npm - @strapi/admin - Versions diffs - 4.12.7 → 4.13.0-alpha.0 - Mend

@strapi/admin 4.12.7 → 4.13.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (178) hide show

package/ee/admin/pages/SettingsPage/pages/Users/ListPage/CreateAction/index.js CHANGED Viewed

@@ -6,7 +6,7 @@ import isNil from 'lodash/isNil';
 import PropTypes from 'prop-types';
 import { useIntl } from 'react-intl';
-import { useLicenseLimits } from '../../../../../../hooks';
+import { useLicenseLimits } from '../../../../../../hooks/useLicenseLimits';
 export const CreateActionEE = ({ onClick }) => {
   const { formatMessage } = useIntl();

package/ee/admin/pages/SettingsPage/pages/Users/ListPage/index.js CHANGED Viewed

@@ -2,7 +2,7 @@ import * as React from 'react';
 // eslint-disable-next-line import/no-cycle
 import { UserListPageCE } from '../../../../../../../admin/src/pages/SettingsPage/pages/Users/ListPage';
-import { useLicenseLimitNotification } from '../../../../../hooks';
+import { useLicenseLimitNotification } from '../../../../../hooks/useLicenseLimitNotification';
 function UserListPageEE() {
   useLicenseLimitNotification();

package/ee/server/constants/workflows.js CHANGED Viewed

@@ -6,6 +6,7 @@ module.exports = {
   STAGE_MODEL_UID: 'admin::workflow-stage',
   STAGE_DEFAULT_COLOR: '#4945FF',
   ENTITY_STAGE_ATTRIBUTE: 'strapi_stage',
+  ENTITY_ASSIGNEE_ATTRIBUTE: 'strapi_assignee',
   MAX_WORKFLOWS: 200,
   MAX_STAGES_PER_WORKFLOW: 200,
   ERRORS: {

package/ee/server/controllers/index.js CHANGED Viewed

@@ -8,4 +8,5 @@ module.exports = {
   admin: require('./admin'),
   workflows: require('./workflows'),
   stages: require('./workflows/stages'),
+  assignees: require('./workflows/assignees'),
 };

package/ee/server/controllers/workflows/assignees/index.js ADDED Viewed

@@ -0,0 +1,44 @@
+'use strict';
+const { getService } = require('../../../utils');
+const { validateUpdateAssigneeOnEntity } = require('../../../validation/review-workflows');
+module.exports = {
+  /**
+   * Updates an entity's assignee.
+   * @async
+   * @param {Object} ctx - The Koa context object.
+   * @param {Object} ctx.params - An object containing the parameters from the request URL.
+   * @param {string} ctx.params.model_uid - The model UID of the entity.
+   * @param {string} ctx.params.id - The ID of the entity to update.
+   * @param {Object} ctx.request.body.data - Optional data object containing the new assignee ID for the entity.
+   * @param {string} ctx.request.body.data.id - The ID of the new assignee for the entity.
+   * @throws {ApplicationError} If review workflows is not activated on the specified model UID.
+   * @throws {ValidationError} If the `data` object in the request body fails to pass validation.
+   * @returns {Promise<void>} A promise that resolves when the entity's assignee has been updated.
+   */
+  async updateEntity(ctx) {
+    const assigneeService = getService('assignees');
+    const workflowService = getService('workflows');
+    const { model_uid: model, id } = ctx.params;
+    const { sanitizeOutput } = strapi
+      .plugin('content-manager')
+      .service('permission-checker')
+      .create({ userAbility: ctx.state.userAbility, model });
+    // TODO: check if user has update permission on the entity
+    const { id: assigneeId } = await validateUpdateAssigneeOnEntity(
+      ctx.request?.body?.data,
+      'You should pass a valid id to the body of the put request.'
+    );
+    await workflowService.assertContentTypeBelongsToWorkflow(model);
+    const entity = await assigneeService.updateEntityAssignee(id, model, assigneeId);
+    ctx.body = { data: await sanitizeOutput(entity) };
+  },
+};

