npm - @strapi/admin - Versions diffs - 5.43.0 → 5.45.0 - Mend

@strapi/admin 5.43.0 → 5.45.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (384) hide show

package/dist/server/server/src/services/permission/engine.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"engine.mjs","sources":["../../../../../../server/src/services/permission/engine.ts"],"sourcesContent":["import { curry, isArray, isEmpty, difference } from 'lodash/fp';\nimport permissions, { type engine } from '@strapi/permissions';\nimport type { Ability } from '@casl/ability';\nimport permissionDomain from '../../domain/permission';\nimport { getService } from '../../utils';\nimport { Action } from '../../domain/action';\nimport type { AdminUser, Permission } from '../../../../shared/contracts/shared';\n\nexport default (params: { providers: engine.EngineParams['providers'] }) => {\n const { providers } = params;\n\n const engine = permissions.engine\n .new({ providers })\n /*\n Validate the permission's action exists in the action registry\n /\n .on('before-format::validate.permission', ({ permission }) => {\n const action = providers.action.get(permission.action);\n\n // If the action isn't registered into the action provider, then ignore the permission\n if (!action) {\n strapi.log.debug(\n `Unknown action \"${permission.action}\" supplied when registering a new permission in engine`\n );\n return false;\n }\n })\n\n /\n Remove invalid properties from the permission based on the action (applyToProperties)\n /\n .on('format.permission', (permission: Permission) => {\n const action = providers.action.get(permission.action) as Action;\n const properties = permission.properties \|\| {};\n\n // Only keep the properties allowed by the action (action.applyToProperties)\n const propertiesName = Object.keys(properties);\n const invalidProperties = difference(\n propertiesName,\n // @ts-expect-error - applyToProperties is defined inside the options of an action\n action.applyToProperties \|\| propertiesName\n );\n\n const permissionWithSanitizedProperties = invalidProperties.reduce(\n // @ts-expect-error - fix reduce, property should be a string but it's actually the permission object\n (property) => permissionDomain.deleteProperty(property, permission) as Permission,\n permission\n );\n\n return permissionWithSanitizedProperties;\n })\n\n /\n Ignore the permission if the fields property is an empty array (access to no field)\n /\n .on('after-format::validate.permission', ({ permission }) => {\n const { fields } = permission.properties;\n\n if (isArray(fields) && isEmpty(fields)) {\n return false;\n }\n });\n\n return {\n get hooks() {\n return engine.hooks;\n },\n\n /\n Generate an ability based on the given user (using associated roles & permissions)\n * @param user\n /\n async generateUserAbility(user: AdminUser): Promise<Ability> {\n const permissions = (await getService('permission').findUserPermissions(user)) as any;\n\n return engine.generateAbility(permissions, user);\n },\n\n /\n Check many permissions based on an ability\n */\n checkMany: curry((ability: Ability, permissions: Permission[]) => {\n // @ts-expect-error - Permissions does not contain any field property\n return permissions.map(({ action, subject, field }) => ability.can(action, subject, field));\n }),\n };\n};\n"],"names":["params","providers","engine","permissions","new","on","permission","action","get","strapi","log","debug","properties","propertiesName","Object","keys","invalidProperties","difference","applyToProperties","permissionWithSanitizedProperties","reduce","property","permissionDomain","deleteProperty","fields","isArray","isEmpty","hooks","generateUserAbility","user","getService","findUserPermissions","generateAbility","checkMany","curry","ability","map","subject","field","can"],"mappings":";;;;;AAQA,6BAAe,CAAA,CAACA,MAAAA,GAAAA;IACd,MAAM,EAAEC,SAAS,EAAE,GAAGD,MAAAA;AAEtB,IAAA,MAAME,MAAAA,GAASC,WAAAA,CAAYD,MAAM,CAC9BE,GAAG,CAAC;AAAEH,QAAAA;KAAU,CACjB;;AAEC,SACAI,EAAE,CAAC,oCAAA,EAAsC,CAAC,EAAEC,UAAU,EAAE,GAAA;AACvD,QAAA,MAAMC,SAASN,SAAAA,CAAUM,MAAM,CAACC,GAAG,CAACF,WAAWC,MAAM,CAAA;;AAGrD,QAAA,IAAI,CAACA,MAAAA,EAAQ;YACXE,MAAAA,CAAOC,GAAG,CAACC,KAAK,CACd,CAAC,gBAAgB,EAAEL,UAAAA,CAAWC,MAAM,CAAC,sDAAsD,CAAC,CAAA;YAE9F,OAAO,KAAA;AACT,QAAA;IACF,CAAA,CAEA;;SAGCF,EAAE,CAAC,mBAAA,EAAqB,CAACC,UAAAA,GAAAA;AACxB,QAAA,MAAMC,SAASN,SAAAA,CAAUM,MAAM,CAACC,GAAG,CAACF,WAAWC,MAAM,CAAA;AACrD,QAAA,MAAMK,UAAAA,GAAaN,UAAAA,CAAWM,UAAU,IAAI,EAAC;;QAG7C,MAAMC,cAAAA,GAAiBC,MAAAA,CAAOC,IAAI,CAACH,UAAAA,CAAAA;QACnC,MAAMI,iBAAAA,GAAoBC,UAAAA,CACxBJ,cAAAA;AAEAN,QAAAA,MAAAA,CAAOW,iBAAiB,IAAIL,cAAAA,CAAAA;AAG9B,QAAA,MAAMM,iCAAAA,GAAoCH,iBAAAA,CAAkBI,MAAM;AAEhE,QAAA,CAACC,QAAAA,GAAaC,gBAAAA,CAAiBC,cAAc,CAACF,UAAUf,UAAAA,CAAAA,EACxDA,UAAAA,CAAAA;QAGF,OAAOa,iCAAAA;IACT,CAAA,CAEA;;AAEC,SACAd,EAAE,CAAC,mCAAA,EAAqC,CAAC,EAAEC,UAAU,EAAE,GAAA;AACtD,QAAA,MAAM,EAAEkB,MAAM,EAAE,GAAGlB,WAAWM,UAAU;QAExC,IAAIa,OAAAA,CAAQD,MAAAA,CAAAA,IAAWE,OAAAA,CAAQF,MAAAA,CAAAA,EAAS;YACtC,OAAO,KAAA;AACT,QAAA;AACF,IAAA,CAAA,CAAA;IAEF,OAAO;AACL,QAAA,IAAIG,KAAAA,CAAAA,GAAQ;AACV,YAAA,OAAOzB,OAAOyB,KAAK;AACrB,QAAA,CAAA;AAEA;;;QAIA,MAAMC,qBAAoBC,IAAe,EAAA;AACvC,YAAA,MAAM1B,WAAAA,GAAe,MAAM2B,UAAAA,CAAW,YAAA,CAAA,CAAcC,mBAAmB,CAACF,IAAAA,CAAAA;YAExE,OAAO3B,MAAAA,CAAO8B,eAAe,CAAC7B,WAAAA,EAAa0B,IAAAA,CAAAA;AAC7C,QAAA,CAAA;AAEA;;~~QAGAI~~,SAAAA,EAAWC,KAAAA,CAAM,CAACC,OAAAA,~~EAAkBhC~~,WAAAA,GAAAA;;AAElC,YAAA,OAAOA,~~YAAYiC~~,GAAG,CAAC,CAAC,~~EAAE7B~~,MAAM,~~EAAE8B~~,OAAO,EAAEC,KAAK,EAAE,GAAKH,OAAAA,CAAQI,GAAG,~~CAAChC~~,~~QAAQ8B~~,OAAAA,EAASC,KAAAA,CAAAA,CAAAA;AACtF,QAAA,CAAA;AACF,KAAA;AACF,CAAA;;;;"}
1	+ {"version":3,"file":"engine.mjs","sources":["../../../../../../server/src/services/permission/engine.ts"],"sourcesContent":["import { curry, isArray, isEmpty, difference } from 'lodash/fp';\nimport permissions, { type engine } from '@strapi/permissions';\nimport type { Ability } from '@casl/ability';\nimport permissionDomain from '../../domain/permission';\nimport { getService } from '../../utils';\nimport { Action } from '../../domain/action';\nimport type { AdminUser, Permission } from '../../../../shared/contracts/shared';\n\nexport default (params: { providers: engine.EngineParams['providers'] }) => {\n const { providers } = params;\n\n const engine = permissions.engine\n .new({ providers })\n /*\n Validate the permission's action exists in the action registry\n /\n .on('before-format::validate.permission', ({ permission }) => {\n const action = providers.action.get(permission.action);\n\n // If the action isn't registered into the action provider, then ignore the permission\n if (!action) {\n strapi.log.debug(\n `Unknown action \"${permission.action}\" supplied when registering a new permission in engine`\n );\n return false;\n }\n })\n\n /\n Remove invalid properties from the permission based on the action (applyToProperties)\n /\n .on('format.permission', (permission: Permission) => {\n const action = providers.action.get(permission.action) as Action;\n const properties = permission.properties \|\| {};\n\n // Only keep the properties allowed by the action (action.applyToProperties)\n const propertiesName = Object.keys(properties);\n const invalidProperties = difference(\n propertiesName,\n // @ts-expect-error - applyToProperties is defined inside the options of an action\n action.applyToProperties \|\| propertiesName\n );\n\n const permissionWithSanitizedProperties = invalidProperties.reduce(\n // @ts-expect-error - fix reduce, property should be a string but it's actually the permission object\n (property) => permissionDomain.deleteProperty(property, permission) as Permission,\n permission\n );\n\n return permissionWithSanitizedProperties;\n })\n\n /\n Ignore the permission if the fields property is an empty array (access to no field)\n /\n .on('after-format::validate.permission', ({ permission }) => {\n const { fields } = permission.properties;\n\n if (isArray(fields) && isEmpty(fields)) {\n return false;\n }\n });\n\n return {\n get hooks() {\n return engine.hooks;\n },\n\n /\n Generate an ability based on the given user (using associated roles & permissions)\n * @param user\n /\n async generateUserAbility(user: AdminUser): Promise<Ability> {\n const permissions = (await getService('permission').findUserPermissions(user)) as any;\n\n return engine.generateAbility(permissions, user);\n },\n\n /\n Generate an ability based on an admin token's stored permissions, scoped to the owner.\n * Token permissions are already validated and ceiling-clamped at write time.\n /\n async generateTokenAbility(tokenPermissions: Permission[], owner: AdminUser): Promise<Ability> {\n return engine.generateAbility(tokenPermissions as any, owner);\n },\n\n /\n Check many permissions based on an ability\n */\n checkMany: curry((ability: Ability, permissions: Permission[]) => {\n // @ts-expect-error - Permissions does not contain any field property\n return permissions.map(({ action, subject, field }) => ability.can(action, subject, field));\n }),\n };\n};\n"],"names":["params","providers","engine","permissions","new","on","permission","action","get","strapi","log","debug","properties","propertiesName","Object","keys","invalidProperties","difference","applyToProperties","permissionWithSanitizedProperties","reduce","property","permissionDomain","deleteProperty","fields","isArray","isEmpty","hooks","generateUserAbility","user","getService","findUserPermissions","generateAbility","generateTokenAbility","tokenPermissions","owner","checkMany","curry","ability","map","subject","field","can"],"mappings":";;;;;AAQA,6BAAe,CAAA,CAACA,MAAAA,GAAAA;IACd,MAAM,EAAEC,SAAS,EAAE,GAAGD,MAAAA;AAEtB,IAAA,MAAME,MAAAA,GAASC,WAAAA,CAAYD,MAAM,CAC9BE,GAAG,CAAC;AAAEH,QAAAA;KAAU,CACjB;;AAEC,SACAI,EAAE,CAAC,oCAAA,EAAsC,CAAC,EAAEC,UAAU,EAAE,GAAA;AACvD,QAAA,MAAMC,SAASN,SAAAA,CAAUM,MAAM,CAACC,GAAG,CAACF,WAAWC,MAAM,CAAA;;AAGrD,QAAA,IAAI,CAACA,MAAAA,EAAQ;YACXE,MAAAA,CAAOC,GAAG,CAACC,KAAK,CACd,CAAC,gBAAgB,EAAEL,UAAAA,CAAWC,MAAM,CAAC,sDAAsD,CAAC,CAAA;YAE9F,OAAO,KAAA;AACT,QAAA;IACF,CAAA,CAEA;;SAGCF,EAAE,CAAC,mBAAA,EAAqB,CAACC,UAAAA,GAAAA;AACxB,QAAA,MAAMC,SAASN,SAAAA,CAAUM,MAAM,CAACC,GAAG,CAACF,WAAWC,MAAM,CAAA;AACrD,QAAA,MAAMK,UAAAA,GAAaN,UAAAA,CAAWM,UAAU,IAAI,EAAC;;QAG7C,MAAMC,cAAAA,GAAiBC,MAAAA,CAAOC,IAAI,CAACH,UAAAA,CAAAA;QACnC,MAAMI,iBAAAA,GAAoBC,UAAAA,CACxBJ,cAAAA;AAEAN,QAAAA,MAAAA,CAAOW,iBAAiB,IAAIL,cAAAA,CAAAA;AAG9B,QAAA,MAAMM,iCAAAA,GAAoCH,iBAAAA,CAAkBI,MAAM;AAEhE,QAAA,CAACC,QAAAA,GAAaC,gBAAAA,CAAiBC,cAAc,CAACF,UAAUf,UAAAA,CAAAA,EACxDA,UAAAA,CAAAA;QAGF,OAAOa,iCAAAA;IACT,CAAA,CAEA;;AAEC,SACAd,EAAE,CAAC,mCAAA,EAAqC,CAAC,EAAEC,UAAU,EAAE,GAAA;AACtD,QAAA,MAAM,EAAEkB,MAAM,EAAE,GAAGlB,WAAWM,UAAU;QAExC,IAAIa,OAAAA,CAAQD,MAAAA,CAAAA,IAAWE,OAAAA,CAAQF,MAAAA,CAAAA,EAAS;YACtC,OAAO,KAAA;AACT,QAAA;AACF,IAAA,CAAA,CAAA;IAEF,OAAO;AACL,QAAA,IAAIG,KAAAA,CAAAA,GAAQ;AACV,YAAA,OAAOzB,OAAOyB,KAAK;AACrB,QAAA,CAAA;AAEA;;;QAIA,MAAMC,qBAAoBC,IAAe,EAAA;AACvC,YAAA,MAAM1B,WAAAA,GAAe,MAAM2B,UAAAA,CAAW,YAAA,CAAA,CAAcC,mBAAmB,CAACF,IAAAA,CAAAA;YAExE,OAAO3B,MAAAA,CAAO8B,eAAe,CAAC7B,WAAAA,EAAa0B,IAAAA,CAAAA;AAC7C,QAAA,CAAA;AAEA;;;AAGC,QACD,MAAMI,oBAAAA,CAAAA,CAAqBC,gBAA8B,EAAEC,KAAgB,EAAA;YACzE,OAAOjC,MAAAA,CAAO8B,eAAe,CAACE,gBAAAA,EAAyBC,KAAAA,CAAAA;AACzD,QAAA,CAAA;AAEA;;QAGAC,SAAAA,EAAWC,KAAAA,CAAM,CAACC,OAAAA,EAAkBnC,WAAAA,GAAAA;;AAElC,YAAA,OAAOA,YAAYoC,GAAG,CAAC,CAAC,EAAEhC,MAAM,EAAEiC,OAAO,EAAEC,KAAK,EAAE,GAAKH,OAAAA,CAAQI,GAAG,CAACnC,QAAQiC,OAAAA,EAASC,KAAAA,CAAAA,CAAAA;AACtF,QAAA,CAAA;AACF,KAAA;AACF,CAAA;;;;"}

package/dist/server/server/src/services/permission/queries.js CHANGED Viewed

@@ -124,11 +124,20 @@ const filterPermissionsToRemove = async (permissions)=>{
         // 1. Find invalid permissions and collect their ID to delete them later
         const results = await strapi.db.query('admin::permission').findMany({
             limit: pageSize,
-            offset: page * pageSize
+            offset: page * pageSize,
+            populate: [
+                'role',
+                'apiToken'
+            ]
         });
         const permissions = index$1.default.toPermission(results);
         const permissionsToRemove = await filterPermissionsToRemove(permissions);
-        const permissionsIdToRemove = fp.map(fp.prop('id'), permissionsToRemove);
+        // Also remove orphaned permissions (no role AND no apiToken)
+        const orphanedPermissions = permissions.filter((permission)=>!permission.role && !permission.apiToken);
+        const permissionsIdToRemove = Array.from(new Set([
+            ...permissionsToRemove,
+            ...orphanedPermissions
+        ].map((p)=>p.id)));
         // 2. Clean permissions' fields (add required ones, remove the non-existing ones)
         const remainingPermissions = permissions.filter((permission)=>!permissionsIdToRemove.includes(permission.id));
         const permissionsWithCleanFields = contentTypeService.cleanPermissionFields(remainingPermissions);

package/dist/server/server/src/services/permission/queries.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"queries.js","sources":["../../../../../../server/src/services/permission/queries.ts"],"sourcesContent":["import { isNil, isArray, prop, xor, eq, map, differenceWith } from 'lodash/fp';\nimport pmap from 'p-map';\nimport type { Data } from '@strapi/types';\nimport { getService } from '../../utils';\nimport permissionDomain, { CreatePermissionPayload } from '../../domain/permission';\nimport type { AdminUser, Permission } from '../../../../shared/contracts/shared';\nimport { Action } from '../../domain/action';\n\n/*\n Delete permissions of roles in database\n * @param rolesIds ids of roles\n /\nexport const deleteByRolesIds = async (rolesIds: Data.ID[]): Promise<void> => {\n const permissionsToDelete = await strapi.db.query('admin::permission').findMany({\n select: ['id'],\n where: {\n role: { id: rolesIds },\n },\n });\n\n if (permissionsToDelete.length > 0) {\n await deleteByIds(permissionsToDelete.map(prop('id')));\n }\n};\n\n/\n Delete permissions\n * @param ids ids of permissions\n /\nexport const deleteByIds = async (ids: Data.ID[]): Promise<void> => {\n const result: unknown[] = [];\n for (const id of ids) {\n const queryResult = await strapi.db.query('admin::permission').delete({ where: { id } });\n result.push(queryResult);\n }\n strapi.eventHub.emit('permission.delete', { permissions: result });\n};\n\n/\n Create many permissions\n * @param permissions\n /\nexport const createMany = async (permissions: CreatePermissionPayload[]): Promise<Permission[]> => {\n const createdPermissions: CreatePermissionPayload[] = [];\n for (const permission of permissions) {\n const newPerm = await strapi.db.query('admin::permission').create({ data: permission });\n createdPermissions.push(newPerm);\n }\n\n const permissionsToReturn = permissionDomain.toPermission(createdPermissions);\n strapi.eventHub.emit('permission.create', { permissions: permissionsToReturn });\n\n return permissionsToReturn;\n};\n\n/\n Update a permission\n * @param params\n * @param attributes\n /\nconst update = async (params: unknown, attributes: Partial<Permission>) => {\n const updatedPermission = (await strapi.db\n .query('admin::permission')\n .update({ where: params, data: attributes })) as Permission;\n\n const permissionToReturn = permissionDomain.toPermission(updatedPermission);\n strapi.eventHub.emit('permission.update', { permissions: permissionToReturn });\n\n return permissionToReturn;\n};\n\n/\n Find assigned permissions in the database\n * @param params query params to find the permissions\n /\nexport const findMany = async (params = {}): Promise<Permission[]> => {\n const rawPermissions = await strapi.db.query('admin::permission').findMany(params);\n\n return permissionDomain.toPermission(rawPermissions);\n};\n\n/\n Find all permissions for a user\n * @param user - user\n /\nexport const findUserPermissions = async (user: AdminUser): Promise<Permission[]> => {\n return findMany({ where: { role: { users: { id: user.id } } } });\n};\n\nconst filterPermissionsToRemove = async (permissions: Permission[]) => {\n const { actionProvider } = getService('permission');\n\n const permissionsToRemove: Permission[] = [];\n\n for (const permission of permissions) {\n const { subjects, options = {} as Action['options'] } =\n (actionProvider.get(permission.action) as Action) \|\| {};\n const { applyToProperties } = options;\n\n const invalidProperties = await Promise.all(\n (applyToProperties \|\| []).map(async (property) => {\n const applies = await actionProvider.appliesToProperty(\n property,\n permission.action,\n permission.subject\n );\n\n return applies && isNil(permissionDomain.getProperty(property, permission));\n })\n );\n\n const isRegisteredAction = actionProvider.has(permission.action);\n const hasInvalidProperties = isArray(applyToProperties) && invalidProperties.every(eq(true));\n const isInvalidSubject = isArray(subjects) && !subjects.includes(permission.subject as string);\n\n // If the permission has an invalid action, an invalid subject or invalid properties, then add it to the toBeRemoved collection\n if (!isRegisteredAction \|\| isInvalidSubject \|\| hasInvalidProperties) {\n permissionsToRemove.push(permission);\n }\n }\n\n return permissionsToRemove;\n};\n\n/\n Removes permissions in database that don't exist anymore\n /\nexport const cleanPermissionsInDatabase = async (): Promise<void> => {\n const pageSize = 200;\n\n const contentTypeService = getService('content-type');\n\n const total = await strapi.db.query('admin::permission').count();\n const pageCount = Math.ceil(total / pageSize);\n\n for (let page = 0; page < pageCount; page += 1) {\n // 1. Find invalid permissions and collect their ID to delete them later\n const results = (await strapi.db\n .query('admin::permission')\n .findMany({ limit: pageSize, offset: page pageSize })) as Permission[];\n\n const permissions = permissionDomain.toPermission(results);\n const permissionsToRemove = await filterPermissionsToRemove(permissions);\n const permissionsIdToRemove = map(prop('id'), permissionsToRemove);\n\n // 2. Clean permissions' fields (add required ones, remove the non-existing ones)\n const remainingPermissions = permissions.filter(\n (permission: Permission) => !permissionsIdToRemove.includes(permission.id)\n );\n\n const permissionsWithCleanFields = contentTypeService.cleanPermissionFields(\n remainingPermissions\n ) as Permission[];\n\n // Update only the ones that need to be updated\n const permissionsNeedingToBeUpdated = differenceWith(\n (a: Permission, b: Permission) => {\n return a.id === b.id && xor(a.properties.fields, b.properties.fields).length === 0;\n },\n permissionsWithCleanFields,\n remainingPermissions\n );\n\n const updatePromiseProvider = (permission: Permission) => {\n return update({ id: permission.id }, permission);\n };\n\n // Execute all the queries, update the database\n await Promise.all([\n deleteByIds(permissionsIdToRemove),\n pmap(permissionsNeedingToBeUpdated, updatePromiseProvider, {\n concurrency: 100,\n stopOnError: true,\n }),\n ]);\n }\n};\n\nexport default {\n createMany,\n findMany,\n deleteByRolesIds,\n deleteByIds,\n findUserPermissions,\n cleanPermissionsInDatabase,\n};\n"],"names":["deleteByRolesIds","rolesIds","permissionsToDelete","strapi","db","query","findMany","select","where","role","id","length","deleteByIds","map","prop","ids","result","queryResult","delete","push","eventHub","emit","permissions","createMany","createdPermissions","permission","newPerm","create","data","permissionsToReturn","permissionDomain","toPermission","update","params","attributes","updatedPermission","permissionToReturn","rawPermissions","findUserPermissions","user","users","filterPermissionsToRemove","actionProvider","getService","permissionsToRemove","subjects","options","get","action","applyToProperties","invalidProperties","Promise","all","property","applies","appliesToProperty","subject","isNil","getProperty","isRegisteredAction","has","hasInvalidProperties","isArray","every","eq","isInvalidSubject","includes","cleanPermissionsInDatabase","pageSize","contentTypeService","total","count","pageCount","Math","ceil","page","results","limit","offset","permissionsIdToRemove","remainingPermissions","filter","permissionsWithCleanFields","cleanPermissionFields","permissionsNeedingToBeUpdated","differenceWith","a","b","xor","properties","fields","updatePromiseProvider","pmap","concurrency","stopOnError"],"mappings":";;;;;;;AAQA;;;IAIO,MAAMA,gBAAAA,GAAmB,OAAOC,QAAAA,GAAAA;IACrC,MAAMC,mBAAAA,GAAsB,MAAMC,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,mBAAA,CAAA,CAAqBC,QAAQ,CAAC;QAC9EC,MAAAA,EAAQ;AAAC,YAAA;AAAK,SAAA;QACdC,KAAAA,EAAO;YACLC,IAAAA,EAAM;gBAAEC,EAAAA,EAAIT;AAAS;AACvB;AACF,KAAA,CAAA;IAEA,IAAIC,mBAAAA,CAAoBS,MAAM,GAAG,CAAA,EAAG;AAClC,QAAA,MAAMC,WAAAA,CAAYV,mBAAAA,CAAoBW,GAAG,CAACC,OAAAA,CAAK,IAAA,CAAA,CAAA,CAAA;AACjD,IAAA;AACF;AAEA;;;IAIO,MAAMF,WAAAA,GAAc,OAAOG,GAAAA,GAAAA;AAChC,IAAA,MAAMC,SAAoB,EAAE;IAC5B,KAAK,MAAMN,MAAMK,GAAAA,CAAK;QACpB,MAAME,WAAAA,GAAc,MAAMd,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,mBAAA,CAAA,CAAqBa,MAAM,CAAC;YAAEV,KAAAA,EAAO;AAAEE,gBAAAA;AAAG;AAAE,SAAA,CAAA;AACtFM,QAAAA,MAAAA,CAAOG,IAAI,CAACF,WAAAA,CAAAA;AACd,IAAA;AACAd,IAAAA,MAAAA,CAAOiB,QAAQ,CAACC,IAAI,CAAC,mBAAA,EAAqB;QAAEC,WAAAA,EAAaN;AAAO,KAAA,CAAA;AAClE;AAEA;;;IAIO,MAAMO,UAAAA,GAAa,OAAOD,WAAAA,GAAAA;AAC/B,IAAA,MAAME,qBAAgD,EAAE;IACxD,KAAK,MAAMC,cAAcH,WAAAA,CAAa;QACpC,MAAMI,OAAAA,GAAU,MAAMvB,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,mBAAA,CAAA,CAAqBsB,MAAM,CAAC;YAAEC,IAAAA,EAAMH;AAAW,SAAA,CAAA;AACrFD,QAAAA,kBAAAA,CAAmBL,IAAI,CAACO,OAAAA,CAAAA;AAC1B,IAAA;IAEA,MAAMG,mBAAAA,GAAsBC,eAAAA,CAAiBC,YAAY,CAACP,kBAAAA,CAAAA;AAC1DrB,IAAAA,MAAAA,CAAOiB,QAAQ,CAACC,IAAI,CAAC,mBAAA,EAAqB;QAAEC,WAAAA,EAAaO;AAAoB,KAAA,CAAA;IAE7E,OAAOA,mBAAAA;AACT;AAEA;;;;IAKA,MAAMG,MAAAA,GAAS,OAAOC,MAAAA,EAAiBC,UAAAA,GAAAA;IACrC,MAAMC,iBAAAA,GAAqB,MAAMhC,MAAAA,CAAOC,EAAE,CACvCC,KAAK,CAAC,mBAAA,CAAA,CACN2B,MAAM,CAAC;QAAExB,KAAAA,EAAOyB,MAAAA;QAAQL,IAAAA,EAAMM;AAAW,KAAA,CAAA;IAE5C,MAAME,kBAAAA,GAAqBN,eAAAA,CAAiBC,YAAY,CAACI,iBAAAA,CAAAA;AACzDhC,IAAAA,MAAAA,CAAOiB,QAAQ,CAACC,IAAI,CAAC,mBAAA,EAAqB;QAAEC,WAAAA,EAAac;AAAmB,KAAA,CAAA;IAE5E,OAAOA,kBAAAA;AACT,CAAA;AAEA;;;AAGC,IACM,MAAM9B,QAAAA,GAAW,OAAO2B,MAAAA,GAAS,EAAE,GAAA;IACxC,MAAMI,cAAAA,GAAiB,MAAMlC,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,mBAAA,CAAA,CAAqBC,QAAQ,CAAC2B,MAAAA,CAAAA;IAE3E,OAAOH,eAAAA,CAAiBC,YAAY,CAACM,cAAAA,CAAAA;AACvC;AAEA;;;IAIO,MAAMC,mBAAAA,GAAsB,OAAOC,IAAAA,GAAAA;AACxC,IAAA,OAAOjC,QAAAA,CAAS;QAAEE,KAAAA,EAAO;YAAEC,IAAAA,EAAM;gBAAE+B,KAAAA,EAAO;AAAE9B,oBAAAA,EAAAA,EAAI6B,KAAK7B;AAAG;AAAE;AAAE;AAAE,KAAA,CAAA;AAChE;AAEA,MAAM+B,4BAA4B,OAAOnB,WAAAA,GAAAA;AACvC,IAAA,MAAM,EAAEoB,cAAc,EAAE,GAAGC,gBAAAA,CAAW,YAAA,CAAA;AAEtC,IAAA,MAAMC,sBAAoC,EAAE;IAE5C,KAAK,MAAMnB,cAAcH,WAAAA,CAAa;AACpC,QAAA,MAAM,EAAEuB,QAAQ,EAAEC,OAAAA,GAAU,EAAuB,EAAE,GAClDJ,eAAeK,GAAG,CAACtB,UAAAA,CAAWuB,MAAM,KAAgB,EAAC;QACxD,MAAM,EAAEC,iBAAiB,EAAE,GAAGH,OAAAA;AAE9B,QAAA,MAAMI,iBAAAA,GAAoB,MAAMC,OAAAA,CAAQC,GAAG,CACxCH,CAAAA,iBAAAA,IAAqB,EAAC,EAAGpC,GAAG,CAAC,OAAOwC,QAAAA,GAAAA;YACnC,MAAMC,OAAAA,GAAU,MAAMZ,cAAAA,CAAea,iBAAiB,CACpDF,UACA5B,UAAAA,CAAWuB,MAAM,EACjBvB,UAAAA,CAAW+B,OAAO,CAAA;AAGpB,YAAA,OAAOF,OAAAA,IAAWG,QAAAA,CAAM3B,eAAAA,CAAiB4B,WAAW,CAACL,QAAAA,EAAU5B,UAAAA,CAAAA,CAAAA;AACjE,QAAA,CAAA,CAAA,CAAA;AAGF,QAAA,MAAMkC,kBAAAA,GAAqBjB,cAAAA,CAAekB,GAAG,CAACnC,WAAWuB,MAAM,CAAA;AAC/D,QAAA,MAAMa,uBAAuBC,UAAAA,CAAQb,iBAAAA,CAAAA,IAAsBC,iBAAAA,CAAkBa,KAAK,CAACC,KAAAA,CAAG,IAAA,CAAA,CAAA;QACtF,MAAMC,gBAAAA,GAAmBH,WAAQjB,QAAAA,CAAAA,IAAa,CAACA,SAASqB,QAAQ,CAACzC,WAAW+B,OAAO,CAAA;;QAGnF,IAAI,CAACG,kBAAAA,IAAsBM,gBAAAA,IAAoBJ,oBAAAA,EAAsB;AACnEjB,YAAAA,mBAAAA,CAAoBzB,IAAI,CAACM,UAAAA,CAAAA;AAC3B,QAAA;AACF,IAAA;IAEA,OAAOmB,mBAAAA;AACT,CAAA;AAEA;;UAGauB,0BAAAA,GAA6B,UAAA;AACxC,IAAA,MAAMC,QAAAA,GAAW,GAAA;AAEjB,IAAA,MAAMC,qBAAqB1B,gBAAAA,CAAW,cAAA,CAAA;IAEtC,MAAM2B,KAAAA,GAAQ,MAAMnE,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,qBAAqBkE,KAAK,EAAA;AAC9D,IAAA,MAAMC,SAAAA,GAAYC,IAAAA,CAAKC,IAAI,CAACJ,KAAAA,GAAQF,QAAAA,CAAAA;AAEpC,IAAA,IAAK,IAAIO,IAAAA,GAAO,CAAA,EAAGA,IAAAA,GAAOH,SAAAA,EAAWG,QAAQ,CAAA,CAAG;;QAE9C,MAAMC,OAAAA,GAAW,MAAMzE,MAAAA,CAAOC,EAAE,CAC7BC,KAAK,CAAC,mBAAA,CAAA,CACNC,QAAQ,CAAC;YAAEuE,KAAAA,EAAOT,QAAAA;AAAUU,YAAAA,MAAAA,EAAQH,IAAAA,GAAOP;AAAS,SAAA,CAAA;QAEvD,MAAM9C,WAAAA,GAAcQ,eAAAA,CAAiBC,YAAY,CAAC6C,OAAAA,CAAAA;QAClD,MAAMhC,mBAAAA,GAAsB,MAAMH,yBAAAA,CAA0BnB,WAAAA,CAAAA;QAC5D,MAAMyD,qBAAAA,GAAwBlE,MAAAA,CAAIC,OAAAA,CAAK,IAAA,CAAA,EAAO8B,mBAAAA,CAAAA;;QAG9C,MAAMoC,oBAAAA,GAAuB1D,WAAAA,CAAY2D,MAAM,CAC7C,CAACxD,UAAAA,GAA2B,CAACsD,qBAAAA,CAAsBb,QAAQ,CAACzC,UAAAA,CAAWf,EAAE,CAAA,CAAA;QAG3E,MAAMwE,0BAAAA,GAA6Bb,kBAAAA,CAAmBc,qBAAqB,CACzEH,oBAAAA,CAAAA;;QAIF,MAAMI,6BAAAA,GAAgCC,iBAAAA,CACpC,CAACC,CAAAA,EAAeC,CAAAA,GAAAA;AACd,YAAA,OAAOD,EAAE5E,EAAE,KAAK6E,EAAE7E,EAAE,IAAI8E,OAAIF,CAAAA,CAAEG,UAAU,CAACC,MAAM,EAAEH,CAAAA,CAAEE,UAAU,CAACC,MAAM,CAAA,CAAE/E,MAAM,KAAK,CAAA;AACnF,QAAA,CAAA,EACAuE,0BAAAA,EACAF,oBAAAA,CAAAA;AAGF,QAAA,MAAMW,wBAAwB,CAAClE,UAAAA,GAAAA;AAC7B,YAAA,OAAOO,MAAAA,CAAO;AAAEtB,gBAAAA,EAAAA,EAAIe,WAAWf;aAAG,EAAGe,UAAAA,CAAAA;AACvC,QAAA,CAAA;;QAGA,MAAM0B,OAAAA,CAAQC,GAAG,CAAC;YAChBxC,WAAAA,CAAYmE,qBAAAA,CAAAA;AACZa,YAAAA,IAAAA,CAAKR,+BAA+BO,qBAAAA,EAAuB;gBACzDE,WAAAA,EAAa,GAAA;gBACbC,WAAAA,EAAa;AACf,aAAA;AACD,SAAA,CAAA;AACH,IAAA;AACF;;;;;;;;;"}
