@strapi/admin 4.16.2 → 4.18.0

package/ee/server/controllers/authentication.js

@@ -1,64 +0,0 @@
-'use strict';
-
-const { pick } = require('lodash/fp');
-const compose = require('koa-compose');
-const { ValidationError } = require('@strapi/utils').errors;
-
-const { validateProviderOptionsUpdate } = require('../validation/authentication');
-const { middlewares, utils } = require('./authentication/index');
-
-const toProviderDTO = pick(['uid', 'displayName', 'icon']);
-const toProviderLoginOptionsDTO = pick(['autoRegister', 'defaultRole', 'ssoLockedRoles']);
-
-const providerAuthenticationFlow = compose([
-  middlewares.authenticate,
-  middlewares.redirectWithAuth,
-]);
-
-module.exports = {
-  async getProviders(ctx) {
-    const { providerRegistry } = strapi.admin.services.passport;
-
-    ctx.body = providerRegistry.getAll().map(toProviderDTO);
-  },
-
-  async getProviderLoginOptions(ctx) {
-    const adminStore = await utils.getAdminStore();
-    const { providers: providersOptions } = await adminStore.get({ key: 'auth' });
-
-    ctx.body = {
-      data: toProviderLoginOptionsDTO(providersOptions),
-    };
-  },
-
-  async updateProviderLoginOptions(ctx) {
-    const {
-      request: { body },
-    } = ctx;
-
-    await validateProviderOptionsUpdate(body);
-
-    const adminStore = await utils.getAdminStore();
-    const currentAuthOptions = await adminStore.get({ key: 'auth' });
-    const newAuthOptions = { ...currentAuthOptions, providers: body };
-    await adminStore.set({ key: 'auth', value: newAuthOptions });
-
-    ctx.body = {
-      data: toProviderLoginOptionsDTO(newAuthOptions.providers),
-    };
-  },
-
-  providerLogin(ctx, next) {
-    const {
-      params: { provider: providerName },
-    } = ctx;
-
-    const { providerRegistry } = strapi.admin.services.passport;
-
-    if (!providerRegistry.has(providerName)) {
-      throw new ValidationError(`Invalid provider supplied: ${providerName}`);
-    }
-
-    return providerAuthenticationFlow(ctx, next);
-  },
-};

package/ee/server/controllers/index.js

@@ -1,12 +0,0 @@
-'use strict';
-
-module.exports = {
-  authentication: require('./authentication'),
-  role: require('./role'),
-  user: require('./user'),
-  auditLogs: require('./audit-logs'),
-  admin: require('./admin'),
-  workflows: require('./workflows'),
-  stages: require('./workflows/stages'),
-  assignees: require('./workflows/assignees'),
-};

package/ee/server/controllers/role.js

@@ -1,64 +0,0 @@
-'use strict';
-
-const {
-  validateRoleCreateInput,
-  validateRoleDeleteInput,
-  validateRolesDeleteInput,
-} = require('../validation/role');
-const { getService } = require('../../../server/utils');
-
-module.exports = {
-  /**
-   * Create a new role
-   * @param {KoaContext} ctx - koa context
-   */
-  async create(ctx) {
-    await validateRoleCreateInput(ctx.request.body);
-
-    const roleService = getService('role');
-
-    const role = await roleService.create(ctx.request.body);
-    const sanitizedRole = roleService.sanitizeRole(role);
-
-    ctx.created({ data: sanitizedRole });
-  },
-
-  /**
-   * Delete a role
-   * @param {KoaContext} ctx - koa context
-   */
-  async deleteOne(ctx) {
-    const { id } = ctx.params;
-
-    await validateRoleDeleteInput(id);
-
-    const roleService = getService('role');
-
-    const roles = await roleService.deleteByIds([id]);
-
-    const sanitizedRole = roles.map((role) => roleService.sanitizeRole(role))[0] || null;
-
-    return ctx.deleted({
-      data: sanitizedRole,
-    });
-  },
-
-  /**
-   * delete several roles
-   * @param {KoaContext} ctx - koa context
-   */
-  async deleteMany(ctx) {
-    const { body } = ctx.request;
-
-    await validateRolesDeleteInput(body);
-
-    const roleService = getService('role');
-
-    const roles = await roleService.deleteByIds(body.ids);
-    const sanitizedRoles = roles.map(roleService.sanitizeRole);
-
-    return ctx.deleted({
-      data: sanitizedRoles,
-    });
-  },
-};

