npm - @strapi/admin - Versions diffs - 5.43.0 → 5.45.0 - Mend

@strapi/admin 5.43.0 → 5.45.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (384) hide show

package/dist/admin/src/pages/Settings/components/Tokens/FormApiTokenContainer.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import * as React from 'react';
+import { FormikErrors } from 'formik';
+import type { ApiToken, ContentApiApiToken } from '../../../../../../shared/contracts/api-token';
+interface FormApiTokenContainerProps {
+    errors?: FormikErrors<Pick<ContentApiApiToken, 'name' | 'description' | 'lifespan' | 'type'>>;
+    onChange: ({ target: { name, value } }: {
+        target: {
+            name: string;
+            value: string;
+        };
+    }) => void;
+    canEditInputs: boolean;
+    values?: Partial<Pick<ContentApiApiToken, 'name' | 'description' | 'lifespan' | 'type'>>;
+    isCreating: boolean;
+    apiToken?: null | Partial<ApiToken>;
+    kind: 'admin' | 'content-api';
+    onDispatch: React.Dispatch<{
+        type: any;
+        value?: unknown;
+    }>;
+    setHasChangedPermissions: (hasChanged: boolean) => void;
+}
+export declare const FormApiTokenContainer: ({ errors, onChange, canEditInputs, isCreating, values, apiToken, kind, onDispatch, setHasChangedPermissions, }: FormApiTokenContainerProps) => import("react/jsx-runtime").JSX.Element;
+export {};

package/dist/admin/src/pages/Settings/components/Tokens/Table.d.ts CHANGED Viewed

@@ -11,7 +11,8 @@ interface TableProps extends Pick<TableImpl.Props<SanitizedTransferToken | ApiTo
     };
     tokens: SanitizedTransferToken[] | ApiToken[];
     tokenType: 'api-token' | 'transfer-token';
+    showOwner?: boolean;
 }
-declare const Table: ({ permissions, headers, isLoading, tokens, onConfirmDelete, tokenType, }: TableProps) => import("react/jsx-runtime").JSX.Element;
+declare const Table: ({ permissions, headers, isLoading, tokens, onConfirmDelete, tokenType, showOwner, }: TableProps) => import("react/jsx-runtime").JSX.Element;
 export { Table };
 export type { TableProps };

package/dist/admin/src/pages/Settings/components/Tokens/constants.d.ts CHANGED Viewed

@@ -1,2 +1,19 @@
+import * as yup from 'yup';
 export declare const API_TOKEN_TYPE = "api-token";
 export declare const TRANSFER_TOKEN_TYPE = "transfer-token";
+export declare const apiTokenInformationSchema: yup.default<import("yup/lib/object").Assign<import("yup/lib/object").ObjectShape, {
+    name: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
+    type: yup.default<string | undefined, Record<string, any>, string | undefined>;
+    description: yup.default<string | null | undefined, Record<string, any>, string | null | undefined>;
+    lifespan: import("yup/lib/number").DefinedNumberSchema<number | null | undefined, Record<string, any>>;
+}>, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").Assign<import("yup/lib/object").ObjectShape, {
+    name: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
+    type: yup.default<string | undefined, Record<string, any>, string | undefined>;
+    description: yup.default<string | null | undefined, Record<string, any>, string | null | undefined>;
+    lifespan: import("yup/lib/number").DefinedNumberSchema<number | null | undefined, Record<string, any>>;
+}>>, import("yup/lib/object").AssertsShape<import("yup/lib/object").Assign<import("yup/lib/object").ObjectShape, {
+    name: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
+    type: yup.default<string | undefined, Record<string, any>, string | undefined>;
+    description: yup.default<string | null | undefined, Record<string, any>, string | null | undefined>;
+    lifespan: import("yup/lib/number").DefinedNumberSchema<number | null | undefined, Record<string, any>>;
+}>>>;

package/dist/admin/src/pages/Settings/constants.d.ts CHANGED Viewed

@@ -1,2 +1,2 @@
 import type { RouteObject } from 'react-router-dom';
-export declare const ROUTES_CE: RouteObject[];
+export declare const ROUTES_CE: () => RouteObject[];

package/dist/admin/src/pages/Settings/pages/AdminTokens/CreateView.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export declare const ProtectedCreateView: () => import("react/jsx-runtime").JSX.Element;

package/dist/admin/src/pages/Settings/pages/AdminTokens/EditView/EditViewPage.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const EditView: () => import("react/jsx-runtime").JSX.Element;
2	+ export declare const ProtectedEditView: () => import("react/jsx-runtime").JSX.Element;

package/dist/admin/src/pages/Settings/pages/AdminTokens/EditView/components/AdminPermissions.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import * as React from 'react';
+import { PermissionsAPI } from '../../../Roles/components/Permissions';
+import type { Permission } from '../../../../../../../../shared/contracts/shared';
+import type { Data } from '@strapi/types';
+export interface AdminPermissionsProps {
+    disabled?: boolean;
+    initialAdminPermissions: Permission[];
+    /** Undefined in create mode. */
+    tokenId?: string;
+    /** The owner's user id. Undefined in create mode, user can only create a token for themselves. */
+    ownerUserId?: Data.ID | null;
+}
+export declare const AdminPermissions: React.ForwardRefExoticComponent<AdminPermissionsProps & React.RefAttributes<PermissionsAPI>>;

package/dist/admin/src/pages/Settings/pages/AdminTokens/ListView.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const ListView: () => import("react/jsx-runtime").JSX.Element;
2	+ export declare const ProtectedListView: () => import("react/jsx-runtime").JSX.Element;

