@strapi/admin 5.30.0 → 5.30.1

package/dist/server/server/src/services/content-type.js.map

@@ -1 +1 @@
-{"version":3,"file":"content-type.js","sources":["../../../../../server/src/services/content-type.ts"],"sourcesContent":["import _ from 'lodash';\nimport { uniq, startsWith } from 'lodash/fp';\nimport { contentTypes as contentTypesUtils } from '@strapi/utils';\nimport type { Modules, Struct } from '@strapi/types';\nimport { getService } from '../utils';\nimport actionDomain from '../domain/action';\nimport permissionDomain from '../domain/permission';\n\ninterface FieldOptions {\n  prefix?: string; // prefix to add to the path\n  nestingLevel?: number; // level of nesting to achieve\n  requiredOnly?: boolean; // only returns required nestedFields\n  existingFields?: string[]; // fields that are already selected, meaning that some sub-fields may be required\n  restrictedSubjects?: string[]; // subjectsId to ignore\n  components?: {\n    // components where components attributes can be found\n    [key: string]: any;\n  };\n}\n\n/**\n * Creates an array of paths to the fields and nested fields, without path nodes\n */\nconst getNestedFields = (\n  model: Struct.ContentTypeSchema,\n  {\n    prefix = '',\n    nestingLevel = 15,\n    components = {},\n    requiredOnly = false,\n    existingFields = [],\n  }: FieldOptions\n): string[] => {\n  if (nestingLevel === 0) {\n    return prefix ? [prefix] : [];\n  }\n\n  const nonAuthorizableFields = contentTypesUtils.getNonVisibleAttributes(model);\n\n  return _.reduce(\n    model.attributes,\n    (fields: any, attr: any, key: any) => {\n      if (nonAuthorizableFields.includes(key)) return fields;\n\n      const fieldPath = prefix ? `${prefix}.${key}` : key;\n      const shouldBeIncluded = !requiredOnly || attr.required === true;\n      const insideExistingFields = existingFields && existingFields.some(startsWith(fieldPath));\n\n      if (attr.type === 'component') {\n        if (shouldBeIncluded || insideExistingFields) {\n          const compoFields = getNestedFields(components[attr.component], {\n            nestingLevel: nestingLevel - 1,\n            prefix: fieldPath,\n            components,\n            requiredOnly,\n            existingFields,\n          });\n\n          if (compoFields.length === 0 && shouldBeIncluded) {\n            return fields.concat(fieldPath);\n          }\n\n          return fields.concat(compoFields);\n        }\n        return fields;\n      }\n\n      if (shouldBeIncluded) {\n        return fields.concat(fieldPath);\n      }\n\n      return fields;\n    },\n    []\n  );\n};\n\n/**\n * Creates an array of paths to the fields and nested fields, with path nodes\n */\nconst getNestedFieldsWithIntermediate = (\n  model: Struct.ContentTypeSchema,\n  { prefix = '', nestingLevel = 15, components = {} }: FieldOptions\n): string[] => {\n  if (nestingLevel === 0) {\n    return [];\n  }\n\n  const nonAuthorizableFields = contentTypesUtils.getNonVisibleAttributes(model);\n\n  return _.reduce(\n    model.attributes,\n    (fields: any, attr: any, key: any) => {\n      if (nonAuthorizableFields.includes(key)) return fields;\n\n      const fieldPath = prefix ? `${prefix}.${key}` : key;\n      fields.push(fieldPath);\n\n      if (attr.type === 'component') {\n        const compoFields = getNestedFieldsWithIntermediate(components[attr.component], {\n          nestingLevel: nestingLevel - 1,\n          prefix: fieldPath,\n          components,\n        });\n\n        fields.push(...compoFields);\n      }\n\n      return fields;\n    },\n    []\n  );\n};\n\n/**\n * Creates an array of permissions with the \"properties.fields\" attribute filled\n */\nconst getPermissionsWithNestedFields = (\n  actions: any[],\n  { nestingLevel, restrictedSubjects = [] }: FieldOptions = {}\n): Modules.Permissions.PermissionRule[] => {\n  return actions.reduce((permissions, action) => {\n    const validSubjects = action.subjects.filter(\n      (subject: any) => !restrictedSubjects.includes(subject)\n    );\n\n    // Create a Permission for each subject (content-type uid) within the action\n    for (const subject of validSubjects) {\n      const fields = actionDomain.appliesToProperty('fields', action)\n        ? getNestedFields(strapi.contentTypes[subject], {\n            components: strapi.components,\n            nestingLevel,\n          })\n        : undefined;\n\n      const permission = permissionDomain.create({\n        action: action.actionId,\n        subject,\n        properties: { fields },\n      });\n\n      permissions.push(permission);\n    }\n\n    return permissions;\n  }, []);\n};\n\n/**\n * Cleans permissions' fields (add required ones, remove the non-existing ones)\n */\nconst cleanPermissionFields = (\n  permissions: Modules.Permissions.PermissionRule[]\n): Modules.Permissions.PermissionRule[] => {\n  const { actionProvider } = getService('permission');\n\n  return permissions.map((permission: any) => {\n    const {\n      action: actionId,\n      subject,\n      properties: { fields },\n    } = permission;\n\n    const action = actionProvider.get(actionId) as any;\n\n    // todo see if it's possible to check property on action + subject (async)\n    if (!actionDomain.appliesToProperty('fields', action)) {\n      return permissionDomain.deleteProperty('fields', permission);\n    }\n\n    if (!subject || !strapi.contentTypes[subject]) {\n      return permission;\n    }\n\n    const possibleFields = getNestedFieldsWithIntermediate(strapi.contentTypes[subject], {\n      components: strapi.components,\n    });\n\n    const currentFields: string[] = fields || [];\n\n    const validUserFields: string[] = uniq(\n      possibleFields.filter((pf) =>\n        currentFields.some((cf) => pf === cf || startsWith(`${cf}.`, pf))\n      )\n    );\n\n    // A field is considered \"not nested\" if no other valid user field starts with this field's path followed by a dot.\n    // This helps to remove redundant parent paths when a more specific child path is already included.\n    // For example, if 'component.title' is present, 'component' would be filtered out by this condition.\n    const isNotNestedField = (field: string) =>\n      !validUserFields.some(\n        (validUserField: string) =>\n          validUserField !== field && startsWith(`${field}.`, validUserField)\n      );\n\n    // Filter out fields that are parent paths of other included fields.\n    const newFields = validUserFields.filter(isNotNestedField);\n\n    return permissionDomain.setProperty('fields', newFields, permission);\n  }, []);\n};\n\nexport {\n  getNestedFields,\n  getPermissionsWithNestedFields,\n  cleanPermissionFields,\n  getNestedFieldsWithIntermediate,\n};\n"],"names":["getNestedFields","model","prefix","nestingLevel","components","requiredOnly","existingFields","nonAuthorizableFields","contentTypesUtils","getNonVisibleAttributes","_","reduce","attributes","fields","attr","key","includes","fieldPath","shouldBeIncluded","required","insideExistingFields","some","startsWith","type","compoFields","component","length","concat","getNestedFieldsWithIntermediate","push","getPermissionsWithNestedFields","actions","restrictedSubjects","permissions","action","validSubjects","subjects","filter","subject","actionDomain","appliesToProperty","strapi","contentTypes","undefined","permission","permissionDomain","create","actionId","properties","cleanPermissionFields","actionProvider","getService","map","get","deleteProperty","possibleFields","currentFields","validUserFields","uniq","pf","cf","isNotNestedField","field","validUserField","newFields","setProperty"],"mappings":";;;;;;;;;AAoBA;;IAGA,MAAMA,kBAAkB,CACtBC,KAAAA,EACA,EACEC,MAAS,GAAA,EAAE,EACXC,YAAe,GAAA,EAAE,EACjBC,UAAa,GAAA,EAAE,EACfC,YAAAA,GAAe,KAAK,EACpBC,cAAAA,GAAiB,EAAE,EACN,GAAA;AAEf,IAAA,IAAIH,iBAAiB,CAAG,EAAA;AACtB,QAAA,OAAOD,MAAS,GAAA;AAACA,YAAAA;AAAO,SAAA,GAAG,EAAE;AAC/B;IAEA,MAAMK,qBAAAA,GAAwBC,kBAAkBC,CAAAA,uBAAuB,CAACR,KAAAA,CAAAA;IAExE,OAAOS,CAAAA,CAAEC,MAAM,CACbV,KAAAA,CAAMW,UAAU,EAChB,CAACC,QAAaC,IAAWC,EAAAA,GAAAA,GAAAA;AACvB,QAAA,IAAIR,qBAAsBS,CAAAA,QAAQ,CAACD,GAAAA,CAAAA,EAAM,OAAOF,MAAAA;QAEhD,MAAMI,SAAAA,GAAYf,SAAS,CAAC,EAAEA,OAAO,CAAC,EAAEa,GAAI,CAAA,CAAC,GAAGA,GAAAA;AAChD,QAAA,MAAMG,gBAAmB,GAAA,CAACb,YAAgBS,IAAAA,IAAAA,CAAKK,QAAQ,KAAK,IAAA;AAC5D,QAAA,MAAMC,oBAAuBd,GAAAA,cAAAA,IAAkBA,cAAee,CAAAA,IAAI,CAACC,aAAWL,CAAAA,SAAAA,CAAAA,CAAAA;QAE9E,IAAIH,IAAAA,CAAKS,IAAI,KAAK,WAAa,EAAA;AAC7B,YAAA,IAAIL,oBAAoBE,oBAAsB,EAAA;AAC5C,gBAAA,MAAMI,cAAcxB,eAAgBI,CAAAA,UAAU,CAACU,IAAKW,CAAAA,SAAS,CAAC,EAAE;AAC9DtB,oBAAAA,YAAAA,EAAcA,YAAe,GAAA,CAAA;oBAC7BD,MAAQe,EAAAA,SAAAA;AACRb,oBAAAA,UAAAA;AACAC,oBAAAA,YAAAA;AACAC,oBAAAA;AACF,iBAAA,CAAA;AAEA,gBAAA,IAAIkB,WAAYE,CAAAA,MAAM,KAAK,CAAA,IAAKR,gBAAkB,EAAA;oBAChD,OAAOL,MAAAA,CAAOc,MAAM,CAACV,SAAAA,CAAAA;AACvB;gBAEA,OAAOJ,MAAAA,CAAOc,MAAM,CAACH,WAAAA,CAAAA;AACvB;YACA,OAAOX,MAAAA;AACT;AAEA,QAAA,IAAIK,gBAAkB,EAAA;YACpB,OAAOL,MAAAA,CAAOc,MAAM,CAACV,SAAAA,CAAAA;AACvB;QAEA,OAAOJ,MAAAA;AACT,KAAA,EACA,EAAE,CAAA;AAEN;AAEA;;AAEC,IACKe,MAAAA,+BAAAA,GAAkC,CACtC3B,KAAAA,EACA,EAAEC,MAAS,GAAA,EAAE,EAAEC,YAAAA,GAAe,EAAE,EAAEC,UAAa,GAAA,EAAE,EAAgB,GAAA;AAEjE,IAAA,IAAID,iBAAiB,CAAG,EAAA;AACtB,QAAA,OAAO,EAAE;AACX;IAEA,MAAMI,qBAAAA,GAAwBC,kBAAkBC,CAAAA,uBAAuB,CAACR,KAAAA,CAAAA;IAExE,OAAOS,CAAAA,CAAEC,MAAM,CACbV,KAAAA,CAAMW,UAAU,EAChB,CAACC,QAAaC,IAAWC,EAAAA,GAAAA,GAAAA;AACvB,QAAA,IAAIR,qBAAsBS,CAAAA,QAAQ,CAACD,GAAAA,CAAAA,EAAM,OAAOF,MAAAA;QAEhD,MAAMI,SAAAA,GAAYf,SAAS,CAAC,EAAEA,OAAO,CAAC,EAAEa,GAAI,CAAA,CAAC,GAAGA,GAAAA;AAChDF,QAAAA,MAAAA,CAAOgB,IAAI,CAACZ,SAAAA,CAAAA;QAEZ,IAAIH,IAAAA,CAAKS,IAAI,KAAK,WAAa,EAAA;AAC7B,YAAA,MAAMC,cAAcI,+BAAgCxB,CAAAA,UAAU,CAACU,IAAKW,CAAAA,SAAS,CAAC,EAAE;AAC9EtB,gBAAAA,YAAAA,EAAcA,YAAe,GAAA,CAAA;gBAC7BD,MAAQe,EAAAA,SAAAA;AACRb,gBAAAA;AACF,aAAA,CAAA;AAEAS,YAAAA,MAAAA,CAAOgB,IAAI,CAAIL,GAAAA,WAAAA,CAAAA;AACjB;QAEA,OAAOX,MAAAA;AACT,KAAA,EACA,EAAE,CAAA;AAEN;AAEA;;AAEC,IACKiB,MAAAA,8BAAAA,GAAiC,CACrCC,OAAAA,EACA,EAAE5B,YAAY,EAAE6B,kBAAAA,GAAqB,EAAE,EAAgB,GAAG,EAAE,GAAA;AAE5D,IAAA,OAAOD,OAAQpB,CAAAA,MAAM,CAAC,CAACsB,WAAaC,EAAAA,MAAAA,GAAAA;QAClC,MAAMC,aAAAA,GAAgBD,MAAOE,CAAAA,QAAQ,CAACC,MAAM,CAC1C,CAACC,OAAiB,GAAA,CAACN,kBAAmBhB,CAAAA,QAAQ,CAACsB,OAAAA,CAAAA,CAAAA;;QAIjD,KAAK,MAAMA,WAAWH,aAAe,CAAA;YACnC,MAAMtB,MAAAA,GAAS0B,KAAaC,CAAAA,iBAAiB,CAAC,QAAA,EAAUN,MACpDlC,CAAAA,GAAAA,eAAAA,CAAgByC,MAAOC,CAAAA,YAAY,CAACJ,OAAAA,CAAQ,EAAE;AAC5ClC,gBAAAA,UAAAA,EAAYqC,OAAOrC,UAAU;AAC7BD,gBAAAA;aAEFwC,CAAAA,GAAAA,SAAAA;YAEJ,MAAMC,UAAAA,GAAaC,eAAiBC,CAAAA,MAAM,CAAC;AACzCZ,gBAAAA,MAAAA,EAAQA,OAAOa,QAAQ;AACvBT,gBAAAA,OAAAA;gBACAU,UAAY,EAAA;AAAEnC,oBAAAA;AAAO;AACvB,aAAA,CAAA;AAEAoB,YAAAA,WAAAA,CAAYJ,IAAI,CAACe,UAAAA,CAAAA;AACnB;QAEA,OAAOX,WAAAA;AACT,KAAA,EAAG,EAAE,CAAA;AACP;AAEA;;IAGA,MAAMgB,wBAAwB,CAC5BhB,WAAAA,GAAAA;AAEA,IAAA,MAAM,EAAEiB,cAAc,EAAE,GAAGC,kBAAW,CAAA,YAAA,CAAA;IAEtC,OAAOlB,WAAAA,CAAYmB,GAAG,CAAC,CAACR,UAAAA,GAAAA;QACtB,MAAM,EACJV,MAAQa,EAAAA,QAAQ,EAChBT,OAAO,EACPU,UAAAA,EAAY,EAAEnC,MAAM,EAAE,EACvB,GAAG+B,UAAAA;QAEJ,MAAMV,MAAAA,GAASgB,cAAeG,CAAAA,GAAG,CAACN,QAAAA,CAAAA;;AAGlC,QAAA,IAAI,CAACR,KAAAA,CAAaC,iBAAiB,CAAC,UAAUN,MAAS,CAAA,EAAA;YACrD,OAAOW,eAAAA,CAAiBS,cAAc,CAAC,QAAUV,EAAAA,UAAAA,CAAAA;AACnD;AAEA,QAAA,IAAI,CAACN,OAAW,IAAA,CAACG,OAAOC,YAAY,CAACJ,QAAQ,EAAE;YAC7C,OAAOM,UAAAA;AACT;AAEA,QAAA,MAAMW,iBAAiB3B,+BAAgCa,CAAAA,MAAAA,CAAOC,YAAY,CAACJ,QAAQ,EAAE;AACnFlC,YAAAA,UAAAA,EAAYqC,OAAOrC;AACrB,SAAA,CAAA;QAEA,MAAMoD,aAAAA,GAA0B3C,UAAU,EAAE;QAE5C,MAAM4C,eAAAA,GAA4BC,QAChCH,cAAelB,CAAAA,MAAM,CAAC,CAACsB,EAAAA,GACrBH,cAAcnC,IAAI,CAAC,CAACuC,EAAOD,GAAAA,EAAAA,KAAOC,MAAMtC,aAAW,CAAA,CAAC,EAAEsC,EAAG,CAAA,CAAC,CAAC,EAAED,EAAAA,CAAAA,CAAAA,CAAAA,CAAAA;;;;AAOjE,QAAA,MAAME,mBAAmB,CAACC,KAAAA,GACxB,CAACL,eAAAA,CAAgBpC,IAAI,CACnB,CAAC0C,cACCA,GAAAA,cAAAA,KAAmBD,SAASxC,aAAW,CAAA,CAAC,EAAEwC,KAAM,CAAA,CAAC,CAAC,EAAEC,cAAAA,CAAAA,CAAAA;;QAI1D,MAAMC,SAAAA,GAAYP,eAAgBpB,CAAAA,MAAM,CAACwB,gBAAAA,CAAAA;AAEzC,QAAA,OAAOhB,eAAiBoB,CAAAA,WAAW,CAAC,QAAA,EAAUD,SAAWpB,EAAAA,UAAAA,CAAAA;AAC3D,KAAA,EAAG,EAAE,CAAA;AACP;;;;;;;"}
+{"version":3,"file":"content-type.js","sources":["../../../../../server/src/services/content-type.ts"],"sourcesContent":["import _ from 'lodash';\nimport { uniq, startsWith } from 'lodash/fp';\nimport { contentTypes as contentTypesUtils } from '@strapi/utils';\nimport type { Modules, Struct } from '@strapi/types';\nimport { getService } from '../utils';\nimport actionDomain from '../domain/action';\nimport permissionDomain from '../domain/permission';\n\ninterface FieldOptions {\n  prefix?: string; // prefix to add to the path\n  nestingLevel?: number; // level of nesting to achieve\n  requiredOnly?: boolean; // only returns required nestedFields\n  existingFields?: string[]; // fields that are already selected, meaning that some sub-fields may be required\n  restrictedSubjects?: string[]; // subjectsId to ignore\n  components?: {\n    // components where components attributes can be found\n    [key: string]: any;\n  };\n}\n\n/**\n * Creates an array of paths to the fields and nested fields, without path nodes\n */\nconst getNestedFields = (\n  model: Struct.ContentTypeSchema,\n  {\n    prefix = '',\n    nestingLevel = 15,\n    components = {},\n    requiredOnly = false,\n    existingFields = [],\n  }: FieldOptions\n): string[] => {\n  if (nestingLevel === 0) {\n    return prefix ? [prefix] : [];\n  }\n\n  const nonAuthorizableFields = contentTypesUtils.getNonVisibleAttributes(model);\n\n  return _.reduce(\n    model.attributes,\n    (fields: any, attr: any, key: any) => {\n      if (nonAuthorizableFields.includes(key)) return fields;\n\n      const fieldPath = prefix ? `${prefix}.${key}` : key;\n      const shouldBeIncluded = !requiredOnly || attr.required === true;\n      const insideExistingFields = existingFields && existingFields.some(startsWith(fieldPath));\n\n      if (attr.type === 'component') {\n        if (shouldBeIncluded || insideExistingFields) {\n          const compoFields = getNestedFields(components[attr.component], {\n            nestingLevel: nestingLevel - 1,\n            prefix: fieldPath,\n            components,\n            requiredOnly,\n            existingFields,\n          });\n\n          if (compoFields.length === 0 && shouldBeIncluded) {\n            return fields.concat(fieldPath);\n          }\n\n          return fields.concat(compoFields);\n        }\n        return fields;\n      }\n\n      if (shouldBeIncluded) {\n        return fields.concat(fieldPath);\n      }\n\n      return fields;\n    },\n    []\n  );\n};\n\n/**\n * Creates an array of paths to the fields and nested fields, with path nodes\n */\nconst getNestedFieldsWithIntermediate = (\n  model: Struct.ContentTypeSchema,\n  { prefix = '', nestingLevel = 15, components = {} }: FieldOptions\n): string[] => {\n  if (nestingLevel === 0) {\n    return [];\n  }\n\n  const nonAuthorizableFields = contentTypesUtils.getNonVisibleAttributes(model);\n\n  return _.reduce(\n    model.attributes,\n    (fields: any, attr: any, key: any) => {\n      if (nonAuthorizableFields.includes(key)) return fields;\n\n      const fieldPath = prefix ? `${prefix}.${key}` : key;\n      fields.push(fieldPath);\n\n      if (attr.type === 'component') {\n        const compoFields = getNestedFieldsWithIntermediate(components[attr.component], {\n          nestingLevel: nestingLevel - 1,\n          prefix: fieldPath,\n          components,\n        });\n\n        fields.push(...compoFields);\n      }\n\n      return fields;\n    },\n    []\n  );\n};\n\n/**\n * Creates an array of permissions with the \"properties.fields\" attribute filled\n */\nconst getPermissionsWithNestedFields = (\n  actions: any[],\n  { nestingLevel, restrictedSubjects = [] }: FieldOptions = {}\n): Modules.Permissions.PermissionRule[] => {\n  return actions.reduce((permissions, action) => {\n    const validSubjects = action.subjects.filter(\n      (subject: any) => !restrictedSubjects.includes(subject)\n    );\n\n    // Create a Permission for each subject (content-type uid) within the action\n    for (const subject of validSubjects) {\n      const fields = actionDomain.appliesToProperty('fields', action)\n        ? getNestedFields(strapi.contentTypes[subject], {\n            components: strapi.components,\n            nestingLevel,\n          })\n        : undefined;\n\n      const permission = permissionDomain.create({\n        action: action.actionId,\n        subject,\n        properties: { fields },\n      });\n\n      permissions.push(permission);\n    }\n\n    return permissions;\n  }, []);\n};\n\n/**\n * Cleans permissions' fields (add required ones, remove the non-existing ones)\n */\nconst cleanPermissionFields = (\n  permissions: Modules.Permissions.PermissionRule[]\n): Modules.Permissions.PermissionRule[] => {\n  const { actionProvider } = getService('permission');\n\n  return permissions.map((permission: any) => {\n    const {\n      action: actionId,\n      subject,\n      properties: { fields },\n    } = permission;\n\n    const action = actionProvider.get(actionId) as any;\n\n    // todo see if it's possible to check property on action + subject (async)\n    if (!actionDomain.appliesToProperty('fields', action)) {\n      return permissionDomain.deleteProperty('fields', permission);\n    }\n\n    if (!subject || !strapi.contentTypes[subject]) {\n      return permission;\n    }\n\n    const possibleFields = getNestedFieldsWithIntermediate(strapi.contentTypes[subject], {\n      components: strapi.components,\n    });\n\n    const currentFields: string[] = fields || [];\n\n    const validUserFields: string[] = uniq(\n      possibleFields.filter((pf) =>\n        currentFields.some((cf) => pf === cf || startsWith(`${cf}.`, pf))\n      )\n    );\n\n    // A field is considered \"not nested\" if no other valid user field starts with this field's path followed by a dot.\n    // This helps to remove redundant parent paths when a more specific child path is already included.\n    // For example, if 'component.title' is present, 'component' would be filtered out by this condition.\n    const isNotNestedField = (field: string) =>\n      !validUserFields.some(\n        (validUserField: string) =>\n          validUserField !== field && startsWith(`${field}.`, validUserField)\n      );\n\n    // Filter out fields that are parent paths of other included fields.\n    const newFields = validUserFields.filter(isNotNestedField);\n\n    return permissionDomain.setProperty('fields', newFields, permission);\n  }, []);\n};\n\nexport {\n  getNestedFields,\n  getPermissionsWithNestedFields,\n  cleanPermissionFields,\n  getNestedFieldsWithIntermediate,\n};\n"],"names":["getNestedFields","model","prefix","nestingLevel","components","requiredOnly","existingFields","nonAuthorizableFields","contentTypesUtils","getNonVisibleAttributes","_","reduce","attributes","fields","attr","key","includes","fieldPath","shouldBeIncluded","required","insideExistingFields","some","startsWith","type","compoFields","component","length","concat","getNestedFieldsWithIntermediate","push","getPermissionsWithNestedFields","actions","restrictedSubjects","permissions","action","validSubjects","subjects","filter","subject","actionDomain","appliesToProperty","strapi","contentTypes","undefined","permission","permissionDomain","create","actionId","properties","cleanPermissionFields","actionProvider","getService","map","get","deleteProperty","possibleFields","currentFields","validUserFields","uniq","pf","cf","isNotNestedField","field","validUserField","newFields","setProperty"],"mappings":";;;;;;;;;AAoBA;;IAGA,MAAMA,kBAAkB,CACtBC,KAAAA,EACA,EACEC,MAAS,GAAA,EAAE,EACXC,YAAe,GAAA,EAAE,EACjBC,UAAa,GAAA,EAAE,EACfC,YAAAA,GAAe,KAAK,EACpBC,cAAAA,GAAiB,EAAE,EACN,GAAA;AAEf,IAAA,IAAIH,iBAAiB,CAAG,EAAA;AACtB,QAAA,OAAOD,MAAS,GAAA;AAACA,YAAAA;AAAO,SAAA,GAAG,EAAE;AAC/B;IAEA,MAAMK,qBAAAA,GAAwBC,kBAAkBC,CAAAA,uBAAuB,CAACR,KAAAA,CAAAA;IAExE,OAAOS,CAAAA,CAAEC,MAAM,CACbV,KAAAA,CAAMW,UAAU,EAChB,CAACC,QAAaC,IAAWC,EAAAA,GAAAA,GAAAA;AACvB,QAAA,IAAIR,qBAAsBS,CAAAA,QAAQ,CAACD,GAAAA,CAAAA,EAAM,OAAOF,MAAAA;AAEhD,QAAA,MAAMI,YAAYf,MAAS,GAAA,CAAA,EAAGA,OAAO,CAAC,EAAEa,KAAK,GAAGA,GAAAA;AAChD,QAAA,MAAMG,gBAAmB,GAAA,CAACb,YAAgBS,IAAAA,IAAAA,CAAKK,QAAQ,KAAK,IAAA;AAC5D,QAAA,MAAMC,oBAAuBd,GAAAA,cAAAA,IAAkBA,cAAee,CAAAA,IAAI,CAACC,aAAWL,CAAAA,SAAAA,CAAAA,CAAAA;QAE9E,IAAIH,IAAAA,CAAKS,IAAI,KAAK,WAAa,EAAA;AAC7B,YAAA,IAAIL,oBAAoBE,oBAAsB,EAAA;AAC5C,gBAAA,MAAMI,cAAcxB,eAAgBI,CAAAA,UAAU,CAACU,IAAKW,CAAAA,SAAS,CAAC,EAAE;AAC9DtB,oBAAAA,YAAAA,EAAcA,YAAe,GAAA,CAAA;oBAC7BD,MAAQe,EAAAA,SAAAA;AACRb,oBAAAA,UAAAA;AACAC,oBAAAA,YAAAA;AACAC,oBAAAA;AACF,iBAAA,CAAA;AAEA,gBAAA,IAAIkB,WAAYE,CAAAA,MAAM,KAAK,CAAA,IAAKR,gBAAkB,EAAA;oBAChD,OAAOL,MAAAA,CAAOc,MAAM,CAACV,SAAAA,CAAAA;AACvB;gBAEA,OAAOJ,MAAAA,CAAOc,MAAM,CAACH,WAAAA,CAAAA;AACvB;YACA,OAAOX,MAAAA;AACT;AAEA,QAAA,IAAIK,gBAAkB,EAAA;YACpB,OAAOL,MAAAA,CAAOc,MAAM,CAACV,SAAAA,CAAAA;AACvB;QAEA,OAAOJ,MAAAA;AACT,KAAA,EACA,EAAE,CAAA;AAEN;AAEA;;AAEC,IACKe,MAAAA,+BAAAA,GAAkC,CACtC3B,KAAAA,EACA,EAAEC,MAAS,GAAA,EAAE,EAAEC,YAAAA,GAAe,EAAE,EAAEC,UAAa,GAAA,EAAE,EAAgB,GAAA;AAEjE,IAAA,IAAID,iBAAiB,CAAG,EAAA;AACtB,QAAA,OAAO,EAAE;AACX;IAEA,MAAMI,qBAAAA,GAAwBC,kBAAkBC,CAAAA,uBAAuB,CAACR,KAAAA,CAAAA;IAExE,OAAOS,CAAAA,CAAEC,MAAM,CACbV,KAAAA,CAAMW,UAAU,EAChB,CAACC,QAAaC,IAAWC,EAAAA,GAAAA,GAAAA;AACvB,QAAA,IAAIR,qBAAsBS,CAAAA,QAAQ,CAACD,GAAAA,CAAAA,EAAM,OAAOF,MAAAA;AAEhD,QAAA,MAAMI,YAAYf,MAAS,GAAA,CAAA,EAAGA,OAAO,CAAC,EAAEa,KAAK,GAAGA,GAAAA;AAChDF,QAAAA,MAAAA,CAAOgB,IAAI,CAACZ,SAAAA,CAAAA;QAEZ,IAAIH,IAAAA,CAAKS,IAAI,KAAK,WAAa,EAAA;AAC7B,YAAA,MAAMC,cAAcI,+BAAgCxB,CAAAA,UAAU,CAACU,IAAKW,CAAAA,SAAS,CAAC,EAAE;AAC9EtB,gBAAAA,YAAAA,EAAcA,YAAe,GAAA,CAAA;gBAC7BD,MAAQe,EAAAA,SAAAA;AACRb,gBAAAA;AACF,aAAA,CAAA;AAEAS,YAAAA,MAAAA,CAAOgB,IAAI,CAAIL,GAAAA,WAAAA,CAAAA;AACjB;QAEA,OAAOX,MAAAA;AACT,KAAA,EACA,EAAE,CAAA;AAEN;AAEA;;AAEC,IACKiB,MAAAA,8BAAAA,GAAiC,CACrCC,OAAAA,EACA,EAAE5B,YAAY,EAAE6B,kBAAAA,GAAqB,EAAE,EAAgB,GAAG,EAAE,GAAA;AAE5D,IAAA,OAAOD,OAAQpB,CAAAA,MAAM,CAAC,CAACsB,WAAaC,EAAAA,MAAAA,GAAAA;QAClC,MAAMC,aAAAA,GAAgBD,MAAOE,CAAAA,QAAQ,CAACC,MAAM,CAC1C,CAACC,OAAiB,GAAA,CAACN,kBAAmBhB,CAAAA,QAAQ,CAACsB,OAAAA,CAAAA,CAAAA;;QAIjD,KAAK,MAAMA,WAAWH,aAAe,CAAA;YACnC,MAAMtB,MAAAA,GAAS0B,KAAaC,CAAAA,iBAAiB,CAAC,QAAA,EAAUN,MACpDlC,CAAAA,GAAAA,eAAAA,CAAgByC,MAAOC,CAAAA,YAAY,CAACJ,OAAAA,CAAQ,EAAE;AAC5ClC,gBAAAA,UAAAA,EAAYqC,OAAOrC,UAAU;AAC7BD,gBAAAA;aAEFwC,CAAAA,GAAAA,SAAAA;YAEJ,MAAMC,UAAAA,GAAaC,eAAiBC,CAAAA,MAAM,CAAC;AACzCZ,gBAAAA,MAAAA,EAAQA,OAAOa,QAAQ;AACvBT,gBAAAA,OAAAA;gBACAU,UAAY,EAAA;AAAEnC,oBAAAA;AAAO;AACvB,aAAA,CAAA;AAEAoB,YAAAA,WAAAA,CAAYJ,IAAI,CAACe,UAAAA,CAAAA;AACnB;QAEA,OAAOX,WAAAA;AACT,KAAA,EAAG,EAAE,CAAA;AACP;AAEA;;IAGA,MAAMgB,wBAAwB,CAC5BhB,WAAAA,GAAAA;AAEA,IAAA,MAAM,EAAEiB,cAAc,EAAE,GAAGC,kBAAW,CAAA,YAAA,CAAA;IAEtC,OAAOlB,WAAAA,CAAYmB,GAAG,CAAC,CAACR,UAAAA,GAAAA;QACtB,MAAM,EACJV,MAAQa,EAAAA,QAAQ,EAChBT,OAAO,EACPU,UAAAA,EAAY,EAAEnC,MAAM,EAAE,EACvB,GAAG+B,UAAAA;QAEJ,MAAMV,MAAAA,GAASgB,cAAeG,CAAAA,GAAG,CAACN,QAAAA,CAAAA;;AAGlC,QAAA,IAAI,CAACR,KAAAA,CAAaC,iBAAiB,CAAC,UAAUN,MAAS,CAAA,EAAA;YACrD,OAAOW,eAAAA,CAAiBS,cAAc,CAAC,QAAUV,EAAAA,UAAAA,CAAAA;AACnD;AAEA,QAAA,IAAI,CAACN,OAAW,IAAA,CAACG,OAAOC,YAAY,CAACJ,QAAQ,EAAE;YAC7C,OAAOM,UAAAA;AACT;AAEA,QAAA,MAAMW,iBAAiB3B,+BAAgCa,CAAAA,MAAAA,CAAOC,YAAY,CAACJ,QAAQ,EAAE;AACnFlC,YAAAA,UAAAA,EAAYqC,OAAOrC;AACrB,SAAA,CAAA;QAEA,MAAMoD,aAAAA,GAA0B3C,UAAU,EAAE;AAE5C,QAAA,MAAM4C,kBAA4BC,OAChCH,CAAAA,cAAAA,CAAelB,MAAM,CAAC,CAACsB,KACrBH,aAAcnC,CAAAA,IAAI,CAAC,CAACuC,EAAAA,GAAOD,OAAOC,EAAMtC,IAAAA,aAAAA,CAAW,GAAGsC,EAAG,CAAA,CAAC,CAAC,EAAED,EAAAA,CAAAA,CAAAA,CAAAA,CAAAA;;;;AAOjE,QAAA,MAAME,mBAAmB,CAACC,KAAAA,GACxB,CAACL,eAAAA,CAAgBpC,IAAI,CACnB,CAAC0C,cACCA,GAAAA,cAAAA,KAAmBD,SAASxC,aAAW,CAAA,CAAA,EAAGwC,KAAM,CAAA,CAAC,CAAC,EAAEC,cAAAA,CAAAA,CAAAA;;QAI1D,MAAMC,SAAAA,GAAYP,eAAgBpB,CAAAA,MAAM,CAACwB,gBAAAA,CAAAA;AAEzC,QAAA,OAAOhB,eAAiBoB,CAAAA,WAAW,CAAC,QAAA,EAAUD,SAAWpB,EAAAA,UAAAA,CAAAA;AAC3D,KAAA,EAAG,EAAE,CAAA;AACP;;;;;;;"}

