npm - @strapi/admin - Versions diffs - 4.7.2-exp.175f7ac70ee76d6c825e4429e15fc85ee78d23bb → 4.8.0 - Mend

@strapi/admin 4.7.2-exp.175f7ac70ee76d6c825e4429e15fc85ee78d23bb → 4.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (171) hide show

package/ee/server/validation/role.js CHANGED Viewed

@@ -20,38 +20,46 @@ const rolesDeleteSchema = yup
       .of(yup.strapiID())
       .min(1)
       .required()
-      .test('roles-deletion-checks', 'Roles deletion checks have failed', async function (ids) {
-        try {
-          await strapi.admin.services.role.checkRolesIdForDeletion(ids);
+      .test(
+        'roles-deletion-checks',
+        'Roles deletion checks have failed',
+        async function rolesDeletionChecks(ids) {
+          try {
+            await strapi.admin.services.role.checkRolesIdForDeletion(ids);
-          if (features.isEnabled('sso')) {
-            await strapi.admin.services.role.ssoCheckRolesIdForDeletion(ids);
+            if (features.isEnabled('sso')) {
+              await strapi.admin.services.role.ssoCheckRolesIdForDeletion(ids);
+            }
+          } catch (e) {
+            return this.createError({ path: 'ids', message: e.message });
           }
-        } catch (e) {
-          return this.createError({ path: 'ids', message: e.message });
-        }
-        return true;
-      }),
+          return true;
+        }
+      ),
   })
   .noUnknown();
 const roleDeleteSchema = yup
   .strapiID()
   .required()
-  .test('no-admin-single-delete', 'Role deletion checks have failed', async function (id) {
-    try {
-      await strapi.admin.services.role.checkRolesIdForDeletion([id]);
+  .test(
+    'no-admin-single-delete',
+    'Role deletion checks have failed',
+    async function noAdminSingleDelete(id) {
+      try {
+        await strapi.admin.services.role.checkRolesIdForDeletion([id]);
-      if (features.isEnabled('sso')) {
-        await strapi.admin.services.role.ssoCheckRolesIdForDeletion([id]);
+        if (features.isEnabled('sso')) {
+          await strapi.admin.services.role.ssoCheckRolesIdForDeletion([id]);
+        }
+      } catch (e) {
+        return this.createError({ path: 'id', message: e.message });
       }
-    } catch (e) {
-      return this.createError({ path: 'id', message: e.message });
-    }
-    return true;
-  });
+      return true;
+    }
+  );
 module.exports = {
   validateRoleCreateInput: validateYupSchema(roleCreateSchema),