1	+ {"version":3,"file":"queries.js","sources":["../../../../../../server/src/services/permission/queries.ts"],"sourcesContent":["import { isNil, isArray, prop, xor, eq, differenceWith } from 'lodash/fp';\nimport pmap from 'p-map';\nimport type { Data } from '@strapi/types';\nimport { getService } from '../../utils';\nimport permissionDomain, { CreatePermissionPayload } from '../../domain/permission';\nimport type { AdminUser, Permission } from '../../../../shared/contracts/shared';\nimport { Action } from '../../domain/action';\n\n/*\n Delete permissions of roles in database\n * @param rolesIds ids of roles\n /\nexport const deleteByRolesIds = async (rolesIds: Data.ID[]): Promise<void> => {\n const permissionsToDelete = await strapi.db.query('admin::permission').findMany({\n select: ['id'],\n where: {\n role: { id: rolesIds },\n },\n });\n\n if (permissionsToDelete.length > 0) {\n await deleteByIds(permissionsToDelete.map(prop('id')));\n }\n};\n\n/\n Delete permissions\n * @param ids ids of permissions\n /\nexport const deleteByIds = async (ids: Data.ID[]): Promise<void> => {\n const result: unknown[] = [];\n for (const id of ids) {\n const queryResult = await strapi.db.query('admin::permission').delete({ where: { id } });\n result.push(queryResult);\n }\n strapi.eventHub.emit('permission.delete', { permissions: result });\n};\n\n/\n Create many permissions\n * @param permissions\n /\nexport const createMany = async (permissions: CreatePermissionPayload[]): Promise<Permission[]> => {\n const createdPermissions: CreatePermissionPayload[] = [];\n for (const permission of permissions) {\n const newPerm = await strapi.db.query('admin::permission').create({ data: permission });\n createdPermissions.push(newPerm);\n }\n\n const permissionsToReturn = permissionDomain.toPermission(createdPermissions);\n strapi.eventHub.emit('permission.create', { permissions: permissionsToReturn });\n\n return permissionsToReturn;\n};\n\n/\n Update a permission\n * @param params\n * @param attributes\n /\nconst update = async (params: unknown, attributes: Partial<Permission>) => {\n const updatedPermission = (await strapi.db\n .query('admin::permission')\n .update({ where: params, data: attributes })) as Permission;\n\n const permissionToReturn = permissionDomain.toPermission(updatedPermission);\n strapi.eventHub.emit('permission.update', { permissions: permissionToReturn });\n\n return permissionToReturn;\n};\n\n/\n Find assigned permissions in the database\n * @param params query params to find the permissions\n /\nexport const findMany = async (params = {}): Promise<Permission[]> => {\n const rawPermissions = await strapi.db.query('admin::permission').findMany(params);\n\n return permissionDomain.toPermission(rawPermissions);\n};\n\n/\n Find all permissions for a user\n * @param user - user\n /\nexport const findUserPermissions = async (user: AdminUser): Promise<Permission[]> => {\n return findMany({ where: { role: { users: { id: user.id } } } });\n};\n\nconst filterPermissionsToRemove = async (permissions: Permission[]) => {\n const { actionProvider } = getService('permission');\n\n const permissionsToRemove: Permission[] = [];\n\n for (const permission of permissions) {\n const { subjects, options = {} as Action['options'] } =\n (actionProvider.get(permission.action) as Action) \|\| {};\n const { applyToProperties } = options;\n\n const invalidProperties = await Promise.all(\n (applyToProperties \|\| []).map(async (property) => {\n const applies = await actionProvider.appliesToProperty(\n property,\n permission.action,\n permission.subject\n );\n\n return applies && isNil(permissionDomain.getProperty(property, permission));\n })\n );\n\n const isRegisteredAction = actionProvider.has(permission.action);\n const hasInvalidProperties = isArray(applyToProperties) && invalidProperties.every(eq(true));\n const isInvalidSubject = isArray(subjects) && !subjects.includes(permission.subject as string);\n\n // If the permission has an invalid action, an invalid subject or invalid properties, then add it to the toBeRemoved collection\n if (!isRegisteredAction \|\| isInvalidSubject \|\| hasInvalidProperties) {\n permissionsToRemove.push(permission);\n }\n }\n\n return permissionsToRemove;\n};\n\n/\n Removes permissions in database that don't exist anymore\n /\nexport const cleanPermissionsInDatabase = async (): Promise<void> => {\n const pageSize = 200;\n\n const contentTypeService = getService('content-type');\n\n const total = await strapi.db.query('admin::permission').count();\n const pageCount = Math.ceil(total / pageSize);\n\n for (let page = 0; page < pageCount; page += 1) {\n // 1. Find invalid permissions and collect their ID to delete them later\n const results = (await strapi.db.query('admin::permission').findMany({\n limit: pageSize,\n offset: page pageSize,\n populate: ['role', 'apiToken'],\n })) as Permission[];\n\n const permissions = permissionDomain.toPermission(results);\n const permissionsToRemove = await filterPermissionsToRemove(permissions);\n\n // Also remove orphaned permissions (no role AND no apiToken)\n const orphanedPermissions = permissions.filter(\n (permission: any) => !permission.role && !permission.apiToken\n );\n\n const permissionsIdToRemove = Array.from(\n new Set([...permissionsToRemove, ...orphanedPermissions].map((p) => p.id))\n );\n\n // 2. Clean permissions' fields (add required ones, remove the non-existing ones)\n const remainingPermissions = permissions.filter(\n (permission: Permission) => !permissionsIdToRemove.includes(permission.id)\n );\n\n const permissionsWithCleanFields = contentTypeService.cleanPermissionFields(\n remainingPermissions\n ) as Permission[];\n\n // Update only the ones that need to be updated\n const permissionsNeedingToBeUpdated = differenceWith(\n (a: Permission, b: Permission) => {\n return a.id === b.id && xor(a.properties.fields, b.properties.fields).length === 0;\n },\n permissionsWithCleanFields,\n remainingPermissions\n );\n\n const updatePromiseProvider = (permission: Permission) => {\n return update({ id: permission.id }, permission);\n };\n\n // Execute all the queries, update the database\n await Promise.all([\n deleteByIds(permissionsIdToRemove),\n pmap(permissionsNeedingToBeUpdated, updatePromiseProvider, {\n concurrency: 100,\n stopOnError: true,\n }),\n ]);\n }\n};\n\nexport default {\n createMany,\n findMany,\n deleteByRolesIds,\n deleteByIds,\n findUserPermissions,\n cleanPermissionsInDatabase,\n};\n"],"names":["deleteByRolesIds","rolesIds","permissionsToDelete","strapi","db","query","findMany","select","where","role","id","length","deleteByIds","map","prop","ids","result","queryResult","delete","push","eventHub","emit","permissions","createMany","createdPermissions","permission","newPerm","create","data","permissionsToReturn","permissionDomain","toPermission","update","params","attributes","updatedPermission","permissionToReturn","rawPermissions","findUserPermissions","user","users","filterPermissionsToRemove","actionProvider","getService","permissionsToRemove","subjects","options","get","action","applyToProperties","invalidProperties","Promise","all","property","applies","appliesToProperty","subject","isNil","getProperty","isRegisteredAction","has","hasInvalidProperties","isArray","every","eq","isInvalidSubject","includes","cleanPermissionsInDatabase","pageSize","contentTypeService","total","count","pageCount","Math","ceil","page","results","limit","offset","populate","orphanedPermissions","filter","apiToken","permissionsIdToRemove","Array","from","Set","p","remainingPermissions","permissionsWithCleanFields","cleanPermissionFields","permissionsNeedingToBeUpdated","differenceWith","a","b","xor","properties","fields","updatePromiseProvider","pmap","concurrency","stopOnError"],"mappings":";;;;;;;AAQA;;;IAIO,MAAMA,gBAAAA,GAAmB,OAAOC,QAAAA,GAAAA;IACrC,MAAMC,mBAAAA,GAAsB,MAAMC,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,mBAAA,CAAA,CAAqBC,QAAQ,CAAC;QAC9EC,MAAAA,EAAQ;AAAC,YAAA;AAAK,SAAA;QACdC,KAAAA,EAAO;YACLC,IAAAA,EAAM;gBAAEC,EAAAA,EAAIT;AAAS;AACvB;AACF,KAAA,CAAA;IAEA,IAAIC,mBAAAA,CAAoBS,MAAM,GAAG,CAAA,EAAG;AAClC,QAAA,MAAMC,WAAAA,CAAYV,mBAAAA,CAAoBW,GAAG,CAACC,OAAAA,CAAK,IAAA,CAAA,CAAA,CAAA;AACjD,IAAA;AACF;AAEA;;;IAIO,MAAMF,WAAAA,GAAc,OAAOG,GAAAA,GAAAA;AAChC,IAAA,MAAMC,SAAoB,EAAE;IAC5B,KAAK,MAAMN,MAAMK,GAAAA,CAAK;QACpB,MAAME,WAAAA,GAAc,MAAMd,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,mBAAA,CAAA,CAAqBa,MAAM,CAAC;YAAEV,KAAAA,EAAO;AAAEE,gBAAAA;AAAG;AAAE,SAAA,CAAA;AACtFM,QAAAA,MAAAA,CAAOG,IAAI,CAACF,WAAAA,CAAAA;AACd,IAAA;AACAd,IAAAA,MAAAA,CAAOiB,QAAQ,CAACC,IAAI,CAAC,mBAAA,EAAqB;QAAEC,WAAAA,EAAaN;AAAO,KAAA,CAAA;AAClE;AAEA;;;IAIO,MAAMO,UAAAA,GAAa,OAAOD,WAAAA,GAAAA;AAC/B,IAAA,MAAME,qBAAgD,EAAE;IACxD,KAAK,MAAMC,cAAcH,WAAAA,CAAa;QACpC,MAAMI,OAAAA,GAAU,MAAMvB,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,mBAAA,CAAA,CAAqBsB,MAAM,CAAC;YAAEC,IAAAA,EAAMH;AAAW,SAAA,CAAA;AACrFD,QAAAA,kBAAAA,CAAmBL,IAAI,CAACO,OAAAA,CAAAA;AAC1B,IAAA;IAEA,MAAMG,mBAAAA,GAAsBC,eAAAA,CAAiBC,YAAY,CAACP,kBAAAA,CAAAA;AAC1DrB,IAAAA,MAAAA,CAAOiB,QAAQ,CAACC,IAAI,CAAC,mBAAA,EAAqB;QAAEC,WAAAA,EAAaO;AAAoB,KAAA,CAAA;IAE7E,OAAOA,mBAAAA;AACT;AAEA;;;;IAKA,MAAMG,MAAAA,GAAS,OAAOC,MAAAA,EAAiBC,UAAAA,GAAAA;IACrC,MAAMC,iBAAAA,GAAqB,MAAMhC,MAAAA,CAAOC,EAAE,CACvCC,KAAK,CAAC,mBAAA,CAAA,CACN2B,MAAM,CAAC;QAAExB,KAAAA,EAAOyB,MAAAA;QAAQL,IAAAA,EAAMM;AAAW,KAAA,CAAA;IAE5C,MAAME,kBAAAA,GAAqBN,eAAAA,CAAiBC,YAAY,CAACI,iBAAAA,CAAAA;AACzDhC,IAAAA,MAAAA,CAAOiB,QAAQ,CAACC,IAAI,CAAC,mBAAA,EAAqB;QAAEC,WAAAA,EAAac;AAAmB,KAAA,CAAA;IAE5E,OAAOA,kBAAAA;AACT,CAAA;AAEA;;;AAGC,IACM,MAAM9B,QAAAA,GAAW,OAAO2B,MAAAA,GAAS,EAAE,GAAA;IACxC,MAAMI,cAAAA,GAAiB,MAAMlC,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,mBAAA,CAAA,CAAqBC,QAAQ,CAAC2B,MAAAA,CAAAA;IAE3E,OAAOH,eAAAA,CAAiBC,YAAY,CAACM,cAAAA,CAAAA;AACvC;AAEA;;;IAIO,MAAMC,mBAAAA,GAAsB,OAAOC,IAAAA,GAAAA;AACxC,IAAA,OAAOjC,QAAAA,CAAS;QAAEE,KAAAA,EAAO;YAAEC,IAAAA,EAAM;gBAAE+B,KAAAA,EAAO;AAAE9B,oBAAAA,EAAAA,EAAI6B,KAAK7B;AAAG;AAAE;AAAE;AAAE,KAAA,CAAA;AAChE;AAEA,MAAM+B,4BAA4B,OAAOnB,WAAAA,GAAAA;AACvC,IAAA,MAAM,EAAEoB,cAAc,EAAE,GAAGC,gBAAAA,CAAW,YAAA,CAAA;AAEtC,IAAA,MAAMC,sBAAoC,EAAE;IAE5C,KAAK,MAAMnB,cAAcH,WAAAA,CAAa;AACpC,QAAA,MAAM,EAAEuB,QAAQ,EAAEC,OAAAA,GAAU,EAAuB,EAAE,GAClDJ,eAAeK,GAAG,CAACtB,UAAAA,CAAWuB,MAAM,KAAgB,EAAC;QACxD,MAAM,EAAEC,iBAAiB,EAAE,GAAGH,OAAAA;AAE9B,QAAA,MAAMI,iBAAAA,GAAoB,MAAMC,OAAAA,CAAQC,GAAG,CACxCH,CAAAA,iBAAAA,IAAqB,EAAC,EAAGpC,GAAG,CAAC,OAAOwC,QAAAA,GAAAA;YACnC,MAAMC,OAAAA,GAAU,MAAMZ,cAAAA,CAAea,iBAAiB,CACpDF,UACA5B,UAAAA,CAAWuB,MAAM,EACjBvB,UAAAA,CAAW+B,OAAO,CAAA;AAGpB,YAAA,OAAOF,OAAAA,IAAWG,QAAAA,CAAM3B,eAAAA,CAAiB4B,WAAW,CAACL,QAAAA,EAAU5B,UAAAA,CAAAA,CAAAA;AACjE,QAAA,CAAA,CAAA,CAAA;AAGF,QAAA,MAAMkC,kBAAAA,GAAqBjB,cAAAA,CAAekB,GAAG,CAACnC,WAAWuB,MAAM,CAAA;AAC/D,QAAA,MAAMa,uBAAuBC,UAAAA,CAAQb,iBAAAA,CAAAA,IAAsBC,iBAAAA,CAAkBa,KAAK,CAACC,KAAAA,CAAG,IAAA,CAAA,CAAA;QACtF,MAAMC,gBAAAA,GAAmBH,WAAQjB,QAAAA,CAAAA,IAAa,CAACA,SAASqB,QAAQ,CAACzC,WAAW+B,OAAO,CAAA;;QAGnF,IAAI,CAACG,kBAAAA,IAAsBM,gBAAAA,IAAoBJ,oBAAAA,EAAsB;AACnEjB,YAAAA,mBAAAA,CAAoBzB,IAAI,CAACM,UAAAA,CAAAA;AAC3B,QAAA;AACF,IAAA;IAEA,OAAOmB,mBAAAA;AACT,CAAA;AAEA;;UAGauB,0BAAAA,GAA6B,UAAA;AACxC,IAAA,MAAMC,QAAAA,GAAW,GAAA;AAEjB,IAAA,MAAMC,qBAAqB1B,gBAAAA,CAAW,cAAA,CAAA;IAEtC,MAAM2B,KAAAA,GAAQ,MAAMnE,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,qBAAqBkE,KAAK,EAAA;AAC9D,IAAA,MAAMC,SAAAA,GAAYC,IAAAA,CAAKC,IAAI,CAACJ,KAAAA,GAAQF,QAAAA,CAAAA;AAEpC,IAAA,IAAK,IAAIO,IAAAA,GAAO,CAAA,EAAGA,IAAAA,GAAOH,SAAAA,EAAWG,QAAQ,CAAA,CAAG;;QAE9C,MAAMC,OAAAA,GAAW,MAAMzE,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,mBAAA,CAAA,CAAqBC,QAAQ,CAAC;YACnEuE,KAAAA,EAAOT,QAAAA;AACPU,YAAAA,MAAAA,EAAQH,IAAAA,GAAOP,QAAAA;YACfW,QAAAA,EAAU;AAAC,gBAAA,MAAA;AAAQ,gBAAA;AAAW;AAChC,SAAA,CAAA;QAEA,MAAMzD,WAAAA,GAAcQ,eAAAA,CAAiBC,YAAY,CAAC6C,OAAAA,CAAAA;QAClD,MAAMhC,mBAAAA,GAAsB,MAAMH,yBAAAA,CAA0BnB,WAAAA,CAAAA;;AAG5D,QAAA,MAAM0D,mBAAAA,GAAsB1D,WAAAA,CAAY2D,MAAM,CAC5C,CAACxD,UAAAA,GAAoB,CAACA,UAAAA,CAAWhB,IAAI,IAAI,CAACgB,UAAAA,CAAWyD,QAAQ,CAAA;AAG/D,QAAA,MAAMC,qBAAAA,GAAwBC,KAAAA,CAAMC,IAAI,CACtC,IAAIC,GAAAA,CAAI;AAAI1C,YAAAA,GAAAA,mBAAAA;AAAwBoC,YAAAA,GAAAA;AAAoB,SAAA,CAACnE,GAAG,CAAC,CAAC0E,CAAAA,GAAMA,EAAE7E,EAAE,CAAA,CAAA,CAAA;;QAI1E,MAAM8E,oBAAAA,GAAuBlE,WAAAA,CAAY2D,MAAM,CAC7C,CAACxD,UAAAA,GAA2B,CAAC0D,qBAAAA,CAAsBjB,QAAQ,CAACzC,UAAAA,CAAWf,EAAE,CAAA,CAAA;QAG3E,MAAM+E,0BAAAA,GAA6BpB,kBAAAA,CAAmBqB,qBAAqB,CACzEF,oBAAAA,CAAAA;;QAIF,MAAMG,6BAAAA,GAAgCC,iBAAAA,CACpC,CAACC,CAAAA,EAAeC,CAAAA,GAAAA;AACd,YAAA,OAAOD,EAAEnF,EAAE,KAAKoF,EAAEpF,EAAE,IAAIqF,OAAIF,CAAAA,CAAEG,UAAU,CAACC,MAAM,EAAEH,CAAAA,CAAEE,UAAU,CAACC,MAAM,CAAA,CAAEtF,MAAM,KAAK,CAAA;AACnF,QAAA,CAAA,EACA8E,0BAAAA,EACAD,oBAAAA,CAAAA;AAGF,QAAA,MAAMU,wBAAwB,CAACzE,UAAAA,GAAAA;AAC7B,YAAA,OAAOO,MAAAA,CAAO;AAAEtB,gBAAAA,EAAAA,EAAIe,WAAWf;aAAG,EAAGe,UAAAA,CAAAA;AACvC,QAAA,CAAA;;QAGA,MAAM0B,OAAAA,CAAQC,GAAG,CAAC;YAChBxC,WAAAA,CAAYuE,qBAAAA,CAAAA;AACZgB,YAAAA,IAAAA,CAAKR,+BAA+BO,qBAAAA,EAAuB;gBACzDE,WAAAA,EAAa,GAAA;gBACbC,WAAAA,EAAa;AACf,aAAA;AACD,SAAA,CAAA;AACH,IAAA;AACF;;;;;;;;;"}

package/dist/server/server/src/services/permission/queries.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-import { map, prop, differenceWith, xor, isNil, isArray, eq } from 'lodash/fp';
+import { differenceWith, xor, prop, isNil, isArray, eq } from 'lodash/fp';
 import pmap from 'p-map';
 import { getService } from '../../utils/index.mjs';
 import permissionDomain from '../../domain/permission/index.mjs';
@@ -122,11 +122,20 @@ const filterPermissionsToRemove = async (permissions)=>{
         // 1. Find invalid permissions and collect their ID to delete them later
         const results = await strapi.db.query('admin::permission').findMany({
             limit: pageSize,
-            offset: page * pageSize
+            offset: page * pageSize,
+            populate: [
+                'role',
+                'apiToken'
+            ]
         });
         const permissions = permissionDomain.toPermission(results);
         const permissionsToRemove = await filterPermissionsToRemove(permissions);
-        const permissionsIdToRemove = map(prop('id'), permissionsToRemove);
+        // Also remove orphaned permissions (no role AND no apiToken)
+        const orphanedPermissions = permissions.filter((permission)=>!permission.role && !permission.apiToken);
+        const permissionsIdToRemove = Array.from(new Set([
+            ...permissionsToRemove,
+            ...orphanedPermissions
+        ].map((p)=>p.id)));
         // 2. Clean permissions' fields (add required ones, remove the non-existing ones)
         const remainingPermissions = permissions.filter((permission)=>!permissionsIdToRemove.includes(permission.id));
         const permissionsWithCleanFields = contentTypeService.cleanPermissionFields(remainingPermissions);

package/dist/server/server/src/services/permission/queries.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"queries.mjs","sources":["../../../../../../server/src/services/permission/queries.ts"],"sourcesContent":["import { isNil, isArray, prop, xor, eq, map, differenceWith } from 'lodash/fp';\nimport pmap from 'p-map';\nimport type { Data } from '@strapi/types';\nimport { getService } from '../../utils';\nimport permissionDomain, { CreatePermissionPayload } from '../../domain/permission';\nimport type { AdminUser, Permission } from '../../../../shared/contracts/shared';\nimport { Action } from '../../domain/action';\n\n/*\n Delete permissions of roles in database\n * @param rolesIds ids of roles\n /\nexport const deleteByRolesIds = async (rolesIds: Data.ID[]): Promise<void> => {\n const permissionsToDelete = await strapi.db.query('admin::permission').findMany({\n select: ['id'],\n where: {\n role: { id: rolesIds },\n },\n });\n\n if (permissionsToDelete.length > 0) {\n await deleteByIds(permissionsToDelete.map(prop('id')));\n }\n};\n\n/\n Delete permissions\n * @param ids ids of permissions\n /\nexport const deleteByIds = async (ids: Data.ID[]): Promise<void> => {\n const result: unknown[] = [];\n for (const id of ids) {\n const queryResult = await strapi.db.query('admin::permission').delete({ where: { id } });\n result.push(queryResult);\n }\n strapi.eventHub.emit('permission.delete', { permissions: result });\n};\n\n/\n Create many permissions\n * @param permissions\n /\nexport const createMany = async (permissions: CreatePermissionPayload[]): Promise<Permission[]> => {\n const createdPermissions: CreatePermissionPayload[] = [];\n for (const permission of permissions) {\n const newPerm = await strapi.db.query('admin::permission').create({ data: permission });\n createdPermissions.push(newPerm);\n }\n\n const permissionsToReturn = permissionDomain.toPermission(createdPermissions);\n strapi.eventHub.emit('permission.create', { permissions: permissionsToReturn });\n\n return permissionsToReturn;\n};\n\n/\n Update a permission\n * @param params\n * @param attributes\n /\nconst update = async (params: unknown, attributes: Partial<Permission>) => {\n const updatedPermission = (await strapi.db\n .query('admin::permission')\n .update({ where: params, data: attributes })) as Permission;\n\n const permissionToReturn = permissionDomain.toPermission(updatedPermission);\n strapi.eventHub.emit('permission.update', { permissions: permissionToReturn });\n\n return permissionToReturn;\n};\n\n/\n Find assigned permissions in the database\n * @param params query params to find the permissions\n /\nexport const findMany = async (params = {}): Promise<Permission[]> => {\n const rawPermissions = await strapi.db.query('admin::permission').findMany(params);\n\n return permissionDomain.toPermission(rawPermissions);\n};\n\n/\n Find all permissions for a user\n * @param user - user\n /\nexport const findUserPermissions = async (user: AdminUser): Promise<Permission[]> => {\n return findMany({ where: { role: { users: { id: user.id } } } });\n};\n\nconst filterPermissionsToRemove = async (permissions: Permission[]) => {\n const { actionProvider } = getService('permission');\n\n const permissionsToRemove: Permission[] = [];\n\n for (const permission of permissions) {\n const { subjects, options = {} as Action['options'] } =\n (actionProvider.get(permission.action) as Action) \|\| {};\n const { applyToProperties } = options;\n\n const invalidProperties = await Promise.all(\n (applyToProperties \|\| []).map(async (property) => {\n const applies = await actionProvider.appliesToProperty(\n property,\n permission.action,\n permission.subject\n );\n\n return applies && isNil(permissionDomain.getProperty(property, permission));\n })\n );\n\n const isRegisteredAction = actionProvider.has(permission.action);\n const hasInvalidProperties = isArray(applyToProperties) && invalidProperties.every(eq(true));\n const isInvalidSubject = isArray(subjects) && !subjects.includes(permission.subject as string);\n\n // If the permission has an invalid action, an invalid subject or invalid properties, then add it to the toBeRemoved collection\n if (!isRegisteredAction \|\| isInvalidSubject \|\| hasInvalidProperties) {\n permissionsToRemove.push(permission);\n }\n }\n\n return permissionsToRemove;\n};\n\n/\n Removes permissions in database that don't exist anymore\n /\nexport const cleanPermissionsInDatabase = async (): Promise<void> => {\n const pageSize = 200;\n\n const contentTypeService = getService('content-type');\n\n const total = await strapi.db.query('admin::permission').count();\n const pageCount = Math.ceil(total / pageSize);\n\n for (let page = 0; page < pageCount; page += 1) {\n // 1. Find invalid permissions and collect their ID to delete them later\n const results = (await strapi.db\n .query('admin::permission')\n .findMany({ limit: pageSize, offset: page pageSize })) as Permission[];\n\n const permissions = permissionDomain.toPermission(results);\n const permissionsToRemove = await filterPermissionsToRemove(permissions);\n const permissionsIdToRemove = map(prop('id'), permissionsToRemove);\n\n // 2. Clean permissions' fields (add required ones, remove the non-existing ones)\n const remainingPermissions = permissions.filter(\n (permission: Permission) => !permissionsIdToRemove.includes(permission.id)\n );\n\n const permissionsWithCleanFields = contentTypeService.cleanPermissionFields(\n remainingPermissions\n ) as Permission[];\n\n // Update only the ones that need to be updated\n const permissionsNeedingToBeUpdated = differenceWith(\n (a: Permission, b: Permission) => {\n return a.id === b.id && xor(a.properties.fields, b.properties.fields).length === 0;\n },\n permissionsWithCleanFields,\n remainingPermissions\n );\n\n const updatePromiseProvider = (permission: Permission) => {\n return update({ id: permission.id }, permission);\n };\n\n // Execute all the queries, update the database\n await Promise.all([\n deleteByIds(permissionsIdToRemove),\n pmap(permissionsNeedingToBeUpdated, updatePromiseProvider, {\n concurrency: 100,\n stopOnError: true,\n }),\n ]);\n }\n};\n\nexport default {\n createMany,\n findMany,\n deleteByRolesIds,\n deleteByIds,\n findUserPermissions,\n cleanPermissionsInDatabase,\n};\n"],"names":["deleteByRolesIds","rolesIds","permissionsToDelete","strapi","db","query","findMany","select","where","role","id","length","deleteByIds","map","prop","ids","result","queryResult","delete","push","eventHub","emit","permissions","createMany","createdPermissions","permission","newPerm","create","data","permissionsToReturn","permissionDomain","toPermission","update","params","attributes","updatedPermission","permissionToReturn","rawPermissions","findUserPermissions","user","users","filterPermissionsToRemove","actionProvider","getService","permissionsToRemove","subjects","options","get","action","applyToProperties","invalidProperties","Promise","all","property","applies","appliesToProperty","subject","isNil","getProperty","isRegisteredAction","has","hasInvalidProperties","isArray","every","eq","isInvalidSubject","includes","cleanPermissionsInDatabase","pageSize","contentTypeService","total","count","pageCount","Math","ceil","page","results","limit","offset","permissionsIdToRemove","remainingPermissions","filter","permissionsWithCleanFields","cleanPermissionFields","permissionsNeedingToBeUpdated","differenceWith","a","b","xor","properties","fields","updatePromiseProvider","pmap","concurrency","stopOnError"],"mappings":";;;;;AAQA;;;IAIO,MAAMA,gBAAAA,GAAmB,OAAOC,QAAAA,GAAAA;IACrC,MAAMC,mBAAAA,GAAsB,MAAMC,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,mBAAA,CAAA,CAAqBC,QAAQ,CAAC;QAC9EC,MAAAA,EAAQ;AAAC,YAAA;AAAK,SAAA;QACdC,KAAAA,EAAO;YACLC,IAAAA,EAAM;gBAAEC,EAAAA,EAAIT;AAAS;AACvB;AACF,KAAA,CAAA;IAEA,IAAIC,mBAAAA,CAAoBS,MAAM,GAAG,CAAA,EAAG;AAClC,QAAA,MAAMC,WAAAA,CAAYV,mBAAAA,CAAoBW,GAAG,CAACC,IAAAA,CAAK,IAAA,CAAA,CAAA,CAAA;AACjD,IAAA;AACF;AAEA;;;IAIO,MAAMF,WAAAA,GAAc,OAAOG,GAAAA,GAAAA;AAChC,IAAA,MAAMC,SAAoB,EAAE;IAC5B,KAAK,MAAMN,MAAMK,GAAAA,CAAK;QACpB,MAAME,WAAAA,GAAc,MAAMd,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,mBAAA,CAAA,CAAqBa,MAAM,CAAC;YAAEV,KAAAA,EAAO;AAAEE,gBAAAA;AAAG;AAAE,SAAA,CAAA;AACtFM,QAAAA,MAAAA,CAAOG,IAAI,CAACF,WAAAA,CAAAA;AACd,IAAA;AACAd,IAAAA,MAAAA,CAAOiB,QAAQ,CAACC,IAAI,CAAC,mBAAA,EAAqB;QAAEC,WAAAA,EAAaN;AAAO,KAAA,CAAA;AAClE;AAEA;;;IAIO,MAAMO,UAAAA,GAAa,OAAOD,WAAAA,GAAAA;AAC/B,IAAA,MAAME,qBAAgD,EAAE;IACxD,KAAK,MAAMC,cAAcH,WAAAA,CAAa;QACpC,MAAMI,OAAAA,GAAU,MAAMvB,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,mBAAA,CAAA,CAAqBsB,MAAM,CAAC;YAAEC,IAAAA,EAAMH;AAAW,SAAA,CAAA;AACrFD,QAAAA,kBAAAA,CAAmBL,IAAI,CAACO,OAAAA,CAAAA;AAC1B,IAAA;IAEA,MAAMG,mBAAAA,GAAsBC,gBAAAA,CAAiBC,YAAY,CAACP,kBAAAA,CAAAA;AAC1DrB,IAAAA,MAAAA,CAAOiB,QAAQ,CAACC,IAAI,CAAC,mBAAA,EAAqB;QAAEC,WAAAA,EAAaO;AAAoB,KAAA,CAAA;IAE7E,OAAOA,mBAAAA;AACT;AAEA;;;;IAKA,MAAMG,MAAAA,GAAS,OAAOC,MAAAA,EAAiBC,UAAAA,GAAAA;IACrC,MAAMC,iBAAAA,GAAqB,MAAMhC,MAAAA,CAAOC,EAAE,CACvCC,KAAK,CAAC,mBAAA,CAAA,CACN2B,MAAM,CAAC;QAAExB,KAAAA,EAAOyB,MAAAA;QAAQL,IAAAA,EAAMM;AAAW,KAAA,CAAA;IAE5C,MAAME,kBAAAA,GAAqBN,gBAAAA,CAAiBC,YAAY,CAACI,iBAAAA,CAAAA;AACzDhC,IAAAA,MAAAA,CAAOiB,QAAQ,CAACC,IAAI,CAAC,mBAAA,EAAqB;QAAEC,WAAAA,EAAac;AAAmB,KAAA,CAAA;IAE5E,OAAOA,kBAAAA;AACT,CAAA;AAEA;;;AAGC,IACM,MAAM9B,QAAAA,GAAW,OAAO2B,MAAAA,GAAS,EAAE,GAAA;IACxC,MAAMI,cAAAA,GAAiB,MAAMlC,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,mBAAA,CAAA,CAAqBC,QAAQ,CAAC2B,MAAAA,CAAAA;IAE3E,OAAOH,gBAAAA,CAAiBC,YAAY,CAACM,cAAAA,CAAAA;AACvC;AAEA;;;IAIO,MAAMC,mBAAAA,GAAsB,OAAOC,IAAAA,GAAAA;AACxC,IAAA,OAAOjC,QAAAA,CAAS;QAAEE,KAAAA,EAAO;YAAEC,IAAAA,EAAM;gBAAE+B,KAAAA,EAAO;AAAE9B,oBAAAA,EAAAA,EAAI6B,KAAK7B;AAAG;AAAE;AAAE;AAAE,KAAA,CAAA;AAChE;AAEA,MAAM+B,4BAA4B,OAAOnB,WAAAA,GAAAA;AACvC,IAAA,MAAM,EAAEoB,cAAc,EAAE,GAAGC,UAAAA,CAAW,YAAA,CAAA;AAEtC,IAAA,MAAMC,sBAAoC,EAAE;IAE5C,KAAK,MAAMnB,cAAcH,WAAAA,CAAa;AACpC,QAAA,MAAM,EAAEuB,QAAQ,EAAEC,OAAAA,GAAU,EAAuB,EAAE,GAClDJ,eAAeK,GAAG,CAACtB,UAAAA,CAAWuB,MAAM,KAAgB,EAAC;QACxD,MAAM,EAAEC,iBAAiB,EAAE,GAAGH,OAAAA;AAE9B,QAAA,MAAMI,iBAAAA,GAAoB,MAAMC,OAAAA,CAAQC,GAAG,CACxCH,CAAAA,iBAAAA,IAAqB,EAAC,EAAGpC,GAAG,CAAC,OAAOwC,QAAAA,GAAAA;YACnC,MAAMC,OAAAA,GAAU,MAAMZ,cAAAA,CAAea,iBAAiB,CACpDF,UACA5B,UAAAA,CAAWuB,MAAM,EACjBvB,UAAAA,CAAW+B,OAAO,CAAA;AAGpB,YAAA,OAAOF,OAAAA,IAAWG,KAAAA,CAAM3B,gBAAAA,CAAiB4B,WAAW,CAACL,QAAAA,EAAU5B,UAAAA,CAAAA,CAAAA;AACjE,QAAA,CAAA,CAAA,CAAA;AAGF,QAAA,MAAMkC,kBAAAA,GAAqBjB,cAAAA,CAAekB,GAAG,CAACnC,WAAWuB,MAAM,CAAA;AAC/D,QAAA,MAAMa,uBAAuBC,OAAAA,CAAQb,iBAAAA,CAAAA,IAAsBC,iBAAAA,CAAkBa,KAAK,CAACC,EAAAA,CAAG,IAAA,CAAA,CAAA;QACtF,MAAMC,gBAAAA,GAAmBH,QAAQjB,QAAAA,CAAAA,IAAa,CAACA,SAASqB,QAAQ,CAACzC,WAAW+B,OAAO,CAAA;;QAGnF,IAAI,CAACG,kBAAAA,IAAsBM,gBAAAA,IAAoBJ,oBAAAA,EAAsB;AACnEjB,YAAAA,mBAAAA,CAAoBzB,IAAI,CAACM,UAAAA,CAAAA;AAC3B,QAAA;AACF,IAAA;IAEA,OAAOmB,mBAAAA;AACT,CAAA;AAEA;;UAGauB,0BAAAA,GAA6B,UAAA;AACxC,IAAA,MAAMC,QAAAA,GAAW,GAAA;AAEjB,IAAA,MAAMC,qBAAqB1B,UAAAA,CAAW,cAAA,CAAA;IAEtC,MAAM2B,KAAAA,GAAQ,MAAMnE,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,qBAAqBkE,KAAK,EAAA;AAC9D,IAAA,MAAMC,SAAAA,GAAYC,IAAAA,CAAKC,IAAI,CAACJ,KAAAA,GAAQF,QAAAA,CAAAA;AAEpC,IAAA,IAAK,IAAIO,IAAAA,GAAO,CAAA,EAAGA,IAAAA,GAAOH,SAAAA,EAAWG,QAAQ,CAAA,CAAG;;QAE9C,MAAMC,OAAAA,GAAW,MAAMzE,MAAAA,CAAOC,EAAE,CAC7BC,KAAK,CAAC,mBAAA,CAAA,CACNC,QAAQ,CAAC;YAAEuE,KAAAA,EAAOT,QAAAA;AAAUU,YAAAA,MAAAA,EAAQH,IAAAA,GAAOP;AAAS,SAAA,CAAA;QAEvD,MAAM9C,WAAAA,GAAcQ,gBAAAA,CAAiBC,YAAY,CAAC6C,OAAAA,CAAAA;QAClD,MAAMhC,mBAAAA,GAAsB,MAAMH,yBAAAA,CAA0BnB,WAAAA,CAAAA;QAC5D,MAAMyD,qBAAAA,GAAwBlE,GAAAA,CAAIC,IAAAA,CAAK,IAAA,CAAA,EAAO8B,mBAAAA,CAAAA;;QAG9C,MAAMoC,oBAAAA,GAAuB1D,WAAAA,CAAY2D,MAAM,CAC7C,CAACxD,UAAAA,GAA2B,CAACsD,qBAAAA,CAAsBb,QAAQ,CAACzC,UAAAA,CAAWf,EAAE,CAAA,CAAA;QAG3E,MAAMwE,0BAAAA,GAA6Bb,kBAAAA,CAAmBc,qBAAqB,CACzEH,oBAAAA,CAAAA;;QAIF,MAAMI,6BAAAA,GAAgCC,cAAAA,CACpC,CAACC,CAAAA,EAAeC,CAAAA,GAAAA;AACd,YAAA,OAAOD,EAAE5E,EAAE,KAAK6E,EAAE7E,EAAE,IAAI8E,IAAIF,CAAAA,CAAEG,UAAU,CAACC,MAAM,EAAEH,CAAAA,CAAEE,UAAU,CAACC,MAAM,CAAA,CAAE/E,MAAM,KAAK,CAAA;AACnF,QAAA,CAAA,EACAuE,0BAAAA,EACAF,oBAAAA,CAAAA;AAGF,QAAA,MAAMW,wBAAwB,CAAClE,UAAAA,GAAAA;AAC7B,YAAA,OAAOO,MAAAA,CAAO;AAAEtB,gBAAAA,EAAAA,EAAIe,WAAWf;aAAG,EAAGe,UAAAA,CAAAA;AACvC,QAAA,CAAA;;QAGA,MAAM0B,OAAAA,CAAQC,GAAG,CAAC;YAChBxC,WAAAA,CAAYmE,qBAAAA,CAAAA;AACZa,YAAAA,IAAAA,CAAKR,+BAA+BO,qBAAAA,EAAuB;gBACzDE,WAAAA,EAAa,GAAA;gBACbC,WAAAA,EAAa;AACf,aAAA;AACD,SAAA,CAAA;AACH,IAAA;AACF;;;;"}
1	+ {"version":3,"file":"queries.mjs","sources":["../../../../../../server/src/services/permission/queries.ts"],"sourcesContent":["import { isNil, isArray, prop, xor, eq, differenceWith } from 'lodash/fp';\nimport pmap from 'p-map';\nimport type { Data } from '@strapi/types';\nimport { getService } from '../../utils';\nimport permissionDomain, { CreatePermissionPayload } from '../../domain/permission';\nimport type { AdminUser, Permission } from '../../../../shared/contracts/shared';\nimport { Action } from '../../domain/action';\n\n/*\n Delete permissions of roles in database\n * @param rolesIds ids of roles\n /\nexport const deleteByRolesIds = async (rolesIds: Data.ID[]): Promise<void> => {\n const permissionsToDelete = await strapi.db.query('admin::permission').findMany({\n select: ['id'],\n where: {\n role: { id: rolesIds },\n },\n });\n\n if (permissionsToDelete.length > 0) {\n await deleteByIds(permissionsToDelete.map(prop('id')));\n }\n};\n\n/\n Delete permissions\n * @param ids ids of permissions\n /\nexport const deleteByIds = async (ids: Data.ID[]): Promise<void> => {\n const result: unknown[] = [];\n for (const id of ids) {\n const queryResult = await strapi.db.query('admin::permission').delete({ where: { id } });\n result.push(queryResult);\n }\n strapi.eventHub.emit('permission.delete', { permissions: result });\n};\n\n/\n Create many permissions\n * @param permissions\n /\nexport const createMany = async (permissions: CreatePermissionPayload[]): Promise<Permission[]> => {\n const createdPermissions: CreatePermissionPayload[] = [];\n for (const permission of permissions) {\n const newPerm = await strapi.db.query('admin::permission').create({ data: permission });\n createdPermissions.push(newPerm);\n }\n\n const permissionsToReturn = permissionDomain.toPermission(createdPermissions);\n strapi.eventHub.emit('permission.create', { permissions: permissionsToReturn });\n\n return permissionsToReturn;\n};\n\n/\n Update a permission\n * @param params\n * @param attributes\n /\nconst update = async (params: unknown, attributes: Partial<Permission>) => {\n const updatedPermission = (await strapi.db\n .query('admin::permission')\n .update({ where: params, data: attributes })) as Permission;\n\n const permissionToReturn = permissionDomain.toPermission(updatedPermission);\n strapi.eventHub.emit('permission.update', { permissions: permissionToReturn });\n\n return permissionToReturn;\n};\n\n/\n Find assigned permissions in the database\n * @param params query params to find the permissions\n /\nexport const findMany = async (params = {}): Promise<Permission[]> => {\n const rawPermissions = await strapi.db.query('admin::permission').findMany(params);\n\n return permissionDomain.toPermission(rawPermissions);\n};\n\n/\n Find all permissions for a user\n * @param user - user\n /\nexport const findUserPermissions = async (user: AdminUser): Promise<Permission[]> => {\n return findMany({ where: { role: { users: { id: user.id } } } });\n};\n\nconst filterPermissionsToRemove = async (permissions: Permission[]) => {\n const { actionProvider } = getService('permission');\n\n const permissionsToRemove: Permission[] = [];\n\n for (const permission of permissions) {\n const { subjects, options = {} as Action['options'] } =\n (actionProvider.get(permission.action) as Action) \|\| {};\n const { applyToProperties } = options;\n\n const invalidProperties = await Promise.all(\n (applyToProperties \|\| []).map(async (property) => {\n const applies = await actionProvider.appliesToProperty(\n property,\n permission.action,\n permission.subject\n );\n\n return applies && isNil(permissionDomain.getProperty(property, permission));\n })\n );\n\n const isRegisteredAction = actionProvider.has(permission.action);\n const hasInvalidProperties = isArray(applyToProperties) && invalidProperties.every(eq(true));\n const isInvalidSubject = isArray(subjects) && !subjects.includes(permission.subject as string);\n\n // If the permission has an invalid action, an invalid subject or invalid properties, then add it to the toBeRemoved collection\n if (!isRegisteredAction \|\| isInvalidSubject \|\| hasInvalidProperties) {\n permissionsToRemove.push(permission);\n }\n }\n\n return permissionsToRemove;\n};\n\n/\n Removes permissions in database that don't exist anymore\n /\nexport const cleanPermissionsInDatabase = async (): Promise<void> => {\n const pageSize = 200;\n\n const contentTypeService = getService('content-type');\n\n const total = await strapi.db.query('admin::permission').count();\n const pageCount = Math.ceil(total / pageSize);\n\n for (let page = 0; page < pageCount; page += 1) {\n // 1. Find invalid permissions and collect their ID to delete them later\n const results = (await strapi.db.query('admin::permission').findMany({\n limit: pageSize,\n offset: page pageSize,\n populate: ['role', 'apiToken'],\n })) as Permission[];\n\n const permissions = permissionDomain.toPermission(results);\n const permissionsToRemove = await filterPermissionsToRemove(permissions);\n\n // Also remove orphaned permissions (no role AND no apiToken)\n const orphanedPermissions = permissions.filter(\n (permission: any) => !permission.role && !permission.apiToken\n );\n\n const permissionsIdToRemove = Array.from(\n new Set([...permissionsToRemove, ...orphanedPermissions].map((p) => p.id))\n );\n\n // 2. Clean permissions' fields (add required ones, remove the non-existing ones)\n const remainingPermissions = permissions.filter(\n (permission: Permission) => !permissionsIdToRemove.includes(permission.id)\n );\n\n const permissionsWithCleanFields = contentTypeService.cleanPermissionFields(\n remainingPermissions\n ) as Permission[];\n\n // Update only the ones that need to be updated\n const permissionsNeedingToBeUpdated = differenceWith(\n (a: Permission, b: Permission) => {\n return a.id === b.id && xor(a.properties.fields, b.properties.fields).length === 0;\n },\n permissionsWithCleanFields,\n remainingPermissions\n );\n\n const updatePromiseProvider = (permission: Permission) => {\n return update({ id: permission.id }, permission);\n };\n\n // Execute all the queries, update the database\n await Promise.all([\n deleteByIds(permissionsIdToRemove),\n pmap(permissionsNeedingToBeUpdated, updatePromiseProvider, {\n concurrency: 100,\n stopOnError: true,\n }),\n ]);\n }\n};\n\nexport default {\n createMany,\n findMany,\n deleteByRolesIds,\n deleteByIds,\n findUserPermissions,\n cleanPermissionsInDatabase,\n};\n"],"names":["deleteByRolesIds","rolesIds","permissionsToDelete","strapi","db","query","findMany","select","where","role","id","length","deleteByIds","map","prop","ids","result","queryResult","delete","push","eventHub","emit","permissions","createMany","createdPermissions","permission","newPerm","create","data","permissionsToReturn","permissionDomain","toPermission","update","params","attributes","updatedPermission","permissionToReturn","rawPermissions","findUserPermissions","user","users","filterPermissionsToRemove","actionProvider","getService","permissionsToRemove","subjects","options","get","action","applyToProperties","invalidProperties","Promise","all","property","applies","appliesToProperty","subject","isNil","getProperty","isRegisteredAction","has","hasInvalidProperties","isArray","every","eq","isInvalidSubject","includes","cleanPermissionsInDatabase","pageSize","contentTypeService","total","count","pageCount","Math","ceil","page","results","limit","offset","populate","orphanedPermissions","filter","apiToken","permissionsIdToRemove","Array","from","Set","p","remainingPermissions","permissionsWithCleanFields","cleanPermissionFields","permissionsNeedingToBeUpdated","differenceWith","a","b","xor","properties","fields","updatePromiseProvider","pmap","concurrency","stopOnError"],"mappings":";;;;;AAQA;;;IAIO,MAAMA,gBAAAA,GAAmB,OAAOC,QAAAA,GAAAA;IACrC,MAAMC,mBAAAA,GAAsB,MAAMC,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,mBAAA,CAAA,CAAqBC,QAAQ,CAAC;QAC9EC,MAAAA,EAAQ;AAAC,YAAA;AAAK,SAAA;QACdC,KAAAA,EAAO;YACLC,IAAAA,EAAM;gBAAEC,EAAAA,EAAIT;AAAS;AACvB;AACF,KAAA,CAAA;IAEA,IAAIC,mBAAAA,CAAoBS,MAAM,GAAG,CAAA,EAAG;AAClC,QAAA,MAAMC,WAAAA,CAAYV,mBAAAA,CAAoBW,GAAG,CAACC,IAAAA,CAAK,IAAA,CAAA,CAAA,CAAA;AACjD,IAAA;AACF;AAEA;;;IAIO,MAAMF,WAAAA,GAAc,OAAOG,GAAAA,GAAAA;AAChC,IAAA,MAAMC,SAAoB,EAAE;IAC5B,KAAK,MAAMN,MAAMK,GAAAA,CAAK;QACpB,MAAME,WAAAA,GAAc,MAAMd,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,mBAAA,CAAA,CAAqBa,MAAM,CAAC;YAAEV,KAAAA,EAAO;AAAEE,gBAAAA;AAAG;AAAE,SAAA,CAAA;AACtFM,QAAAA,MAAAA,CAAOG,IAAI,CAACF,WAAAA,CAAAA;AACd,IAAA;AACAd,IAAAA,MAAAA,CAAOiB,QAAQ,CAACC,IAAI,CAAC,mBAAA,EAAqB;QAAEC,WAAAA,EAAaN;AAAO,KAAA,CAAA;AAClE;AAEA;;;IAIO,MAAMO,UAAAA,GAAa,OAAOD,WAAAA,GAAAA;AAC/B,IAAA,MAAME,qBAAgD,EAAE;IACxD,KAAK,MAAMC,cAAcH,WAAAA,CAAa;QACpC,MAAMI,OAAAA,GAAU,MAAMvB,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,mBAAA,CAAA,CAAqBsB,MAAM,CAAC;YAAEC,IAAAA,EAAMH;AAAW,SAAA,CAAA;AACrFD,QAAAA,kBAAAA,CAAmBL,IAAI,CAACO,OAAAA,CAAAA;AAC1B,IAAA;IAEA,MAAMG,mBAAAA,GAAsBC,gBAAAA,CAAiBC,YAAY,CAACP,kBAAAA,CAAAA;AAC1DrB,IAAAA,MAAAA,CAAOiB,QAAQ,CAACC,IAAI,CAAC,mBAAA,EAAqB;QAAEC,WAAAA,EAAaO;AAAoB,KAAA,CAAA;IAE7E,OAAOA,mBAAAA;AACT;AAEA;;;;IAKA,MAAMG,MAAAA,GAAS,OAAOC,MAAAA,EAAiBC,UAAAA,GAAAA;IACrC,MAAMC,iBAAAA,GAAqB,MAAMhC,MAAAA,CAAOC,EAAE,CACvCC,KAAK,CAAC,mBAAA,CAAA,CACN2B,MAAM,CAAC;QAAExB,KAAAA,EAAOyB,MAAAA;QAAQL,IAAAA,EAAMM;AAAW,KAAA,CAAA;IAE5C,MAAME,kBAAAA,GAAqBN,gBAAAA,CAAiBC,YAAY,CAACI,iBAAAA,CAAAA;AACzDhC,IAAAA,MAAAA,CAAOiB,QAAQ,CAACC,IAAI,CAAC,mBAAA,EAAqB;QAAEC,WAAAA,EAAac;AAAmB,KAAA,CAAA;IAE5E,OAAOA,kBAAAA;AACT,CAAA;AAEA;;;AAGC,IACM,MAAM9B,QAAAA,GAAW,OAAO2B,MAAAA,GAAS,EAAE,GAAA;IACxC,MAAMI,cAAAA,GAAiB,MAAMlC,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,mBAAA,CAAA,CAAqBC,QAAQ,CAAC2B,MAAAA,CAAAA;IAE3E,OAAOH,gBAAAA,CAAiBC,YAAY,CAACM,cAAAA,CAAAA;AACvC;AAEA;;;IAIO,MAAMC,mBAAAA,GAAsB,OAAOC,IAAAA,GAAAA;AACxC,IAAA,OAAOjC,QAAAA,CAAS;QAAEE,KAAAA,EAAO;YAAEC,IAAAA,EAAM;gBAAE+B,KAAAA,EAAO;AAAE9B,oBAAAA,EAAAA,EAAI6B,KAAK7B;AAAG;AAAE;AAAE;AAAE,KAAA,CAAA;AAChE;AAEA,MAAM+B,4BAA4B,OAAOnB,WAAAA,GAAAA;AACvC,IAAA,MAAM,EAAEoB,cAAc,EAAE,GAAGC,UAAAA,CAAW,YAAA,CAAA;AAEtC,IAAA,MAAMC,sBAAoC,EAAE;IAE5C,KAAK,MAAMnB,cAAcH,WAAAA,CAAa;AACpC,QAAA,MAAM,EAAEuB,QAAQ,EAAEC,OAAAA,GAAU,EAAuB,EAAE,GAClDJ,eAAeK,GAAG,CAACtB,UAAAA,CAAWuB,MAAM,KAAgB,EAAC;QACxD,MAAM,EAAEC,iBAAiB,EAAE,GAAGH,OAAAA;AAE9B,QAAA,MAAMI,iBAAAA,GAAoB,MAAMC,OAAAA,CAAQC,GAAG,CACxCH,CAAAA,iBAAAA,IAAqB,EAAC,EAAGpC,GAAG,CAAC,OAAOwC,QAAAA,GAAAA;YACnC,MAAMC,OAAAA,GAAU,MAAMZ,cAAAA,CAAea,iBAAiB,CACpDF,UACA5B,UAAAA,CAAWuB,MAAM,EACjBvB,UAAAA,CAAW+B,OAAO,CAAA;AAGpB,YAAA,OAAOF,OAAAA,IAAWG,KAAAA,CAAM3B,gBAAAA,CAAiB4B,WAAW,CAACL,QAAAA,EAAU5B,UAAAA,CAAAA,CAAAA;AACjE,QAAA,CAAA,CAAA,CAAA;AAGF,QAAA,MAAMkC,kBAAAA,GAAqBjB,cAAAA,CAAekB,GAAG,CAACnC,WAAWuB,MAAM,CAAA;AAC/D,QAAA,MAAMa,uBAAuBC,OAAAA,CAAQb,iBAAAA,CAAAA,IAAsBC,iBAAAA,CAAkBa,KAAK,CAACC,EAAAA,CAAG,IAAA,CAAA,CAAA;QACtF,MAAMC,gBAAAA,GAAmBH,QAAQjB,QAAAA,CAAAA,IAAa,CAACA,SAASqB,QAAQ,CAACzC,WAAW+B,OAAO,CAAA;;QAGnF,IAAI,CAACG,kBAAAA,IAAsBM,gBAAAA,IAAoBJ,oBAAAA,EAAsB;AACnEjB,YAAAA,mBAAAA,CAAoBzB,IAAI,CAACM,UAAAA,CAAAA;AAC3B,QAAA;AACF,IAAA;IAEA,OAAOmB,mBAAAA;AACT,CAAA;AAEA;;UAGauB,0BAAAA,GAA6B,UAAA;AACxC,IAAA,MAAMC,QAAAA,GAAW,GAAA;AAEjB,IAAA,MAAMC,qBAAqB1B,UAAAA,CAAW,cAAA,CAAA;IAEtC,MAAM2B,KAAAA,GAAQ,MAAMnE,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,qBAAqBkE,KAAK,EAAA;AAC9D,IAAA,MAAMC,SAAAA,GAAYC,IAAAA,CAAKC,IAAI,CAACJ,KAAAA,GAAQF,QAAAA,CAAAA;AAEpC,IAAA,IAAK,IAAIO,IAAAA,GAAO,CAAA,EAAGA,IAAAA,GAAOH,SAAAA,EAAWG,QAAQ,CAAA,CAAG;;QAE9C,MAAMC,OAAAA,GAAW,MAAMzE,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,mBAAA,CAAA,CAAqBC,QAAQ,CAAC;YACnEuE,KAAAA,EAAOT,QAAAA;AACPU,YAAAA,MAAAA,EAAQH,IAAAA,GAAOP,QAAAA;YACfW,QAAAA,EAAU;AAAC,gBAAA,MAAA;AAAQ,gBAAA;AAAW;AAChC,SAAA,CAAA;QAEA,MAAMzD,WAAAA,GAAcQ,gBAAAA,CAAiBC,YAAY,CAAC6C,OAAAA,CAAAA;QAClD,MAAMhC,mBAAAA,GAAsB,MAAMH,yBAAAA,CAA0BnB,WAAAA,CAAAA;;AAG5D,QAAA,MAAM0D,mBAAAA,GAAsB1D,WAAAA,CAAY2D,MAAM,CAC5C,CAACxD,UAAAA,GAAoB,CAACA,UAAAA,CAAWhB,IAAI,IAAI,CAACgB,UAAAA,CAAWyD,QAAQ,CAAA;AAG/D,QAAA,MAAMC,qBAAAA,GAAwBC,KAAAA,CAAMC,IAAI,CACtC,IAAIC,GAAAA,CAAI;AAAI1C,YAAAA,GAAAA,mBAAAA;AAAwBoC,YAAAA,GAAAA;AAAoB,SAAA,CAACnE,GAAG,CAAC,CAAC0E,CAAAA,GAAMA,EAAE7E,EAAE,CAAA,CAAA,CAAA;;QAI1E,MAAM8E,oBAAAA,GAAuBlE,WAAAA,CAAY2D,MAAM,CAC7C,CAACxD,UAAAA,GAA2B,CAAC0D,qBAAAA,CAAsBjB,QAAQ,CAACzC,UAAAA,CAAWf,EAAE,CAAA,CAAA;QAG3E,MAAM+E,0BAAAA,GAA6BpB,kBAAAA,CAAmBqB,qBAAqB,CACzEF,oBAAAA,CAAAA;;QAIF,MAAMG,6BAAAA,GAAgCC,cAAAA,CACpC,CAACC,CAAAA,EAAeC,CAAAA,GAAAA;AACd,YAAA,OAAOD,EAAEnF,EAAE,KAAKoF,EAAEpF,EAAE,IAAIqF,IAAIF,CAAAA,CAAEG,UAAU,CAACC,MAAM,EAAEH,CAAAA,CAAEE,UAAU,CAACC,MAAM,CAAA,CAAEtF,MAAM,KAAK,CAAA;AACnF,QAAA,CAAA,EACA8E,0BAAAA,EACAD,oBAAAA,CAAAA;AAGF,QAAA,MAAMU,wBAAwB,CAACzE,UAAAA,GAAAA;AAC7B,YAAA,OAAOO,MAAAA,CAAO;AAAEtB,gBAAAA,EAAAA,EAAIe,WAAWf;aAAG,EAAGe,UAAAA,CAAAA;AACvC,QAAA,CAAA;;QAGA,MAAM0B,OAAAA,CAAQC,GAAG,CAAC;YAChBxC,WAAAA,CAAYuE,qBAAAA,CAAAA;AACZgB,YAAAA,IAAAA,CAAKR,+BAA+BO,qBAAAA,EAAuB;gBACzDE,WAAAA,EAAa,GAAA;gBACbC,WAAAA,EAAa;AACf,aAAA;AACD,SAAA,CAAA;AACH,IAAA;AACF;;;;"}

package/dist/server/server/src/services/role.js CHANGED Viewed

@@ -330,6 +330,9 @@ const getDefaultPluginPermissions = ({ isAuthor = false } = {})=>{
     if (!isSuperAdmin && (permissionsToAdd.length || permissionsToDelete.length)) {
         await index.getService('metrics').sendDidUpdateRolePermissions();
     }
+    if (permissionsToAdd.length > 0 || permissionsToDelete.length > 0) {
+        await index.getService('api-token-admin').syncPermissionsForRole(roleId);
+    }
     return permissionsToReturn;
 };
 const addPermissions = async (roleId, permissions)=>{