package/dist/server/server/src/services/content-type.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"content-type.mjs","sources":["../../../../../server/src/services/content-type.ts"],"sourcesContent":["import _ from 'lodash';\nimport { uniq, startsWith } from 'lodash/fp';\nimport { contentTypes as contentTypesUtils } from '@strapi/utils';\nimport type { Modules, Struct } from '@strapi/types';\nimport { getService } from '../utils';\nimport actionDomain from '../domain/action';\nimport permissionDomain from '../domain/permission';\n\ninterface FieldOptions {\n  prefix?: string; // prefix to add to the path\n  nestingLevel?: number; // level of nesting to achieve\n  requiredOnly?: boolean; // only returns required nestedFields\n  existingFields?: string[]; // fields that are already selected, meaning that some sub-fields may be required\n  restrictedSubjects?: string[]; // subjectsId to ignore\n  components?: {\n    // components where components attributes can be found\n    [key: string]: any;\n  };\n}\n\n/**\n * Creates an array of paths to the fields and nested fields, without path nodes\n */\nconst getNestedFields = (\n  model: Struct.ContentTypeSchema,\n  {\n    prefix = '',\n    nestingLevel = 15,\n    components = {},\n    requiredOnly = false,\n    existingFields = [],\n  }: FieldOptions\n): string[] => {\n  if (nestingLevel === 0) {\n    return prefix ? [prefix] : [];\n  }\n\n  const nonAuthorizableFields = contentTypesUtils.getNonVisibleAttributes(model);\n\n  return _.reduce(\n    model.attributes,\n    (fields: any, attr: any, key: any) => {\n      if (nonAuthorizableFields.includes(key)) return fields;\n\n      const fieldPath = prefix ? `${prefix}.${key}` : key;\n      const shouldBeIncluded = !requiredOnly || attr.required === true;\n      const insideExistingFields = existingFields && existingFields.some(startsWith(fieldPath));\n\n      if (attr.type === 'component') {\n        if (shouldBeIncluded || insideExistingFields) {\n          const compoFields = getNestedFields(components[attr.component], {\n            nestingLevel: nestingLevel - 1,\n            prefix: fieldPath,\n            components,\n            requiredOnly,\n            existingFields,\n          });\n\n          if (compoFields.length === 0 && shouldBeIncluded) {\n            return fields.concat(fieldPath);\n          }\n\n          return fields.concat(compoFields);\n        }\n        return fields;\n      }\n\n      if (shouldBeIncluded) {\n        return fields.concat(fieldPath);\n      }\n\n      return fields;\n    },\n    []\n  );\n};\n\n/**\n * Creates an array of paths to the fields and nested fields, with path nodes\n */\nconst getNestedFieldsWithIntermediate = (\n  model: Struct.ContentTypeSchema,\n  { prefix = '', nestingLevel = 15, components = {} }: FieldOptions\n): string[] => {\n  if (nestingLevel === 0) {\n    return [];\n  }\n\n  const nonAuthorizableFields = contentTypesUtils.getNonVisibleAttributes(model);\n\n  return _.reduce(\n    model.attributes,\n    (fields: any, attr: any, key: any) => {\n      if (nonAuthorizableFields.includes(key)) return fields;\n\n      const fieldPath = prefix ? `${prefix}.${key}` : key;\n      fields.push(fieldPath);\n\n      if (attr.type === 'component') {\n        const compoFields = getNestedFieldsWithIntermediate(components[attr.component], {\n          nestingLevel: nestingLevel - 1,\n          prefix: fieldPath,\n          components,\n        });\n\n        fields.push(...compoFields);\n      }\n\n      return fields;\n    },\n    []\n  );\n};\n\n/**\n * Creates an array of permissions with the \"properties.fields\" attribute filled\n */\nconst getPermissionsWithNestedFields = (\n  actions: any[],\n  { nestingLevel, restrictedSubjects = [] }: FieldOptions = {}\n): Modules.Permissions.PermissionRule[] => {\n  return actions.reduce((permissions, action) => {\n    const validSubjects = action.subjects.filter(\n      (subject: any) => !restrictedSubjects.includes(subject)\n    );\n\n    // Create a Permission for each subject (content-type uid) within the action\n    for (const subject of validSubjects) {\n      const fields = actionDomain.appliesToProperty('fields', action)\n        ? getNestedFields(strapi.contentTypes[subject], {\n            components: strapi.components,\n            nestingLevel,\n          })\n        : undefined;\n\n      const permission = permissionDomain.create({\n        action: action.actionId,\n        subject,\n        properties: { fields },\n      });\n\n      permissions.push(permission);\n    }\n\n    return permissions;\n  }, []);\n};\n\n/**\n * Cleans permissions' fields (add required ones, remove the non-existing ones)\n */\nconst cleanPermissionFields = (\n  permissions: Modules.Permissions.PermissionRule[]\n): Modules.Permissions.PermissionRule[] => {\n  const { actionProvider } = getService('permission');\n\n  return permissions.map((permission: any) => {\n    const {\n      action: actionId,\n      subject,\n      properties: { fields },\n    } = permission;\n\n    const action = actionProvider.get(actionId) as any;\n\n    // todo see if it's possible to check property on action + subject (async)\n    if (!actionDomain.appliesToProperty('fields', action)) {\n      return permissionDomain.deleteProperty('fields', permission);\n    }\n\n    if (!subject || !strapi.contentTypes[subject]) {\n      return permission;\n    }\n\n    const possibleFields = getNestedFieldsWithIntermediate(strapi.contentTypes[subject], {\n      components: strapi.components,\n    });\n\n    const currentFields: string[] = fields || [];\n\n    const validUserFields: string[] = uniq(\n      possibleFields.filter((pf) =>\n        currentFields.some((cf) => pf === cf || startsWith(`${cf}.`, pf))\n      )\n    );\n\n    // A field is considered \"not nested\" if no other valid user field starts with this field's path followed by a dot.\n    // This helps to remove redundant parent paths when a more specific child path is already included.\n    // For example, if 'component.title' is present, 'component' would be filtered out by this condition.\n    const isNotNestedField = (field: string) =>\n      !validUserFields.some(\n        (validUserField: string) =>\n          validUserField !== field && startsWith(`${field}.`, validUserField)\n      );\n\n    // Filter out fields that are parent paths of other included fields.\n    const newFields = validUserFields.filter(isNotNestedField);\n\n    return permissionDomain.setProperty('fields', newFields, permission);\n  }, []);\n};\n\nexport {\n  getNestedFields,\n  getPermissionsWithNestedFields,\n  cleanPermissionFields,\n  getNestedFieldsWithIntermediate,\n};\n"],"names":["getNestedFields","model","prefix","nestingLevel","components","requiredOnly","existingFields","nonAuthorizableFields","contentTypesUtils","getNonVisibleAttributes","_","reduce","attributes","fields","attr","key","includes","fieldPath","shouldBeIncluded","required","insideExistingFields","some","startsWith","type","compoFields","component","length","concat","getNestedFieldsWithIntermediate","push","getPermissionsWithNestedFields","actions","restrictedSubjects","permissions","action","validSubjects","subjects","filter","subject","actionDomain","appliesToProperty","strapi","contentTypes","undefined","permission","permissionDomain","create","actionId","properties","cleanPermissionFields","actionProvider","getService","map","get","deleteProperty","possibleFields","currentFields","validUserFields","uniq","pf","cf","isNotNestedField","field","validUserField","newFields","setProperty"],"mappings":";;;;;;;AAoBA;;IAGA,MAAMA,kBAAkB,CACtBC,KAAAA,EACA,EACEC,MAAS,GAAA,EAAE,EACXC,YAAe,GAAA,EAAE,EACjBC,UAAa,GAAA,EAAE,EACfC,YAAAA,GAAe,KAAK,EACpBC,cAAAA,GAAiB,EAAE,EACN,GAAA;AAEf,IAAA,IAAIH,iBAAiB,CAAG,EAAA;AACtB,QAAA,OAAOD,MAAS,GAAA;AAACA,YAAAA;AAAO,SAAA,GAAG,EAAE;AAC/B;IAEA,MAAMK,qBAAAA,GAAwBC,YAAkBC,CAAAA,uBAAuB,CAACR,KAAAA,CAAAA;IAExE,OAAOS,UAAAA,CAAEC,MAAM,CACbV,KAAAA,CAAMW,UAAU,EAChB,CAACC,QAAaC,IAAWC,EAAAA,GAAAA,GAAAA;AACvB,QAAA,IAAIR,qBAAsBS,CAAAA,QAAQ,CAACD,GAAAA,CAAAA,EAAM,OAAOF,MAAAA;QAEhD,MAAMI,SAAAA,GAAYf,SAAS,CAAC,EAAEA,OAAO,CAAC,EAAEa,GAAI,CAAA,CAAC,GAAGA,GAAAA;AAChD,QAAA,MAAMG,gBAAmB,GAAA,CAACb,YAAgBS,IAAAA,IAAAA,CAAKK,QAAQ,KAAK,IAAA;AAC5D,QAAA,MAAMC,oBAAuBd,GAAAA,cAAAA,IAAkBA,cAAee,CAAAA,IAAI,CAACC,UAAWL,CAAAA,SAAAA,CAAAA,CAAAA;QAE9E,IAAIH,IAAAA,CAAKS,IAAI,KAAK,WAAa,EAAA;AAC7B,YAAA,IAAIL,oBAAoBE,oBAAsB,EAAA;AAC5C,gBAAA,MAAMI,cAAcxB,eAAgBI,CAAAA,UAAU,CAACU,IAAKW,CAAAA,SAAS,CAAC,EAAE;AAC9DtB,oBAAAA,YAAAA,EAAcA,YAAe,GAAA,CAAA;oBAC7BD,MAAQe,EAAAA,SAAAA;AACRb,oBAAAA,UAAAA;AACAC,oBAAAA,YAAAA;AACAC,oBAAAA;AACF,iBAAA,CAAA;AAEA,gBAAA,IAAIkB,WAAYE,CAAAA,MAAM,KAAK,CAAA,IAAKR,gBAAkB,EAAA;oBAChD,OAAOL,MAAAA,CAAOc,MAAM,CAACV,SAAAA,CAAAA;AACvB;gBAEA,OAAOJ,MAAAA,CAAOc,MAAM,CAACH,WAAAA,CAAAA;AACvB;YACA,OAAOX,MAAAA;AACT;AAEA,QAAA,IAAIK,gBAAkB,EAAA;YACpB,OAAOL,MAAAA,CAAOc,MAAM,CAACV,SAAAA,CAAAA;AACvB;QAEA,OAAOJ,MAAAA;AACT,KAAA,EACA,EAAE,CAAA;AAEN;AAEA;;AAEC,IACKe,MAAAA,+BAAAA,GAAkC,CACtC3B,KAAAA,EACA,EAAEC,MAAS,GAAA,EAAE,EAAEC,YAAAA,GAAe,EAAE,EAAEC,UAAa,GAAA,EAAE,EAAgB,GAAA;AAEjE,IAAA,IAAID,iBAAiB,CAAG,EAAA;AACtB,QAAA,OAAO,EAAE;AACX;IAEA,MAAMI,qBAAAA,GAAwBC,YAAkBC,CAAAA,uBAAuB,CAACR,KAAAA,CAAAA;IAExE,OAAOS,UAAAA,CAAEC,MAAM,CACbV,KAAAA,CAAMW,UAAU,EAChB,CAACC,QAAaC,IAAWC,EAAAA,GAAAA,GAAAA;AACvB,QAAA,IAAIR,qBAAsBS,CAAAA,QAAQ,CAACD,GAAAA,CAAAA,EAAM,OAAOF,MAAAA;QAEhD,MAAMI,SAAAA,GAAYf,SAAS,CAAC,EAAEA,OAAO,CAAC,EAAEa,GAAI,CAAA,CAAC,GAAGA,GAAAA;AAChDF,QAAAA,MAAAA,CAAOgB,IAAI,CAACZ,SAAAA,CAAAA;QAEZ,IAAIH,IAAAA,CAAKS,IAAI,KAAK,WAAa,EAAA;AAC7B,YAAA,MAAMC,cAAcI,+BAAgCxB,CAAAA,UAAU,CAACU,IAAKW,CAAAA,SAAS,CAAC,EAAE;AAC9EtB,gBAAAA,YAAAA,EAAcA,YAAe,GAAA,CAAA;gBAC7BD,MAAQe,EAAAA,SAAAA;AACRb,gBAAAA;AACF,aAAA,CAAA;AAEAS,YAAAA,MAAAA,CAAOgB,IAAI,CAAIL,GAAAA,WAAAA,CAAAA;AACjB;QAEA,OAAOX,MAAAA;AACT,KAAA,EACA,EAAE,CAAA;AAEN;AAEA;;AAEC,IACKiB,MAAAA,8BAAAA,GAAiC,CACrCC,OAAAA,EACA,EAAE5B,YAAY,EAAE6B,kBAAAA,GAAqB,EAAE,EAAgB,GAAG,EAAE,GAAA;AAE5D,IAAA,OAAOD,OAAQpB,CAAAA,MAAM,CAAC,CAACsB,WAAaC,EAAAA,MAAAA,GAAAA;QAClC,MAAMC,aAAAA,GAAgBD,MAAOE,CAAAA,QAAQ,CAACC,MAAM,CAC1C,CAACC,OAAiB,GAAA,CAACN,kBAAmBhB,CAAAA,QAAQ,CAACsB,OAAAA,CAAAA,CAAAA;;QAIjD,KAAK,MAAMA,WAAWH,aAAe,CAAA;YACnC,MAAMtB,MAAAA,GAAS0B,YAAaC,CAAAA,iBAAiB,CAAC,QAAA,EAAUN,MACpDlC,CAAAA,GAAAA,eAAAA,CAAgByC,MAAOC,CAAAA,YAAY,CAACJ,OAAAA,CAAQ,EAAE;AAC5ClC,gBAAAA,UAAAA,EAAYqC,OAAOrC,UAAU;AAC7BD,gBAAAA;aAEFwC,CAAAA,GAAAA,SAAAA;YAEJ,MAAMC,UAAAA,GAAaC,gBAAiBC,CAAAA,MAAM,CAAC;AACzCZ,gBAAAA,MAAAA,EAAQA,OAAOa,QAAQ;AACvBT,gBAAAA,OAAAA;gBACAU,UAAY,EAAA;AAAEnC,oBAAAA;AAAO;AACvB,aAAA,CAAA;AAEAoB,YAAAA,WAAAA,CAAYJ,IAAI,CAACe,UAAAA,CAAAA;AACnB;QAEA,OAAOX,WAAAA;AACT,KAAA,EAAG,EAAE,CAAA;AACP;AAEA;;IAGA,MAAMgB,wBAAwB,CAC5BhB,WAAAA,GAAAA;AAEA,IAAA,MAAM,EAAEiB,cAAc,EAAE,GAAGC,UAAW,CAAA,YAAA,CAAA;IAEtC,OAAOlB,WAAAA,CAAYmB,GAAG,CAAC,CAACR,UAAAA,GAAAA;QACtB,MAAM,EACJV,MAAQa,EAAAA,QAAQ,EAChBT,OAAO,EACPU,UAAAA,EAAY,EAAEnC,MAAM,EAAE,EACvB,GAAG+B,UAAAA;QAEJ,MAAMV,MAAAA,GAASgB,cAAeG,CAAAA,GAAG,CAACN,QAAAA,CAAAA;;AAGlC,QAAA,IAAI,CAACR,YAAAA,CAAaC,iBAAiB,CAAC,UAAUN,MAAS,CAAA,EAAA;YACrD,OAAOW,gBAAAA,CAAiBS,cAAc,CAAC,QAAUV,EAAAA,UAAAA,CAAAA;AACnD;AAEA,QAAA,IAAI,CAACN,OAAW,IAAA,CAACG,OAAOC,YAAY,CAACJ,QAAQ,EAAE;YAC7C,OAAOM,UAAAA;AACT;AAEA,QAAA,MAAMW,iBAAiB3B,+BAAgCa,CAAAA,MAAAA,CAAOC,YAAY,CAACJ,QAAQ,EAAE;AACnFlC,YAAAA,UAAAA,EAAYqC,OAAOrC;AACrB,SAAA,CAAA;QAEA,MAAMoD,aAAAA,GAA0B3C,UAAU,EAAE;QAE5C,MAAM4C,eAAAA,GAA4BC,KAChCH,cAAelB,CAAAA,MAAM,CAAC,CAACsB,EAAAA,GACrBH,cAAcnC,IAAI,CAAC,CAACuC,EAAOD,GAAAA,EAAAA,KAAOC,MAAMtC,UAAW,CAAA,CAAC,EAAEsC,EAAG,CAAA,CAAC,CAAC,EAAED,EAAAA,CAAAA,CAAAA,CAAAA,CAAAA;;;;AAOjE,QAAA,MAAME,mBAAmB,CAACC,KAAAA,GACxB,CAACL,eAAAA,CAAgBpC,IAAI,CACnB,CAAC0C,cACCA,GAAAA,cAAAA,KAAmBD,SAASxC,UAAW,CAAA,CAAC,EAAEwC,KAAM,CAAA,CAAC,CAAC,EAAEC,cAAAA,CAAAA,CAAAA;;QAI1D,MAAMC,SAAAA,GAAYP,eAAgBpB,CAAAA,MAAM,CAACwB,gBAAAA,CAAAA;AAEzC,QAAA,OAAOhB,gBAAiBoB,CAAAA,WAAW,CAAC,QAAA,EAAUD,SAAWpB,EAAAA,UAAAA,CAAAA;AAC3D,KAAA,EAAG,EAAE,CAAA;AACP;;;;"}
+{"version":3,"file":"content-type.mjs","sources":["../../../../../server/src/services/content-type.ts"],"sourcesContent":["import _ from 'lodash';\nimport { uniq, startsWith } from 'lodash/fp';\nimport { contentTypes as contentTypesUtils } from '@strapi/utils';\nimport type { Modules, Struct } from '@strapi/types';\nimport { getService } from '../utils';\nimport actionDomain from '../domain/action';\nimport permissionDomain from '../domain/permission';\n\ninterface FieldOptions {\n  prefix?: string; // prefix to add to the path\n  nestingLevel?: number; // level of nesting to achieve\n  requiredOnly?: boolean; // only returns required nestedFields\n  existingFields?: string[]; // fields that are already selected, meaning that some sub-fields may be required\n  restrictedSubjects?: string[]; // subjectsId to ignore\n  components?: {\n    // components where components attributes can be found\n    [key: string]: any;\n  };\n}\n\n/**\n * Creates an array of paths to the fields and nested fields, without path nodes\n */\nconst getNestedFields = (\n  model: Struct.ContentTypeSchema,\n  {\n    prefix = '',\n    nestingLevel = 15,\n    components = {},\n    requiredOnly = false,\n    existingFields = [],\n  }: FieldOptions\n): string[] => {\n  if (nestingLevel === 0) {\n    return prefix ? [prefix] : [];\n  }\n\n  const nonAuthorizableFields = contentTypesUtils.getNonVisibleAttributes(model);\n\n  return _.reduce(\n    model.attributes,\n    (fields: any, attr: any, key: any) => {\n      if (nonAuthorizableFields.includes(key)) return fields;\n\n      const fieldPath = prefix ? `${prefix}.${key}` : key;\n      const shouldBeIncluded = !requiredOnly || attr.required === true;\n      const insideExistingFields = existingFields && existingFields.some(startsWith(fieldPath));\n\n      if (attr.type === 'component') {\n        if (shouldBeIncluded || insideExistingFields) {\n          const compoFields = getNestedFields(components[attr.component], {\n            nestingLevel: nestingLevel - 1,\n            prefix: fieldPath,\n            components,\n            requiredOnly,\n            existingFields,\n          });\n\n          if (compoFields.length === 0 && shouldBeIncluded) {\n            return fields.concat(fieldPath);\n          }\n\n          return fields.concat(compoFields);\n        }\n        return fields;\n      }\n\n      if (shouldBeIncluded) {\n        return fields.concat(fieldPath);\n      }\n\n      return fields;\n    },\n    []\n  );\n};\n\n/**\n * Creates an array of paths to the fields and nested fields, with path nodes\n */\nconst getNestedFieldsWithIntermediate = (\n  model: Struct.ContentTypeSchema,\n  { prefix = '', nestingLevel = 15, components = {} }: FieldOptions\n): string[] => {\n  if (nestingLevel === 0) {\n    return [];\n  }\n\n  const nonAuthorizableFields = contentTypesUtils.getNonVisibleAttributes(model);\n\n  return _.reduce(\n    model.attributes,\n    (fields: any, attr: any, key: any) => {\n      if (nonAuthorizableFields.includes(key)) return fields;\n\n      const fieldPath = prefix ? `${prefix}.${key}` : key;\n      fields.push(fieldPath);\n\n      if (attr.type === 'component') {\n        const compoFields = getNestedFieldsWithIntermediate(components[attr.component], {\n          nestingLevel: nestingLevel - 1,\n          prefix: fieldPath,\n          components,\n        });\n\n        fields.push(...compoFields);\n      }\n\n      return fields;\n    },\n    []\n  );\n};\n\n/**\n * Creates an array of permissions with the \"properties.fields\" attribute filled\n */\nconst getPermissionsWithNestedFields = (\n  actions: any[],\n  { nestingLevel, restrictedSubjects = [] }: FieldOptions = {}\n): Modules.Permissions.PermissionRule[] => {\n  return actions.reduce((permissions, action) => {\n    const validSubjects = action.subjects.filter(\n      (subject: any) => !restrictedSubjects.includes(subject)\n    );\n\n    // Create a Permission for each subject (content-type uid) within the action\n    for (const subject of validSubjects) {\n      const fields = actionDomain.appliesToProperty('fields', action)\n        ? getNestedFields(strapi.contentTypes[subject], {\n            components: strapi.components,\n            nestingLevel,\n          })\n        : undefined;\n\n      const permission = permissionDomain.create({\n        action: action.actionId,\n        subject,\n        properties: { fields },\n      });\n\n      permissions.push(permission);\n    }\n\n    return permissions;\n  }, []);\n};\n\n/**\n * Cleans permissions' fields (add required ones, remove the non-existing ones)\n */\nconst cleanPermissionFields = (\n  permissions: Modules.Permissions.PermissionRule[]\n): Modules.Permissions.PermissionRule[] => {\n  const { actionProvider } = getService('permission');\n\n  return permissions.map((permission: any) => {\n    const {\n      action: actionId,\n      subject,\n      properties: { fields },\n    } = permission;\n\n    const action = actionProvider.get(actionId) as any;\n\n    // todo see if it's possible to check property on action + subject (async)\n    if (!actionDomain.appliesToProperty('fields', action)) {\n      return permissionDomain.deleteProperty('fields', permission);\n    }\n\n    if (!subject || !strapi.contentTypes[subject]) {\n      return permission;\n    }\n\n    const possibleFields = getNestedFieldsWithIntermediate(strapi.contentTypes[subject], {\n      components: strapi.components,\n    });\n\n    const currentFields: string[] = fields || [];\n\n    const validUserFields: string[] = uniq(\n      possibleFields.filter((pf) =>\n        currentFields.some((cf) => pf === cf || startsWith(`${cf}.`, pf))\n      )\n    );\n\n    // A field is considered \"not nested\" if no other valid user field starts with this field's path followed by a dot.\n    // This helps to remove redundant parent paths when a more specific child path is already included.\n    // For example, if 'component.title' is present, 'component' would be filtered out by this condition.\n    const isNotNestedField = (field: string) =>\n      !validUserFields.some(\n        (validUserField: string) =>\n          validUserField !== field && startsWith(`${field}.`, validUserField)\n      );\n\n    // Filter out fields that are parent paths of other included fields.\n    const newFields = validUserFields.filter(isNotNestedField);\n\n    return permissionDomain.setProperty('fields', newFields, permission);\n  }, []);\n};\n\nexport {\n  getNestedFields,\n  getPermissionsWithNestedFields,\n  cleanPermissionFields,\n  getNestedFieldsWithIntermediate,\n};\n"],"names":["getNestedFields","model","prefix","nestingLevel","components","requiredOnly","existingFields","nonAuthorizableFields","contentTypesUtils","getNonVisibleAttributes","_","reduce","attributes","fields","attr","key","includes","fieldPath","shouldBeIncluded","required","insideExistingFields","some","startsWith","type","compoFields","component","length","concat","getNestedFieldsWithIntermediate","push","getPermissionsWithNestedFields","actions","restrictedSubjects","permissions","action","validSubjects","subjects","filter","subject","actionDomain","appliesToProperty","strapi","contentTypes","undefined","permission","permissionDomain","create","actionId","properties","cleanPermissionFields","actionProvider","getService","map","get","deleteProperty","possibleFields","currentFields","validUserFields","uniq","pf","cf","isNotNestedField","field","validUserField","newFields","setProperty"],"mappings":";;;;;;;AAoBA;;IAGA,MAAMA,kBAAkB,CACtBC,KAAAA,EACA,EACEC,MAAS,GAAA,EAAE,EACXC,YAAe,GAAA,EAAE,EACjBC,UAAa,GAAA,EAAE,EACfC,YAAAA,GAAe,KAAK,EACpBC,cAAAA,GAAiB,EAAE,EACN,GAAA;AAEf,IAAA,IAAIH,iBAAiB,CAAG,EAAA;AACtB,QAAA,OAAOD,MAAS,GAAA;AAACA,YAAAA;AAAO,SAAA,GAAG,EAAE;AAC/B;IAEA,MAAMK,qBAAAA,GAAwBC,YAAkBC,CAAAA,uBAAuB,CAACR,KAAAA,CAAAA;IAExE,OAAOS,UAAAA,CAAEC,MAAM,CACbV,KAAAA,CAAMW,UAAU,EAChB,CAACC,QAAaC,IAAWC,EAAAA,GAAAA,GAAAA;AACvB,QAAA,IAAIR,qBAAsBS,CAAAA,QAAQ,CAACD,GAAAA,CAAAA,EAAM,OAAOF,MAAAA;AAEhD,QAAA,MAAMI,YAAYf,MAAS,GAAA,CAAA,EAAGA,OAAO,CAAC,EAAEa,KAAK,GAAGA,GAAAA;AAChD,QAAA,MAAMG,gBAAmB,GAAA,CAACb,YAAgBS,IAAAA,IAAAA,CAAKK,QAAQ,KAAK,IAAA;AAC5D,QAAA,MAAMC,oBAAuBd,GAAAA,cAAAA,IAAkBA,cAAee,CAAAA,IAAI,CAACC,UAAWL,CAAAA,SAAAA,CAAAA,CAAAA;QAE9E,IAAIH,IAAAA,CAAKS,IAAI,KAAK,WAAa,EAAA;AAC7B,YAAA,IAAIL,oBAAoBE,oBAAsB,EAAA;AAC5C,gBAAA,MAAMI,cAAcxB,eAAgBI,CAAAA,UAAU,CAACU,IAAKW,CAAAA,SAAS,CAAC,EAAE;AAC9DtB,oBAAAA,YAAAA,EAAcA,YAAe,GAAA,CAAA;oBAC7BD,MAAQe,EAAAA,SAAAA;AACRb,oBAAAA,UAAAA;AACAC,oBAAAA,YAAAA;AACAC,oBAAAA;AACF,iBAAA,CAAA;AAEA,gBAAA,IAAIkB,WAAYE,CAAAA,MAAM,KAAK,CAAA,IAAKR,gBAAkB,EAAA;oBAChD,OAAOL,MAAAA,CAAOc,MAAM,CAACV,SAAAA,CAAAA;AACvB;gBAEA,OAAOJ,MAAAA,CAAOc,MAAM,CAACH,WAAAA,CAAAA;AACvB;YACA,OAAOX,MAAAA;AACT;AAEA,QAAA,IAAIK,gBAAkB,EAAA;YACpB,OAAOL,MAAAA,CAAOc,MAAM,CAACV,SAAAA,CAAAA;AACvB;QAEA,OAAOJ,MAAAA;AACT,KAAA,EACA,EAAE,CAAA;AAEN;AAEA;;AAEC,IACKe,MAAAA,+BAAAA,GAAkC,CACtC3B,KAAAA,EACA,EAAEC,MAAS,GAAA,EAAE,EAAEC,YAAAA,GAAe,EAAE,EAAEC,UAAa,GAAA,EAAE,EAAgB,GAAA;AAEjE,IAAA,IAAID,iBAAiB,CAAG,EAAA;AACtB,QAAA,OAAO,EAAE;AACX;IAEA,MAAMI,qBAAAA,GAAwBC,YAAkBC,CAAAA,uBAAuB,CAACR,KAAAA,CAAAA;IAExE,OAAOS,UAAAA,CAAEC,MAAM,CACbV,KAAAA,CAAMW,UAAU,EAChB,CAACC,QAAaC,IAAWC,EAAAA,GAAAA,GAAAA;AACvB,QAAA,IAAIR,qBAAsBS,CAAAA,QAAQ,CAACD,GAAAA,CAAAA,EAAM,OAAOF,MAAAA;AAEhD,QAAA,MAAMI,YAAYf,MAAS,GAAA,CAAA,EAAGA,OAAO,CAAC,EAAEa,KAAK,GAAGA,GAAAA;AAChDF,QAAAA,MAAAA,CAAOgB,IAAI,CAACZ,SAAAA,CAAAA;QAEZ,IAAIH,IAAAA,CAAKS,IAAI,KAAK,WAAa,EAAA;AAC7B,YAAA,MAAMC,cAAcI,+BAAgCxB,CAAAA,UAAU,CAACU,IAAKW,CAAAA,SAAS,CAAC,EAAE;AAC9EtB,gBAAAA,YAAAA,EAAcA,YAAe,GAAA,CAAA;gBAC7BD,MAAQe,EAAAA,SAAAA;AACRb,gBAAAA;AACF,aAAA,CAAA;AAEAS,YAAAA,MAAAA,CAAOgB,IAAI,CAAIL,GAAAA,WAAAA,CAAAA;AACjB;QAEA,OAAOX,MAAAA;AACT,KAAA,EACA,EAAE,CAAA;AAEN;AAEA;;AAEC,IACKiB,MAAAA,8BAAAA,GAAiC,CACrCC,OAAAA,EACA,EAAE5B,YAAY,EAAE6B,kBAAAA,GAAqB,EAAE,EAAgB,GAAG,EAAE,GAAA;AAE5D,IAAA,OAAOD,OAAQpB,CAAAA,MAAM,CAAC,CAACsB,WAAaC,EAAAA,MAAAA,GAAAA;QAClC,MAAMC,aAAAA,GAAgBD,MAAOE,CAAAA,QAAQ,CAACC,MAAM,CAC1C,CAACC,OAAiB,GAAA,CAACN,kBAAmBhB,CAAAA,QAAQ,CAACsB,OAAAA,CAAAA,CAAAA;;QAIjD,KAAK,MAAMA,WAAWH,aAAe,CAAA;YACnC,MAAMtB,MAAAA,GAAS0B,YAAaC,CAAAA,iBAAiB,CAAC,QAAA,EAAUN,MACpDlC,CAAAA,GAAAA,eAAAA,CAAgByC,MAAOC,CAAAA,YAAY,CAACJ,OAAAA,CAAQ,EAAE;AAC5ClC,gBAAAA,UAAAA,EAAYqC,OAAOrC,UAAU;AAC7BD,gBAAAA;aAEFwC,CAAAA,GAAAA,SAAAA;YAEJ,MAAMC,UAAAA,GAAaC,gBAAiBC,CAAAA,MAAM,CAAC;AACzCZ,gBAAAA,MAAAA,EAAQA,OAAOa,QAAQ;AACvBT,gBAAAA,OAAAA;gBACAU,UAAY,EAAA;AAAEnC,oBAAAA;AAAO;AACvB,aAAA,CAAA;AAEAoB,YAAAA,WAAAA,CAAYJ,IAAI,CAACe,UAAAA,CAAAA;AACnB;QAEA,OAAOX,WAAAA;AACT,KAAA,EAAG,EAAE,CAAA;AACP;AAEA;;IAGA,MAAMgB,wBAAwB,CAC5BhB,WAAAA,GAAAA;AAEA,IAAA,MAAM,EAAEiB,cAAc,EAAE,GAAGC,UAAW,CAAA,YAAA,CAAA;IAEtC,OAAOlB,WAAAA,CAAYmB,GAAG,CAAC,CAACR,UAAAA,GAAAA;QACtB,MAAM,EACJV,MAAQa,EAAAA,QAAQ,EAChBT,OAAO,EACPU,UAAAA,EAAY,EAAEnC,MAAM,EAAE,EACvB,GAAG+B,UAAAA;QAEJ,MAAMV,MAAAA,GAASgB,cAAeG,CAAAA,GAAG,CAACN,QAAAA,CAAAA;;AAGlC,QAAA,IAAI,CAACR,YAAAA,CAAaC,iBAAiB,CAAC,UAAUN,MAAS,CAAA,EAAA;YACrD,OAAOW,gBAAAA,CAAiBS,cAAc,CAAC,QAAUV,EAAAA,UAAAA,CAAAA;AACnD;AAEA,QAAA,IAAI,CAACN,OAAW,IAAA,CAACG,OAAOC,YAAY,CAACJ,QAAQ,EAAE;YAC7C,OAAOM,UAAAA;AACT;AAEA,QAAA,MAAMW,iBAAiB3B,+BAAgCa,CAAAA,MAAAA,CAAOC,YAAY,CAACJ,QAAQ,EAAE;AACnFlC,YAAAA,UAAAA,EAAYqC,OAAOrC;AACrB,SAAA,CAAA;QAEA,MAAMoD,aAAAA,GAA0B3C,UAAU,EAAE;AAE5C,QAAA,MAAM4C,kBAA4BC,IAChCH,CAAAA,cAAAA,CAAelB,MAAM,CAAC,CAACsB,KACrBH,aAAcnC,CAAAA,IAAI,CAAC,CAACuC,EAAAA,GAAOD,OAAOC,EAAMtC,IAAAA,UAAAA,CAAW,GAAGsC,EAAG,CAAA,CAAC,CAAC,EAAED,EAAAA,CAAAA,CAAAA,CAAAA,CAAAA;;;;AAOjE,QAAA,MAAME,mBAAmB,CAACC,KAAAA,GACxB,CAACL,eAAAA,CAAgBpC,IAAI,CACnB,CAAC0C,cACCA,GAAAA,cAAAA,KAAmBD,SAASxC,UAAW,CAAA,CAAA,EAAGwC,KAAM,CAAA,CAAC,CAAC,EAAEC,cAAAA,CAAAA,CAAAA;;QAI1D,MAAMC,SAAAA,GAAYP,eAAgBpB,CAAAA,MAAM,CAACwB,gBAAAA,CAAAA;AAEzC,QAAA,OAAOhB,gBAAiBoB,CAAAA,WAAW,CAAC,QAAA,EAAUD,SAAWpB,EAAAA,UAAAA,CAAAA;AAC3D,KAAA,EAAG,EAAE,CAAA;AACP;;;;"}

package/dist/server/server/src/services/encryption.js.map

@@ -1 +1 @@
-{"version":3,"file":"encryption.js","sources":["../../../../../server/src/services/encryption.ts"],"sourcesContent":["import crypto from 'crypto';\n\nconst IV_LENGTH = 16; // 16 bytes for AES-GCM IV\nconst ENCRYPTION_VERSION = 'v1';\n\nconst getHashedKey = (): Buffer | null => {\n  const rawKey: string = strapi.config.get('admin.secrets.encryptionKey');\n  if (!rawKey) {\n    strapi.log.warn('Encryption key is missing from config');\n    return null;\n  }\n\n  return crypto.createHash('sha256').update(rawKey).digest(); // Always 32 bytes\n};\n\n/**\n * Encrypts a value string using AES-256-GCM.\n * Returns a string prefixed with the encryption version and includes IV, encrypted content, and auth tag (all hex-encoded).\n */\nconst encrypt = (value: string) => {\n  const key = getHashedKey();\n  if (!key) return null;\n\n  const iv = crypto.randomBytes(IV_LENGTH);\n  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);\n\n  let encrypted = cipher.update(value, 'utf8', 'hex');\n  encrypted += cipher.final('hex');\n\n  const authTag = cipher.getAuthTag();\n\n  return `${ENCRYPTION_VERSION}:${iv.toString('hex')}:${encrypted}:${authTag.toString('hex')}`;\n};\n\n/**\n * Decrypts a value encrypted by encrypt().\n * Supports versioned formats like v1:iv:encrypted:authTag\n */\nconst decrypt = (encryptedValue: string) => {\n  const [version, ...rest] = encryptedValue.split(':');\n\n  if (version !== ENCRYPTION_VERSION) {\n    throw new Error(`Unsupported encryption version: ${version}`);\n  }\n\n  const [ivHex, encryptedHex, tagHex] = rest;\n  if (!ivHex || !encryptedHex || !tagHex) {\n    throw new Error('Invalid encrypted value format');\n  }\n\n  const key = getHashedKey();\n  if (!key) return null;\n\n  const iv = Buffer.from(ivHex, 'hex');\n  const encryptedText = Buffer.from(encryptedHex, 'hex');\n  const authTag = Buffer.from(tagHex, 'hex');\n\n  try {\n    const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);\n    decipher.setAuthTag(authTag);\n\n    let decrypted = decipher.update(encryptedText, undefined, 'utf8');\n    decrypted += decipher.final('utf8');\n\n    return decrypted;\n  } catch (err) {\n    strapi.log.warn(\n      '[decrypt] Unable to decrypt value — encryption key may have changed or data is corrupted.'\n    );\n    return null;\n  }\n};\n\nexport default {\n  encrypt,\n  decrypt,\n};\n"],"names":["IV_LENGTH","ENCRYPTION_VERSION","getHashedKey","rawKey","strapi","config","get","log","warn","crypto","createHash","update","digest","encrypt","value","key","iv","randomBytes","cipher","createCipheriv","encrypted","final","authTag","getAuthTag","toString","decrypt","encryptedValue","version","rest","split","Error","ivHex","encryptedHex","tagHex","Buffer","from","encryptedText","decipher","createDecipheriv","setAuthTag","decrypted","undefined","err"],"mappings":";;;;AAEA,MAAMA,SAAAA,GAAY;AAClB,MAAMC,kBAAqB,GAAA,IAAA;AAE3B,MAAMC,YAAe,GAAA,IAAA;AACnB,IAAA,MAAMC,MAAiBC,GAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CAAC,6BAAA,CAAA;AACzC,IAAA,IAAI,CAACH,MAAQ,EAAA;QACXC,MAAOG,CAAAA,GAAG,CAACC,IAAI,CAAC,uCAAA,CAAA;QAChB,OAAO,IAAA;AACT;IAEA,OAAOC,MAAAA,CAAOC,UAAU,CAAC,QAAA,CAAA,CAAUC,MAAM,CAACR,MAAAA,CAAAA,CAAQS,MAAM,EAAA,CAAA;AAC1D,CAAA;AAEA;;;IAIA,MAAMC,UAAU,CAACC,KAAAA,GAAAA;AACf,IAAA,MAAMC,GAAMb,GAAAA,YAAAA,EAAAA;IACZ,IAAI,CAACa,KAAK,OAAO,IAAA;IAEjB,MAAMC,EAAAA,GAAKP,MAAOQ,CAAAA,WAAW,CAACjB,SAAAA,CAAAA;AAC9B,IAAA,MAAMkB,MAAST,GAAAA,MAAAA,CAAOU,cAAc,CAAC,eAAeJ,GAAKC,EAAAA,EAAAA,CAAAA;AAEzD,IAAA,IAAII,SAAYF,GAAAA,MAAAA,CAAOP,MAAM,CAACG,OAAO,MAAQ,EAAA,KAAA,CAAA;IAC7CM,SAAaF,IAAAA,MAAAA,CAAOG,KAAK,CAAC,KAAA,CAAA;IAE1B,MAAMC,OAAAA,GAAUJ,OAAOK,UAAU,EAAA;AAEjC,IAAA,OAAO,CAAC,EAAEtB,kBAAAA,CAAmB,CAAC,EAAEe,EAAAA,CAAGQ,QAAQ,CAAC,KAAA,CAAA,CAAO,CAAC,EAAEJ,UAAU,CAAC,EAAEE,QAAQE,QAAQ,CAAC,OAAO,CAAC;AAC9F,CAAA;AAEA;;;IAIA,MAAMC,UAAU,CAACC,cAAAA,GAAAA;AACf,IAAA,MAAM,CAACC,OAAS,EAAA,GAAGC,KAAK,GAAGF,cAAAA,CAAeG,KAAK,CAAC,GAAA,CAAA;AAEhD,IAAA,IAAIF,YAAY1B,kBAAoB,EAAA;AAClC,QAAA,MAAM,IAAI6B,KAAM,CAAA,CAAC,gCAAgC,EAAEH,QAAQ,CAAC,CAAA;AAC9D;AAEA,IAAA,MAAM,CAACI,KAAAA,EAAOC,YAAcC,EAAAA,MAAAA,CAAO,GAAGL,IAAAA;AACtC,IAAA,IAAI,CAACG,KAAAA,IAAS,CAACC,YAAAA,IAAgB,CAACC,MAAQ,EAAA;AACtC,QAAA,MAAM,IAAIH,KAAM,CAAA,gCAAA,CAAA;AAClB;AAEA,IAAA,MAAMf,GAAMb,GAAAA,YAAAA,EAAAA;IACZ,IAAI,CAACa,KAAK,OAAO,IAAA;AAEjB,IAAA,MAAMC,EAAKkB,GAAAA,MAAAA,CAAOC,IAAI,CAACJ,KAAO,EAAA,KAAA,CAAA;AAC9B,IAAA,MAAMK,aAAgBF,GAAAA,MAAAA,CAAOC,IAAI,CAACH,YAAc,EAAA,KAAA,CAAA;AAChD,IAAA,MAAMV,OAAUY,GAAAA,MAAAA,CAAOC,IAAI,CAACF,MAAQ,EAAA,KAAA,CAAA;IAEpC,IAAI;AACF,QAAA,MAAMI,QAAW5B,GAAAA,MAAAA,CAAO6B,gBAAgB,CAAC,eAAevB,GAAKC,EAAAA,EAAAA,CAAAA;AAC7DqB,QAAAA,QAAAA,CAASE,UAAU,CAACjB,OAAAA,CAAAA;AAEpB,QAAA,IAAIkB,SAAYH,GAAAA,QAAAA,CAAS1B,MAAM,CAACyB,eAAeK,SAAW,EAAA,MAAA,CAAA;QAC1DD,SAAaH,IAAAA,QAAAA,CAAShB,KAAK,CAAC,MAAA,CAAA;QAE5B,OAAOmB,SAAAA;AACT,KAAA,CAAE,OAAOE,GAAK,EAAA;QACZtC,MAAOG,CAAAA,GAAG,CAACC,IAAI,CACb,2FAAA,CAAA;QAEF,OAAO,IAAA;AACT;AACF,CAAA;AAEA,iBAAe;AACbK,IAAAA,OAAAA;AACAY,IAAAA;AACF,CAAE;;;;"}