package/dist/admin/src/pages/Settings/pages/Roles/components/CollapsePropertyMatrix.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { Action, SubjectProperty } from '../../../../../../../shared/contracts/permissions';
-interface CollapsePropertyMatrixProps extends Pick<ActionRowProps, 'childrenForm' | 'isFormDisabled' | 'label' | 'pathToData' | 'propertyName'> {
+interface CollapsePropertyMatrixProps extends Pick<ActionRowProps, 'childrenForm' | 'isFormDisabled' | 'label' | 'pathToData' | 'propertyName' | 'subject'> {
     availableActions?: Array<Action & {
         isDisplayed: boolean;
     }>;
@@ -9,8 +9,8 @@ interface PropertyAction {
     actionId: string;
     isActionRelatedToCurrentProperty: boolean;
 }
-declare const CollapsePropertyMatrix: ({ availableActions, childrenForm, isFormDisabled, label, pathToData, propertyName, }: CollapsePropertyMatrixProps) => import("react/jsx-runtime").JSX.Element;
-interface ActionRowProps extends Pick<SubActionRowProps, 'childrenForm' | 'isFormDisabled' | 'propertyActions' | 'propertyName'> {
+declare const CollapsePropertyMatrix: ({ availableActions, childrenForm, isFormDisabled, label, pathToData, propertyName, subject, }: CollapsePropertyMatrixProps) => import("react/jsx-runtime").JSX.Element;
+interface ActionRowProps extends Pick<SubActionRowProps, 'childrenForm' | 'isFormDisabled' | 'propertyActions' | 'propertyName' | 'subject'> {
     label: string;
     name: string;
     required?: boolean;
@@ -24,6 +24,7 @@ interface SubActionRowProps {
     pathToDataFromActionRow: string;
     propertyActions: PropertyAction[];
     propertyName: string;
+    subject?: string;
     recursiveLevel: number;
 }
 export { CollapsePropertyMatrix };

package/dist/admin/src/pages/Settings/pages/Roles/components/ConditionsModal.d.ts CHANGED Viewed

@@ -11,9 +11,10 @@ interface ConditionAction extends Pick<ActionRowProps, 'label'> {
 interface ConditionsModalProps extends Pick<ActionRowProps, 'isFormDisabled'> {
     actions?: Array<ConditionAction | HiddenCheckboxAction | VisibleCheckboxAction>;
     headerBreadCrumbs?: string[];
+    isReadOnly?: boolean;
     onClose?: () => void;
 }
-declare const ConditionsModal: ({ actions, headerBreadCrumbs, isFormDisabled, onClose, }: ConditionsModalProps) => import("react/jsx-runtime").JSX.Element;
+declare const ConditionsModal: ({ actions, headerBreadCrumbs, isFormDisabled, isReadOnly, onClose, }: ConditionsModalProps) => import("react/jsx-runtime").JSX.Element;
 interface ActionRowProps {
     arrayOfOptionsGroupedByCategory: Array<[
         string,
@@ -21,6 +22,7 @@ interface ActionRowProps {
     ]>;
     isFormDisabled?: boolean;
     isGrey?: boolean;
+    isReadOnly?: boolean;
     label: string;
     name: string;
     onChange?: (name: string, values: Record<string, boolean>) => void;

package/dist/admin/src/pages/Settings/pages/Roles/components/ContentTypeCollapses.d.ts CHANGED Viewed

@@ -13,6 +13,7 @@ interface CollapseProps extends Pick<RowLabelWithCheckboxProps, 'isActive' | 'is
     isGrey?: boolean;
     onClickToggle: RowLabelWithCheckboxProps['onClick'];
     pathToData: string;
+    subject: string;
 }
 interface VisibleCheckboxAction {
     actionId: string;

package/dist/admin/src/pages/Settings/pages/Roles/components/Permissions.d.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import * as React from 'react';
 import * as PermissonContracts from '../../../../../../../shared/contracts/permissions';
 import { Permission } from '../../../../../../../shared/contracts/shared';
+import { Permission as AuthPermission } from '../../../../../features/Auth';
 import { ConditionForm, Form } from '../utils/forms';
 import { GenericLayout } from '../utils/layouts';
 export interface PermissionsAPI {
@@ -15,6 +16,7 @@ interface PermissionsProps {
     isFormDisabled?: boolean;
     permissions?: Permission[];
     layout: PermissonContracts.GetAll.Response['data'];
+    userPermissions?: AuthPermission[];
 }
 declare const Permissions: React.ForwardRefExoticComponent<PermissionsProps & React.RefAttributes<PermissionsAPI>>;
 interface PermissionForms {
@@ -38,6 +40,7 @@ interface OnChangeCollectionTypeGlobalActionCheckboxAction {
     collectionTypeKind: keyof PermissionForms;
     actionId: string;
     value: boolean;
+    userPermissions?: AuthPermission[];
 }
 interface OnChangeCollectionTypeRowLeftCheckboxAction {
     type: 'ON_CHANGE_COLLECTION_TYPE_ROW_LEFT_CHECKBOX';
@@ -45,10 +48,12 @@ interface OnChangeCollectionTypeRowLeftCheckboxAction {
     propertyName: string;
     rowName: string;
     value: boolean;
+    userPermissions?: AuthPermission[];
 }
 interface OnChangeConditionsAction {
     type: 'ON_CHANGE_CONDITIONS';
     conditions: Record<string, ConditionForm>;
+    userPermissions?: AuthPermission[];
 }
 export { Permissions };
 export type { State, OnChangeCollectionTypeRowLeftCheckboxAction, OnChangeConditionsAction, OnChangeCollectionTypeGlobalActionCheckboxAction, };

package/dist/admin/src/pages/Settings/pages/Roles/hooks/usePermissionsDataManager.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
-/// <reference types="react" />
+import * as React from 'react';
 import { Condition } from '../../../../../../../shared/contracts/permissions';
+import { Permission as AuthPermission } from '../../../../../features/Auth';
 import type { OnChangeCollectionTypeGlobalActionCheckboxAction, OnChangeCollectionTypeRowLeftCheckboxAction, OnChangeConditionsAction, State } from '../components/Permissions';
 export interface PermissionsDataManagerContextValue extends Pick<State, 'modifiedData'> {
     availableConditions: Condition[];
@@ -18,12 +19,12 @@ export interface PermissionsDataManagerContextValue extends Pick<State, 'modifie
         };
     }) => void;
     onChangeCollectionTypeGlobalActionCheckbox: (collectionTypeKind: OnChangeCollectionTypeGlobalActionCheckboxAction['collectionTypeKind'], actionId: OnChangeCollectionTypeGlobalActionCheckboxAction['actionId'], value: OnChangeCollectionTypeGlobalActionCheckboxAction['value']) => void;
+    userPermissions?: AuthPermission[];
+    checkUserHasPermission: (action: string, subject?: string | null, field?: string) => boolean;
 }
-declare const PermissionsDataManagerProvider: {
-    (props: PermissionsDataManagerContextValue & {
-        children: import("react").ReactNode;
-    }): JSX.Element;
-    displayName: string;
-};
 export declare const usePermissionsDataManager: () => PermissionsDataManagerContextValue;
+interface PermissionsDataManagerProviderProps extends Omit<PermissionsDataManagerContextValue, 'checkUserHasPermission'> {
+    children: React.ReactNode;
+}
+declare const PermissionsDataManagerProvider: ({ children, userPermissions, availableConditions, modifiedData, onChangeConditions, onChangeSimpleCheckbox, onChangeParentCheckbox, onChangeCollectionTypeLeftActionRowCheckbox, onChangeCollectionTypeGlobalActionCheckbox, }: PermissionsDataManagerProviderProps) => import("react/jsx-runtime").JSX.Element;
 export { PermissionsDataManagerProvider };