package/ee/server/routes/review-workflows.js CHANGED Viewed

@@ -142,5 +142,22 @@ module.exports = {
         ],
       },
     },
+    {
+      method: 'PUT',
+      path: '/content-manager/(collection|single)-types/:model_uid/:id/assignee',
+      handler: 'assignees.updateEntity',
+      config: {
+        middlewares: [enableFeatureMiddleware('review-workflows')],
+        policies: [
+          'admin::isAuthenticatedAdmin',
+          {
+            name: 'admin::hasPermissions',
+            config: {
+              actions: ['admin::users.read', 'admin::review-workflows.read'],
+            },
+          },
+        ],
+      },
+    },
   ],
 };

package/ee/server/services/index.js CHANGED Viewed

@@ -8,6 +8,7 @@ module.exports = {
   'seat-enforcement': require('./seat-enforcement'),
   workflows: require('./review-workflows/workflows'),
   stages: require('./review-workflows/stages'),
+  assignees: require('./review-workflows/assignees'),
   'review-workflows': require('./review-workflows/review-workflows'),
   'review-workflows-validation': require('./review-workflows/validation'),
   'review-workflows-decorator': require('./review-workflows/entity-service-decorator'),

package/ee/server/services/review-workflows/assignees.js ADDED Viewed

@@ -0,0 +1,54 @@
+'use strict';
+const { ApplicationError } = require('@strapi/utils').errors;
+const { isNil } = require('lodash/fp');
+const { ENTITY_ASSIGNEE_ATTRIBUTE } = require('../../constants/workflows');
+const { getService } = require('../../utils');
+module.exports = ({ strapi }) => {
+  const metrics = getService('review-workflows-metrics', { strapi });
+  return {
+    async findEntityAssigneeId(id, model) {
+      const entity = await strapi.entityService.findOne(model, id, {
+        populate: [ENTITY_ASSIGNEE_ATTRIBUTE],
+        fields: [],
+      });
+      return entity?.[ENTITY_ASSIGNEE_ATTRIBUTE]?.id ?? null;
+    },
+    /**
+     * Update the assignee of an entity
+     */
+    async updateEntityAssignee(id, model, assigneeId) {
+      if (isNil(assigneeId)) {
+        return this.deleteEntityAssignee(id, model);
+      }
+      const userExists = await getService('user', { strapi }).exists({ id: assigneeId });
+      if (!userExists) {
+        throw new ApplicationError(`Selected user does not exist`);
+      }
+      metrics.sendDidEditAssignee(await this.findEntityAssigneeId(id, model), assigneeId);
+      return strapi.entityService.update(model, id, {
+        data: { [ENTITY_ASSIGNEE_ATTRIBUTE]: assigneeId },
+        populate: [ENTITY_ASSIGNEE_ATTRIBUTE],
+        fields: [],
+      });
+    },
+    async deleteEntityAssignee(id, model) {
+      metrics.sendDidEditAssignee(await this.findEntityAssigneeId(id, model), null);
+      return strapi.entityService.update(model, id, {
+        data: { [ENTITY_ASSIGNEE_ATTRIBUTE]: null },
+        populate: [ENTITY_ASSIGNEE_ATTRIBUTE],
+        fields: [],
+      });
+    },
+  };
+};

package/ee/server/services/review-workflows/metrics/index.js CHANGED Viewed

@@ -24,6 +24,10 @@ const sendDidEditWorkflow = async () => {
   strapi.telemetry.send('didEditWorkflow', {});
 };
+const sendDidEditAssignee = async (fromId, toId) => {
+  strapi.telemetry.send('didEditAssignee', { from: fromId, to: toId });
+};
 const sendDidSendReviewWorkflowPropertiesOnceAWeek = async (
   numberOfActiveWorkflows,
   avgStagesCount,
@@ -48,4 +52,5 @@ module.exports = {
   sendDidCreateWorkflow,
   sendDidEditWorkflow,
   sendDidSendReviewWorkflowPropertiesOnceAWeek,
+  sendDidEditAssignee,
 };