+{"version":3,"file":"encryption.js","sources":["../../../../../server/src/services/encryption.ts"],"sourcesContent":["import crypto from 'crypto';\n\nconst IV_LENGTH = 16; // 16 bytes for AES-GCM IV\nconst ENCRYPTION_VERSION = 'v1';\n\nconst getHashedKey = (): Buffer | null => {\n  const rawKey: string = strapi.config.get('admin.secrets.encryptionKey');\n  if (!rawKey) {\n    strapi.log.warn('Encryption key is missing from config');\n    return null;\n  }\n\n  return crypto.createHash('sha256').update(rawKey).digest(); // Always 32 bytes\n};\n\n/**\n * Encrypts a value string using AES-256-GCM.\n * Returns a string prefixed with the encryption version and includes IV, encrypted content, and auth tag (all hex-encoded).\n */\nconst encrypt = (value: string) => {\n  const key = getHashedKey();\n  if (!key) return null;\n\n  const iv = crypto.randomBytes(IV_LENGTH);\n  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);\n\n  let encrypted = cipher.update(value, 'utf8', 'hex');\n  encrypted += cipher.final('hex');\n\n  const authTag = cipher.getAuthTag();\n\n  return `${ENCRYPTION_VERSION}:${iv.toString('hex')}:${encrypted}:${authTag.toString('hex')}`;\n};\n\n/**\n * Decrypts a value encrypted by encrypt().\n * Supports versioned formats like v1:iv:encrypted:authTag\n */\nconst decrypt = (encryptedValue: string) => {\n  const [version, ...rest] = encryptedValue.split(':');\n\n  if (version !== ENCRYPTION_VERSION) {\n    throw new Error(`Unsupported encryption version: ${version}`);\n  }\n\n  const [ivHex, encryptedHex, tagHex] = rest;\n  if (!ivHex || !encryptedHex || !tagHex) {\n    throw new Error('Invalid encrypted value format');\n  }\n\n  const key = getHashedKey();\n  if (!key) return null;\n\n  const iv = Buffer.from(ivHex, 'hex');\n  const encryptedText = Buffer.from(encryptedHex, 'hex');\n  const authTag = Buffer.from(tagHex, 'hex');\n\n  try {\n    const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);\n    decipher.setAuthTag(authTag);\n\n    let decrypted = decipher.update(encryptedText, undefined, 'utf8');\n    decrypted += decipher.final('utf8');\n\n    return decrypted;\n  } catch (err) {\n    strapi.log.warn(\n      '[decrypt] Unable to decrypt value — encryption key may have changed or data is corrupted.'\n    );\n    return null;\n  }\n};\n\nexport default {\n  encrypt,\n  decrypt,\n};\n"],"names":["IV_LENGTH","ENCRYPTION_VERSION","getHashedKey","rawKey","strapi","config","get","log","warn","crypto","createHash","update","digest","encrypt","value","key","iv","randomBytes","cipher","createCipheriv","encrypted","final","authTag","getAuthTag","toString","decrypt","encryptedValue","version","rest","split","Error","ivHex","encryptedHex","tagHex","Buffer","from","encryptedText","decipher","createDecipheriv","setAuthTag","decrypted","undefined","err"],"mappings":";;;;AAEA,MAAMA,SAAAA,GAAY;AAClB,MAAMC,kBAAqB,GAAA,IAAA;AAE3B,MAAMC,YAAe,GAAA,IAAA;AACnB,IAAA,MAAMC,MAAiBC,GAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CAAC,6BAAA,CAAA;AACzC,IAAA,IAAI,CAACH,MAAQ,EAAA;QACXC,MAAOG,CAAAA,GAAG,CAACC,IAAI,CAAC,uCAAA,CAAA;QAChB,OAAO,IAAA;AACT;IAEA,OAAOC,MAAAA,CAAOC,UAAU,CAAC,QAAA,CAAA,CAAUC,MAAM,CAACR,MAAAA,CAAAA,CAAQS,MAAM,EAAA,CAAA;AAC1D,CAAA;AAEA;;;IAIA,MAAMC,UAAU,CAACC,KAAAA,GAAAA;AACf,IAAA,MAAMC,GAAMb,GAAAA,YAAAA,EAAAA;IACZ,IAAI,CAACa,KAAK,OAAO,IAAA;IAEjB,MAAMC,EAAAA,GAAKP,MAAOQ,CAAAA,WAAW,CAACjB,SAAAA,CAAAA;AAC9B,IAAA,MAAMkB,MAAST,GAAAA,MAAAA,CAAOU,cAAc,CAAC,eAAeJ,GAAKC,EAAAA,EAAAA,CAAAA;AAEzD,IAAA,IAAII,SAAYF,GAAAA,MAAAA,CAAOP,MAAM,CAACG,OAAO,MAAQ,EAAA,KAAA,CAAA;IAC7CM,SAAaF,IAAAA,MAAAA,CAAOG,KAAK,CAAC,KAAA,CAAA;IAE1B,MAAMC,OAAAA,GAAUJ,OAAOK,UAAU,EAAA;AAEjC,IAAA,OAAO,GAAGtB,kBAAmB,CAAA,CAAC,EAAEe,EAAAA,CAAGQ,QAAQ,CAAC,KAAA,CAAA,CAAO,CAAC,EAAEJ,UAAU,CAAC,EAAEE,OAAQE,CAAAA,QAAQ,CAAC,KAAQ,CAAA,CAAA,CAAA;AAC9F,CAAA;AAEA;;;IAIA,MAAMC,UAAU,CAACC,cAAAA,GAAAA;AACf,IAAA,MAAM,CAACC,OAAS,EAAA,GAAGC,KAAK,GAAGF,cAAAA,CAAeG,KAAK,CAAC,GAAA,CAAA;AAEhD,IAAA,IAAIF,YAAY1B,kBAAoB,EAAA;AAClC,QAAA,MAAM,IAAI6B,KAAAA,CAAM,CAAC,gCAAgC,EAAEH,OAAS,CAAA,CAAA,CAAA;AAC9D;AAEA,IAAA,MAAM,CAACI,KAAAA,EAAOC,YAAcC,EAAAA,MAAAA,CAAO,GAAGL,IAAAA;AACtC,IAAA,IAAI,CAACG,KAAAA,IAAS,CAACC,YAAAA,IAAgB,CAACC,MAAQ,EAAA;AACtC,QAAA,MAAM,IAAIH,KAAM,CAAA,gCAAA,CAAA;AAClB;AAEA,IAAA,MAAMf,GAAMb,GAAAA,YAAAA,EAAAA;IACZ,IAAI,CAACa,KAAK,OAAO,IAAA;AAEjB,IAAA,MAAMC,EAAKkB,GAAAA,MAAAA,CAAOC,IAAI,CAACJ,KAAO,EAAA,KAAA,CAAA;AAC9B,IAAA,MAAMK,aAAgBF,GAAAA,MAAAA,CAAOC,IAAI,CAACH,YAAc,EAAA,KAAA,CAAA;AAChD,IAAA,MAAMV,OAAUY,GAAAA,MAAAA,CAAOC,IAAI,CAACF,MAAQ,EAAA,KAAA,CAAA;IAEpC,IAAI;AACF,QAAA,MAAMI,QAAW5B,GAAAA,MAAAA,CAAO6B,gBAAgB,CAAC,eAAevB,GAAKC,EAAAA,EAAAA,CAAAA;AAC7DqB,QAAAA,QAAAA,CAASE,UAAU,CAACjB,OAAAA,CAAAA;AAEpB,QAAA,IAAIkB,SAAYH,GAAAA,QAAAA,CAAS1B,MAAM,CAACyB,eAAeK,SAAW,EAAA,MAAA,CAAA;QAC1DD,SAAaH,IAAAA,QAAAA,CAAShB,KAAK,CAAC,MAAA,CAAA;QAE5B,OAAOmB,SAAAA;AACT,KAAA,CAAE,OAAOE,GAAK,EAAA;QACZtC,MAAOG,CAAAA,GAAG,CAACC,IAAI,CACb,2FAAA,CAAA;QAEF,OAAO,IAAA;AACT;AACF,CAAA;AAEA,iBAAe;AACbK,IAAAA,OAAAA;AACAY,IAAAA;AACF,CAAE;;;;"}

package/dist/server/server/src/services/encryption.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"encryption.mjs","sources":["../../../../../server/src/services/encryption.ts"],"sourcesContent":["import crypto from 'crypto';\n\nconst IV_LENGTH = 16; // 16 bytes for AES-GCM IV\nconst ENCRYPTION_VERSION = 'v1';\n\nconst getHashedKey = (): Buffer | null => {\n  const rawKey: string = strapi.config.get('admin.secrets.encryptionKey');\n  if (!rawKey) {\n    strapi.log.warn('Encryption key is missing from config');\n    return null;\n  }\n\n  return crypto.createHash('sha256').update(rawKey).digest(); // Always 32 bytes\n};\n\n/**\n * Encrypts a value string using AES-256-GCM.\n * Returns a string prefixed with the encryption version and includes IV, encrypted content, and auth tag (all hex-encoded).\n */\nconst encrypt = (value: string) => {\n  const key = getHashedKey();\n  if (!key) return null;\n\n  const iv = crypto.randomBytes(IV_LENGTH);\n  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);\n\n  let encrypted = cipher.update(value, 'utf8', 'hex');\n  encrypted += cipher.final('hex');\n\n  const authTag = cipher.getAuthTag();\n\n  return `${ENCRYPTION_VERSION}:${iv.toString('hex')}:${encrypted}:${authTag.toString('hex')}`;\n};\n\n/**\n * Decrypts a value encrypted by encrypt().\n * Supports versioned formats like v1:iv:encrypted:authTag\n */\nconst decrypt = (encryptedValue: string) => {\n  const [version, ...rest] = encryptedValue.split(':');\n\n  if (version !== ENCRYPTION_VERSION) {\n    throw new Error(`Unsupported encryption version: ${version}`);\n  }\n\n  const [ivHex, encryptedHex, tagHex] = rest;\n  if (!ivHex || !encryptedHex || !tagHex) {\n    throw new Error('Invalid encrypted value format');\n  }\n\n  const key = getHashedKey();\n  if (!key) return null;\n\n  const iv = Buffer.from(ivHex, 'hex');\n  const encryptedText = Buffer.from(encryptedHex, 'hex');\n  const authTag = Buffer.from(tagHex, 'hex');\n\n  try {\n    const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);\n    decipher.setAuthTag(authTag);\n\n    let decrypted = decipher.update(encryptedText, undefined, 'utf8');\n    decrypted += decipher.final('utf8');\n\n    return decrypted;\n  } catch (err) {\n    strapi.log.warn(\n      '[decrypt] Unable to decrypt value — encryption key may have changed or data is corrupted.'\n    );\n    return null;\n  }\n};\n\nexport default {\n  encrypt,\n  decrypt,\n};\n"],"names":["IV_LENGTH","ENCRYPTION_VERSION","getHashedKey","rawKey","strapi","config","get","log","warn","crypto","createHash","update","digest","encrypt","value","key","iv","randomBytes","cipher","createCipheriv","encrypted","final","authTag","getAuthTag","toString","decrypt","encryptedValue","version","rest","split","Error","ivHex","encryptedHex","tagHex","Buffer","from","encryptedText","decipher","createDecipheriv","setAuthTag","decrypted","undefined","err"],"mappings":";;AAEA,MAAMA,SAAAA,GAAY;AAClB,MAAMC,kBAAqB,GAAA,IAAA;AAE3B,MAAMC,YAAe,GAAA,IAAA;AACnB,IAAA,MAAMC,MAAiBC,GAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CAAC,6BAAA,CAAA;AACzC,IAAA,IAAI,CAACH,MAAQ,EAAA;QACXC,MAAOG,CAAAA,GAAG,CAACC,IAAI,CAAC,uCAAA,CAAA;QAChB,OAAO,IAAA;AACT;IAEA,OAAOC,MAAAA,CAAOC,UAAU,CAAC,QAAA,CAAA,CAAUC,MAAM,CAACR,MAAAA,CAAAA,CAAQS,MAAM,EAAA,CAAA;AAC1D,CAAA;AAEA;;;IAIA,MAAMC,UAAU,CAACC,KAAAA,GAAAA;AACf,IAAA,MAAMC,GAAMb,GAAAA,YAAAA,EAAAA;IACZ,IAAI,CAACa,KAAK,OAAO,IAAA;IAEjB,MAAMC,EAAAA,GAAKP,MAAOQ,CAAAA,WAAW,CAACjB,SAAAA,CAAAA;AAC9B,IAAA,MAAMkB,MAAST,GAAAA,MAAAA,CAAOU,cAAc,CAAC,eAAeJ,GAAKC,EAAAA,EAAAA,CAAAA;AAEzD,IAAA,IAAII,SAAYF,GAAAA,MAAAA,CAAOP,MAAM,CAACG,OAAO,MAAQ,EAAA,KAAA,CAAA;IAC7CM,SAAaF,IAAAA,MAAAA,CAAOG,KAAK,CAAC,KAAA,CAAA;IAE1B,MAAMC,OAAAA,GAAUJ,OAAOK,UAAU,EAAA;AAEjC,IAAA,OAAO,CAAC,EAAEtB,kBAAAA,CAAmB,CAAC,EAAEe,EAAAA,CAAGQ,QAAQ,CAAC,KAAA,CAAA,CAAO,CAAC,EAAEJ,UAAU,CAAC,EAAEE,QAAQE,QAAQ,CAAC,OAAO,CAAC;AAC9F,CAAA;AAEA;;;IAIA,MAAMC,UAAU,CAACC,cAAAA,GAAAA;AACf,IAAA,MAAM,CAACC,OAAS,EAAA,GAAGC,KAAK,GAAGF,cAAAA,CAAeG,KAAK,CAAC,GAAA,CAAA;AAEhD,IAAA,IAAIF,YAAY1B,kBAAoB,EAAA;AAClC,QAAA,MAAM,IAAI6B,KAAM,CAAA,CAAC,gCAAgC,EAAEH,QAAQ,CAAC,CAAA;AAC9D;AAEA,IAAA,MAAM,CAACI,KAAAA,EAAOC,YAAcC,EAAAA,MAAAA,CAAO,GAAGL,IAAAA;AACtC,IAAA,IAAI,CAACG,KAAAA,IAAS,CAACC,YAAAA,IAAgB,CAACC,MAAQ,EAAA;AACtC,QAAA,MAAM,IAAIH,KAAM,CAAA,gCAAA,CAAA;AAClB;AAEA,IAAA,MAAMf,GAAMb,GAAAA,YAAAA,EAAAA;IACZ,IAAI,CAACa,KAAK,OAAO,IAAA;AAEjB,IAAA,MAAMC,EAAKkB,GAAAA,MAAAA,CAAOC,IAAI,CAACJ,KAAO,EAAA,KAAA,CAAA;AAC9B,IAAA,MAAMK,aAAgBF,GAAAA,MAAAA,CAAOC,IAAI,CAACH,YAAc,EAAA,KAAA,CAAA;AAChD,IAAA,MAAMV,OAAUY,GAAAA,MAAAA,CAAOC,IAAI,CAACF,MAAQ,EAAA,KAAA,CAAA;IAEpC,IAAI;AACF,QAAA,MAAMI,QAAW5B,GAAAA,MAAAA,CAAO6B,gBAAgB,CAAC,eAAevB,GAAKC,EAAAA,EAAAA,CAAAA;AAC7DqB,QAAAA,QAAAA,CAASE,UAAU,CAACjB,OAAAA,CAAAA;AAEpB,QAAA,IAAIkB,SAAYH,GAAAA,QAAAA,CAAS1B,MAAM,CAACyB,eAAeK,SAAW,EAAA,MAAA,CAAA;QAC1DD,SAAaH,IAAAA,QAAAA,CAAShB,KAAK,CAAC,MAAA,CAAA;QAE5B,OAAOmB,SAAAA;AACT,KAAA,CAAE,OAAOE,GAAK,EAAA;QACZtC,MAAOG,CAAAA,GAAG,CAACC,IAAI,CACb,2FAAA,CAAA;QAEF,OAAO,IAAA;AACT;AACF,CAAA;AAEA,iBAAe;AACbK,IAAAA,OAAAA;AACAY,IAAAA;AACF,CAAE;;;;"}
+{"version":3,"file":"encryption.mjs","sources":["../../../../../server/src/services/encryption.ts"],"sourcesContent":["import crypto from 'crypto';\n\nconst IV_LENGTH = 16; // 16 bytes for AES-GCM IV\nconst ENCRYPTION_VERSION = 'v1';\n\nconst getHashedKey = (): Buffer | null => {\n  const rawKey: string = strapi.config.get('admin.secrets.encryptionKey');\n  if (!rawKey) {\n    strapi.log.warn('Encryption key is missing from config');\n    return null;\n  }\n\n  return crypto.createHash('sha256').update(rawKey).digest(); // Always 32 bytes\n};\n\n/**\n * Encrypts a value string using AES-256-GCM.\n * Returns a string prefixed with the encryption version and includes IV, encrypted content, and auth tag (all hex-encoded).\n */\nconst encrypt = (value: string) => {\n  const key = getHashedKey();\n  if (!key) return null;\n\n  const iv = crypto.randomBytes(IV_LENGTH);\n  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);\n\n  let encrypted = cipher.update(value, 'utf8', 'hex');\n  encrypted += cipher.final('hex');\n\n  const authTag = cipher.getAuthTag();\n\n  return `${ENCRYPTION_VERSION}:${iv.toString('hex')}:${encrypted}:${authTag.toString('hex')}`;\n};\n\n/**\n * Decrypts a value encrypted by encrypt().\n * Supports versioned formats like v1:iv:encrypted:authTag\n */\nconst decrypt = (encryptedValue: string) => {\n  const [version, ...rest] = encryptedValue.split(':');\n\n  if (version !== ENCRYPTION_VERSION) {\n    throw new Error(`Unsupported encryption version: ${version}`);\n  }\n\n  const [ivHex, encryptedHex, tagHex] = rest;\n  if (!ivHex || !encryptedHex || !tagHex) {\n    throw new Error('Invalid encrypted value format');\n  }\n\n  const key = getHashedKey();\n  if (!key) return null;\n\n  const iv = Buffer.from(ivHex, 'hex');\n  const encryptedText = Buffer.from(encryptedHex, 'hex');\n  const authTag = Buffer.from(tagHex, 'hex');\n\n  try {\n    const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);\n    decipher.setAuthTag(authTag);\n\n    let decrypted = decipher.update(encryptedText, undefined, 'utf8');\n    decrypted += decipher.final('utf8');\n\n    return decrypted;\n  } catch (err) {\n    strapi.log.warn(\n      '[decrypt] Unable to decrypt value — encryption key may have changed or data is corrupted.'\n    );\n    return null;\n  }\n};\n\nexport default {\n  encrypt,\n  decrypt,\n};\n"],"names":["IV_LENGTH","ENCRYPTION_VERSION","getHashedKey","rawKey","strapi","config","get","log","warn","crypto","createHash","update","digest","encrypt","value","key","iv","randomBytes","cipher","createCipheriv","encrypted","final","authTag","getAuthTag","toString","decrypt","encryptedValue","version","rest","split","Error","ivHex","encryptedHex","tagHex","Buffer","from","encryptedText","decipher","createDecipheriv","setAuthTag","decrypted","undefined","err"],"mappings":";;AAEA,MAAMA,SAAAA,GAAY;AAClB,MAAMC,kBAAqB,GAAA,IAAA;AAE3B,MAAMC,YAAe,GAAA,IAAA;AACnB,IAAA,MAAMC,MAAiBC,GAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CAAC,6BAAA,CAAA;AACzC,IAAA,IAAI,CAACH,MAAQ,EAAA;QACXC,MAAOG,CAAAA,GAAG,CAACC,IAAI,CAAC,uCAAA,CAAA;QAChB,OAAO,IAAA;AACT;IAEA,OAAOC,MAAAA,CAAOC,UAAU,CAAC,QAAA,CAAA,CAAUC,MAAM,CAACR,MAAAA,CAAAA,CAAQS,MAAM,EAAA,CAAA;AAC1D,CAAA;AAEA;;;IAIA,MAAMC,UAAU,CAACC,KAAAA,GAAAA;AACf,IAAA,MAAMC,GAAMb,GAAAA,YAAAA,EAAAA;IACZ,IAAI,CAACa,KAAK,OAAO,IAAA;IAEjB,MAAMC,EAAAA,GAAKP,MAAOQ,CAAAA,WAAW,CAACjB,SAAAA,CAAAA;AAC9B,IAAA,MAAMkB,MAAST,GAAAA,MAAAA,CAAOU,cAAc,CAAC,eAAeJ,GAAKC,EAAAA,EAAAA,CAAAA;AAEzD,IAAA,IAAII,SAAYF,GAAAA,MAAAA,CAAOP,MAAM,CAACG,OAAO,MAAQ,EAAA,KAAA,CAAA;IAC7CM,SAAaF,IAAAA,MAAAA,CAAOG,KAAK,CAAC,KAAA,CAAA;IAE1B,MAAMC,OAAAA,GAAUJ,OAAOK,UAAU,EAAA;AAEjC,IAAA,OAAO,GAAGtB,kBAAmB,CAAA,CAAC,EAAEe,EAAAA,CAAGQ,QAAQ,CAAC,KAAA,CAAA,CAAO,CAAC,EAAEJ,UAAU,CAAC,EAAEE,OAAQE,CAAAA,QAAQ,CAAC,KAAQ,CAAA,CAAA,CAAA;AAC9F,CAAA;AAEA;;;IAIA,MAAMC,UAAU,CAACC,cAAAA,GAAAA;AACf,IAAA,MAAM,CAACC,OAAS,EAAA,GAAGC,KAAK,GAAGF,cAAAA,CAAeG,KAAK,CAAC,GAAA,CAAA;AAEhD,IAAA,IAAIF,YAAY1B,kBAAoB,EAAA;AAClC,QAAA,MAAM,IAAI6B,KAAAA,CAAM,CAAC,gCAAgC,EAAEH,OAAS,CAAA,CAAA,CAAA;AAC9D;AAEA,IAAA,MAAM,CAACI,KAAAA,EAAOC,YAAcC,EAAAA,MAAAA,CAAO,GAAGL,IAAAA;AACtC,IAAA,IAAI,CAACG,KAAAA,IAAS,CAACC,YAAAA,IAAgB,CAACC,MAAQ,EAAA;AACtC,QAAA,MAAM,IAAIH,KAAM,CAAA,gCAAA,CAAA;AAClB;AAEA,IAAA,MAAMf,GAAMb,GAAAA,YAAAA,EAAAA;IACZ,IAAI,CAACa,KAAK,OAAO,IAAA;AAEjB,IAAA,MAAMC,EAAKkB,GAAAA,MAAAA,CAAOC,IAAI,CAACJ,KAAO,EAAA,KAAA,CAAA;AAC9B,IAAA,MAAMK,aAAgBF,GAAAA,MAAAA,CAAOC,IAAI,CAACH,YAAc,EAAA,KAAA,CAAA;AAChD,IAAA,MAAMV,OAAUY,GAAAA,MAAAA,CAAOC,IAAI,CAACF,MAAQ,EAAA,KAAA,CAAA;IAEpC,IAAI;AACF,QAAA,MAAMI,QAAW5B,GAAAA,MAAAA,CAAO6B,gBAAgB,CAAC,eAAevB,GAAKC,EAAAA,EAAAA,CAAAA;AAC7DqB,QAAAA,QAAAA,CAASE,UAAU,CAACjB,OAAAA,CAAAA;AAEpB,QAAA,IAAIkB,SAAYH,GAAAA,QAAAA,CAAS1B,MAAM,CAACyB,eAAeK,SAAW,EAAA,MAAA,CAAA;QAC1DD,SAAaH,IAAAA,QAAAA,CAAShB,KAAK,CAAC,MAAA,CAAA;QAE5B,OAAOmB,SAAAA;AACT,KAAA,CAAE,OAAOE,GAAK,EAAA;QACZtC,MAAOG,CAAAA,GAAG,CAACC,IAAI,CACb,2FAAA,CAAA;QAEF,OAAO,IAAA;AACT;AACF,CAAA;AAEA,iBAAe;AACbK,IAAAA,OAAAA;AACAY,IAAAA;AACF,CAAE;;;;"}

package/dist/server/server/src/services/homepage.js.map

@@ -1 +1 @@
-{"version":3,"file":"homepage.js","sources":["../../../../../server/src/services/homepage.ts"],"sourcesContent":["import { Core } from '@strapi/types';\nimport { getService } from '../utils';\nimport {\n  HomepageLayout,\n  HomepageLayoutSchema,\n  HomepageLayoutWrite,\n  HomepageLayoutWriteSchema,\n} from '../controllers/validation/schema';\n\nconst DEFAULT_WIDTH = 6 as const;\nconst keyFor = (userId: number) => `homepage-layout:${userId}`;\n\nconst isContentTypeVisible = (model: any) =>\n  model?.pluginOptions?.['content-type-builder']?.visible !== false;\n\nexport const homepageService = ({ strapi }: { strapi: Core.Strapi }) => {\n  const adminStore = strapi.store({ type: 'core', name: 'admin' });\n  const getKeyStatistics = async () => {\n    const contentTypes = Object.entries(strapi.contentTypes).filter(([, contentType]) => {\n      return isContentTypeVisible(contentType);\n    });\n\n    const countApiTokens = await getService('api-token').count();\n    const countAdmins = await getService('user').count();\n    const countLocales = (await strapi.plugin('i18n')?.service('locales')?.count()) ?? null;\n    const countsAssets = await strapi.db.query('plugin::upload.file').count();\n    const countWebhooks = await strapi.db.query('strapi::webhook').count();\n\n    const componentCategories = new Set(\n      Object.values(strapi.components).map((component) => component.category)\n    );\n    const components = Array.from(componentCategories);\n\n    return {\n      assets: countsAssets,\n      contentTypes: contentTypes.length,\n      components: components.length,\n      locales: countLocales,\n      admins: countAdmins,\n      webhooks: countWebhooks,\n      apiTokens: countApiTokens,\n    };\n  };\n\n  const getHomepageLayout = async (userId: number): Promise<HomepageLayout | null> => {\n    const key = keyFor(userId);\n    const value = await adminStore.get({ key });\n    if (!value) {\n      // nothing saved yet\n      return null;\n    }\n\n    return HomepageLayoutSchema.parse(value);\n  };\n\n  const updateHomepageLayout = async (userId: number, input: unknown): Promise<HomepageLayout> => {\n    const write: HomepageLayoutWrite = HomepageLayoutWriteSchema.parse(input);\n\n    const key = keyFor(userId);\n\n    const currentRaw = await adminStore.get({ key });\n    const current: HomepageLayout | null = currentRaw\n      ? HomepageLayoutSchema.parse(currentRaw)\n      : null;\n\n    const widgetsNext = write.widgets ?? current?.widgets ?? [];\n\n    // Normalize widths (fill defaults where missing)\n    const normalizedWidgets = widgetsNext.map((w) => {\n      const prev = current?.widgets.find((cw) => cw.uid === w.uid);\n      return {\n        uid: w.uid,\n        width: w.width ?? prev?.width ?? DEFAULT_WIDTH,\n      };\n    });\n\n    const next: HomepageLayout = {\n      version: write.version ?? 1,\n      widgets: normalizedWidgets,\n      updatedAt: write.updatedAt ?? new Date().toISOString(),\n    };\n\n    await adminStore.set({ key, value: next });\n    return next;\n  };\n  return {\n    getKeyStatistics,\n    getHomepageLayout,\n    updateHomepageLayout,\n  };\n};\n"],"names":["DEFAULT_WIDTH","keyFor","userId","isContentTypeVisible","model","pluginOptions","visible","homepageService","strapi","adminStore","store","type","name","getKeyStatistics","contentTypes","Object","entries","filter","contentType","countApiTokens","getService","count","countAdmins","countLocales","plugin","service","countsAssets","db","query","countWebhooks","componentCategories","Set","values","components","map","component","category","Array","from","assets","length","locales","admins","webhooks","apiTokens","getHomepageLayout","key","value","get","HomepageLayoutSchema","parse","updateHomepageLayout","input","write","HomepageLayoutWriteSchema","currentRaw","current","widgetsNext","widgets","normalizedWidgets","w","prev","find","cw","uid","width","next","version","updatedAt","Date","toISOString","set"],"mappings":";;;;;AASA,MAAMA,aAAgB,GAAA,CAAA;AACtB,MAAMC,SAAS,CAACC,MAAAA,GAAmB,CAAC,gBAAgB,EAAEA,OAAO,CAAC;AAE9D,MAAMC,oBAAAA,GAAuB,CAACC,KAC5BA,GAAAA,KAAAA,EAAOC,gBAAgB,sBAAA,CAAuB,EAAEC,OAAY,KAAA,KAAA;AAEjDC,MAAAA,eAAAA,GAAkB,CAAC,EAAEC,MAAM,EAA2B,GAAA;IACjE,MAAMC,UAAAA,GAAaD,MAAOE,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AAC9D,IAAA,MAAMC,gBAAmB,GAAA,UAAA;QACvB,MAAMC,YAAAA,GAAeC,MAAOC,CAAAA,OAAO,CAACR,MAAAA,CAAOM,YAAY,CAAA,CAAEG,MAAM,CAAC,CAAC,GAAGC,WAAY,CAAA,GAAA;AAC9E,YAAA,OAAOf,oBAAqBe,CAAAA,WAAAA,CAAAA;AAC9B,SAAA,CAAA;AAEA,QAAA,MAAMC,cAAiB,GAAA,MAAMC,gBAAW,CAAA,WAAA,CAAA,CAAaC,KAAK,EAAA;AAC1D,QAAA,MAAMC,WAAc,GAAA,MAAMF,gBAAW,CAAA,MAAA,CAAA,CAAQC,KAAK,EAAA;QAClD,MAAME,YAAAA,GAAe,MAAOf,MAAAA,CAAOgB,MAAM,CAAC,MAAA,CAAA,EAASC,OAAQ,CAAA,SAAA,CAAA,EAAYJ,KAAY,EAAA,IAAA,IAAA;QACnF,MAAMK,YAAAA,GAAe,MAAMlB,MAAOmB,CAAAA,EAAE,CAACC,KAAK,CAAC,uBAAuBP,KAAK,EAAA;QACvE,MAAMQ,aAAAA,GAAgB,MAAMrB,MAAOmB,CAAAA,EAAE,CAACC,KAAK,CAAC,mBAAmBP,KAAK,EAAA;AAEpE,QAAA,MAAMS,mBAAsB,GAAA,IAAIC,GAC9BhB,CAAAA,MAAAA,CAAOiB,MAAM,CAACxB,MAAAA,CAAOyB,UAAU,CAAA,CAAEC,GAAG,CAAC,CAACC,SAAAA,GAAcA,UAAUC,QAAQ,CAAA,CAAA;QAExE,MAAMH,UAAAA,GAAaI,KAAMC,CAAAA,IAAI,CAACR,mBAAAA,CAAAA;QAE9B,OAAO;YACLS,MAAQb,EAAAA,YAAAA;AACRZ,YAAAA,YAAAA,EAAcA,aAAa0B,MAAM;AACjCP,YAAAA,UAAAA,EAAYA,WAAWO,MAAM;YAC7BC,OAASlB,EAAAA,YAAAA;YACTmB,MAAQpB,EAAAA,WAAAA;YACRqB,QAAUd,EAAAA,aAAAA;YACVe,SAAWzB,EAAAA;AACb,SAAA;AACF,KAAA;AAEA,IAAA,MAAM0B,oBAAoB,OAAO3C,MAAAA,GAAAA;AAC/B,QAAA,MAAM4C,MAAM7C,MAAOC,CAAAA,MAAAA,CAAAA;AACnB,QAAA,MAAM6C,KAAQ,GAAA,MAAMtC,UAAWuC,CAAAA,GAAG,CAAC;AAAEF,YAAAA;AAAI,SAAA,CAAA;AACzC,QAAA,IAAI,CAACC,KAAO,EAAA;;YAEV,OAAO,IAAA;AACT;QAEA,OAAOE,2BAAAA,CAAqBC,KAAK,CAACH,KAAAA,CAAAA;AACpC,KAAA;IAEA,MAAMI,oBAAAA,GAAuB,OAAOjD,MAAgBkD,EAAAA,KAAAA,GAAAA;QAClD,MAAMC,KAAAA,GAA6BC,gCAA0BJ,CAAAA,KAAK,CAACE,KAAAA,CAAAA;AAEnE,QAAA,MAAMN,MAAM7C,MAAOC,CAAAA,MAAAA,CAAAA;AAEnB,QAAA,MAAMqD,UAAa,GAAA,MAAM9C,UAAWuC,CAAAA,GAAG,CAAC;AAAEF,YAAAA;AAAI,SAAA,CAAA;AAC9C,QAAA,MAAMU,OAAiCD,GAAAA,UAAAA,GACnCN,2BAAqBC,CAAAA,KAAK,CAACK,UAC3B,CAAA,GAAA,IAAA;AAEJ,QAAA,MAAME,cAAcJ,KAAMK,CAAAA,OAAO,IAAIF,OAAAA,EAASE,WAAW,EAAE;;AAG3D,QAAA,MAAMC,iBAAoBF,GAAAA,WAAAA,CAAYvB,GAAG,CAAC,CAAC0B,CAAAA,GAAAA;YACzC,MAAMC,IAAAA,GAAOL,OAASE,EAAAA,OAAAA,CAAQI,IAAK,CAAA,CAACC,KAAOA,EAAGC,CAAAA,GAAG,KAAKJ,CAAAA,CAAEI,GAAG,CAAA;YAC3D,OAAO;AACLA,gBAAAA,GAAAA,EAAKJ,EAAEI,GAAG;AACVC,gBAAAA,KAAAA,EAAOL,CAAEK,CAAAA,KAAK,IAAIJ,IAAAA,EAAMI,KAASjE,IAAAA;AACnC,aAAA;AACF,SAAA,CAAA;AAEA,QAAA,MAAMkE,IAAuB,GAAA;YAC3BC,OAASd,EAAAA,KAAAA,CAAMc,OAAO,IAAI,CAAA;YAC1BT,OAASC,EAAAA,iBAAAA;AACTS,YAAAA,SAAAA,EAAWf,KAAMe,CAAAA,SAAS,IAAI,IAAIC,OAAOC,WAAW;AACtD,SAAA;QAEA,MAAM7D,UAAAA,CAAW8D,GAAG,CAAC;AAAEzB,YAAAA,GAAAA;YAAKC,KAAOmB,EAAAA;AAAK,SAAA,CAAA;QACxC,OAAOA,IAAAA;AACT,KAAA;IACA,OAAO;AACLrD,QAAAA,gBAAAA;AACAgC,QAAAA,iBAAAA;AACAM,QAAAA;AACF,KAAA;AACF;;;;"}