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/admin",
-  "version": "4.7.2-exp.175f7ac70ee76d6c825e4429e15fc85ee78d23bb",
+  "version": "4.8.0",
   "description": "Strapi Admin",
   "repository": {
     "type": "git",
@@ -46,21 +46,21 @@
     "@casl/ability": "^5.4.3",
     "@fingerprintjs/fingerprintjs": "3.3.6",
     "@pmmmwh/react-refresh-webpack-plugin": "0.5.10",
-    "@strapi/babel-plugin-switch-ee-ce": "4.7.2-exp.175f7ac70ee76d6c825e4429e15fc85ee78d23bb",
-    "@strapi/data-transfer": "4.7.2-exp.175f7ac70ee76d6c825e4429e15fc85ee78d23bb",
-    "@strapi/design-system": "1.6.3",
-    "@strapi/helper-plugin": "4.7.2-exp.175f7ac70ee76d6c825e4429e15fc85ee78d23bb",
-    "@strapi/icons": "1.6.3",
-    "@strapi/permissions": "4.7.2-exp.175f7ac70ee76d6c825e4429e15fc85ee78d23bb",
-    "@strapi/provider-audit-logs-local": "4.7.2-exp.175f7ac70ee76d6c825e4429e15fc85ee78d23bb",
-    "@strapi/typescript-utils": "4.7.2-exp.175f7ac70ee76d6c825e4429e15fc85ee78d23bb",
-    "@strapi/utils": "4.7.2-exp.175f7ac70ee76d6c825e4429e15fc85ee78d23bb",
+    "@strapi/babel-plugin-switch-ee-ce": "4.8.0",
+    "@strapi/data-transfer": "4.8.0",
+    "@strapi/design-system": "1.6.5",
+    "@strapi/helper-plugin": "4.8.0",
+    "@strapi/icons": "1.6.5",
+    "@strapi/permissions": "4.8.0",
+    "@strapi/provider-audit-logs-local": "4.8.0",
+    "@strapi/typescript-utils": "4.8.0",
+    "@strapi/utils": "4.8.0",
     "axios": "1.2.2",
     "babel-loader": "^9.1.2",
     "babel-plugin-styled-components": "2.0.2",
     "bcryptjs": "2.4.3",
     "browserslist-to-esbuild": "1.2.0",
-    "chalk": "^4.1.1",
+    "chalk": "^4.1.2",
     "chokidar": "^3.5.1",
     "codemirror5": "npm:codemirror@^5.65.11",
     "cross-env": "^7.0.3",
@@ -121,7 +121,7 @@
     "react-redux": "8.0.5",
     "react-refresh": "0.14.0",
     "react-router-dom": "5.3.4",
-    "react-select": "5.6.0",
+    "react-select": "5.7.0",
     "react-window": "1.8.7",
     "redux": "^4.2.1",
     "reselect": "^4.1.7",
@@ -166,5 +166,5 @@
       }
     }
   },
-  "gitHead": "175f7ac70ee76d6c825e4429e15fc85ee78d23bb"
+  "gitHead": "e239e408f99c9e61e6d02b38f01632ce67412f2a"
 }

package/server/bootstrap.js CHANGED Viewed

@@ -85,7 +85,6 @@ module.exports = async () => {
   await roleService.resetSuperAdminPermissions();
   await roleService.displayWarningIfNoSuperAdmin();
-  await permissionService.ensureBoundPermissionsInDatabase();
   await permissionService.cleanPermissionsInDatabase();
   await userService.displayWarningIfUsersDontHaveRole();

package/server/controllers/api-token.js CHANGED Viewed

@@ -1,7 +1,9 @@
 'use strict';
-const { stringEquals } = require('@strapi/utils/lib');
-const { ApplicationError } = require('@strapi/utils').errors;
+const {
+  stringEquals,
+  errors: { ApplicationError },
+} = require('@strapi/utils');
 const { trim, has } = require('lodash/fp');
 const { getService } = require('../utils');
 const {

package/server/controllers/permission.js CHANGED Viewed

@@ -29,11 +29,9 @@ module.exports = {
    * @param {KoaContext} ctx - koa context
    */
   async getAll(ctx) {
-    const { role: roleId } = ctx.query;
+    const { sectionsBuilder, actionProvider, conditionProvider } = getService('permission');
-    const { sectionsBuilder, conditionProvider } = getService('permission');
-    const actions = await getService('action').getAllowedActionsForRole(roleId);
+    const actions = actionProvider.values();
     const conditions = conditionProvider.values();
     const sections = await sectionsBuilder.build(actions);