package/ee/server/services/review-workflows/review-workflows.js CHANGED Viewed

@@ -8,6 +8,8 @@ const defaultStages = require('../../constants/default-stages.json');
 const defaultWorkflow = require('../../constants/default-workflow.json');
 const {
   ENTITY_STAGE_ATTRIBUTE,
+  ENTITY_ASSIGNEE_ATTRIBUTE,
+  STAGE_MODEL_UID,
   MAX_WORKFLOWS,
   MAX_STAGES_PER_WORKFLOW,
 } = require('../../constants/workflows');
@@ -52,19 +54,26 @@ function extendReviewWorkflowContentTypes({ strapi }) {
       );
       return contentType;
     };
-    const setStageAttribute = set(`attributes.${ENTITY_STAGE_ATTRIBUTE}`, {
-      writable: true,
-      private: false,
-      configurable: false,
-      visible: false,
-      useJoinTable: true, // We want a join table to persist data when downgrading to CE
-      type: 'relation',
-      relation: 'oneToOne',
-      target: 'admin::workflow-stage',
-    });
+    const setRelation = (path, target) =>
+      set(path, {
+        writable: true,
+        private: false,
+        configurable: false,
+        visible: false,
+        useJoinTable: true, // We want a join table to persist data when downgrading to CE
+        type: 'relation',
+        relation: 'oneToOne',
+        target,
+      });
+    const setReviewWorkflowAttributes = pipe([
+      setRelation(`attributes.${ENTITY_STAGE_ATTRIBUTE}`, STAGE_MODEL_UID),
+      setRelation(`attributes.${ENTITY_ASSIGNEE_ATTRIBUTE}`, 'admin::user'),
+    ]);
     const extendContentTypeIfCompatible = cond([
-      [assertContentTypeCompatibility, setStageAttribute],
+      [assertContentTypeCompatibility, setReviewWorkflowAttributes],
       [stubTrue, incompatibleContentTypeAlert],
     ]);
     strapi.container.get('content-types').extend(contentTypeUID, extendContentTypeIfCompatible);

package/ee/server/validation/review-workflows.js CHANGED Viewed

@@ -66,8 +66,16 @@ const validateWorkflowUpdateSchema = yup.object().shape({
   contentTypes: validateContentTypes,
 });
+const validateUpdateAssigneeOnEntity = yup
+  .object()
+  .shape({
+    id: yup.number().integer().min(1).nullable(),
+  })
+  .required();
 module.exports = {
   validateWorkflowCreate: validateYupSchema(validateWorkflowCreateSchema),
   validateUpdateStageOnEntity: validateYupSchema(validateUpdateStageOnEntity),
+  validateUpdateAssigneeOnEntity: validateYupSchema(validateUpdateAssigneeOnEntity),
   validateWorkflowUpdate: validateYupSchema(validateWorkflowUpdateSchema),
 };