package/ee/server/controllers/user.js

@@ -1,110 +0,0 @@
-'use strict';
-
-// eslint-disable-next-line node/no-extraneous-require
-const ee = require('@strapi/strapi/dist/utils/ee');
-const _ = require('lodash');
-const { pick, isNil } = require('lodash/fp');
-const { ApplicationError, ForbiddenError } = require('@strapi/utils').errors;
-const { validateUserCreationInput } = require('../validation/user');
-const { validateUserUpdateInput } = require('../../../server/validation/user');
-const { getService } = require('../../../server/utils');
-const { isSsoLocked } = require('../utils/sso-lock');
-
-const pickUserCreationAttributes = pick(['firstname', 'lastname', 'email', 'roles']);
-
-const hasAdminSeatsAvaialble = async () => {
-  if (!strapi.EE) {
-    return true;
-  }
-
-  const permittedSeats = ee.seats;
-  if (isNil(permittedSeats)) {
-    return true;
-  }
-
-  const userCount = await strapi.service('admin::user').getCurrentActiveUserCount();
-
-  if (userCount < permittedSeats) {
-    return true;
-  }
-};
-
-module.exports = {
-  async create(ctx) {
-    if (!(await hasAdminSeatsAvaialble())) {
-      throw new ForbiddenError('License seat limit reached. You cannot create a new user');
-    }
-
-    const { body } = ctx.request;
-    const cleanData = { ...body, email: _.get(body, `email`, ``).toLowerCase() };
-
-    await validateUserCreationInput(cleanData);
-
-    const attributes = pickUserCreationAttributes(cleanData);
-    const { useSSORegistration } = cleanData;
-
-    const userAlreadyExists = await getService('user').exists({ email: attributes.email });
-
-    if (userAlreadyExists) {
-      throw new ApplicationError('Email already taken');
-    }
-
-    if (useSSORegistration) {
-      Object.assign(attributes, { registrationToken: null, isActive: true });
-    }
-
-    const createdUser = await getService('user').create(attributes);
-    const userInfo = getService('user').sanitizeUser(createdUser);
-
-    // Note: We need to assign manually the registrationToken to the
-    // final user payload so that it's not removed in the sanitation process.
-    Object.assign(userInfo, { registrationToken: createdUser.registrationToken });
-
-    ctx.created({ data: userInfo });
-  },
-
-  async update(ctx) {
-    const { id } = ctx.params;
-    const { body: input } = ctx.request;
-
-    await validateUserUpdateInput(input);
-
-    if (_.has(input, 'email')) {
-      const uniqueEmailCheck = await getService('user').exists({
-        id: { $ne: id },
-        email: input.email,
-      });
-
-      if (uniqueEmailCheck) {
-        throw new ApplicationError('A user with this email address already exists');
-      }
-    }
-
-    const user = await getService('user').findOne(id, null);
-
-    if (!(await hasAdminSeatsAvaialble()) && !user.isActive && input.isActive) {
-      throw new ForbiddenError('License seat limit reached. You cannot active this user');
-    }
-
-    const updatedUser = await getService('user').updateById(id, input);
-
-    if (!updatedUser) {
-      return ctx.notFound('User does not exist');
-    }
-
-    ctx.body = {
-      data: getService('user').sanitizeUser(updatedUser),
-    };
-  },
-
-  async isSSOLocked(ctx) {
-    const { user } = ctx.state;
-    const isSSOLocked = await isSsoLocked(user);
-
-    ctx.body = {
-      data: {
-        isSSOLocked,
-      },
-    };
-  },
-};