package/dist/admin/src/pages/Settings/pages/Roles/utils/createPermissionChecker.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+/**
+ * Utility functions for creating permission checkers used in bulk update operations.
+ * These functions encapsulate the logic for validating whether a user has permission
+ * to modify specific fields/actions during role and app token editing.
+ */
+import type { Permission as AuthPermission } from '../../../../../features/Auth';
+/**
+ * Creates a permission checker function for field-level permission validation.
+ * Used in bulk update operations to filter which leaves can be modified.
+ *
+ * @param actionId - The action to check (e.g., 'plugin::content-manager.explorer.create')
+ * @param subject - The subject to check (e.g., 'api::article.article'), or null for plugins/settings
+ * @param userPermissions - Array of user permissions, or undefined for Role editing mode
+ * @returns A checker function that validates if a given path should be allowed,
+ *          or undefined if in Role editing mode (no restrictions)
+ */
+export declare const createFieldPermissionChecker: (actionId: string, subject: string | null, userPermissions: AuthPermission[] | undefined) => ((path: string[]) => boolean) | undefined;
+/**
+ * Creates a permission checker for content type operations where the action ID
+ * may need to be extracted from the path itself (for content type name checkboxes).
+ *
+ * @param subject - The subject to check
+ * @param actionIdFromContext - The action ID from parent context (may be undefined)
+ * @param userPermissions - Array of user permissions, or undefined for Role editing mode
+ * @returns A checker function or undefined if in Role editing mode
+ */
+export declare const createDynamicActionPermissionChecker: (subject: string | null | undefined, actionIdFromContext: string | undefined, userPermissions: AuthPermission[] | undefined) => ((path: string[]) => boolean) | undefined;

package/dist/admin/src/pages/Settings/pages/Roles/utils/updateValues.d.ts CHANGED Viewed

@@ -4,5 +4,11 @@
  * of an object.
  * This utility is very helpful when dealing with parent<>children checkboxes
  */
-declare const updateValues: (obj: object, valueToSet: boolean, isFieldUpdate?: boolean) => object;
-export { updateValues };
+declare const updateValues: (obj: object, valueToSet: boolean, isFieldUpdate?: boolean) => Record<string, unknown>;
+/**
+ * Permission-aware version of updateValues.
+ * When permissionChecker is undefined (Role editing), behaves like updateValues.
+ * When permissionChecker is provided (Admin Token editing), filters leaf updates based on permissions.
+ */
+declare const updateValuesWithPermissions: (obj: object, valueToSet: boolean, permissionChecker?: (path: string[]) => boolean, currentPath?: string[], isFieldUpdate?: boolean) => Record<string, unknown>;
+export { updateValues, updateValuesWithPermissions };

package/dist/admin/src/services/apiTokens.d.ts CHANGED Viewed

@@ -1,3 +1,6 @@
+import * as AdminToken from '../../../shared/contracts/admin-token';
 import * as ApiToken from '../../../shared/contracts/api-token';
-declare const useGetAPITokensQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<void, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ApiToken", ApiToken.ApiToken[], "adminApi">>, useGetAPITokenQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<import("@strapi/types/dist/data").ID, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ApiToken", ApiToken.ApiToken, "adminApi">>, useCreateAPITokenMutation: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseMutation<import("@reduxjs/toolkit/query").MutationDefinition<ApiToken.ApiTokenBody, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ApiToken", ApiToken.ApiToken, "adminApi">>, useDeleteAPITokenMutation: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseMutation<import("@reduxjs/toolkit/query").MutationDefinition<import("@strapi/types/dist/data").ID, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ApiToken", ApiToken.ApiToken, "adminApi">>, useUpdateAPITokenMutation: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseMutation<import("@reduxjs/toolkit/query").MutationDefinition<ApiToken.Update.Params & ApiToken.ApiTokenBody, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ApiToken", ApiToken.ApiToken, "adminApi">>;
-export { useGetAPITokensQuery, useGetAPITokenQuery, useCreateAPITokenMutation, useDeleteAPITokenMutation, useUpdateAPITokenMutation, };
+declare const useGetAPITokensQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<void | {}, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ApiToken", ApiToken.ContentApiApiToken[], "adminApi">>, useGetAPITokenQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<import("@strapi/types/dist/data").ID, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ApiToken", ApiToken.ContentApiApiToken, "adminApi">>, useCreateAPITokenMutation: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseMutation<import("@reduxjs/toolkit/query").MutationDefinition<ApiToken.ContentApiApiTokenBody, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ApiToken", ApiToken.ContentApiApiToken, "adminApi">>, useDeleteAPITokenMutation: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseMutation<import("@reduxjs/toolkit/query").MutationDefinition<import("@strapi/types/dist/data").ID, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ApiToken", ApiToken.ContentApiApiToken, "adminApi">>, useUpdateAPITokenMutation: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseMutation<import("@reduxjs/toolkit/query").MutationDefinition<ApiToken.Update.Params & Partial<ApiToken.ContentApiApiTokenBody>, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ApiToken", ApiToken.ContentApiApiToken, "adminApi">>, useGetAPITokenOwnerPermissionsQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<string, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ApiToken", import("../../../shared/contracts/shared").Permission[], "adminApi">>, useGetAdminTokensQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<void, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ApiToken", AdminToken.AdminApiToken[], "adminApi">>, useGetAdminTokenQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<import("@strapi/types/dist/data").ID, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ApiToken", AdminToken.AdminApiToken, "adminApi">>, useCreateAdminTokenMutation: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseMutation<import("@reduxjs/toolkit/query").MutationDefinition<Pick<AdminToken.AdminApiToken, "description" | "name" | "lifespan"> & {
+    adminPermissions?: Omit<import("../../../shared/contracts/shared").Permission, "id" | "createdAt" | "updatedAt" | "actionParameters">[] | undefined;
+}, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ApiToken", AdminToken.AdminApiToken, "adminApi">>, useDeleteAdminTokenMutation: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseMutation<import("@reduxjs/toolkit/query").MutationDefinition<import("@strapi/types/dist/data").ID, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ApiToken", AdminToken.AdminApiToken, "adminApi">>, useUpdateAdminTokenMutation: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseMutation<import("@reduxjs/toolkit/query").MutationDefinition<AdminToken.Update.Params & Partial<AdminToken.AdminTokenBody>, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ApiToken", AdminToken.AdminApiToken, "adminApi">>;
+export { useGetAPITokensQuery, useGetAPITokenQuery, useCreateAPITokenMutation, useDeleteAPITokenMutation, useUpdateAPITokenMutation, useGetAPITokenOwnerPermissionsQuery, useGetAdminTokensQuery, useGetAdminTokenQuery, useCreateAdminTokenMutation, useDeleteAdminTokenMutation, useUpdateAdminTokenMutation, };