package/dist/server/server/src/services/role.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"role.js","sources":["../../../../../server/src/services/role.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-explicit-any / // TODO: TS - Use database parameters interface when they are ready\n/ eslint-disable @typescript-eslint/default-param-last /\nimport _ from 'lodash';\nimport { set, omit, pick, prop, isArray, differenceWith, differenceBy, isEqual } from 'lodash/fp';\n\nimport { dates, arrays, hooks as hooksUtils, errors } from '@strapi/utils';\nimport type { Data } from '@strapi/types';\n\nimport permissionDomain from '../domain/permission';\nimport type { AdminUser, AdminRole, Permission } from '../../../shared/contracts/shared';\nimport type { Action } from '../domain/action';\n\nimport { validatePermissionsExist } from '../validation/permission';\nimport roleConstants from './constants';\nimport { getService } from '../utils';\n\nconst { SUPER_ADMIN_CODE, CONTENT_TYPE_SECTION } = roleConstants;\n\nconst { createAsyncSeriesWaterfallHook } = hooksUtils;\nconst { ApplicationError } = errors;\n\nconst hooks = {\n willResetSuperAdminPermissions: createAsyncSeriesWaterfallHook(),\n};\n\nconst ACTIONS = {\n publish: 'plugin::content-manager.explorer.publish',\n};\n\n// @ts-expect-error lodash types\nconst sanitizeRole: <T extends object>(obj: T) => Omit<T, 'users' \| 'permissions'> = omit([\n 'users',\n 'permissions',\n] as const);\n\nexport type AdminRoleWithUsersCount = AdminRole & { usersCount: number };\n\nconst COMPARABLE_FIELDS = ['conditions', 'properties', 'subject', 'action', 'actionParameters'];\nconst pickComparableFields = pick(COMPARABLE_FIELDS);\n\nconst jsonClean = <T extends object>(data: T): T => JSON.parse(JSON.stringify(data));\n\n/\n Compare two permissions\n /\nconst arePermissionsEqual = (p1: Permission, p2: Permission): boolean => {\n if (p1.action === p2.action) {\n return isEqual(jsonClean(pickComparableFields(p1)), jsonClean(pickComparableFields(p2)));\n }\n\n return false;\n};\n\n/\n Create and save a role in database\n * @param attributes A partial role object\n /\nconst create = async (attributes: Partial<AdminRole>): Promise<AdminRole> => {\n const alreadyExists = await exists({ name: attributes.name });\n\n if (alreadyExists) {\n throw new ApplicationError(\n `The name must be unique and a role with name \\`${attributes.name}\\` already exists.`\n );\n }\n const autoGeneratedCode = `${_.kebabCase(attributes.name)}-${dates.timestampCode()}`;\n\n const rolesWithCode = {\n ...attributes,\n code: attributes.code \|\| autoGeneratedCode,\n };\n\n const result = await strapi.db.query('admin::role').create({ data: rolesWithCode });\n strapi.eventHub.emit('role.create', { role: sanitizeRole(result) });\n\n return result;\n};\n\n/\n Find a role in database\n * @param params query params to find the role\n * @param populate\n /\nconst findOne = (params = {}, populate?: unknown): Promise<AdminRole> => {\n return strapi.db.query('admin::role').findOne({ where: params, populate });\n};\n\n/\n Find a role in database with usersCounts\n * @param params query params to find the role\n * @param populate\n /\nconst findOneWithUsersCount = async (\n params = {},\n populate?: unknown\n): Promise<AdminRoleWithUsersCount> => {\n const role = await strapi.db.query('admin::role').findOne({ where: params, populate });\n\n if (role) {\n role.usersCount = await getUsersCount(role.id);\n }\n\n return role;\n};\n\n/\n Find roles in database\n * @param params query params to find the roles\n * @param populate\n /\nconst find = (params = {}, populate: unknown): Promise<AdminRole[]> => {\n return strapi.db.query('admin::role').findMany({ where: params, populate });\n};\n\n/\n Find all roles in database\n /\nconst findAllWithUsersCount = async (params: any): Promise<AdminRoleWithUsersCount[]> => {\n const roles: AdminRoleWithUsersCount[] = await strapi.db\n .query('admin::role')\n .findMany(strapi.get('query-params').transform('admin::role', params));\n\n for (const role of roles) {\n role.usersCount = await getUsersCount(role.id);\n }\n\n return roles;\n};\n\n/\n Update a role in database\n * @param params query params to find the role to update\n * @param attributes A partial role object\n /\nconst update = async (params: any, attributes: Partial<AdminRole>): Promise<AdminRole> => {\n const sanitizedAttributes = _.omit(attributes, ['code']);\n\n if (_.has(params, 'id') && _.has(sanitizedAttributes, 'name')) {\n const alreadyExists = await exists({\n name: sanitizedAttributes.name,\n id: { $ne: params.id },\n });\n if (alreadyExists) {\n throw new ApplicationError(\n `The name must be unique and a role with name \\`${sanitizedAttributes.name}\\` already exists.`\n );\n }\n }\n\n const result = await strapi.db\n .query('admin::role')\n .update({ where: params, data: sanitizedAttributes });\n\n strapi.eventHub.emit('role.update', { role: sanitizeRole(result) });\n\n return result;\n};\n\n/\n Check if a role exists in database\n * @param params query params to find the role\n /\nconst exists = async (params = {} as unknown): Promise<boolean> => {\n const count = await strapi.db.query('admin::role').count({ where: params });\n return count > 0;\n};\n\n/\n Count the number of roles based on search params\n * @param params params used for the query\n /\nconst count = async (params = {} as any): Promise<number> => {\n return strapi.db.query('admin::role').count(params);\n};\n\n/\n Check if the given roles id can be deleted safely, throw otherwise\n * @param ids\n /\nconst checkRolesIdForDeletion = async (ids = [] as Data.ID[]) => {\n const superAdminRole = await getSuperAdmin();\n\n if (superAdminRole && arrays.includesString(ids, superAdminRole.id)) {\n throw new ApplicationError('You cannot delete the super admin role');\n }\n\n for (const roleId of ids) {\n const usersCount = await getUsersCount(roleId);\n if (usersCount !== 0) {\n throw new ApplicationError('Some roles are still assigned to some users');\n }\n }\n};\n\n/\n Delete roles in database if they have no user assigned\n * @param ids query params to find the roles\n /\nconst deleteByIds = async (ids = [] as Data.ID[]): Promise<AdminRole[]> => {\n await checkRolesIdForDeletion(ids);\n\n await getService('permission').deleteByRolesIds(ids);\n\n const deletedRoles: AdminRole[] = [];\n for (const id of ids) {\n const deletedRole = await strapi.db.query('admin::role').delete({ where: { id } });\n\n if (deletedRole) {\n strapi.eventHub.emit('role.delete', { role: deletedRole });\n deletedRoles.push(deletedRole);\n }\n }\n\n return deletedRoles;\n};\n\n/* Count the number of users for some roles\n /\nconst getUsersCount = async (roleId: Data.ID): Promise<number> => {\n return strapi.db.query('admin::user').count({ where: { roles: { id: roleId } } });\n};\n\n/* Returns admin role\n /\nconst getSuperAdmin = (): Promise<AdminRole \| undefined> => findOne({ code: SUPER_ADMIN_CODE });\n\n/* Returns admin role with userCount\n * @returns {Promise<role>}\n /\nconst getSuperAdminWithUsersCount = () => findOneWithUsersCount({ code: SUPER_ADMIN_CODE });\n\n/* Create superAdmin, Author and Editor role is no role already exist\n /\nconst createRolesIfNoneExist = async () => {\n const someRolesExist = await exists();\n if (someRolesExist) {\n return;\n }\n\n const { actionProvider } = getService('permission');\n\n const allActions = actionProvider.values();\n const contentTypesActions = allActions.filter((a) => a.section === 'contentTypes');\n\n // create 3 roles\n const superAdminRole = await create({\n name: 'Super Admin',\n code: 'strapi-super-admin',\n description: 'Super Admins can access and manage all features and settings.',\n });\n\n await getService('user').assignARoleToAll(superAdminRole.id);\n\n const editorRole = await create({\n name: 'Editor',\n code: 'strapi-editor',\n description: 'Editors can manage and publish contents including those of other users.',\n });\n\n const authorRole = await create({\n name: 'Author',\n code: 'strapi-author',\n description: 'Authors can manage the content they have created.',\n });\n\n // create content-type permissions for each role\n const editorPermissions = getService('content-type').getPermissionsWithNestedFields(\n contentTypesActions,\n {\n restrictedSubjects: ['plugin::users-permissions.user'],\n }\n );\n\n const authorPermissions = editorPermissions\n .filter(({ action }: any) => action !== ACTIONS.publish)\n .map((permission: any) =>\n permissionDomain.create({ ...permission, conditions: ['admin::is-creator'] })\n );\n\n editorPermissions.push(...getDefaultPluginPermissions());\n authorPermissions.push(...getDefaultPluginPermissions({ isAuthor: true }));\n\n // assign permissions to roles\n await addPermissions(editorRole.id, editorPermissions);\n await addPermissions(authorRole.id, authorPermissions);\n};\n\nconst getDefaultPluginPermissions = ({ isAuthor = false } = {}) => {\n const conditions = isAuthor ? ['admin::is-creator'] : [];\n\n // add plugin permissions for each role\n return [\n { action: 'plugin::upload.read', conditions },\n { action: 'plugin::upload.configure-view' },\n { action: 'plugin::upload.assets.create' },\n { action: 'plugin::upload.assets.update', conditions },\n { action: 'plugin::upload.assets.download' },\n { action: 'plugin::upload.assets.copy-link' },\n ].map(permissionDomain.create);\n};\n\n/* Display a warning if the role superAdmin doesn't exist\n * or if the role is not assigned to at least one user\n /\nconst displayWarningIfNoSuperAdmin = async () => {\n const superAdminRole = await getSuperAdminWithUsersCount();\n const someUsersExists = await getService('user').exists();\n\n if (!superAdminRole) {\n strapi.log.warn(\"Your application doesn't have a super admin role.\");\n } else if (someUsersExists && superAdminRole.usersCount === 0) {\n strapi.log.warn(\"Your application doesn't have a super admin user.\");\n }\n};\n\n/\n Assign permissions to a role\n * @param roleId - role Data.ID\n * @param {Array<Permission{action,subject,fields,conditions}>} permissions - permissions to assign to the role\n /\nconst assignPermissions = async (\n roleId: Data.ID,\n permissions: Array<Pick<Permission, 'action' \| 'subject' \| 'conditions'>> = []\n) => {\n await validatePermissionsExist(permissions);\n\n // Internal actions are not handled by the role service, so any permission\n // with an internal action is filtered out\n const internalActions = getService('permission')\n .actionProvider.values()\n .filter((action) => action.section === 'internal')\n .map((action) => action.actionId);\n\n const superAdmin = await getService('role').getSuperAdmin();\n const isSuperAdmin = superAdmin && superAdmin.id === roleId;\n const assignRole = set('role', roleId);\n\n const permissionsWithRole = permissions\n // Add the role attribute to every permission\n .map(assignRole)\n // Transform each permission into a Permission instance\n // @ts-expect-error - lodash set doesn't resolve the type appropriately\n .map(permissionDomain.create);\n\n const existingPermissions = await getService('permission').findMany({\n where: { role: { id: roleId } },\n populate: ['role'],\n });\n\n const permissionsToAdd = differenceWith(\n arePermissionsEqual,\n permissionsWithRole,\n existingPermissions\n ).filter((permission: Permission) => !internalActions.includes(permission.action));\n\n const permissionsToDelete = differenceWith(\n arePermissionsEqual,\n existingPermissions,\n permissionsWithRole\n ).filter((permission: Permission) => !internalActions.includes(permission.action));\n\n const permissionsToReturn = differenceBy('id', permissionsToDelete, existingPermissions);\n\n if (permissionsToDelete.length > 0) {\n // @ts-expect-error - lodash prop doesn't resolve the type appropriately\n await getService('permission').deleteByIds(permissionsToDelete.map(prop('id')));\n }\n\n if (permissionsToAdd.length > 0) {\n const newPermissions = await addPermissions(roleId, permissionsToAdd);\n permissionsToReturn.push(...newPermissions);\n }\n\n if (!isSuperAdmin && (permissionsToAdd.length \|\| permissionsToDelete.length)) {\n await getService('metrics').sendDidUpdateRolePermissions();\n }\n\n return permissionsToReturn;\n};\n\nconst addPermissions = async (roleId: Data.ID, permissions: any) => {\n const { conditionProvider, createMany } = getService('permission');\n const { sanitizeConditions } = permissionDomain;\n\n const permissionsWithRole = permissions\n .map(set('role', roleId))\n // @ts-expect-error - refactor domain/permission Condition type, as it's now expecting\n // a string but it should be a Condition interface\n .map(sanitizeConditions(conditionProvider))\n .map(permissionDomain.create);\n\n return createMany(permissionsWithRole);\n};\n\nconst isContentTypeAction = (action: Action) => action.section === CONTENT_TYPE_SECTION;\n\n/\n Reset super admin permissions (giving it all permissions)\n /\nconst resetSuperAdminPermissions = async () => {\n const superAdminRole = await getService('role').getSuperAdmin();\n if (!superAdminRole) {\n return;\n }\n\n const permissionService = getService('permission');\n const contentTypeService = getService('content-type');\n\n const allActions = permissionService.actionProvider.values() as Action[];\n\n const contentTypesActions = allActions.filter((action) => isContentTypeAction(action));\n const otherActions = allActions.filter((action) => !isContentTypeAction(action));\n\n // First, get the content-types permissions\n const permissions = contentTypeService.getPermissionsWithNestedFields(\n contentTypesActions\n ) as Permission[];\n\n // Then add every other permission\n const otherPermissions = otherActions.reduce((acc, action) => {\n const { actionId, subjects } = action;\n\n if (isArray(subjects)) {\n acc.push(\n ...subjects.map((subject) => permissionDomain.create({ action: actionId, subject }))\n );\n } else {\n acc.push(permissionDomain.create({ action: actionId }));\n }\n\n return acc;\n }, [] as Permission[]);\n\n permissions.push(...otherPermissions);\n\n const transformedPermissions = (await hooks.willResetSuperAdminPermissions.call(\n permissions\n )) as Permission[];\n\n await assignPermissions(superAdminRole.id, transformedPermissions);\n};\n\n/\n Check if a user object includes the super admin role\n */\nconst hasSuperAdminRole = (user: AdminUser): boolean => {\n const roles = _.get(user, 'roles', []) as AdminRole[];\n\n return roles.map(prop('code')).includes(SUPER_ADMIN_CODE);\n};\n\nconst constants = {\n superAdminCode: SUPER_ADMIN_CODE,\n};\n\nexport default {\n hooks,\n sanitizeRole,\n create,\n findOne,\n findOneWithUsersCount,\n find,\n findAllWithUsersCount,\n update,\n exists,\n count,\n deleteByIds,\n getUsersCount,\n getSuperAdmin,\n getSuperAdminWithUsersCount,\n createRolesIfNoneExist,\n displayWarningIfNoSuperAdmin,\n addPermissions,\n hasSuperAdminRole,\n assignPermissions,\n resetSuperAdminPermissions,\n checkRolesIdForDeletion,\n constants,\n};\n"],"names":["SUPER_ADMIN_CODE","CONTENT_TYPE_SECTION","roleConstants","createAsyncSeriesWaterfallHook","hooksUtils","ApplicationError","errors","hooks","willResetSuperAdminPermissions","ACTIONS","publish","sanitizeRole","omit","COMPARABLE_FIELDS","pickComparableFields","pick","jsonClean","data","JSON","parse","stringify","arePermissionsEqual","p1","p2","action","isEqual","create","attributes","alreadyExists","exists","name","autoGeneratedCode","_","kebabCase","dates","timestampCode","rolesWithCode","code","result","strapi","db","query","eventHub","emit","role","findOne","params","populate","where","findOneWithUsersCount","usersCount","getUsersCount","id","find","findMany","findAllWithUsersCount","roles","get","transform","update","sanitizedAttributes","has","$ne","count","checkRolesIdForDeletion","ids","superAdminRole","getSuperAdmin","arrays","includesString","roleId","deleteByIds","getService","deleteByRolesIds","deletedRoles","deletedRole","delete","push","getSuperAdminWithUsersCount","createRolesIfNoneExist","someRolesExist","actionProvider","allActions","values","contentTypesActions","filter","a","section","description","assignARoleToAll","editorRole","authorRole","editorPermissions","getPermissionsWithNestedFields","restrictedSubjects","authorPermissions","map","permission","permissionDomain","conditions","getDefaultPluginPermissions","isAuthor","addPermissions","displayWarningIfNoSuperAdmin","someUsersExists","log","warn","assignPermissions","permissions","validatePermissionsExist","internalActions","actionId","superAdmin","isSuperAdmin","assignRole","set","permissionsWithRole","existingPermissions","permissionsToAdd","differenceWith","includes","permissionsToDelete","permissionsToReturn","differenceBy","length","prop","newPermissions","sendDidUpdateRolePermissions","conditionProvider","createMany","sanitizeConditions","isContentTypeAction","resetSuperAdminPermissions","permissionService","contentTypeService","otherActions","otherPermissions","reduce","acc","subjects","isArray","subject","transformedPermissions","call","hasSuperAdminRole","user","constants","superAdminCode"],"mappings":";;;;;;;;;;AAAA;AAgBA,MAAM,EAAEA,gBAAgB,EAAEC,oBAAoB,EAAE,GAAGC,WAAAA;AAEnD,MAAM,EAAEC,8BAA8B,EAAE,GAAGC,WAAAA;AAC3C,MAAM,EAAEC,gBAAgB,EAAE,GAAGC,YAAAA;AAE7B,MAAMC,KAAAA,GAAQ;IACZC,8BAAAA,EAAgCL,8BAAAA;AAClC,CAAA;AAEA,MAAMM,OAAAA,GAAU;IACdC,OAAAA,EAAS;AACX,CAAA;AAEA;AACA,MAAMC,eAA+EC,OAAAA,CAAK;AACxF,IAAA,OAAA;AACA,IAAA;AACD,CAAA,CAAA;AAID,MAAMC,iBAAAA,GAAoB;AAAC,IAAA,YAAA;AAAc,IAAA,YAAA;AAAc,IAAA,SAAA;AAAW,IAAA,QAAA;AAAU,IAAA;AAAmB,CAAA;AAC/F,MAAMC,uBAAuBC,OAAAA,CAAKF,iBAAAA,CAAAA;AAElC,MAAMG,SAAAA,GAAY,CAAmBC,IAAAA,GAAeC,IAAAA,CAAKC,KAAK,CAACD,IAAAA,CAAKE,SAAS,CAACH,IAAAA,CAAAA,CAAAA;AAE9E;;IAGA,MAAMI,mBAAAA,GAAsB,CAACC,EAAAA,EAAgBC,EAAAA,GAAAA;AAC3C,IAAA,IAAID,EAAAA,CAAGE,MAAM,KAAKD,EAAAA,CAAGC,MAAM,EAAE;AAC3B,QAAA,OAAOC,UAAAA,CAAQT,SAAAA,CAAUF,oBAAAA,CAAqBQ,EAAAA,CAAAA,CAAAA,EAAMN,UAAUF,oBAAAA,CAAqBS,EAAAA,CAAAA,CAAAA,CAAAA;AACrF,IAAA;IAEA,OAAO,KAAA;AACT,CAAA;AAEA;;;IAIA,MAAMG,SAAS,OAAOC,UAAAA,GAAAA;IACpB,MAAMC,aAAAA,GAAgB,MAAMC,MAAAA,CAAO;AAAEC,QAAAA,IAAAA,EAAMH,WAAWG;AAAK,KAAA,CAAA;AAE3D,IAAA,IAAIF,aAAAA,EAAe;QACjB,MAAM,IAAIvB,iBACR,CAAC,+CAA+C,EAAEsB,UAAAA,CAAWG,IAAI,CAAC,kBAAkB,CAAC,CAAA;AAEzF,IAAA;AACA,IAAA,MAAMC,iBAAAA,GAAoB,CAAA,EAAGC,CAAAA,CAAEC,SAAS,CAACN,UAAAA,CAAWG,IAAI,CAAA,CAAE,CAAC,EAAEI,WAAAA,CAAMC,aAAa,EAAA,CAAA,CAAI;AAEpF,IAAA,MAAMC,aAAAA,GAAgB;AACpB,QAAA,GAAGT,UAAU;QACbU,IAAAA,EAAMV,UAAAA,CAAWU,IAAI,IAAIN;AAC3B,KAAA;IAEA,MAAMO,MAAAA,GAAS,MAAMC,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAef,MAAM,CAAC;QAAET,IAAAA,EAAMmB;AAAc,KAAA,CAAA;AACjFG,IAAAA,MAAAA,CAAOG,QAAQ,CAACC,IAAI,CAAC,aAAA,EAAe;AAAEC,QAAAA,IAAAA,EAAMjC,YAAAA,CAAa2B,MAAAA;AAAQ,KAAA,CAAA;IAEjE,OAAOA,MAAAA;AACT,CAAA;AAEA;;;;AAIC,IACD,MAAMO,OAAAA,GAAU,CAACC,MAAAA,GAAS,EAAE,EAAEC,QAAAA,GAAAA;AAC5B,IAAA,OAAOR,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAeI,OAAO,CAAC;QAAEG,KAAAA,EAAOF,MAAAA;AAAQC,QAAAA;AAAS,KAAA,CAAA;AAC1E,CAAA;AAEA;;;;AAIC,IACD,MAAME,qBAAAA,GAAwB,OAC5BH,MAAAA,GAAS,EAAE,EACXC,QAAAA,GAAAA;IAEA,MAAMH,IAAAA,GAAO,MAAML,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAeI,OAAO,CAAC;QAAEG,KAAAA,EAAOF,MAAAA;AAAQC,QAAAA;AAAS,KAAA,CAAA;AAEpF,IAAA,IAAIH,IAAAA,EAAM;AACRA,QAAAA,IAAAA,CAAKM,UAAU,GAAG,MAAMC,aAAAA,CAAcP,KAAKQ,EAAE,CAAA;AAC/C,IAAA;IAEA,OAAOR,IAAAA;AACT,CAAA;AAEA;;;;AAIC,IACD,MAAMS,IAAAA,GAAO,CAACP,MAAAA,GAAS,EAAE,EAAEC,QAAAA,GAAAA;AACzB,IAAA,OAAOR,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAea,QAAQ,CAAC;QAAEN,KAAAA,EAAOF,MAAAA;AAAQC,QAAAA;AAAS,KAAA,CAAA;AAC3E,CAAA;AAEA;;IAGA,MAAMQ,wBAAwB,OAAOT,MAAAA,GAAAA;AACnC,IAAA,MAAMU,QAAmC,MAAMjB,MAAAA,CAAOC,EAAE,CACrDC,KAAK,CAAC,aAAA,CAAA,CACNa,QAAQ,CAACf,OAAOkB,GAAG,CAAC,cAAA,CAAA,CAAgBC,SAAS,CAAC,aAAA,EAAeZ,MAAAA,CAAAA,CAAAA;IAEhE,KAAK,MAAMF,QAAQY,KAAAA,CAAO;AACxBZ,QAAAA,IAAAA,CAAKM,UAAU,GAAG,MAAMC,aAAAA,CAAcP,KAAKQ,EAAE,CAAA;AAC/C,IAAA;IAEA,OAAOI,KAAAA;AACT,CAAA;AAEA;;;;IAKA,MAAMG,MAAAA,GAAS,OAAOb,MAAAA,EAAanB,UAAAA,GAAAA;AACjC,IAAA,MAAMiC,mBAAAA,GAAsB5B,CAAAA,CAAEpB,IAAI,CAACe,UAAAA,EAAY;AAAC,QAAA;AAAO,KAAA,CAAA;IAEvD,IAAIK,CAAAA,CAAE6B,GAAG,CAACf,MAAAA,EAAQ,SAASd,CAAAA,CAAE6B,GAAG,CAACD,mBAAAA,EAAqB,MAAA,CAAA,EAAS;QAC7D,MAAMhC,aAAAA,GAAgB,MAAMC,MAAAA,CAAO;AACjCC,YAAAA,IAAAA,EAAM8B,oBAAoB9B,IAAI;YAC9BsB,EAAAA,EAAI;AAAEU,gBAAAA,GAAAA,EAAKhB,OAAOM;AAAG;AACvB,SAAA,CAAA;AACA,QAAA,IAAIxB,aAAAA,EAAe;YACjB,MAAM,IAAIvB,iBACR,CAAC,+CAA+C,EAAEuD,mBAAAA,CAAoB9B,IAAI,CAAC,kBAAkB,CAAC,CAAA;AAElG,QAAA;AACF,IAAA;IAEA,MAAMQ,MAAAA,GAAS,MAAMC,MAAAA,CAAOC,EAAE,CAC3BC,KAAK,CAAC,aAAA,CAAA,CACNkB,MAAM,CAAC;QAAEX,KAAAA,EAAOF,MAAAA;QAAQ7B,IAAAA,EAAM2C;AAAoB,KAAA,CAAA;AAErDrB,IAAAA,MAAAA,CAAOG,QAAQ,CAACC,IAAI,CAAC,aAAA,EAAe;AAAEC,QAAAA,IAAAA,EAAMjC,YAAAA,CAAa2B,MAAAA;AAAQ,KAAA,CAAA;IAEjE,OAAOA,MAAAA;AACT,CAAA;AAEA;;;AAGC,IACD,MAAMT,MAAAA,GAAS,OAAOiB,MAAAA,GAAS,EAAa,GAAA;IAC1C,MAAMiB,KAAAA,GAAQ,MAAMxB,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,KAAK,CAAC;QAAEf,KAAAA,EAAOF;AAAO,KAAA,CAAA;AACzE,IAAA,OAAOiB,KAAAA,GAAQ,CAAA;AACjB,CAAA;AAEA;;;AAGC,IACD,MAAMA,KAAAA,GAAQ,OAAOjB,MAAAA,GAAS,EAAS,GAAA;AACrC,IAAA,OAAOP,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,KAAK,CAACjB,MAAAA,CAAAA;AAC9C,CAAA;AAEA;;;AAGC,IACD,MAAMkB,uBAAAA,GAA0B,OAAOC,GAAAA,GAAM,EAAE,GAAa;AAC1D,IAAA,MAAMC,iBAAiB,MAAMC,aAAAA,EAAAA;AAE7B,IAAA,IAAID,kBAAkBE,YAAAA,CAAOC,cAAc,CAACJ,GAAAA,EAAKC,cAAAA,CAAed,EAAE,CAAA,EAAG;AACnE,QAAA,MAAM,IAAI/C,gBAAAA,CAAiB,wCAAA,CAAA;AAC7B,IAAA;IAEA,KAAK,MAAMiE,UAAUL,GAAAA,CAAK;QACxB,MAAMf,UAAAA,GAAa,MAAMC,aAAAA,CAAcmB,MAAAA,CAAAA;AACvC,QAAA,IAAIpB,eAAe,CAAA,EAAG;AACpB,YAAA,MAAM,IAAI7C,gBAAAA,CAAiB,6CAAA,CAAA;AAC7B,QAAA;AACF,IAAA;AACF,CAAA;AAEA;;;AAGC,IACD,MAAMkE,WAAAA,GAAc,OAAON,GAAAA,GAAM,EAAE,GAAa;AAC9C,IAAA,MAAMD,uBAAAA,CAAwBC,GAAAA,CAAAA;IAE9B,MAAMO,gBAAAA,CAAW,YAAA,CAAA,CAAcC,gBAAgB,CAACR,GAAAA,CAAAA;AAEhD,IAAA,MAAMS,eAA4B,EAAE;IACpC,KAAK,MAAMtB,MAAMa,GAAAA,CAAK;QACpB,MAAMU,WAAAA,GAAc,MAAMpC,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAemC,MAAM,CAAC;YAAE5B,KAAAA,EAAO;AAAEI,gBAAAA;AAAG;AAAE,SAAA,CAAA;AAEhF,QAAA,IAAIuB,WAAAA,EAAa;AACfpC,YAAAA,MAAAA,CAAOG,QAAQ,CAACC,IAAI,CAAC,aAAA,EAAe;gBAAEC,IAAAA,EAAM+B;AAAY,aAAA,CAAA;AACxDD,YAAAA,YAAAA,CAAaG,IAAI,CAACF,WAAAA,CAAAA;AACpB,QAAA;AACF,IAAA;IAEA,OAAOD,YAAAA;AACT,CAAA;AAEA;IAEA,MAAMvB,gBAAgB,OAAOmB,MAAAA,GAAAA;AAC3B,IAAA,OAAO/B,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,KAAK,CAAC;QAAEf,KAAAA,EAAO;YAAEQ,KAAAA,EAAO;gBAAEJ,EAAAA,EAAIkB;AAAO;AAAE;AAAE,KAAA,CAAA;AACjF,CAAA;AAEA;IAEA,MAAMH,aAAAA,GAAgB,IAAsCtB,OAAAA,CAAQ;QAAER,IAAAA,EAAMrC;AAAiB,KAAA,CAAA;AAE7F;;IAGA,MAAM8E,2BAAAA,GAA8B,IAAM7B,qBAAAA,CAAsB;QAAEZ,IAAAA,EAAMrC;AAAiB,KAAA,CAAA;AAEzF;AACC,IACD,MAAM+E,sBAAAA,GAAyB,UAAA;AAC7B,IAAA,MAAMC,iBAAiB,MAAMnD,MAAAA,EAAAA;AAC7B,IAAA,IAAImD,cAAAA,EAAgB;AAClB,QAAA;AACF,IAAA;AAEA,IAAA,MAAM,EAAEC,cAAc,EAAE,GAAGT,gBAAAA,CAAW,YAAA,CAAA;IAEtC,MAAMU,UAAAA,GAAaD,eAAeE,MAAM,EAAA;IACxC,MAAMC,mBAAAA,GAAsBF,WAAWG,MAAM,CAAC,CAACC,CAAAA,GAAMA,CAAAA,CAAEC,OAAO,KAAK,cAAA,CAAA;;IAGnE,MAAMrB,cAAAA,GAAiB,MAAMxC,MAAAA,CAAO;QAClCI,IAAAA,EAAM,aAAA;QACNO,IAAAA,EAAM,oBAAA;QACNmD,WAAAA,EAAa;AACf,KAAA,CAAA;AAEA,IAAA,MAAMhB,gBAAAA,CAAW,MAAA,CAAA,CAAQiB,gBAAgB,CAACvB,eAAed,EAAE,CAAA;IAE3D,MAAMsC,UAAAA,GAAa,MAAMhE,MAAAA,CAAO;QAC9BI,IAAAA,EAAM,QAAA;QACNO,IAAAA,EAAM,eAAA;QACNmD,WAAAA,EAAa;AACf,KAAA,CAAA;IAEA,MAAMG,UAAAA,GAAa,MAAMjE,MAAAA,CAAO;QAC9BI,IAAAA,EAAM,QAAA;QACNO,IAAAA,EAAM,eAAA;QACNmD,WAAAA,EAAa;AACf,KAAA,CAAA;;AAGA,IAAA,MAAMI,iBAAAA,GAAoBpB,gBAAAA,CAAW,cAAA,CAAA,CAAgBqB,8BAA8B,CACjFT,mBAAAA,EACA;QACEU,kBAAAA,EAAoB;AAAC,YAAA;AAAiC;AACxD,KAAA,CAAA;AAGF,IAAA,MAAMC,oBAAoBH,iBAAAA,CACvBP,MAAM,CAAC,CAAC,EAAE7D,MAAM,EAAO,GAAKA,WAAWf,OAAAA,CAAQC,OAAO,EACtDsF,GAAG,CAAC,CAACC,UAAAA,GACJC,eAAAA,CAAiBxE,MAAM,CAAC;AAAE,YAAA,GAAGuE,UAAU;YAAEE,UAAAA,EAAY;AAAC,gBAAA;AAAoB;AAAC,SAAA,CAAA,CAAA;AAG/EP,IAAAA,iBAAAA,CAAkBf,IAAI,CAAA,GAAIuB,2BAAAA,EAAAA,CAAAA;IAC1BL,iBAAAA,CAAkBlB,IAAI,IAAIuB,2BAAAA,CAA4B;QAAEC,QAAAA,EAAU;AAAK,KAAA,CAAA,CAAA;;IAGvE,MAAMC,cAAAA,CAAeZ,UAAAA,CAAWtC,EAAE,EAAEwC,iBAAAA,CAAAA;IACpC,MAAMU,cAAAA,CAAeX,UAAAA,CAAWvC,EAAE,EAAE2C,iBAAAA,CAAAA;AACtC,CAAA;AAEA,MAAMK,2BAAAA,GAA8B,CAAC,EAAEC,QAAAA,GAAW,KAAK,EAAE,GAAG,EAAE,GAAA;AAC5D,IAAA,MAAMF,aAAaE,QAAAA,GAAW;AAAC,QAAA;AAAoB,KAAA,GAAG,EAAE;;IAGxD,OAAO;AACL,QAAA;YAAE7E,MAAAA,EAAQ,qBAAA;AAAuB2E,YAAAA;AAAW,SAAA;AAC5C,QAAA;YAAE3E,MAAAA,EAAQ;AAAgC,SAAA;AAC1C,QAAA;YAAEA,MAAAA,EAAQ;AAA+B,SAAA;AACzC,QAAA;YAAEA,MAAAA,EAAQ,8BAAA;AAAgC2E,YAAAA;AAAW,SAAA;AACrD,QAAA;YAAE3E,MAAAA,EAAQ;AAAiC,SAAA;AAC3C,QAAA;YAAEA,MAAAA,EAAQ;AAAkC;KAC7C,CAACwE,GAAG,CAACE,eAAAA,CAAiBxE,MAAM,CAAA;AAC/B,CAAA;AAEA;;AAEC,IACD,MAAM6E,4BAAAA,GAA+B,UAAA;AACnC,IAAA,MAAMrC,iBAAiB,MAAMY,2BAAAA,EAAAA;AAC7B,IAAA,MAAM0B,eAAAA,GAAkB,MAAMhC,gBAAAA,CAAW,MAAA,CAAA,CAAQ3C,MAAM,EAAA;AAEvD,IAAA,IAAI,CAACqC,cAAAA,EAAgB;QACnB3B,MAAAA,CAAOkE,GAAG,CAACC,IAAI,CAAC,mDAAA,CAAA;AAClB,IAAA,CAAA,MAAO,IAAIF,eAAAA,IAAmBtC,cAAAA,CAAehB,UAAU,KAAK,CAAA,EAAG;QAC7DX,MAAAA,CAAOkE,GAAG,CAACC,IAAI,CAAC,mDAAA,CAAA;AAClB,IAAA;AACF,CAAA;AAEA;;;;AAIC,IACD,MAAMC,iBAAAA,GAAoB,OACxBrC,MAAAA,EACAsC,cAA4E,EAAE,GAAA;AAE9E,IAAA,MAAMC,mCAAAA,CAAyBD,WAAAA,CAAAA;;;IAI/B,MAAME,eAAAA,GAAkBtC,iBAAW,YAAA,CAAA,CAChCS,cAAc,CAACE,MAAM,EAAA,CACrBE,MAAM,CAAC,CAAC7D,SAAWA,MAAAA,CAAO+D,OAAO,KAAK,UAAA,CAAA,CACtCS,GAAG,CAAC,CAACxE,MAAAA,GAAWA,OAAOuF,QAAQ,CAAA;AAElC,IAAA,MAAMC,UAAAA,GAAa,MAAMxC,gBAAAA,CAAW,MAAA,CAAA,CAAQL,aAAa,EAAA;AACzD,IAAA,MAAM8C,YAAAA,GAAeD,UAAAA,IAAcA,UAAAA,CAAW5D,EAAE,KAAKkB,MAAAA;IACrD,MAAM4C,UAAAA,GAAaC,OAAI,MAAA,EAAQ7C,MAAAA,CAAAA;IAE/B,MAAM8C,mBAAAA,GAAsBR,WAC1B;KACCZ,GAAG,CAACkB,WACL;;KAEClB,GAAG,CAACE,gBAAiBxE,MAAM,CAAA;AAE9B,IAAA,MAAM2F,mBAAAA,GAAsB,MAAM7C,gBAAAA,CAAW,YAAA,CAAA,CAAclB,QAAQ,CAAC;QAClEN,KAAAA,EAAO;YAAEJ,IAAAA,EAAM;gBAAEQ,EAAAA,EAAIkB;AAAO;AAAE,SAAA;QAC9BvB,QAAAA,EAAU;AAAC,YAAA;AAAO;AACpB,KAAA,CAAA;AAEA,IAAA,MAAMuE,gBAAAA,GAAmBC,iBAAAA,CACvBlG,mBAAAA,EACA+F,mBAAAA,EACAC,qBACAhC,MAAM,CAAC,CAACY,UAAAA,GAA2B,CAACa,eAAAA,CAAgBU,QAAQ,CAACvB,WAAWzE,MAAM,CAAA,CAAA;AAEhF,IAAA,MAAMiG,mBAAAA,GAAsBF,iBAAAA,CAC1BlG,mBAAAA,EACAgG,mBAAAA,EACAD,qBACA/B,MAAM,CAAC,CAACY,UAAAA,GAA2B,CAACa,eAAAA,CAAgBU,QAAQ,CAACvB,WAAWzE,MAAM,CAAA,CAAA;IAEhF,MAAMkG,mBAAAA,GAAsBC,eAAAA,CAAa,IAAA,EAAMF,mBAAAA,EAAqBJ,mBAAAA,CAAAA;IAEpE,IAAII,mBAAAA,CAAoBG,MAAM,GAAG,CAAA,EAAG;;AAElC,QAAA,MAAMpD,iBAAW,YAAA,CAAA,CAAcD,WAAW,CAACkD,mBAAAA,CAAoBzB,GAAG,CAAC6B,OAAAA,CAAK,IAAA,CAAA,CAAA,CAAA;AAC1E,IAAA;IAEA,IAAIP,gBAAAA,CAAiBM,MAAM,GAAG,CAAA,EAAG;QAC/B,MAAME,cAAAA,GAAiB,MAAMxB,cAAAA,CAAehC,MAAAA,EAAQgD,gBAAAA,CAAAA;AACpDI,QAAAA,mBAAAA,CAAoB7C,IAAI,CAAA,GAAIiD,cAAAA,CAAAA;AAC9B,IAAA;IAEA,IAAI,CAACb,iBAAiBK,gBAAAA,CAAiBM,MAAM,IAAIH,mBAAAA,CAAoBG,MAAK,CAAA,EAAI;QAC5E,MAAMpD,gBAAAA,CAAW,WAAWuD,4BAA4B,EAAA;AAC1D,IAAA;IAEA,OAAOL,mBAAAA;AACT,CAAA;AAEA,MAAMpB,cAAAA,GAAiB,OAAOhC,MAAAA,EAAiBsC,WAAAA,GAAAA;AAC7C,IAAA,MAAM,EAAEoB,iBAAiB,EAAEC,UAAU,EAAE,GAAGzD,gBAAAA,CAAW,YAAA,CAAA;IACrD,MAAM,EAAE0D,kBAAkB,EAAE,GAAGhC,eAAAA;AAE/B,IAAA,MAAMkB,sBAAsBR,WAAAA,CACzBZ,GAAG,CAACmB,MAAAA,CAAI,MAAA,EAAQ7C,QACjB;;AAEC0B,KAAAA,GAAG,CAACkC,kBAAAA,CAAmBF,iBAAAA,CAAAA,CAAAA,CACvBhC,GAAG,CAACE,gBAAiBxE,MAAM,CAAA;AAE9B,IAAA,OAAOuG,UAAAA,CAAWb,mBAAAA,CAAAA;AACpB,CAAA;AAEA,MAAMe,mBAAAA,GAAsB,CAAC3G,MAAAA,GAAmBA,MAAAA,CAAO+D,OAAO,KAAKtF,oBAAAA;AAEnE;;AAEC,IACD,MAAMmI,0BAAAA,GAA6B,UAAA;AACjC,IAAA,MAAMlE,cAAAA,GAAiB,MAAMM,gBAAAA,CAAW,MAAA,CAAA,CAAQL,aAAa,EAAA;AAC7D,IAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,QAAA;AACF,IAAA;AAEA,IAAA,MAAMmE,oBAAoB7D,gBAAAA,CAAW,YAAA,CAAA;AACrC,IAAA,MAAM8D,qBAAqB9D,gBAAAA,CAAW,cAAA,CAAA;AAEtC,IAAA,MAAMU,UAAAA,GAAamD,iBAAAA,CAAkBpD,cAAc,CAACE,MAAM,EAAA;AAE1D,IAAA,MAAMC,sBAAsBF,UAAAA,CAAWG,MAAM,CAAC,CAAC7D,SAAW2G,mBAAAA,CAAoB3G,MAAAA,CAAAA,CAAAA;AAC9E,IAAA,MAAM+G,eAAerD,UAAAA,CAAWG,MAAM,CAAC,CAAC7D,MAAAA,GAAW,CAAC2G,mBAAAA,CAAoB3G,MAAAA,CAAAA,CAAAA;;IAGxE,MAAMoF,WAAAA,GAAc0B,kBAAAA,CAAmBzC,8BAA8B,CACnET,mBAAAA,CAAAA;;AAIF,IAAA,MAAMoD,gBAAAA,GAAmBD,YAAAA,CAAaE,MAAM,CAAC,CAACC,GAAAA,EAAKlH,MAAAA,GAAAA;AACjD,QAAA,MAAM,EAAEuF,QAAQ,EAAE4B,QAAQ,EAAE,GAAGnH,MAAAA;AAE/B,QAAA,IAAIoH,WAAQD,QAAAA,CAAAA,EAAW;YACrBD,GAAAA,CAAI7D,IAAI,IACH8D,QAAAA,CAAS3C,GAAG,CAAC,CAAC6C,OAAAA,GAAY3C,eAAAA,CAAiBxE,MAAM,CAAC;oBAAEF,MAAAA,EAAQuF,QAAAA;AAAU8B,oBAAAA;AAAQ,iBAAA,CAAA,CAAA,CAAA;QAErF,CAAA,MAAO;AACLH,YAAAA,GAAAA,CAAI7D,IAAI,CAACqB,eAAAA,CAAiBxE,MAAM,CAAC;gBAAEF,MAAAA,EAAQuF;AAAS,aAAA,CAAA,CAAA;AACtD,QAAA;QAEA,OAAO2B,GAAAA;AACT,IAAA,CAAA,EAAG,EAAE,CAAA;AAEL9B,IAAAA,WAAAA,CAAY/B,IAAI,CAAA,GAAI2D,gBAAAA,CAAAA;AAEpB,IAAA,MAAMM,yBAA0B,MAAMvI,KAAAA,CAAMC,8BAA8B,CAACuI,IAAI,CAC7EnC,WAAAA,CAAAA;IAGF,MAAMD,iBAAAA,CAAkBzC,cAAAA,CAAed,EAAE,EAAE0F,sBAAAA,CAAAA;AAC7C,CAAA;AAEA;;IAGA,MAAME,oBAAoB,CAACC,IAAAA,GAAAA;AACzB,IAAA,MAAMzF,QAAQxB,CAAAA,CAAEyB,GAAG,CAACwF,IAAAA,EAAM,SAAS,EAAE,CAAA;AAErC,IAAA,OAAOzF,MAAMwC,GAAG,CAAC6B,OAAAA,CAAK,MAAA,CAAA,CAAA,CAASL,QAAQ,CAACxH,gBAAAA,CAAAA;AAC1C,CAAA;AAEA,MAAMkJ,SAAAA,GAAY;IAChBC,cAAAA,EAAgBnJ;AAClB,CAAA;AAEA,WAAe;AACbO,IAAAA,KAAAA;AACAI,IAAAA,YAAAA;AACAe,IAAAA,MAAAA;AACAmB,IAAAA,OAAAA;AACAI,IAAAA,qBAAAA;AACAI,IAAAA,IAAAA;AACAE,IAAAA,qBAAAA;AACAI,IAAAA,MAAAA;AACA9B,IAAAA,MAAAA;AACAkC,IAAAA,KAAAA;AACAQ,IAAAA,WAAAA;AACApB,IAAAA,aAAAA;AACAgB,IAAAA,aAAAA;AACAW,IAAAA,2BAAAA;AACAC,IAAAA,sBAAAA;AACAwB,IAAAA,4BAAAA;AACAD,IAAAA,cAAAA;AACA0C,IAAAA,iBAAAA;AACArC,IAAAA,iBAAAA;AACAyB,IAAAA,0BAAAA;AACApE,IAAAA,uBAAAA;AACAkF,IAAAA;AACF,CAAA;;;;"}