package/ee/server/controllers/workflows/assignees/index.js

@@ -1,44 +0,0 @@
-'use strict';
-
-const { getService } = require('../../../utils');
-const { validateUpdateAssigneeOnEntity } = require('../../../validation/review-workflows');
-
-module.exports = {
-  /**
-   * Updates an entity's assignee.
-   * @async
-   * @param {Object} ctx - The Koa context object.
-   * @param {Object} ctx.params - An object containing the parameters from the request URL.
-   * @param {string} ctx.params.model_uid - The model UID of the entity.
-   * @param {string} ctx.params.id - The ID of the entity to update.
-   * @param {Object} ctx.request.body.data - Optional data object containing the new assignee ID for the entity.
-   * @param {string} ctx.request.body.data.id - The ID of the new assignee for the entity.
-   * @throws {ApplicationError} If review workflows is not activated on the specified model UID.
-   * @throws {ValidationError} If the `data` object in the request body fails to pass validation.
-   * @returns {Promise<void>} A promise that resolves when the entity's assignee has been updated.
-   */
-  async updateEntity(ctx) {
-    const assigneeService = getService('assignees');
-    const workflowService = getService('workflows');
-
-    const { model_uid: model, id } = ctx.params;
-
-    const { sanitizeOutput } = strapi
-      .plugin('content-manager')
-      .service('permission-checker')
-      .create({ userAbility: ctx.state.userAbility, model });
-
-    // TODO: check if user has update permission on the entity
-
-    const { id: assigneeId } = await validateUpdateAssigneeOnEntity(
-      ctx.request?.body?.data,
-      'You should pass a valid id to the body of the put request.'
-    );
-
-    await workflowService.assertContentTypeBelongsToWorkflow(model);
-
-    const entity = await assigneeService.updateEntityAssignee(id, model, assigneeId);
-
-    ctx.body = { data: await sanitizeOutput(entity) };
-  },
-};