package/dist/admin/src/types/permissions.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import type { Permission } from '../features/Auth';
-type SettingsPermissions = 'api-tokens' | 'project-settings' | 'roles' | 'transfer-tokens' | 'users' | 'webhooks';
+type SettingsPermissions = 'admin-tokens' | 'api-tokens' | 'project-settings' | 'roles' | 'transfer-tokens' | 'users' | 'webhooks';
 type EESettingsPermissions = 'auditLogs' | 'review-workflows' | 'sso' | 'releases';
 type CRUDPermissions = {
     main?: Permission[];

package/dist/admin/src/utils/getFetchClient.d.ts CHANGED Viewed

@@ -36,12 +36,14 @@ declare const attemptTokenRefresh: () => Promise<string>;
 type FetchResponse<TData = any> = {
     data: TData;
     status?: number;
+    headers?: Headers;
 };
 type FetchOptions = {
     params?: any;
     signal?: AbortSignal;
     headers?: Record<string, string>;
     validateStatus?: ((status: number) => boolean) | null;
+    responseType?: 'json' | 'blob' | 'text' | 'arrayBuffer';
 };
 type FetchConfig = {
     signal?: AbortSignal;
@@ -64,7 +66,18 @@ declare class FetchError extends Error {
 }
 declare const isFetchError: (error: unknown) => error is FetchError;
 type FetchClient = {
-    get: <TData = any>(url: string, config?: FetchOptions) => Promise<FetchResponse<TData>>;
+    get: {
+        (url: string, config: FetchOptions & {
+            responseType: 'blob';
+        }): Promise<FetchResponse<Blob>>;
+        (url: string, config: FetchOptions & {
+            responseType: 'text';
+        }): Promise<FetchResponse<string>>;
+        (url: string, config: FetchOptions & {
+            responseType: 'arrayBuffer';
+        }): Promise<FetchResponse<ArrayBuffer>>;
+        <TData = any>(url: string, config?: FetchOptions): Promise<FetchResponse<TData>>;
+    };
     put: <TData = any, TSend = any>(url: string, data?: TSend, config?: FetchOptions) => Promise<FetchResponse<TData>>;
     post: <TData = any, TSend = any>(url: string, data?: TSend, config?: FetchOptions) => Promise<FetchResponse<TData>>;
     del: <TData = any>(url: string, config?: FetchOptions) => Promise<FetchResponse<TData>>;

package/dist/server/server/src/bootstrap.js CHANGED Viewed

@@ -30,10 +30,42 @@ const registerModelHooks = ()=>{
         ],
         afterCreate: sendDidChangeInterfaceLanguage,
         afterDelete: sendDidChangeInterfaceLanguage,
-        afterUpdate ({ params }) {
-            if (params.data.preferedLanguage) {
+        async beforeDelete (event) {
+            // Delete all admin API tokens owned by this user before the user row is removed
+            await index.getService('api-token-admin').deleteTokensForUser(event.params.where.id);
+        },
+        async afterUpdate (event) {
+            if (event.params.data?.preferedLanguage) {
                 sendDidChangeInterfaceLanguage();
             }
+            if (event.params.data?.roles !== undefined) {
+                // We re-sync token permissions for all owner users with their role when the user is updated
+                await index.getService('api-token-admin').syncPermissionsForUser(event.result.id);
+            }
+        }
+    });
+    strapi.db.lifecycles.subscribe({
+        models: [
+            'admin::role'
+        ],
+        // We re-sync token permissions for all owner users with this role when the role is deleted
+        async beforeDelete (event) {
+            const users = await strapi.db.query('admin::user').findMany({
+                where: {
+                    roles: {
+                        id: event.params.where.id
+                    }
+                },
+                select: [
+                    'id'
+                ]
+            });
+            event.state.affectedUserIds = users.map((u)=>u.id);
+        },
+        async afterDelete (event) {
+            for (const userId of event.state.affectedUserIds ?? []){
+                await index.getService('api-token-admin').syncPermissionsForUser(userId);
+            }
         }
     });
 };
@@ -83,9 +115,9 @@ const syncAPITokensPermissions = async ()=>{
  * @sideEffects Creates new API tokens in the database if conditions are met.
  */ const createDefaultAPITokensIfNeeded = async ()=>{
     const userService = index.getService('user');
-    const apiTokenService = index.getService('api-token');
+    const apiTokenService = index.getService('api-token-content-api');
     const usersCount = await userService.count();
-    const apiTokenCount = await apiTokenService.count();
+    const apiTokenCount = await apiTokenService.countAll();
     if (usersCount === 0 && apiTokenCount === 0) {
         for (const token of constants.DEFAULT_API_TOKENS){
             await apiTokenService.create(token);
@@ -126,7 +158,7 @@ var bootstrap = (async ({ strapi: strapi1 })=>{
     const permissionService = index.getService('permission');
     const userService = index.getService('user');
     const roleService = index.getService('role');
-    const apiTokenService = index.getService('api-token');
+    const apiTokenService = index.getService('api-token-content-api');
     const transferService = index.getService('transfer');
     const tokenService = index.getService('token');
     await roleService.createRolesIfNoneExist();