+{"version":3,"file":"homepage.js","sources":["../../../../../server/src/services/homepage.ts"],"sourcesContent":["import { Core } from '@strapi/types';\nimport { getService } from '../utils';\nimport {\n  HomepageLayout,\n  HomepageLayoutSchema,\n  HomepageLayoutWrite,\n  HomepageLayoutWriteSchema,\n} from '../controllers/validation/schema';\n\nconst DEFAULT_WIDTH = 6 as const;\nconst keyFor = (userId: number) => `homepage-layout:${userId}`;\n\nconst isContentTypeVisible = (model: any) =>\n  model?.pluginOptions?.['content-type-builder']?.visible !== false;\n\nexport const homepageService = ({ strapi }: { strapi: Core.Strapi }) => {\n  const adminStore = strapi.store({ type: 'core', name: 'admin' });\n  const getKeyStatistics = async () => {\n    const contentTypes = Object.entries(strapi.contentTypes).filter(([, contentType]) => {\n      return isContentTypeVisible(contentType);\n    });\n\n    const countApiTokens = await getService('api-token').count();\n    const countAdmins = await getService('user').count();\n    const countLocales = (await strapi.plugin('i18n')?.service('locales')?.count()) ?? null;\n    const countsAssets = await strapi.db.query('plugin::upload.file').count();\n    const countWebhooks = await strapi.db.query('strapi::webhook').count();\n\n    const componentCategories = new Set(\n      Object.values(strapi.components).map((component) => component.category)\n    );\n    const components = Array.from(componentCategories);\n\n    return {\n      assets: countsAssets,\n      contentTypes: contentTypes.length,\n      components: components.length,\n      locales: countLocales,\n      admins: countAdmins,\n      webhooks: countWebhooks,\n      apiTokens: countApiTokens,\n    };\n  };\n\n  const getHomepageLayout = async (userId: number): Promise<HomepageLayout | null> => {\n    const key = keyFor(userId);\n    const value = await adminStore.get({ key });\n    if (!value) {\n      // nothing saved yet\n      return null;\n    }\n\n    return HomepageLayoutSchema.parse(value);\n  };\n\n  const updateHomepageLayout = async (userId: number, input: unknown): Promise<HomepageLayout> => {\n    const write: HomepageLayoutWrite = HomepageLayoutWriteSchema.parse(input);\n\n    const key = keyFor(userId);\n\n    const currentRaw = await adminStore.get({ key });\n    const current: HomepageLayout | null = currentRaw\n      ? HomepageLayoutSchema.parse(currentRaw)\n      : null;\n\n    const widgetsNext = write.widgets ?? current?.widgets ?? [];\n\n    // Normalize widths (fill defaults where missing)\n    const normalizedWidgets = widgetsNext.map((w) => {\n      const prev = current?.widgets.find((cw) => cw.uid === w.uid);\n      return {\n        uid: w.uid,\n        width: w.width ?? prev?.width ?? DEFAULT_WIDTH,\n      };\n    });\n\n    const next: HomepageLayout = {\n      version: write.version ?? 1,\n      widgets: normalizedWidgets,\n      updatedAt: write.updatedAt ?? new Date().toISOString(),\n    };\n\n    await adminStore.set({ key, value: next });\n    return next;\n  };\n  return {\n    getKeyStatistics,\n    getHomepageLayout,\n    updateHomepageLayout,\n  };\n};\n"],"names":["DEFAULT_WIDTH","keyFor","userId","isContentTypeVisible","model","pluginOptions","visible","homepageService","strapi","adminStore","store","type","name","getKeyStatistics","contentTypes","Object","entries","filter","contentType","countApiTokens","getService","count","countAdmins","countLocales","plugin","service","countsAssets","db","query","countWebhooks","componentCategories","Set","values","components","map","component","category","Array","from","assets","length","locales","admins","webhooks","apiTokens","getHomepageLayout","key","value","get","HomepageLayoutSchema","parse","updateHomepageLayout","input","write","HomepageLayoutWriteSchema","currentRaw","current","widgetsNext","widgets","normalizedWidgets","w","prev","find","cw","uid","width","next","version","updatedAt","Date","toISOString","set"],"mappings":";;;;;AASA,MAAMA,aAAgB,GAAA,CAAA;AACtB,MAAMC,SAAS,CAACC,MAAAA,GAAmB,CAAC,gBAAgB,EAAEA,MAAQ,CAAA,CAAA;AAE9D,MAAMC,oBAAAA,GAAuB,CAACC,KAC5BA,GAAAA,KAAAA,EAAOC,gBAAgB,sBAAA,CAAuB,EAAEC,OAAY,KAAA,KAAA;AAEjDC,MAAAA,eAAAA,GAAkB,CAAC,EAAEC,MAAM,EAA2B,GAAA;IACjE,MAAMC,UAAAA,GAAaD,MAAOE,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AAC9D,IAAA,MAAMC,gBAAmB,GAAA,UAAA;QACvB,MAAMC,YAAAA,GAAeC,MAAOC,CAAAA,OAAO,CAACR,MAAAA,CAAOM,YAAY,CAAA,CAAEG,MAAM,CAAC,CAAC,GAAGC,WAAY,CAAA,GAAA;AAC9E,YAAA,OAAOf,oBAAqBe,CAAAA,WAAAA,CAAAA;AAC9B,SAAA,CAAA;AAEA,QAAA,MAAMC,cAAiB,GAAA,MAAMC,gBAAW,CAAA,WAAA,CAAA,CAAaC,KAAK,EAAA;AAC1D,QAAA,MAAMC,WAAc,GAAA,MAAMF,gBAAW,CAAA,MAAA,CAAA,CAAQC,KAAK,EAAA;QAClD,MAAME,YAAAA,GAAe,MAAOf,MAAAA,CAAOgB,MAAM,CAAC,MAAA,CAAA,EAASC,OAAQ,CAAA,SAAA,CAAA,EAAYJ,KAAY,EAAA,IAAA,IAAA;QACnF,MAAMK,YAAAA,GAAe,MAAMlB,MAAOmB,CAAAA,EAAE,CAACC,KAAK,CAAC,uBAAuBP,KAAK,EAAA;QACvE,MAAMQ,aAAAA,GAAgB,MAAMrB,MAAOmB,CAAAA,EAAE,CAACC,KAAK,CAAC,mBAAmBP,KAAK,EAAA;AAEpE,QAAA,MAAMS,mBAAsB,GAAA,IAAIC,GAC9BhB,CAAAA,MAAAA,CAAOiB,MAAM,CAACxB,MAAAA,CAAOyB,UAAU,CAAA,CAAEC,GAAG,CAAC,CAACC,SAAAA,GAAcA,UAAUC,QAAQ,CAAA,CAAA;QAExE,MAAMH,UAAAA,GAAaI,KAAMC,CAAAA,IAAI,CAACR,mBAAAA,CAAAA;QAE9B,OAAO;YACLS,MAAQb,EAAAA,YAAAA;AACRZ,YAAAA,YAAAA,EAAcA,aAAa0B,MAAM;AACjCP,YAAAA,UAAAA,EAAYA,WAAWO,MAAM;YAC7BC,OAASlB,EAAAA,YAAAA;YACTmB,MAAQpB,EAAAA,WAAAA;YACRqB,QAAUd,EAAAA,aAAAA;YACVe,SAAWzB,EAAAA;AACb,SAAA;AACF,KAAA;AAEA,IAAA,MAAM0B,oBAAoB,OAAO3C,MAAAA,GAAAA;AAC/B,QAAA,MAAM4C,MAAM7C,MAAOC,CAAAA,MAAAA,CAAAA;AACnB,QAAA,MAAM6C,KAAQ,GAAA,MAAMtC,UAAWuC,CAAAA,GAAG,CAAC;AAAEF,YAAAA;AAAI,SAAA,CAAA;AACzC,QAAA,IAAI,CAACC,KAAO,EAAA;;YAEV,OAAO,IAAA;AACT;QAEA,OAAOE,2BAAAA,CAAqBC,KAAK,CAACH,KAAAA,CAAAA;AACpC,KAAA;IAEA,MAAMI,oBAAAA,GAAuB,OAAOjD,MAAgBkD,EAAAA,KAAAA,GAAAA;QAClD,MAAMC,KAAAA,GAA6BC,gCAA0BJ,CAAAA,KAAK,CAACE,KAAAA,CAAAA;AAEnE,QAAA,MAAMN,MAAM7C,MAAOC,CAAAA,MAAAA,CAAAA;AAEnB,QAAA,MAAMqD,UAAa,GAAA,MAAM9C,UAAWuC,CAAAA,GAAG,CAAC;AAAEF,YAAAA;AAAI,SAAA,CAAA;AAC9C,QAAA,MAAMU,OAAiCD,GAAAA,UAAAA,GACnCN,2BAAqBC,CAAAA,KAAK,CAACK,UAC3B,CAAA,GAAA,IAAA;AAEJ,QAAA,MAAME,cAAcJ,KAAMK,CAAAA,OAAO,IAAIF,OAAAA,EAASE,WAAW,EAAE;;AAG3D,QAAA,MAAMC,iBAAoBF,GAAAA,WAAAA,CAAYvB,GAAG,CAAC,CAAC0B,CAAAA,GAAAA;YACzC,MAAMC,IAAAA,GAAOL,OAASE,EAAAA,OAAAA,CAAQI,IAAK,CAAA,CAACC,KAAOA,EAAGC,CAAAA,GAAG,KAAKJ,CAAAA,CAAEI,GAAG,CAAA;YAC3D,OAAO;AACLA,gBAAAA,GAAAA,EAAKJ,EAAEI,GAAG;AACVC,gBAAAA,KAAAA,EAAOL,CAAEK,CAAAA,KAAK,IAAIJ,IAAAA,EAAMI,KAASjE,IAAAA;AACnC,aAAA;AACF,SAAA,CAAA;AAEA,QAAA,MAAMkE,IAAuB,GAAA;YAC3BC,OAASd,EAAAA,KAAAA,CAAMc,OAAO,IAAI,CAAA;YAC1BT,OAASC,EAAAA,iBAAAA;AACTS,YAAAA,SAAAA,EAAWf,KAAMe,CAAAA,SAAS,IAAI,IAAIC,OAAOC,WAAW;AACtD,SAAA;QAEA,MAAM7D,UAAAA,CAAW8D,GAAG,CAAC;AAAEzB,YAAAA,GAAAA;YAAKC,KAAOmB,EAAAA;AAAK,SAAA,CAAA;QACxC,OAAOA,IAAAA;AACT,KAAA;IACA,OAAO;AACLrD,QAAAA,gBAAAA;AACAgC,QAAAA,iBAAAA;AACAM,QAAAA;AACF,KAAA;AACF;;;;"}

package/dist/server/server/src/services/homepage.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"homepage.mjs","sources":["../../../../../server/src/services/homepage.ts"],"sourcesContent":["import { Core } from '@strapi/types';\nimport { getService } from '../utils';\nimport {\n  HomepageLayout,\n  HomepageLayoutSchema,\n  HomepageLayoutWrite,\n  HomepageLayoutWriteSchema,\n} from '../controllers/validation/schema';\n\nconst DEFAULT_WIDTH = 6 as const;\nconst keyFor = (userId: number) => `homepage-layout:${userId}`;\n\nconst isContentTypeVisible = (model: any) =>\n  model?.pluginOptions?.['content-type-builder']?.visible !== false;\n\nexport const homepageService = ({ strapi }: { strapi: Core.Strapi }) => {\n  const adminStore = strapi.store({ type: 'core', name: 'admin' });\n  const getKeyStatistics = async () => {\n    const contentTypes = Object.entries(strapi.contentTypes).filter(([, contentType]) => {\n      return isContentTypeVisible(contentType);\n    });\n\n    const countApiTokens = await getService('api-token').count();\n    const countAdmins = await getService('user').count();\n    const countLocales = (await strapi.plugin('i18n')?.service('locales')?.count()) ?? null;\n    const countsAssets = await strapi.db.query('plugin::upload.file').count();\n    const countWebhooks = await strapi.db.query('strapi::webhook').count();\n\n    const componentCategories = new Set(\n      Object.values(strapi.components).map((component) => component.category)\n    );\n    const components = Array.from(componentCategories);\n\n    return {\n      assets: countsAssets,\n      contentTypes: contentTypes.length,\n      components: components.length,\n      locales: countLocales,\n      admins: countAdmins,\n      webhooks: countWebhooks,\n      apiTokens: countApiTokens,\n    };\n  };\n\n  const getHomepageLayout = async (userId: number): Promise<HomepageLayout | null> => {\n    const key = keyFor(userId);\n    const value = await adminStore.get({ key });\n    if (!value) {\n      // nothing saved yet\n      return null;\n    }\n\n    return HomepageLayoutSchema.parse(value);\n  };\n\n  const updateHomepageLayout = async (userId: number, input: unknown): Promise<HomepageLayout> => {\n    const write: HomepageLayoutWrite = HomepageLayoutWriteSchema.parse(input);\n\n    const key = keyFor(userId);\n\n    const currentRaw = await adminStore.get({ key });\n    const current: HomepageLayout | null = currentRaw\n      ? HomepageLayoutSchema.parse(currentRaw)\n      : null;\n\n    const widgetsNext = write.widgets ?? current?.widgets ?? [];\n\n    // Normalize widths (fill defaults where missing)\n    const normalizedWidgets = widgetsNext.map((w) => {\n      const prev = current?.widgets.find((cw) => cw.uid === w.uid);\n      return {\n        uid: w.uid,\n        width: w.width ?? prev?.width ?? DEFAULT_WIDTH,\n      };\n    });\n\n    const next: HomepageLayout = {\n      version: write.version ?? 1,\n      widgets: normalizedWidgets,\n      updatedAt: write.updatedAt ?? new Date().toISOString(),\n    };\n\n    await adminStore.set({ key, value: next });\n    return next;\n  };\n  return {\n    getKeyStatistics,\n    getHomepageLayout,\n    updateHomepageLayout,\n  };\n};\n"],"names":["DEFAULT_WIDTH","keyFor","userId","isContentTypeVisible","model","pluginOptions","visible","homepageService","strapi","adminStore","store","type","name","getKeyStatistics","contentTypes","Object","entries","filter","contentType","countApiTokens","getService","count","countAdmins","countLocales","plugin","service","countsAssets","db","query","countWebhooks","componentCategories","Set","values","components","map","component","category","Array","from","assets","length","locales","admins","webhooks","apiTokens","getHomepageLayout","key","value","get","HomepageLayoutSchema","parse","updateHomepageLayout","input","write","HomepageLayoutWriteSchema","currentRaw","current","widgetsNext","widgets","normalizedWidgets","w","prev","find","cw","uid","width","next","version","updatedAt","Date","toISOString","set"],"mappings":";;;AASA,MAAMA,aAAgB,GAAA,CAAA;AACtB,MAAMC,SAAS,CAACC,MAAAA,GAAmB,CAAC,gBAAgB,EAAEA,OAAO,CAAC;AAE9D,MAAMC,oBAAAA,GAAuB,CAACC,KAC5BA,GAAAA,KAAAA,EAAOC,gBAAgB,sBAAA,CAAuB,EAAEC,OAAY,KAAA,KAAA;AAEjDC,MAAAA,eAAAA,GAAkB,CAAC,EAAEC,MAAM,EAA2B,GAAA;IACjE,MAAMC,UAAAA,GAAaD,MAAOE,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AAC9D,IAAA,MAAMC,gBAAmB,GAAA,UAAA;QACvB,MAAMC,YAAAA,GAAeC,MAAOC,CAAAA,OAAO,CAACR,MAAAA,CAAOM,YAAY,CAAA,CAAEG,MAAM,CAAC,CAAC,GAAGC,WAAY,CAAA,GAAA;AAC9E,YAAA,OAAOf,oBAAqBe,CAAAA,WAAAA,CAAAA;AAC9B,SAAA,CAAA;AAEA,QAAA,MAAMC,cAAiB,GAAA,MAAMC,UAAW,CAAA,WAAA,CAAA,CAAaC,KAAK,EAAA;AAC1D,QAAA,MAAMC,WAAc,GAAA,MAAMF,UAAW,CAAA,MAAA,CAAA,CAAQC,KAAK,EAAA;QAClD,MAAME,YAAAA,GAAe,MAAOf,MAAAA,CAAOgB,MAAM,CAAC,MAAA,CAAA,EAASC,OAAQ,CAAA,SAAA,CAAA,EAAYJ,KAAY,EAAA,IAAA,IAAA;QACnF,MAAMK,YAAAA,GAAe,MAAMlB,MAAOmB,CAAAA,EAAE,CAACC,KAAK,CAAC,uBAAuBP,KAAK,EAAA;QACvE,MAAMQ,aAAAA,GAAgB,MAAMrB,MAAOmB,CAAAA,EAAE,CAACC,KAAK,CAAC,mBAAmBP,KAAK,EAAA;AAEpE,QAAA,MAAMS,mBAAsB,GAAA,IAAIC,GAC9BhB,CAAAA,MAAAA,CAAOiB,MAAM,CAACxB,MAAAA,CAAOyB,UAAU,CAAA,CAAEC,GAAG,CAAC,CAACC,SAAAA,GAAcA,UAAUC,QAAQ,CAAA,CAAA;QAExE,MAAMH,UAAAA,GAAaI,KAAMC,CAAAA,IAAI,CAACR,mBAAAA,CAAAA;QAE9B,OAAO;YACLS,MAAQb,EAAAA,YAAAA;AACRZ,YAAAA,YAAAA,EAAcA,aAAa0B,MAAM;AACjCP,YAAAA,UAAAA,EAAYA,WAAWO,MAAM;YAC7BC,OAASlB,EAAAA,YAAAA;YACTmB,MAAQpB,EAAAA,WAAAA;YACRqB,QAAUd,EAAAA,aAAAA;YACVe,SAAWzB,EAAAA;AACb,SAAA;AACF,KAAA;AAEA,IAAA,MAAM0B,oBAAoB,OAAO3C,MAAAA,GAAAA;AAC/B,QAAA,MAAM4C,MAAM7C,MAAOC,CAAAA,MAAAA,CAAAA;AACnB,QAAA,MAAM6C,KAAQ,GAAA,MAAMtC,UAAWuC,CAAAA,GAAG,CAAC;AAAEF,YAAAA;AAAI,SAAA,CAAA;AACzC,QAAA,IAAI,CAACC,KAAO,EAAA;;YAEV,OAAO,IAAA;AACT;QAEA,OAAOE,oBAAAA,CAAqBC,KAAK,CAACH,KAAAA,CAAAA;AACpC,KAAA;IAEA,MAAMI,oBAAAA,GAAuB,OAAOjD,MAAgBkD,EAAAA,KAAAA,GAAAA;QAClD,MAAMC,KAAAA,GAA6BC,yBAA0BJ,CAAAA,KAAK,CAACE,KAAAA,CAAAA;AAEnE,QAAA,MAAMN,MAAM7C,MAAOC,CAAAA,MAAAA,CAAAA;AAEnB,QAAA,MAAMqD,UAAa,GAAA,MAAM9C,UAAWuC,CAAAA,GAAG,CAAC;AAAEF,YAAAA;AAAI,SAAA,CAAA;AAC9C,QAAA,MAAMU,OAAiCD,GAAAA,UAAAA,GACnCN,oBAAqBC,CAAAA,KAAK,CAACK,UAC3B,CAAA,GAAA,IAAA;AAEJ,QAAA,MAAME,cAAcJ,KAAMK,CAAAA,OAAO,IAAIF,OAAAA,EAASE,WAAW,EAAE;;AAG3D,QAAA,MAAMC,iBAAoBF,GAAAA,WAAAA,CAAYvB,GAAG,CAAC,CAAC0B,CAAAA,GAAAA;YACzC,MAAMC,IAAAA,GAAOL,OAASE,EAAAA,OAAAA,CAAQI,IAAK,CAAA,CAACC,KAAOA,EAAGC,CAAAA,GAAG,KAAKJ,CAAAA,CAAEI,GAAG,CAAA;YAC3D,OAAO;AACLA,gBAAAA,GAAAA,EAAKJ,EAAEI,GAAG;AACVC,gBAAAA,KAAAA,EAAOL,CAAEK,CAAAA,KAAK,IAAIJ,IAAAA,EAAMI,KAASjE,IAAAA;AACnC,aAAA;AACF,SAAA,CAAA;AAEA,QAAA,MAAMkE,IAAuB,GAAA;YAC3BC,OAASd,EAAAA,KAAAA,CAAMc,OAAO,IAAI,CAAA;YAC1BT,OAASC,EAAAA,iBAAAA;AACTS,YAAAA,SAAAA,EAAWf,KAAMe,CAAAA,SAAS,IAAI,IAAIC,OAAOC,WAAW;AACtD,SAAA;QAEA,MAAM7D,UAAAA,CAAW8D,GAAG,CAAC;AAAEzB,YAAAA,GAAAA;YAAKC,KAAOmB,EAAAA;AAAK,SAAA,CAAA;QACxC,OAAOA,IAAAA;AACT,KAAA;IACA,OAAO;AACLrD,QAAAA,gBAAAA;AACAgC,QAAAA,iBAAAA;AACAM,QAAAA;AACF,KAAA;AACF;;;;"}
+{"version":3,"file":"homepage.mjs","sources":["../../../../../server/src/services/homepage.ts"],"sourcesContent":["import { Core } from '@strapi/types';\nimport { getService } from '../utils';\nimport {\n  HomepageLayout,\n  HomepageLayoutSchema,\n  HomepageLayoutWrite,\n  HomepageLayoutWriteSchema,\n} from '../controllers/validation/schema';\n\nconst DEFAULT_WIDTH = 6 as const;\nconst keyFor = (userId: number) => `homepage-layout:${userId}`;\n\nconst isContentTypeVisible = (model: any) =>\n  model?.pluginOptions?.['content-type-builder']?.visible !== false;\n\nexport const homepageService = ({ strapi }: { strapi: Core.Strapi }) => {\n  const adminStore = strapi.store({ type: 'core', name: 'admin' });\n  const getKeyStatistics = async () => {\n    const contentTypes = Object.entries(strapi.contentTypes).filter(([, contentType]) => {\n      return isContentTypeVisible(contentType);\n    });\n\n    const countApiTokens = await getService('api-token').count();\n    const countAdmins = await getService('user').count();\n    const countLocales = (await strapi.plugin('i18n')?.service('locales')?.count()) ?? null;\n    const countsAssets = await strapi.db.query('plugin::upload.file').count();\n    const countWebhooks = await strapi.db.query('strapi::webhook').count();\n\n    const componentCategories = new Set(\n      Object.values(strapi.components).map((component) => component.category)\n    );\n    const components = Array.from(componentCategories);\n\n    return {\n      assets: countsAssets,\n      contentTypes: contentTypes.length,\n      components: components.length,\n      locales: countLocales,\n      admins: countAdmins,\n      webhooks: countWebhooks,\n      apiTokens: countApiTokens,\n    };\n  };\n\n  const getHomepageLayout = async (userId: number): Promise<HomepageLayout | null> => {\n    const key = keyFor(userId);\n    const value = await adminStore.get({ key });\n    if (!value) {\n      // nothing saved yet\n      return null;\n    }\n\n    return HomepageLayoutSchema.parse(value);\n  };\n\n  const updateHomepageLayout = async (userId: number, input: unknown): Promise<HomepageLayout> => {\n    const write: HomepageLayoutWrite = HomepageLayoutWriteSchema.parse(input);\n\n    const key = keyFor(userId);\n\n    const currentRaw = await adminStore.get({ key });\n    const current: HomepageLayout | null = currentRaw\n      ? HomepageLayoutSchema.parse(currentRaw)\n      : null;\n\n    const widgetsNext = write.widgets ?? current?.widgets ?? [];\n\n    // Normalize widths (fill defaults where missing)\n    const normalizedWidgets = widgetsNext.map((w) => {\n      const prev = current?.widgets.find((cw) => cw.uid === w.uid);\n      return {\n        uid: w.uid,\n        width: w.width ?? prev?.width ?? DEFAULT_WIDTH,\n      };\n    });\n\n    const next: HomepageLayout = {\n      version: write.version ?? 1,\n      widgets: normalizedWidgets,\n      updatedAt: write.updatedAt ?? new Date().toISOString(),\n    };\n\n    await adminStore.set({ key, value: next });\n    return next;\n  };\n  return {\n    getKeyStatistics,\n    getHomepageLayout,\n    updateHomepageLayout,\n  };\n};\n"],"names":["DEFAULT_WIDTH","keyFor","userId","isContentTypeVisible","model","pluginOptions","visible","homepageService","strapi","adminStore","store","type","name","getKeyStatistics","contentTypes","Object","entries","filter","contentType","countApiTokens","getService","count","countAdmins","countLocales","plugin","service","countsAssets","db","query","countWebhooks","componentCategories","Set","values","components","map","component","category","Array","from","assets","length","locales","admins","webhooks","apiTokens","getHomepageLayout","key","value","get","HomepageLayoutSchema","parse","updateHomepageLayout","input","write","HomepageLayoutWriteSchema","currentRaw","current","widgetsNext","widgets","normalizedWidgets","w","prev","find","cw","uid","width","next","version","updatedAt","Date","toISOString","set"],"mappings":";;;AASA,MAAMA,aAAgB,GAAA,CAAA;AACtB,MAAMC,SAAS,CAACC,MAAAA,GAAmB,CAAC,gBAAgB,EAAEA,MAAQ,CAAA,CAAA;AAE9D,MAAMC,oBAAAA,GAAuB,CAACC,KAC5BA,GAAAA,KAAAA,EAAOC,gBAAgB,sBAAA,CAAuB,EAAEC,OAAY,KAAA,KAAA;AAEjDC,MAAAA,eAAAA,GAAkB,CAAC,EAAEC,MAAM,EAA2B,GAAA;IACjE,MAAMC,UAAAA,GAAaD,MAAOE,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AAC9D,IAAA,MAAMC,gBAAmB,GAAA,UAAA;QACvB,MAAMC,YAAAA,GAAeC,MAAOC,CAAAA,OAAO,CAACR,MAAAA,CAAOM,YAAY,CAAA,CAAEG,MAAM,CAAC,CAAC,GAAGC,WAAY,CAAA,GAAA;AAC9E,YAAA,OAAOf,oBAAqBe,CAAAA,WAAAA,CAAAA;AAC9B,SAAA,CAAA;AAEA,QAAA,MAAMC,cAAiB,GAAA,MAAMC,UAAW,CAAA,WAAA,CAAA,CAAaC,KAAK,EAAA;AAC1D,QAAA,MAAMC,WAAc,GAAA,MAAMF,UAAW,CAAA,MAAA,CAAA,CAAQC,KAAK,EAAA;QAClD,MAAME,YAAAA,GAAe,MAAOf,MAAAA,CAAOgB,MAAM,CAAC,MAAA,CAAA,EAASC,OAAQ,CAAA,SAAA,CAAA,EAAYJ,KAAY,EAAA,IAAA,IAAA;QACnF,MAAMK,YAAAA,GAAe,MAAMlB,MAAOmB,CAAAA,EAAE,CAACC,KAAK,CAAC,uBAAuBP,KAAK,EAAA;QACvE,MAAMQ,aAAAA,GAAgB,MAAMrB,MAAOmB,CAAAA,EAAE,CAACC,KAAK,CAAC,mBAAmBP,KAAK,EAAA;AAEpE,QAAA,MAAMS,mBAAsB,GAAA,IAAIC,GAC9BhB,CAAAA,MAAAA,CAAOiB,MAAM,CAACxB,MAAAA,CAAOyB,UAAU,CAAA,CAAEC,GAAG,CAAC,CAACC,SAAAA,GAAcA,UAAUC,QAAQ,CAAA,CAAA;QAExE,MAAMH,UAAAA,GAAaI,KAAMC,CAAAA,IAAI,CAACR,mBAAAA,CAAAA;QAE9B,OAAO;YACLS,MAAQb,EAAAA,YAAAA;AACRZ,YAAAA,YAAAA,EAAcA,aAAa0B,MAAM;AACjCP,YAAAA,UAAAA,EAAYA,WAAWO,MAAM;YAC7BC,OAASlB,EAAAA,YAAAA;YACTmB,MAAQpB,EAAAA,WAAAA;YACRqB,QAAUd,EAAAA,aAAAA;YACVe,SAAWzB,EAAAA;AACb,SAAA;AACF,KAAA;AAEA,IAAA,MAAM0B,oBAAoB,OAAO3C,MAAAA,GAAAA;AAC/B,QAAA,MAAM4C,MAAM7C,MAAOC,CAAAA,MAAAA,CAAAA;AACnB,QAAA,MAAM6C,KAAQ,GAAA,MAAMtC,UAAWuC,CAAAA,GAAG,CAAC;AAAEF,YAAAA;AAAI,SAAA,CAAA;AACzC,QAAA,IAAI,CAACC,KAAO,EAAA;;YAEV,OAAO,IAAA;AACT;QAEA,OAAOE,oBAAAA,CAAqBC,KAAK,CAACH,KAAAA,CAAAA;AACpC,KAAA;IAEA,MAAMI,oBAAAA,GAAuB,OAAOjD,MAAgBkD,EAAAA,KAAAA,GAAAA;QAClD,MAAMC,KAAAA,GAA6BC,yBAA0BJ,CAAAA,KAAK,CAACE,KAAAA,CAAAA;AAEnE,QAAA,MAAMN,MAAM7C,MAAOC,CAAAA,MAAAA,CAAAA;AAEnB,QAAA,MAAMqD,UAAa,GAAA,MAAM9C,UAAWuC,CAAAA,GAAG,CAAC;AAAEF,YAAAA;AAAI,SAAA,CAAA;AAC9C,QAAA,MAAMU,OAAiCD,GAAAA,UAAAA,GACnCN,oBAAqBC,CAAAA,KAAK,CAACK,UAC3B,CAAA,GAAA,IAAA;AAEJ,QAAA,MAAME,cAAcJ,KAAMK,CAAAA,OAAO,IAAIF,OAAAA,EAASE,WAAW,EAAE;;AAG3D,QAAA,MAAMC,iBAAoBF,GAAAA,WAAAA,CAAYvB,GAAG,CAAC,CAAC0B,CAAAA,GAAAA;YACzC,MAAMC,IAAAA,GAAOL,OAASE,EAAAA,OAAAA,CAAQI,IAAK,CAAA,CAACC,KAAOA,EAAGC,CAAAA,GAAG,KAAKJ,CAAAA,CAAEI,GAAG,CAAA;YAC3D,OAAO;AACLA,gBAAAA,GAAAA,EAAKJ,EAAEI,GAAG;AACVC,gBAAAA,KAAAA,EAAOL,CAAEK,CAAAA,KAAK,IAAIJ,IAAAA,EAAMI,KAASjE,IAAAA;AACnC,aAAA;AACF,SAAA,CAAA;AAEA,QAAA,MAAMkE,IAAuB,GAAA;YAC3BC,OAASd,EAAAA,KAAAA,CAAMc,OAAO,IAAI,CAAA;YAC1BT,OAASC,EAAAA,iBAAAA;AACTS,YAAAA,SAAAA,EAAWf,KAAMe,CAAAA,SAAS,IAAI,IAAIC,OAAOC,WAAW;AACtD,SAAA;QAEA,MAAM7D,UAAAA,CAAW8D,GAAG,CAAC;AAAEzB,YAAAA,GAAAA;YAAKC,KAAOmB,EAAAA;AAAK,SAAA,CAAA;QACxC,OAAOA,IAAAA;AACT,KAAA;IACA,OAAO;AACLrD,QAAAA,gBAAAA;AACAgC,QAAAA,iBAAAA;AACAM,QAAAA;AACF,KAAA;AACF;;;;"}

package/dist/server/server/src/services/permission/permissions-manager/sanitize.js.map

@@ -1 +1 @@
-{"version":3,"file":"sanitize.js","sources":["../../../../../../../server/src/services/permission/permissions-manager/sanitize.ts"],"sourcesContent":["import { subject as asSubject, detectSubjectType } from '@casl/ability';\nimport { permittedFieldsOf } from '@casl/ability/extra';\nimport {\n  defaults,\n  omit,\n  isArray,\n  isEmpty,\n  isNil,\n  flatMap,\n  some,\n  prop,\n  uniq,\n  intersection,\n  pick,\n  getOr,\n  isObject,\n  cloneDeep,\n} from 'lodash/fp';\n\nimport type { UID } from '@strapi/types';\n\nimport { contentTypes, traverseEntity, sanitize, async, traverse } from '@strapi/utils';\nimport { ADMIN_USER_ALLOWED_FIELDS } from '../../../domain/user';\n\nconst {\n  visitors: { removePassword, expandWildcardPopulate },\n} = sanitize;\n\nconst {\n  constants,\n  isScalarAttribute,\n  getNonVisibleAttributes,\n  getNonWritableAttributes,\n  getWritableAttributes,\n} = contentTypes;\nconst {\n  ID_ATTRIBUTE,\n  DOC_ID_ATTRIBUTE,\n  CREATED_AT_ATTRIBUTE,\n  UPDATED_AT_ATTRIBUTE,\n  PUBLISHED_AT_ATTRIBUTE,\n  CREATED_BY_ATTRIBUTE,\n  UPDATED_BY_ATTRIBUTE,\n} = constants;\n\nconst COMPONENT_FIELDS = ['__component'];\nconst STATIC_FIELDS = [ID_ATTRIBUTE, DOC_ID_ATTRIBUTE];\n\nexport default ({ action, ability, model }: any) => {\n  const schema = strapi.getModel(model);\n\n  const { removeDisallowedFields } = sanitize.visitors;\n\n  const ctx = {\n    schema,\n    getModel: strapi.getModel.bind(strapi),\n  };\n\n  const createSanitizeQuery = (options = {} as any) => {\n    const { fields } = options;\n\n    // TODO: sanitize relations to admin users in all sanitizers\n    const permittedFields = fields.shouldIncludeAll ? null : getQueryFields(fields.permitted);\n\n    const sanitizeFilters = async.pipe(\n      traverse.traverseQueryFilters(removeDisallowedFields(permittedFields), ctx),\n      traverse.traverseQueryFilters(omitDisallowedAdminUserFields, ctx),\n      traverse.traverseQueryFilters(omitHiddenFields, ctx),\n      traverse.traverseQueryFilters(removePassword, ctx),\n      traverse.traverseQueryFilters(({ key, value }, { remove }) => {\n        if (isObject(value) && isEmpty(value)) {\n          remove(key);\n        }\n      }, ctx)\n    );\n\n    const sanitizeSort = async.pipe(\n      traverse.traverseQuerySort(removeDisallowedFields(permittedFields), ctx),\n      traverse.traverseQuerySort(omitDisallowedAdminUserFields, ctx),\n      traverse.traverseQuerySort(omitHiddenFields, ctx),\n      traverse.traverseQuerySort(removePassword, ctx),\n      traverse.traverseQuerySort(({ key, attribute, value }, { remove }) => {\n        if (!isScalarAttribute(attribute) && isEmpty(value)) {\n          remove(key);\n        }\n      }, ctx)\n    );\n\n    const sanitizePopulate = async.pipe(\n      traverse.traverseQueryPopulate(expandWildcardPopulate, ctx),\n      traverse.traverseQueryPopulate(removeDisallowedFields(permittedFields), ctx),\n      traverse.traverseQueryPopulate(omitDisallowedAdminUserFields, ctx),\n      traverse.traverseQueryPopulate(omitHiddenFields, ctx),\n      traverse.traverseQueryPopulate(removePassword, ctx)\n    );\n\n    const sanitizeFields = async.pipe(\n      traverse.traverseQueryFields(removeDisallowedFields(permittedFields), ctx),\n      traverse.traverseQueryFields(omitHiddenFields, ctx),\n      traverse.traverseQueryFields(removePassword, ctx)\n    );\n\n    return async (query: any) => {\n      const sanitizedQuery = cloneDeep(query);\n\n      if (query.filters) {\n        Object.assign(sanitizedQuery, { filters: await sanitizeFilters(query.filters) });\n      }\n\n      if (query.sort) {\n        Object.assign(sanitizedQuery, { sort: await sanitizeSort(query.sort) });\n      }\n\n      if (query.populate) {\n        Object.assign(sanitizedQuery, { populate: await sanitizePopulate(query.populate) });\n      }\n\n      if (query.fields) {\n        Object.assign(sanitizedQuery, { fields: await sanitizeFields(query.fields) });\n      }\n\n      return sanitizedQuery;\n    };\n  };\n\n  const createSanitizeOutput = (options = {} as any) => {\n    const { fields } = options;\n\n    const permittedFields = fields.shouldIncludeAll ? null : getOutputFields(fields.permitted);\n\n    return async.pipe(\n      // Remove fields hidden from the admin\n      traverseEntity(omitHiddenFields, ctx),\n      // Remove unallowed fields from admin::user relations\n      traverseEntity(pickAllowedAdminUserFields, ctx),\n      // Remove not allowed fields (RBAC)\n      traverseEntity(removeDisallowedFields(permittedFields), ctx),\n      // Remove all fields of type 'password'\n      sanitize.sanitizers.sanitizePasswords({\n        schema,\n        getModel(uid: string) {\n          return strapi.getModel(uid as UID.Schema);\n        },\n      })\n    );\n  };\n\n  const createSanitizeInput = (options = {} as any) => {\n    const { fields } = options;\n\n    const permittedFields = fields.shouldIncludeAll ? null : getInputFields(fields.permitted);\n\n    return async.pipe(\n      // Remove fields hidden from the admin\n      traverseEntity(omitHiddenFields, ctx),\n      // Remove not allowed fields (RBAC)\n      traverseEntity(removeDisallowedFields(permittedFields), ctx),\n      // Remove roles from createdBy & updatedBy fields\n      omitCreatorRoles\n    );\n  };\n\n  const wrapSanitize = (createSanitizeFunction: any) => {\n    // TODO\n    // @ts-expect-error define the correct return type\n    const wrappedSanitize = async (data: unknown, options = {} as any) => {\n      if (isArray(data)) {\n        return Promise.all(data.map((entity: unknown) => wrappedSanitize(entity, options)));\n      }\n\n      const { subject, action: actionOverride } = getDefaultOptions(data, options);\n\n      const permittedFields = permittedFieldsOf(ability, actionOverride, subject, {\n        fieldsFrom: (rule) => rule.fields || [],\n      });\n\n      const hasAtLeastOneRegistered = some(\n        (fields) => !isNil(fields),\n        flatMap(prop('fields'), ability.rulesFor(actionOverride, detectSubjectType(subject)))\n      );\n      const shouldIncludeAllFields = isEmpty(permittedFields) && !hasAtLeastOneRegistered;\n\n      const sanitizeOptions = {\n        ...options,\n        fields: {\n          shouldIncludeAll: shouldIncludeAllFields,\n          permitted: permittedFields,\n          hasAtLeastOneRegistered,\n        },\n      };\n\n      const sanitizeFunction = createSanitizeFunction(sanitizeOptions);\n\n      return sanitizeFunction(data);\n    };\n\n    return wrappedSanitize;\n  };\n\n  const getDefaultOptions = (data: any, options: unknown) => {\n    return defaults({ subject: asSubject(model, data), action }, options);\n  };\n\n  /**\n   * Omit creator fields' (createdBy & updatedBy) roles from the admin API responses\n   */\n  const omitCreatorRoles = omit([`${CREATED_BY_ATTRIBUTE}.roles`, `${UPDATED_BY_ATTRIBUTE}.roles`]);\n\n  /**\n   * Visitor used to remove hidden fields from the admin API responses\n   */\n  const omitHiddenFields = ({ key, schema }: any, { remove }: any) => {\n    const isHidden = getOr(false, ['config', 'attributes', key, 