package/index.js CHANGED Viewed

@@ -30,7 +30,6 @@ async function build({ appDir, buildDestDir, env, forceBuild, optimize, options,
   const entry = path.resolve(cacheDir, 'admin', 'src');
   const dest = path.resolve(buildDestDir, 'build');
-  const pluginsPath = Object.keys(plugins).map((pluginName) => plugins[pluginName].pathToPlugin);
   const enforceSourceMaps = process.env.STRAPI_ENFORCE_SOURCEMAPS === 'true' ?? false;
   // Either use the tsconfig file from the generated app or the one inside the .cache folder
@@ -41,14 +40,13 @@ async function build({ appDir, buildDestDir, env, forceBuild, optimize, options,
   const config = getCustomWebpackConfig(appDir, {
     appDir,
-    cacheDir,
     dest,
     enforceSourceMaps,
     entry,
     env,
     optimize,
     options,
-    pluginsPath,
+    plugins,
     tsConfigFilePath,
   });
@@ -100,8 +98,6 @@ async function watchAdmin({ appDir, browser, buildDestDir, host, options, plugin
   const dest = path.join(buildDestDir, 'build');
   const env = 'development';
-  const pluginsPath = Object.keys(plugins).map((pluginName) => plugins[pluginName].pathToPlugin);
   // Either use the tsconfig file from the generated app or the one inside the .cache folder
   // so we can develop plugins in TS while being in a JS app
   const tsConfigFilePath = useTypeScript
@@ -115,7 +111,7 @@ async function watchAdmin({ appDir, browser, buildDestDir, host, options, plugin
     entry,
     env,
     options,
-    pluginsPath,
+    plugins,
     devServer: {
       port,
       client: {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/admin",
-  "version": "4.12.7",
+  "version": "4.13.0-alpha.0",
   "description": "Strapi Admin",
   "repository": {
     "type": "git",
@@ -42,15 +42,15 @@
   "dependencies": {
     "@casl/ability": "^5.4.3",
     "@pmmmwh/react-refresh-webpack-plugin": "0.5.10",
-    "@strapi/data-transfer": "4.12.7",
+    "@strapi/data-transfer": "4.13.0-alpha.0",
     "@strapi/design-system": "1.9.0",
-    "@strapi/helper-plugin": "4.12.7",
+    "@strapi/helper-plugin": "4.13.0-alpha.0",
     "@strapi/icons": "1.9.0",
-    "@strapi/permissions": "4.12.7",
-    "@strapi/provider-audit-logs-local": "4.12.7",
-    "@strapi/typescript-utils": "4.12.7",
-    "@strapi/utils": "4.12.7",
-    "axios": "1.4.0",
+    "@strapi/permissions": "4.13.0-alpha.0",
+    "@strapi/provider-audit-logs-local": "4.13.0-alpha.0",
+    "@strapi/typescript-utils": "4.13.0-alpha.0",
+    "@strapi/utils": "4.13.0-alpha.0",
+    "axios": "1.5.0",
     "bcryptjs": "2.4.3",
     "browserslist": "^4.17.3",
     "browserslist-to-esbuild": "1.2.0",
@@ -154,5 +154,5 @@
       }
     }
   },
-  "gitHead": "fefc4a24acc60a59c00049e67a99ec1069be2add"
+  "gitHead": "41844c2867621a1f47dd6ae6ac83283aa54b22f8"
 }

package/scripts/build.js CHANGED Viewed

@@ -7,14 +7,8 @@ const { isObject } = require('lodash');
 const SpeedMeasurePlugin = require('speed-measure-webpack-plugin');
 const webpackConfig = require('../webpack.config');
-const getPluginsPath = require('../utils/get-plugins-path');
-const {
-  getCorePluginsPath,
-  getPluginToInstallPath,
-  createPluginsFile,
-} = require('./create-plugins-file');
-const PLUGINS_TO_INSTALL = ['i18n', 'users-permissions'];
+const { getPlugins } = require('../utils/get-plugins');
+const { createPluginsJs } = require('../utils/create-cache-dir');
 // Wrapper that outputs the webpack speed
 const smp = new SpeedMeasurePlugin();
@@ -24,18 +18,24 @@ const buildAdmin = async () => {
   const dest = path.join(__dirname, '..', 'build');
   const tsConfigFilePath = path.join(__dirname, '..', 'admin', 'src', 'tsconfig.json');
-  const corePlugins = getCorePluginsPath();
-  const plugins = getPluginToInstallPath(PLUGINS_TO_INSTALL);
-  const allPlugins = { ...corePlugins, ...plugins };
-  const pluginsPath = getPluginsPath();
+  /**
+   * We _always_ install these FE plugins, they're considered "core"
+   * and are typically marked as `required` in their package.json
+   */
+  const plugins = getPlugins([
+    '@strapi/plugin-content-type-builder',
+    '@strapi/plugin-email',
+    '@strapi/plugin-upload',
+    '@strapi/plugin-i18n',
+    '@strapi/plugin-users-permissions',
+  ]);
-  await createPluginsFile(allPlugins);
+  await createPluginsJs(plugins, path.join(__dirname, '..'));
   const args = {
     entry,
     dest,
-    cacheDir: path.join(__dirname, '..'),
-    pluginsPath,
+    plugins,
     env: 'production',
     optimize: true,
     options: {