1	+ {"version":3,"file":"role.js","sources":["../../../../../server/src/services/role.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-explicit-any / // TODO: TS - Use database parameters interface when they are ready\n/ eslint-disable @typescript-eslint/default-param-last /\nimport _ from 'lodash';\nimport { set, omit, pick, prop, isArray, differenceWith, differenceBy, isEqual } from 'lodash/fp';\n\nimport { dates, arrays, hooks as hooksUtils, errors } from '@strapi/utils';\nimport type { Data } from '@strapi/types';\n\nimport permissionDomain from '../domain/permission';\nimport type { AdminUser, AdminRole, Permission } from '../../../shared/contracts/shared';\nimport type { Action } from '../domain/action';\n\nimport { validatePermissionsExist } from '../validation/permission';\nimport roleConstants from './constants';\nimport { getService } from '../utils';\n\nconst { SUPER_ADMIN_CODE, CONTENT_TYPE_SECTION } = roleConstants;\n\nconst { createAsyncSeriesWaterfallHook } = hooksUtils;\nconst { ApplicationError } = errors;\n\nconst hooks = {\n willResetSuperAdminPermissions: createAsyncSeriesWaterfallHook(),\n};\n\nconst ACTIONS = {\n publish: 'plugin::content-manager.explorer.publish',\n};\n\n// @ts-expect-error lodash types\nconst sanitizeRole: <T extends object>(obj: T) => Omit<T, 'users' \| 'permissions'> = omit([\n 'users',\n 'permissions',\n] as const);\n\nexport type AdminRoleWithUsersCount = AdminRole & { usersCount: number };\n\nconst COMPARABLE_FIELDS = ['conditions', 'properties', 'subject', 'action', 'actionParameters'];\nconst pickComparableFields = pick(COMPARABLE_FIELDS);\n\nconst jsonClean = <T extends object>(data: T): T => JSON.parse(JSON.stringify(data));\n\n/\n Compare two permissions\n /\nconst arePermissionsEqual = (p1: Permission, p2: Permission): boolean => {\n if (p1.action === p2.action) {\n return isEqual(jsonClean(pickComparableFields(p1)), jsonClean(pickComparableFields(p2)));\n }\n\n return false;\n};\n\n/\n Create and save a role in database\n * @param attributes A partial role object\n /\nconst create = async (attributes: Partial<AdminRole>): Promise<AdminRole> => {\n const alreadyExists = await exists({ name: attributes.name });\n\n if (alreadyExists) {\n throw new ApplicationError(\n `The name must be unique and a role with name \\`${attributes.name}\\` already exists.`\n );\n }\n const autoGeneratedCode = `${_.kebabCase(attributes.name)}-${dates.timestampCode()}`;\n\n const rolesWithCode = {\n ...attributes,\n code: attributes.code \|\| autoGeneratedCode,\n };\n\n const result = await strapi.db.query('admin::role').create({ data: rolesWithCode });\n strapi.eventHub.emit('role.create', { role: sanitizeRole(result) });\n\n return result;\n};\n\n/\n Find a role in database\n * @param params query params to find the role\n * @param populate\n /\nconst findOne = (params = {}, populate?: unknown): Promise<AdminRole> => {\n return strapi.db.query('admin::role').findOne({ where: params, populate });\n};\n\n/\n Find a role in database with usersCounts\n * @param params query params to find the role\n * @param populate\n /\nconst findOneWithUsersCount = async (\n params = {},\n populate?: unknown\n): Promise<AdminRoleWithUsersCount> => {\n const role = await strapi.db.query('admin::role').findOne({ where: params, populate });\n\n if (role) {\n role.usersCount = await getUsersCount(role.id);\n }\n\n return role;\n};\n\n/\n Find roles in database\n * @param params query params to find the roles\n * @param populate\n /\nconst find = (params = {}, populate: unknown): Promise<AdminRole[]> => {\n return strapi.db.query('admin::role').findMany({ where: params, populate });\n};\n\n/\n Find all roles in database\n /\nconst findAllWithUsersCount = async (params: any): Promise<AdminRoleWithUsersCount[]> => {\n const roles: AdminRoleWithUsersCount[] = await strapi.db\n .query('admin::role')\n .findMany(strapi.get('query-params').transform('admin::role', params));\n\n for (const role of roles) {\n role.usersCount = await getUsersCount(role.id);\n }\n\n return roles;\n};\n\n/\n Update a role in database\n * @param params query params to find the role to update\n * @param attributes A partial role object\n /\nconst update = async (params: any, attributes: Partial<AdminRole>): Promise<AdminRole> => {\n const sanitizedAttributes = _.omit(attributes, ['code']);\n\n if (_.has(params, 'id') && _.has(sanitizedAttributes, 'name')) {\n const alreadyExists = await exists({\n name: sanitizedAttributes.name,\n id: { $ne: params.id },\n });\n if (alreadyExists) {\n throw new ApplicationError(\n `The name must be unique and a role with name \\`${sanitizedAttributes.name}\\` already exists.`\n );\n }\n }\n\n const result = await strapi.db\n .query('admin::role')\n .update({ where: params, data: sanitizedAttributes });\n\n strapi.eventHub.emit('role.update', { role: sanitizeRole(result) });\n\n return result;\n};\n\n/\n Check if a role exists in database\n * @param params query params to find the role\n /\nconst exists = async (params = {} as unknown): Promise<boolean> => {\n const count = await strapi.db.query('admin::role').count({ where: params });\n return count > 0;\n};\n\n/\n Count the number of roles based on search params\n * @param params params used for the query\n /\nconst count = async (params = {} as any): Promise<number> => {\n return strapi.db.query('admin::role').count(params);\n};\n\n/\n Check if the given roles id can be deleted safely, throw otherwise\n * @param ids\n /\nconst checkRolesIdForDeletion = async (ids = [] as Data.ID[]) => {\n const superAdminRole = await getSuperAdmin();\n\n if (superAdminRole && arrays.includesString(ids, superAdminRole.id)) {\n throw new ApplicationError('You cannot delete the super admin role');\n }\n\n for (const roleId of ids) {\n const usersCount = await getUsersCount(roleId);\n if (usersCount !== 0) {\n throw new ApplicationError('Some roles are still assigned to some users');\n }\n }\n};\n\n/\n Delete roles in database if they have no user assigned\n * @param ids query params to find the roles\n /\nconst deleteByIds = async (ids = [] as Data.ID[]): Promise<AdminRole[]> => {\n await checkRolesIdForDeletion(ids);\n\n await getService('permission').deleteByRolesIds(ids);\n\n const deletedRoles: AdminRole[] = [];\n for (const id of ids) {\n const deletedRole = await strapi.db.query('admin::role').delete({ where: { id } });\n\n if (deletedRole) {\n strapi.eventHub.emit('role.delete', { role: deletedRole });\n deletedRoles.push(deletedRole);\n }\n }\n\n return deletedRoles;\n};\n\n/* Count the number of users for some roles\n /\nconst getUsersCount = async (roleId: Data.ID): Promise<number> => {\n return strapi.db.query('admin::user').count({ where: { roles: { id: roleId } } });\n};\n\n/* Returns admin role\n /\nconst getSuperAdmin = (): Promise<AdminRole \| undefined> => findOne({ code: SUPER_ADMIN_CODE });\n\n/* Returns admin role with userCount\n * @returns {Promise<role>}\n /\nconst getSuperAdminWithUsersCount = () => findOneWithUsersCount({ code: SUPER_ADMIN_CODE });\n\n/* Create superAdmin, Author and Editor role is no role already exist\n /\nconst createRolesIfNoneExist = async () => {\n const someRolesExist = await exists();\n if (someRolesExist) {\n return;\n }\n\n const { actionProvider } = getService('permission');\n\n const allActions = actionProvider.values();\n const contentTypesActions = allActions.filter((a) => a.section === 'contentTypes');\n\n // create 3 roles\n const superAdminRole = await create({\n name: 'Super Admin',\n code: 'strapi-super-admin',\n description: 'Super Admins can access and manage all features and settings.',\n });\n\n await getService('user').assignARoleToAll(superAdminRole.id);\n\n const editorRole = await create({\n name: 'Editor',\n code: 'strapi-editor',\n description: 'Editors can manage and publish contents including those of other users.',\n });\n\n const authorRole = await create({\n name: 'Author',\n code: 'strapi-author',\n description: 'Authors can manage the content they have created.',\n });\n\n // create content-type permissions for each role\n const editorPermissions = getService('content-type').getPermissionsWithNestedFields(\n contentTypesActions,\n {\n restrictedSubjects: ['plugin::users-permissions.user'],\n }\n );\n\n const authorPermissions = editorPermissions\n .filter(({ action }: any) => action !== ACTIONS.publish)\n .map((permission: any) =>\n permissionDomain.create({ ...permission, conditions: ['admin::is-creator'] })\n );\n\n editorPermissions.push(...getDefaultPluginPermissions());\n authorPermissions.push(...getDefaultPluginPermissions({ isAuthor: true }));\n\n // assign permissions to roles\n await addPermissions(editorRole.id, editorPermissions);\n await addPermissions(authorRole.id, authorPermissions);\n};\n\nconst getDefaultPluginPermissions = ({ isAuthor = false } = {}) => {\n const conditions = isAuthor ? ['admin::is-creator'] : [];\n\n // add plugin permissions for each role\n return [\n { action: 'plugin::upload.read', conditions },\n { action: 'plugin::upload.configure-view' },\n { action: 'plugin::upload.assets.create' },\n { action: 'plugin::upload.assets.update', conditions },\n { action: 'plugin::upload.assets.download' },\n { action: 'plugin::upload.assets.copy-link' },\n ].map(permissionDomain.create);\n};\n\n/* Display a warning if the role superAdmin doesn't exist\n * or if the role is not assigned to at least one user\n /\nconst displayWarningIfNoSuperAdmin = async () => {\n const superAdminRole = await getSuperAdminWithUsersCount();\n const someUsersExists = await getService('user').exists();\n\n if (!superAdminRole) {\n strapi.log.warn(\"Your application doesn't have a super admin role.\");\n } else if (someUsersExists && superAdminRole.usersCount === 0) {\n strapi.log.warn(\"Your application doesn't have a super admin user.\");\n }\n};\n\n/\n Assign permissions to a role\n * @param roleId - role Data.ID\n * @param {Array<Permission{action,subject,fields,conditions}>} permissions - permissions to assign to the role\n /\nconst assignPermissions = async (\n roleId: Data.ID,\n permissions: Array<Pick<Permission, 'action' \| 'subject' \| 'conditions'>> = []\n) => {\n await validatePermissionsExist(permissions);\n\n // Internal actions are not handled by the role service, so any permission\n // with an internal action is filtered out\n const internalActions = getService('permission')\n .actionProvider.values()\n .filter((action) => action.section === 'internal')\n .map((action) => action.actionId);\n\n const superAdmin = await getService('role').getSuperAdmin();\n const isSuperAdmin = superAdmin && superAdmin.id === roleId;\n const assignRole = set('role', roleId);\n\n const permissionsWithRole = permissions\n // Add the role attribute to every permission\n .map(assignRole)\n // Transform each permission into a Permission instance\n // @ts-expect-error - lodash set doesn't resolve the type appropriately\n .map(permissionDomain.create);\n\n const existingPermissions = await getService('permission').findMany({\n where: { role: { id: roleId } },\n populate: ['role'],\n });\n\n const permissionsToAdd = differenceWith(\n arePermissionsEqual,\n permissionsWithRole,\n existingPermissions\n ).filter((permission: Permission) => !internalActions.includes(permission.action));\n\n const permissionsToDelete = differenceWith(\n arePermissionsEqual,\n existingPermissions,\n permissionsWithRole\n ).filter((permission: Permission) => !internalActions.includes(permission.action));\n\n const permissionsToReturn = differenceBy('id', permissionsToDelete, existingPermissions);\n\n if (permissionsToDelete.length > 0) {\n // @ts-expect-error - lodash prop doesn't resolve the type appropriately\n await getService('permission').deleteByIds(permissionsToDelete.map(prop('id')));\n }\n\n if (permissionsToAdd.length > 0) {\n const newPermissions = await addPermissions(roleId, permissionsToAdd);\n permissionsToReturn.push(...newPermissions);\n }\n\n if (!isSuperAdmin && (permissionsToAdd.length \|\| permissionsToDelete.length)) {\n await getService('metrics').sendDidUpdateRolePermissions();\n }\n\n if (permissionsToAdd.length > 0 \|\| permissionsToDelete.length > 0) {\n await getService('api-token-admin').syncPermissionsForRole(roleId);\n }\n\n return permissionsToReturn;\n};\n\nconst addPermissions = async (roleId: Data.ID, permissions: any) => {\n const { conditionProvider, createMany } = getService('permission');\n const { sanitizeConditions } = permissionDomain;\n\n const permissionsWithRole = permissions\n .map(set('role', roleId))\n // @ts-expect-error - refactor domain/permission Condition type, as it's now expecting\n // a string but it should be a Condition interface\n .map(sanitizeConditions(conditionProvider))\n .map(permissionDomain.create);\n\n return createMany(permissionsWithRole);\n};\n\nconst isContentTypeAction = (action: Action) => action.section === CONTENT_TYPE_SECTION;\n\n/\n Reset super admin permissions (giving it all permissions)\n /\nconst resetSuperAdminPermissions = async () => {\n const superAdminRole = await getService('role').getSuperAdmin();\n if (!superAdminRole) {\n return;\n }\n\n const permissionService = getService('permission');\n const contentTypeService = getService('content-type');\n\n const allActions = permissionService.actionProvider.values() as Action[];\n\n const contentTypesActions = allActions.filter((action) => isContentTypeAction(action));\n const otherActions = allActions.filter((action) => !isContentTypeAction(action));\n\n // First, get the content-types permissions\n const permissions = contentTypeService.getPermissionsWithNestedFields(\n contentTypesActions\n ) as Permission[];\n\n // Then add every other permission\n const otherPermissions = otherActions.reduce((acc, action) => {\n const { actionId, subjects } = action;\n\n if (isArray(subjects)) {\n acc.push(\n ...subjects.map((subject) => permissionDomain.create({ action: actionId, subject }))\n );\n } else {\n acc.push(permissionDomain.create({ action: actionId }));\n }\n\n return acc;\n }, [] as Permission[]);\n\n permissions.push(...otherPermissions);\n\n const transformedPermissions = (await hooks.willResetSuperAdminPermissions.call(\n permissions\n )) as Permission[];\n\n await assignPermissions(superAdminRole.id, transformedPermissions);\n};\n\n/\n Check if a user object includes the super admin role\n */\nconst hasSuperAdminRole = (user: AdminUser): boolean => {\n const roles = _.get(user, 'roles', []) as AdminRole[];\n\n return roles.map(prop('code')).includes(SUPER_ADMIN_CODE);\n};\n\nconst constants = {\n superAdminCode: SUPER_ADMIN_CODE,\n};\n\nexport default {\n hooks,\n sanitizeRole,\n create,\n findOne,\n findOneWithUsersCount,\n find,\n findAllWithUsersCount,\n update,\n exists,\n count,\n deleteByIds,\n getUsersCount,\n getSuperAdmin,\n getSuperAdminWithUsersCount,\n createRolesIfNoneExist,\n displayWarningIfNoSuperAdmin,\n addPermissions,\n hasSuperAdminRole,\n assignPermissions,\n resetSuperAdminPermissions,\n checkRolesIdForDeletion,\n constants,\n};\n"],"names":["SUPER_ADMIN_CODE","CONTENT_TYPE_SECTION","roleConstants","createAsyncSeriesWaterfallHook","hooksUtils","ApplicationError","errors","hooks","willResetSuperAdminPermissions","ACTIONS","publish","sanitizeRole","omit","COMPARABLE_FIELDS","pickComparableFields","pick","jsonClean","data","JSON","parse","stringify","arePermissionsEqual","p1","p2","action","isEqual","create","attributes","alreadyExists","exists","name","autoGeneratedCode","_","kebabCase","dates","timestampCode","rolesWithCode","code","result","strapi","db","query","eventHub","emit","role","findOne","params","populate","where","findOneWithUsersCount","usersCount","getUsersCount","id","find","findMany","findAllWithUsersCount","roles","get","transform","update","sanitizedAttributes","has","$ne","count","checkRolesIdForDeletion","ids","superAdminRole","getSuperAdmin","arrays","includesString","roleId","deleteByIds","getService","deleteByRolesIds","deletedRoles","deletedRole","delete","push","getSuperAdminWithUsersCount","createRolesIfNoneExist","someRolesExist","actionProvider","allActions","values","contentTypesActions","filter","a","section","description","assignARoleToAll","editorRole","authorRole","editorPermissions","getPermissionsWithNestedFields","restrictedSubjects","authorPermissions","map","permission","permissionDomain","conditions","getDefaultPluginPermissions","isAuthor","addPermissions","displayWarningIfNoSuperAdmin","someUsersExists","log","warn","assignPermissions","permissions","validatePermissionsExist","internalActions","actionId","superAdmin","isSuperAdmin","assignRole","set","permissionsWithRole","existingPermissions","permissionsToAdd","differenceWith","includes","permissionsToDelete","permissionsToReturn","differenceBy","length","prop","newPermissions","sendDidUpdateRolePermissions","syncPermissionsForRole","conditionProvider","createMany","sanitizeConditions","isContentTypeAction","resetSuperAdminPermissions","permissionService","contentTypeService","otherActions","otherPermissions","reduce","acc","subjects","isArray","subject","transformedPermissions","call","hasSuperAdminRole","user","constants","superAdminCode"],"mappings":";;;;;;;;;;AAAA;AAgBA,MAAM,EAAEA,gBAAgB,EAAEC,oBAAoB,EAAE,GAAGC,WAAAA;AAEnD,MAAM,EAAEC,8BAA8B,EAAE,GAAGC,WAAAA;AAC3C,MAAM,EAAEC,gBAAgB,EAAE,GAAGC,YAAAA;AAE7B,MAAMC,KAAAA,GAAQ;IACZC,8BAAAA,EAAgCL,8BAAAA;AAClC,CAAA;AAEA,MAAMM,OAAAA,GAAU;IACdC,OAAAA,EAAS;AACX,CAAA;AAEA;AACA,MAAMC,eAA+EC,OAAAA,CAAK;AACxF,IAAA,OAAA;AACA,IAAA;AACD,CAAA,CAAA;AAID,MAAMC,iBAAAA,GAAoB;AAAC,IAAA,YAAA;AAAc,IAAA,YAAA;AAAc,IAAA,SAAA;AAAW,IAAA,QAAA;AAAU,IAAA;AAAmB,CAAA;AAC/F,MAAMC,uBAAuBC,OAAAA,CAAKF,iBAAAA,CAAAA;AAElC,MAAMG,SAAAA,GAAY,CAAmBC,IAAAA,GAAeC,IAAAA,CAAKC,KAAK,CAACD,IAAAA,CAAKE,SAAS,CAACH,IAAAA,CAAAA,CAAAA;AAE9E;;IAGA,MAAMI,mBAAAA,GAAsB,CAACC,EAAAA,EAAgBC,EAAAA,GAAAA;AAC3C,IAAA,IAAID,EAAAA,CAAGE,MAAM,KAAKD,EAAAA,CAAGC,MAAM,EAAE;AAC3B,QAAA,OAAOC,UAAAA,CAAQT,SAAAA,CAAUF,oBAAAA,CAAqBQ,EAAAA,CAAAA,CAAAA,EAAMN,UAAUF,oBAAAA,CAAqBS,EAAAA,CAAAA,CAAAA,CAAAA;AACrF,IAAA;IAEA,OAAO,KAAA;AACT,CAAA;AAEA;;;IAIA,MAAMG,SAAS,OAAOC,UAAAA,GAAAA;IACpB,MAAMC,aAAAA,GAAgB,MAAMC,MAAAA,CAAO;AAAEC,QAAAA,IAAAA,EAAMH,WAAWG;AAAK,KAAA,CAAA;AAE3D,IAAA,IAAIF,aAAAA,EAAe;QACjB,MAAM,IAAIvB,iBACR,CAAC,+CAA+C,EAAEsB,UAAAA,CAAWG,IAAI,CAAC,kBAAkB,CAAC,CAAA;AAEzF,IAAA;AACA,IAAA,MAAMC,iBAAAA,GAAoB,CAAA,EAAGC,CAAAA,CAAEC,SAAS,CAACN,UAAAA,CAAWG,IAAI,CAAA,CAAE,CAAC,EAAEI,WAAAA,CAAMC,aAAa,EAAA,CAAA,CAAI;AAEpF,IAAA,MAAMC,aAAAA,GAAgB;AACpB,QAAA,GAAGT,UAAU;QACbU,IAAAA,EAAMV,UAAAA,CAAWU,IAAI,IAAIN;AAC3B,KAAA;IAEA,MAAMO,MAAAA,GAAS,MAAMC,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAef,MAAM,CAAC;QAAET,IAAAA,EAAMmB;AAAc,KAAA,CAAA;AACjFG,IAAAA,MAAAA,CAAOG,QAAQ,CAACC,IAAI,CAAC,aAAA,EAAe;AAAEC,QAAAA,IAAAA,EAAMjC,YAAAA,CAAa2B,MAAAA;AAAQ,KAAA,CAAA;IAEjE,OAAOA,MAAAA;AACT,CAAA;AAEA;;;;AAIC,IACD,MAAMO,OAAAA,GAAU,CAACC,MAAAA,GAAS,EAAE,EAAEC,QAAAA,GAAAA;AAC5B,IAAA,OAAOR,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAeI,OAAO,CAAC;QAAEG,KAAAA,EAAOF,MAAAA;AAAQC,QAAAA;AAAS,KAAA,CAAA;AAC1E,CAAA;AAEA;;;;AAIC,IACD,MAAME,qBAAAA,GAAwB,OAC5BH,MAAAA,GAAS,EAAE,EACXC,QAAAA,GAAAA;IAEA,MAAMH,IAAAA,GAAO,MAAML,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAeI,OAAO,CAAC;QAAEG,KAAAA,EAAOF,MAAAA;AAAQC,QAAAA;AAAS,KAAA,CAAA;AAEpF,IAAA,IAAIH,IAAAA,EAAM;AACRA,QAAAA,IAAAA,CAAKM,UAAU,GAAG,MAAMC,aAAAA,CAAcP,KAAKQ,EAAE,CAAA;AAC/C,IAAA;IAEA,OAAOR,IAAAA;AACT,CAAA;AAEA;;;;AAIC,IACD,MAAMS,IAAAA,GAAO,CAACP,MAAAA,GAAS,EAAE,EAAEC,QAAAA,GAAAA;AACzB,IAAA,OAAOR,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAea,QAAQ,CAAC;QAAEN,KAAAA,EAAOF,MAAAA;AAAQC,QAAAA;AAAS,