package/server/controllers/role.js CHANGED Viewed

@@ -1,12 +1,32 @@
 'use strict';
 const { ApplicationError } = require('@strapi/utils').errors;
-const { validateRoleUpdateInput } = require('../validation/role');
+const {
+  validateRoleUpdateInput,
+  validateRoleCreateInput,
+  validateRoleDeleteInput,
+  validateRolesDeleteInput,
+} = require('../validation/role');
 const { validatedUpdatePermissionsInput } = require('../validation/permission');
-const { EDITOR_CODE, AUTHOR_CODE, SUPER_ADMIN_CODE } = require('../services/constants');
+const { SUPER_ADMIN_CODE } = require('../services/constants');
 const { getService } = require('../utils');
 module.exports = {
+  /**
+   * Create a new role
+   * @param {KoaContext} ctx - koa context
+   */
+  async create(ctx) {
+    await validateRoleCreateInput(ctx.request.body);
+    const roleService = getService('role');
+    const role = await roleService.create(ctx.request.body);
+    const sanitizedRole = roleService.sanitizeRole(role);
+    ctx.created({ data: sanitizedRole });
+  },
   /**
    * Returns on role by id
    * @param {KoaContext} ctx - koa context
@@ -99,10 +119,10 @@ module.exports = {
     const { id } = ctx.params;
     const { body: input } = ctx.request;
-    const { findOne, assignPermissions } = getService('role');
-    const { sanitizePermission, actionProvider } = getService('permission');
+    const roleService = getService('role');
+    const permissionService = getService('permission');
-    const role = await findOne({ id });
+    const role = await roleService.findOne({ id });
     if (!role) {
       return ctx.notFound('role.notFound');
@@ -112,30 +132,57 @@ module.exports = {
       throw new ApplicationError("Super admin permissions can't be edited.");
     }
-    await validatedUpdatePermissionsInput(input, role);
+    await validatedUpdatePermissionsInput(input);
-    let permissionsToAssign;
+    if (!role) {
+      return ctx.notFound('role.notFound');
+    }
-    if ([EDITOR_CODE, AUTHOR_CODE].includes(role.code)) {
-      permissionsToAssign = input.permissions.map((permission) => {
-        const action = actionProvider.get(permission.action);
+    const permissions = await roleService.assignPermissions(role.id, input.permissions);
-        if (action.section !== 'contentTypes') {
-          return permission;
-        }
+    const sanitizedPermissions = permissions.map(permissionService.sanitizePermission);
-        const conditions = role.code === AUTHOR_CODE ? ['admin::is-creator'] : [];
+    ctx.body = {
+      data: sanitizedPermissions,
+    };
+  },
-        return { ...permission, conditions };
-      });
-    } else {
-      permissionsToAssign = input.permissions;
-    }
+  /**
+   * Delete a role
+   * @param {KoaContext} ctx - koa context
+   */
+  async deleteOne(ctx) {
+    const { id } = ctx.params;
-    const permissions = await assignPermissions(role.id, permissionsToAssign);
+    await validateRoleDeleteInput(id);
-    ctx.body = {
-      data: permissions.map(sanitizePermission),
-    };
+    const roleService = getService('role');
+    const roles = await roleService.deleteByIds([id]);
+    const sanitizedRole = roles.map((role) => roleService.sanitizeRole(role))[0] || null;
+    return ctx.deleted({
+      data: sanitizedRole,
+    });
+  },
+  /**
+   * delete several roles
+   * @param {KoaContext} ctx - koa context
+   */
+  async deleteMany(ctx) {
+    const { body } = ctx.request;
+    await validateRolesDeleteInput(body);
+    const roleService = getService('role');
+    const roles = await roleService.deleteByIds(body.ids);
+    const sanitizedRoles = roles.map(roleService.sanitizeRole);
+    return ctx.deleted({
+      data: sanitizedRoles,
+    });
   },
 };

package/server/controllers/transfer/runner.js CHANGED Viewed

@@ -1,7 +1,9 @@
 'use strict';
-const { remote } = require('@strapi/data-transfer/lib/strapi');
-const { UnauthorizedError } = require('@strapi/utils/lib/errors');
+const { createTransferHandler } = require('@strapi/data-transfer').strapi.remote.handlers;
+const {
+  errors: { UnauthorizedError },
+} = require('@strapi/utils');
 const dataTransferAuthStrategy = require('../../strategies/data-transfer');
@@ -20,5 +22,5 @@ const verify = async (ctx, scope) => {
 };
 module.exports = {
-  connect: remote.handlers.createTransferHandler({ verify }),
+  connect: createTransferHandler({ verify }),
 };