'hidden'], schema);\n\n    if (isHidden) {\n      remove(key);\n    }\n  };\n\n  /**\n   * Visitor used to only select needed fields from the admin users entities & avoid leaking sensitive information\n   */\n  const pickAllowedAdminUserFields = ({ attribute, key, value }: any, { set }: any) => {\n    const pickAllowedFields = pick(ADMIN_USER_ALLOWED_FIELDS);\n    if (!attribute) {\n      return;\n    }\n\n    if (attribute.type === 'relation' && attribute.target === 'admin::user' && value) {\n      if (Array.isArray(value)) {\n        set(key, value.map(pickAllowedFields));\n      } else {\n        set(key, pickAllowedFields(value));\n      }\n    }\n  };\n\n  /**\n   * Visitor used to omit disallowed fields from the admin users entities & avoid leaking sensitive information\n   */\n  const omitDisallowedAdminUserFields = ({ key, attribute, schema }: any, { remove }: any) => {\n    if (schema.uid === 'admin::user' && attribute && !ADMIN_USER_ALLOWED_FIELDS.includes(key)) {\n      remove(key);\n    }\n  };\n\n  const getInputFields = (fields = []) => {\n    const nonVisibleAttributes = getNonVisibleAttributes(schema);\n    const writableAttributes = getWritableAttributes(schema);\n\n    const nonVisibleWritableAttributes = intersection(nonVisibleAttributes, writableAttributes);\n\n    return uniq([...fields, ...COMPONENT_FIELDS, ...nonVisibleWritableAttributes]);\n  };\n\n  const getOutputFields = (fields = []) => {\n    const nonWritableAttributes = getNonWritableAttributes(schema);\n    const nonVisibleAttributes = getNonVisibleAttributes(schema);\n\n    return uniq([\n      ...fields,\n      ...STATIC_FIELDS,\n      ...COMPONENT_FIELDS,\n      ...nonWritableAttributes,\n      ...nonVisibleAttributes,\n      CREATED_AT_ATTRIBUTE,\n      UPDATED_AT_ATTRIBUTE,\n    ]);\n  };\n\n  const getQueryFields = (fields = []) => {\n    const nonVisibleAttributes = getNonVisibleAttributes(schema);\n    const writableAttributes = getWritableAttributes(schema);\n\n    const nonVisibleWritableAttributes = intersection(nonVisibleAttributes, writableAttributes);\n\n    return uniq([\n      ...fields,\n      ...STATIC_FIELDS,\n      ...COMPONENT_FIELDS,\n      ...nonVisibleWritableAttributes,\n      CREATED_AT_ATTRIBUTE,\n      UPDATED_AT_ATTRIBUTE,\n      PUBLISHED_AT_ATTRIBUTE,\n      CREATED_BY_ATTRIBUTE,\n      UPDATED_BY_ATTRIBUTE,\n    ]);\n  };\n\n  return {\n    sanitizeOutput: wrapSanitize(createSanitizeOutput),\n    sanitizeInput: wrapSanitize(createSanitizeInput),\n    sanitizeQuery: wrapSanitize(createSanitizeQuery),\n  };\n};\n"],"names":["visitors","removePassword","expandWildcardPopulate","sanitize","constants","isScalarAttribute","getNonVisibleAttributes","getNonWritableAttributes","getWritableAttributes","contentTypes","ID_ATTRIBUTE","DOC_ID_ATTRIBUTE","CREATED_AT_ATTRIBUTE","UPDATED_AT_ATTRIBUTE","PUBLISHED_AT_ATTRIBUTE","CREATED_BY_ATTRIBUTE","UPDATED_BY_ATTRIBUTE","COMPONENT_FIELDS","STATIC_FIELDS","action","ability","model","schema","strapi","getModel","removeDisallowedFields","ctx","bind","createSanitizeQuery","options","fields","permittedFields","shouldIncludeAll","getQueryFields","permitted","sanitizeFilters","async","pipe","traverse","traverseQueryFilters","omitDisallowedAdminUserFields","omitHiddenFields","key","value","remove","isObject","isEmpty","sanitizeSort","traverseQuerySort","attribute","sanitizePopulate","traverseQueryPopulate","sanitizeFields","traverseQueryFields","query","sanitizedQuery","cloneDeep","filters","Object","assign","sort","populate","createSanitizeOutput","getOutputFields","traverseEntity","pickAllowedAdminUserFields","sanitizers","sanitizePasswords","uid","createSanitizeInput","getInputFields","omitCreatorRoles","wrapSanitize","createSanitizeFunction","wrappedSanitize","data","isArray","Promise","all","map","entity","subject","actionOverride","getDefaultOptions","permittedFieldsOf","fieldsFrom","rule","hasAtLeastOneRegistered","some","isNil","flatMap","prop","rulesFor","detectSubjectType","shouldIncludeAllFields","sanitizeOptions","sanitizeFunction","defaults","asSubject","omit","isHidden","getOr","set","pickAllowedFields","pick","ADMIN_USER_ALLOWED_FIELDS","type","target","Array","includes","nonVisibleAttributes","writableAttributes","nonVisibleWritableAttributes","intersection","uniq","nonWritableAttributes","sanitizeOutput","sanitizeInput","sanitizeQuery"],"mappings":";;;;;;;;AAwBA,MAAM,EACJA,UAAU,EAAEC,cAAc,EAAEC,sBAAsB,EAAE,EACrD,GAAGC,cAAAA;AAEJ,MAAM,EACJC,SAAS,EACTC,iBAAiB,EACjBC,uBAAuB,EACvBC,wBAAwB,EACxBC,qBAAqB,EACtB,GAAGC,kBAAAA;AACJ,MAAM,EACJC,YAAY,EACZC,gBAAgB,EAChBC,oBAAoB,EACpBC,oBAAoB,EACpBC,sBAAsB,EACtBC,oBAAoB,EACpBC,oBAAoB,EACrB,GAAGZ,SAAAA;AAEJ,MAAMa,gBAAmB,GAAA;AAAC,IAAA;AAAc,CAAA;AACxC,MAAMC,aAAgB,GAAA;AAACR,IAAAA,YAAAA;AAAcC,IAAAA;AAAiB,CAAA;AAEtD,4BAAe,CAAA,CAAC,EAAEQ,MAAM,WAAEC,SAAO,EAAEC,KAAK,EAAO,GAAA;IAC7C,MAAMC,MAAAA,GAASC,MAAOC,CAAAA,QAAQ,CAACH,KAAAA,CAAAA;AAE/B,IAAA,MAAM,EAAEI,sBAAsB,EAAE,GAAGtB,eAASH,QAAQ;AAEpD,IAAA,MAAM0B,GAAM,GAAA;AACVJ,QAAAA,MAAAA;AACAE,QAAAA,QAAAA,EAAUD,MAAOC,CAAAA,QAAQ,CAACG,IAAI,CAACJ,MAAAA;AACjC,KAAA;AAEA,IAAA,MAAMK,mBAAsB,GAAA,CAACC,OAAU,GAAA,EAAS,GAAA;QAC9C,MAAM,EAAEC,MAAM,EAAE,GAAGD,OAAAA;;AAGnB,QAAA,MAAME,kBAAkBD,MAAOE,CAAAA,gBAAgB,GAAG,IAAOC,GAAAA,cAAAA,CAAeH,OAAOI,SAAS,CAAA;AAExF,QAAA,MAAMC,kBAAkBC,WAAMC,CAAAA,IAAI,CAChCC,cAAAA,CAASC,oBAAoB,CAACd,sBAAAA,CAAuBM,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA,EACvEY,eAASC,oBAAoB,CAACC,6BAA+Bd,EAAAA,GAAAA,CAAAA,EAC7DY,eAASC,oBAAoB,CAACE,gBAAkBf,EAAAA,GAAAA,CAAAA,EAChDY,eAASC,oBAAoB,CAACtC,cAAgByB,EAAAA,GAAAA,CAAAA,EAC9CY,eAASC,oBAAoB,CAAC,CAAC,EAAEG,GAAG,EAAEC,KAAK,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;YACvD,IAAIC,WAAAA,CAASF,KAAUG,CAAAA,IAAAA,UAAAA,CAAQH,KAAQ,CAAA,EAAA;gBACrCC,MAAOF,CAAAA,GAAAA,CAAAA;AACT;SACChB,EAAAA,GAAAA,CAAAA,CAAAA;AAGL,QAAA,MAAMqB,eAAeX,WAAMC,CAAAA,IAAI,CAC7BC,cAAAA,CAASU,iBAAiB,CAACvB,sBAAAA,CAAuBM,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA,EACpEY,eAASU,iBAAiB,CAACR,+BAA+Bd,GAC1DY,CAAAA,EAAAA,cAAAA,CAASU,iBAAiB,CAACP,gBAAAA,EAAkBf,GAC7CY,CAAAA,EAAAA,cAAAA,CAASU,iBAAiB,CAAC/C,cAAAA,EAAgByB,MAC3CY,cAASU,CAAAA,iBAAiB,CAAC,CAAC,EAAEN,GAAG,EAAEO,SAAS,EAAEN,KAAK,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;AAC/D,YAAA,IAAI,CAACvC,iBAAAA,CAAkB4C,SAAcH,CAAAA,IAAAA,UAAAA,CAAQH,KAAQ,CAAA,EAAA;gBACnDC,MAAOF,CAAAA,GAAAA,CAAAA;AACT;SACChB,EAAAA,GAAAA,CAAAA,CAAAA;AAGL,QAAA,MAAMwB,gBAAmBd,GAAAA,WAAAA,CAAMC,IAAI,CACjCC,cAASa,CAAAA,qBAAqB,CAACjD,sBAAAA,EAAwBwB,GACvDY,CAAAA,EAAAA,cAAAA,CAASa,qBAAqB,CAAC1B,sBAAuBM,CAAAA,eAAAA,CAAAA,EAAkBL,GACxEY,CAAAA,EAAAA,cAAAA,CAASa,qBAAqB,CAACX,6BAA+Bd,EAAAA,GAAAA,CAAAA,EAC9DY,cAASa,CAAAA,qBAAqB,CAACV,gBAAAA,EAAkBf,GACjDY,CAAAA,EAAAA,cAAAA,CAASa,qBAAqB,CAAClD,cAAgByB,EAAAA,GAAAA,CAAAA,CAAAA;AAGjD,QAAA,MAAM0B,iBAAiBhB,WAAMC,CAAAA,IAAI,CAC/BC,cAASe,CAAAA,mBAAmB,CAAC5B,sBAAuBM,CAAAA,eAAAA,CAAAA,EAAkBL,GACtEY,CAAAA,EAAAA,cAAAA,CAASe,mBAAmB,CAACZ,gBAAAA,EAAkBf,MAC/CY,cAASe,CAAAA,mBAAmB,CAACpD,cAAgByB,EAAAA,GAAAA,CAAAA,CAAAA;AAG/C,QAAA,OAAO,OAAO4B,KAAAA,GAAAA;AACZ,YAAA,MAAMC,iBAAiBC,YAAUF,CAAAA,KAAAA,CAAAA;YAEjC,IAAIA,KAAAA,CAAMG,OAAO,EAAE;gBACjBC,MAAOC,CAAAA,MAAM,CAACJ,cAAgB,EAAA;oBAAEE,OAAS,EAAA,MAAMtB,eAAgBmB,CAAAA,KAAAA,CAAMG,OAAO;AAAE,iBAAA,CAAA;AAChF;YAEA,IAAIH,KAAAA,CAAMM,IAAI,EAAE;gBACdF,MAAOC,CAAAA,MAAM,CAACJ,cAAgB,EAAA;oBAAEK,IAAM,EAAA,MAAMb,YAAaO,CAAAA,KAAAA,CAAMM,IAAI;AAAE,iBAAA,CAAA;AACvE;YAEA,IAAIN,KAAAA,CAAMO,QAAQ,EAAE;gBAClBH,MAAOC,CAAAA,MAAM,CAACJ,cAAgB,EAAA;oBAAEM,QAAU,EAAA,MAAMX,gBAAiBI,CAAAA,KAAAA,CAAMO,QAAQ;AAAE,iBAAA,CAAA;AACnF;YAEA,IAAIP,KAAAA,CAAMxB,MAAM,EAAE;gBAChB4B,MAAOC,CAAAA,MAAM,CAACJ,cAAgB,EAAA;oBAAEzB,MAAQ,EAAA,MAAMsB,cAAeE,CAAAA,KAAAA,CAAMxB,MAAM;AAAE,iBAAA,CAAA;AAC7E;YAEA,OAAOyB,cAAAA;AACT,SAAA;AACF,KAAA;AAEA,IAAA,MAAMO,oBAAuB,GAAA,CAACjC,OAAU,GAAA,EAAS,GAAA;QAC/C,MAAM,EAAEC,MAAM,EAAE,GAAGD,OAAAA;AAEnB,QAAA,MAAME,kBAAkBD,MAAOE,CAAAA,gBAAgB,GAAG,IAAO+B,GAAAA,eAAAA,CAAgBjC,OAAOI,SAAS,CAAA;QAEzF,OAAOE,WAAAA,CAAMC,IAAI;QAEf2B,oBAAevB,CAAAA,gBAAAA,EAAkBf;QAEjCsC,oBAAeC,CAAAA,0BAAAA,EAA4BvC;QAE3CsC,oBAAevC,CAAAA,sBAAAA,CAAuBM,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA;QAExDvB,cAAS+D,CAAAA,UAAU,CAACC,iBAAiB,CAAC;AACpC7C,YAAAA,MAAAA;AACAE,YAAAA,QAAAA,CAAAA,CAAS4C,GAAW,EAAA;gBAClB,OAAO7C,MAAAA,CAAOC,QAAQ,CAAC4C,GAAAA,CAAAA;AACzB;AACF,SAAA,CAAA,CAAA;AAEJ,KAAA;AAEA,IAAA,MAAMC,mBAAsB,GAAA,CAACxC,OAAU,GAAA,EAAS,GAAA;QAC9C,MAAM,EAAEC,MAAM,EAAE,GAAGD,OAAAA;AAEnB,QAAA,MAAME,kBAAkBD,MAAOE,CAAAA,gBAAgB,GAAG,IAAOsC,GAAAA,cAAAA,CAAexC,OAAOI,SAAS,CAAA;QAExF,OAAOE,WAAAA,CAAMC,IAAI;QAEf2B,oBAAevB,CAAAA,gBAAAA,EAAkBf;QAEjCsC,oBAAevC,CAAAA,sBAAAA,CAAuBM,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA;AAExD6C,QAAAA,gBAAAA,CAAAA;AAEJ,KAAA;AAEA,IAAA,MAAMC,eAAe,CAACC,sBAAAA,GAAAA;;;AAGpB,QAAA,MAAMC,eAAkB,GAAA,OAAOC,IAAe9C,EAAAA,OAAAA,GAAU,EAAS,GAAA;AAC/D,YAAA,IAAI+C,WAAQD,IAAO,CAAA,EAAA;gBACjB,OAAOE,OAAAA,CAAQC,GAAG,CAACH,IAAAA,CAAKI,GAAG,CAAC,CAACC,MAAoBN,GAAAA,eAAAA,CAAgBM,MAAQnD,EAAAA,OAAAA,CAAAA,CAAAA,CAAAA;AAC3E;YAEA,MAAM,EAAEoD,OAAO,EAAE9D,MAAAA,EAAQ+D,cAAc,EAAE,GAAGC,kBAAkBR,IAAM9C,EAAAA,OAAAA,CAAAA;AAEpE,YAAA,MAAME,eAAkBqD,GAAAA,uBAAAA,CAAkBhE,SAAS8D,EAAAA,cAAAA,EAAgBD,OAAS,EAAA;AAC1EI,gBAAAA,UAAAA,EAAY,CAACC,IAAAA,GAASA,IAAKxD,CAAAA,MAAM,IAAI;AACvC,aAAA,CAAA;AAEA,YAAA,MAAMyD,uBAA0BC,GAAAA,OAAAA,CAC9B,CAAC1D,MAAAA,GAAW,CAAC2D,QAAM3D,CAAAA,MAAAA,CAAAA,EACnB4D,UAAQC,CAAAA,OAAAA,CAAK,QAAWvE,CAAAA,EAAAA,SAAAA,CAAQwE,QAAQ,CAACV,gBAAgBW,yBAAkBZ,CAAAA,OAAAA,CAAAA,CAAAA,CAAAA,CAAAA;YAE7E,MAAMa,sBAAAA,GAAyBhD,UAAQf,CAAAA,eAAAA,CAAAA,IAAoB,CAACwD,uBAAAA;AAE5D,YAAA,MAAMQ,eAAkB,GAAA;AACtB,gBAAA,GAAGlE,OAAO;gBACVC,MAAQ,EAAA;oBACNE,gBAAkB8D,EAAAA,sBAAAA;oBAClB5D,SAAWH,EAAAA,eAAAA;AACXwD,oBAAAA;AACF;AACF,aAAA;AAEA,YAAA,MAAMS,mBAAmBvB,sBAAuBsB,CAAAA,eAAAA,CAAAA;AAEhD,YAAA,OAAOC,gBAAiBrB,CAAAA,IAAAA,CAAAA;AAC1B,SAAA;QAEA,OAAOD,eAAAA;AACT,KAAA;IAEA,MAAMS,iBAAAA,GAAoB,CAACR,IAAW9C,EAAAA,OAAAA,GAAAA;AACpC,QAAA,OAAOoE,WAAS,CAAA;AAAEhB,YAAAA,OAAAA,EAASiB,gBAAU7E,KAAOsD,EAAAA,IAAAA,CAAAA;AAAOxD,YAAAA;SAAUU,EAAAA,OAAAA,CAAAA;AAC/D,KAAA;AAEA;;MAGA,MAAM0C,mBAAmB4B,OAAK,CAAA;QAAC,CAAC,EAAEpF,oBAAqB,CAAA,MAAM,CAAC;QAAE,CAAC,EAAEC,oBAAqB,CAAA,MAAM;AAAE,KAAA,CAAA;AAEhG;;MAGA,MAAMyB,gBAAmB,GAAA,CAAC,EAAEC,GAAG,EAAEpB,MAAM,EAAO,EAAE,EAAEsB,MAAM,EAAO,GAAA;QAC7D,MAAMwD,QAAAA,GAAWC,SAAM,KAAO,EAAA;AAAC,YAAA,QAAA;AAAU,YAAA,YAAA;AAAc3D,YAAAA,GAAAA;AAAK,YAAA;SAAS,EAAEpB,MAAAA,CAAAA;AAEvE,QAAA,IAAI8E,QAAU,EAAA;YACZxD,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA;AAEA;;AAEC,MACD,MAAMuB,0BAAAA,GAA6B,CAAC,EAAEhB,SAAS,EAAEP,GAAG,EAAEC,KAAK,EAAO,EAAE,EAAE2D,GAAG,EAAO,GAAA;AAC9E,QAAA,MAAMC,oBAAoBC,OAAKC,CAAAA,8BAAAA,CAAAA;AAC/B,QAAA,IAAI,CAACxD,SAAW,EAAA;AACd,YAAA;AACF;QAEA,IAAIA,SAAAA,CAAUyD,IAAI,KAAK,UAAA,IAAczD,UAAU0D,MAAM,KAAK,iBAAiBhE,KAAO,EAAA;YAChF,IAAIiE,KAAAA,CAAMhC,OAAO,CAACjC,KAAQ,CAAA,EAAA;gBACxB2D,GAAI5D,CAAAA,GAAAA,EAAKC,KAAMoC,CAAAA,GAAG,CAACwB,iBAAAA,CAAAA,CAAAA;aACd,MAAA;AACLD,gBAAAA,GAAAA,CAAI5D,KAAK6D,iBAAkB5D,CAAAA,KAAAA,CAAAA,CAAAA;AAC7B;AACF;AACF,KAAA;AAEA;;AAEC,MACD,MAAMH,6BAAAA,GAAgC,CAAC,EAAEE,GAAG,EAAEO,SAAS,EAAE3B,MAAM,EAAO,EAAE,EAAEsB,MAAM,EAAO,GAAA;QACrF,IAAItB,MAAAA,CAAO8C,GAAG,KAAK,aAAA,IAAiBnB,aAAa,CAACwD,8BAAAA,CAA0BI,QAAQ,CAACnE,GAAM,CAAA,EAAA;YACzFE,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA;IAEA,MAAM4B,cAAAA,GAAiB,CAACxC,MAAAA,GAAS,EAAE,GAAA;AACjC,QAAA,MAAMgF,uBAAuBxG,uBAAwBgB,CAAAA,MAAAA,CAAAA;AACrD,QAAA,MAAMyF,qBAAqBvG,qBAAsBc,CAAAA,MAAAA,CAAAA;QAEjD,MAAM0F,4BAAAA,GAA+BC,gBAAaH,oBAAsBC,EAAAA,kBAAAA,CAAAA;AAExE,QAAA,OAAOG,OAAK,CAAA;AAAIpF,YAAAA,GAAAA,MAAAA;AAAWb,YAAAA,GAAAA,gBAAAA;AAAqB+F,YAAAA,GAAAA;AAA6B,SAAA,CAAA;AAC/E,KAAA;IAEA,MAAMjD,eAAAA,GAAkB,CAACjC,MAAAA,GAAS,EAAE,GAAA;AAClC,QAAA,MAAMqF,wBAAwB5G,wBAAyBe,CAAAA,MAAAA,CAAAA;AACvD,QAAA,MAAMwF,uBAAuBxG,uBAAwBgB,CAAAA,MAAAA,CAAAA;AAErD,QAAA,OAAO4F,OAAK,CAAA;AACPpF,YAAAA,GAAAA,MAAAA;AACAZ,YAAAA,GAAAA,aAAAA;AACAD,YAAAA,GAAAA,gBAAAA;AACAkG,YAAAA,GAAAA,qBAAAA;AACAL,YAAAA,GAAAA,oBAAAA;AACHlG,YAAAA,oBAAAA;AACAC,YAAAA;AACD,SAAA,CAAA;AACH,KAAA;IAEA,MAAMoB,cAAAA,GAAiB,CAACH,MAAAA,GAAS,EAAE,GAAA;AACjC,QAAA,MAAMgF,uBAAuBxG,uBAAwBgB,CAAAA,MAAAA,CAAAA;AACrD,QAAA,MAAMyF,qBAAqBvG,qBAAsBc,CAAAA,MAAAA,CAAAA;QAEjD,MAAM0F,4BAAAA,GAA+BC,gBAAaH,oBAAsBC,EAAAA,kBAAAA,CAAAA;AAExE,QAAA,OAAOG,OAAK,CAAA;AACPpF,YAAAA,GAAAA,MAAAA;AACAZ,YAAAA,GAAAA,aAAAA;AACAD,YAAAA,GAAAA,gBAAAA;AACA+F,YAAAA,GAAAA,4BAAAA;AACHpG,YAAAA,oBAAAA;AACAC,YAAAA,oBAAAA;AACAC,YAAAA,sBAAAA;AACAC,YAAAA,oBAAAA;AACAC,YAAAA;AACD,SAAA,CAAA;AACH,KAAA;IAEA,OAAO;AACLoG,QAAAA,cAAAA,EAAgB5C,YAAaV,CAAAA,oBAAAA,CAAAA;AAC7BuD,QAAAA,aAAAA,EAAe7C,YAAaH,CAAAA,mBAAAA,CAAAA;AAC5BiD,QAAAA,aAAAA,EAAe9C,YAAa5C,CAAAA,mBAAAA;AAC9B,KAAA;AACF,CAAA;;;;"}
+{"version":3,"file":"sanitize.js","sources":["../../../../../../../server/src/services/permission/permissions-manager/sanitize.ts"],"sourcesContent":["import { subject as asSubject, detectSubjectType } from '@casl/ability';\nimport { permittedFieldsOf } from '@casl/ability/extra';\nimport {\n  defaults,\n  omit,\n  isArray,\n  isEmpty,\n  isNil,\n  flatMap,\n  some,\n  prop,\n  uniq,\n  intersection,\n  pick,\n  getOr,\n  isObject,\n  cloneDeep,\n} from 'lodash/fp';\n\nimport type { UID } from '@strapi/types';\n\nimport { contentTypes, traverseEntity, sanitize, async, traverse } from '@strapi/utils';\nimport { ADMIN_USER_ALLOWED_FIELDS } from '../../../domain/user';\n\nconst {\n  visitors: { removePassword, expandWildcardPopulate },\n} = sanitize;\n\nconst {\n  constants,\n  isScalarAttribute,\n  getNonVisibleAttributes,\n  getNonWritableAttributes,\n  getWritableAttributes,\n} = contentTypes;\nconst {\n  ID_ATTRIBUTE,\n  DOC_ID_ATTRIBUTE,\n  CREATED_AT_ATTRIBUTE,\n  UPDATED_AT_ATTRIBUTE,\n  PUBLISHED_AT_ATTRIBUTE,\n  CREATED_BY_ATTRIBUTE,\n  UPDATED_BY_ATTRIBUTE,\n} = constants;\n\nconst COMPONENT_FIELDS = ['__component'];\nconst STATIC_FIELDS = [ID_ATTRIBUTE, DOC_ID_ATTRIBUTE];\n\nexport default ({ action, ability, model }: any) => {\n  const schema = strapi.getModel(model);\n\n  const { removeDisallowedFields } = sanitize.visitors;\n\n  const ctx = {\n    schema,\n    getModel: strapi.getModel.bind(strapi),\n  };\n\n  const createSanitizeQuery = (options = {} as any) => {\n    const { fields } = options;\n\n    // TODO: sanitize relations to admin users in all sanitizers\n    const permittedFields = fields.shouldIncludeAll ? null : getQueryFields(fields.permitted);\n\n    const sanitizeFilters = async.pipe(\n      traverse.traverseQueryFilters(removeDisallowedFields(permittedFields), ctx),\n      traverse.traverseQueryFilters(omitDisallowedAdminUserFields, ctx),\n      traverse.traverseQueryFilters(omitHiddenFields, ctx),\n      traverse.traverseQueryFilters(removePassword, ctx),\n      traverse.traverseQueryFilters(({ key, value }, { remove }) => {\n        if (isObject(value) && isEmpty(value)) {\n          remove(key);\n        }\n      }, ctx)\n    );\n\n    const sanitizeSort = async.pipe(\n      traverse.traverseQuerySort(removeDisallowedFields(permittedFields), ctx),\n      traverse.traverseQuerySort(omitDisallowedAdminUserFields, ctx),\n      traverse.traverseQuerySort(omitHiddenFields, ctx),\n      traverse.traverseQuerySort(removePassword, ctx),\n      traverse.traverseQuerySort(({ key, attribute, value }, { remove }) => {\n        if (!isScalarAttribute(attribute) && isEmpty(value)) {\n          remove(key);\n        }\n      }, ctx)\n    );\n\n    const sanitizePopulate = async.pipe(\n      traverse.traverseQueryPopulate(expandWildcardPopulate, ctx),\n      traverse.traverseQueryPopulate(removeDisallowedFields(permittedFields), ctx),\n      traverse.traverseQueryPopulate(omitDisallowedAdminUserFields, ctx),\n      traverse.traverseQueryPopulate(omitHiddenFields, ctx),\n      traverse.traverseQueryPopulate(removePassword, ctx)\n    );\n\n    const sanitizeFields = async.pipe(\n      traverse.traverseQueryFields(removeDisallowedFields(permittedFields), ctx),\n      traverse.traverseQueryFields(omitHiddenFields, ctx),\n      traverse.traverseQueryFields(removePassword, ctx)\n    );\n\n    return async (query: any) => {\n      const sanitizedQuery = cloneDeep(query);\n\n      if (query.filters) {\n        Object.assign(sanitizedQuery, { filters: await sanitizeFilters(query.filters) });\n      }\n\n      if (query.sort) {\n        Object.assign(sanitizedQuery, { sort: await sanitizeSort(query.sort) });\n      }\n\n      if (query.populate) {\n        Object.assign(sanitizedQuery, { populate: await sanitizePopulate(query.populate) });\n      }\n\n      if (query.fields) {\n        Object.assign(sanitizedQuery, { fields: await sanitizeFields(query.fields) });\n      }\n\n      return sanitizedQuery;\n    };\n  };\n\n  const createSanitizeOutput = (options = {} as any) => {\n    const { fields } = options;\n\n    const permittedFields = fields.shouldIncludeAll ? null : getOutputFields(fields.permitted);\n\n    return async.pipe(\n      // Remove fields hidden from the admin\n      traverseEntity(omitHiddenFields, ctx),\n      // Remove unallowed fields from admin::user relations\n      traverseEntity(pickAllowedAdminUserFields, ctx),\n      // Remove not allowed fields (RBAC)\n      traverseEntity(removeDisallowedFields(permittedFields), ctx),\n      // Remove all fields of type 'password'\n      sanitize.sanitizers.sanitizePasswords({\n        schema,\n        getModel(uid: string) {\n          return strapi.getModel(uid as UID.Schema);\n        },\n      })\n    );\n  };\n\n  const createSanitizeInput = (options = {} as any) => {\n    const { fields } = options;\n\n    const permittedFields = fields.shouldIncludeAll ? null : getInputFields(fields.permitted);\n\n    return async.pipe(\n      // Remove fields hidden from the admin\n      traverseEntity(omitHiddenFields, ctx),\n      // Remove not allowed fields (RBAC)\n      traverseEntity(removeDisallowedFields(permittedFields), ctx),\n      // Remove roles from createdBy & updatedBy fields\n      omitCreatorRoles\n    );\n  };\n\n  const wrapSanitize = (createSanitizeFunction: any) => {\n    // TODO\n    // @ts-expect-error define the correct return type\n    const wrappedSanitize = async (data: unknown, options = {} as any) => {\n      if (isArray(data)) {\n        return Promise.all(data.map((entity: unknown) => wrappedSanitize(entity, options)));\n      }\n\n      const { subject, action: actionOverride } = getDefaultOptions(data, options);\n\n      const permittedFields = permittedFieldsOf(ability, actionOverride, subject, {\n        fieldsFrom: (rule) => rule.fields || [],\n      });\n\n      const hasAtLeastOneRegistered = some(\n        (fields) => !isNil(fields),\n        flatMap(prop('fields'), ability.rulesFor(actionOverride, detectSubjectType(subject)))\n      );\n      const shouldIncludeAllFields = isEmpty(permittedFields) && !hasAtLeastOneRegistered;\n\n      const sanitizeOptions = {\n        ...options,\n        fields: {\n          shouldIncludeAll: shouldIncludeAllFields,\n          permitted: permittedFields,\n          hasAtLeastOneRegistered,\n        },\n      };\n\n      const sanitizeFunction = createSanitizeFunction(sanitizeOptions);\n\n      return sanitizeFunction(data);\n    };\n\n    return wrappedSanitize;\n  };\n\n  const getDefaultOptions = (data: any, options: unknown) => {\n    return defaults({ subject: asSubject(model, data), action }, options);\n  };\n\n  /**\n   * Omit creator fields' (createdBy & updatedBy) roles from the admin API responses\n   */\n  const omitCreatorRoles = omit([`${CREATED_BY_ATTRIBUTE}.roles`, `${UPDATED_BY_ATTRIBUTE}.roles`]);\n\n  /**\n   * Visitor used to remove hidden fields from the admin API responses\n   */\n  const omitHiddenFields = ({ key, schema }: any, { remove }: any) => {\n    const isHidden = getOr(false, ['config', 'attributes', key, 'hidden'], schema);\n\n    if (isHidden) {\n      remove(key);\n    }\n  };\n\n  /**\n   * Visitor used to only select needed fields from the admin users entities & avoid leaking sensitive information\n   */\n  const pickAllowedAdminUserFields = ({ attribute, key, value }: any, { set }: any) => {\n    const pickAllowedFields = pick(ADMIN_USER_ALLOWED_FIELDS);\n    if (!attribute) {\n      return;\n    }\n\n    if (attribute.type === 'relation' && attribute.target === 'admin::user' && value) {\n      if (Array.isArray(value)) {\n        set(key, value.map(pickAllowedFields));\n      } else {\n        set(key, pickAllowedFields(value));\n      }\n    }\n  };\n\n  /**\n   * Visitor used to omit disallowed fields from the admin users entities & avoid leaking sensitive information\n   */\n  const omitDisallowedAdminUserFields = ({ key, attribute, schema }: any, { remove }: any) => {\n    if (schema.uid === 'admin::user' && attribute && !ADMIN_USER_ALLOWED_FIELDS.includes(key)) {\n      remove(key);\n    }\n  };\n\n  const getInputFields = (fields = []) => {\n    const nonVisibleAttributes = getNonVisibleAttributes(schema);\n    const writableAttributes = getWritableAttributes(schema);\n\n    const nonVisibleWritableAttributes = intersection(nonVisibleAttributes, writableAttributes);\n\n    return uniq([...fields, ...COMPONENT_FIELDS, ...nonVisibleWritableAttributes]);\n  };\n\n  const getOutputFields = (fields = []) => {\n    const nonWritableAttributes = getNonWritableAttributes(schema);\n    const nonVisibleAttributes = getNonVisibleAttributes(schema);\n\n    return uniq([\n      ...fields,\n      ...STATIC_FIELDS,\n      ...COMPONENT_FIELDS,\n      ...nonWritableAttributes,\n      ...nonVisibleAttributes,\n      CREATED_AT_ATTRIBUTE,\n      UPDATED_AT_ATTRIBUTE,\n    ]);\n  };\n\n  const getQueryFields = (fields = []) => {\n    const nonVisibleAttributes = getNonVisibleAttributes(schema);\n    const writableAttributes = getWritableAttributes(schema);\n\n    const nonVisibleWritableAttributes = intersection(nonVisibleAttributes, writableAttributes);\n\n    return uniq([\n      ...fields,\n      ...STATIC_FIELDS,\n      ...COMPONENT_FIELDS,\n      ...nonVisibleWritableAttributes,\n      CREATED_AT_ATTRIBUTE,\n      UPDATED_AT_ATTRIBUTE,\n      PUBLISHED_AT_ATTRIBUTE,\n      CREATED_BY_ATTRIBUTE,\n      UPDATED_BY_ATTRIBUTE,\n    ]);\n  };\n\n  return {\n    sanitizeOutput: wrapSanitize(createSanitizeOutput),\n    sanitizeInput: wrapSanitize(createSanitizeInput),\n    sanitizeQuery: wrapSanitize(createSanitizeQuery),\n  };\n};\n"],"names":["visitors","removePassword","expandWildcardPopulate","sanitize","constants","isScalarAttribute","getNonVisibleAttributes","getNonWritableAttributes","getWritableAttributes","contentTypes","ID_ATTRIBUTE","DOC_ID_ATTRIBUTE","CREATED_AT_ATTRIBUTE","UPDATED_AT_ATTRIBUTE","PUBLISHED_AT_ATTRIBUTE","CREATED_BY_ATTRIBUTE","UPDATED_BY_ATTRIBUTE","COMPONENT_FIELDS","STATIC_FIELDS","action","ability","model","schema","strapi","getModel","removeDisallowedFields","ctx","bind","createSanitizeQuery","options","fields","permittedFields","shouldIncludeAll","getQueryFields","permitted","sanitizeFilters","async","pipe","traverse","traverseQueryFilters","omitDisallowedAdminUserFields","omitHiddenFields","key","value","remove","isObject","isEmpty","sanitizeSort","traverseQuerySort","attribute","sanitizePopulate","traverseQueryPopulate","sanitizeFields","traverseQueryFields","query","sanitizedQuery","cloneDeep","filters","Object","assign","sort","populate","createSanitizeOutput","getOutputFields","traverseEntity","pickAllowedAdminUserFields","sanitizers","sanitizePasswords","uid","createSanitizeInput","getInputFields","omitCreatorRoles","wrapSanitize","createSanitizeFunction","wrappedSanitize","data","isArray","Promise","all","map","entity","subject","actionOverride","getDefaultOptions","permittedFieldsOf","fieldsFrom","rule","hasAtLeastOneRegistered","some","isNil","flatMap","prop","rulesFor","detectSubjectType","shouldIncludeAllFields","sanitizeOptions","sanitizeFunction","defaults","asSubject","omit","isHidden","getOr","set","pickAllowedFields","pick","ADMIN_USER_ALLOWED_FIELDS","type","target","Array","includes","nonVisibleAttributes","writableAttributes","nonVisibleWritableAttributes","intersection","uniq","nonWritableAttributes","sanitizeOutput","sanitizeInput","sanitizeQuery"],"mappings":";;;;;;;;AAwBA,MAAM,EACJA,UAAU,EAAEC,cAAc,EAAEC,sBAAsB,EAAE,EACrD,GAAGC,cAAAA;AAEJ,MAAM,EACJC,SAAS,EACTC,iBAAiB,EACjBC,uBAAuB,EACvBC,wBAAwB,EACxBC,qBAAqB,EACtB,GAAGC,kBAAAA;AACJ,MAAM,EACJC,YAAY,EACZC,gBAAgB,EAChBC,oBAAoB,EACpBC,oBAAoB,EACpBC,sBAAsB,EACtBC,oBAAoB,EACpBC,oBAAoB,EACrB,GAAGZ,SAAAA;AAEJ,MAAMa,gBAAmB,GAAA;AAAC,IAAA;AAAc,CAAA;AACxC,MAAMC,aAAgB,GAAA;AAACR,IAAAA,YAAAA;AAAcC,IAAAA;AAAiB,CAAA;AAEtD,4BAAe,CAAA,CAAC,EAAEQ,MAAM,WAAEC,SAAO,EAAEC,KAAK,EAAO,GAAA;IAC7C,MAAMC,MAAAA,GAASC,MAAOC,CAAAA,QAAQ,CAACH,KAAAA,CAAAA;AAE/B,IAAA,MAAM,EAAEI,sBAAsB,EAAE,GAAGtB,eAASH,QAAQ;AAEpD,IAAA,MAAM0B,GAAM,GAAA;AACVJ,QAAAA,MAAAA;AACAE,QAAAA,QAAAA,EAAUD,MAAOC,CAAAA,QAAQ,CAACG,IAAI,CAACJ,MAAAA;AACjC,KAAA;AAEA,IAAA,MAAMK,mBAAsB,GAAA,CAACC,OAAU,GAAA,EAAS,GAAA;QAC9C,MAAM,EAAEC,MAAM,EAAE,GAAGD,OAAAA;;AAGnB,QAAA,MAAME,kBAAkBD,MAAOE,CAAAA,gBAAgB,GAAG,IAAOC,GAAAA,cAAAA,CAAeH,OAAOI,SAAS,CAAA;AAExF,QAAA,MAAMC,kBAAkBC,WAAMC,CAAAA,IAAI,CAChCC,cAAAA,CAASC,oBAAoB,CAACd,sBAAAA,CAAuBM,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA,EACvEY,eAASC,oBAAoB,CAACC,6BAA+Bd,EAAAA,GAAAA,CAAAA,EAC7DY,eAASC,oBAAoB,CAACE,gBAAkBf,EAAAA,GAAAA,CAAAA,EAChDY,eAASC,oBAAoB,CAACtC,cAAgByB,EAAAA,GAAAA,CAAAA,EAC9CY,eAASC,oBAAoB,CAAC,CAAC,EAAEG,GAAG,EAAEC,KAAK,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;YACvD,IAAIC,WAAAA,CAASF,KAAUG,CAAAA,IAAAA,UAAAA,CAAQH,KAAQ,CAAA,EAAA;gBACrCC,MAAOF,CAAAA,GAAAA,CAAAA;AACT;SACChB,EAAAA,GAAAA,CAAAA,CAAAA;AAGL,QAAA,MAAMqB,eAAeX,WAAMC,CAAAA,IAAI,CAC7BC,cAAAA,CAASU,iBAAiB,CAACvB,sBAAAA,CAAuBM,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA,EACpEY,eAASU,iBAAiB,CAACR,+BAA+Bd,GAC1DY,CAAAA,EAAAA,cAAAA,CAASU,iBAAiB,CAACP,gBAAAA,EAAkBf,GAC7CY,CAAAA,EAAAA,cAAAA,CAASU,iBAAiB,CAAC/C,cAAAA,EAAgByB,MAC3CY,cAASU,CAAAA,iBAAiB,CAAC,CAAC,EAAEN,GAAG,EAAEO,SAAS,EAAEN,KAAK,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;AAC/D,YAAA,IAAI,CAACvC,iBAAAA,CAAkB4C,SAAcH,CAAAA,IAAAA,UAAAA,CAAQH,KAAQ,CAAA,EAAA;gBACnDC,MAAOF,CAAAA,GAAAA,CAAAA;AACT;SACChB,EAAAA,GAAAA,CAAAA,CAAAA;AAGL,QAAA,MAAMwB,gBAAmBd,GAAAA,WAAAA,CAAMC,IAAI,CACjCC,cAASa,CAAAA,qBAAqB,CAACjD,sBAAAA,EAAwBwB,GACvDY,CAAAA,EAAAA,cAAAA,CAASa,qBAAqB,CAAC1B,sBAAuBM,CAAAA,eAAAA,CAAAA,EAAkBL,GACxEY,CAAAA,EAAAA,cAAAA,CAASa,qBAAqB,CAACX,6BAA+Bd,EAAAA,GAAAA,CAAAA,EAC9DY,cAASa,CAAAA,qBAAqB,CAACV,gBAAAA,EAAkBf,GACjDY,CAAAA,EAAAA,cAAAA,CAASa,qBAAqB,CAAClD,cAAgByB,EAAAA,GAAAA,CAAAA,CAAAA;AAGjD,QAAA,MAAM0B,iBAAiBhB,WAAMC,CAAAA,IAAI,CAC/BC,cAASe,CAAAA,mBAAmB,CAAC5B,sBAAuBM,CAAAA,eAAAA,CAAAA,EAAkBL,GACtEY,CAAAA,EAAAA,cAAAA,CAASe,mBAAmB,CAACZ,gBAAAA,EAAkBf,MAC/CY,cAASe,CAAAA,mBAAmB,CAACpD,cAAgByB,EAAAA,GAAAA,CAAAA,CAAAA;AAG/C,QAAA,OAAO,OAAO4B,KAAAA,GAAAA;AACZ,YAAA,MAAMC,iBAAiBC,YAAUF,CAAAA,KAAAA,CAAAA;YAEjC,IAAIA,KAAAA,CAAMG,OAAO,EAAE;gBACjBC,MAAOC,CAAAA,MAAM,CAACJ,cAAgB,EAAA;oBAAEE,OAAS,EAAA,MAAMtB,eAAgBmB,CAAAA,KAAAA,CAAMG,OAAO;AAAE,iBAAA,CAAA;AAChF;YAEA,IAAIH,KAAAA,CAAMM,IAAI,EAAE;gBACdF,MAAOC,CAAAA,MAAM,CAACJ,cAAgB,EAAA;oBAAEK,IAAM,EAAA,MAAMb,YAAaO,CAAAA,KAAAA,CAAMM,IAAI;AAAE,iBAAA,CAAA;AACvE;YAEA,IAAIN,KAAAA,CAAMO,QAAQ,EAAE;gBAClBH,MAAOC,CAAAA,MAAM,CAACJ,cAAgB,EAAA;oBAAEM,QAAU,EAAA,MAAMX,gBAAiBI,CAAAA,KAAAA,CAAMO,QAAQ;AAAE,iBAAA,CAAA;AACnF;YAEA,IAAIP,KAAAA,CAAMxB,MAAM,EAAE;gBAChB4B,MAAOC,CAAAA,MAAM,CAACJ,cAAgB,EAAA;oBAAEzB,MAAQ,EAAA,MAAMsB,cAAeE,CAAAA,KAAAA,CAAMxB,MAAM;AAAE,iBAAA,CAAA;AAC7E;YAEA,OAAOyB,cAAAA;AACT,SAAA;AACF,KAAA;AAEA,IAAA,MAAMO,oBAAuB,GAAA,CAACjC,OAAU,GAAA,EAAS,GAAA;QAC/C,MAAM,EAAEC,MAAM,EAAE,GAAGD,OAAAA;AAEnB,QAAA,MAAME,kBAAkBD,MAAOE,CAAAA,gBAAgB,GAAG,IAAO+B,GAAAA,eAAAA,CAAgBjC,OAAOI,SAAS,CAAA;QAEzF,OAAOE,WAAAA,CAAMC,IAAI;QAEf2B,oBAAevB,CAAAA,gBAAAA,EAAkBf;QAEjCsC,oBAAeC,CAAAA,0BAAAA,EAA4BvC;QAE3CsC,oBAAevC,CAAAA,sBAAAA,CAAuBM,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA;QAExDvB,cAAS+D,CAAAA,UAAU,CAACC,iBAAiB,CAAC;AACpC7C,YAAAA,MAAAA;AACAE,YAAAA,QAAAA,CAAAA,CAAS4C,GAAW,EAAA;gBAClB,OAAO7C,MAAAA,CAAOC,QAAQ,CAAC4C,GAAAA,CAAAA;AACzB;AACF,SAAA,CAAA,CAAA;AAEJ,KAAA;AAEA,IAAA,MAAMC,mBAAsB,GAAA,CAACxC,OAAU,GAAA,EAAS,GAAA;QAC9C,MAAM,EAAEC,MAAM,EAAE,GAAGD,OAAAA;AAEnB,QAAA,MAAME,kBAAkBD,MAAOE,CAAAA,gBAAgB,GAAG,IAAOsC,GAAAA,cAAAA,CAAexC,OAAOI,SAAS,CAAA;QAExF,OAAOE,WAAAA,CAAMC,IAAI;QAEf2B,oBAAevB,CAAAA,gBAAAA,EAAkBf;QAEjCsC,oBAAevC,CAAAA,sBAAAA,CAAuBM,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA;AAExD6C,QAAAA,gBAAAA,CAAAA;AAEJ,KAAA;AAEA,IAAA,MAAMC,eAAe,CAACC,sBAAAA,GAAAA;;;AAGpB,QAAA,MAAMC,eAAkB,GAAA,OAAOC,IAAe9C,EAAAA,OAAAA,GAAU,EAAS,GAAA;AAC/D,YAAA,IAAI+C,WAAQD,IAAO,CAAA,EAAA;gBACjB,OAAOE,OAAAA,CAAQC,GAAG,CAACH,IAAAA,CAAKI,GAAG,CAAC,CAACC,MAAoBN,GAAAA,eAAAA,CAAgBM,MAAQnD,EAAAA,OAAAA,CAAAA,CAAAA,CAAAA;AAC3E;YAEA,MAAM,EAAEoD,OAAO,EAAE9D,MAAAA,EAAQ+D,cAAc,EAAE,GAAGC,kBAAkBR,IAAM9C,EAAAA,OAAAA,CAAAA;AAEpE,YAAA,MAAME,eAAkBqD,GAAAA,uBAAAA,CAAkBhE,SAAS8D,EAAAA,cAAAA,EAAgBD,OAAS,EAAA;AAC1EI,gBAAAA,UAAAA,EAAY,CAACC,IAAAA,GAASA,IAAKxD,CAAAA,MAAM,IAAI;AACvC,aAAA,CAAA;AAEA,YAAA,MAAMyD,uBAA0BC,GAAAA,OAAAA,CAC9B,CAAC1D,MAAAA,GAAW,CAAC2D,QAAM3D,CAAAA,MAAAA,CAAAA,EACnB4D,UAAQC,CAAAA,OAAAA,CAAK,QAAWvE,CAAAA,EAAAA,SAAAA,CAAQwE,QAAQ,CAACV,gBAAgBW,yBAAkBZ,CAAAA,OAAAA,CAAAA,CAAAA,CAAAA,CAAAA;YAE7E,MAAMa,sBAAAA,GAAyBhD,UAAQf,CAAAA,eAAAA,CAAAA,IAAoB,CAACwD,uBAAAA;AAE5D,YAAA,MAAMQ,eAAkB,GAAA;AACtB,gBAAA,GAAGlE,OAAO;gBACVC,MAAQ,EAAA;oBACNE,gBAAkB8D,EAAAA,sBAAAA;oBAClB5D,SAAWH,EAAAA,eAAAA;AACXwD,oBAAAA;AACF;AACF,aAAA;AAEA,YAAA,MAAMS,mBAAmBvB,sBAAuBsB,CAAAA,eAAAA,CAAAA;AAEhD,YAAA,OAAOC,gBAAiBrB,CAAAA,IAAAA,CAAAA;AAC1B,SAAA;QAEA,OAAOD,eAAAA;AACT,KAAA;IAEA,MAAMS,iBAAAA,GAAoB,CAACR,IAAW9C,EAAAA,OAAAA,GAAAA;AACpC,QAAA,OAAOoE,WAAS,CAAA;AAAEhB,YAAAA,OAAAA,EAASiB,gBAAU7E,KAAOsD,EAAAA,IAAAA,CAAAA;AAAOxD,YAAAA;SAAUU,EAAAA,OAAAA,CAAAA;AAC/D,KAAA;AAEA;;MAGA,MAAM0C,mBAAmB4B,OAAK,CAAA;QAAC,CAAGpF,EAAAA,oBAAAA,CAAqB,MAAM,CAAC;QAAE,CAAGC,EAAAA,oBAAAA,CAAqB,MAAM;AAAE,KAAA,CAAA;AAEhG;;MAGA,MAAMyB,gBAAmB,GAAA,CAAC,EAAEC,GAAG,EAAEpB,MAAM,EAAO,EAAE,EAAEsB,MAAM,EAAO,GAAA;QAC7D,MAAMwD,QAAAA,GAAWC,SAAM,KAAO,EAAA;AAAC,YAAA,QAAA;AAAU,YAAA,YAAA;AAAc3D,YAAAA,GAAAA;AAAK,YAAA;SAAS,EAAEpB,MAAAA,CAAAA;AAEvE,QAAA,IAAI8E,QAAU,EAAA;YACZxD,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA;AAEA;;AAEC,MACD,MAAMuB,0BAAAA,GAA6B,CAAC,EAAEhB,SAAS,EAAEP,GAAG,EAAEC,KAAK,EAAO,EAAE,EAAE2D,GAAG,EAAO,GAAA;AAC9E,QAAA,MAAMC,oBAAoBC,OAAKC,CAAAA,8BAAAA,CAAAA;AAC/B,QAAA,IAAI,CAACxD,SAAW,EAAA;AACd,YAAA;AACF;QAEA,IAAIA,SAAAA,CAAUyD,IAAI,KAAK,UAAA,IAAczD,UAAU0D,MAAM,KAAK,iBAAiBhE,KAAO,EAAA;YAChF,IAAIiE,KAAAA,CAAMhC,OAAO,CAACjC,KAAQ,CAAA,EAAA;gBACxB2D,GAAI5D,CAAAA,GAAAA,EAAKC,KAAMoC,CAAAA,GAAG,CAACwB,iBAAAA,CAAAA,CAAAA;aACd,MAAA;AACLD,gBAAAA,GAAAA,CAAI5D,KAAK6D,iBAAkB5D,CAAAA,KAAAA,CAAAA,CAAAA;AAC7B;AACF;AACF,KAAA;AAEA;;AAEC,MACD,MAAMH,6BAAAA,GAAgC,CAAC,EAAEE,GAAG,EAAEO,SAAS,EAAE3B,MAAM,EAAO,EAAE,EAAEsB,MAAM,EAAO,GAAA;QACrF,IAAItB,MAAAA,CAAO8C,GAAG,KAAK,aAAA,IAAiBnB,aAAa,CAACwD,8BAAAA,CAA0BI,QAAQ,CAACnE,GAAM,CAAA,EAAA;YACzFE,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA;IAEA,MAAM4B,cAAAA,GAAiB,CAACxC,MAAAA,GAAS,EAAE,GAAA;AACjC,QAAA,MAAMgF,uBAAuBxG,uBAAwBgB,CAAAA,MAAAA,CAAAA;AACrD,QAAA,MAAMyF,qBAAqBvG,qBAAsBc,CAAAA,MAAAA,CAAAA;QAEjD,MAAM0F,4BAAAA,GAA+BC,gBAAaH,oBAAsBC,EAAAA,kBAAAA,CAAAA;AAExE,QAAA,OAAOG,OAAK,CAAA;AAAIpF,YAAAA,GAAAA,MAAAA;AAAWb,YAAAA,GAAAA,gBAAAA;AAAqB+F,YAAAA,GAAAA;AAA6B,SAAA,CAAA;AAC/E,KAAA;IAEA,MAAMjD,eAAAA,GAAkB,CAACjC,MAAAA,GAAS,EAAE,GAAA;AAClC,QAAA,MAAMqF,wBAAwB5G,wBAAyBe,CAAAA,MAAAA,CAAAA;AACvD,QAAA,MAAMwF,uBAAuBxG,uBAAwBgB,CAAAA,MAAAA,CAAAA;AAErD,QAAA,OAAO4F,OAAK,CAAA;AACPpF,YAAAA,GAAAA,MAAAA;AACAZ,YAAAA,GAAAA,aAAAA;AACAD,YAAAA,GAAAA,gBAAAA;AACAkG,YAAAA,GAAAA,qBAAAA;AACAL,YAAAA,GAAAA,oBAAAA;AACHlG,YAAAA,oBAAAA;AACAC,YAAAA;AACD,SAAA,CAAA;AACH,KAAA;IAEA,MAAMoB,cAAAA,GAAiB,CAACH,MAAAA,GAAS,EAAE,GAAA;AACjC,QAAA,MAAMgF,uBAAuBxG,uBAAwBgB,CAAAA,MAAAA,CAAAA;AACrD,QAAA,MAAMyF,qBAAqBvG,qBAAsBc,CAAAA,MAAAA,CAAAA;QAEjD,MAAM0F,4BAAAA,GAA+BC,gBAAaH,oBAAsBC,EAAAA,kBAAAA,CAAAA;AAExE,QAAA,OAAOG,OAAK,CAAA;AACPpF,YAAAA,GAAAA,MAAAA;AACAZ,YAAAA,GAAAA,aAAAA;AACAD,YAAAA,GAAAA,gBAAAA;AACA+F,YAAAA,GAAAA,4BAAAA;AACHpG,YAAAA,oBAAAA;AACAC,YAAAA,oBAAAA;AACAC,YAAAA,sBAAAA;AACAC,YAAAA,oBAAAA;AACAC,YAAAA;AACD,SAAA,CAAA;AACH,KAAA;IAEA,OAAO;AACLoG,QAAAA,cAAAA,EAAgB5C,YAAaV,CAAAA,oBAAAA,CAAAA;AAC7BuD,QAAAA,aAAAA,EAAe7C,YAAaH,CAAAA,mBAAAA,CAAAA;AAC5BiD,QAAAA,aAAAA,EAAe9C,YAAa5C,CAAAA,mBAAAA;AAC9B,KAAA;AACF,CAAA;;;;"}

package/dist/server/server/src/services/permission/permissions-manager/sanitize.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"sanitize.mjs","sources":["../../../../../../../server/src/services/permission/permissions-manager/sanitize.ts"],"sourcesContent":["import { subject as asSubject, detectSubjectType } from '@casl/ability';\nimport { permittedFieldsOf } from '@casl/ability/extra';\nimport {\n  defaults,\n  omit,\n  isArray,\n  isEmpty,\n  isNil,\n  flatMap,\n  some,\n  prop,\n  uniq,\n  intersection,\n  pick,\n  getOr,\n  isObject,\n  cloneDeep,\n} from 'lodash/fp';\n\nimport type { UID } from '@strapi/types';\n\nimport { contentTypes, traverseEntity, sanitize, async, traverse } from '@strapi/utils';\nimport { ADMIN_USER_ALLOWED_FIELDS } from '../../../domain/user';\n\nconst {\n  visitors: { removePassword, expandWildcardPopulate },\n} = sanitize;\n\nconst {\n  constants,\n  isScalarAttribute,\n  getNonVisibleAttributes,\n  getNonWritableAttributes,\n  getWritableAttributes,\n} = contentTypes;\nconst {\n  ID_ATTRIBUTE,\n  DOC_ID_ATTRIBUTE,\n  CREATED_AT_ATTRIBUTE,\n  UPDATED_AT_ATTRIBUTE,\n  PUBLISHED_AT_ATTRIBUTE,\n  CREATED_BY_ATTRIBUTE,\n  UPDATED_BY_ATTRIBUTE,\n} = constants;\n\nconst COMPONENT_FIELDS = ['__component'];\nconst STATIC_FIELDS = [ID_ATTRIBUTE, DOC_ID_ATTRIBUTE];\n\nexport default ({ action, ability, model }: any) => {\n  const schema = strapi.getModel(model);\n\n  const { removeDisallowedFields } = sanitize.visitors;\n\n  const ctx = {\n    schema,\n    getModel: strapi.getModel.bind(strapi),\n  };\n\n  const createSanitizeQuery = (options = {} as any) => {\n    const { fields } = options;\n\n    // TODO: sanitize relations to admin users in all sanitizers\n    const permittedFields = fields.shouldIncludeAll ? null : getQueryFields(fields.permitted);\n\n    const sanitizeFilters = async.pipe(\n      traverse.traverseQueryFilters(removeDisallowedFields(permittedFields), ctx),\n      traverse.traverseQueryFilters(omitDisallowedAdminUserFields, ctx),\n      traverse.traverseQueryFilters(omitHiddenFields, ctx),\n      traverse.traverseQueryFilters(removePassword, ctx),\n      traverse.traverseQueryFilters(({ key, value }, { remove }) => {\n        if (isObject(value) && isEmpty(value)) {\n          remove(key);\n        }\n      }, ctx)\n    );\n\n    const sanitizeSort = async.pipe(\n      traverse.traverseQuerySort(removeDisallowedFields(permittedFields), ctx),\n      traverse.traverseQuerySort(omitDisallowedAdminUserFields, ctx),\n      traverse.traverseQuerySort(omitHiddenFields, ctx),\n      traverse.traverseQuerySort(removePassword, ctx),\n      traverse.traverseQuerySort(({ key, attribute, value }, { remove }) => {\n        if (!isScalarAttribute(attribute) && isEmpty(value)) {\n          remove(key);\n        }\n      }, ctx)\n    );\n\n    const sanitizePopulate = async.pipe(\n      traverse.traverseQueryPopulate(expandWildcardPopulate, ctx),\n      traverse.traverseQueryPopulate(removeDisallowedFields(permittedFields), ctx),\n      traverse.traverseQueryPopulate(omitDisallowedAdminUserFields, ctx),\n      traverse.traverseQueryPopulate(omitHiddenFields, ctx),\n      traverse.traverseQueryPopulate(removePassword, ctx)\n    );\n\n    const sanitizeFields = async.pipe(\n      traverse.traverseQueryFields(removeDisallowedFields(permittedFields), ctx),\n      traverse.traverseQueryFields(omitHiddenFields, ctx),\n      traverse.traverseQueryFields(removePassword, ctx)\n    );\n\n    return async (query: any) => {\n      const sanitizedQuery = cloneDeep(query);\n\n      if (query.filters) {\n        Object.assign(sanitizedQuery, { filters: await sanitizeFilters(query.filters) });\n      }\n\n      if (query.sort) {\n        Object.assign(sanitizedQuery, { sort: await sanitizeSort(query.sort) });\n      }\n\n      if (query.populate) {\n        Object.assign(sanitizedQuery, { populate: await sanitizePopulate(query.populate) });\n      }\n\n      if (query.fields) {\n        Object.assign(sanitizedQuery, { fields: await sanitizeFields(query.fields) });\n      }\n\n      return sanitizedQuery;\n    };\n  };\n\n  const createSanitizeOutput = (options = {} as any) => {\n    const { fields } = options;\n\n    const permittedFields = fields.shouldIncludeAll ? null : getOutputFields(fields.permitted);\n\n    return async.pipe(\n      // Remove fields hidden from the admin\n      traverseEntity(omitHiddenFields, ctx),\n      // Remove unallowed fields from admin::user relations\n      traverseEntity(pickAllowedAdminUserFields, ctx),\n      // Remove not allowed fields (RBAC)\n      traverseEntity(removeDisallowedFields(permittedFields), ctx),\n      // Remove all fields of type 'password'\n      sanitize.sanitizers.sanitizePasswords({\n        schema,\n        getModel(uid: string) {\n          return strapi.getModel(uid as UID.Schema);\n        },\n      })\n    );\n  };\n\n  const createSanitizeInput = (options = {} as any) => {\n    const { fields } = options;\n\n    const permittedFields = fields.shouldIncludeAll ? null : getInputFields(fields.permitted);\n\n    return async.pipe(\n      // Remove fields hidden from the admin\n      traverseEntity(omitHiddenFields, ctx),\n      // Remove not allowed fields (RBAC)\n      traverseEntity(removeDisallowedFields(permittedFields), ctx),\n      // Remove roles from createdBy & updatedBy fields\n      omitCreatorRoles\n    );\n  };\n\n  const wrapSanitize = (createSanitizeFunction: any) => {\n    // TODO\n    // @ts-expect-error define the correct return type\n    const wrappedSanitize = async (data: unknown, options = {} as any) => {\n      if (isArray(data)) {\n        return Promise.all(data.map((entity: unknown) => wrappedSanitize(entity, options)));\n      }\n\n      const { subject, action: actionOverride } = getDefaultOptions(data, options);\n\n      const permittedFields = permittedFieldsOf(ability, actionOverride, subject, {\n        fieldsFrom: (rule) => rule.fields || [],\n      });\n\n      const hasAtLeastOneRegistered = some(\n        (fields) => !isNil(fields),\n        flatMap(prop('fields'), ability.rulesFor(actionOverride, detectSubjectType(subject)))\n      );\n      const shouldIncludeAllFields = isEmpty(permittedFields) && !hasAtLeastOneRegistered;\n\n      const sanitizeOptions = {\n        ...options,\n        fields: {\n          shouldIncludeAll: shouldIncludeAllFields,\n          permitted: permittedFields,\n          hasAtLeastOneRegistered,\n        },\n      };\n\n      const sanitizeFunction = createSanitizeFunction(sanitizeOptions);\n\n      return sanitizeFunction(data);\n    };\n\n    return wrappedSanitize;\n  };\n\n  const getDefaultOptions = (data: any, options: unknown) => {\n    return defaults({ subject: asSubject(model, data), action }, options);\n  };\n\n  /**\n   * Omit creator fields' (createdBy & updatedBy) roles from the admin API responses\n   */\n  const omitCreatorRoles = omit([`${CREATED_BY_ATTRIBUTE}.roles`, `${UPDATED_BY_ATTRIBUTE}.roles`]);\n\n  /**\n   * Visitor used to remove hidden fields from the admin API responses\n   */\n  const omitHiddenFields = ({ key, schema }: any, { remove }: any) => {\n    const isHidden = getOr(false, ['config', 'attributes', key, 'hidden'], schema);\n\n    if (isHidden) {\n      remove(key);\n    }\n  };\n\n  /**\n   * Visitor used to only select needed fields from the admin users entities & avoid leaking sensitive information\n   */\n  const pickAllowedAdminUserFields = ({ attribute, key, value }: any, { set }: any) => {\n    const pickAllowedFields = pick(ADMIN_USER_ALLOWED_FIELDS);\n    if (!attribute) {\n      return;\n    }\n\n    if (attribute.type === 'relation' && attribute.target === 'admin::user' && value) {\n      if (Array.isArray(value)) {\n        set(key, value.map(pickAllowedFields));\n      } else {\n        set(key, pickAllowedFields(value));\n      }\n    }\n  };\n\n  /**\n   * Visitor used to omit disallowed fields from the admin users entities & avoid leaking sensitive information\n   */\n  const omitDisallowedAdminUserFields = ({ key, attribute, schema }: any, { remove }: any) => {\n    if (schema.uid === 'admin::user' && attribute && !ADMIN_USER_ALLOWED_FIELDS.includes(key)) {\n      remove(key);\n    }\n  };\n\n  const getInputFields = (fields = []) => {\n    const nonVisibleAttributes = getNonVisibleAttributes(schema);\n    const writableAttributes = getWritableAttributes(schema);\n\n    const nonVisibleWritableAttributes = intersection(nonVisibleAttributes, writableAttributes);\n\n    return uniq([...fields, ...COMPONENT_FIELDS, ...nonVisibleWritableAttributes]);\n  };\n\n  const getOutputFields = (fields = []) => {\n    const nonWritableAttributes = getNonWritableAttributes(schema);\n    const nonVisibleAttributes = getNonVisibleAttributes(schema);\n\n    return uniq([\n      ...fields,\n      ...STATIC_FIELDS,\n      ...COMPONENT_FIELDS,\n      ...nonWritableAttributes,\n      ...nonVisibleAttributes,\n      CREATED_AT_ATTRIBUTE,\n      UPDATED_AT_ATTRIBUTE,\n    ]);\n  };\n\n  const getQueryFields = (fields = []) => {\n    const nonVisibleAttributes = getNonVisibleAttributes(schema);\n    const writableAttributes = getWritableAttributes(schema);\n\n    const nonVisibleWritableAttributes = intersection(nonVisibleAttributes, writableAttributes);\n\n    return uniq([\n      ...fields,\n      ...STATIC_FIELDS,\n      ...COMPONENT_FIELDS,\n      ...nonVisibleWritableAttributes,\n      CREATED_AT_ATTRIBUTE,\n      UPDATED_AT_ATTRIBUTE,\n      PUBLISHED_AT_ATTRIBUTE,\n      CREATED_BY_ATTRIBUTE,\n      UPDATED_BY_ATTRIBUTE,\n    ]);\n  };\n\n  return {\n    sanitizeOutput: wrapSanitize(createSanitizeOutput),\n    sanitizeInput: wrapSanitize(createSanitizeInput),\n    sanitizeQuery: wrapSanitize(createSanitizeQuery),\n  };\n};\n"],"names":["visitors","removePassword","expandWildcardPopulate","sanitize","constants","isScalarAttribute","getNonVisibleAttributes","getNonWritableAttributes","getWritableAttributes","contentTypes","ID_ATTRIBUTE","DOC_ID_ATTRIBUTE","CREATED_AT_ATTRIBUTE","UPDATED_AT_ATTRIBUTE","PUBLISHED_AT_ATTRIBUTE","CREATED_BY_ATTRIBUTE","UPDATED_BY_ATTRIBUTE","COMPONENT_FIELDS","STATIC_FIELDS","action","ability","model","schema","strapi","getModel","removeDisallowedFields","ctx","bind","createSanitizeQuery","options","fields","permittedFields","shouldIncludeAll","getQueryFields","permitted","sanitizeFilters","async","pipe","traverse","traverseQueryFilters","omitDisallowedAdminUserFields","omitHiddenFields","key","value","remove","isObject","isEmpty","sanitizeSort","traverseQuerySort","attribute","sanitizePopulate","traverseQueryPopulate","sanitizeFields","traverseQueryFields","query","sanitizedQuery","cloneDeep","filters","Object","assign","sort","populate","createSanitizeOutput","getOutputFields","traverseEntity","pickAllowedAdminUserFields","sanitizers","sanitizePasswords","uid","createSanitizeInput","getInputFields","omitCreatorRoles","wrapSanitize","createSanitizeFunction","wrappedSanitize","data","isArray","Promise","all","map","entity","subject","actionOverride","getDefaultOptions","permittedFieldsOf","fieldsFrom","rule","hasAtLeastOneRegistered","some","isNil","flatMap","prop","rulesFor","detectSubjectType","shouldIncludeAllFields","sanitizeOptions","sanitizeFunction","defaults","asSubject","omit","isHidden","getOr","set","pickAllowedFields","pick","ADMIN_USER_ALLOWED_FIELDS","type","target","Array","includes","nonVisibleAttributes","writableAttributes","nonVisibleWritableAttributes","intersection","uniq","nonWritableAttributes","sanitizeOutput","sanitizeInput","sanitizeQuery"],"mappings":";;;;;;AAwBA,MAAM,EACJA,UAAU,EAAEC,cAAc,EAAEC,sBAAsB,EAAE,EACrD,GAAGC,QAAAA;AAEJ,MAAM,EACJC,SAAS,EACTC,iBAAiB,EACjBC,uBAAuB,EACvBC,wBAAwB,EACxBC,qBAAqB,EACtB,GAAGC,YAAAA;AACJ,MAAM,EACJC,YAAY,EACZC,gBAAgB,EAChBC,oBAAoB,EACpBC,oBAAoB,EACpBC,sBAAsB,EACtBC,oBAAoB,EACpBC,oBAAoB,EACrB,GAAGZ,SAAAA;AAEJ,MAAMa,gBAAmB,GAAA;AAAC,IAAA;AAAc,CAAA;AACxC,MAAMC,aAAgB,GAAA;AAACR,IAAAA,YAAAA;AAAcC,IAAAA;AAAiB,CAAA;AAEtD,4BAAe,CAAA,CAAC,EAAEQ,MAAM,EAAEC,OAAO,EAAEC,KAAK,EAAO,GAAA;IAC7C,MAAMC,MAAAA,GAASC,MAAOC,CAAAA,QAAQ,CAACH,KAAAA,CAAAA;AAE/B,IAAA,MAAM,EAAEI,sBAAsB,EAAE,GAAGtB,SAASH,QAAQ;AAEpD,IAAA,MAAM0B,GAAM,GAAA;AACVJ,QAAAA,MAAAA;AACAE,QAAAA,QAAAA,EAAUD,MAAOC,CAAAA,QAAQ,CAACG,IAAI,CAACJ,MAAAA;AACjC,KAAA;AAEA,IAAA,MAAMK,mBAAsB,GAAA,CAACC,OAAU,GAAA,EAAS,GAAA;QAC9C,MAAM,EAAEC,MAAM,EAAE,GAAGD,OAAAA;;AAGnB,QAAA,MAAME,kBAAkBD,MAAOE,CAAAA,gBAAgB,GAAG,IAAOC,GAAAA,cAAAA,CAAeH,OAAOI,SAAS,CAAA;AAExF,QAAA,MAAMC,kBAAkBC,KAAMC,CAAAA,IAAI,CAChCC,QAAAA,CAASC,oBAAoB,CAACd,sBAAAA,CAAuBM,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA,EACvEY,SAASC,oBAAoB,CAACC,6BAA+Bd,EAAAA,GAAAA,CAAAA,EAC7DY,SAASC,oBAAoB,CAACE,gBAAkBf,EAAAA,GAAAA,CAAAA,EAChDY,SAASC,oBAAoB,CAACtC,cAAgByB,EAAAA,GAAAA,CAAAA,EAC9CY,SAASC,oBAAoB,CAAC,CAAC,EAAEG,GAAG,EAAEC,KAAK,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;YACvD,IAAIC,QAAAA,CAASF,KAAUG,CAAAA,IAAAA,OAAAA,CAAQH,KAAQ,CAAA,EAAA;gBACrCC,MAAOF,CAAAA,GAAAA,CAAAA;AACT;SACChB,EAAAA,GAAAA,CAAAA,CAAAA;AAGL,QAAA,MAAMqB,eAAeX,KAAMC,CAAAA,IAAI,CAC7BC,QAAAA,CAASU,iBAAiB,CAACvB,sBAAAA,CAAuBM,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA,EACpEY,SAASU,iBAAiB,CAACR,+BAA+Bd,GAC1DY,CAAAA,EAAAA,QAAAA,CAASU,iBAAiB,CAACP,gBAAAA,EAAkBf,GAC7CY,CAAAA,EAAAA,QAAAA,CAASU,iBAAiB,CAAC/C,cAAAA,EAAgByB,MAC3CY,QAASU,CAAAA,iBAAiB,CAAC,CAAC,EAAEN,GAAG,EAAEO,SAAS,EAAEN,KAAK,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;AAC/D,YAAA,IAAI,CAACvC,iBAAAA,CAAkB4C,SAAcH,CAAAA,IAAAA,OAAAA,CAAQH,KAAQ,CAAA,EAAA;gBACnDC,MAAOF,CAAAA,GAAAA,CAAAA;AACT;SACChB,EAAAA,GAAAA,CAAAA,CAAAA;AAGL,QAAA,MAAMwB,gBAAmBd,GAAAA,KAAAA,CAAMC,IAAI,CACjCC,QAASa,CAAAA,qBAAqB,CAACjD,sBAAAA,EAAwBwB,GACvDY,CAAAA,EAAAA,QAAAA,CAASa,qBAAqB,CAAC1B,sBAAuBM,CAAAA,eAAAA,CAAAA,EAAkBL,GACxEY,CAAAA,EAAAA,QAAAA,CAASa,qBAAqB,CAACX,6BAA+Bd,EAAAA,GAAAA,CAAAA,EAC9DY,QAASa,CAAAA,qBAAqB,CAACV,gBAAAA,EAAkBf,GACjDY,CAAAA,EAAAA,QAAAA,CAASa,qBAAqB,CAAClD,cAAgByB,EAAAA,GAAAA,CAAAA,CAAAA;AAGjD,QAAA,MAAM0B,iBAAiBhB,KAAMC,CAAAA,IAAI,CAC/BC,QAASe,CAAAA,mBAAmB,CAAC5B,sBAAuBM,CAAAA,eAAAA,CAAAA,EAAkBL,GACtEY,CAAAA,EAAAA,QAAAA,CAASe,mBAAmB,CAACZ,gBAAAA,EAAkBf,MAC/CY,QAASe,CAAAA,mBAAmB,CAACpD,cAAgByB,EAAAA,GAAAA,CAAAA,CAAAA;AAG/C,QAAA,OAAO,OAAO4B,KAAAA,GAAAA;AACZ,YAAA,MAAMC,iBAAiBC,SAAUF,CAAAA,KAAAA,CAAAA;YAEjC,IAAIA,KAAAA,CAAMG,OAAO,EAAE;gBACjBC,MAAOC,CAAAA,MAAM,CAACJ,cAAgB,EAAA;oBAAEE,OAAS,EAAA,MAAMtB,eAAgBmB,CAAAA,KAAAA,CAAMG,OAAO;AAAE,iBAAA,CAAA;AAChF;YAEA,IAAIH,KAAAA,CAAMM,IAAI,EAAE;gBACdF,MAAOC,CAAAA,MAAM,CAACJ,cAAgB,EAAA;oBAAEK,IAAM,EAAA,MAAMb,YAAaO,CAAAA,KAAAA,CAAMM,IAAI;AAAE,iBAAA,CAAA;AACvE;YAEA,IAAIN,KAAAA,CAAMO,QAAQ,EAAE;gBAClBH,MAAOC,CAAAA,MAAM,CAACJ,cAAgB,EAAA;oBAAEM,QAAU,EAAA,MAAMX,gBAAiBI,CAAAA,KAAAA,CAAMO,QAAQ;AAAE,iBAAA,CAAA;AACnF;YAEA,IAAIP,KAAAA,CAAMxB,MAAM,EAAE;gBAChB4B,MAAOC,CAAAA,MAAM,CAACJ,cAAgB,EAAA;oBAAEzB,MAAQ,EAAA,MAAMsB,cAAeE,CAAAA,KAAAA,CAAMxB,MAAM;AAAE,iBAAA,CAAA;AAC7E;YAEA,OAAOyB,cAAAA;AACT,SAAA;AACF,KAAA;AAEA,IAAA,MAAMO,oBAAuB,GAAA,CAACjC,OAAU,GAAA,EAAS,GAAA;QAC/C,MAAM,EAAEC,MAAM,EAAE,GAAGD,OAAAA;AAEnB,QAAA,MAAME,kBAAkBD,MAAOE,CAAAA,gBAAgB,GAAG,IAAO+B,GAAAA,eAAAA,CAAgBjC,OAAOI,SAAS,CAAA;QAEzF,OAAOE,KAAAA,CAAMC,IAAI;QAEf2B,cAAevB,CAAAA,gBAAAA,EAAkBf;QAEjCsC,cAAeC,CAAAA,0BAAAA,EAA4BvC;QAE3CsC,cAAevC,CAAAA,sBAAAA,CAAuBM,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA;QAExDvB,QAAS+D,CAAAA,UAAU,CAACC,iBAAiB,CAAC;AACpC7C,YAAAA,MAAAA;AACAE,YAAAA,QAAAA,CAAAA,CAAS4C,GAAW,EAAA;gBAClB,OAAO7C,MAAAA,CAAOC,QAAQ,CAAC4C,GAAAA,CAAAA;AACzB;AACF,SAAA,CAAA,CAAA;AAEJ,KAAA;AAEA,IAAA,MAAMC,mBAAsB,GAAA,CAACxC,OAAU,GAAA,EAAS,GAAA;QAC9C,MAAM,EAAEC,MAAM,EAAE,GAAGD,OAAAA;AAEnB,QAAA,MAAME,kBAAkBD,MAAOE,CAAAA,gBAAgB,GAAG,IAAOsC,GAAAA,cAAAA,CAAexC,OAAOI,SAAS,CAAA;QAExF,OAAOE,KAAAA,CAAMC,IAAI;QAEf2B,cAAevB,CAAAA,gBAAAA,EAAkBf;QAEjCsC,cAAevC,CAAAA,sBAAAA,CAAuBM,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA;AAExD6C,QAAAA,gBAAAA,CAAAA;AAEJ,KAAA;AAEA,IAAA,MAAMC,eAAe,CAACC,sBAAAA,GAAAA;;;AAGpB,QAAA,MAAMC,eAAkB,GAAA,OAAOC,IAAe9C,EAAAA,OAAAA,GAAU,EAAS,GAAA;AAC/D,YAAA,IAAI+C,QAAQD,IAAO,CAAA,EAAA;gBACjB,OAAOE,OAAAA,CAAQC,GAAG,CAACH,IAAAA,CAAKI,GAAG,CAAC,CAACC,MAAoBN,GAAAA,eAAAA,CAAgBM,MAAQnD,EAAAA,OAAAA,CAAAA,CAAAA,CAAAA;AAC3E;YAEA,MAAM,EAAEoD,OAAO,EAAE9D,MAAAA,EAAQ+D,cAAc,EAAE,GAAGC,kBAAkBR,IAAM9C,EAAAA,OAAAA,CAAAA;AAEpE,YAAA,MAAME,eAAkBqD,GAAAA,iBAAAA,CAAkBhE,OAAS8D,EAAAA,cAAAA,EAAgBD,OAAS,EAAA;AAC1EI,gBAAAA,UAAAA,EAAY,CAACC,IAAAA,GAASA,IAAKxD,CAAAA,MAAM,IAAI;AACvC,aAAA,CAAA;AAEA,YAAA,MAAMyD,uBAA0BC,GAAAA,IAAAA,CAC9B,CAAC1D,MAAAA,GAAW,CAAC2D,KAAM3D,CAAAA,MAAAA,CAAAA,EACnB4D,OAAQC,CAAAA,IAAAA,CAAK,QAAWvE,CAAAA,EAAAA,OAAAA,CAAQwE,QAAQ,CAACV,gBAAgBW,iBAAkBZ,CAAAA,OAAAA,CAAAA,CAAAA,CAAAA,CAAAA;YAE7E,MAAMa,sBAAAA,GAAyBhD,OAAQf,CAAAA,eAAAA,CAAAA,IAAoB,CAACwD,uBAAAA;AAE5D,YAAA,MAAMQ,eAAkB,GAAA;AACtB,gBAAA,GAAGlE,OAAO;gBACVC,MAAQ,EAAA;oBACNE,gBAAkB8D,EAAAA,sBAAAA;oBAClB5D,SAAWH,EAAAA,eAAAA;AACXwD,oBAAAA;AACF;AACF,aAAA;AAEA,YAAA,MAAMS,mBAAmBvB,sBAAuBsB,CAAAA,eAAAA,CAAAA;AAEhD,YAAA,OAAOC,gBAAiBrB,CAAAA,IAAAA,CAAAA;AAC1B,SAAA;QAEA,OAAOD,eAAAA;AACT,KAAA;IAEA,MAAMS,iBAAAA,GAAoB,CAACR,IAAW9C,EAAAA,OAAAA,GAAAA;AACpC,QAAA,OAAOoE,QAAS,CAAA;AAAEhB,YAAAA,OAAAA,EAASiB,QAAU7E,KAAOsD,EAAAA,IAAAA,CAAAA;AAAOxD,YAAAA;SAAUU,EAAAA,OAAAA,CAAAA;AAC/D,KAAA;AAEA;;MAGA,MAAM0C,mBAAmB4B,IAAK,CAAA;QAAC,CAAC,EAAEpF,oBAAqB,CAAA,MAAM,CAAC;QAAE,CAAC,EAAEC,oBAAqB,CAAA,MAAM;AAAE,KAAA,CAAA;AAEhG;;MAGA,MAAMyB,gBAAmB,GAAA,CAAC,EAAEC,GAAG,EAAEpB,MAAM,EAAO,EAAE,EAAEsB,MAAM,EAAO,GAAA;QAC7D,MAAMwD,QAAAA,GAAWC,MAAM,KAAO,EAAA;AAAC,YAAA,QAAA;AAAU,YAAA,YAAA;AAAc3D,YAAAA,GAAAA;AAAK,YAAA;SAAS,EAAEpB,MAAAA,CAAAA;AAEvE,QAAA,IAAI8E,QAAU,EAAA;YACZxD,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA;AAEA;;AAEC,MACD,MAAMuB,0BAAAA,GAA6B,CAAC,EAAEhB,SAAS,EAAEP,GAAG,EAAEC,KAAK,EAAO,EAAE,EAAE2D,GAAG,EAAO,GAAA;AAC9E,QAAA,MAAMC,oBAAoBC,IAAKC,CAAAA,yBAAAA,CAAAA;AAC/B,QAAA,IAAI,CAACxD,SAAW,EAAA;AACd,YAAA;AACF;QAEA,IAAIA,SAAAA,CAAUyD,IAAI,KAAK,UAAA,IAAczD,UAAU0D,MAAM,KAAK,iBAAiBhE,KAAO,EAAA;YAChF,IAAIiE,KAAAA,CAAMhC,OAAO,CAACjC,KAAQ,CAAA,EAAA;gBACxB2D,GAAI5D,CAAAA,GAAAA,EAAKC,KAAMoC,CAAAA,GAAG,CAACwB,iBAAAA,CAAAA,CAAAA;aACd,MAAA;AACLD,gBAAAA,GAAAA,CAAI5D,KAAK6D,iBAAkB5D,CAAAA,KAAAA,CAAAA,CAAAA;AAC7B;AACF;AACF,KAAA;AAEA;;AAEC,MACD,MAAMH,6BAAAA,GAAgC,CAAC,EAAEE,GAAG,EAAEO,SAAS,EAAE3B,MAAM,EAAO,EAAE,EAAEsB,MAAM,EAAO,GAAA;QACrF,IAAItB,MAAAA,CAAO8C,GAAG,KAAK,aAAA,IAAiBnB,aAAa,CAACwD,yBAAAA,CAA0BI,QAAQ,CAACnE,GAAM,CAAA,EAAA;YACzFE,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA;IAEA,MAAM4B,cAAAA,GAAiB,CAACxC,MAAAA,GAAS,EAAE,GAAA;AACjC,QAAA,MAAMgF,uBAAuBxG,uBAAwBgB,CAAAA,MAAAA,CAAAA;AACrD,QAAA,MAAMyF,qBAAqBvG,qBAAsBc,CAAAA,MAAAA,CAAAA;QAEjD,MAAM0F,4BAAAA,GAA+BC,aAAaH,oBAAsBC,EAAAA,kBAAAA,CAAAA;AAExE,QAAA,OAAOG,IAAK,CAAA;AAAIpF,YAAAA,GAAAA,MAAAA;AAAWb,YAAAA,GAAAA,gBAAAA;AAAqB+F,YAAAA,GAAAA;AAA6B,SAAA,CAAA;AAC/E,KAAA;IAEA,MAAMjD,eAAAA,GAAkB,CAACjC,MAAAA,GAAS,EAAE,GAAA;AAClC,QAAA,MAAMqF,wBAAwB5G,wBAAyBe,CAAAA,MAAAA,CAAAA;AACvD,QAAA,MAAMwF,uBAAuBxG,uBAAwBgB,CAAAA,MAAAA,CAAAA;AAErD,QAAA,OAAO4F,IAAK,CAAA;AACPpF,YAAAA,GAAAA,MAAAA;AACAZ,YAAAA,GAAAA,aAAAA;AACAD,YAAAA,GAAAA,gBAAAA;AACAkG,YAAAA,GAAAA,qBAAAA;AACAL,YAAAA,GAAAA,oBAAAA;AACHlG,YAAAA,oBAAAA;AACAC,YAAAA;AACD,SAAA,CAAA;AACH,KAAA;IAEA,MAAMoB,cAAAA,GAAiB,CAACH,MAAAA,GAAS,EAAE,GAAA;AACjC,QAAA,MAAMgF,uBAAuBxG,uBAAwBgB,CAAAA,MAAAA,CAAAA;AACrD,QAAA,MAAMyF,qBAAqBvG,qBAAsBc,CAAAA,MAAAA,CAAAA;QAEjD,MAAM0F,4BAAAA,GAA+BC,aAAaH,oBAAsBC,EAAAA,kBAAAA,CAAAA;AAExE,QAAA,OAAOG,IAAK,CAAA;AACPpF,YAAAA,GAAAA,MAAAA;AACAZ,YAAAA,GAAAA,aAAAA;AACAD,YAAAA,GAAAA,gBAAAA;AACA+F,YAAAA,GAAAA,4BAAAA;AACHpG,YAAAA,oBAAAA;AACAC,YAAAA,oBAAAA;AACAC,YAAAA,sBAAAA;AACAC,YAAAA,oBAAAA;AACAC,YAAAA;AACD,SAAA,CAAA;AACH,KAAA;IAEA,OAAO;AACLoG,QAAAA,cAAAA,EAAgB5C,YAAaV,CAAAA,oBAAAA,CAAAA;AAC7BuD,QAAAA,aAAAA,EAAe7C,YAAaH,CAAAA,mBAAAA,CAAAA;AAC5BiD,QAAAA,aAAAA,EAAe9C,YAAa5C,CAAAA,mBAAAA;AAC9B,KAAA;AACF,CAAA;;;;"}