package/scripts/create-dev-plugins-file.js CHANGED Viewed

@@ -1,40 +1,9 @@
 'use strict';
-const { join, resolve, relative } = require('path');
-const { promisify } = require('util');
-// eslint-disable-next-line import/no-extraneous-dependencies
-const glob = promisify(require('glob').glob);
+const { join } = require('path');
 const fs = require('fs-extra');
-const { getCorePluginsPath, createPluginsFile } = require('./create-plugins-file');
-/**
- * Retrieve all plugins that are inside the plugins folder
- * @returns Object the plugins
- */
-const getPluginsPackages = async () => {
-  const pathToPackages = resolve(__dirname, '..', '..', '..', 'plugins', '*');
-  const pluginsPackageDirs = await glob(pathToPackages);
-  return pluginsPackageDirs
-    .filter((pluginDir) => {
-      return fs.existsSync(join(pluginDir, 'admin', 'src', 'index.js'));
-    })
-    .reduce((acc, current) => {
-      const depName = current.replace(/\\/g, '/').split('/').slice(-1)[0];
-      const adminEntryPoint = join(__dirname, '..', 'admin', 'src');
-      const pathToPlugin = join(relative(adminEntryPoint, current), 'admin', 'src').replace(
-        /\\/g,
-        '/'
-      );
-      acc[depName] = pathToPlugin;
-      return acc;
-    }, {});
-};
+const { getPlugins } = require('../utils/get-plugins');
+const { createPluginsJs } = require('../utils/create-cache-dir');
 /**
  * Write the plugins.js file or copy the plugins-dev.js file if it exists
@@ -49,11 +18,9 @@ const createFile = async () => {
     return;
   }
-  const corePlugins = getCorePluginsPath();
-  const plugins = await getPluginsPackages();
-  const allPlugins = { ...corePlugins, ...plugins };
+  const plugins = getPlugins();
-  return createPluginsFile(allPlugins);
+  return createPluginsJs(plugins, join(__dirname, '..'));
 };
 createFile()

package/server/controllers/role.js CHANGED Viewed

@@ -55,6 +55,8 @@ module.exports = {
       ability: ctx.state.userAbility,
       model: 'admin::role',
     });
+    await permissionsManager.validateQuery(query);
     const sanitizedQuery = await permissionsManager.sanitizeQuery(query);
     const roles = await getService('role').findAllWithUsersCount(sanitizedQuery);

package/server/controllers/user.js CHANGED Viewed

@@ -52,6 +52,8 @@ module.exports = {
       ability: ctx.state.userAbility,
       model: 'admin::user',
     });
+    await permissionsManager.validateQuery(ctx.query);
     const sanitizedQuery = await permissionsManager.sanitizeQuery(ctx.query);
     const { results, pagination } = await userService.findPage(sanitizedQuery);

package/server/services/permission/permissions-manager/index.js CHANGED Viewed

@@ -4,8 +4,9 @@ const _ = require('lodash');
 const { cloneDeep, isPlainObject } = require('lodash/fp');
 const { subject: asSubject } = require('@casl/ability');
 const createSanitizeHelpers = require('./sanitize');
+const createValidateHelpers = require('./validate');
-const { buildStrapiQuery, buildCaslQuery } = require('./query-builers');
+const { buildStrapiQuery, buildCaslQuery } = require('./query-builders');
 module.exports = ({ ability, action, model }) => ({
   ability,
@@ -48,4 +49,5 @@ module.exports = ({ ability, action, model }) => ({
   },
   ...createSanitizeHelpers({ action, ability, model }),
+  ...createValidateHelpers({ action, ability, model }),
 });

package/server/services/permission/permissions-manager/sanitize.js CHANGED Viewed