package/server/domain/user.js CHANGED Viewed

@@ -19,7 +19,10 @@ const hasSuperAdminRole = (user) => {
   return user.roles.filter((role) => role.code === SUPER_ADMIN_CODE).length > 0;
 };
+const ADMIN_USER_ALLOWED_FIELDS = ['id', 'firstname', 'lastname', 'username'];
 module.exports = {
   createUser,
   hasSuperAdminRole,
+  ADMIN_USER_ALLOWED_FIELDS,
 };

package/server/routes/roles.js CHANGED Viewed

@@ -45,6 +45,22 @@ module.exports = [
       ],
     },
   },
+  {
+    method: 'POST',
+    path: '/roles',
+    handler: 'role.create',
+    config: {
+      policies: [
+        'admin::isAuthenticatedAdmin',
+        {
+          name: 'admin::hasPermissions',
+          config: {
+            actions: ['admin::roles.create'],
+          },
+        },
+      ],
+    },
+  },
   {
     method: 'PUT',
     path: '/roles/:id',
@@ -56,4 +72,36 @@ module.exports = [
       ],
     },
   },
+  {
+    method: 'DELETE',
+    path: '/roles/:id',
+    handler: 'role.deleteOne',
+    config: {
+      policies: [
+        'admin::isAuthenticatedAdmin',
+        {
+          name: 'admin::hasPermissions',
+          config: {
+            actions: ['admin::roles.delete'],
+          },
+        },
+      ],
+    },
+  },
+  {
+    method: 'POST',
+    path: '/roles/batch-delete',
+    handler: 'role.deleteMany',
+    config: {
+      policies: [
+        'admin::isAuthenticatedAdmin',
+        {
+          name: 'admin::hasPermissions',
+          config: {
+            actions: ['admin::roles.delete'],
+          },
+        },
+      ],
+    },
+  },
 ];

package/server/services/permission/permissions-manager/sanitize.js CHANGED Viewed

@@ -21,6 +21,7 @@ const {
 const { contentTypes, traverseEntity, sanitize, pipeAsync, traverse } = require('@strapi/utils');
 const { removePassword } = require('@strapi/utils/lib/sanitize/visitors');
+const { ADMIN_USER_ALLOWED_FIELDS } = require('../../../domain/user');
 const {
   constants,
@@ -39,7 +40,6 @@ const {
 const COMPONENT_FIELDS = ['__component'];
 const STATIC_FIELDS = [ID_ATTRIBUTE];
-const ADMIN_USER_ALLOWED_FIELDS = ['id', 'firstname', 'lastname', 'username'];
 module.exports = ({ action, ability, model }) => {
   const schema = strapi.getModel(model);
@@ -49,7 +49,7 @@ module.exports = ({ action, ability, model }) => {
   const createSanitizeQuery = (options = {}) => {
     const { fields } = options;
-    // TODO: sanitize relations to admin usersin all sanitizers
+    // TODO: sanitize relations to admin users in all sanitizers
     const permittedFields = fields.shouldIncludeAll ? null : getQueryFields(fields.permitted);
     const sanitizeFilters = pipeAsync(