KAAA,CAAA;AAC3E,CAAA;AAEA;;IAGA,MAAMQ,wBAAwB,OAAOT,MAAAA,GAAAA;AACnC,IAAA,MAAMU,QAAmC,MAAMjB,MAAAA,CAAOC,EAAE,CACrDC,KAAK,CAAC,aAAA,CAAA,CACNa,QAAQ,CAACf,OAAOkB,GAAG,CAAC,cAAA,CAAA,CAAgBC,SAAS,CAAC,aAAA,EAAeZ,MAAAA,CAAAA,CAAAA;IAEhE,KAAK,MAAMF,QAAQY,KAAAA,CAAO;AACxBZ,QAAAA,IAAAA,CAAKM,UAAU,GAAG,MAAMC,aAAAA,CAAcP,KAAKQ,EAAE,CAAA;AAC/C,IAAA;IAEA,OAAOI,KAAAA;AACT,CAAA;AAEA;;;;IAKA,MAAMG,MAAAA,GAAS,OAAOb,MAAAA,EAAanB,UAAAA,GAAAA;AACjC,IAAA,MAAMiC,mBAAAA,GAAsB5B,CAAAA,CAAEpB,IAAI,CAACe,UAAAA,EAAY;AAAC,QAAA;AAAO,KAAA,CAAA;IAEvD,IAAIK,CAAAA,CAAE6B,GAAG,CAACf,MAAAA,EAAQ,SAASd,CAAAA,CAAE6B,GAAG,CAACD,mBAAAA,EAAqB,MAAA,CAAA,EAAS;QAC7D,MAAMhC,aAAAA,GAAgB,MAAMC,MAAAA,CAAO;AACjCC,YAAAA,IAAAA,EAAM8B,oBAAoB9B,IAAI;YAC9BsB,EAAAA,EAAI;AAAEU,gBAAAA,GAAAA,EAAKhB,OAAOM;AAAG;AACvB,SAAA,CAAA;AACA,QAAA,IAAIxB,aAAAA,EAAe;YACjB,MAAM,IAAIvB,iBACR,CAAC,+CAA+C,EAAEuD,mBAAAA,CAAoB9B,IAAI,CAAC,kBAAkB,CAAC,CAAA;AAElG,QAAA;AACF,IAAA;IAEA,MAAMQ,MAAAA,GAAS,MAAMC,MAAAA,CAAOC,EAAE,CAC3BC,KAAK,CAAC,aAAA,CAAA,CACNkB,MAAM,CAAC;QAAEX,KAAAA,EAAOF,MAAAA;QAAQ7B,IAAAA,EAAM2C;AAAoB,KAAA,CAAA;AAErDrB,IAAAA,MAAAA,CAAOG,QAAQ,CAACC,IAAI,CAAC,aAAA,EAAe;AAAEC,QAAAA,IAAAA,EAAMjC,YAAAA,CAAa2B,MAAAA;AAAQ,KAAA,CAAA;IAEjE,OAAOA,MAAAA;AACT,CAAA;AAEA;;;AAGC,IACD,MAAMT,MAAAA,GAAS,OAAOiB,MAAAA,GAAS,EAAa,GAAA;IAC1C,MAAMiB,KAAAA,GAAQ,MAAMxB,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,KAAK,CAAC;QAAEf,KAAAA,EAAOF;AAAO,KAAA,CAAA;AACzE,IAAA,OAAOiB,KAAAA,GAAQ,CAAA;AACjB,CAAA;AAEA;;;AAGC,IACD,MAAMA,KAAAA,GAAQ,OAAOjB,MAAAA,GAAS,EAAS,GAAA;AACrC,IAAA,OAAOP,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,KAAK,CAACjB,MAAAA,CAAAA;AAC9C,CAAA;AAEA;;;AAGC,IACD,MAAMkB,uBAAAA,GAA0B,OAAOC,GAAAA,GAAM,EAAE,GAAa;AAC1D,IAAA,MAAMC,iBAAiB,MAAMC,aAAAA,EAAAA;AAE7B,IAAA,IAAID,kBAAkBE,YAAAA,CAAOC,cAAc,CAACJ,GAAAA,EAAKC,cAAAA,CAAed,EAAE,CAAA,EAAG;AACnE,QAAA,MAAM,IAAI/C,gBAAAA,CAAiB,wCAAA,CAAA;AAC7B,IAAA;IAEA,KAAK,MAAMiE,UAAUL,GAAAA,CAAK;QACxB,MAAMf,UAAAA,GAAa,MAAMC,aAAAA,CAAcmB,MAAAA,CAAAA;AACvC,QAAA,IAAIpB,eAAe,CAAA,EAAG;AACpB,YAAA,MAAM,IAAI7C,gBAAAA,CAAiB,6CAAA,CAAA;AAC7B,QAAA;AACF,IAAA;AACF,CAAA;AAEA;;;AAGC,IACD,MAAMkE,WAAAA,GAAc,OAAON,GAAAA,GAAM,EAAE,GAAa;AAC9C,IAAA,MAAMD,uBAAAA,CAAwBC,GAAAA,CAAAA;IAE9B,MAAMO,gBAAAA,CAAW,YAAA,CAAA,CAAcC,gBAAgB,CAACR,GAAAA,CAAAA;AAEhD,IAAA,MAAMS,eAA4B,EAAE;IACpC,KAAK,MAAMtB,MAAMa,GAAAA,CAAK;QACpB,MAAMU,WAAAA,GAAc,MAAMpC,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAemC,MAAM,CAAC;YAAE5B,KAAAA,EAAO;AAAEI,gBAAAA;AAAG;AAAE,SAAA,CAAA;AAEhF,QAAA,IAAIuB,WAAAA,EAAa;AACfpC,YAAAA,MAAAA,CAAOG,QAAQ,CAACC,IAAI,CAAC,aAAA,EAAe;gBAAEC,IAAAA,EAAM+B;AAAY,aAAA,CAAA;AACxDD,YAAAA,YAAAA,CAAaG,IAAI,CAACF,WAAAA,CAAAA;AACpB,QAAA;AACF,IAAA;IAEA,OAAOD,YAAAA;AACT,CAAA;AAEA;IAEA,MAAMvB,gBAAgB,OAAOmB,MAAAA,GAAAA;AAC3B,IAAA,OAAO/B,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,KAAK,CAAC;QAAEf,KAAAA,EAAO;YAAEQ,KAAAA,EAAO;gBAAEJ,EAAAA,EAAIkB;AAAO;AAAE;AAAE,KAAA,CAAA;AACjF,CAAA;AAEA;IAEA,MAAMH,aAAAA,GAAgB,IAAsCtB,OAAAA,CAAQ;QAAER,IAAAA,EAAMrC;AAAiB,KAAA,CAAA;AAE7F;;IAGA,MAAM8E,2BAAAA,GAA8B,IAAM7B,qBAAAA,CAAsB;QAAEZ,IAAAA,EAAMrC;AAAiB,KAAA,CAAA;AAEzF;AACC,IACD,MAAM+E,sBAAAA,GAAyB,UAAA;AAC7B,IAAA,MAAMC,iBAAiB,MAAMnD,MAAAA,EAAAA;AAC7B,IAAA,IAAImD,cAAAA,EAAgB;AAClB,QAAA;AACF,IAAA;AAEA,IAAA,MAAM,EAAEC,cAAc,EAAE,GAAGT,gBAAAA,CAAW,YAAA,CAAA;IAEtC,MAAMU,UAAAA,GAAaD,eAAeE,MAAM,EAAA;IACxC,MAAMC,mBAAAA,GAAsBF,WAAWG,MAAM,CAAC,CAACC,CAAAA,GAAMA,CAAAA,CAAEC,OAAO,KAAK,cAAA,CAAA;;IAGnE,MAAMrB,cAAAA,GAAiB,MAAMxC,MAAAA,CAAO;QAClCI,IAAAA,EAAM,aAAA;QACNO,IAAAA,EAAM,oBAAA;QACNmD,WAAAA,EAAa;AACf,KAAA,CAAA;AAEA,IAAA,MAAMhB,gBAAAA,CAAW,MAAA,CAAA,CAAQiB,gBAAgB,CAACvB,eAAed,EAAE,CAAA;IAE3D,MAAMsC,UAAAA,GAAa,MAAMhE,MAAAA,CAAO;QAC9BI,IAAAA,EAAM,QAAA;QACNO,IAAAA,EAAM,eAAA;QACNmD,WAAAA,EAAa;AACf,KAAA,CAAA;IAEA,MAAMG,UAAAA,GAAa,MAAMjE,MAAAA,CAAO;QAC9BI,IAAAA,EAAM,QAAA;QACNO,IAAAA,EAAM,eAAA;QACNmD,WAAAA,EAAa;AACf,KAAA,CAAA;;AAGA,IAAA,MAAMI,iBAAAA,GAAoBpB,gBAAAA,CAAW,cAAA,CAAA,CAAgBqB,8BAA8B,CACjFT,mBAAAA,EACA;QACEU,kBAAAA,EAAoB;AAAC,YAAA;AAAiC;AACxD,KAAA,CAAA;AAGF,IAAA,MAAMC,oBAAoBH,iBAAAA,CACvBP,MAAM,CAAC,CAAC,EAAE7D,MAAM,EAAO,GAAKA,WAAWf,OAAAA,CAAQC,OAAO,EACtDsF,GAAG,CAAC,CAACC,UAAAA,GACJC,eAAAA,CAAiBxE,MAAM,CAAC;AAAE,YAAA,GAAGuE,UAAU;YAAEE,UAAAA,EAAY;AAAC,gBAAA;AAAoB;AAAC,SAAA,CAAA,CAAA;AAG/EP,IAAAA,iBAAAA,CAAkBf,IAAI,CAAA,GAAIuB,2BAAAA,EAAAA,CAAAA;IAC1BL,iBAAAA,CAAkBlB,IAAI,IAAIuB,2BAAAA,CAA4B;QAAEC,QAAAA,EAAU;AAAK,KAAA,CAAA,CAAA;;IAGvE,MAAMC,cAAAA,CAAeZ,UAAAA,CAAWtC,EAAE,EAAEwC,iBAAAA,CAAAA;IACpC,MAAMU,cAAAA,CAAeX,UAAAA,CAAWvC,EAAE,EAAE2C,iBAAAA,CAAAA;AACtC,CAAA;AAEA,MAAMK,2BAAAA,GAA8B,CAAC,EAAEC,QAAAA,GAAW,KAAK,EAAE,GAAG,EAAE,GAAA;AAC5D,IAAA,MAAMF,aAAaE,QAAAA,GAAW;AAAC,QAAA;AAAoB,KAAA,GAAG,EAAE;;IAGxD,OAAO;AACL,QAAA;YAAE7E,MAAAA,EAAQ,qBAAA;AAAuB2E,YAAAA;AAAW,SAAA;AAC5C,QAAA;YAAE3E,MAAAA,EAAQ;AAAgC,SAAA;AAC1C,QAAA;YAAEA,MAAAA,EAAQ;AAA+B,SAAA;AACzC,QAAA;YAAEA,MAAAA,EAAQ,8BAAA;AAAgC2E,YAAAA;AAAW,SAAA;AACrD,QAAA;YAAE3E,MAAAA,EAAQ;AAAiC,SAAA;AAC3C,QAAA;YAAEA,MAAAA,EAAQ;AAAkC;KAC7C,CAACwE,GAAG,CAACE,eAAAA,CAAiBxE,MAAM,CAAA;AAC/B,CAAA;AAEA;;AAEC,IACD,MAAM6E,4BAAAA,GAA+B,UAAA;AACnC,IAAA,MAAMrC,iBAAiB,MAAMY,2BAAAA,EAAAA;AAC7B,IAAA,MAAM0B,eAAAA,GAAkB,MAAMhC,gBAAAA,CAAW,MAAA,CAAA,CAAQ3C,MAAM,EAAA;AAEvD,IAAA,IAAI,CAACqC,cAAAA,EAAgB;QACnB3B,MAAAA,CAAOkE,GAAG,CAACC,IAAI,CAAC,mDAAA,CAAA;AAClB,IAAA,CAAA,MAAO,IAAIF,eAAAA,IAAmBtC,cAAAA,CAAehB,UAAU,KAAK,CAAA,EAAG;QAC7DX,MAAAA,CAAOkE,GAAG,CAACC,IAAI,CAAC,mDAAA,CAAA;AAClB,IAAA;AACF,CAAA;AAEA;;;;AAIC,IACD,MAAMC,iBAAAA,GAAoB,OACxBrC,MAAAA,EACAsC,cAA4E,EAAE,GAAA;AAE9E,IAAA,MAAMC,mCAAAA,CAAyBD,WAAAA,CAAAA;;;IAI/B,MAAME,eAAAA,GAAkBtC,iBAAW,YAAA,CAAA,CAChCS,cAAc,CAACE,MAAM,EAAA,CACrBE,MAAM,CAAC,CAAC7D,SAAWA,MAAAA,CAAO+D,OAAO,KAAK,UAAA,CAAA,CACtCS,GAAG,CAAC,CAACxE,MAAAA,GAAWA,OAAOuF,QAAQ,CAAA;AAElC,IAAA,MAAMC,UAAAA,GAAa,MAAMxC,gBAAAA,CAAW,MAAA,CAAA,CAAQL,aAAa,EAAA;AACzD,IAAA,MAAM8C,YAAAA,GAAeD,UAAAA,IAAcA,UAAAA,CAAW5D,EAAE,KAAKkB,MAAAA;IACrD,MAAM4C,UAAAA,GAAaC,OAAI,MAAA,EAAQ7C,MAAAA,CAAAA;IAE/B,MAAM8C,mBAAAA,GAAsBR,WAC1B;KACCZ,GAAG,CAACkB,WACL;;KAEClB,GAAG,CAACE,gBAAiBxE,MAAM,CAAA;AAE9B,IAAA,MAAM2F,mBAAAA,GAAsB,MAAM7C,gBAAAA,CAAW,YAAA,CAAA,CAAclB,QAAQ,CAAC;QAClEN,KAAAA,EAAO;YAAEJ,IAAAA,EAAM;gBAAEQ,EAAAA,EAAIkB;AAAO;AAAE,SAAA;QAC9BvB,QAAAA,EAAU;AAAC,YAAA;AAAO;AACpB,KAAA,CAAA;AAEA,IAAA,MAAMuE,gBAAAA,GAAmBC,iBAAAA,CACvBlG,mBAAAA,EACA+F,mBAAAA,EACAC,qBACAhC,MAAM,CAAC,CAACY,UAAAA,GAA2B,CAACa,eAAAA,CAAgBU,QAAQ,CAACvB,WAAWzE,MAAM,CAAA,CAAA;AAEhF,IAAA,MAAMiG,mBAAAA,GAAsBF,iBAAAA,CAC1BlG,mBAAAA,EACAgG,mBAAAA,EACAD,qBACA/B,MAAM,CAAC,CAACY,UAAAA,GAA2B,CAACa,eAAAA,CAAgBU,QAAQ,CAACvB,WAAWzE,MAAM,CAAA,CAAA;IAEhF,MAAMkG,mBAAAA,GAAsBC,eAAAA,CAAa,IAAA,EAAMF,mBAAAA,EAAqBJ,mBAAAA,CAAAA;IAEpE,IAAII,mBAAAA,CAAoBG,MAAM,GAAG,CAAA,EAAG;;AAElC,QAAA,MAAMpD,iBAAW,YAAA,CAAA,CAAcD,WAAW,CAACkD,mBAAAA,CAAoBzB,GAAG,CAAC6B,OAAAA,CAAK,IAAA,CAAA,CAAA,CAAA;AAC1E,IAAA;IAEA,IAAIP,gBAAAA,CAAiBM,MAAM,GAAG,CAAA,EAAG;QAC/B,MAAME,cAAAA,GAAiB,MAAMxB,cAAAA,CAAehC,MAAAA,EAAQgD,gBAAAA,CAAAA;AACpDI,QAAAA,mBAAAA,CAAoB7C,IAAI,CAAA,GAAIiD,cAAAA,CAAAA;AAC9B,IAAA;IAEA,IAAI,CAACb,iBAAiBK,gBAAAA,CAAiBM,MAAM,IAAIH,mBAAAA,CAAoBG,MAAK,CAAA,EAAI;QAC5E,MAAMpD,gBAAAA,CAAW,WAAWuD,4BAA4B,EAAA;AAC1D,IAAA;AAEA,IAAA,IAAIT,iBAAiBM,MAAM,GAAG,KAAKH,mBAAAA,CAAoBG,MAAM,GAAG,CAAA,EAAG;QACjE,MAAMpD,gBAAAA,CAAW,iBAAA,CAAA,CAAmBwD,sBAAsB,CAAC1D,MAAAA,CAAAA;AAC7D,IAAA;IAEA,OAAOoD,mBAAAA;AACT,CAAA;AAEA,MAAMpB,cAAAA,GAAiB,OAAOhC,MAAAA,EAAiBsC,WAAAA,GAAAA;AAC7C,IAAA,MAAM,EAAEqB,iBAAiB,EAAEC,UAAU,EAAE,GAAG1D,gBAAAA,CAAW,YAAA,CAAA;IACrD,MAAM,EAAE2D,kBAAkB,EAAE,GAAGjC,eAAAA;AAE/B,IAAA,MAAMkB,sBAAsBR,WAAAA,CACzBZ,GAAG,CAACmB,MAAAA,CAAI,MAAA,EAAQ7C,QACjB;;AAEC0B,KAAAA,GAAG,CAACmC,kBAAAA,CAAmBF,iBAAAA,CAAAA,CAAAA,CACvBjC,GAAG,CAACE,gBAAiBxE,MAAM,CAAA;AAE9B,IAAA,OAAOwG,UAAAA,CAAWd,mBAAAA,CAAAA;AACpB,CAAA;AAEA,MAAMgB,mBAAAA,GAAsB,CAAC5G,MAAAA,GAAmBA,MAAAA,CAAO+D,OAAO,KAAKtF,oBAAAA;AAEnE;;AAEC,IACD,MAAMoI,0BAAAA,GAA6B,UAAA;AACjC,IAAA,MAAMnE,cAAAA,GAAiB,MAAMM,gBAAAA,CAAW,MAAA,CAAA,CAAQL,aAAa,EAAA;AAC7D,IAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,QAAA;AACF,IAAA;AAEA,IAAA,MAAMoE,oBAAoB9D,gBAAAA,CAAW,YAAA,CAAA;AACrC,IAAA,MAAM+D,qBAAqB/D,gBAAAA,CAAW,cAAA,CAAA;AAEtC,IAAA,MAAMU,UAAAA,GAAaoD,iBAAAA,CAAkBrD,cAAc,CAACE,MAAM,EAAA;AAE1D,IAAA,MAAMC,sBAAsBF,UAAAA,CAAWG,MAAM,CAAC,CAAC7D,SAAW4G,mBAAAA,CAAoB5G,MAAAA,CAAAA,CAAAA;AAC9E,IAAA,MAAMgH,eAAetD,UAAAA,CAAWG,MAAM,CAAC,CAAC7D,MAAAA,GAAW,CAAC4G,mBAAAA,CAAoB5G,MAAAA,CAAAA,CAAAA;;IAGxE,MAAMoF,WAAAA,GAAc2B,kBAAAA,CAAmB1C,8BAA8B,CACnET,mBAAAA,CAAAA;;AAIF,IAAA,MAAMqD,gBAAAA,GAAmBD,YAAAA,CAAaE,MAAM,CAAC,CAACC,GAAAA,EAAKnH,MAAAA,GAAAA;AACjD,QAAA,MAAM,EAAEuF,QAAQ,EAAE6B,QAAQ,EAAE,GAAGpH,MAAAA;AAE/B,QAAA,IAAIqH,WAAQD,QAAAA,CAAAA,EAAW;YACrBD,GAAAA,CAAI9D,IAAI,IACH+D,QAAAA,CAAS5C,GAAG,CAAC,CAAC8C,OAAAA,GAAY5C,eAAAA,CAAiBxE,MAAM,CAAC;oBAAEF,MAAAA,EAAQuF,QAAAA;AAAU+B,oBAAAA;AAAQ,iBAAA,CAAA,CAAA,CAAA;QAErF,CAAA,MAAO;AACLH,YAAAA,GAAAA,CAAI9D,IAAI,CAACqB,eAAAA,CAAiBxE,MAAM,CAAC;gBAAEF,MAAAA,EAAQuF;AAAS,aAAA,CAAA,CAAA;AACtD,QAAA;QAEA,OAAO4B,GAAAA;AACT,IAAA,CAAA,EAAG,EAAE,CAAA;AAEL/B,IAAAA,WAAAA,CAAY/B,IAAI,CAAA,GAAI4D,gBAAAA,CAAAA;AAEpB,IAAA,MAAMM,yBAA0B,MAAMxI,KAAAA,CAAMC,8BAA8B,CAACwI,IAAI,CAC7EpC,WAAAA,CAAAA;IAGF,MAAMD,iBAAAA,CAAkBzC,cAAAA,CAAed,EAAE,EAAE2F,sBAAAA,CAAAA;AAC7C,CAAA;AAEA;;IAGA,MAAME,oBAAoB,CAACC,IAAAA,GAAAA;AACzB,IAAA,MAAM1F,QAAQxB,CAAAA,CAAEyB,GAAG,CAACyF,IAAAA,EAAM,SAAS,EAAE,CAAA;AAErC,IAAA,OAAO1F,MAAMwC,GAAG,CAAC6B,OAAAA,CAAK,MAAA,CAAA,CAAA,CAASL,QAAQ,CAACxH,gBAAAA,CAAAA;AAC1C,CAAA;AAEA,MAAMmJ,SAAAA,GAAY;IAChBC,cAAAA,EAAgBpJ;AAClB,CAAA;AAEA,WAAe;AACbO,IAAAA,KAAAA;AACAI,IAAAA,YAAAA;AACAe,IAAAA,MAAAA;AACAmB,IAAAA,OAAAA;AACAI,IAAAA,qBAAAA;AACAI,IAAAA,IAAAA;AACAE,IAAAA,qBAAAA;AACAI,IAAAA,MAAAA;AACA9B,IAAAA,MAAAA;AACAkC,IAAAA,KAAAA;AACAQ,IAAAA,WAAAA;AACApB,IAAAA,aAAAA;AACAgB,IAAAA,aAAAA;AACAW,IAAAA,2BAAAA;AACAC,IAAAA,sBAAAA;AACAwB,IAAAA,4BAAAA;AACAD,IAAAA,cAAAA;AACA2C,IAAAA,iBAAAA;AACAtC,IAAAA,iBAAAA;AACA0B,IAAAA,0BAAAA;AACArE,IAAAA,uBAAAA;AACAmF,IAAAA;AACF,CAAA;;;;"}

package/dist/server/server/src/services/role.mjs CHANGED Viewed

@@ -328,6 +328,9 @@ const getDefaultPluginPermissions = ({ isAuthor = false } = {})=>{
     if (!isSuperAdmin && (permissionsToAdd.length || permissionsToDelete.length)) {
         await getService('metrics').sendDidUpdateRolePermissions();
     }
+    if (permissionsToAdd.length > 0 || permissionsToDelete.length > 0) {
+        await getService('api-token-admin').syncPermissionsForRole(roleId);
+    }
     return permissionsToReturn;
 };
 const addPermissions = async (roleId, permissions)=>{

package/dist/server/server/src/services/role.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"role.mjs","sources":["../../../../../server/src/services/role.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-explicit-any / // TODO: TS - Use database parameters interface when they are ready\n/ eslint-disable @typescript-eslint/default-param-last /\nimport _ from 'lodash';\nimport { set, omit, pick, prop, isArray, differenceWith, differenceBy, isEqual } from 'lodash/fp';\n\nimport { dates, arrays, hooks as hooksUtils, errors } from '@strapi/utils';\nimport type { Data } from '@strapi/types';\n\nimport permissionDomain from '../domain/permission';\nimport type { AdminUser, AdminRole, Permission } from '../../../shared/contracts/shared';\nimport type { Action } from '../domain/action';\n\nimport { validatePermissionsExist } from '../validation/permission';\nimport roleConstants from './constants';\nimport { getService } from '../utils';\n\nconst { SUPER_ADMIN_CODE, CONTENT_TYPE_SECTION } = roleConstants;\n\nconst { createAsyncSeriesWaterfallHook } = hooksUtils;\nconst { ApplicationError } = errors;\n\nconst hooks = {\n willResetSuperAdminPermissions: createAsyncSeriesWaterfallHook(),\n};\n\nconst ACTIONS = {\n publish: 'plugin::content-manager.explorer.publish',\n};\n\n// @ts-expect-error lodash types\nconst sanitizeRole: <T extends object>(obj: T) => Omit<T, 'users' \| 'permissions'> = omit([\n 'users',\n 'permissions',\n] as const);\n\nexport type AdminRoleWithUsersCount = AdminRole & { usersCount: number };\n\nconst COMPARABLE_FIELDS = ['conditions', 'properties', 'subject', 'action', 'actionParameters'];\nconst pickComparableFields = pick(COMPARABLE_FIELDS);\n\nconst jsonClean = <T extends object>(data: T): T => JSON.parse(JSON.stringify(data));\n\n/\n Compare two permissions\n /\nconst arePermissionsEqual = (p1: Permission, p2: Permission): boolean => {\n if (p1.action === p2.action) {\n return isEqual(jsonClean(pickComparableFields(p1)), jsonClean(pickComparableFields(p2)));\n }\n\n return false;\n};\n\n/\n Create and save a role in database\n * @param attributes A partial role object\n /\nconst create = async (attributes: Partial<AdminRole>): Promise<AdminRole> => {\n const alreadyExists = await exists({ name: attributes.name });\n\n if (alreadyExists) {\n throw new ApplicationError(\n `The name must be unique and a role with name \\`${attributes.name}\\` already exists.`\n );\n }\n const autoGeneratedCode = `${_.kebabCase(attributes.name)}-${dates.timestampCode()}`;\n\n const rolesWithCode = {\n ...attributes,\n code: attributes.code \|\| autoGeneratedCode,\n };\n\n const result = await strapi.db.query('admin::role').create({ data: rolesWithCode });\n strapi.eventHub.emit('role.create', { role: sanitizeRole(result) });\n\n return result;\n};\n\n/\n Find a role in database\n * @param params query params to find the role\n * @param populate\n /\nconst findOne = (params = {}, populate?: unknown): Promise<AdminRole> => {\n return strapi.db.query('admin::role').findOne({ where: params, populate });\n};\n\n/\n Find a role in database with usersCounts\n * @param params query params to find the role\n * @param populate\n /\nconst findOneWithUsersCount = async (\n params = {},\n populate?: unknown\n): Promise<AdminRoleWithUsersCount> => {\n const role = await strapi.db.query('admin::role').findOne({ where: params, populate });\n\n if (role) {\n role.usersCount = await getUsersCount(role.id);\n }\n\n return role;\n};\n\n/\n Find roles in database\n * @param params query params to find the roles\n * @param populate\n /\nconst find = (params = {}, populate: unknown): Promise<AdminRole[]> => {\n return strapi.db.query('admin::role').findMany({ where: params, populate });\n};\n\n/\n Find all roles in database\n /\nconst findAllWithUsersCount = async (params: any): Promise<AdminRoleWithUsersCount[]> => {\n const roles: AdminRoleWithUsersCount[] = await strapi.db\n .query('admin::role')\n .findMany(strapi.get('query-params').transform('admin::role', params));\n\n for (const role of roles) {\n role.usersCount = await getUsersCount(role.id);\n }\n\n return roles;\n};\n\n/\n Update a role in database\n * @param params query params to find the role to update\n * @param attributes A partial role object\n /\nconst update = async (params: any, attributes: Partial<AdminRole>): Promise<AdminRole> => {\n const sanitizedAttributes = _.omit(attributes, ['code']);\n\n if (_.has(params, 'id') && _.has(sanitizedAttributes, 'name')) {\n const alreadyExists = await exists({\n name: sanitizedAttributes.name,\n id: { $ne: params.id },\n });\n if (alreadyExists) {\n throw new ApplicationError(\n `The name must be unique and a role with name \\`${sanitizedAttributes.name}\\` already exists.`\n );\n }\n }\n\n const result = await strapi.db\n .query('admin::role')\n .update({ where: params, data: sanitizedAttributes });\n\n strapi.eventHub.emit('role.update', { role: sanitizeRole(result) });\n\n return result;\n};\n\n/\n Check if a role exists in database\n * @param params query params to find the role\n /\nconst exists = async (params = {} as unknown): Promise<boolean> => {\n const count = await strapi.db.query('admin::role').count({ where: params });\n return count > 0;\n};\n\n/\n Count the number of roles based on search params\n * @param params params used for the query\n /\nconst count = async (params = {} as any): Promise<number> => {\n return strapi.db.query('admin::role').count(params);\n};\n\n/\n Check if the given roles id can be deleted safely, throw otherwise\n * @param ids\n /\nconst checkRolesIdForDeletion = async (ids = [] as Data.ID[]) => {\n const superAdminRole = await getSuperAdmin();\n\n if (superAdminRole && arrays.includesString(ids, superAdminRole.id)) {\n throw new ApplicationError('You cannot delete the super admin role');\n }\n\n for (const roleId of ids) {\n const usersCount = await getUsersCount(roleId);\n if (usersCount !== 0) {\n throw new ApplicationError('Some roles are still assigned to some users');\n }\n }\n};\n\n/\n Delete roles in database if they have no user assigned\n * @param ids query params to find the roles\n /\nconst deleteByIds = async (ids = [] as Data.ID[]): Promise<AdminRole[]> => {\n await checkRolesIdForDeletion(ids);\n\n await getService('permission').deleteByRolesIds(ids);\n\n const deletedRoles: AdminRole[] = [];\n for (const id of ids) {\n const deletedRole = await strapi.db.query('admin::role').delete({ where: { id } });\n\n if (deletedRole) {\n strapi.eventHub.emit('role.delete', { role: deletedRole });\n deletedRoles.push(deletedRole);\n }\n }\n\n return deletedRoles;\n};\n\n/* Count the number of users for some roles\n /\nconst getUsersCount = async (roleId: Data.ID): Promise<number> => {\n return strapi.db.query('admin::user').count({ where: { roles: { id: roleId } } });\n};\n\n/* Returns admin role\n /\nconst getSuperAdmin = (): Promise<AdminRole \| undefined> => findOne({ code: SUPER_ADMIN_CODE });\n\n/* Returns admin role with userCount\n * @returns {Promise<role>}\n /\nconst getSuperAdminWithUsersCount = () => findOneWithUsersCount({ code: SUPER_ADMIN_CODE });\n\n/* Create superAdmin, Author and Editor role is no role already exist\n /\nconst createRolesIfNoneExist = async () => {\n const someRolesExist = await exists();\n if (someRolesExist) {\n return;\n }\n\n const { actionProvider } = getService('permission');\n\n const allActions = actionProvider.values();\n const contentTypesActions = allActions.filter((a) => a.section === 'contentTypes');\n\n // create 3 roles\n const superAdminRole = await create({\n name: 'Super Admin',\n code: 'strapi-super-admin',\n description: 'Super Admins can access and manage all features and settings.',\n });\n\n await getService('user').assignARoleToAll(superAdminRole.id);\n\n const editorRole = await create({\n name: 'Editor',\n code: 'strapi-editor',\n description: 'Editors can manage and publish contents including those of other users.',\n });\n\n const authorRole = await create({\n name: 'Author',\n code: 'strapi-author',\n description: 'Authors can manage the content they have created.',\n });\n\n // create content-type permissions for each role\n const editorPermissions = getService('content-type').getPermissionsWithNestedFields(\n contentTypesActions,\n {\n restrictedSubjects: ['plugin::users-permissions.user'],\n }\n );\n\n const authorPermissions = editorPermissions\n .filter(({ action }: any) => action !== ACTIONS.publish)\n .map((permission: any) =>\n permissionDomain.create({ ...permission, conditions: ['admin::is-creator'] })\n );\n\n editorPermissions.push(...getDefaultPluginPermissions());\n authorPermissions.push(...getDefaultPluginPermissions({ isAuthor: true }));\n\n // assign permissions to roles\n await addPermissions(editorRole.id, editorPermissions);\n await addPermissions(authorRole.id, authorPermissions);\n};\n\nconst getDefaultPluginPermissions = ({ isAuthor = false } = {}) => {\n const conditions = isAuthor ? ['admin::is-creator'] : [];\n\n // add plugin permissions for each role\n return [\n { action: 'plugin::upload.read', conditions },\n { action: 'plugin::upload.configure-view' },\n { action: 'plugin::upload.assets.create' },\n { action: 'plugin::upload.assets.update', conditions },\n { action: 'plugin::upload.assets.download' },\n { action: 'plugin::upload.assets.copy-link' },\n ].map(permissionDomain.create);\n};\n\n/* Display a warning if the role superAdmin doesn't exist\n * or if the role is not assigned to at least one user\n /\nconst displayWarningIfNoSuperAdmin = async () => {\n const superAdminRole = await getSuperAdminWithUsersCount();\n const someUsersExists = await getService('user').exists();\n\n if (!superAdminRole) {\n strapi.log.warn(\"Your application doesn't have a super admin role.\");\n } else if (someUsersExists && superAdminRole.usersCount === 0) {\n strapi.log.warn(\"Your application doesn't have a super admin user.