package/ee/server/controllers/workflows/index.js

@@ -1,188 +0,0 @@
-'use strict';
-
-const { update, map, property } = require('lodash/fp');
-const { mapAsync } = require('@strapi/utils');
-const { getService } = require('../../utils');
-
-const {
-  validateWorkflowCreate,
-  validateWorkflowUpdate,
-} = require('../../validation/review-workflows');
-const { WORKFLOW_MODEL_UID, WORKFLOW_POPULATE } = require('../../constants/workflows');
-
-/**
- *
- * @param { Strapi } strapi - Strapi instance
- * @param userAbility
- * @return { PermissionChecker }
- */
-function getWorkflowsPermissionChecker({ strapi }, userAbility) {
-  return strapi
-    .plugin('content-manager')
-    .service('permission-checker')
-    .create({ userAbility, model: WORKFLOW_MODEL_UID });
-}
-
-/**
- * Transforms workflow to an admin UI format.
- * Some attributes (like permissions) are presented in a different format in the admin UI.
- * @param {Workflow} workflow
- */
-function formatWorkflowToAdmin(workflow) {
-  if (!workflow) return;
-  if (!workflow.stages) return workflow;
-
-  // Transform permissions roles to be the id string instead of an object
-  const transformPermissions = map(update('role', property('id')));
-  const transformStages = map(update('permissions', transformPermissions));
-  return update('stages', transformStages, workflow);
-}
-
-module.exports = {
-  /**
-   * Create a new workflow
-   * @param {import('koa').BaseContext} ctx - koa context
-   */
-  async create(ctx) {
-    const { body, query } = ctx.request;
-    const { sanitizeCreateInput, sanitizeOutput, sanitizedQuery } = getWorkflowsPermissionChecker(
-      { strapi },
-      ctx.state.userAbility
-    );
-    const { populate } = await sanitizedQuery.create(query);
-
-    const workflowBody = await validateWorkflowCreate(body.data);
-
-    const workflowService = getService('workflows');
-    const createdWorkflow = await workflowService
-      .create({
-        data: await sanitizeCreateInput(workflowBody),
-        populate,
-      })
-      .then(formatWorkflowToAdmin);
-
-    ctx.body = {
-      data: await sanitizeOutput(createdWorkflow),
-    };
-  },
-
-  /**
-   * Update a workflow
-   * @param {import('koa').BaseContext} ctx - koa context
-   */
-  async update(ctx) {
-    const { id } = ctx.params;
-    const { body, query } = ctx.request;
-    const workflowService = getService('workflows');
-    const { sanitizeUpdateInput, sanitizeOutput, sanitizedQuery } = getWorkflowsPermissionChecker(
-      { strapi },
-      ctx.state.userAbility
-    );
-    const { populate } = await sanitizedQuery.update(query);
-    const workflowBody = await validateWorkflowUpdate(body.data);
-
-    // Find if workflow exists
-    const workflow = await workflowService.findById(id, { populate: WORKFLOW_POPULATE });
-    if (!workflow) {
-      return ctx.notFound();
-    }
-
-    // Sanitize input data
-    const getPermittedFieldToUpdate = sanitizeUpdateInput(workflow);
-    const dataToUpdate = await getPermittedFieldToUpdate(workflowBody);
-
-    // Update workflow
-    const updatedWorkflow = await workflowService
-      .update(workflow, {
-        data: dataToUpdate,
-        populate,
-      })
-      .then(formatWorkflowToAdmin);
-
-    // Send sanitized response
-    ctx.body = {
-      data: await sanitizeOutput(updatedWorkflow),
-    };
-  },
-
-  /**
-   * Delete a workflow
-   * @param {import('koa').BaseContext} ctx - koa context
-   */
-  async delete(ctx) {
-    const { id } = ctx.params;
-    const { query } = ctx.request;
-    const workflowService = getService('workflows');
-    const { sanitizeOutput, sanitizedQuery } = getWorkflowsPermissionChecker(
-      { strapi },
-      ctx.state.userAbility
-    );
-    const { populate } = await sanitizedQuery.delete(query);
-
-    const workflow = await workflowService.findById(id, { populate: WORKFLOW_POPULATE });
-    if (!workflow) {
-      return ctx.notFound("Workflow doesn't exist");
-    }
-
-    const deletedWorkflow = await workflowService
-      .delete(workflow, { populate })
-      .then(formatWorkflowToAdmin);
-
-    ctx.body = {
-      data: await sanitizeOutput(deletedWorkflow),
-    };
-  },
-
-  /**
-   * List all workflows
-   * @param {import('koa').BaseContext} ctx - koa context
-   */
-  async find(ctx) {
-    const { query } = ctx.request;
-    const workflowService = getService('workflows');
-    const { sanitizeOutput, sanitizedQuery } = getWorkflowsPermissionChecker(
-      { strapi },
-      ctx.state.userAbility
-    );
-    const { populate, filters, sort } = await sanitizedQuery.read(query);
-
-    const [workflows, workflowCount] = await Promise.all([
-      workflowService.find({ populate, filters, sort }).then(map(formatWorkflowToAdmin)),
-      workflowService.count(),
-    ]);
-
-    ctx.body = {
-      data: await mapAsync(workflows, sanitizeOutput),
-      meta: {
-        workflowCount,
-      },
-    };
-  },
-  /**
-   * Get one workflow based on its id contained in request parameters
-   * Returns count of workflows in meta, used to prevent workflow edition when
-   * max workflow count is reached for the current plan
-   * @param {import('koa').BaseContext} ctx - koa context
-   */
-  async findById(ctx) {
-    const { id } = ctx.params;
-    const { query } = ctx.request;
-    const { sanitizeOutput, sanitizedQuery } = getWorkflowsPermissionChecker(
-      { strapi },
-      ctx.state.userAbility
-    );
-    const { populate } = await sanitizedQuery.read(query);
-
-    const workflowService = getService('workflows');
-
-    const [workflow, workflowCount] = await Promise.all([
-      workflowService.findById(id, { populate }).then(formatWorkflowToAdmin),
-      workflowService.count(),
-    ]);
-
-    ctx.body = {
-      data: await sanitizeOutput(workflow),
-      meta: { workflowCount },
-    };
-  },
-};