package/server/services/permission/queries.js CHANGED Viewed

@@ -1,22 +1,7 @@
 'use strict';
-const {
-  flatMap,
-  reject,
-  isNil,
-  isArray,
-  prop,
-  xor,
-  eq,
-  uniq,
-  map,
-  difference,
-  differenceWith,
-  pipe,
-} = require('lodash/fp');
+const { isNil, isArray, prop, xor, eq, map, differenceWith } = require('lodash/fp');
 const pmap = require('p-map');
-const { EDITOR_CODE } = require('../constants');
-const { getBoundActionsBySubject, BOUND_ACTIONS_FOR_FIELDS } = require('../../domain/role');
 const { getService } = require('../../utils');
 const permissionDomain = require('../../domain/permission/index');
@@ -195,63 +180,6 @@ const cleanPermissionsInDatabase = async () => {
   }
 };
-const ensureBoundPermissionsInDatabase = async () => {
-  if (strapi.EE) {
-    return;
-  }
-  const contentTypes = Object.values(strapi.contentTypes);
-  const editorRole = await strapi.query('admin::role').findOne({
-    where: { code: EDITOR_CODE },
-  });
-  if (isNil(editorRole)) {
-    return;
-  }
-  for (const contentType of contentTypes) {
-    const boundActions = getBoundActionsBySubject(editorRole, contentType.uid);
-    const permissions = await findMany({
-      where: {
-        subject: contentType.uid,
-        action: boundActions,
-        role: { id: editorRole.id },
-      },
-    });
-    if (permissions.length === 0) {
-      return;
-    }
-    const fields = pipe(
-      flatMap(permissionDomain.getProperty('fields')),
-      reject(isNil),
-      uniq
-    )(permissions);
-    // Handle the scenario where permissions are missing
-    const missingActions = difference(map('action', permissions), boundActions);
-    if (missingActions.length > 0) {
-      const permissions = pipe(
-        // Create a permission skeleton from the action id
-        map((action) => ({ action, subject: contentType.uid, role: editorRole.id })),
-        // Use the permission domain to create a clean permission from the given object
-        map(permissionDomain.create),
-        // Adds the fields property if the permission action is eligible
-        map((permission) =>
-          BOUND_ACTIONS_FOR_FIELDS.includes(permission.action)
-            ? permissionDomain.setProperty('fields', fields, permission)
-            : permission
-        )
-      )(missingActions);
-      await createMany(permissions);
-    }
-  }
-};
 module.exports = {
   createMany,
   findMany,
@@ -259,5 +187,4 @@ module.exports = {
   deleteByIds,
   findUserPermissions,
   cleanPermissionsInDatabase,
-  ensureBoundPermissionsInDatabase,
 };

package/server/strategies/data-transfer.js CHANGED Viewed

@@ -1,6 +1,8 @@
 'use strict';
-const { UnauthorizedError, ForbiddenError } = require('@strapi/utils/lib/errors');
+const {
+  errors: { UnauthorizedError, ForbiddenError },
+} = require('@strapi/utils');
 const { castArray, isNil } = require('lodash/fp');
 const { getService } = require('../utils');