@@ -45,7 +45,7 @@ const STATIC_FIELDS = [ID_ATTRIBUTE];
 module.exports = ({ action, ability, model }) => {
   const schema = strapi.getModel(model);
-  const { allowedFields } = sanitize.visitors;
+  const { removeDisallowedFields } = sanitize.visitors;
   const createSanitizeQuery = (options = {}) => {
     const { fields } = options;
@@ -54,8 +54,9 @@ module.exports = ({ action, ability, model }) => {
     const permittedFields = fields.shouldIncludeAll ? null : getQueryFields(fields.permitted);
     const sanitizeFilters = pipeAsync(
-      traverse.traverseQueryFilters(allowedFields(permittedFields), { schema }),
+      traverse.traverseQueryFilters(removeDisallowedFields(permittedFields), { schema }),
       traverse.traverseQueryFilters(omitDisallowedAdminUserFields, { schema }),
+      traverse.traverseQueryFilters(omitHiddenFields, { schema }),
       traverse.traverseQueryFilters(removePassword, { schema }),
       traverse.traverseQueryFilters(
         ({ key, value }, { remove }) => {
@@ -68,8 +69,9 @@ module.exports = ({ action, ability, model }) => {
     );
     const sanitizeSort = pipeAsync(
-      traverse.traverseQuerySort(allowedFields(permittedFields), { schema }),
+      traverse.traverseQuerySort(removeDisallowedFields(permittedFields), { schema }),
       traverse.traverseQuerySort(omitDisallowedAdminUserFields, { schema }),
+      traverse.traverseQuerySort(omitHiddenFields, { schema }),
       traverse.traverseQuerySort(removePassword, { schema }),
       traverse.traverseQuerySort(
         ({ key, attribute, value }, { remove }) => {
@@ -82,13 +84,15 @@ module.exports = ({ action, ability, model }) => {
     );
     const sanitizePopulate = pipeAsync(
-      traverse.traverseQueryPopulate(allowedFields(permittedFields), { schema }),
+      traverse.traverseQueryPopulate(removeDisallowedFields(permittedFields), { schema }),
       traverse.traverseQueryPopulate(omitDisallowedAdminUserFields, { schema }),
+      traverse.traverseQueryPopulate(omitHiddenFields, { schema }),
       traverse.traverseQueryPopulate(removePassword, { schema })
     );
     const sanitizeFields = pipeAsync(
-      traverse.traverseQueryFields(allowedFields(permittedFields), { schema }),
+      traverse.traverseQueryFields(removeDisallowedFields(permittedFields), { schema }),
+      traverse.traverseQueryFields(omitHiddenFields, { schema }),
       traverse.traverseQueryFields(removePassword, { schema })
     );
@@ -126,7 +130,7 @@ module.exports = ({ action, ability, model }) => {
       // Remove unallowed fields from admin::user relations
       traverseEntity(pickAllowedAdminUserFields, { schema }),
       // Remove not allowed fields (RBAC)
-      traverseEntity(allowedFields(permittedFields), { schema }),
+      traverseEntity(removeDisallowedFields(permittedFields), { schema }),
       // Remove all fields of type 'password'
       sanitize.sanitizers.sanitizePasswords(schema)
     );
@@ -141,7 +145,7 @@ module.exports = ({ action, ability, model }) => {
       // Remove fields hidden from the admin
       traverseEntity(omitHiddenFields, { schema }),
       // Remove not allowed fields (RBAC)
-      traverseEntity(allowedFields(permittedFields), { schema }),
+      traverseEntity(removeDisallowedFields(permittedFields), { schema }),
       // Remove roles from createdBy & updateBy fields
       omitCreatorRoles
     );
@@ -256,13 +260,21 @@ module.exports = ({ action, ability, model }) => {
   };
   const getQueryFields = (fields = []) => {
+    const nonVisibleAttributes = getNonVisibleAttributes(schema);
+    const writableAttributes = getWritableAttributes(schema);
+    const nonVisibleWritableAttributes = intersection(nonVisibleAttributes, writableAttributes);
     return uniq([
       ...fields,
       ...STATIC_FIELDS,
       ...COMPONENT_FIELDS,
+      ...nonVisibleWritableAttributes,
       CREATED_AT_ATTRIBUTE,
       UPDATED_AT_ATTRIBUTE,
       PUBLISHED_AT_ATTRIBUTE,
+      CREATED_BY_ATTRIBUTE,
+      UPDATED_BY_ATTRIBUTE,
     ]);
   };