package/dist/server/server/src/bootstrap.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"bootstrap.js","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport { getTokenOptions, expiresInToSeconds } from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/*\n Ensures the creation of default API tokens during the app creation.\n \n Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n \n @sideEffects Creates new API tokens in the database if conditions are met.\n /\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.count();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Get the merged token options (includes defaults merged with user config)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn if using deprecated legacy expiresIn for new session settings\n const hasLegacyExpires = options?.expiresIn != null;\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh \|\| !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n algorithm: options?.algorithm,\n // Pass through all JWT options (includes privateKey, publicKey, and any other options)\n jwtOptions: options,\n });\n\n const isProduction = process.env.NODE_ENV === 'production';\n const adminCookieSecure = strapi.config.get('admin.auth.cookie.secure');\n if (isProduction && adminCookieSecure === false) {\n strapi.log.warn(\n 'Server is in production mode, but admin.auth.cookie.secure has been set to false. This is not recommended and will allow cookies to be sent over insecure connections.'\n );\n }\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","afterUpdate","params","data","preferedLanguage","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","id","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","query","findMany","map","unknownPermissions","uniq","difference","length","deleteMany","where","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasNewMaxRefresh","config","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","algorithm","jwtOptions","isProduction","process","env","NODE_ENV","adminCookieSecure","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;;;AAeA,MAAMA,wBAAAA,GAA2B;IAC/BC,SAAAA,EAAW;QACTC,YAAAA,EAAc,KAAA;QACdC,WAAAA,EAAa,IAAA;QACbC,cAAAA,EAAgB;AAClB;AACF,CAAA;AAEA,MAAMC,yBAAAA,GAA4B,UAAA;AAChC,IAAA,MAAMC,iBAAW,YAAA,CAAA,CAAcC,cAAc,CAACC,YAAY,CAACC,qBAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAAAA,GAA0B,UAAA;AAC9B,IAAA,MAAML,iBAAW,YAAA,CAAA,CAAcM,iBAAiB,CAACJ,YAAY,CAACK,wBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAAA,GAAqB,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,gBAAAA,CAAW,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAAA,EAAQ;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAAA,EAAaN,8BAAAA;QACbO,WAAAA,EAAaP,8BAAAA;QACbQ,WAAAA,CAAAA,CAAY,EAAEC,MAAM,EAAE,EAAA;AACpB,YAAA,IAAIA,MAAAA,CAAOC,IAAI,CAACC,gBAAgB,EAAE;AAChCX,gBAAAA,8BAAAA,EAAAA;AACF,YAAA;AACF,QAAA;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMY,gBAAAA,GAAmB,UAAA;AACvB,IAAA,MAAMC,UAAAA,GAAa,MAAMZ,MAAAA,CAAOa,KAAK,CAAC;QAAEC,IAAAA,EAAM,MAAA;QAAQC,IAAAA,EAAM;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAAA,GAAoB,MAAMJ,UAAAA,CAAWK,GAAG,CAAC;QAAEC,GAAAA,EAAK;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,SAAMrC,wBAAAA,EAA0BiC,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAAA,GAAa,MAAMhC,gBAAAA,CAAW,MAAA,CAAA,CAAQiC,MAAM,CAAC;QACjDC,EAAAA,EAAIJ,eAAAA,CAAgBnC,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACmC,UAAAA,EAAY;QACfF,eAAAA,CAAgBnC,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C,IAAA;IAEA,MAAM0B,UAAAA,CAAWY,GAAG,CAAC;QAAEN,GAAAA,EAAK,MAAA;QAAQO,KAAAA,EAAON;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMO,wBAAAA,GAA2B,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB3B,MAAAA,CAAO4B,UAAU,CAACC,WAAW,CAAC7C,SAAS,CAAC8C,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAAA,GAAkB,MAAMC,WAAAA,CAAMC,IAAI,CACtClC,MAAAA,CAAOC,EAAE,CAACkC,KAAK,CAAC,6BAAA,CAAA,CAA+BC,QAAQ,EACvDC,MAAAA,CAAI,QAAA,CAAA,CAAA,EAAA;IAGN,MAAMC,kBAAAA,GAAqBC,OAAAA,CAAKC,aAAAA,CAAWR,eAAAA,EAAiBL,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIW,kBAAAA,CAAmBG,MAAM,GAAG,CAAA,EAAG;AACjC,QAAA,MAAMzC,OAAOC,EAAE,CACZkC,KAAK,CAAC,6BAAA,CAAA,CACNO,UAAU,CAAC;YAAEC,KAAAA,EAAO;gBAAEb,MAAAA,EAAQ;oBAAEc,GAAAA,EAAKN;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE,IAAA;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMO,8BAAAA,GAAiC,UAAA;AACrC,IAAA,MAAMC,cAAczD,gBAAAA,CAAW,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,gBAAAA,CAAW,WAAA,CAAA;IAEnC,MAAM2D,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBE,KAAK,EAAA;IAEjD,IAAID,UAAAA,KAAe,CAAA,IAAKE,aAAAA,KAAkB,CAAA,EAAG;AAC3C,QAAA,KAAK,MAAMC,KAAAA,IAASC,SAAAA,CAAUC,kBAAkB,CAAE;YAChD,MAAMN,eAAAA,CAAgBO,MAAM,CAACH,KAAAA,CAAAA;AAC/B,QAAA;AACF,IAAA;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEnD,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;IAEvD,MAAM,EAAEuD,OAAO,EAAE,GAAGC,qBAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,wBAAAA,CAAmBH,OAAAA,EAASI,SAAAA,CAAAA,IAAcC,8CAAAA;IAC5C,MAAMC,wBAAAA,GACJH,wBAAAA,CAAmBH,OAAAA,EAASI,SAAAA,CAAAA,IAAcG,wCAAAA;;IAG5C,MAAMC,gBAAAA,GAAmBR,SAASI,SAAAA,IAAa,IAAA;AAC/C,IAAA,MAAMK,mBAAmBhE,OAAAA,CAAOiE,MAAM,CAAChD,GAAG,CAAC,6CAAA,CAAA,IAAkD,IAAA;AAC7F,IAAA,MAAMiD,mBAAmBlE,OAAAA,CAAOiE,MAAM,CAAChD,GAAG,CAAC,wCAAA,CAAA,IAA6C,IAAA;AAExF,IAAA,IAAI8C,qBAAqB,CAACC,gBAAAA,IAAoB,CAACE,gBAAe,CAAA,EAAI;QAChElE,OAAAA,CAAOmE,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ,IAAA;AAEApE,IAAAA,OAAAA,CAAOqE,cAAc,CAACC,YAAY,CAAC,OAAA,EAAS;AAC1CC,QAAAA,SAAAA,EAAWvE,OAAAA,CAAOiE,MAAM,CAAChD,GAAG,CAAC,mBAAA,CAAA;AAC7BuD,QAAAA,mBAAAA,EAAqBxE,QAAOiE,MAAM,CAAChD,GAAG,CAAC,2CAA2C,EAAA,GAAK,EAAA,CAAA;AACvFwD,QAAAA,uBAAAA,EAAyBzE,OAAAA,CAAOiE,MAAM,CAAChD,GAAG,CACxC,6CAAA,EACAwC,wBAAAA,CAAAA;AAEFiB,QAAAA,wBAAAA,EAA0B1E,OAAAA,CAAOiE,MAAM,CAAChD,GAAG,CACzC,8CAAA,EACA0D,+CAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB5E,OAAAA,CAAOiE,MAAM,CAAChD,GAAG,CACnC,wCAAA,EACA4C,wBAAAA,CAAAA;AAEFgB,QAAAA,mBAAAA,EAAqB7E,OAAAA,CAAOiE,MAAM,CAAChD,GAAG,CACpC,yCAAA,EACA6D,yCAAAA,CAAAA;AAEFC,QAAAA,SAAAA,EAAWxB,OAAAA,EAASwB,SAAAA;;QAEpBC,UAAAA,EAAYzB;AACd,KAAA,CAAA;AAEA,IAAA,MAAM0B,YAAAA,GAAeC,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;AAC9C,IAAA,MAAMC,iBAAAA,GAAoBrF,OAAAA,CAAOiE,MAAM,CAAChD,GAAG,CAAC,0BAAA,CAAA;IAC5C,IAAIgE,YAAAA,IAAgBI,sBAAsB,KAAA,EAAO;QAC/CrF,OAAAA,CAAOmE,GAAG,CAACC,IAAI,CACb,wKAAA,CAAA;AAEJ,IAAA;IAEA,MAAM1E,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMwF,oBAAoBjG,gBAAAA,CAAW,YAAA,CAAA;AACrC,IAAA,MAAMyD,cAAczD,gBAAAA,CAAW,MAAA,CAAA;AAC/B,IAAA,MAAMkG,cAAclG,gBAAAA,CAAW,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,gBAAAA,CAAW,WAAA,CAAA;AACnC,IAAA,MAAMmG,kBAAkBnG,gBAAAA,CAAW,UAAA,CAAA;AACnC,IAAA,MAAMoG,eAAepG,gBAAAA,CAAW,OAAA,CAAA;AAEhC,IAAA,MAAMkG,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAM/C,YAAYgD,iCAAiC,EAAA;IAEnD,MAAMnF,gBAAAA,EAAAA;IACN,MAAMe,wBAAAA,EAAAA;IAEN,MAAMrC,gBAAAA,CAAW,SAAA,CAAA,CAAW0G,4BAA4B,CAAC/F,OAAAA,CAAAA;IACzDX,gBAAAA,CAAW,SAAA,CAAA,CAAW2G,SAAS,CAAChG,OAAAA,CAAAA;AAEhC+C,IAAAA,eAAAA,CAAgBkD,kBAAkB,EAAA;IAClCT,eAAAA,CAAgBrC,KAAK,CAAC8C,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMrD,8BAAAA,EAAAA;AACR,CAAA;;;;"}
1	+ {"version":3,"file":"bootstrap.js","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport { getTokenOptions, expiresInToSeconds } from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n async beforeDelete(event) {\n // Delete all admin API tokens owned by this user before the user row is removed\n await getService('api-token-admin').deleteTokensForUser(event.params.where.id);\n },\n async afterUpdate(event) {\n if (event.params.data?.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n if (event.params.data?.roles !== undefined) {\n // We re-sync token permissions for all owner users with their role when the user is updated\n await getService('api-token-admin').syncPermissionsForUser(event.result.id);\n }\n },\n });\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::role'],\n // We re-sync token permissions for all owner users with this role when the role is deleted\n async beforeDelete(event) {\n const users = await strapi.db.query('admin::user').findMany({\n where: { roles: { id: event.params.where.id } },\n select: ['id'],\n });\n event.state.affectedUserIds = users.map((u: { id: unknown }) => u.id);\n },\n async afterDelete(event) {\n for (const userId of (event.state.affectedUserIds as unknown[]) ?? []) {\n await getService('api-token-admin').syncPermissionsForUser(userId as string \| number);\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/*\n Ensures the creation of default API tokens during the app creation.\n \n Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n \n @sideEffects Creates new API tokens in the database if conditions are met.\n /\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token-content-api');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.countAll();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Get the merged token options (includes defaults merged with user config)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn if using deprecated legacy expiresIn for new session settings\n const hasLegacyExpires = options?.expiresIn != null;\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh \|\| !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n algorithm: options?.algorithm,\n // Pass through all JWT options (includes privateKey, publicKey, and any other options)\n jwtOptions: options,\n });\n\n const isProduction = process.env.NODE_ENV === 'production';\n const adminCookieSecure = strapi.config.get('admin.auth.cookie.secure');\n if (isProduction && adminCookieSecure === false) {\n strapi.log.warn(\n 'Server is in production mode, but admin.auth.cookie.secure has been set to false. This is not recommended and will allow cookies to be sent over insecure connections.'\n );\n }\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token-content-api');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","beforeDelete","event","deleteTokensForUser","params","where","id","afterUpdate","data","preferedLanguage","roles","undefined","syncPermissionsForUser","result","users","query","findMany","select","state","affectedUserIds","map","u","userId","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","unknownPermissions","uniq","difference","length","deleteMany","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","countAll","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasNewMaxRefresh","config","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","algorithm","jwtOptions","isProduction","process","env","NODE_ENV","adminCookieSecure","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;;;AAeA,MAAMA,wBAAAA,GAA2B;IAC/BC,SAAAA,EAAW;QACTC,YAAAA,EAAc,KAAA;QACdC,WAAAA,EAAa,IAAA;QACbC,cAAAA,EAAgB;AAClB;AACF,CAAA;AAEA,MAAMC,yBAAAA,GAA4B,UAAA;AAChC,IAAA,MAAMC,iBAAW,YAAA,CAAA,CAAcC,cAAc,CAACC,YAAY,CAACC,qBAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAAAA,GAA0B,UAAA;AAC9B,IAAA,MAAML,iBAAW,YAAA,CAAA,CAAcM,iBAAiB,CAACJ,YAAY,CAACK,wBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAAA,GAAqB,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,gBAAAA,CAAW,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAAA,EAAQ;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAAA,EAAaN,8BAAAA;QACbO,WAAAA,EAAaP,8BAAAA;AACb,QAAA,MAAMQ,cAAaC,KAAK,EAAA;;YAEtB,MAAMnB,gBAAAA,CAAW,mBAAmBoB,mBAAmB,CAACD,MAAME,MAAM,CAACC,KAAK,CAACC,EAAE,CAAA;AAC/E,QAAA,CAAA;AACA,QAAA,MAAMC,aAAYL,KAAK,EAAA;AACrB,YAAA,IAAIA,KAAAA,CAAME,MAAM,CAACI,IAAI,EAAEC,gBAAAA,EAAkB;AACvChB,gBAAAA,8BAAAA,EAAAA;AACF,YAAA;AACA,YAAA,IAAIS,MAAME,MAAM,CAACI,IAAI,EAAEE,UAAUC,SAAAA,EAAW;;AAE1C,gBAAA,MAAM5B,iBAAW,iBAAA,CAAA,CAAmB6B,sBAAsB,CAACV,KAAAA,CAAMW,MAAM,CAACP,EAAE,CAAA;AAC5E,YAAA;AACF,QAAA;AACF,KAAA,CAAA;AAEAZ,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAAA,EAAQ;AAAC,YAAA;AAAc,SAAA;;AAEvB,QAAA,MAAMG,cAAaC,KAAK,EAAA;YACtB,MAAMY,KAAAA,GAAQ,MAAMpB,MAAAA,CAAOC,EAAE,CAACoB,KAAK,CAAC,aAAA,CAAA,CAAeC,QAAQ,CAAC;gBAC1DX,KAAAA,EAAO;oBAAEK,KAAAA,EAAO;AAAEJ,wBAAAA,EAAAA,EAAIJ,KAAAA,CAAME,MAAM,CAACC,KAAK,CAACC;AAAG;AAAE,iBAAA;gBAC9CW,MAAAA,EAAQ;AAAC,oBAAA;AAAK;AAChB,aAAA,CAAA;YACAf,KAAAA,CAAMgB,KAAK,CAACC,eAAe,GAAGL,KAAAA,CAAMM,GAAG,CAAC,CAACC,CAAAA,GAAuBA,CAAAA,CAAEf,EAAE,CAAA;AACtE,QAAA,CAAA;AACA,QAAA,MAAMN,aAAYE,KAAK,EAAA;YACrB,KAAK,MAAMoB,UAAU,KAACpB,CAAMgB,KAAK,CAACC,eAAe,IAAkB,EAAE,CAAE;gBACrE,MAAMpC,gBAAAA,CAAW,iBAAA,CAAA,CAAmB6B,sBAAsB,CAACU,MAAAA,CAAAA;AAC7D,YAAA;AACF,QAAA;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMC,gBAAAA,GAAmB,UAAA;AACvB,IAAA,MAAMC,UAAAA,GAAa,MAAM9B,MAAAA,CAAO+B,KAAK,CAAC;QAAEC,IAAAA,EAAM,MAAA;QAAQC,IAAAA,EAAM;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAAA,GAAoB,MAAMJ,UAAAA,CAAWK,GAAG,CAAC;QAAEC,GAAAA,EAAK;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,SAAMvD,wBAAAA,EAA0BmD,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAAA,GAAa,MAAMlD,gBAAAA,CAAW,MAAA,CAAA,CAAQmD,MAAM,CAAC;QACjD5B,EAAAA,EAAIyB,eAAAA,CAAgBrD,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACqD,UAAAA,EAAY;QACfF,eAAAA,CAAgBrD,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C,IAAA;IAEA,MAAM4C,UAAAA,CAAWW,GAAG,CAAC;QAAEL,GAAAA,EAAK,MAAA;QAAQM,KAAAA,EAAOL;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMM,wBAAAA,GAA2B,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB5C,MAAAA,CAAO6C,UAAU,CAACC,WAAW,CAAC9D,SAAS,CAAC+D,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAAA,GAAkB,MAAMC,WAAAA,CAAMC,IAAI,CACtCnD,MAAAA,CAAOC,EAAE,CAACoB,KAAK,CAAC,6BAAA,CAAA,CAA+BC,QAAQ,EACvDI,MAAAA,CAAI,QAAA,CAAA,CAAA,EAAA;IAGN,MAAM0B,kBAAAA,GAAqBC,OAAAA,CAAKC,aAAAA,CAAWL,eAAAA,EAAiBL,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIQ,kBAAAA,CAAmBG,MAAM,GAAG,CAAA,EAAG;AACjC,QAAA,MAAMvD,OAAOC,EAAE,CACZoB,KAAK,CAAC,6BAAA,CAAA,CACNmC,UAAU,CAAC;YAAE7C,KAAAA,EAAO;gBAAEoC,MAAAA,EAAQ;oBAAEU,GAAAA,EAAKL;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE,IAAA;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMM,8BAAAA,GAAiC,UAAA;AACrC,IAAA,MAAMC,cAActE,gBAAAA,CAAW,MAAA,CAAA;AAC/B,IAAA,MAAMuE,kBAAkBvE,gBAAAA,CAAW,uBAAA,CAAA;IAEnC,MAAMwE,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBI,QAAQ,EAAA;IAEpD,IAAIH,UAAAA,KAAe,CAAA,IAAKE,aAAAA,KAAkB,CAAA,EAAG;AAC3C,QAAA,KAAK,MAAME,KAAAA,IAASC,SAAAA,CAAUC,kBAAkB,CAAE;YAChD,MAAMP,eAAAA,CAAgBQ,MAAM,CAACH,KAAAA,CAAAA;AAC/B,QAAA;AACF,IAAA;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEjE,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;IAEvD,MAAM,EAAEqE,OAAO,EAAE,GAAGC,qBAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,wBAAAA,CAAmBH,OAAAA,EAASI,SAAAA,CAAAA,IAAcC,8CAAAA;IAC5C,MAAMC,wBAAAA,GACJH,wBAAAA,CAAmBH,OAAAA,EAASI,SAAAA,CAAAA,IAAcG,wCAAAA;;IAG5C,MAAMC,gBAAAA,GAAmBR,SAASI,SAAAA,IAAa,IAAA;AAC/C,IAAA,MAAMK,mBAAmB9E,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,6CAAA,CAAA,IAAkD,IAAA;AAC7F,IAAA,MAAM6C,mBAAmBhF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,wCAAA,CAAA,IAA6C,IAAA;AAExF,IAAA,IAAI0C,qBAAqB,CAACC,gBAAAA,IAAoB,CAACE,gBAAe,CAAA,EAAI;QAChEhF,OAAAA,CAAOiF,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ,IAAA;AAEAlF,IAAAA,OAAAA,CAAOmF,cAAc,CAACC,YAAY,CAAC,OAAA,EAAS;AAC1CC,QAAAA,SAAAA,EAAWrF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,mBAAA,CAAA;AAC7BmD,QAAAA,mBAAAA,EAAqBtF,QAAO+E,MAAM,CAAC5C,GAAG,CAAC,2CAA2C,EAAA,GAAK,EAAA,CAAA;AACvFoD,QAAAA,uBAAAA,EAAyBvF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACxC,6CAAA,EACAoC,wBAAAA,CAAAA;AAEFiB,QAAAA,wBAAAA,EAA0BxF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACzC,8CAAA,EACAsD,+CAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB1F,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACnC,wCAAA,EACAwC,wBAAAA,CAAAA;AAEFgB,QAAAA,mBAAAA,EAAqB3F,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACpC,yCAAA,EACAyD,yCAAAA,CAAAA;AAEFC,QAAAA,SAAAA,EAAWxB,OAAAA,EAASwB,SAAAA;;QAEpBC,UAAAA,EAAYzB;AACd,KAAA,CAAA;AAEA,IAAA,MAAM0B,YAAAA,GAAeC,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;AAC9C,IAAA,MAAMC,iBAAAA,GAAoBnG,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,0BAAA,CAAA;IAC5C,IAAI4D,YAAAA,IAAgBI,sBAAsB,KAAA,EAAO;QAC/CnG,OAAAA,CAAOiF,GAAG,CAACC,IAAI,CACb,wKAAA,CAAA;AAEJ,IAAA;IAEA,MAAMxF,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMsG,oBAAoB/G,gBAAAA,CAAW,YAAA,CAAA;AACrC,IAAA,MAAMsE,cAActE,gBAAAA,CAAW,MAAA,CAAA;AAC/B,IAAA,MAAMgH,cAAchH,gBAAAA,CAAW,MAAA,CAAA;AAC/B,IAAA,MAAMuE,kBAAkBvE,gBAAAA,CAAW,uBAAA,CAAA;AACnC,IAAA,MAAMiH,kBAAkBjH,gBAAAA,CAAW,UAAA,CAAA;AACnC,IAAA,MAAMkH,eAAelH,gBAAAA,CAAW,OAAA,CAAA;AAEhC,IAAA,MAAMgH,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAMhD,YAAYiD,iCAAiC,EAAA;IAEnD,MAAM/E,gBAAAA,EAAAA;IACN,MAAMc,wBAAAA,EAAAA;IAEN,MAAMtD,gBAAAA,CAAW,SAAA,CAAA,CAAWwH,4BAA4B,CAAC7G,OAAAA,CAAAA;IACzDX,gBAAAA,CAAW,SAAA,CAAA,CAAWyH,SAAS,CAAC9G,OAAAA,CAAAA;AAEhC4D,IAAAA,eAAAA,CAAgBmD,kBAAkB,EAAA;IAClCT,eAAAA,CAAgBrC,KAAK,CAAC8C,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMtD,8BAAAA,EAAAA;AACR,CAAA;;;;"}