package/server/validation/permission.js CHANGED Viewed

@@ -1,83 +1,9 @@
 'use strict';
-const _ = require('lodash');
 const { yup, validateYupSchema } = require('@strapi/utils');
 const { getService } = require('../utils');
-const { AUTHOR_CODE, PUBLISH_ACTION } = require('../services/constants');
-const {
-  BOUND_ACTIONS_FOR_FIELDS,
-  BOUND_ACTIONS,
-  getBoundActionsBySubject,
-} = require('../domain/role');
 const validators = require('./common-validators');
-// validatedUpdatePermissionsInput
-const actionFieldsAreEqual = (a, b) => {
-  const aFields = a.properties.fields || [];
-  const bFields = b.properties.fields || [];
-  return _.isEqual(aFields.sort(), bFields.sort());
-};
-const haveSameFieldsAsOtherActions = (a, i, allActions) =>
-  allActions.slice(i + 1).every((b) => actionFieldsAreEqual(a, b));
-const checkPermissionsAreBound = (role) =>
-  function (permissions) {
-    const permsBySubject = _.groupBy(
-      permissions.filter((perm) => BOUND_ACTIONS.includes(perm.action)),
-      'subject'
-    );
-    for (const [subject, perms] of Object.entries(permsBySubject)) {
-      const boundActions = getBoundActionsBySubject(role, subject);
-      const missingActions =
-        _.xor(
-          perms.map((p) => p.action),
-          boundActions
-        ).length !== 0;
-      if (missingActions) return false;
-      const permsBoundByFields = perms.filter((p) => BOUND_ACTIONS_FOR_FIELDS.includes(p.action));
-      const everyActionsHaveSameFields = _.every(permsBoundByFields, haveSameFieldsAsOtherActions);
-      if (!everyActionsHaveSameFields) return false;
-    }
-    return true;
-  };
-const noPublishPermissionForAuthorRole = (role) =>
-  function (permissions) {
-    const isAuthor = role.code === AUTHOR_CODE;
-    const hasPublishPermission = permissions.some((perm) => perm.action === PUBLISH_ACTION);
-    return !(isAuthor && hasPublishPermission);
-  };
-const getUpdatePermissionsSchemas = (role) => [
-  validators.updatePermissions,
-  yup.object().shape({ permissions: actionsExistSchema.clone() }),
-  yup.object().shape({
-    permissions: yup
-      .array()
-      .test(
-        'author-no-publish',
-        'The author role cannot have the publish permission.',
-        noPublishPermissionForAuthorRole(role)
-      ),
-  }),
-  yup.object().shape({
-    permissions: yup
-      .array()
-      .test(
-        'are-bond',
-        'Permissions have to be defined all together for a subject field or not at all',
-        checkPermissionsAreBound(role)
-      ),
-  }),
-];
 const checkPermissionsSchema = yup.object().shape({
   permissions: yup.array().of(
     yup
@@ -91,13 +17,6 @@ const checkPermissionsSchema = yup.object().shape({
   ),
 });
-const validatedUpdatePermissionsInput = async (permissions, role) => {
-  const schemas = getUpdatePermissionsSchemas(role);
-  for (const schema of schemas) {
-    await validateYupSchema(schema)(permissions);
-  }
-};
 // validatePermissionsExist
 const checkPermissionsExist = function (permissions) {
@@ -131,7 +50,7 @@ const actionsExistSchema = yup
 // exports
 module.exports = {
-  validatedUpdatePermissionsInput,
+  validatedUpdatePermissionsInput: validateYupSchema(validators.updatePermissions),
   validatePermissionsExist: validateYupSchema(actionsExistSchema),
   validateCheckPermissionsInput: validateYupSchema(checkPermissionsSchema),
 };

package/server/validation/role.js CHANGED Viewed

@@ -2,6 +2,47 @@
 const { yup, validateYupSchema } = require('@strapi/utils');
+const roleCreateSchema = yup
+  .object()
+  .shape({
+    name: yup.string().min(1).required(),
+    description: yup.string().nullable(),
+  })
+  .noUnknown();
+const rolesDeleteSchema = yup
+  .object()
+  .shape({
+    ids: yup
+      .array()
+      .of(yup.strapiID())
+      .min(1)
+      .required()
+      .test('roles-deletion-checks', 'Roles deletion checks have failed', async function (ids) {
+        try {
+          await strapi.admin.services.role.checkRolesIdForDeletion(ids);
+        } catch (e) {
+          return this.createError({ path: 'ids', message: e.message });
+        }
+        return true;
+      }),
+  })
+  .noUnknown();
+const roleDeleteSchema = yup
+  .strapiID()
+  .required()
+  .test('no-admin-single-delete', 'Role deletion checks have failed', async function (id) {
+    try {
+      await strapi.admin.services.role.checkRolesIdForDeletion([id]);
+    } catch (e) {
+      return this.createError({ path: 'id', message: e.message });
+    }
+    return true;
+  });
 const roleUpdateSchema = yup
   .object()
   .shape({
@@ -12,4 +53,7 @@ const roleUpdateSchema = yup
 module.exports = {
   validateRoleUpdateInput: validateYupSchema(roleUpdateSchema),
+  validateRoleCreateInput: validateYupSchema(roleCreateSchema),
+  validateRolesDeleteInput: validateYupSchema(rolesDeleteSchema),
+  validateRoleDeleteInput: validateYupSchema(roleDeleteSchema),
 };

package/admin/src/assets/images/hot-air-balloon.png DELETED Viewed

Binary file

package/admin/src/assets/images/upgrade-details.png DELETED Viewed

Binary file