\");\n }\n};\n\n/\n Assign permissions to a role\n * @param roleId - role Data.ID\n * @param {Array<Permission{action,subject,fields,conditions}>} permissions - permissions to assign to the role\n /\nconst assignPermissions = async (\n roleId: Data.ID,\n permissions: Array<Pick<Permission, 'action' \| 'subject' \| 'conditions'>> = []\n) => {\n await validatePermissionsExist(permissions);\n\n // Internal actions are not handled by the role service, so any permission\n // with an internal action is filtered out\n const internalActions = getService('permission')\n .actionProvider.values()\n .filter((action) => action.section === 'internal')\n .map((action) => action.actionId);\n\n const superAdmin = await getService('role').getSuperAdmin();\n const isSuperAdmin = superAdmin && superAdmin.id === roleId;\n const assignRole = set('role', roleId);\n\n const permissionsWithRole = permissions\n // Add the role attribute to every permission\n .map(assignRole)\n // Transform each permission into a Permission instance\n // @ts-expect-error - lodash set doesn't resolve the type appropriately\n .map(permissionDomain.create);\n\n const existingPermissions = await getService('permission').findMany({\n where: { role: { id: roleId } },\n populate: ['role'],\n });\n\n const permissionsToAdd = differenceWith(\n arePermissionsEqual,\n permissionsWithRole,\n existingPermissions\n ).filter((permission: Permission) => !internalActions.includes(permission.action));\n\n const permissionsToDelete = differenceWith(\n arePermissionsEqual,\n existingPermissions,\n permissionsWithRole\n ).filter((permission: Permission) => !internalActions.includes(permission.action));\n\n const permissionsToReturn = differenceBy('id', permissionsToDelete, existingPermissions);\n\n if (permissionsToDelete.length > 0) {\n // @ts-expect-error - lodash prop doesn't resolve the type appropriately\n await getService('permission').deleteByIds(permissionsToDelete.map(prop('id')));\n }\n\n if (permissionsToAdd.length > 0) {\n const newPermissions = await addPermissions(roleId, permissionsToAdd);\n permissionsToReturn.push(...newPermissions);\n }\n\n if (!isSuperAdmin && (permissionsToAdd.length \|\| permissionsToDelete.length)) {\n await getService('metrics').sendDidUpdateRolePermissions();\n }\n\n return permissionsToReturn;\n};\n\nconst addPermissions = async (roleId: Data.ID, permissions: any) => {\n const { conditionProvider, createMany } = getService('permission');\n const { sanitizeConditions } = permissionDomain;\n\n const permissionsWithRole = permissions\n .map(set('role', roleId))\n // @ts-expect-error - refactor domain/permission Condition type, as it's now expecting\n // a string but it should be a Condition interface\n .map(sanitizeConditions(conditionProvider))\n .map(permissionDomain.create);\n\n return createMany(permissionsWithRole);\n};\n\nconst isContentTypeAction = (action: Action) => action.section === CONTENT_TYPE_SECTION;\n\n/\n Reset super admin permissions (giving it all permissions)\n /\nconst resetSuperAdminPermissions = async () => {\n const superAdminRole = await getService('role').getSuperAdmin();\n if (!superAdminRole) {\n return;\n }\n\n const permissionService = getService('permission');\n const contentTypeService = getService('content-type');\n\n const allActions = permissionService.actionProvider.values() as Action[];\n\n const contentTypesActions = allActions.filter((action) => isContentTypeAction(action));\n const otherActions = allActions.filter((action) => !isContentTypeAction(action));\n\n // First, get the content-types permissions\n const permissions = contentTypeService.getPermissionsWithNestedFields(\n contentTypesActions\n ) as Permission[];\n\n // Then add every other permission\n const otherPermissions = otherActions.reduce((acc, action) => {\n const { actionId, subjects } = action;\n\n if (isArray(subjects)) {\n acc.push(\n ...subjects.map((subject) => permissionDomain.create({ action: actionId, subject }))\n );\n } else {\n acc.push(permissionDomain.create({ action: actionId }));\n }\n\n return acc;\n }, [] as Permission[]);\n\n permissions.push(...otherPermissions);\n\n const transformedPermissions = (await hooks.willResetSuperAdminPermissions.call(\n permissions\n )) as Permission[];\n\n await assignPermissions(superAdminRole.id, transformedPermissions);\n};\n\n/\n Check if a user object includes the super admin role\n */\nconst hasSuperAdminRole = (user: AdminUser): boolean => {\n const roles = _.get(user, 'roles', []) as AdminRole[];\n\n return roles.map(prop('code')).includes(SUPER_ADMIN_CODE);\n};\n\nconst constants = {\n superAdminCode: SUPER_ADMIN_CODE,\n};\n\nexport default {\n hooks,\n sanitizeRole,\n create,\n findOne,\n findOneWithUsersCount,\n find,\n findAllWithUsersCount,\n update,\n exists,\n count,\n deleteByIds,\n getUsersCount,\n getSuperAdmin,\n getSuperAdminWithUsersCount,\n createRolesIfNoneExist,\n displayWarningIfNoSuperAdmin,\n addPermissions,\n hasSuperAdminRole,\n assignPermissions,\n resetSuperAdminPermissions,\n checkRolesIdForDeletion,\n constants,\n};\n"],"names":["SUPER_ADMIN_CODE","CONTENT_TYPE_SECTION","roleConstants","createAsyncSeriesWaterfallHook","hooksUtils","ApplicationError","errors","hooks","willResetSuperAdminPermissions","ACTIONS","publish","sanitizeRole","omit","COMPARABLE_FIELDS","pickComparableFields","pick","jsonClean","data","JSON","parse","stringify","arePermissionsEqual","p1","p2","action","isEqual","create","attributes","alreadyExists","exists","name","autoGeneratedCode","_","kebabCase","dates","timestampCode","rolesWithCode","code","result","strapi","db","query","eventHub","emit","role","findOne","params","populate","where","findOneWithUsersCount","usersCount","getUsersCount","id","find","findMany","findAllWithUsersCount","roles","get","transform","update","sanitizedAttributes","has","$ne","count","checkRolesIdForDeletion","ids","superAdminRole","getSuperAdmin","arrays","includesString","roleId","deleteByIds","getService","deleteByRolesIds","deletedRoles","deletedRole","delete","push","getSuperAdminWithUsersCount","createRolesIfNoneExist","someRolesExist","actionProvider","allActions","values","contentTypesActions","filter","a","section","description","assignARoleToAll","editorRole","authorRole","editorPermissions","getPermissionsWithNestedFields","restrictedSubjects","authorPermissions","map","permission","permissionDomain","conditions","getDefaultPluginPermissions","isAuthor","addPermissions","displayWarningIfNoSuperAdmin","someUsersExists","log","warn","assignPermissions","permissions","validatePermissionsExist","internalActions","actionId","superAdmin","isSuperAdmin","assignRole","set","permissionsWithRole","existingPermissions","permissionsToAdd","differenceWith","includes","permissionsToDelete","permissionsToReturn","differenceBy","length","prop","newPermissions","sendDidUpdateRolePermissions","conditionProvider","createMany","sanitizeConditions","isContentTypeAction","resetSuperAdminPermissions","permissionService","contentTypeService","otherActions","otherPermissions","reduce","acc","subjects","isArray","subject","transformedPermissions","call","hasSuperAdminRole","user","constants","superAdminCode"],"mappings":";;;;;;;;AAAA;AAgBA,MAAM,EAAEA,gBAAgB,EAAEC,oBAAoB,EAAE,GAAGC,WAAAA;AAEnD,MAAM,EAAEC,8BAA8B,EAAE,GAAGC,OAAAA;AAC3C,MAAM,EAAEC,gBAAgB,EAAE,GAAGC,MAAAA;AAE7B,MAAMC,KAAAA,GAAQ;IACZC,8BAAAA,EAAgCL,8BAAAA;AAClC,CAAA;AAEA,MAAMM,OAAAA,GAAU;IACdC,OAAAA,EAAS;AACX,CAAA;AAEA;AACA,MAAMC,eAA+EC,IAAAA,CAAK;AACxF,IAAA,OAAA;AACA,IAAA;AACD,CAAA,CAAA;AAID,MAAMC,iBAAAA,GAAoB;AAAC,IAAA,YAAA;AAAc,IAAA,YAAA;AAAc,IAAA,SAAA;AAAW,IAAA,QAAA;AAAU,IAAA;AAAmB,CAAA;AAC/F,MAAMC,uBAAuBC,IAAAA,CAAKF,iBAAAA,CAAAA;AAElC,MAAMG,SAAAA,GAAY,CAAmBC,IAAAA,GAAeC,IAAAA,CAAKC,KAAK,CAACD,IAAAA,CAAKE,SAAS,CAACH,IAAAA,CAAAA,CAAAA;AAE9E;;IAGA,MAAMI,mBAAAA,GAAsB,CAACC,EAAAA,EAAgBC,EAAAA,GAAAA;AAC3C,IAAA,IAAID,EAAAA,CAAGE,MAAM,KAAKD,EAAAA,CAAGC,MAAM,EAAE;AAC3B,QAAA,OAAOC,OAAAA,CAAQT,SAAAA,CAAUF,oBAAAA,CAAqBQ,EAAAA,CAAAA,CAAAA,EAAMN,UAAUF,oBAAAA,CAAqBS,EAAAA,CAAAA,CAAAA,CAAAA;AACrF,IAAA;IAEA,OAAO,KAAA;AACT,CAAA;AAEA;;;IAIA,MAAMG,SAAS,OAAOC,UAAAA,GAAAA;IACpB,MAAMC,aAAAA,GAAgB,MAAMC,MAAAA,CAAO;AAAEC,QAAAA,IAAAA,EAAMH,WAAWG;AAAK,KAAA,CAAA;AAE3D,IAAA,IAAIF,aAAAA,EAAe;QACjB,MAAM,IAAIvB,iBACR,CAAC,+CAA+C,EAAEsB,UAAAA,CAAWG,IAAI,CAAC,kBAAkB,CAAC,CAAA;AAEzF,IAAA;AACA,IAAA,MAAMC,iBAAAA,GAAoB,CAAA,EAAGC,UAAAA,CAAEC,SAAS,CAACN,UAAAA,CAAWG,IAAI,CAAA,CAAE,CAAC,EAAEI,KAAAA,CAAMC,aAAa,EAAA,CAAA,CAAI;AAEpF,IAAA,MAAMC,aAAAA,GAAgB;AACpB,QAAA,GAAGT,UAAU;QACbU,IAAAA,EAAMV,UAAAA,CAAWU,IAAI,IAAIN;AAC3B,KAAA;IAEA,MAAMO,MAAAA,GAAS,MAAMC,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAef,MAAM,CAAC;QAAET,IAAAA,EAAMmB;AAAc,KAAA,CAAA;AACjFG,IAAAA,MAAAA,CAAOG,QAAQ,CAACC,IAAI,CAAC,aAAA,EAAe;AAAEC,QAAAA,IAAAA,EAAMjC,YAAAA,CAAa2B,MAAAA;AAAQ,KAAA,CAAA;IAEjE,OAAOA,MAAAA;AACT,CAAA;AAEA;;;;AAIC,IACD,MAAMO,OAAAA,GAAU,CAACC,MAAAA,GAAS,EAAE,EAAEC,QAAAA,GAAAA;AAC5B,IAAA,OAAOR,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAeI,OAAO,CAAC;QAAEG,KAAAA,EAAOF,MAAAA;AAAQC,QAAAA;AAAS,KAAA,CAAA;AAC1E,CAAA;AAEA;;;;AAIC,IACD,MAAME,qBAAAA,GAAwB,OAC5BH,MAAAA,GAAS,EAAE,EACXC,QAAAA,GAAAA;IAEA,MAAMH,IAAAA,GAAO,MAAML,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAeI,OAAO,CAAC;QAAEG,KAAAA,EAAOF,MAAAA;AAAQC,QAAAA;AAAS,KAAA,CAAA;AAEpF,IAAA,IAAIH,IAAAA,EAAM;AACRA,QAAAA,IAAAA,CAAKM,UAAU,GAAG,MAAMC,aAAAA,CAAcP,KAAKQ,EAAE,CAAA;AAC/C,IAAA;IAEA,OAAOR,IAAAA;AACT,CAAA;AAEA;;;;AAIC,IACD,MAAMS,IAAAA,GAAO,CAACP,MAAAA,GAAS,EAAE,EAAEC,QAAAA,GAAAA;AACzB,IAAA,OAAOR,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAea,QAAQ,CAAC;QAAEN,KAAAA,EAAOF,MAAAA;AAAQC,QAAAA;AAAS,KAAA,CAAA;AAC3E,CAAA;AAEA;;IAGA,MAAMQ,wBAAwB,OAAOT,MAAAA,GAAAA;AACnC,IAAA,MAAMU,QAAmC,MAAMjB,MAAAA,CAAOC,EAAE,CACrDC,KAAK,CAAC,aAAA,CAAA,CACNa,QAAQ,CAACf,OAAOkB,GAAG,CAAC,cAAA,CAAA,CAAgBC,SAAS,CAAC,aAAA,EAAeZ,MAAAA,CAAAA,CAAAA;IAEhE,KAAK,MAAMF,QAAQY,KAAAA,CAAO;AACxBZ,QAAAA,IAAAA,CAAKM,UAAU,GAAG,MAAMC,aAAAA,CAAcP,KAAKQ,EAAE,CAAA;AAC/C,IAAA;IAEA,OAAOI,KAAAA;AACT,CAAA;AAEA;;;;IAKA,MAAMG,MAAAA,GAAS,OAAOb,MAAAA,EAAanB,UAAAA,GAAAA;AACjC,IAAA,MAAMiC,mBAAAA,GAAsB5B,UAAAA,CAAEpB,IAAI,CAACe,UAAAA,EAAY;AAAC,QAAA;AAAO,KAAA,CAAA;IAEvD,IAAIK,UAAAA,CAAE6B,GAAG,CAACf,MAAAA,EAAQ,SAASd,UAAAA,CAAE6B,GAAG,CAACD,mBAAAA,EAAqB,MAAA,CAAA,EAAS;QAC7D,MAAMhC,aAAAA,GAAgB,MAAMC,MAAAA,CAAO;AACjCC,YAAAA,IAAAA,EAAM8B,oBAAoB9B,IAAI;YAC9BsB,EAAAA,EAAI;AAAEU,gBAAAA,GAAAA,EAAKhB,OAAOM;AAAG;AACvB,SAAA,CAAA;AACA,QAAA,IAAIxB,aAAAA,EAAe;YACjB,MAAM,IAAIvB,iBACR,CAAC,+CAA+C,EAAEuD,mBAAAA,CAAoB9B,IAAI,CAAC,kBAAkB,CAAC,CAAA;AAElG,QAAA;AACF,IAAA;IAEA,MAAMQ,MAAAA,GAAS,MAAMC,MAAAA,CAAOC,EAAE,CAC3BC,KAAK,CAAC,aAAA,CAAA,CACNkB,MAAM,CAAC;QAAEX,KAAAA,EAAOF,MAAAA;QAAQ7B,IAAAA,EAAM2C;AAAoB,KAAA,CAAA;AAErDrB,IAAAA,MAAAA,CAAOG,QAAQ,CAACC,IAAI,CAAC,aAAA,EAAe;AAAEC,QAAAA,IAAAA,EAAMjC,YAAAA,CAAa2B,MAAAA;AAAQ,KAAA,CAAA;IAEjE,OAAOA,MAAAA;AACT,CAAA;AAEA;;;AAGC,IACD,MAAMT,MAAAA,GAAS,OAAOiB,MAAAA,GAAS,EAAa,GAAA;IAC1C,MAAMiB,KAAAA,GAAQ,MAAMxB,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,KAAK,CAAC;QAAEf,KAAAA,EAAOF;AAAO,KAAA,CAAA;AACzE,IAAA,OAAOiB,KAAAA,GAAQ,CAAA;AACjB,CAAA;AAEA;;;AAGC,IACD,MAAMA,KAAAA,GAAQ,OAAOjB,MAAAA,GAAS,EAAS,GAAA;AACrC,IAAA,OAAOP,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,KAAK,CAACjB,MAAAA,CAAAA;AAC9C,CAAA;AAEA;;;AAGC,IACD,MAAMkB,uBAAAA,GAA0B,OAAOC,GAAAA,GAAM,EAAE,GAAa;AAC1D,IAAA,MAAMC,iBAAiB,MAAMC,aAAAA,EAAAA;AAE7B,IAAA,IAAID,kBAAkBE,MAAAA,CAAOC,cAAc,CAACJ,GAAAA,EAAKC,cAAAA,CAAed,EAAE,CAAA,EAAG;AACnE,QAAA,MAAM,IAAI/C,gBAAAA,CAAiB,wCAAA,CAAA;AAC7B,IAAA;IAEA,KAAK,MAAMiE,UAAUL,GAAAA,CAAK;QACxB,MAAMf,UAAAA,GAAa,MAAMC,aAAAA,CAAcmB,MAAAA,CAAAA;AACvC,QAAA,IAAIpB,eAAe,CAAA,EAAG;AACpB,YAAA,MAAM,IAAI7C,gBAAAA,CAAiB,6CAAA,CAAA;AAC7B,QAAA;AACF,IAAA;AACF,CAAA;AAEA;;;AAGC,IACD,MAAMkE,WAAAA,GAAc,OAAON,GAAAA,GAAM,EAAE,GAAa;AAC9C,IAAA,MAAMD,uBAAAA,CAAwBC,GAAAA,CAAAA;IAE9B,MAAMO,UAAAA,CAAW,YAAA,CAAA,CAAcC,gBAAgB,CAACR,GAAAA,CAAAA;AAEhD,IAAA,MAAMS,eAA4B,EAAE;IACpC,KAAK,MAAMtB,MAAMa,GAAAA,CAAK;QACpB,MAAMU,WAAAA,GAAc,MAAMpC,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAemC,MAAM,CAAC;YAAE5B,KAAAA,EAAO;AAAEI,gBAAAA;AAAG;AAAE,SAAA,CAAA;AAEhF,QAAA,IAAIuB,WAAAA,EAAa;AACfpC,YAAAA,MAAAA,CAAOG,QAAQ,CAACC,IAAI,CAAC,aAAA,EAAe;gBAAEC,IAAAA,EAAM+B;AAAY,aAAA,CAAA;AACxDD,YAAAA,YAAAA,CAAaG,IAAI,CAACF,WAAAA,CAAAA;AACpB,QAAA;AACF,IAAA;IAEA,OAAOD,YAAAA;AACT,CAAA;AAEA;IAEA,MAAMvB,gBAAgB,OAAOmB,MAAAA,GAAAA;AAC3B,IAAA,OAAO/B,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,KAAK,CAAC;QAAEf,KAAAA,EAAO;YAAEQ,KAAAA,EAAO;gBAAEJ,EAAAA,EAAIkB;AAAO;AAAE;AAAE,KAAA,CAAA;AACjF,CAAA;AAEA;IAEA,MAAMH,aAAAA,GAAgB,IAAsCtB,OAAAA,CAAQ;QAAER,IAAAA,EAAMrC;AAAiB,KAAA,CAAA;AAE7F;;IAGA,MAAM8E,2BAAAA,GAA8B,IAAM7B,qBAAAA,CAAsB;QAAEZ,IAAAA,EAAMrC;AAAiB,KAAA,CAAA;AAEzF;AACC,IACD,MAAM+E,sBAAAA,GAAyB,UAAA;AAC7B,IAAA,MAAMC,iBAAiB,MAAMnD,MAAAA,EAAAA;AAC7B,IAAA,IAAImD,cAAAA,EAAgB;AAClB,QAAA;AACF,IAAA;AAEA,IAAA,MAAM,EAAEC,cAAc,EAAE,GAAGT,UAAAA,CAAW,YAAA,CAAA;IAEtC,MAAMU,UAAAA,GAAaD,eAAeE,MAAM,EAAA;IACxC,MAAMC,mBAAAA,GAAsBF,WAAWG,MAAM,CAAC,CAACC,CAAAA,GAAMA,CAAAA,CAAEC,OAAO,KAAK,cAAA,CAAA;;IAGnE,MAAMrB,cAAAA,GAAiB,MAAMxC,MAAAA,CAAO;QAClCI,IAAAA,EAAM,aAAA;QACNO,IAAAA,EAAM,oBAAA;QACNmD,WAAAA,EAAa;AACf,KAAA,CAAA;AAEA,IAAA,MAAMhB,UAAAA,CAAW,MAAA,CAAA,CAAQiB,gBAAgB,CAACvB,eAAed,EAAE,CAAA;IAE3D,MAAMsC,UAAAA,GAAa,MAAMhE,MAAAA,CAAO;QAC9BI,IAAAA,EAAM,QAAA;QACNO,IAAAA,EAAM,eAAA;QACNmD,WAAAA,EAAa;AACf,KAAA,CAAA;IAEA,MAAMG,UAAAA,GAAa,MAAMjE,MAAAA,CAAO;QAC9BI,IAAAA,EAAM,QAAA;QACNO,IAAAA,EAAM,eAAA;QACNmD,WAAAA,EAAa;AACf,KAAA,CAAA;;AAGA,IAAA,MAAMI,iBAAAA,GAAoBpB,UAAAA,CAAW,cAAA,CAAA,CAAgBqB,8BAA8B,CACjFT,mBAAAA,EACA;QACEU,kBAAAA,EAAoB;AAAC,YAAA;AAAiC;AACxD,KAAA,CAAA;AAGF,IAAA,MAAMC,oBAAoBH,iBAAAA,CACvBP,MAAM,CAAC,CAAC,EAAE7D,MAAM,EAAO,GAAKA,WAAWf,OAAAA,CAAQC,OAAO,EACtDsF,GAAG,CAAC,CAACC,UAAAA,GACJC,gBAAAA,CAAiBxE,MAAM,CAAC;AAAE,YAAA,GAAGuE,UAAU;YAAEE,UAAAA,EAAY;AAAC,gBAAA;AAAoB;AAAC,SAAA,CAAA,CAAA;AAG/EP,IAAAA,iBAAAA,CAAkBf,IAAI,CAAA,GAAIuB,2BAAAA,EAAAA,CAAAA;IAC1BL,iBAAAA,CAAkBlB,IAAI,IAAIuB,2BAAAA,CAA4B;QAAEC,QAAAA,EAAU;AAAK,KAAA,CAAA,CAAA;;IAGvE,MAAMC,cAAAA,CAAeZ,UAAAA,CAAWtC,EAAE,EAAEwC,iBAAAA,CAAAA;IACpC,MAAMU,cAAAA,CAAeX,UAAAA,CAAWvC,EAAE,EAAE2C,iBAAAA,CAAAA;AACtC,CAAA;AAEA,MAAMK,2BAAAA,GAA8B,CAAC,EAAEC,QAAAA,GAAW,KAAK,EAAE,GAAG,EAAE,GAAA;AAC5D,IAAA,MAAMF,aAAaE,QAAAA,GAAW;AAAC,QAAA;AAAoB,KAAA,GAAG,EAAE;;IAGxD,OAAO;AACL,QAAA;YAAE7E,MAAAA,EAAQ,qBAAA;AAAuB2E,YAAAA;AAAW,SAAA;AAC5C,QAAA;YAAE3E,MAAAA,EAAQ;AAAgC,SAAA;AAC1C,QAAA;YAAEA,MAAAA,EAAQ;AAA+B,SAAA;AACzC,QAAA;YAAEA,MAAAA,EAAQ,8BAAA;AAAgC2E,YAAAA;AAAW,SAAA;AACrD,QAAA;YAAE3E,MAAAA,EAAQ;AAAiC,SAAA;AAC3C,QAAA;YAAEA,MAAAA,EAAQ;AAAkC;KAC7C,CAACwE,GAAG,CAACE,gBAAAA,CAAiBxE,MAAM,CAAA;AAC/B,CAAA;AAEA;;AAEC,IACD,MAAM6E,4BAAAA,GAA+B,UAAA;AACnC,IAAA,MAAMrC,iBAAiB,MAAMY,2BAAAA,EAAAA;AAC7B,IAAA,MAAM0B,eAAAA,GAAkB,MAAMhC,UAAAA,CAAW,MAAA,CAAA,CAAQ3C,MAAM,EAAA;AAEvD,IAAA,IAAI,CAACqC,cAAAA,EAAgB;QACnB3B,MAAAA,CAAOkE,GAAG,CAACC,IAAI,CAAC,mDAAA,CAAA;AAClB,IAAA,CAAA,MAAO,IAAIF,eAAAA,IAAmBtC,cAAAA,CAAehB,UAAU,KAAK,CAAA,EAAG;QAC7DX,MAAAA,CAAOkE,GAAG,CAACC,IAAI,CAAC,mDAAA,CAAA;AAClB,IAAA;AACF,CAAA;AAEA;;;;AAIC,IACD,MAAMC,iBAAAA,GAAoB,OACxBrC,MAAAA,EACAsC,cAA4E,EAAE,GAAA;AAE9E,IAAA,MAAMC,wBAAAA,CAAyBD,WAAAA,CAAAA;;;IAI/B,MAAME,eAAAA,GAAkBtC,WAAW,YAAA,CAAA,CAChCS,cAAc,CAACE,MAAM,EAAA,CACrBE,MAAM,CAAC,CAAC7D,SAAWA,MAAAA,CAAO+D,OAAO,KAAK,UAAA,CAAA,CACtCS,GAAG,CAAC,CAACxE,MAAAA,GAAWA,OAAOuF,QAAQ,CAAA;AAElC,IAAA,MAAMC,UAAAA,GAAa,MAAMxC,UAAAA,CAAW,MAAA,CAAA,CAAQL,aAAa,EAAA;AACzD,IAAA,MAAM8C,YAAAA,GAAeD,UAAAA,IAAcA,UAAAA,CAAW5D,EAAE,KAAKkB,MAAAA;IACrD,MAAM4C,UAAAA,GAAaC,IAAI,MAAA,EAAQ7C,MAAAA,CAAAA;IAE/B,MAAM8C,mBAAAA,GAAsBR,WAC1B;KACCZ,GAAG,CAACkB,WACL;;KAEClB,GAAG,CAACE,iBAAiBxE,MAAM,CAAA;AAE9B,IAAA,MAAM2F,mBAAAA,GAAsB,MAAM7C,UAAAA,CAAW,YAAA,CAAA,CAAclB,QAAQ,CAAC;QAClEN,KAAAA,EAAO;YAAEJ,IAAAA,EAAM;gBAAEQ,EAAAA,EAAIkB;AAAO;AAAE,SAAA;QAC9BvB,QAAAA,EAAU;AAAC,YAAA;AAAO;AACpB,KAAA,CAAA;AAEA,IAAA,MAAMuE,gBAAAA,GAAmBC,cAAAA,CACvBlG,mBAAAA,EACA+F,mBAAAA,EACAC,qBACAhC,MAAM,CAAC,CAACY,UAAAA,GAA2B,CAACa,eAAAA,CAAgBU,QAAQ,CAACvB,WAAWzE,MAAM,CAAA,CAAA;AAEhF,IAAA,MAAMiG,mBAAAA,GAAsBF,cAAAA,CAC1BlG,mBAAAA,EACAgG,mBAAAA,EACAD,qBACA/B,MAAM,CAAC,CAACY,UAAAA,GAA2B,CAACa,eAAAA,CAAgBU,QAAQ,CAACvB,WAAWzE,MAAM,CAAA,CAAA;IAEhF,MAAMkG,mBAAAA,GAAsBC,YAAAA,CAAa,IAAA,EAAMF,mBAAAA,EAAqBJ,mBAAAA,CAAAA;IAEpE,IAAII,mBAAAA,CAAoBG,MAAM,GAAG,CAAA,EAAG;;AAElC,QAAA,MAAMpD,WAAW,YAAA,CAAA,CAAcD,WAAW,CAACkD,mBAAAA,CAAoBzB,GAAG,CAAC6B,IAAAA,CAAK,IAAA,CAAA,CAAA,CAAA;AAC1E,IAAA;IAEA,IAAIP,gBAAAA,CAAiBM,MAAM,GAAG,CAAA,EAAG;QAC/B,MAAME,cAAAA,GAAiB,MAAMxB,cAAAA,CAAehC,MAAAA,EAAQgD,gBAAAA,CAAAA;AACpDI,QAAAA,mBAAAA,CAAoB7C,IAAI,CAAA,GAAIiD,cAAAA,CAAAA;AAC9B,IAAA;IAEA,IAAI,CAACb,iBAAiBK,gBAAAA,CAAiBM,MAAM,IAAIH,mBAAAA,CAAoBG,MAAK,CAAA,EAAI;QAC5E,MAAMpD,UAAAA,CAAW,WAAWuD,4BAA4B,EAAA;AAC1D,IAAA;IAEA,OAAOL,mBAAAA;AACT,CAAA;AAEA,MAAMpB,cAAAA,GAAiB,OAAOhC,MAAAA,EAAiBsC,WAAAA,GAAAA;AAC7C,IAAA,MAAM,EAAEoB,iBAAiB,EAAEC,UAAU,EAAE,GAAGzD,UAAAA,CAAW,YAAA,CAAA;IACrD,MAAM,EAAE0D,kBAAkB,EAAE,GAAGhC,gBAAAA;AAE/B,IAAA,MAAMkB,sBAAsBR,WAAAA,CACzBZ,GAAG,CAACmB,GAAAA,CAAI,MAAA,EAAQ7C,QACjB;;AAEC0B,KAAAA,GAAG,CAACkC,kBAAAA,CAAmBF,iBAAAA,CAAAA,CAAAA,CACvBhC,GAAG,CAACE,iBAAiBxE,MAAM,CAAA;AAE9B,IAAA,OAAOuG,UAAAA,CAAWb,mBAAAA,CAAAA;AACpB,CAAA;AAEA,MAAMe,mBAAAA,GAAsB,CAAC3G,MAAAA,GAAmBA,MAAAA,CAAO+D,OAAO,KAAKtF,oBAAAA;AAEnE;;AAEC,IACD,MAAMmI,0BAAAA,GAA6B,UAAA;AACjC,IAAA,MAAMlE,cAAAA,GAAiB,MAAMM,UAAAA,CAAW,MAAA,CAAA,CAAQL,aAAa,EAAA;AAC7D,IAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,QAAA;AACF,IAAA;AAEA,IAAA,MAAMmE,oBAAoB7D,UAAAA,CAAW,YAAA,CAAA;AACrC,IAAA,MAAM8D,qBAAqB9D,UAAAA,CAAW,cAAA,CAAA;AAEtC,IAAA,MAAMU,UAAAA,GAAamD,iBAAAA,CAAkBpD,cAAc,CAACE,MAAM,EAAA;AAE1D,IAAA,MAAMC,sBAAsBF,UAAAA,CAAWG,MAAM,CAAC,CAAC7D,SAAW2G,mBAAAA,CAAoB3G,MAAAA,CAAAA,CAAAA;AAC9E,IAAA,MAAM+G,eAAerD,UAAAA,CAAWG,MAAM,CAAC,CAAC7D,MAAAA,GAAW,CAAC2G,mBAAAA,CAAoB3G,MAAAA,CAAAA,CAAAA;;IAGxE,MAAMoF,WAAAA,GAAc0B,kBAAAA,CAAmBzC,8BAA8B,CACnET,mBAAAA,CAAAA;;AAIF,IAAA,MAAMoD,gBAAAA,GAAmBD,YAAAA,CAAaE,MAAM,CAAC,CAACC,GAAAA,EAAKlH,MAAAA,GAAAA;AACjD,QAAA,MAAM,EAAEuF,QAAQ,EAAE4B,QAAQ,EAAE,GAAGnH,MAAAA;AAE/B,QAAA,IAAIoH,QAAQD,QAAAA,CAAAA,EAAW;YACrBD,GAAAA,CAAI7D,IAAI,IACH8D,QAAAA,CAAS3C,GAAG,CAAC,CAAC6C,OAAAA,GAAY3C,gBAAAA,CAAiBxE,MAAM,CAAC;oBAAEF,MAAAA,EAAQuF,QAAAA;AAAU8B,oBAAAA;AAAQ,iBAAA,CAAA,CAAA,CAAA;QAErF,CAAA,MAAO;AACLH,YAAAA,GAAAA,CAAI7D,IAAI,CAACqB,gBAAAA,CAAiBxE,MAAM,CAAC;gBAAEF,MAAAA,EAAQuF;AAAS,aAAA,CAAA,CAAA;AACtD,QAAA;QAEA,OAAO2B,GAAAA;AACT,IAAA,CAAA,EAAG,EAAE,CAAA;AAEL9B,IAAAA,WAAAA,CAAY/B,IAAI,CAAA,GAAI2D,gBAAAA,CAAAA;AAEpB,IAAA,MAAMM,yBAA0B,MAAMvI,KAAAA,CAAMC,8BAA8B,CAACuI,IAAI,CAC7EnC,WAAAA,CAAAA;IAGF,MAAMD,iBAAAA,CAAkBzC,cAAAA,CAAed,EAAE,EAAE0F,sBAAAA,CAAAA;AAC7C,CAAA;AAEA;;IAGA,MAAME,oBAAoB,CAACC,IAAAA,GAAAA;AACzB,IAAA,MAAMzF,QAAQxB,UAAAA,CAAEyB,GAAG,CAACwF,IAAAA,EAAM,SAAS,EAAE,CAAA;AAErC,IAAA,OAAOzF,MAAMwC,GAAG,CAAC6B,IAAAA,CAAK,MAAA,CAAA,CAAA,CAASL,QAAQ,CAACxH,gBAAAA,CAAAA;AAC1C,CAAA;AAEA,MAAMkJ,SAAAA,GAAY;IAChBC,cAAAA,EAAgBnJ;AAClB,CAAA;AAEA,WAAe;AACbO,IAAAA,KAAAA;AACAI,IAAAA,YAAAA;AACAe,IAAAA,MAAAA;AACAmB,IAAAA,OAAAA;AACAI,IAAAA,qBAAAA;AACAI,IAAAA,IAAAA;AACAE,IAAAA,qBAAAA;AACAI,IAAAA,MAAAA;AACA9B,IAAAA,MAAAA;AACAkC,IAAAA,KAAAA;AACAQ,IAAAA,WAAAA;AACApB,IAAAA,aAAAA;AACAgB,IAAAA,aAAAA;AACAW,IAAAA,2BAAAA;AACAC,IAAAA,sBAAAA;AACAwB,IAAAA,4BAAAA;AACAD,IAAAA,cAAAA;AACA0C,IAAAA,iBAAAA;AACArC,IAAAA,iBAAAA;AACAyB,IAAAA,0BAAAA;AACApE,IAAAA,uBAAAA;AACAkF,IAAAA;AACF,CAAA;;;;"}
1	+ {"version":3,"file":"role.mjs","sources":["../../../../../server/src/services/role.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-explicit-any / // TODO: TS - Use database parameters interface when they are ready\n/ eslint-disable @typescript-eslint/default-param-last /\nimport _ from 'lodash';\nimport { set, omit, pick, prop, isArray, differenceWith, differenceBy, isEqual } from 'lodash/fp';\n\nimport { dates, arrays, hooks as hooksUtils, errors } from '@strapi/utils';\nimport type { Data } from '@strapi/types';\n\nimport permissionDomain from '../domain/permission';\nimport type { AdminUser, AdminRole, Permission } from '../../../shared/contracts/shared';\nimport type { Action } from '../domain/action';\n\nimport { validatePermissionsExist } from '../validation/permission';\nimport roleConstants from './constants';\nimport { getService } from '../utils';\n\nconst { SUPER_ADMIN_CODE, CONTENT_TYPE_SECTION } = roleConstants;\n\nconst { createAsyncSeriesWaterfallHook } = hooksUtils;\nconst { ApplicationError } = errors;\n\nconst hooks = {\n willResetSuperAdminPermissions: createAsyncSeriesWaterfallHook(),\n};\n\nconst ACTIONS = {\n publish: 'plugin::content-manager.explorer.publish',\n};\n\n// @ts-expect-error lodash types\nconst sanitizeRole: <T extends object>(obj: T) => Omit<T, 'users' \| 'permissions'> = omit([\n 'users',\n 'permissions',\n] as const);\n\nexport type AdminRoleWithUsersCount = AdminRole & { usersCount: number };\n\nconst COMPARABLE_FIELDS = ['conditions', 'properties', 'subject', 'action', 'actionParameters'];\nconst pickComparableFields = pick(COMPARABLE_FIELDS);\n\nconst jsonClean = <T extends object>(data: T): T => JSON.parse(JSON.stringify(data));\n\n/\n Compare two permissions\n /\nconst arePermissionsEqual = (p1: Permission, p2: Permission): boolean => {\n if (p1.action === p2.action) {\n return isEqual(jsonClean(pickComparableFields(p1)), jsonClean(pickComparableFields(p2)));\n }\n\n return false;\n};\n\n/\n Create and save a role in database\n * @param attributes A partial role object\n /\nconst create = async (attributes: Partial<AdminRole>): Promise<AdminRole> => {\n const alreadyExists = await exists({ name: attributes.name });\n\n if (alreadyExists) {\n throw new ApplicationError(\n `The name must be unique and a role with name \\`${attributes.name}\\` already exists.`\n );\n }\n const autoGeneratedCode = `${_.kebabCase(attributes.name)}-${dates.timestampCode()}`;\n\n const rolesWithCode = {\n ...attributes,\n code: attributes.code \|\| autoGeneratedCode,\n };\n\n const result = await strapi.db.query('admin::role').create({ data: rolesWithCode });\n strapi.eventHub.emit('role.create', { role: sanitizeRole(result) });\n\n return result;\n};\n\n/\n Find a role in database\n * @param params query params to find the role\n * @param populate\n /\nconst findOne = (params = {}, populate?: unknown): Promise<AdminRole> => {\n return strapi.db.query('admin::role').findOne({ where: params, populate });\n};\n\n/\n Find a role in database with usersCounts\n * @param params query params to find the role\n * @param populate\n /\nconst findOneWithUsersCount = async (\n params = {},\n populate?: unknown\n): Promise<AdminRoleWithUsersCount> => {\n const role = await strapi.db.query('admin::role').findOne({ where: params, populate });\n\n if (role) {\n role.usersCount = await getUsersCount(role.id);\n }\n\n return role;\n};\n\n/\n Find roles in database\n * @param params query params to find the roles\n * @param populate\n /\nconst find = (params = {}, populate: unknown): Promise<AdminRole[]> => {\n return strapi.db.query('admin::role').findMany({ where: params, populate });\n};\n\n/\n Find all roles in database\n /\nconst findAllWithUsersCount = async (params: any): Promise<AdminRoleWithUsersCount[]> => {\n const roles: AdminRoleWithUsersCount[] = await strapi.db\n .query('admin::role')\n .findMany(strapi.get('query-params').transform('admin::role', params));\n\n for (const role of roles) {\n role.usersCount = await getUsersCount(role.id);\n }\n\n return roles;\n};\n\n/\n Update a role in database\n * @param params query params to find the role to update\n * @param attributes A partial role object\n /\nconst update = async (params: any, attributes: Partial<AdminRole>): Promise<AdminRole> => {\n const sanitizedAttributes = _.omit(attributes, ['code']);\n\n if (_.has(params, 'id') && _.has(sanitizedAttributes, 'name')) {\n const alreadyExists = await exists({\n name: sanitizedAttributes.name,\n id: { $ne: params.id },\n });\n if (alreadyExists) {\n throw new ApplicationError(\n `The name must be unique and a role with name \\`${sanitizedAttributes.name}\\` already exists.`\n );\n }\n }\n\n const result = await strapi.db\n .query('admin::role')\n .update({ where: params, data: sanitizedAttributes });\n\n strapi.eventHub.emit('role.update', { role: sanitizeRole(result) });\n\n return result;\n};\n\n/\n Check if a role exists in database\n * @param params query params to find the role\n /\nconst exists = async (params = {} as unknown): Promise<boolean> => {\n const count = await strapi.db.query('admin::role').count({ where: params });\n return count > 0;\n};\n\n/\n Count the number of roles based on search params\n * @param params params used for the query\n /\nconst count = async (params = {} as any): Promise<number> => {\n return strapi.db.query('admin::role').count(params);\n};\n\n/\n Check if the given roles id can be deleted safely, throw otherwise\n * @param ids\n /\nconst checkRolesIdForDeletion = async (ids = [] as Data.ID[]) => {\n const superAdminRole = await getSuperAdmin();\n\n if (superAdminRole && arrays.includesString(ids, superAdminRole.id)) {\n throw new ApplicationError('You cannot delete the super admin role');\n }\n\n for (const roleId of ids) {\n const usersCount = await getUsersCount(roleId);\n if (usersCount !