload.services.upload[method](query);
ctx.body = pm.sanitize(files, { withPrivate: false });
},
async findOne(ctx) {
const {
state: { userAbility },
params: { id },
} = ctx;
const { pm, file } = await findEntityAndCheckPermissions(
userAbility,
ACTIONS.read,
fileModel,
id
);
ctx.body = pm.sanitize(file, { withPrivate: false });
},
async count(ctx) {
const pm = strapi.admin.services.permission.createPermissionsManager(
ctx.state.userAbility,
ACTIONS.read,
fileModel
);
if (!pm.isAllowed) {
return ctx.forbidden();
}
const method = _.has(ctx.query, '_q') ? 'countSearch' : 'count';
const query = pm.queryFrom(ctx.query);
const count = await strapi.plugins.upload.services.upload[method](query);
ctx.body = { count };
},
async destroy(ctx) {
const {
state: { userAbility },
params: { id },
} = ctx;
const { pm, file } = await findEntityAndCheckPermissions(
userAbility,
ACTIONS.update,
fileModel,
id
);
await strapi.plugins['upload'].services.upload.remove(file);
ctx.body = pm.sanitize(file, { action: ACTIONS.read, withPrivate: false });
},
async updateSettings(ctx) {
const {
request: { body },
state: { userAbility },
} = ctx;
if (userAbility.cannot(ACTIONS.read, fileModel)) {
return ctx.forbidden();
}
const data = await validateSettings(body);
await strapi.plugins.upload.services.upload.setSettings(data);
ctx.body = { data };
},
async getSettings(ctx) {
const {
state: { userAbility },
} = ctx;
if (userAbility.cannot(ACTIONS.readSettings, fileModel)) {
return ctx.forbidden();
}
const data = await strapi.plugins.upload.services.upload.getSettings();
ctx.body = { data };
},
async updateFileInfo(ctx) {
const {
state: { userAbility, user },
query: { id },
request: { body },
} = ctx;
const uploadService = strapi.plugins.upload.services.upload;
const { pm } = await findEntityAndCheckPermissions(userAbility, ACTIONS.update, fileModel, id);
const data = await validateUploadBody(body);
const file = await uploadService.updateFileInfo(id, data.fileInfo);
await uploadService.setCreatorInfo(user.id, file, { edition: true });
ctx.body = pm.sanitize(file, { action: ACTIONS.read, withPrivate: false });
},
async replaceFile(ctx) {
const {
state: { userAbility, user },
query: { id },
request: { body, files: { files } = {} },
} = ctx;
const uploadService = strapi.plugins.upload.services.upload;
const { pm } = await findEntityAndCheckPermissions(userAbility, ACTIONS.update, fileModel, id);
if (Array.isArray(files)) {
throw strapi.errors.badRequest(null, {
errors: [
{ id: 'Upload.replace.single', message: 'Cannot replace a file with multiple ones' },
],
});
}
const data = await validateUploadBody(body);
const replacedFiles = await uploadService.replace(id, { data, file: files });
await uploadService.setCreatorInfo(user.id, replacedFiles, { edition: true });
ctx.body = pm.sanitize(replacedFiles, { action: ACTIONS.read, withPrivate: false });
},
async uploadFiles(ctx) {
const {
state: { userAbility, user },
request: { body, files: { files } = {} },
} = ctx;
const uploadService = strapi.plugins.upload.services.upload;
const pm = strapi.admin.services.permission.createPermissionsManager(
userAbility,
ACTIONS.create,
fileModel
);
if (!pm.isAllowed) {
throw strapi.errors.forbidden();
}
const data = await validateUploadBody(body);
const uploadedFiles = await uploadService.upload({ data, files });
await uploadService.setCreatorInfo(user.id, uploadedFiles);
ctx.body = pm.sanitize(uploadedFiles, { action: ACTIONS.read, withPrivate: false });
},
};
const findEntityAndCheckPermissions = async (ability, action, model, id) => {
const file = await strapi.plugins.upload.services.upload.fetch({ id });
if (_.isNil(file)) {
throw strapi.errors.notFound();
}
const pm = strapi.admin.services.permission.createPermissionsManager(ability, action, model);
const roles = _.has(file, 'created_by.id')
? await strapi.query('role', 'admin').find({ users: file.created_by.id }, [])
: [];
const fileWithRoles = _.set(_.cloneDeep(file), 'created_by.roles', roles);
if (pm.ability.cannot(pm.action, pm.toSubject(fileWithRoles))) {
throw strapi.errors.forbidden();
}
return { pm, file };
};
Reference in New Issue View Git Blame Copy Permalink