package/ee/server/controllers/workflows/stages/index.js

@@ -1,189 +0,0 @@
-'use strict';
-
-const { mapAsync } = require('@strapi/utils');
-const { getService } = require('../../../utils');
-const { validateUpdateStageOnEntity } = require('../../../validation/review-workflows');
-const {
-  STAGE_MODEL_UID,
-  ENTITY_STAGE_ATTRIBUTE,
-  STAGE_TRANSITION_UID,
-} = require('../../../constants/workflows');
-
-/**
- *
- * @param { Strapi } strapi - Strapi instance
- * @param userAbility
- * @return { (Stage) => SanitizedStage }
- */
-function sanitizeStage({ strapi }, userAbility) {
-  const permissionChecker = strapi
-    .plugin('content-manager')
-    .service('permission-checker')
-    .create({ userAbility, model: STAGE_MODEL_UID });
-
-  return (entity) => permissionChecker.sanitizeOutput(entity);
-}
-
-module.exports = {
-  /**
-   * List all stages
-   * @param {import('koa').BaseContext} ctx - koa context
-   */
-  async find(ctx) {
-    const { workflow_id: workflowId } = ctx.params;
-    const { populate } = ctx.query;
-    const stagesService = getService('stages');
-    const sanitizer = sanitizeStage({ strapi }, ctx.state.userAbility);
-
-    const stages = await stagesService.find({
-      workflowId,
-      populate,
-    });
-
-    ctx.body = {
-      data: await mapAsync(stages, sanitizer),
-    };
-  },
-  /**
-   * Get one stage
-   * @param {import('koa').BaseContext} ctx - koa context
-   */
-  async findById(ctx) {
-    const { id, workflow_id: workflowId } = ctx.params;
-    const { populate } = ctx.query;
-    const stagesService = getService('stages');
-    const sanitizer = sanitizeStage({ strapi }, ctx.state.userAbility);
-
-    const stage = await stagesService.findById(id, {
-      workflowId,
-      populate,
-    });
-
-    ctx.body = {
-      data: await sanitizer(stage),
-    };
-  },
-
-  /**
-   * Updates an entity's stage.
-   * @async
-   * @param {Object} ctx - The Koa context object.
-   * @param {Object} ctx.params - An object containing the parameters from the request URL.
-   * @param {string} ctx.params.model_uid - The model UID of the entity.
-   * @param {string} ctx.params.id - The ID of the entity to update.
-   * @param {Object} ctx.request.body.data - Optional data object containing the new stage ID for the entity.
-   * @param {string} ctx.request.body.data.id - The ID of the new stage for the entity.
-   * @throws {ApplicationError} If review workflows is not activated on the specified model UID.
-   * @throws {ValidationError} If the `data` object in the request body fails to pass validation.
-   * @returns {Promise<void>} A promise that resolves when the entity's stage has been updated.
-   */
-  async updateEntity(ctx) {
-    const stagesService = getService('stages');
-    const stagePermissions = getService('stage-permissions');
-    const workflowService = getService('workflows');
-
-    const { model_uid: modelUID, id } = ctx.params;
-    const { body } = ctx.request;
-
-    const { sanitizeOutput } = strapi
-      .plugin('content-manager')
-      .service('permission-checker')
-      .create({ userAbility: ctx.state.userAbility, model: modelUID });
-
-    // Load entity
-    const entity = await strapi.entityService.findOne(modelUID, Number(id), {
-      populate: [ENTITY_STAGE_ATTRIBUTE],
-    });
-
-    if (!entity) {
-      ctx.throw(404, 'Entity not found');