== 0) {\n throw new ApplicationError('Some roles are still assigned to some users');\n }\n }\n};\n\n/\n Delete roles in database if they have no user assigned\n * @param ids query params to find the roles\n /\nconst deleteByIds = async (ids = [] as Data.ID[]): Promise<AdminRole[]> => {\n await checkRolesIdForDeletion(ids);\n\n await getService('permission').deleteByRolesIds(ids);\n\n const deletedRoles: AdminRole[] = [];\n for (const id of ids) {\n const deletedRole = await strapi.db.query('admin::role').delete({ where: { id } });\n\n if (deletedRole) {\n strapi.eventHub.emit('role.delete', { role: deletedRole });\n deletedRoles.push(deletedRole);\n }\n }\n\n return deletedRoles;\n};\n\n/* Count the number of users for some roles\n /\nconst getUsersCount = async (roleId: Data.ID): Promise<number> => {\n return strapi.db.query('admin::user').count({ where: { roles: { id: roleId } } });\n};\n\n/* Returns admin role\n /\nconst getSuperAdmin = (): Promise<AdminRole \| undefined> => findOne({ code: SUPER_ADMIN_CODE });\n\n/* Returns admin role with userCount\n * @returns {Promise<role>}\n /\nconst getSuperAdminWithUsersCount = () => findOneWithUsersCount({ code: SUPER_ADMIN_CODE });\n\n/* Create superAdmin, Author and Editor role is no role already exist\n /\nconst createRolesIfNoneExist = async () => {\n const someRolesExist = await exists();\n if (someRolesExist) {\n return;\n }\n\n const { actionProvider } = getService('permission');\n\n const allActions = actionProvider.values();\n const contentTypesActions = allActions.filter((a) => a.section === 'contentTypes');\n\n // create 3 roles\n const superAdminRole = await create({\n name: 'Super Admin',\n code: 'strapi-super-admin',\n description: 'Super Admins can access and manage all features and settings.',\n });\n\n await getService('user').assignARoleToAll(superAdminRole.id);\n\n const editorRole = await create({\n name: 'Editor',\n code: 'strapi-editor',\n description: 'Editors can manage and publish contents including those of other users.',\n });\n\n const authorRole = await create({\n name: 'Author',\n code: 'strapi-author',\n description: 'Authors can manage the content they have created.',\n });\n\n // create content-type permissions for each role\n const editorPermissions = getService('content-type').getPermissionsWithNestedFields(\n contentTypesActions,\n {\n restrictedSubjects: ['plugin::users-permissions.user'],\n }\n );\n\n const authorPermissions = editorPermissions\n .filter(({ action }: any) => action !== ACTIONS.publish)\n .map((permission: any) =>\n permissionDomain.create({ ...permission, conditions: ['admin::is-creator'] })\n );\n\n editorPermissions.push(...getDefaultPluginPermissions());\n authorPermissions.push(...getDefaultPluginPermissions({ isAuthor: true }));\n\n // assign permissions to roles\n await addPermissions(editorRole.id, editorPermissions);\n await addPermissions(authorRole.id, authorPermissions);\n};\n\nconst getDefaultPluginPermissions = ({ isAuthor = false } = {}) => {\n const conditions = isAuthor ? ['admin::is-creator'] : [];\n\n // add plugin permissions for each role\n return [\n { action: 'plugin::upload.read', conditions },\n { action: 'plugin::upload.configure-view' },\n { action: 'plugin::upload.assets.create' },\n { action: 'plugin::upload.assets.update', conditions },\n { action: 'plugin::upload.assets.download' },\n { action: 'plugin::upload.assets.copy-link' },\n ].map(permissionDomain.create);\n};\n\n/* Display a warning if the role superAdmin doesn't exist\n * or if the role is not assigned to at least one user\n /\nconst displayWarningIfNoSuperAdmin = async () => {\n const superAdminRole = await getSuperAdminWithUsersCount();\n const someUsersExists = await getService('user').exists();\n\n if (!superAdminRole) {\n strapi.log.warn(\"Your application doesn't have a super admin role.\");\n } else if (someUsersExists && superAdminRole.usersCount === 0) {\n strapi.log.warn(\"Your application doesn't have a super admin user.\");\n }\n};\n\n/\n Assign permissions to a role\n * @param roleId - role Data.ID\n * @param {Array<Permission{action,subject,fields,conditions}>} permissions - permissions to assign to the role\n /\nconst assignPermissions = async (\n roleId: Data.ID,\n permissions: Array<Pick<Permission, 'action' \| 'subject' \| 'conditions'>> = []\n) => {\n await validatePermissionsExist(permissions);\n\n // Internal actions are not handled by the role service, so any permission\n // with an internal action is filtered out\n const internalActions = getService('permission')\n .actionProvider.values()\n .filter((action) => action.section === 'internal')\n .map((action) => action.actionId);\n\n const superAdmin = await getService('role').getSuperAdmin();\n const isSuperAdmin = superAdmin && superAdmin.id === roleId;\n const assignRole = set('role', roleId);\n\n const permissionsWithRole = permissions\n // Add the role attribute to every permission\n .map(assignRole)\n // Transform each permission into a Permission instance\n // @ts-expect-error - lodash set doesn't resolve the type appropriately\n .map(permissionDomain.create);\n\n const existingPermissions = await getService('permission').findMany({\n where: { role: { id: roleId } },\n populate: ['role'],\n });\n\n const permissionsToAdd = differenceWith(\n arePermissionsEqual,\n permissionsWithRole,\n existingPermissions\n ).filter((permission: Permission) => !internalActions.includes(permission.action));\n\n const permissionsToDelete = differenceWith(\n arePermissionsEqual,\n existingPermissions,\n permissionsWithRole\n ).filter((permission: Permission) => !internalActions.includes(permission.action));\n\n const permissionsToReturn = differenceBy('id', permissionsToDelete, existingPermissions);\n\n if (permissionsToDelete.length > 0) {\n // @ts-expect-error - lodash prop doesn't resolve the type appropriately\n await getService('permission').deleteByIds(permissionsToDelete.map(prop('id')));\n }\n\n if (permissionsToAdd.length > 0) {\n const newPermissions = await addPermissions(roleId, permissionsToAdd);\n permissionsToReturn.push(...newPermissions);\n }\n\n if (!isSuperAdmin && (permissionsToAdd.length \|\| permissionsToDelete.length)) {\n await getService('metrics').sendDidUpdateRolePermissions();\n }\n\n if (permissionsToAdd.length > 0 \|\| permissionsToDelete.length > 0) {\n await getService('api-token-admin').syncPermissionsForRole(roleId);\n }\n\n return permissionsToReturn;\n};\n\nconst addPermissions = async (roleId: Data.ID, permissions: any) => {\n const { conditionProvider, createMany } = getService('permission');\n const { sanitizeConditions } = permissionDomain;\n\n const permissionsWithRole = permissions\n .map(set('role', roleId))\n // @ts-expect-error - refactor domain/permission Condition type, as it's now expecting\n // a string but it should be a Condition interface\n .map(sanitizeConditions(conditionProvider))\n .map(permissionDomain.create);\n\n return createMany(permissionsWithRole);\n};\n\nconst isContentTypeAction = (action: Action) => action.section === CONTENT_TYPE_SECTION;\n\n/\n Reset super admin permissions (giving it all permissions)\n /\nconst resetSuperAdminPermissions = async () => {\n const superAdminRole = await getService('role').getSuperAdmin();\n if (!superAdminRole) {\n return;\n }\n\n const permissionService = getService('permission');\n const contentTypeService = getService('content-type');\n\n const allActions = permissionService.actionProvider.values() as Action[];\n\n const contentTypesActions = allActions.filter((action) => isContentTypeAction(action));\n const otherActions = allActions.filter((action) => !isContentTypeAction(action));\n\n // First, get the content-types permissions\n const permissions = contentTypeService.getPermissionsWithNestedFields(\n contentTypesActions\n ) as Permission[];\n\n // Then add every other permission\n const otherPermissions = otherActions.reduce((acc, action) => {\n const { actionId, subjects } = action;\n\n if (isArray(subjects)) {\n acc.push(\n ...subjects.map((subject) => permissionDomain.create({ action: actionId, subject }))\n );\n } else {\n acc.push(permissionDomain.create({ action: actionId }));\n }\n\n return acc;\n }, [] as Permission[]);\n\n permissions.push(...otherPermissions);\n\n const transformedPermissions = (await hooks.willResetSuperAdminPermissions.call(\n permissions\n )) as Permission[];\n\n await assignPermissions(superAdminRole.id, transformedPermissions);\n};\n\n/\n Check if a user object includes the super admin role\n */\nconst hasSuperAdminRole = (user: AdminUser): boolean => {\n const roles = _.get(user, 'roles', []) as AdminRole[];\n\n return roles.map(prop('code')).includes(SUPER_ADMIN_CODE);\n};\n\nconst constants = {\n superAdminCode: SUPER_ADMIN_CODE,\n};\n\nexport default {\n hooks,\n sanitizeRole,\n create,\n findOne,\n findOneWithUsersCount,\n find,\n findAllWithUsersCount,\n update,\n exists,\n count,\n deleteByIds,\n getUsersCount,\n getSuperAdmin,\n getSuperAdminWithUsersCount,\n createRolesIfNoneExist,\n displayWarningIfNoSuperAdmin,\n addPermissions,\n hasSuperAdminRole,\n assignPermissions,\n resetSuperAdminPermissions,\n checkRolesIdForDeletion,\n constants,\n};\n"],"names":["SUPER_ADMIN_CODE","CONTENT_TYPE_SECTION","roleConstants","createAsyncSeriesWaterfallHook","hooksUtils","ApplicationError","errors","hooks","willResetSuperAdminPermissions","ACTIONS","publish","sanitizeRole","omit","COMPARABLE_FIELDS","pickComparableFields","pick","jsonClean","data","JSON","parse","stringify","arePermissionsEqual","p1","p2","action","isEqual","create","attributes","alreadyExists","exists","name","autoGeneratedCode","_","kebabCase","dates","timestampCode","rolesWithCode","code","result","strapi","db","query","eventHub","emit","role","findOne","params","populate","where","findOneWithUsersCount","usersCount","getUsersCount","id","find","findMany","findAllWithUsersCount","roles","get","transform","update","sanitizedAttributes","has","$ne","count","checkRolesIdForDeletion","ids","superAdminRole","getSuperAdmin","arrays","includesString","roleId","deleteByIds","getService","deleteByRolesIds","deletedRoles","deletedRole","delete","push","getSuperAdminWithUsersCount","createRolesIfNoneExist","someRolesExist","actionProvider","allActions","values","contentTypesActions","filter","a","section","description","assignARoleToAll","editorRole","authorRole","editorPermissions","getPermissionsWithNestedFields","restrictedSubjects","authorPermissions","map","permission","permissionDomain","conditions","getDefaultPluginPermissions","isAuthor","addPermissions","displayWarningIfNoSuperAdmin","someUsersExists","log","warn","assignPermissions","permissions","validatePermissionsExist","internalActions","actionId","superAdmin","isSuperAdmin","assignRole","set","permissionsWithRole","existingPermissions","permissionsToAdd","differenceWith","includes","permissionsToDelete","permissionsToReturn","differenceBy","length","prop","newPermissions","sendDidUpdateRolePermissions","syncPermissionsForRole","conditionProvider","createMany","sanitizeConditions","isContentTypeAction","resetSuperAdminPermissions","permissionService","contentTypeService","otherActions","otherPermissions","reduce","acc","subjects","isArray","subject","transformedPermissions","call","hasSuperAdminRole","user","constants","superAdminCode"],"mappings":";;;;;;;;AAAA;AAgBA,MAAM,EAAEA,gBAAgB,EAAEC,oBAAoB,EAAE,GAAGC,WAAAA;AAEnD,MAAM,EAAEC,8BAA8B,EAAE,GAAGC,OAAAA;AAC3C,MAAM,EAAEC,gBAAgB,EAAE,GAAGC,MAAAA;AAE7B,MAAMC,KAAAA,GAAQ;IACZC,8BAAAA,EAAgCL,8BAAAA;AAClC,CAAA;AAEA,MAAMM,OAAAA,GAAU;IACdC,OAAAA,EAAS;AACX,CAAA;AAEA;AACA,MAAMC,eAA+EC,IAAAA,CAAK;AACxF,IAAA,OAAA;AACA,IAAA;AACD,CAAA,CAAA;AAID,MAAMC,iBAAAA,GAAoB;AAAC,IAAA,YAAA;AAAc,IAAA,YAAA;AAAc,IAAA,SAAA;AAAW,IAAA,QAAA;AAAU,IAAA;AAAmB,CAAA;AAC/F,MAAMC,uBAAuBC,IAAAA,CAAKF,iBAAAA,CAAAA;AAElC,MAAMG,SAAAA,GAAY,CAAmBC,IAAAA,GAAeC,IAAAA,CAAKC,KAAK,CAACD,IAAAA,CAAKE,SAAS,CAACH,IAAAA,CAAAA,CAAAA;AAE9E;;IAGA,MAAMI,mBAAAA,GAAsB,CAACC,EAAAA,EAAgBC,EAAAA,GAAAA;AAC3C,IAAA,IAAID,EAAAA,CAAGE,MAAM,KAAKD,EAAAA,CAAGC,MAAM,EAAE;AAC3B,QAAA,OAAOC,OAAAA,CAAQT,SAAAA,CAAUF,oBAAAA,CAAqBQ,EAAAA,CAAAA,CAAAA,EAAMN,UAAUF,oBAAAA,CAAqBS,EAAAA,CAAAA,CAAAA,CAAAA;AACrF,IAAA;IAEA,OAAO,KAAA;AACT,CAAA;AAEA;;;IAIA,MAAMG,SAAS,OAAOC,UAAAA,GAAAA;IACpB,MAAMC,aAAAA,GAAgB,MAAMC,MAAAA,CAAO;AAAEC,QAAAA,IAAAA,EAAMH,WAAWG;AAAK,KAAA,CAAA;AAE3D,IAAA,IAAIF,aAAAA,EAAe;QACjB,MAAM,IAAIvB,iBACR,CAAC,+CAA+C,EAAEsB,UAAAA,CAAWG,IAAI,CAAC,kBAAkB,CAAC,CAAA;AAEzF,IAAA;AACA,IAAA,MAAMC,iBAAAA,GAAoB,CAAA,EAAGC,UAAAA,CAAEC,SAAS,CAACN,UAAAA,CAAWG,IAAI,CAAA,CAAE,CAAC,EAAEI,KAAAA,CAAMC,aAAa,EAAA,CAAA,CAAI;AAEpF,IAAA,MAAMC,aAAAA,GAAgB;AACpB,QAAA,GAAGT,UAAU;QACbU,IAAAA,EAAMV,UAAAA,CAAWU,IAAI,IAAIN;AAC3B,KAAA;IAEA,MAAMO,MAAAA,GAAS,MAAMC,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAef,MAAM,CAAC;QAAET,IAAAA,EAAMmB;AAAc,KAAA,CAAA;AACjFG,IAAAA,MAAAA,CAAOG,QAAQ,CAACC,IAAI,CAAC,aAAA,EAAe;AAAEC,QAAAA,IAAAA,EAAMjC,YAAAA,CAAa2B,MAAAA;AAAQ,KAAA,CAAA;IAEjE,OAAOA,MAAAA;AACT,CAAA;AAEA;;;;AAIC,IACD,MAAMO,OAAAA,GAAU,CAACC,MAAAA,GAAS,EAAE,EAAEC,QAAAA,GAAAA;AAC5B,IAAA,OAAOR,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAeI,OAAO,CAAC;QAAEG,KAAAA,EAAOF,MAAAA;AAAQC,QAAAA;AAAS,KAAA,CAAA;AAC1E,CAAA;AAEA;;;;AAIC,IACD,MAAME,qBAAAA,GAAwB,OAC5BH,MAAAA,GAAS,EAAE,EACXC,QAAAA,GAAAA;IAEA,MAAMH,IAAAA,GAAO,MAAML,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAeI,OAAO,CAAC;QAAEG,KAAAA,EAAOF,MAAAA;AAAQC,QAAAA;AAAS,KAAA,CAAA;AAEpF,IAAA,IAAIH,IAAAA,EAAM;AACRA,QAAAA,IAAAA,CAAKM,UAAU,GAAG,MAAMC,aAAAA,CAAcP,KAAKQ,EAAE,CAAA;AAC/C,IAAA;IAEA,OAAOR,IAAAA;AACT,CAAA;AAEA;;;;AAIC,IACD,MAAMS,IAAAA,GAAO,CAACP,MAAAA,GAAS,EAAE,EAAEC,QAAAA,GAAAA;AACzB,IAAA,OAAOR,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAea,QAAQ,CAAC;QAAEN,KAAAA,EAAOF,MAAAA;AAAQC,QAAAA;AAAS,KAAA,CAAA;AAC3E,CAAA;AAEA;;IAGA,MAAMQ,wBAAwB,OAAOT,MAAAA,GAAAA;AACnC,IAAA,MAAMU,QAAmC,MAAMjB,MAAAA,CAAOC,EAAE,CACrDC,KAAK,CAAC,aAAA,CAAA,CACNa,QAAQ,CAACf,OAAOkB,GAAG,CAAC,cAAA,CAAA,CAAgBC,SAAS,CAAC,aAAA,EAAeZ,MAAAA,CAAAA,CAAAA;IAEhE,KAAK,MAAMF,QAAQY,KAAAA,CAAO;AACxBZ,QAAAA,IAAAA,CAAKM,UAAU,GAAG,MAAMC,aAAAA,CAAcP,KAAKQ,EAAE,CAAA;AAC/C,IAAA;IAEA,OAAOI,KAAAA;AACT,CAAA;AAEA;;;;IAKA,MAAMG,MAAAA,GAAS,OAAOb,MAAAA,EAAanB,UAAAA,GAAAA;AACjC,IAAA,MAAMiC,mBAAAA,GAAsB5B,UAAAA,CAAEpB,IAAI,CAACe,UAAAA,EAAY;AAAC,QAAA;AAAO,KAAA,CAAA;IAEvD,IAAIK,UAAAA,CAAE6B,GAAG,CAACf,MAAAA,EAAQ,SAASd,UAAAA,CAAE6B,GAAG,CAACD,mBAAAA,EAAqB,MAAA,CAAA,EAAS;QAC7D,MAAMhC,aAAAA,GAAgB,MAAMC,MAAAA,CAAO;AACjCC,YAAAA,IAAAA,EAAM8B,oBAAoB9B,IAAI;YAC9BsB,EAAAA,EAAI;AAAEU,gBAAAA,GAAAA,EAAKhB,OAAOM;AAAG;AACvB,SAAA,CAAA;AACA,QAAA,IAAIxB,aAAAA,EAAe;YACjB,MAAM,IAAIvB,iBACR,CAAC,+CAA+C,EAAEuD,mBAAAA,CAAoB9B,IAAI,CAAC,kBAAkB,CAAC,CAAA;AAElG,QAAA;AACF,IAAA;IAEA,MAAMQ,MAAAA,GAAS,MAAMC,MAAAA,CAAOC,EAAE,CAC3BC,KAAK,CAAC,aAAA,CAAA,CACNkB,MAAM,CAAC;QAAEX,KAAAA,EAAOF,MAAAA;QAAQ7B,IAAAA,EAAM2C;AAAoB,KAAA,CAAA;AAErDrB,IAAAA,MAAAA,CAAOG,QAAQ,CAACC,IAAI,CAAC,aAAA,EAAe;AAAEC,QAAAA,IAAAA,EAAMjC,YAAAA,CAAa2B,MAAAA;AAAQ,KAAA,CAAA;IAEjE,OAAOA,MAAAA;AACT,CAAA;AAEA;;;AAGC,IACD,MAAMT,MAAAA,GAAS,OAAOiB,MAAAA,GAAS,EAAa,GAAA;IAC1C,MAAMiB,KAAAA,GAAQ,MAAMxB,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,KAAK,CAAC;QAAEf,KAAAA,EAAOF;AAAO,KAAA,CAAA;AACzE,IAAA,OAAOiB,KAAAA,GAAQ,CAAA;AACjB,CAAA;AAEA;;;AAGC,IACD,MAAMA,KAAAA,GAAQ,OAAOjB,MAAAA,GAAS,EAAS,GAAA;AACrC,IAAA,OAAOP,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,KAAK,CAACjB,MAAAA,CAAAA;AAC9C,CAAA;AAEA;;;AAGC,IACD,MAAMkB,uBAAAA,GAA0B,OAAOC,GAAAA,GAAM,EAAE,GAAa;AAC1D,IAAA,MAAMC,iBAAiB,MAAMC,aAAAA,EAAAA;AAE7B,IAAA,IAAID,kBAAkBE,MAAAA,CAAOC,cAAc,CAACJ,GAAAA,EAAKC,cAAAA,CAAed,EAAE,CAAA,EAAG;AACnE,QAAA,MAAM,IAAI/C,gBAAAA,CAAiB,wCAAA,CAAA;AAC7B,IAAA;IAEA,KAAK,MAAMiE,UAAUL,GAAAA,CAAK;QACxB,MAAMf,UAAAA,GAAa,MAAMC,aAAAA,CAAcmB,MAAAA,CAAAA;AACvC,QAAA,IAAIpB,eAAe,CAAA,EAAG;AACpB,YAAA,MAAM,IAAI7C,gBAAAA,CAAiB,6CAAA,CAAA;AAC7B,QAAA;AACF,IAAA;AACF,CAAA;AAEA;;;AAGC,IACD,MAAMkE,WAAAA,GAAc,OAAON,GAAAA,GAAM,EAAE,GAAa;AAC9C,IAAA,MAAMD,uBAAAA,CAAwBC,GAAAA,CAAAA;IAE9B,MAAMO,UAAAA,CAAW,YAAA,CAAA,CAAcC,gBAAgB,CAACR,GAAAA,CAAAA;AAEhD,IAAA,MAAMS,eAA4B,EAAE;IACpC,KAAK,MAAMtB,MAAMa,GAAAA,CAAK;QACpB,MAAMU,WAAAA,GAAc,MAAMpC,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAemC,MAAM,CAAC;YAAE5B,KAAAA,EAAO;AAAEI,gBAAAA;AAAG;AAAE,SAAA,CAAA;AAEhF,QAAA,IAAIuB,WAAAA,EAAa;AACfpC,YAAAA,MAAAA,CAAOG,QAAQ,CAACC,IAAI,CAAC,aAAA,EAAe;gBAAEC,IAAAA,EAAM+B;AAAY,aAAA,CAAA;AACxDD,YAAAA,YAAAA,CAAaG,IAAI,CAACF,WAAAA,CAAAA;AACpB,QAAA;AACF,IAAA;IAEA,OAAOD,YAAAA;AACT,CAAA;AAEA;IAEA,MAAMvB,gBAAgB,OAAOmB,MAAAA,GAAAA;AAC3B,IAAA,OAAO/B,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,KAAK,CAAC;QAAEf,KAAAA,EAAO;YAAEQ,KAAAA,EAAO;gBAAEJ,EAAAA,EAAIkB;AAAO;AAAE;AAAE,KAAA,CAAA;AACjF,CAAA;AAEA;IAEA,MAAMH,aAAAA,GAAgB,IAAsCtB,OAAAA,CAAQ;QAAER,IAAAA,EAAMrC;AAAiB,KAAA,CAAA;AAE7F;;IAGA,MAAM8E,2BAAAA,GAA8B,IAAM7B,qBAAAA,CAAsB;QAAEZ,IAAAA,EAAMrC;AAAiB,KAAA,CAAA;AAEzF;AACC,IACD,MAAM+E,sBAAAA,GAAyB,UAAA;AAC7B,IAAA,MAAMC,iBAAiB,MAAMnD,MAAAA,EAAAA;AAC7B,IAAA,IAAImD,cAAAA,EAAgB;AAClB,QAAA;AACF,IAAA;AAEA,IAAA,MAAM,EAAEC,cAAc,EAAE,GAAGT,UAAAA,CAAW,YAAA,CAAA;IAEtC,MAAMU,UAAAA,GAAaD,eAAeE,MAAM,EAAA;IACxC,MAAMC,mBAAAA,GAAsBF,WAAWG,MAAM,CAAC,CAACC,CAAAA,GAAMA,CAAAA,CAAEC,OAAO,KAAK,cAAA,CAAA;;IAGnE,MAAMrB,cAAAA,GAAiB,MAAMxC,MAAAA,CAAO;QAClCI,IAAAA,EAAM,aAAA;QACNO,IAAAA,EAAM,oBAAA;QACNmD,WAAAA,EAAa;AACf,KAAA,CAAA;AAEA,IAAA,MAAMhB,UAAAA,CAAW,MAAA,CAAA,CAAQiB,gBAAgB,CAACvB,eAAed,EAAE,CAAA;IAE3D,MAAMsC,UAAAA,GAAa,MAAMhE,MAAAA,CAAO;QAC9BI,IAAAA,EAAM,QAAA;QACNO,IAAAA,EAAM,eAAA;QACNmD,WAAAA,EAAa;AACf,KAAA,CAAA;IAEA,MAAMG,UAAAA,GAAa,MAAMjE,MAAAA,CAAO;QAC9BI,IAAAA,EAAM,QAAA;QACNO,IAAAA,EAAM,eAAA;QACNmD,WAAAA,EAAa;AACf,KAAA,CAAA;;AAGA,IAAA,MAAMI,iBAAAA,GAAoBpB,UAAAA,CAAW,cAAA,CAAA,CAAgBqB,8BAA8B,CACjFT,mBAAAA,EACA;QACEU,kBAAAA,EAAoB;AAAC,YAAA;AAAiC;AACxD,KAAA,CAAA;AAGF,IAAA,MAAMC,oBAAoBH,iBAAAA,CACvBP,MAAM,CAAC,CAAC,EAAE7D,MAAM,EAAO,GAAKA,WAAWf,OAAAA,CAAQC,OAAO,EACtDsF,GAAG,CAAC,CAACC,UAAAA,GACJC,gBAAAA,CAAiBxE,MAAM,CAAC;AAAE,YAAA,GAAGuE,UAAU;YAAEE,UAAAA,EAAY;AAAC,gBAAA;AAAoB;AAAC,SAAA,CAAA,CAAA;AAG/EP,IAAAA,iBAAAA,CAAkBf,IAAI,CAAA,GAAIuB,2BAAAA,EAAAA,CAAAA;IAC1BL,iBAAAA,CAAkBlB,IAAI,IAAIuB,2BAAAA,CAA4B;QAAEC,QAAAA,EAAU;AAAK,KAAA,CAAA,CAAA;;IAGvE,MAAMC,cAAAA,CAAeZ,UAAAA,CAAWtC,EAAE,EAAEwC,iBAAAA,CAAAA;IACpC,MAAMU,cAAAA,CAAeX,UAAAA,CAAWvC,EAAE,EAAE2C,iBAAAA,CAAAA;AACtC,CAAA;AAEA,MAAMK,2BAAAA,GAA8B,CAAC,EAAEC,QAAAA,GAAW,KAAK,EAAE,GAAG,EAAE,GAAA;AAC5D,IAAA,MAAMF,aAAaE,QAAAA,GAAW;AAAC,QAAA;AAAoB,KAAA,GAAG,EAAE;;IAGxD,OAAO;AACL,QAAA;YAAE7E,MAAAA,EAAQ,qBAAA;AAAuB2E,YAAAA;AAAW,SAAA;AAC5C,QAAA;YAAE3E,MAAAA,EAAQ;AAAgC,SAAA;AAC1C,QAAA;YAAEA,MAAAA,EAAQ;AAA+B,SAAA;AACzC,QAAA;YAAEA,MAAAA,EAAQ,8BAAA;AAAgC2E,YAAAA;AAAW,SAAA;AACrD,QAAA;YAAE3E,MAAAA,EAAQ;AAAiC,SAAA;AAC3C,QAAA;YAAEA,MAAAA,EAAQ;AAAkC;KAC7C,CAACwE,GAAG,CAACE,gBAAAA,CAAiBxE,MAAM,CAAA;AAC/B,CAAA;AAEA;;AAEC,IACD,MAAM6E,4BAAAA,GAA+B,UAAA;AACnC,IAAA,MAAMrC,iBAAiB,MAAMY,2BAAAA,EAAAA;AAC7B,IAAA,MAAM0B,eAAAA,GAAkB,MAAMhC,UAAAA,CAAW,MAAA,CAAA,CAAQ3C,MAAM,EAAA;AAEvD,IAAA,IAAI,CAACqC,cAAAA,EAAgB;QACnB3B,MAAAA,CAAOkE,GAAG,CAACC,IAAI,CAAC,mDAAA,CAAA;AAClB,IAAA,CAAA,MAAO,IAAIF,eAAAA,IAAmBtC,cAAAA,CAAehB,UAAU,KAAK,CAAA,EAAG;QAC7DX,MAAAA,CAAOkE,GAAG,CAACC,IAAI,CAAC,mDAAA,CAAA;AAClB,IAAA;AACF,CAAA;AAEA;;;;AAIC,IACD,MAAMC,iBAAAA,GAAoB,OACxBrC,MAAAA,EACAsC,cAA4E,EAAE,GAAA;AAE9E,IAAA,MAAMC,wBAAAA,CAAyBD,WAAAA,CAAAA;;;IAI/B,MAAME,eAAAA,GAAkBtC,WAAW,YAAA,CAAA,CAChCS,cAAc,CAACE,MAAM,EAAA,CACrBE,MAAM,CAAC,CAAC7D,SAAWA,MAAAA,CAAO+D,OAAO,KAAK,UAAA,CAAA,CACtCS,GAAG,CAAC,CAACxE,MAAAA,GAAWA,OAAOuF,QAAQ,CAAA;AAElC,IAAA,MAAMC,UAAAA,GAAa,MAAMxC,UAAAA,CAAW,MAAA,CAAA,CAAQL,aAAa,EAAA;AACzD,IAAA,MAAM8C,YAAAA,GAAeD,UAAAA,IAAcA,UAAAA,CAAW5D,EAAE,KAAKkB,MAAAA;IACrD,MAAM4C,UAAAA,GAAaC,IAAI,MAAA,EAAQ7C,MAAAA,CAAAA;IAE/B,MAAM8C,mBAAAA,GAAsBR,WAC1B;KACCZ,GAAG,CAACkB,WACL;;KAEClB,GAAG,CAACE,iBAAiBxE,MAAM,CAAA;AAE9B,IAAA,MAAM2F,mBAAAA,GAAsB,MAAM7C,UAAAA,CAAW,YAAA,CAAA,CAAclB,QAAQ,CAAC;QAClEN,KAAAA,EAAO;YAAEJ,IAAAA,EAAM;gBAAEQ,EAAAA,EAAIkB;AAAO;AAAE,SAAA;QAC9BvB,QAAAA,EAAU;AAAC,YAAA;AAAO;AACpB,KAAA,CAAA;AAEA,IAAA,MAAMuE,gBAAAA,GAAmBC,cAAAA,CACvBlG,mBAAAA,EACA+F,mBAAAA,EACAC,qBACAhC,MAAM,CAAC,CAACY,UAAAA,GAA2B,CAACa,eAAAA,CAAgBU,QAAQ,CAACvB,WAAWzE,MAAM,CAAA,CAAA;AAEhF,IAAA,MAAMiG,mBAAAA,GAAsBF,cAAAA,CAC1BlG,mBAAAA,EACAgG,mBAAAA,EACAD,qBACA/B,MAAM,CAAC,CAACY,UAAAA,GAA2B,CAACa,eAAAA,CAAgBU,QAAQ,CAACvB,WAAWzE,MAAM,CAAA,CAAA;IAEhF,MAAMkG,mBAAAA,GAAsBC,YAAAA,CAAa,IAAA,EAAMF,mBAAAA,EAAqBJ,mBAAAA,CAAAA;IAEpE,IAAII,mBAAAA,CAAoBG,MAAM,GAAG,CAAA,EAAG;;AAElC,QAAA,MAAMpD,WAAW,YAAA,CAAA,CAAcD,WAAW,CAACkD,mBAAAA,CAAoBzB,GAAG,CAAC6B,IAAAA,CAAK,IAAA,CAAA,CAAA,CAAA;AAC1E,IAAA;IAEA,IAAIP,gBAAAA,CAAiBM,MAAM,GAAG,CAAA,EAAG;QAC/B,MAAME,cAAAA,GAAiB,MAAMxB,cAAAA,CAAehC,MAAAA,EAAQgD,gBAAAA,CAAAA;AACpDI,QAAAA,mBAAAA,CAAoB7C,IAAI,CAAA,GAAIiD,cAAAA,CAAAA;AAC9B,IAAA;IAEA,IAAI,CAACb,iBAAiBK,gBAAAA,CAAiBM,MAAM,IAAIH,mBAAAA,CAAoBG,MAAK,CAAA,EAAI;QAC5E,MAAMpD,UAAAA,CAAW,WAAWuD,4BAA4B,EAAA;AAC1D,IAAA;AAEA,IAAA,IAAIT,iBAAiBM,MAAM,GAAG,KAAKH,mBAAAA,CAAoBG,MAAM,GAAG,CAAA,EAAG;QACjE,MAAMpD,UAAAA,CAAW,iBAAA,CAAA,CAAmBwD,sBAAsB,CAAC1D,MAAAA,CAAAA;AAC7D,IAAA;IAEA,OAAOoD,mBAAAA;AACT,CAAA;AAEA,MAAMpB,cAAAA,GAAiB,OAAOhC,MAAAA,EAAiBsC,WAAAA,GAAAA;AAC7C,IAAA,MAAM,EAAEqB,iBAAiB,EAAEC,UAAU,EAAE,GAAG1D,UAAAA,CAAW,YAAA,CAAA;IACrD,MAAM,EAAE2D,kBAAkB,EAAE,GAAGjC,gBAAAA;AAE/B,IAAA,MAAMkB,sBAAsBR,WAAAA,CACzBZ,GAAG,CAACmB,GAAAA,CAAI,MAAA,EAAQ7C,QACjB;;AAEC0B,KAAAA,GAAG,CAACmC,kBAAAA,CAAmBF,iBAAAA,CAAAA,CAAAA,CACvBjC,GAAG,CAACE,iBAAiBxE,MAAM,CAAA;AAE9B,IAAA,OAAOwG,UAAAA,CAAWd,mBAAAA,CAAAA;AACpB,CAAA;AAEA,MAAMgB,mBAAAA,GAAsB,CAAC5G,MAAAA,GAAmBA,MAAAA,CAAO+D,OAAO,KAAKtF,oBAAAA;AAEnE;;AAEC,IACD,MAAMoI,0BAAAA,GAA6B,UAAA;AACjC,IAAA,MAAMnE,cAAAA,GAAiB,MAAMM,UAAAA,CAAW,MAAA,CAAA,CAAQL,aAAa,EAAA;AAC7D,IAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,QAAA;AACF,IAAA;AAEA,IAAA,MAAMoE,oBAAoB9D,UAAAA,CAAW,YAAA,CAAA;AACrC,IAAA,MAAM+D,qBAAqB/D,UAAAA,CAAW,cAAA,CAAA;AAEtC,IAAA,MAAMU,UAAAA,GAAaoD,iBAAAA,CAAkBrD,cAAc,CAACE,MAAM,EAAA;AAE1D,IAAA,MAAMC,sBAAsBF,UAAAA,CAAWG,MAAM,CAAC,CAAC7D,SAAW4G,mBAAAA,CAAoB5G,MAAAA,CAAAA,CAAAA;AAC9E,IAAA,MAAMgH,eAAetD,UAAAA,CAAWG,MAAM,CAAC,CAAC7D,MAAAA,GAAW,CAAC4G,mBAAAA,CAAoB5G,MAAAA,CAAAA,CAAAA;;IAGxE,MAAMoF,WAAAA,GAAc2B,kBAAAA,CAAmB1C,8BAA8B,CACnET,mBAAAA,CAAAA;;AAIF,IAAA,MAAMqD,gBAAAA,GAAmBD,YAAAA,CAAaE,MAAM,CAAC,CAACC,GAAAA,EAAKnH,MAAAA,GAAAA;AACjD,QAAA,MAAM,EAAEuF,QAAQ,EAAE6B,QAAQ,EAAE,GAAGpH,MAAAA;AAE/B,QAAA,IAAIqH,QAAQD,QAAAA,CAAAA,EAAW;YACrBD,GAAAA,CAAI9D,IAAI,IACH+D,QAAAA,CAAS5C,GAAG,CAAC,CAAC8C,OAAAA,GAAY5C,gBAAAA,CAAiBxE,MAAM,CAAC;oBAAEF,MAAAA,EAAQuF,QAAAA;AAAU+B,oBAAAA;AAAQ,iBAAA,CAAA,CAAA,CAAA;QAErF,CAAA,MAAO;AACLH,YAAAA,GAAAA,CAAI9D,IAAI,CAACqB,gBAAAA,CAAiBxE,MAAM,CAAC;gBAAEF,MAAAA,EAAQuF;AAAS,aAAA,CAAA,CAAA;AACtD,QAAA;QAEA,OAAO4B,GAAAA;AACT,IAAA,CAAA,EAAG,EAAE,CAAA;AAEL/B,IAAAA,WAAAA,CAAY/B,IAAI,CAAA,GAAI4D,gBAAAA,CAAAA;AAEpB,IAAA,MAAMM,yBAA0B,MAAMxI,KAAAA,CAAMC,8BAA8B,CAACwI,IAAI,CAC7EpC,WAAAA,CAAAA;IAGF,MAAMD,iBAAAA,CAAkBzC,cAAAA,CAAed,EAAE,EAAE2F,sBAAAA,CAAAA;AAC7C,CAAA;AAEA;;IAGA,MAAME,oBAAoB,CAACC,IAAAA,GAAAA;AACzB,IAAA,MAAM1F,QAAQxB,UAAAA,CAAEyB,GAAG,CAACyF,IAAAA,EAAM,SAAS,EAAE,CAAA;AAErC,IAAA,OAAO1F,MAAMwC,GAAG,CAAC6B,IAAAA,CAAK,MAAA,CAAA,CAAA,CAASL,QAAQ,CAACxH,gBAAAA,CAAAA;AAC1C,CAAA;AAEA,MAAMmJ,SAAAA,GAAY;IAChBC,cAAAA,EAAgBpJ;AAClB,CAAA;AAEA,WAAe;AACbO,IAAAA,KAAAA;AACAI,IAAAA,YAAAA;AACAe,IAAAA,MAAAA;AACAmB,IAAAA,OAAAA;AACAI,IAAAA,qBAAAA;AACAI,IAAAA,IAAAA;AACAE,IAAAA,qBAAAA;AACAI,IAAAA,MAAAA;AACA9B,IAAAA,MAAAA;AACAkC,IAAAA,KAAAA;AACAQ,IAAAA,WAAAA;AACApB,IAAAA,aAAAA;AACAgB,IAAAA,aAAAA;AACAW,IAAAA,2BAAAA;AACAC,IAAAA,sBAAAA;AACAwB,IAAAA,4BAAAA;AACAD,IAAAA,cAAAA;AACA2C,IAAAA,iBAAAA;AACAtC,IAAAA,iBAAAA;AACA0B,IAAAA,0BAAAA;AACArE,IAAAA,uBAAAA;AACAmF,IAAAA;AACF,CAAA;;;;"}