package/dist/server/server/src/bootstrap.mjs CHANGED Viewed

@@ -28,10 +28,42 @@ const registerModelHooks = ()=>{
         ],
         afterCreate: sendDidChangeInterfaceLanguage,
         afterDelete: sendDidChangeInterfaceLanguage,
-        afterUpdate ({ params }) {
-            if (params.data.preferedLanguage) {
+        async beforeDelete (event) {
+            // Delete all admin API tokens owned by this user before the user row is removed
+            await getService('api-token-admin').deleteTokensForUser(event.params.where.id);
+        },
+        async afterUpdate (event) {
+            if (event.params.data?.preferedLanguage) {
                 sendDidChangeInterfaceLanguage();
             }
+            if (event.params.data?.roles !== undefined) {
+                // We re-sync token permissions for all owner users with their role when the user is updated
+                await getService('api-token-admin').syncPermissionsForUser(event.result.id);
+            }
+        }
+    });
+    strapi.db.lifecycles.subscribe({
+        models: [
+            'admin::role'
+        ],
+        // We re-sync token permissions for all owner users with this role when the role is deleted
+        async beforeDelete (event) {
+            const users = await strapi.db.query('admin::user').findMany({
+                where: {
+                    roles: {
+                        id: event.params.where.id
+                    }
+                },
+                select: [
+                    'id'
+                ]
+            });
+            event.state.affectedUserIds = users.map((u)=>u.id);
+        },
+        async afterDelete (event) {
+            for (const userId of event.state.affectedUserIds ?? []){
+                await getService('api-token-admin').syncPermissionsForUser(userId);
+            }
         }
     });
 };
@@ -81,9 +113,9 @@ const syncAPITokensPermissions = async ()=>{
  * @sideEffects Creates new API tokens in the database if conditions are met.
  */ const createDefaultAPITokensIfNeeded = async ()=>{
     const userService = getService('user');
-    const apiTokenService = getService('api-token');
+    const apiTokenService = getService('api-token-content-api');
     const usersCount = await userService.count();
-    const apiTokenCount = await apiTokenService.count();
+    const apiTokenCount = await apiTokenService.countAll();
     if (usersCount === 0 && apiTokenCount === 0) {
         for (const token of constants.DEFAULT_API_TOKENS){
             await apiTokenService.create(token);
@@ -124,7 +156,7 @@ var bootstrap = (async ({ strapi: strapi1 })=>{
     const permissionService = getService('permission');
     const userService = getService('user');
     const roleService = getService('role');
-    const apiTokenService = getService('api-token');
+    const apiTokenService = getService('api-token-content-api');
     const transferService = getService('transfer');
     const tokenService = getService('token');
     await roleService.createRolesIfNoneExist();