mirror of
https://github.com/strapi/strapi.git
synced 2025-07-24 01:18:17 +00:00
54 lines
1.2 KiB
JavaScript
54 lines
1.2 KiB
JavaScript
'use strict';
|
|
|
|
const _ = require('lodash');
|
|
const {
|
|
policy: { createPolicyFactory },
|
|
} = require('@strapi/utils');
|
|
const { validateHasPermissionsInput } = require('../validation/policies/hasPermissions');
|
|
|
|
const inputModifiers = [
|
|
{
|
|
check: _.isString,
|
|
transform: action => ({ action }),
|
|
},
|
|
{
|
|
check: _.isArray,
|
|
transform: arr => ({ action: arr[0], subject: arr[1] }),
|
|
},
|
|
{
|
|
// Has to be after the isArray check since _.isObject also matches arrays
|
|
check: _.isObject,
|
|
transform: perm => perm,
|
|
},
|
|
];
|
|
|
|
module.exports = createPolicyFactory(
|
|
options => {
|
|
const { actions } = options;
|
|
|
|
const permissions = actions.map(action =>
|
|
inputModifiers.find(modifier => modifier.check(action)).transform(action)
|
|
);
|
|
|
|
return ({ ctx, strapi }) => {
|
|
const { userAbility: ability, isAuthenticated } = ctx.state;
|
|
|
|
if (!isAuthenticated || !ability) {
|
|
return true;
|
|
}
|
|
|
|
const isAuthorized = permissions.every(({ action, subject }) => ability.can(action, subject));
|
|
|
|
if (!isAuthorized) {
|
|
throw strapi.errors.forbidden();
|
|
}
|
|
|
|
return true;
|
|
};
|
|
},
|
|
{
|
|
validator: validateHasPermissionsInput,
|
|
name: 'admin::hasPermissions',
|
|
}
|
|
);
|