-    }
-
-    // Validate if entity stage can be updated
-    const canTransition = stagePermissions.can(
-      STAGE_TRANSITION_UID,
-      entity[ENTITY_STAGE_ATTRIBUTE]?.id
-    );
-
-    if (!canTransition) {
-      ctx.throw(403, 'Forbidden stage transition');
-    }
-
-    const { id: stageId } = await validateUpdateStageOnEntity(
-      { id: Number(body?.data?.id) },
-      'You should pass an id to the body of the put request.'
-    );
-
-    const workflow = await workflowService.assertContentTypeBelongsToWorkflow(modelUID);
-    workflowService.assertStageBelongsToWorkflow(stageId, workflow);
-
-    const updatedEntity = await stagesService.updateEntity({ id: entity.id, modelUID }, stageId);
-
-    ctx.body = { data: await sanitizeOutput(updatedEntity) };
-  },
-
-  /**
-   * List all the stages that are available for a user to transition an entity to.
-   * If the user has permission to change the current stage of the entity every other stage in the workflow is returned
-   * @async
-   * @param {*} ctx
-   * @param {string} ctx.params.model_uid - The model UID of the entity.
-   * @param {string} ctx.params.id - The ID of the entity.
-   * @throws {ApplicationError} If review workflows is not activated on the specified model UID.
-   */
-  async listAvailableStages(ctx) {
-    const stagePermissions = getService('stage-permissions');
-    const workflowService = getService('workflows');
-
-    const { model_uid: modelUID, id } = ctx.params;
-
-    if (
-      strapi
-        .plugin('content-manager')
-        .service('permission-checker')
-        .create({ userAbility: ctx.state.userAbility, model: modelUID })
-        .cannot.read()
-    ) {
-      return ctx.forbidden();
-    }
-
-    // Load entity
-    const entity = await strapi.entityService.findOne(modelUID, Number(id), {
-      populate: [ENTITY_STAGE_ATTRIBUTE],
-    });
-
-    if (!entity) {
-      ctx.throw(404, 'Entity not found');
-    }
-
-    const entityStageId = entity[ENTITY_STAGE_ATTRIBUTE]?.id;
-    const canTransition = stagePermissions.can(STAGE_TRANSITION_UID, entityStageId);
-
-    const [workflowCount, { stages: workflowStages }] = await Promise.all([
-      workflowService.count(),
-      workflowService.getAssignedWorkflow(modelUID, {
-        populate: 'stages',
-      }),
-    ]);
-
-    const meta = {
-      stageCount: workflowStages.length,
-      workflowCount,
-    };
-
-    if (!canTransition) {
-      ctx.body = {
-        data: [],
-        meta,
-      };
-
-      return;
-    }
-
-    const data = workflowStages.filter((stage) => stage.id !== entityStageId);
-    ctx.body = {
-      data,
-      meta,
-    };
-  },
-};

package/ee/server/destroy.js

@@ -1,12 +0,0 @@
-'use strict';
-
-const { features } = require('@strapi/strapi/dist/utils/ee');
-const executeCEDestroy = require('../../server/destroy');
-
-module.exports = async ({ strapi }) => {
-  if (features.isEnabled('audit-logs')) {
-    strapi.container.get('audit-logs').destroy();
-  }
-
-  await executeCEDestroy();
-};

package/ee/server/index.js

@@ -1,11 +0,0 @@
-'use strict';
-
-module.exports = {
-  register: require('./register'),
-  contentTypes: require('./content-types'),
-  bootstrap: require('./bootstrap'),
-  destroy: require('./destroy'),
-  routes: require('./routes'),
-  services: require('./services'),
-  controllers: require('./controllers'),
-};