yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-10-31 01:47:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
strapi/packages/strapi-plugin-users-permissions/controllers/User.js
Pierre Noël b5ec9cb1c8 handle unexpected params from koa-router 
Signed-off-by: Pierre Noël <pierre.noel@strapi.io>

Signed-off-by: Pierre Noël <pierre.noel@strapi.io>
2020-03-06 19:16:51 +01:00

243 lines
5.7 KiB
JavaScript
Raw Blame History

'use strict';
/**
* User.js controller
*
* @description: A set of functions called "actions" for managing `User`.
*/
const _ = require('lodash');
const { sanitizeEntity } = require('strapi-utils');
const sanitizeUser = user =>
sanitizeEntity(user, {
model: strapi.query('user', 'users-permissions').model,
});
const formatError = error => [
{ messages: [{ id: error.id, message: error.message, field: error.field }] },
];
module.exports = {
/**
* Retrieve user records.
* @return {Object|Array}
*/
async find(ctx, next, { populate } = {}) {
let users;
if (_.has(ctx.query, '_q')) {
// use core strapi query to search for users
users = await strapi.query('user', 'users-permissions').search(ctx.query, populate);
} else {
users = await strapi.plugins['users-permissions'].services.user.fetchAll(ctx.query, populate);
}
const data = users.map(sanitizeUser);
ctx.send(data);
},
/**
* Retrieve authenticated user.
* @return {Object|Array}
*/
async me(ctx) {
const user = ctx.state.user;
if (!user) {
return ctx.badRequest(null, [{ messages: [{ id: 'No authorization header was found' }] }]);
}
const data = sanitizeUser(user);
ctx.send(data);
},
/**
* Retrieve a user record.
* @return {Object}
*/
async findOne(ctx) {
const { id } = ctx.params;
let data = await strapi.plugins['users-permissions'].services.user.fetch({
id,
});
if (data) {
data = sanitizeUser(data);
}
// Send 200 `ok`
ctx.send(data);
},
/**
* Create a/an user record.
* @return {Object}
*/
async create(ctx) {
const advanced = await strapi
.store({
environment: '',
type: 'plugin',
name: 'users-permissions',
key: 'advanced',
})
.get();
const { email, username, password, role } = ctx.request.body;
if (!email) return ctx.badRequest('missing.email');
if (!username) return ctx.badRequest('missing.username');
if (!password) return ctx.badRequest('missing.password');
const userWithSameUsername = await strapi
.query('user', 'users-permissions')
.findOne({ username });
if (userWithSameUsername) {
return ctx.badRequest(
null,
formatError({
id: 'Auth.form.error.username.taken',
message: 'Username already taken.',
field: ['username'],
})
);
}
if (advanced.unique_email) {
const userWithSameEmail = await strapi.query('user', 'users-permissions').findOne({ email });
if (userWithSameEmail) {
return ctx.badRequest(
null,
formatError({
id: 'Auth.form.error.email.taken',
message: 'Email already taken.',
field: ['email'],
})
);
}
}
const user = {
...ctx.request.body,
provider: 'local',
};
if (!role) {
const defaultRole = await strapi
.query('role', 'users-permissions')
.findOne({ type: advanced.default_role }, []);
user.role = defaultRole.id;
}
try {
const data = await strapi.plugins['users-permissions'].services.user.add(user);
ctx.created(data);
} catch (error) {
ctx.badRequest(null, formatError(error));
}
},
/**
* Update a/an user record.
* @return {Object}
*/
async update(ctx) {
const advancedConfigs = await strapi
.store({
environment: '',
type: 'plugin',
name: 'users-permissions',
key: 'advanced',
})
.get();
const { id } = ctx.params;
const { email, username, password } = ctx.request.body;
const user = await strapi.plugins['users-permissions'].services.user.fetch({
id,
});
if (_.has(ctx.request.body, 'email') && !email) {
return ctx.badRequest('email.notNull');
}
if (_.has(ctx.request.body, 'username') && !username) {
return ctx.badRequest('username.notNull');
}
if (_.has(ctx.request.body, 'password') && !password && user.provider === 'local') {
return ctx.badRequest('password.notNull');
}
if (_.has(ctx.request.body, 'username')) {
const userWithSameUsername = await strapi
.query('user', 'users-permissions')
.findOne({ username });
if (userWithSameUsername && userWithSameUsername.id != id) {
return ctx.badRequest(
null,
formatError({
id: 'Auth.form.error.username.taken',
message: 'username.alreadyTaken.',
field: ['username'],
})
);
}
}
if (_.has(ctx.request.body, 'email') && advancedConfigs.unique_email) {
const userWithSameEmail = await strapi.query('user', 'users-permissions').findOne({ email });
if (userWithSameEmail && userWithSameEmail.id != id) {
return ctx.badRequest(
null,
formatError({
id: 'Auth.form.error.email.taken',
message: 'Email already taken',
field: ['email'],
})
);
}
}
let updateData = {
...ctx.request.body,
};
if (_.has(ctx.request.body, 'password') && password === user.password) {
delete updateData.password;
}
const data = await strapi.plugins['users-permissions'].services.user.edit({ id }, updateData);
ctx.send(data);
},
/**
* Destroy a/an user record.
* @return {Object}
*/
async destroy(ctx) {
const { id } = ctx.params;
const data = await strapi.plugins['users-permissions'].services.user.remove({ id });
ctx.send(data);
},
async destroyAll(ctx) {
const data = await strapi.plugins['users-permissions'].services.user.removeAll(
{},
ctx.request.query
);
ctx.send(data);
},
};
Reference in New Issue View Git Blame Copy Permalink