+{"version":3,"file":"sanitize.mjs","sources":["../../../../../../../server/src/services/permission/permissions-manager/sanitize.ts"],"sourcesContent":["import { subject as asSubject, detectSubjectType } from '@casl/ability';\nimport { permittedFieldsOf } from '@casl/ability/extra';\nimport {\n  defaults,\n  omit,\n  isArray,\n  isEmpty,\n  isNil,\n  flatMap,\n  some,\n  prop,\n  uniq,\n  intersection,\n  pick,\n  getOr,\n  isObject,\n  cloneDeep,\n} from 'lodash/fp';\n\nimport type { UID } from '@strapi/types';\n\nimport { contentTypes, traverseEntity, sanitize, async, traverse } from '@strapi/utils';\nimport { ADMIN_USER_ALLOWED_FIELDS } from '../../../domain/user';\n\nconst {\n  visitors: { removePassword, expandWildcardPopulate },\n} = sanitize;\n\nconst {\n  constants,\n  isScalarAttribute,\n  getNonVisibleAttributes,\n  getNonWritableAttributes,\n  getWritableAttributes,\n} = contentTypes;\nconst {\n  ID_ATTRIBUTE,\n  DOC_ID_ATTRIBUTE,\n  CREATED_AT_ATTRIBUTE,\n  UPDATED_AT_ATTRIBUTE,\n  PUBLISHED_AT_ATTRIBUTE,\n  CREATED_BY_ATTRIBUTE,\n  UPDATED_BY_ATTRIBUTE,\n} = constants;\n\nconst COMPONENT_FIELDS = ['__component'];\nconst STATIC_FIELDS = [ID_ATTRIBUTE, DOC_ID_ATTRIBUTE];\n\nexport default ({ action, ability, model }: any) => {\n  const schema = strapi.getModel(model);\n\n  const { removeDisallowedFields } = sanitize.visitors;\n\n  const ctx = {\n    schema,\n    getModel: strapi.getModel.bind(strapi),\n  };\n\n  const createSanitizeQuery = (options = {} as any) => {\n    const { fields } = options;\n\n    // TODO: sanitize relations to admin users in all sanitizers\n    const permittedFields = fields.shouldIncludeAll ? null : getQueryFields(fields.permitted);\n\n    const sanitizeFilters = async.pipe(\n      traverse.traverseQueryFilters(removeDisallowedFields(permittedFields), ctx),\n      traverse.traverseQueryFilters(omitDisallowedAdminUserFields, ctx),\n      traverse.traverseQueryFilters(omitHiddenFields, ctx),\n      traverse.traverseQueryFilters(removePassword, ctx),\n      traverse.traverseQueryFilters(({ key, value }, { remove }) => {\n        if (isObject(value) && isEmpty(value)) {\n          remove(key);\n        }\n      }, ctx)\n    );\n\n    const sanitizeSort = async.pipe(\n      traverse.traverseQuerySort(removeDisallowedFields(permittedFields), ctx),\n      traverse.traverseQuerySort(omitDisallowedAdminUserFields, ctx),\n      traverse.traverseQuerySort(omitHiddenFields, ctx),\n      traverse.traverseQuerySort(removePassword, ctx),\n      traverse.traverseQuerySort(({ key, attribute, value }, { remove }) => {\n        if (!isScalarAttribute(attribute) && isEmpty(value)) {\n          remove(key);\n        }\n      }, ctx)\n    );\n\n    const sanitizePopulate = async.pipe(\n      traverse.traverseQueryPopulate(expandWildcardPopulate, ctx),\n      traverse.traverseQueryPopulate(removeDisallowedFields(permittedFields), ctx),\n      traverse.traverseQueryPopulate(omitDisallowedAdminUserFields, ctx),\n      traverse.traverseQueryPopulate(omitHiddenFields, ctx),\n      traverse.traverseQueryPopulate(removePassword, ctx)\n    );\n\n    const sanitizeFields = async.pipe(\n      traverse.traverseQueryFields(removeDisallowedFields(permittedFields), ctx),\n      traverse.traverseQueryFields(omitHiddenFields, ctx),\n      traverse.traverseQueryFields(removePassword, ctx)\n    );\n\n    return async (query: any) => {\n      const sanitizedQuery = cloneDeep(query);\n\n      if (query.filters) {\n        Object.assign(sanitizedQuery, { filters: await sanitizeFilters(query.filters) });\n      }\n\n      if (query.sort) {\n        Object.assign(sanitizedQuery, { sort: await sanitizeSort(query.sort) });\n      }\n\n      if (query.populate) {\n        Object.assign(sanitizedQuery, { populate: await sanitizePopulate(query.populate) });\n      }\n\n      if (query.fields) {\n        Object.assign(sanitizedQuery, { fields: await sanitizeFields(query.fields) });\n      }\n\n      return sanitizedQuery;\n    };\n  };\n\n  const createSanitizeOutput = (options = {} as any) => {\n    const { fields } = options;\n\n    const permittedFields = fields.shouldIncludeAll ? null : getOutputFields(fields.permitted);\n\n    return async.pipe(\n      // Remove fields hidden from the admin\n      traverseEntity(omitHiddenFields, ctx),\n      // Remove unallowed fields from admin::user relations\n      traverseEntity(pickAllowedAdminUserFields, ctx),\n      // Remove not allowed fields (RBAC)\n      traverseEntity(removeDisallowedFields(permittedFields), ctx),\n      // Remove all fields of type 'password'\n      sanitize.sanitizers.sanitizePasswords({\n        schema,\n        getModel(uid: string) {\n          return strapi.getModel(uid as UID.Schema);\n        },\n      })\n    );\n  };\n\n  const createSanitizeInput = (options = {} as any) => {\n    const { fields } = options;\n\n    const permittedFields = fields.shouldIncludeAll ? null : getInputFields(fields.permitted);\n\n    return async.pipe(\n      // Remove fields hidden from the admin\n      traverseEntity(omitHiddenFields, ctx),\n      // Remove not allowed fields (RBAC)\n      traverseEntity(removeDisallowedFields(permittedFields), ctx),\n      // Remove roles from createdBy & updatedBy fields\n      omitCreatorRoles\n    );\n  };\n\n  const wrapSanitize = (createSanitizeFunction: any) => {\n    // TODO\n    // @ts-expect-error define the correct return type\n    const wrappedSanitize = async (data: unknown, options = {} as any) => {\n      if (isArray(data)) {\n        return Promise.all(data.map((entity: unknown) => wrappedSanitize(entity, options)));\n      }\n\n      const { subject, action: actionOverride } = getDefaultOptions(data, options);\n\n      const permittedFields = permittedFieldsOf(ability, actionOverride, subject, {\n        fieldsFrom: (rule) => rule.fields || [],\n      });\n\n      const hasAtLeastOneRegistered = some(\n        (fields) => !isNil(fields),\n        flatMap(prop('fields'), ability.rulesFor(actionOverride, detectSubjectType(subject)))\n      );\n      const shouldIncludeAllFields = isEmpty(permittedFields) && !hasAtLeastOneRegistered;\n\n      const sanitizeOptions = {\n        ...options,\n        fields: {\n          shouldIncludeAll: shouldIncludeAllFields,\n          permitted: permittedFields,\n          hasAtLeastOneRegistered,\n        },\n      };\n\n      const sanitizeFunction = createSanitizeFunction(sanitizeOptions);\n\n      return sanitizeFunction(data);\n    };\n\n    return wrappedSanitize;\n  };\n\n  const getDefaultOptions = (data: any, options: unknown) => {\n    return defaults({ subject: asSubject(model, data), action }, options);\n  };\n\n  /**\n   * Omit creator fields' (createdBy & updatedBy) roles from the admin API responses\n   */\n  const omitCreatorRoles = omit([`${CREATED_BY_ATTRIBUTE}.roles`, `${UPDATED_BY_ATTRIBUTE}.roles`]);\n\n  /**\n   * Visitor used to remove hidden fields from the admin API responses\n   */\n  const omitHiddenFields = ({ key, schema }: any, { remove }: any) => {\n    const isHidden = getOr(false, ['config', 'attributes', key, 'hidden'], schema);\n\n    if (isHidden) {\n      remove(key);\n    }\n  };\n\n  /**\n   * Visitor used to only select needed fields from the admin users entities & avoid leaking sensitive information\n   */\n  const pickAllowedAdminUserFields = ({ attribute, key, value }: any, { set }: any) => {\n    const pickAllowedFields = pick(ADMIN_USER_ALLOWED_FIELDS);\n    if (!attribute) {\n      return;\n    }\n\n    if (attribute.type === 'relation' && attribute.target === 'admin::user' && value) {\n      if (Array.isArray(value)) {\n        set(key, value.map(pickAllowedFields));\n      } else {\n        set(key, pickAllowedFields(value));\n      }\n    }\n  };\n\n  /**\n   * Visitor used to omit disallowed fields from the admin users entities & avoid leaking sensitive information\n   */\n  const omitDisallowedAdminUserFields = ({ key, attribute, schema }: any, { remove }: any) => {\n    if (schema.uid === 'admin::user' && attribute && !ADMIN_USER_ALLOWED_FIELDS.includes(key)) {\n      remove(key);\n    }\n  };\n\n  const getInputFields = (fields = []) => {\n    const nonVisibleAttributes = getNonVisibleAttributes(schema);\n    const writableAttributes = getWritableAttributes(schema);\n\n    const nonVisibleWritableAttributes = intersection(nonVisibleAttributes, writableAttributes);\n\n    return uniq([...fields, ...COMPONENT_FIELDS, ...nonVisibleWritableAttributes]);\n  };\n\n  const getOutputFields = (fields = []) => {\n    const nonWritableAttributes = getNonWritableAttributes(schema);\n    const nonVisibleAttributes = getNonVisibleAttributes(schema);\n\n    return uniq([\n      ...fields,\n      ...STATIC_FIELDS,\n      ...COMPONENT_FIELDS,\n      ...nonWritableAttributes,\n      ...nonVisibleAttributes,\n      CREATED_AT_ATTRIBUTE,\n      UPDATED_AT_ATTRIBUTE,\n    ]);\n  };\n\n  const getQueryFields = (fields = []) => {\n    const nonVisibleAttributes = getNonVisibleAttributes(schema);\n    const writableAttributes = getWritableAttributes(schema);\n\n    const nonVisibleWritableAttributes = intersection(nonVisibleAttributes, writableAttributes);\n\n    return uniq([\n      ...fields,\n      ...STATIC_FIELDS,\n      ...COMPONENT_FIELDS,\n      ...nonVisibleWritableAttributes,\n      CREATED_AT_ATTRIBUTE,\n      UPDATED_AT_ATTRIBUTE,\n      PUBLISHED_AT_ATTRIBUTE,\n      CREATED_BY_ATTRIBUTE,\n      UPDATED_BY_ATTRIBUTE,\n    ]);\n  };\n\n  return {\n    sanitizeOutput: wrapSanitize(createSanitizeOutput),\n    sanitizeInput: wrapSanitize(createSanitizeInput),\n    sanitizeQuery: wrapSanitize(createSanitizeQuery),\n  };\n};\n"],"names":["visitors","removePassword","expandWildcardPopulate","sanitize","constants","isScalarAttribute","getNonVisibleAttributes","getNonWritableAttributes","getWritableAttributes","contentTypes","ID_ATTRIBUTE","DOC_ID_ATTRIBUTE","CREATED_AT_ATTRIBUTE","UPDATED_AT_ATTRIBUTE","PUBLISHED_AT_ATTRIBUTE","CREATED_BY_ATTRIBUTE","UPDATED_BY_ATTRIBUTE","COMPONENT_FIELDS","STATIC_FIELDS","action","ability","model","schema","strapi","getModel","removeDisallowedFields","ctx","bind","createSanitizeQuery","options","fields","permittedFields","shouldIncludeAll","getQueryFields","permitted","sanitizeFilters","async","pipe","traverse","traverseQueryFilters","omitDisallowedAdminUserFields","omitHiddenFields","key","value","remove","isObject","isEmpty","sanitizeSort","traverseQuerySort","attribute","sanitizePopulate","traverseQueryPopulate","sanitizeFields","traverseQueryFields","query","sanitizedQuery","cloneDeep","filters","Object","assign","sort","populate","createSanitizeOutput","getOutputFields","traverseEntity","pickAllowedAdminUserFields","sanitizers","sanitizePasswords","uid","createSanitizeInput","getInputFields","omitCreatorRoles","wrapSanitize","createSanitizeFunction","wrappedSanitize","data","isArray","Promise","all","map","entity","subject","actionOverride","getDefaultOptions","permittedFieldsOf","fieldsFrom","rule","hasAtLeastOneRegistered","some","isNil","flatMap","prop","rulesFor","detectSubjectType","shouldIncludeAllFields","sanitizeOptions","sanitizeFunction","defaults","asSubject","omit","isHidden","getOr","set","pickAllowedFields","pick","ADMIN_USER_ALLOWED_FIELDS","type","target","Array","includes","nonVisibleAttributes","writableAttributes","nonVisibleWritableAttributes","intersection","uniq","nonWritableAttributes","sanitizeOutput","sanitizeInput","sanitizeQuery"],"mappings":";;;;;;AAwBA,MAAM,EACJA,UAAU,EAAEC,cAAc,EAAEC,sBAAsB,EAAE,EACrD,GAAGC,QAAAA;AAEJ,MAAM,EACJC,SAAS,EACTC,iBAAiB,EACjBC,uBAAuB,EACvBC,wBAAwB,EACxBC,qBAAqB,EACtB,GAAGC,YAAAA;AACJ,MAAM,EACJC,YAAY,EACZC,gBAAgB,EAChBC,oBAAoB,EACpBC,oBAAoB,EACpBC,sBAAsB,EACtBC,oBAAoB,EACpBC,oBAAoB,EACrB,GAAGZ,SAAAA;AAEJ,MAAMa,gBAAmB,GAAA;AAAC,IAAA;AAAc,CAAA;AACxC,MAAMC,aAAgB,GAAA;AAACR,IAAAA,YAAAA;AAAcC,IAAAA;AAAiB,CAAA;AAEtD,4BAAe,CAAA,CAAC,EAAEQ,MAAM,EAAEC,OAAO,EAAEC,KAAK,EAAO,GAAA;IAC7C,MAAMC,MAAAA,GAASC,MAAOC,CAAAA,QAAQ,CAACH,KAAAA,CAAAA;AAE/B,IAAA,MAAM,EAAEI,sBAAsB,EAAE,GAAGtB,SAASH,QAAQ;AAEpD,IAAA,MAAM0B,GAAM,GAAA;AACVJ,QAAAA,MAAAA;AACAE,QAAAA,QAAAA,EAAUD,MAAOC,CAAAA,QAAQ,CAACG,IAAI,CAACJ,MAAAA;AACjC,KAAA;AAEA,IAAA,MAAMK,mBAAsB,GAAA,CAACC,OAAU,GAAA,EAAS,GAAA;QAC9C,MAAM,EAAEC,MAAM,EAAE,GAAGD,OAAAA;;AAGnB,QAAA,MAAME,kBAAkBD,MAAOE,CAAAA,gBAAgB,GAAG,IAAOC,GAAAA,cAAAA,CAAeH,OAAOI,SAAS,CAAA;AAExF,QAAA,MAAMC,kBAAkBC,KAAMC,CAAAA,IAAI,CAChCC,QAAAA,CAASC,oBAAoB,CAACd,sBAAAA,CAAuBM,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA,EACvEY,SAASC,oBAAoB,CAACC,6BAA+Bd,EAAAA,GAAAA,CAAAA,EAC7DY,SAASC,oBAAoB,CAACE,gBAAkBf,EAAAA,GAAAA,CAAAA,EAChDY,SAASC,oBAAoB,CAACtC,cAAgByB,EAAAA,GAAAA,CAAAA,EAC9CY,SAASC,oBAAoB,CAAC,CAAC,EAAEG,GAAG,EAAEC,KAAK,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;YACvD,IAAIC,QAAAA,CAASF,KAAUG,CAAAA,IAAAA,OAAAA,CAAQH,KAAQ,CAAA,EAAA;gBACrCC,MAAOF,CAAAA,GAAAA,CAAAA;AACT;SACChB,EAAAA,GAAAA,CAAAA,CAAAA;AAGL,QAAA,MAAMqB,eAAeX,KAAMC,CAAAA,IAAI,CAC7BC,QAAAA,CAASU,iBAAiB,CAACvB,sBAAAA,CAAuBM,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA,EACpEY,SAASU,iBAAiB,CAACR,+BAA+Bd,GAC1DY,CAAAA,EAAAA,QAAAA,CAASU,iBAAiB,CAACP,gBAAAA,EAAkBf,GAC7CY,CAAAA,EAAAA,QAAAA,CAASU,iBAAiB,CAAC/C,cAAAA,EAAgByB,MAC3CY,QAASU,CAAAA,iBAAiB,CAAC,CAAC,EAAEN,GAAG,EAAEO,SAAS,EAAEN,KAAK,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;AAC/D,YAAA,IAAI,CAACvC,iBAAAA,CAAkB4C,SAAcH,CAAAA,IAAAA,OAAAA,CAAQH,KAAQ,CAAA,EAAA;gBACnDC,MAAOF,CAAAA,GAAAA,CAAAA;AACT;SACChB,EAAAA,GAAAA,CAAAA,CAAAA;AAGL,QAAA,MAAMwB,gBAAmBd,GAAAA,KAAAA,CAAMC,IAAI,CACjCC,QAASa,CAAAA,qBAAqB,CAACjD,sBAAAA,EAAwBwB,GACvDY,CAAAA,EAAAA,QAAAA,CAASa,qBAAqB,CAAC1B,sBAAuBM,CAAAA,eAAAA,CAAAA,EAAkBL,GACxEY,CAAAA,EAAAA,QAAAA,CAASa,qBAAqB,CAACX,6BAA+Bd,EAAAA,GAAAA,CAAAA,EAC9DY,QAASa,CAAAA,qBAAqB,CAACV,gBAAAA,EAAkBf,GACjDY,CAAAA,EAAAA,QAAAA,CAASa,qBAAqB,CAAClD,cAAgByB,EAAAA,GAAAA,CAAAA,CAAAA;AAGjD,QAAA,MAAM0B,iBAAiBhB,KAAMC,CAAAA,IAAI,CAC/BC,QAASe,CAAAA,mBAAmB,CAAC5B,sBAAuBM,CAAAA,eAAAA,CAAAA,EAAkBL,GACtEY,CAAAA,EAAAA,QAAAA,CAASe,mBAAmB,CAACZ,gBAAAA,EAAkBf,MAC/CY,QAASe,CAAAA,mBAAmB,CAACpD,cAAgByB,EAAAA,GAAAA,CAAAA,CAAAA;AAG/C,QAAA,OAAO,OAAO4B,KAAAA,GAAAA;AACZ,YAAA,MAAMC,iBAAiBC,SAAUF,CAAAA,KAAAA,CAAAA;YAEjC,IAAIA,KAAAA,CAAMG,OAAO,EAAE;gBACjBC,MAAOC,CAAAA,MAAM,CAACJ,cAAgB,EAAA;oBAAEE,OAAS,EAAA,MAAMtB,eAAgBmB,CAAAA,KAAAA,CAAMG,OAAO;AAAE,iBAAA,CAAA;AAChF;YAEA,IAAIH,KAAAA,CAAMM,IAAI,EAAE;gBACdF,MAAOC,CAAAA,MAAM,CAACJ,cAAgB,EAAA;oBAAEK,IAAM,EAAA,MAAMb,YAAaO,CAAAA,KAAAA,CAAMM,IAAI;AAAE,iBAAA,CAAA;AACvE;YAEA,IAAIN,KAAAA,CAAMO,QAAQ,EAAE;gBAClBH,MAAOC,CAAAA,MAAM,CAACJ,cAAgB,EAAA;oBAAEM,QAAU,EAAA,MAAMX,gBAAiBI,CAAAA,KAAAA,CAAMO,QAAQ;AAAE,iBAAA,CAAA;AACnF;YAEA,IAAIP,KAAAA,CAAMxB,MAAM,EAAE;gBAChB4B,MAAOC,CAAAA,MAAM,CAACJ,cAAgB,EAAA;oBAAEzB,MAAQ,EAAA,MAAMsB,cAAeE,CAAAA,KAAAA,CAAMxB,MAAM;AAAE,iBAAA,CAAA;AAC7E;YAEA,OAAOyB,cAAAA;AACT,SAAA;AACF,KAAA;AAEA,IAAA,MAAMO,oBAAuB,GAAA,CAACjC,OAAU,GAAA,EAAS,GAAA;QAC/C,MAAM,EAAEC,MAAM,EAAE,GAAGD,OAAAA;AAEnB,QAAA,MAAME,kBAAkBD,MAAOE,CAAAA,gBAAgB,GAAG,IAAO+B,GAAAA,eAAAA,CAAgBjC,OAAOI,SAAS,CAAA;QAEzF,OAAOE,KAAAA,CAAMC,IAAI;QAEf2B,cAAevB,CAAAA,gBAAAA,EAAkBf;QAEjCsC,cAAeC,CAAAA,0BAAAA,EAA4BvC;QAE3CsC,cAAevC,CAAAA,sBAAAA,CAAuBM,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA;QAExDvB,QAAS+D,CAAAA,UAAU,CAACC,iBAAiB,CAAC;AACpC7C,YAAAA,MAAAA;AACAE,YAAAA,QAAAA,CAAAA,CAAS4C,GAAW,EAAA;gBAClB,OAAO7C,MAAAA,CAAOC,QAAQ,CAAC4C,GAAAA,CAAAA;AACzB;AACF,SAAA,CAAA,CAAA;AAEJ,KAAA;AAEA,IAAA,MAAMC,mBAAsB,GAAA,CAACxC,OAAU,GAAA,EAAS,GAAA;QAC9C,MAAM,EAAEC,MAAM,EAAE,GAAGD,OAAAA;AAEnB,QAAA,MAAME,kBAAkBD,MAAOE,CAAAA,gBAAgB,GAAG,IAAOsC,GAAAA,cAAAA,CAAexC,OAAOI,SAAS,CAAA;QAExF,OAAOE,KAAAA,CAAMC,IAAI;QAEf2B,cAAevB,CAAAA,gBAAAA,EAAkBf;QAEjCsC,cAAevC,CAAAA,sBAAAA,CAAuBM,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA;AAExD6C,QAAAA,gBAAAA,CAAAA;AAEJ,KAAA;AAEA,IAAA,MAAMC,eAAe,CAACC,sBAAAA,GAAAA;;;AAGpB,QAAA,MAAMC,eAAkB,GAAA,OAAOC,IAAe9C,EAAAA,OAAAA,GAAU,EAAS,GAAA;AAC/D,YAAA,IAAI+C,QAAQD,IAAO,CAAA,EAAA;gBACjB,OAAOE,OAAAA,CAAQC,GAAG,CAACH,IAAAA,CAAKI,GAAG,CAAC,CAACC,MAAoBN,GAAAA,eAAAA,CAAgBM,MAAQnD,EAAAA,OAAAA,CAAAA,CAAAA,CAAAA;AAC3E;YAEA,MAAM,EAAEoD,OAAO,EAAE9D,MAAAA,EAAQ+D,cAAc,EAAE,GAAGC,kBAAkBR,IAAM9C,EAAAA,OAAAA,CAAAA;AAEpE,YAAA,MAAME,eAAkBqD,GAAAA,iBAAAA,CAAkBhE,OAAS8D,EAAAA,cAAAA,EAAgBD,OAAS,EAAA;AAC1EI,gBAAAA,UAAAA,EAAY,CAACC,IAAAA,GAASA,IAAKxD,CAAAA,MAAM,IAAI;AACvC,aAAA,CAAA;AAEA,YAAA,MAAMyD,uBAA0BC,GAAAA,IAAAA,CAC9B,CAAC1D,MAAAA,GAAW,CAAC2D,KAAM3D,CAAAA,MAAAA,CAAAA,EACnB4D,OAAQC,CAAAA,IAAAA,CAAK,QAAWvE,CAAAA,EAAAA,OAAAA,CAAQwE,QAAQ,CAACV,gBAAgBW,iBAAkBZ,CAAAA,OAAAA,CAAAA,CAAAA,CAAAA,CAAAA;YAE7E,MAAMa,sBAAAA,GAAyBhD,OAAQf,CAAAA,eAAAA,CAAAA,IAAoB,CAACwD,uBAAAA;AAE5D,YAAA,MAAMQ,eAAkB,GAAA;AACtB,gBAAA,GAAGlE,OAAO;gBACVC,MAAQ,EAAA;oBACNE,gBAAkB8D,EAAAA,sBAAAA;oBAClB5D,SAAWH,EAAAA,eAAAA;AACXwD,oBAAAA;AACF;AACF,aAAA;AAEA,YAAA,MAAMS,mBAAmBvB,sBAAuBsB,CAAAA,eAAAA,CAAAA;AAEhD,YAAA,OAAOC,gBAAiBrB,CAAAA,IAAAA,CAAAA;AAC1B,SAAA;QAEA,OAAOD,eAAAA;AACT,KAAA;IAEA,MAAMS,iBAAAA,GAAoB,CAACR,IAAW9C,EAAAA,OAAAA,GAAAA;AACpC,QAAA,OAAOoE,QAAS,CAAA;AAAEhB,YAAAA,OAAAA,EAASiB,QAAU7E,KAAOsD,EAAAA,IAAAA,CAAAA;AAAOxD,YAAAA;SAAUU,EAAAA,OAAAA,CAAAA;AAC/D,KAAA;AAEA;;MAGA,MAAM0C,mBAAmB4B,IAAK,CAAA;QAAC,CAAGpF,EAAAA,oBAAAA,CAAqB,MAAM,CAAC;QAAE,CAAGC,EAAAA,oBAAAA,CAAqB,MAAM;AAAE,KAAA,CAAA;AAEhG;;MAGA,MAAMyB,gBAAmB,GAAA,CAAC,EAAEC,GAAG,EAAEpB,MAAM,EAAO,EAAE,EAAEsB,MAAM,EAAO,GAAA;QAC7D,MAAMwD,QAAAA,GAAWC,MAAM,KAAO,EAAA;AAAC,YAAA,QAAA;AAAU,YAAA,YAAA;AAAc3D,YAAAA,GAAAA;AAAK,YAAA;SAAS,EAAEpB,MAAAA,CAAAA;AAEvE,QAAA,IAAI8E,QAAU,EAAA;YACZxD,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA;AAEA;;AAEC,MACD,MAAMuB,0BAAAA,GAA6B,CAAC,EAAEhB,SAAS,EAAEP,GAAG,EAAEC,KAAK,EAAO,EAAE,EAAE2D,GAAG,EAAO,GAAA;AAC9E,QAAA,MAAMC,oBAAoBC,IAAKC,CAAAA,yBAAAA,CAAAA;AAC/B,QAAA,IAAI,CAACxD,SAAW,EAAA;AACd,YAAA;AACF;QAEA,IAAIA,SAAAA,CAAUyD,IAAI,KAAK,UAAA,IAAczD,UAAU0D,MAAM,KAAK,iBAAiBhE,KAAO,EAAA;YAChF,IAAIiE,KAAAA,CAAMhC,OAAO,CAACjC,KAAQ,CAAA,EAAA;gBACxB2D,GAAI5D,CAAAA,GAAAA,EAAKC,KAAMoC,CAAAA,GAAG,CAACwB,iBAAAA,CAAAA,CAAAA;aACd,MAAA;AACLD,gBAAAA,GAAAA,CAAI5D,KAAK6D,iBAAkB5D,CAAAA,KAAAA,CAAAA,CAAAA;AAC7B;AACF;AACF,KAAA;AAEA;;AAEC,MACD,MAAMH,6BAAAA,GAAgC,CAAC,EAAEE,GAAG,EAAEO,SAAS,EAAE3B,MAAM,EAAO,EAAE,EAAEsB,MAAM,EAAO,GAAA;QACrF,IAAItB,MAAAA,CAAO8C,GAAG,KAAK,aAAA,IAAiBnB,aAAa,CAACwD,yBAAAA,CAA0BI,QAAQ,CAACnE,GAAM,CAAA,EAAA;YACzFE,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA;IAEA,MAAM4B,cAAAA,GAAiB,CAACxC,MAAAA,GAAS,EAAE,GAAA;AACjC,QAAA,MAAMgF,uBAAuBxG,uBAAwBgB,CAAAA,MAAAA,CAAAA;AACrD,QAAA,MAAMyF,qBAAqBvG,qBAAsBc,CAAAA,MAAAA,CAAAA;QAEjD,MAAM0F,4BAAAA,GAA+BC,aAAaH,oBAAsBC,EAAAA,kBAAAA,CAAAA;AAExE,QAAA,OAAOG,IAAK,CAAA;AAAIpF,YAAAA,GAAAA,MAAAA;AAAWb,YAAAA,GAAAA,gBAAAA;AAAqB+F,YAAAA,GAAAA;AAA6B,SAAA,CAAA;AAC/E,KAAA;IAEA,MAAMjD,eAAAA,GAAkB,CAACjC,MAAAA,GAAS,EAAE,GAAA;AAClC,QAAA,MAAMqF,wBAAwB5G,wBAAyBe,CAAAA,MAAAA,CAAAA;AACvD,QAAA,MAAMwF,uBAAuBxG,uBAAwBgB,CAAAA,MAAAA,CAAAA;AAErD,QAAA,OAAO4F,IAAK,CAAA;AACPpF,YAAAA,GAAAA,MAAAA;AACAZ,YAAAA,GAAAA,aAAAA;AACAD,YAAAA,GAAAA,gBAAAA;AACAkG,YAAAA,GAAAA,qBAAAA;AACAL,YAAAA,GAAAA,oBAAAA;AACHlG,YAAAA,oBAAAA;AACAC,YAAAA;AACD,SAAA,CAAA;AACH,KAAA;IAEA,MAAMoB,cAAAA,GAAiB,CAACH,MAAAA,GAAS,EAAE,GAAA;AACjC,QAAA,MAAMgF,uBAAuBxG,uBAAwBgB,CAAAA,MAAAA,CAAAA;AACrD,QAAA,MAAMyF,qBAAqBvG,qBAAsBc,CAAAA,MAAAA,CAAAA;QAEjD,MAAM0F,4BAAAA,GAA+BC,aAAaH,oBAAsBC,EAAAA,kBAAAA,CAAAA;AAExE,QAAA,OAAOG,IAAK,CAAA;AACPpF,YAAAA,GAAAA,MAAAA;AACAZ,YAAAA,GAAAA,aAAAA;AACAD,YAAAA,GAAAA,gBAAAA;AACA+F,YAAAA,GAAAA,4BAAAA;AACHpG,YAAAA,oBAAAA;AACAC,YAAAA,oBAAAA;AACAC,YAAAA,sBAAAA;AACAC,YAAAA,oBAAAA;AACAC,YAAAA;AACD,SAAA,CAAA;AACH,KAAA;IAEA,OAAO;AACLoG,QAAAA,cAAAA,EAAgB5C,YAAaV,CAAAA,oBAAAA,CAAAA;AAC7BuD,QAAAA,aAAAA,EAAe7C,YAAaH,CAAAA,mBAAAA,CAAAA;AAC5BiD,QAAAA,aAAAA,EAAe9C,YAAa5C,CAAAA,mBAAAA;AAC9B,KAAA;AACF,CAAA;;;;"}

package/dist/server/server/src/services/permission/permissions-manager/validate.js.map

@@ -1 +1 @@
-{"version":3,"file":"validate.js","sources":["../../../../../../../server/src/services/permission/permissions-manager/validate.ts"],"sourcesContent":["import { subject as asSubject, detectSubjectType } from '@casl/ability';\nimport { permittedFieldsOf } from '@casl/ability/extra';\nimport {\n  defaults,\n  omit,\n  isArray,\n  isEmpty,\n  isNil,\n  flatMap,\n  some,\n  prop,\n  uniq,\n  intersection,\n  getOr,\n  isObject,\n} from 'lodash/fp';\n\nimport { contentTypes, traverseEntity, traverse, validate, async, errors } from '@strapi/utils';\nimport { ADMIN_USER_ALLOWED_FIELDS } from '../../../domain/user';\n\nconst { ValidationError } = errors;\nconst { throwPassword, throwDisallowedFields } = validate.visitors;\n\nconst { constants, isScalarAttribute, getNonVisibleAttributes, getWritableAttributes } =\n  contentTypes;\nconst {\n  ID_ATTRIBUTE,\n  DOC_ID_ATTRIBUTE,\n  CREATED_AT_ATTRIBUTE,\n  UPDATED_AT_ATTRIBUTE,\n  PUBLISHED_AT_ATTRIBUTE,\n  CREATED_BY_ATTRIBUTE,\n  UPDATED_BY_ATTRIBUTE,\n} = constants;\n\nconst COMPONENT_FIELDS = ['__component'];\n\nconst STATIC_FIELDS = [ID_ATTRIBUTE, DOC_ID_ATTRIBUTE];\n\nconst throwInvalidKey = ({ key, path }: { key: string; path?: string | null }) => {\n  const msg = path && path !== key ? `Invalid key ${key} at ${path}` : `Invalid key ${key}`;\n\n  throw new ValidationError(msg);\n};\n\nexport default ({ action, ability, model }: any) => {\n  const schema = strapi.getModel(model);\n\n  const ctx = {\n    schema,\n    getModel: strapi.getModel.bind(strapi),\n  };\n\n  const createValidateQuery = (options = {} as any) => {\n    const { fields } = options;\n\n    // TODO: validate relations to admin users in all validators\n    const permittedFields = fields.shouldIncludeAll ? null : getQueryFields(fields.permitted);\n\n    const validateFilters = async.pipe(\n      traverse.traverseQueryFilters(throwDisallowedFields(permittedFields), ctx),\n      traverse.traverseQueryFilters(throwDisallowedAdminUserFields, ctx),\n      traverse.traverseQueryFilters(throwPassword, ctx),\n      traverse.traverseQueryFilters(({ key, value, path }) => {\n        if (isObject(value) && isEmpty(value)) {\n          throwInvalidKey({ key, path: path.attribute });\n        }\n      }, ctx)\n    );\n\n    const validateSort = async.pipe(\n      traverse.traverseQuerySort(throwDisallowedFields(permittedFields), ctx),\n      traverse.traverseQuerySort(throwDisallowedAdminUserFields, ctx),\n      traverse.traverseQuerySort(throwPassword, ctx),\n      traverse.traverseQuerySort(({ key, attribute, value, path }) => {\n        if (!isScalarAttribute(attribute) && isEmpty(value)) {\n          throwInvalidKey({ key, path: path.attribute });\n        }\n      }, ctx)\n    );\n\n    const validateFields = async.pipe(\n      traverse.traverseQueryFields(throwDisallowedFields(permittedFields), ctx),\n      traverse.traverseQueryFields(throwPassword, ctx)\n    );\n\n    const validatePopulate = async.pipe(\n      traverse.traverseQueryPopulate(throwDisallowedFields(permittedFields), ctx),\n      traverse.traverseQueryPopulate(throwDisallowedAdminUserFields, ctx),\n      traverse.traverseQueryPopulate(throwHiddenFields, ctx),\n      traverse.traverseQueryPopulate(throwPassword, ctx)\n    );\n\n    return async (query: any) => {\n      if (query.filters) {\n        await validateFilters(query.filters);\n      }\n\n      if (query.sort) {\n        await validateSort(query.sort);\n      }\n\n      if (query.fields) {\n        await validateFields(query.fields);\n      }\n\n      // a wildcard is always valid; its conversion will be handled by the entity service and can be optimized with sanitizer\n      if (query.populate && query.populate !== '*') {\n        await validatePopulate(query.populate);\n      }\n\n      return true;\n    };\n  };\n\n  const createValidateInput = (options = {} as any) => {\n    const { fields } = options;\n\n    const permittedFields = fields.shouldIncludeAll ? null : getInputFields(fields.permitted);\n\n    return async.pipe(\n      // Remove fields hidden from the admin\n      traverseEntity(throwHiddenFields, ctx),\n      // Remove not allowed fields (RBAC)\n      traverseEntity(throwDisallowedFields(permittedFields), ctx),\n      // Remove roles from createdBy & updatedBy fields\n      omitCreatorRoles\n    );\n  };\n\n  const wrapValidate = (createValidateFunction: any) => {\n    // TODO\n    // @ts-expect-error define the correct return type\n    const wrappedValidate = async (data, options = {}): Promise<unknown> => {\n      if (isArray(data)) {\n        return Promise.all(data.map((entity: unknown) => wrappedValidate(entity, options)));\n      }\n\n      const { subject, action: actionOverride } = getDefaultOptions(data, options);\n\n      const permittedFields = permittedFieldsOf(ability, actionOverride, subject, {\n        fieldsFrom: (rule) => rule.fields || [],\n      });\n\n      const hasAtLeastOneRegistered = some(\n        (fields) => !isNil(fields),\n        flatMap(prop('fields'), ability.rulesFor(actionOverride, detectSubjectType(subject)))\n      );\n      const shouldIncludeAllFields = isEmpty(permittedFields) && !hasAtLeastOneRegistered;\n\n      const validateOptions = {\n        ...options,\n        fields: {\n          shouldIncludeAll: shouldIncludeAllFields,\n          permitted: permittedFields,\n          hasAtLeastOneRegistered,\n        },\n      };\n\n      const validateFunction = createValidateFunction(validateOptions);\n\n      return validateFunction(data);\n    };\n\n    return wrappedValidate;\n  };\n\n  const getDefaultOptions = (data: any, options: unknown) => {\n    return defaults({ subject: asSubject(model, data), action }, options);\n  };\n\n  /**\n   * Omit creator fields' (createdBy & updatedBy) roles from the admin API responses\n   */\n  const omitCreatorRoles = omit([`${CREATED_BY_ATTRIBUTE}.roles`, `${UPDATED_BY_ATTRIBUTE}.roles`]);\n\n  /**\n   * Visitor used to remove hidden fields from the admin API responses\n   */\n  const throwHiddenFields = ({ key, schema, path }: any) => {\n    const isHidden = getOr(false, ['config', 'attributes', key, 'hidden'], schema);\n\n    if (isHidden) {\n      throwInvalidKey({ key, path: path.attribute });\n    }\n  };\n\n  /**\n   * Visitor used to omit disallowed fields from the admin users entities & avoid leaking sensitive information\n   */\n  const throwDisallowedAdminUserFields = ({ key, attribute, schema, path }: any) => {\n    if (schema.uid === 'admin::user' && attribute && !ADMIN_USER_ALLOWED_FIELDS.includes(key)) {\n      throwInvalidKey({ key, path: path.attribute });\n    }\n  };\n\n  const getInputFields = (fields = []) => {\n    const nonVisibleAttributes = getNonVisibleAttributes(schema);\n    const writableAttributes = getWritableAttributes(schema);\n\n    const nonVisibleWritableAttributes = intersection(nonVisibleAttributes, writableAttributes);\n\n    return uniq([...fields, ...COMPONENT_FIELDS, ...nonVisibleWritableAttributes]);\n  };\n\n  const getQueryFields = (fields = []) => {\n    return uniq([\n      ...fields,\n      ...STATIC_FIELDS,\n      ...COMPONENT_FIELDS,\n      CREATED_AT_ATTRIBUTE,\n      UPDATED_AT_ATTRIBUTE,\n      PUBLISHED_AT_ATTRIBUTE,\n    ]);\n  };\n\n  return {\n    validateQuery: wrapValidate(createValidateQuery),\n    validateInput: wrapValidate(createValidateInput),\n  };\n};\n"],"names":["ValidationError","errors","throwPassword","throwDisallowedFields","validate","visitors","constants","isScalarAttribute","getNonVisibleAttributes","getWritableAttributes","contentTypes","ID_ATTRIBUTE","DOC_ID_ATTRIBUTE","CREATED_AT_ATTRIBUTE","UPDATED_AT_ATTRIBUTE","PUBLISHED_AT_ATTRIBUTE","CREATED_BY_ATTRIBUTE","UPDATED_BY_ATTRIBUTE","COMPONENT_FIELDS","STATIC_FIELDS","throwInvalidKey","key","path","msg","action","ability","model","schema","strapi","getModel","ctx","bind","createValidateQuery","options","fields","permittedFields","shouldIncludeAll","getQueryFields","permitted","validateFilters","async","pipe","traverse","traverseQueryFilters","throwDisallowedAdminUserFields","value","isObject","isEmpty","attribute","validateSort","traverseQuerySort","validateFields","traverseQueryFields","validatePopulate","traverseQueryPopulate","throwHiddenFields","query","filters","sort","populate","createValidateInput","getInputFields","traverseEntity","omitCreatorRoles","wrapValidate","createValidateFunction","wrappedValidate","data","isArray","Promise","all","map","entity","subject","actionOverride","getDefaultOptions","permittedFieldsOf","fieldsFrom","rule","hasAtLeastOneRegistered","some","isNil","flatMap","prop","rulesFor","detectSubjectType","shouldIncludeAllFields","validateOptions","validateFunction","defaults","asSubject","omit","isHidden","getOr","uid","ADMIN_USER_ALLOWED_FIELDS","includes","nonVisibleAttributes","writableAttributes","nonVisibleWritableAttributes","intersection","uniq","validateQuery","validateInput"],"mappings":";;;;;;;;AAoBA,MAAM,EAAEA,eAAe,EAAE,GAAGC,YAAAA;AAC5B,MAAM,EAAEC,aAAa,EAAEC,qBAAqB,EAAE,GAAGC,eAASC,QAAQ;AAElE,MAAM,EAAEC,SAAS,EAAEC,iBAAiB,EAAEC,uBAAuB,EAAEC,qBAAqB,EAAE,GACpFC,kBAAAA;AACF,MAAM,EACJC,YAAY,EACZC,gBAAgB,EAChBC,oBAAoB,EACpBC,oBAAoB,EACpBC,sBAAsB,EACtBC,oBAAoB,EACpBC,oBAAoB,EACrB,GAAGX,SAAAA;AAEJ,MAAMY,gBAAmB,GAAA;AAAC,IAAA;AAAc,CAAA;AAExC,MAAMC,aAAgB,GAAA;AAACR,IAAAA,YAAAA;AAAcC,IAAAA;AAAiB,CAAA;AAEtD,MAAMQ,kBAAkB,CAAC,EAAEC,GAAG,EAAEC,IAAI,EAAyC,GAAA;AAC3E,IAAA,MAAMC,MAAMD,IAAQA,IAAAA,IAAAA,KAASD,GAAM,GAAA,CAAC,YAAY,EAAEA,GAAAA,CAAI,IAAI,EAAEC,KAAK,CAAC,GAAG,CAAC,YAAY,EAAED,IAAI,CAAC;AAEzF,IAAA,MAAM,IAAIrB,eAAgBuB,CAAAA,GAAAA,CAAAA;AAC5B,CAAA;AAEA,4BAAe,CAAA,CAAC,EAAEC,MAAM,WAAEC,SAAO,EAAEC,KAAK,EAAO,GAAA;IAC7C,MAAMC,MAAAA,GAASC,MAAOC,CAAAA,QAAQ,CAACH,KAAAA,CAAAA;AAE/B,IAAA,MAAMI,GAAM,GAAA;AACVH,QAAAA,MAAAA;AACAE,QAAAA,QAAAA,EAAUD,MAAOC,CAAAA,QAAQ,CAACE,IAAI,CAACH,MAAAA;AACjC,KAAA;AAEA,IAAA,MAAMI,mBAAsB,GAAA,CAACC,OAAU,GAAA,EAAS,GAAA;QAC9C,MAAM,EAAEC,MAAM,EAAE,GAAGD,OAAAA;;AAGnB,QAAA,MAAME,kBAAkBD,MAAOE,CAAAA,gBAAgB,GAAG,IAAOC,GAAAA,cAAAA,CAAeH,OAAOI,SAAS,CAAA;AAExF,QAAA,MAAMC,eAAkBC,GAAAA,WAAAA,CAAMC,IAAI,CAChCC,cAASC,CAAAA,oBAAoB,CAACxC,qBAAAA,CAAsBgC,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA,EACtEY,cAASC,CAAAA,oBAAoB,CAACC,8BAAgCd,EAAAA,GAAAA,CAAAA,EAC9DY,cAASC,CAAAA,oBAAoB,CAACzC,aAAAA,EAAe4B,GAC7CY,CAAAA,EAAAA,cAAAA,CAASC,oBAAoB,CAAC,CAAC,EAAEtB,GAAG,EAAEwB,KAAK,EAAEvB,IAAI,EAAE,GAAA;YACjD,IAAIwB,WAAAA,CAASD,KAAUE,CAAAA,IAAAA,UAAAA,CAAQF,KAAQ,CAAA,EAAA;gBACrCzB,eAAgB,CAAA;AAAEC,oBAAAA,GAAAA;AAAKC,oBAAAA,IAAAA,EAAMA,KAAK0B;AAAU,iBAAA,CAAA;AAC9C;SACClB,EAAAA,GAAAA,CAAAA,CAAAA;AAGL,QAAA,MAAMmB,YAAeT,GAAAA,WAAAA,CAAMC,IAAI,CAC7BC,eAASQ,iBAAiB,CAAC/C,qBAAsBgC,CAAAA,eAAAA,CAAAA,EAAkBL,GACnEY,CAAAA,EAAAA,cAAAA,CAASQ,iBAAiB,CAACN,gCAAgCd,GAC3DY,CAAAA,EAAAA,cAAAA,CAASQ,iBAAiB,CAAChD,aAAe4B,EAAAA,GAAAA,CAAAA,EAC1CY,cAASQ,CAAAA,iBAAiB,CAAC,CAAC,EAAE7B,GAAG,EAAE2B,SAAS,EAAEH,KAAK,EAAEvB,IAAI,EAAE,GAAA;AACzD,YAAA,IAAI,CAACf,iBAAAA,CAAkByC,SAAcD,CAAAA,IAAAA,UAAAA,CAAQF,KAAQ,CAAA,EAAA;gBACnDzB,eAAgB,CAAA;AAAEC,oBAAAA,GAAAA;AAAKC,oBAAAA,IAAAA,EAAMA,KAAK0B;AAAU,iBAAA,CAAA;AAC9C;SACClB,EAAAA,GAAAA,CAAAA,CAAAA;AAGL,QAAA,MAAMqB,cAAiBX,GAAAA,WAAAA,CAAMC,IAAI,CAC/BC,cAASU,CAAAA,mBAAmB,CAACjD,qBAAAA,CAAsBgC,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA,EACrEY,cAASU,CAAAA,mBAAmB,CAAClD,aAAe4B,EAAAA,GAAAA,CAAAA,CAAAA;QAG9C,MAAMuB,gBAAAA,GAAmBb,YAAMC,IAAI,CACjCC,eAASY,qBAAqB,CAACnD,qBAAsBgC,CAAAA,eAAAA,CAAAA,EAAkBL,GACvEY,CAAAA,EAAAA,cAAAA,CAASY,qBAAqB,CAACV,8BAAAA,EAAgCd,GAC/DY,CAAAA,EAAAA,cAAAA,CAASY,qBAAqB,CAACC,mBAAmBzB,GAClDY,CAAAA,EAAAA,cAAAA,CAASY,qBAAqB,CAACpD,aAAe4B,EAAAA,GAAAA,CAAAA,CAAAA;AAGhD,QAAA,OAAO,OAAO0B,KAAAA,GAAAA;YACZ,IAAIA,KAAAA,CAAMC,OAAO,EAAE;gBACjB,MAAMlB,eAAAA,CAAgBiB,MAAMC,OAAO,CAAA;AACrC;YAEA,IAAID,KAAAA,CAAME,IAAI,EAAE;gBACd,MAAMT,YAAAA,CAAaO,MAAME,IAAI,CAAA;AAC/B;YAEA,IAAIF,KAAAA,CAAMtB,MAAM,EAAE;gBAChB,MAAMiB,cAAAA,CAAeK,MAAMtB,MAAM,CAAA;AACnC;;AAGA,YAAA,IAAIsB,MAAMG,QAAQ,IAAIH,KAAMG,CAAAA,QAAQ,KAAK,GAAK,EAAA;gBAC5C,MAAMN,gBAAAA,CAAiBG,MAAMG,QAAQ,CAAA;AACvC;YAEA,OAAO,IAAA;AACT,SAAA;AACF,KAAA;AAEA,IAAA,MAAMC,mBAAsB,GAAA,CAAC3B,OAAU,GAAA,EAAS,GAAA;QAC9C,MAAM,EAAEC,MAAM,EAAE,GAAGD,OAAAA;AAEnB,QAAA,MAAME,kBAAkBD,MAAOE,CAAAA,gBAAgB,GAAG,IAAOyB,GAAAA,cAAAA,CAAe3B,OAAOI,SAAS,CAAA;QAExF,OAAOE,WAAAA,CAAMC,IAAI;QAEfqB,oBAAeP,CAAAA,iBAAAA,EAAmBzB;QAElCgC,oBAAe3D,CAAAA,qBAAAA,CAAsBgC,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA;AAEvDiC,QAAAA,gBAAAA,CAAAA;AAEJ,KAAA;AAEA,IAAA,MAAMC,eAAe,CAACC,sBAAAA,GAAAA;;;AAGpB,QAAA,MAAMC,eAAkB,GAAA,OAAOC,IAAMlC,EAAAA,OAAAA,GAAU,EAAE,GAAA;AAC/C,YAAA,IAAImC,WAAQD,IAAO,CAAA,EAAA;gBACjB,OAAOE,OAAAA,CAAQC,GAAG,CAACH,IAAAA,CAAKI,GAAG,CAAC,CAACC,MAAoBN,GAAAA,eAAAA,CAAgBM,MAAQvC,EAAAA,OAAAA,CAAAA,CAAAA,CAAAA;AAC3E;YAEA,MAAM,EAAEwC,OAAO,EAAEjD,MAAAA,EAAQkD,cAAc,EAAE,GAAGC,kBAAkBR,IAAMlC,EAAAA,OAAAA,CAAAA;AAEpE,YAAA,MAAME,eAAkByC,GAAAA,uBAAAA,CAAkBnD,SAASiD,EAAAA,cAAAA,EAAgBD,OAAS,EAAA;AAC1EI,gBAAAA,UAAAA,EAAY,CAACC,IAAAA,GAASA,IAAK5C,CAAAA,MAAM,IAAI;AACvC,aAAA,CAAA;AAEA,YAAA,MAAM6C,uBAA0BC,GAAAA,OAAAA,CAC9B,CAAC9C,MAAAA,GAAW,CAAC+C,QAAM/C,CAAAA,MAAAA,CAAAA,EACnBgD,UAAQC,CAAAA,OAAAA,CAAK,QAAW1D,CAAAA,EAAAA,SAAAA,CAAQ2D,QAAQ,CAACV,gBAAgBW,yBAAkBZ,CAAAA,OAAAA,CAAAA,CAAAA,CAAAA,CAAAA;YAE7E,MAAMa,sBAAAA,GAAyBvC,UAAQZ,CAAAA,eAAAA,CAAAA,IAAoB,CAAC4C,uBAAAA;AAE5D,YAAA,MAAMQ,eAAkB,GAAA;AACtB,gBAAA,GAAGtD,OAAO;gBACVC,MAAQ,EAAA;oBACNE,gBAAkBkD,EAAAA,sBAAAA;oBAClBhD,SAAWH,EAAAA,eAAAA;AACX4C,oBAAAA;AACF;AACF,aAAA;AAEA,YAAA,MAAMS,mBAAmBvB,sBAAuBsB,CAAAA,eAAAA,CAAAA;AAEhD,YAAA,OAAOC,gBAAiBrB,CAAAA,IAAAA,CAAAA;AAC1B,SAAA;QAEA,OAAOD,eAAAA;AACT,KAAA;IAEA,MAAMS,iBAAAA,GAAoB,CAACR,IAAWlC,EAAAA,OAAAA,GAAAA;AACpC,QAAA,OAAOwD,WAAS,CAAA;AAAEhB,YAAAA,OAAAA,EAASiB,gBAAUhE,KAAOyC,EAAAA,IAAAA,CAAAA;AAAO3C,YAAAA;SAAUS,EAAAA,OAAAA,CAAAA;AAC/D,KAAA;AAEA;;MAGA,MAAM8B,mBAAmB4B,OAAK,CAAA;QAAC,CAAC,EAAE3E,oBAAqB,CAAA,MAAM,CAAC;QAAE,CAAC,EAAEC,oBAAqB,CAAA,MAAM;AAAE,KAAA,CAAA;AAEhG;;MAGA,MAAMsC,oBAAoB,CAAC,EAAElC,GAAG,EAAEM,MAAM,EAAEL,IAAI,EAAO,GAAA;QACnD,MAAMsE,QAAAA,GAAWC,SAAM,KAAO,EAAA;AAAC,YAAA,QAAA;AAAU,YAAA,YAAA;AAAcxE,YAAAA,GAAAA;AAAK,YAAA;SAAS,EAAEM,MAAAA,CAAAA;AAEvE,QAAA,IAAIiE,QAAU,EAAA;YACZxE,eAAgB,CAAA;AAAEC,gBAAAA,GAAAA;AAAKC,gBAAAA,IAAAA,EAAMA,KAAK0B;AAAU,aAAA,CAAA;AAC9C;AACF,KAAA;AAEA;;MAGA,MAAMJ,8BAAiC,GAAA,CAAC,EAAEvB,GAAG,EAAE2B,SAAS,EAAErB,MAAM,EAAEL,IAAI,EAAO,GAAA;QAC3E,IAAIK,MAAAA,CAAOmE,GAAG,KAAK,aAAA,IAAiB9C,aAAa,CAAC+C,8BAAAA,CAA0BC,QAAQ,CAAC3E,GAAM,CAAA,EAAA;YACzFD,eAAgB,CAAA;AAAEC,gBAAAA,GAAAA;AAAKC,gBAAAA,IAAAA,EAAMA,KAAK0B;AAAU,aAAA,CAAA;AAC9C;AACF,KAAA;IAEA,MAAMa,cAAAA,GAAiB,CAAC3B,MAAAA,GAAS,EAAE,GAAA;AACjC,QAAA,MAAM+D,uBAAuBzF,uBAAwBmB,CAAAA,MAAAA,CAAAA;AACrD,QAAA,MAAMuE,qBAAqBzF,qBAAsBkB,CAAAA,MAAAA,CAAAA;QAEjD,MAAMwE,4BAAAA,GAA+BC,gBAAaH,oBAAsBC,EAAAA,kBAAAA,CAAAA;AAExE,QAAA,OAAOG,OAAK,CAAA;AAAInE,YAAAA,GAAAA,MAAAA;AAAWhB,YAAAA,GAAAA,gBAAAA;AAAqBiF,YAAAA,GAAAA;AAA6B,SAAA,CAAA;AAC/E,KAAA;IAEA,MAAM9D,cAAAA,GAAiB,CAACH,MAAAA,GAAS,EAAE,GAAA;AACjC,QAAA,OAAOmE,OAAK,CAAA;AACPnE,YAAAA,GAAAA,MAAAA;AACAf,YAAAA,GAAAA,aAAAA;AACAD,YAAAA,GAAAA,gBAAAA;AACHL,YAAAA,oBAAAA;AACAC,YAAAA,oBAAAA;AACAC,YAAAA;AACD,SAAA,CAAA;AACH,KAAA;IAEA,OAAO;AACLuF,QAAAA,aAAAA,EAAetC,YAAahC,CAAAA,mBAAAA,CAAAA;AAC5BuE,QAAAA,aAAAA,EAAevC,YAAaJ,CAAAA,mBAAAA;AAC9B,KAAA;AACF,CAAA;;;;"}
+{"version":3,"file":"validate.js","sources":["../../../../../../../server/src/services/permission/permissions-manager/validate.ts"],"sourcesContent":["import { subject as asSubject, detectSubjectType } from '@casl/ability';\nimport { permittedFieldsOf } from '@casl/ability/extra';\nimport {\n  defaults,\n  omit,\n  isArray,\n  isEmpty,\n  isNil,\n  flatMap,\n  some,\n  prop,\n  uniq,\n  intersection,\n  getOr,\n  isObject,\n} from 'lodash/fp';\n\nimport { contentTypes, traverseEntity, traverse, validate, async, errors } from '@strapi/utils';\nimport { ADMIN_USER_ALLOWED_FIELDS } from '../../../domain/user';\n\nconst { ValidationError } = errors;\nconst { throwPassword, throwDisallowedFields } = validate.visitors;\n\nconst { constants, isScalarAttribute, getNonVisibleAttributes, getWritableAttributes } =\n  contentTypes;\nconst {\n  ID_ATTRIBUTE,\n  DOC_ID_ATTRIBUTE,\n  CREATED_AT_ATTRIBUTE,\n  UPDATED_AT_ATTRIBUTE,\n  PUBLISHED_AT_ATTRIBUTE,\n  CREATED_BY_ATTRIBUTE,\n  UPDATED_BY_ATTRIBUTE,\n} = constants;\n\nconst COMPONENT_FIELDS = ['__component'];\n\nconst STATIC_FIELDS = [ID_ATTRIBUTE, DOC_ID_ATTRIBUTE];\n\nconst throwInvalidKey = ({ key, path }: { key: string; path?: string | null }) => {\n  const msg = path && path !== key ? `Invalid key ${key} at ${path}` : `Invalid key ${key}`;\n\n  throw new ValidationError(msg);\n};\n\nexport default ({ action, ability, model }: any) => {\n  const schema = strapi.getModel(model);\n\n  const ctx = {\n    schema,\n    getModel: strapi.getModel.bind(strapi),\n  };\n\n  const createValidateQuery = (options = {} as any) => {\n    const { fields } = options;\n\n    // TODO: validate relations to admin users in all validators\n    const permittedFields = fields.shouldIncludeAll ? null : getQueryFields(fields.permitted);\n\n    const validateFilters = async.pipe(\n      traverse.traverseQueryFilters(throwDisallowedFields(permittedFields), ctx),\n      traverse.traverseQueryFilters(throwDisallowedAdminUserFields, ctx),\n      traverse.traverseQueryFilters(throwPassword, ctx),\n      traverse.traverseQueryFilters(({ key, value, path }) => {\n        if (isObject(value) && isEmpty(value)) {\n          throwInvalidKey({ key, path: path.attribute });\n        }\n      }, ctx)\n    );\n\n    const validateSort = async.pipe(\n      traverse.traverseQuerySort(throwDisallowedFields(permittedFields), ctx),\n      traverse.traverseQuerySort(throwDisallowedAdminUserFields, ctx),\n      traverse.traverseQuerySort(throwPassword, ctx),\n      traverse.traverseQuerySort(({ key, attribute, value, path }) => {\n        if (!isScalarAttribute(attribute) && isEmpty(value)) {\n          throwInvalidKey({ key, path: path.attribute });\n        }\n      }, ctx)\n    );\n\n    const validateFields = async.pipe(\n      traverse.traverseQueryFields(throwDisallowedFields(permittedFields), ctx),\n      traverse.traverseQueryFields(throwPassword, ctx)\n    );\n\n    const validatePopulate = async.pipe(\n      traverse.traverseQueryPopulate(throwDisallowedFields(permittedFields), ctx),\n      traverse.traverseQueryPopulate(throwDisallowedAdminUserFields, ctx),\n      traverse.traverseQueryPopulate(throwHiddenFields, ctx),\n      traverse.traverseQueryPopulate(throwPassword, ctx)\n    );\n\n    return async (query: any) => {\n      if (query.filters) {\n        await validateFilters(query.filters);\n      }\n\n      if (query.sort) {\n        await validateSort(query.sort);\n      }\n\n      if (query.fields) {\n        await validateFields(query.fields);\n      }\n\n      // a wildcard is always valid; its conversion will be handled by the entity service and can be optimized with sanitizer\n      if (query.populate && query.populate !== '*') {\n        await validatePopulate(query.populate);\n      }\n\n      return true;\n    };\n  };\n\n  const createValidateInput = (options = {} as any) => {\n    const { fields } = options;\n\n    const permittedFields = fields.shouldIncludeAll ? null : getInputFields(fields.permitted);\n\n    return async.pipe(\n      // Remove fields hidden from the admin\n      traverseEntity(throwHiddenFields, ctx),\n      // Remove not allowed fields (RBAC)\n      traverseEntity(throwDisallowedFields(permittedFields), ctx),\n      // Remove roles from createdBy & updatedBy fields\n      omitCreatorRoles\n    );\n  };\n\n  const wrapValidate = (createValidateFunction: any) => {\n    // TODO\n    // @ts-expect-error define the correct return type\n    const wrappedValidate = async (data, options = {}): Promise<unknown> => {\n      if (isArray(data)) {\n        return Promise.all(data.map((entity: unknown) => wrappedValidate(entity, options)));\n      }\n\n      const { subject, action: actionOverride } = getDefaultOptions(data, options);\n\n      const permittedFields = permittedFieldsOf(ability, actionOverride, subject, {\n        fieldsFrom: (rule) => rule.fields || [],\n      });\n\n      const hasAtLeastOneRegistered = some(\n        (fields) => !isNil(fields),\n        flatMap(prop('fields'), ability.rulesFor(actionOverride, detectSubjectType(subject)))\n      );\n      const shouldIncludeAllFields = isEmpty(permittedFields) && !hasAtLeastOneRegistered;\n\n      const validateOptions = {\n        ...options,\n        fields: {\n          shouldIncludeAll: shouldIncludeAllFields,\n          permitted: permittedFields,\n          hasAtLeastOneRegistered,\n        },\n      };\n\n      const validateFunction = createValidateFunction(validateOptions);\n\n      return validateFunction(data);\n    };\n\n    return wrappedValidate;\n  };\n\n  const getDefaultOptions = (data: any, options: unknown) => {\n    return defaults({ subject: asSubject(model, data), action }, options);\n  };\n\n  /**\n   * Omit creator fields' (createdBy & updatedBy) roles from the admin API responses\n   */\n  const omitCreatorRoles = omit([`${CREATED_BY_ATTRIBUTE}.roles`, `${UPDATED_BY_ATTRIBUTE}.roles`]);\n\n  /**\n   * Visitor used to remove hidden fields from the admin API responses\n   */\n  const throwHiddenFields = ({ key, schema, path }: any) => {\n    const isHidden = getOr(false, ['config', 'attributes', key, 'hidden'], schema);\n\n    if (isHidden) {\n      throwInvalidKey({ key, path: path.attribute });\n    }\n  };\n\n  /**\n   * Visitor used to omit disallowed fields from the admin users entities & avoid leaking sensitive information\n   */\n  const throwDisallowedAdminUserFields = ({ key, attribute, schema, path }: any) => {\n    if (schema.uid === 'admin::user' && attribute && !ADMIN_USER_ALLOWED_FIELDS.includes(key)) {\n      throwInvalidKey({ key, path: path.attribute });\n    }\n  };\n\n  const getInputFields = (fields = []) => {\n    const nonVisibleAttributes = getNonVisibleAttributes(schema);\n    const writableAttributes = getWritableAttributes(schema);\n\n    const nonVisibleWritableAttributes = intersection(nonVisibleAttributes, writableAttributes);\n\n    return uniq([...fields, ...COMPONENT_FIELDS, ...nonVisibleWritableAttributes]);\n  };\n\n  const getQueryFields = (fields = []) => {\n    return uniq([\n      ...fields,\n      ...STATIC_FIELDS,\n      ...COMPONENT_FIELDS,\n      CREATED_AT_ATTRIBUTE,\n      UPDATED_AT_ATTRIBUTE,\n      PUBLISHED_AT_ATTRIBUTE,\n    ]);\n  };\n\n  return {\n    validateQuery: wrapValidate(createValidateQuery),\n    validateInput: wrapValidate(createValidateInput),\n  };\n};\n"],"names":["ValidationError","errors","throwPassword","throwDisallowedFields","validate","visitors","constants","isScalarAttribute","getNonVisibleAttributes","getWritableAttributes","contentTypes","ID_ATTRIBUTE","DOC_ID_ATTRIBUTE","CREATED_AT_ATTRIBUTE","UPDATED_AT_ATTRIBUTE","PUBLISHED_AT_ATTRIBUTE","CREATED_BY_ATTRIBUTE","UPDATED_BY_ATTRIBUTE","COMPONENT_FIELDS","STATIC_FIELDS","throwInvalidKey","key","path","msg","action","ability","model","schema","strapi","getModel","ctx","bind","createValidateQuery","options","fields","permittedFields","shouldIncludeAll","getQueryFields","permitted","validateFilters","async","pipe","traverse","traverseQueryFilters","throwDisallowedAdminUserFields","value","isObject","isEmpty","attribute","validateSort","traverseQuerySort","validateFields","traverseQueryFields","validatePopulate","traverseQueryPopulate","throwHiddenFields","query","filters","sort","populate","createValidateInput","getInputFields","traverseEntity","omitCreatorRoles","wrapValidate","createValidateFunction","wrappedValidate","data","isArray","Promise","all","map","entity","subject","actionOverride","getDefaultOptions","permittedFieldsOf","fieldsFrom","rule","hasAtLeastOneRegistered","some","isNil","flatMap","prop","rulesFor","detectSubjectType","shouldIncludeAllFields","validateOptions","validateFunction","defaults","asSubject","omit","isHidden","getOr","uid","ADMIN_USER_ALLOWED_FIELDS","includes","nonVisibleAttributes","writableAttributes","nonVisibleWritableAttributes","intersection","uniq","validateQuery","validateInput"],"mappings":";;;;;;;;AAoBA,MAAM,EAAEA,eAAe,EAAE,GAAGC,YAAAA;AAC5B,MAAM,EAAEC,aAAa,EAAEC,qBAAqB,EAAE,GAAGC,eAASC,QAAQ;AAElE,MAAM,EAAEC,SAAS,EAAEC,iBAAiB,EAAEC,uBAAuB,EAAEC,qBAAqB,EAAE,GACpFC,kBAAAA;AACF,MAAM,EACJC,YAAY,EACZC,gBAAgB,EAChBC,oBAAoB,EACpBC,oBAAoB,EACpBC,sBAAsB,EACtBC,oBAAoB,EACpBC,oBAAoB,EACrB,GAAGX,SAAAA;AAEJ,MAAMY,gBAAmB,GAAA;AAAC,IAAA;AAAc,CAAA;AAExC,MAAMC,aAAgB,GAAA;AAACR,IAAAA,YAAAA;AAAcC,IAAAA;AAAiB,CAAA;AAEtD,MAAMQ,kBAAkB,CAAC,EAAEC,GAAG,EAAEC,IAAI,EAAyC,GAAA;AAC3E,IAAA,MAAMC,GAAMD,GAAAA,IAAAA,IAAQA,IAASD,KAAAA,GAAAA,GAAM,CAAC,YAAY,EAAEA,GAAI,CAAA,IAAI,EAAEC,IAAM,CAAA,CAAA,GAAG,CAAC,YAAY,EAAED,GAAK,CAAA,CAAA;AAEzF,IAAA,MAAM,IAAIrB,eAAgBuB,CAAAA,GAAAA,CAAAA;AAC5B,CAAA;AAEA,4BAAe,CAAA,CAAC,EAAEC,MAAM,WAAEC,SAAO,EAAEC,KAAK,EAAO,GAAA;IAC7C,MAAMC,MAAAA,GAASC,MAAOC,CAAAA,QAAQ,CAACH,KAAAA,CAAAA;AAE/B,IAAA,MAAMI,GAAM,GAAA;AACVH,QAAAA,MAAAA;AACAE,QAAAA,QAAAA,EAAUD,MAAOC,CAAAA,QAAQ,CAACE,IAAI,CAACH,MAAAA;AACjC,KAAA;AAEA,IAAA,MAAMI,mBAAsB,GAAA,CAACC,OAAU,GAAA,EAAS,GAAA;QAC9C,MAAM,EAAEC,MAAM,EAAE,GAAGD,OAAAA;;AAGnB,QAAA,MAAME,kBAAkBD,MAAOE,CAAAA,gBAAgB,GAAG,IAAOC,GAAAA,cAAAA,CAAeH,OAAOI,SAAS,CAAA;AAExF,QAAA,MAAMC,eAAkBC,GAAAA,WAAAA,CAAMC,IAAI,CAChCC,cAASC,CAAAA,oBAAoB,CAACxC,qBAAAA,CAAsBgC,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA,EACtEY,cAASC,CAAAA,oBAAoB,CAACC,8BAAgCd,EAAAA,GAAAA,CAAAA,EAC9DY,cAASC,CAAAA,oBAAoB,CAACzC,aAAAA,EAAe4B,GAC7CY,CAAAA,EAAAA,cAAAA,CAASC,oBAAoB,CAAC,CAAC,EAAEtB,GAAG,EAAEwB,KAAK,EAAEvB,IAAI,EAAE,GAAA;YACjD,IAAIwB,WAAAA,CAASD,KAAUE,CAAAA,IAAAA,UAAAA,CAAQF,KAAQ,CAAA,EAAA;gBACrCzB,eAAgB,CAAA;AAAEC,oBAAAA,GAAAA;AAAKC,oBAAAA,IAAAA,EAAMA,KAAK0B;AAAU,iBAAA,CAAA;AAC9C;SACClB,EAAAA,GAAAA,CAAAA,CAAAA;AAGL,QAAA,MAAMmB,YAAeT,GAAAA,WAAAA,CAAMC,IAAI,CAC7BC,eAASQ,iBAAiB,CAAC/C,qBAAsBgC,CAAAA,eAAAA,CAAAA,EAAkBL,GACnEY,CAAAA,EAAAA,cAAAA,CAASQ,iBAAiB,CAACN,gCAAgCd,GAC3DY,CAAAA,EAAAA,cAAAA,CAASQ,iBAAiB,CAAChD,aAAe4B,EAAAA,GAAAA,CAAAA,EAC1CY,cAASQ,CAAAA,iBAAiB,CAAC,CAAC,EAAE7B,GAAG,EAAE2B,SAAS,EAAEH,KAAK,EAAEvB,IAAI,EAAE,GAAA;AACzD,YAAA,IAAI,CAACf,iBAAAA,CAAkByC,SAAcD,CAAAA,IAAAA,UAAAA,CAAQF,KAAQ,CAAA,EAAA;gBACnDzB,eAAgB,CAAA;AAAEC,oBAAAA,GAAAA;AAAKC,oBAAAA,IAAAA,EAAMA,KAAK0B;AAAU,iBAAA,CAAA;AAC9C;SACClB,EAAAA,GAAAA,CAAAA,CAAAA;AAGL,QAAA,MAAMqB,cAAiBX,GAAAA,WAAAA,CAAMC,IAAI,CAC/BC,cAASU,CAAAA,mBAAmB,CAACjD,qBAAAA,CAAsBgC,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA,EACrEY,cAASU,CAAAA,mBAAmB,CAAClD,aAAe4B,EAAAA,GAAAA,CAAAA,CAAAA;QAG9C,MAAMuB,gBAAAA,GAAmBb,YAAMC,IAAI,CACjCC,eAASY,qBAAqB,CAACnD,qBAAsBgC,CAAAA,eAAAA,CAAAA,EAAkBL,GACvEY,CAAAA,EAAAA,cAAAA,CAASY,qBAAqB,CAACV,8BAAAA,EAAgCd,GAC/DY,CAAAA,EAAAA,cAAAA,CAASY,qBAAqB,CAACC,mBAAmBzB,GAClDY,CAAAA,EAAAA,cAAAA,CAASY,qBAAqB,CAACpD,aAAe4B,EAAAA,GAAAA,CAAAA,CAAAA;AAGhD,QAAA,OAAO,OAAO0B,KAAAA,GAAAA;YACZ,IAAIA,KAAAA,CAAMC,OAAO,EAAE;gBACjB,MAAMlB,eAAAA,CAAgBiB,MAAMC,OAAO,CAAA;AACrC;YAEA,IAAID,KAAAA,CAAME,IAAI,EAAE;gBACd,MAAMT,YAAAA,CAAaO,MAAME,IAAI,CAAA;AAC/B;YAEA,IAAIF,KAAAA,CAAMtB,MAAM,EAAE;gBAChB,MAAMiB,cAAAA,CAAeK,MAAMtB,MAAM,CAAA;AACnC;;AAGA,YAAA,IAAIsB,MAAMG,QAAQ,IAAIH,KAAMG,CAAAA,QAAQ,KAAK,GAAK,EAAA;gBAC5C,MAAMN,gBAAAA,CAAiBG,MAAMG,QAAQ,CAAA;AACvC;YAEA,OAAO,IAAA;AACT,SAAA;AACF,KAAA;AAEA,IAAA,MAAMC,mBAAsB,GAAA,CAAC3B,OAAU,GAAA,EAAS,GAAA;QAC9C,MAAM,EAAEC,MAAM,EAAE,GAAGD,OAAAA;AAEnB,QAAA,MAAME,kBAAkBD,MAAOE,CAAAA,gBAAgB,GAAG,IAAOyB,GAAAA,cAAAA,CAAe3B,OAAOI,SAAS,CAAA;QAExF,OAAOE,WAAAA,CAAMC,IAAI;QAEfqB,oBAAeP,CAAAA,iBAAAA,EAAmBzB;QAElCgC,oBAAe3D,CAAAA,qBAAAA,CAAsBgC,eAAkBL,CAAAA,EAAAA,GAAAA,CAAAA;AAEvDiC,QAAAA,gBAAAA,CAAAA;AAEJ,KAAA;AAEA,IAAA,MAAMC,eAAe,CAACC,sBAAAA,GAAAA;;;AAGpB,QAAA,MAAMC,eAAkB,GAAA,OAAOC,IAAMlC,EAAAA,OAAAA,GAAU,EAAE,GAAA;AAC/C,YAAA,IAAImC,WAAQD,IAAO,CAAA,EAAA;gBACjB,OAAOE,OAAAA,CAAQC,GAAG,CAACH,IAAAA,CAAKI,GAAG,CAAC,CAACC,MAAoBN,GAAAA,eAAAA,CAAgBM,MAAQvC,EAAAA,OAAAA,CAAAA,CAAAA,CAAAA;AAC3E;YAEA,MAAM,EAAEwC,OAAO,EAAEjD,MAAAA,EAAQkD,cAAc,EAAE,GAAGC,kBAAkBR,IAAMlC,EAAAA,OAAAA,CAAAA;AAEpE,YAAA,MAAME,eAAkByC,GAAAA,uBAAAA,CAAkBnD,SAASiD,EAAAA,cAAAA,EAAgBD,OAAS,EAAA;AAC1EI,gBAAAA,UAAAA,EAAY,CAACC,IAAAA,GAASA,IAAK5C,CAAAA,MAAM,IAAI;AACvC,aAAA,CAAA;AAEA,YAAA,MAAM6C,uBAA0BC,GAAAA,OAAAA,CAC9B,CAAC9C,MAAAA,GAAW,CAAC+C,QAAM/C,CAAAA,MAAAA,CAAAA,EACnBgD,UAAQC,CAAAA,OAAAA,CAAK,QAAW1D,CAAAA,EAAAA,SAAAA,CAAQ2D,QAAQ,CAACV,gBAAgBW,yBAAkBZ,CAAAA,OAAAA,CAAAA,CAAAA,CAAAA,CAAAA;YAE7E,MAAMa,sBAAAA,GAAyBvC,UAAQZ,CAAAA,eAAAA,CAAAA,IAAoB,CAAC4C,uBAAAA;AAE5D,YAAA,MAAMQ,eAAkB,GAAA;AACtB,gBAAA,GAAGtD,OAAO;gBACVC,MAAQ,EAAA;oBACNE,gBAAkBkD,EAAAA,sBAAAA;oBAClBhD,SAAWH,EAAAA,eAAAA;AACX4C,oBAAAA;AACF;AACF,aAAA;AAEA,YAAA,MAAMS,mBAAmBvB,sBAAuBsB,CAAAA,eAAAA,CAAAA;AAEhD,YAAA,OAAOC,gBAAiBrB,CAAAA,IAAAA,CAAAA;AAC1B,SAAA;QAEA,OAAOD,eAAAA;AACT,KAAA;IAEA,MAAMS,iBAAAA,GAAoB,CAACR,IAAWlC,EAAAA,OAAAA,GAAAA;AACpC,QAAA,OAAOwD,WAAS,CAAA;AAAEhB,YAAAA,OAAAA,EAASiB,gBAAUhE,KAAOyC,EAAAA,IAAAA,CAAAA;AAAO3C,YAAAA;SAAUS,EAAAA,OAAAA,CAAAA;AAC/D,KAAA;AAEA;;MAGA,MAAM8B,mBAAmB4B,OAAK,CAAA;QAAC,CAAG3E,EAAAA,oBAAAA,CAAqB,MAAM,CAAC;QAAE,CAAGC,EAAAA,oBAAAA,CAAqB,MAAM;AAAE,KAAA,CAAA;AAEhG;;MAGA,MAAMsC,oBAAoB,CAAC,EAAElC,GAAG,EAAEM,MAAM,EAAEL,IAAI,EAAO,GAAA;QACnD,MAAMsE,QAAAA,GAAWC,SAAM,KAAO,EAAA;AAAC,YAAA,QAAA;AAAU,YAAA,YAAA;AAAcxE,YAAAA,GAAAA;AAAK,YAAA;SAAS,EAAEM,MAAAA,CAAAA;AAEvE,QAAA,IAAIiE,QAAU,EAAA;YACZxE,eAAgB,CAAA;AAAEC,gBAAAA,GAAAA;AAAKC,gBAAAA,IAAAA,EAAMA,KAAK0B;AAAU,aAAA,CAAA;AAC9C;AACF,KAAA;AAEA;;MAGA,MAAMJ,8BAAiC,GAAA,CAAC,EAAEvB,GAAG,EAAE2B,SAAS,EAAErB,MAAM,EAAEL,IAAI,EAAO,GAAA;QAC3E,IAAIK,MAAAA,CAAOmE,GAAG,KAAK,aAAA,IAAiB9C,aAAa,CAAC+C,8BAAAA,CAA0BC,QAAQ,CAAC3E,GAAM,CAAA,EAAA;YACzFD,eAAgB,CAAA;AAAEC,gBAAAA,GAAAA;AAAKC,gBAAAA,IAAAA,EAAMA,KAAK0B;AAAU,aAAA,CAAA;AAC9C;AACF,KAAA;IAEA,MAAMa,cAAAA,GAAiB,CAAC3B,MAAAA,GAAS,EAAE,GAAA;AACjC,QAAA,MAAM+D,uBAAuBzF,uBAAwBmB,CAAAA,MAAAA,CAAAA;AACrD,QAAA,MAAMuE,qBAAqBzF,qBAAsBkB,CAAAA,MAAAA,CAAAA;QAEjD,MAAMwE,4BAAAA,GAA+BC,gBAAaH,oBAAsBC,EAAAA,kBAAAA,CAAAA;AAExE,QAAA,OAAOG,OAAK,CAAA;AAAInE,YAAAA,GAAAA,MAAAA;AAAWhB,YAAAA,GAAAA,gBAAAA;AAAqBiF,YAAAA,GAAAA;AAA6B,SAAA,CAAA;AAC/E,KAAA;IAEA,MAAM9D,cAAAA,GAAiB,CAACH,MAAAA,GAAS,EAAE,GAAA;AACjC,QAAA,OAAOmE,OAAK,CAAA;AACPnE,YAAAA,GAAAA,MAAAA;AACAf,YAAAA,GAAAA,aAAAA;AACAD,YAAAA,GAAAA,gBAAAA;AACHL,YAAAA,oBAAAA;AACAC,YAAAA,oBAAAA;AACAC,YAAAA;AACD,SAAA,CAAA;AACH,KAAA;IAEA,OAAO;AACLuF,QAAAA,aAAAA,EAAetC,YAAahC,CAAAA,mBAAAA,CAAAA;AAC5BuE,QAAAA,aAAAA,EAAevC,YAAaJ,CAAAA,mBAAAA;AAC9B,KAAA;AACF,CAAA;;;;"}