@strapi/plugin-users-permissions 0.0.0-next.d8f8da8f5b333be4a20563a1a15cd61350139956 → 0.0.0-next.d9724d67b33363354d7171a9f2265e1c42485e13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. package/admin/src/utils/formatPluginName.js +1 -1
  2. package/dist/admin/utils/formatPluginName.js +1 -1
  3. package/dist/admin/utils/formatPluginName.js.map +1 -1
  4. package/dist/admin/utils/formatPluginName.mjs +1 -1
  5. package/dist/admin/utils/formatPluginName.mjs.map +1 -1
  6. package/dist/server/controllers/content-manager-user.js +3 -3
  7. package/dist/server/controllers/content-manager-user.js.map +1 -1
  8. package/dist/server/controllers/content-manager-user.mjs +3 -3
  9. package/dist/server/controllers/content-manager-user.mjs.map +1 -1
  10. package/dist/server/controllers/validation/user.js +6 -1
  11. package/dist/server/controllers/validation/user.js.map +1 -1
  12. package/dist/server/controllers/validation/user.mjs +6 -1
  13. package/dist/server/controllers/validation/user.mjs.map +1 -1
  14. package/dist/server/routes/content-api/auth.js +139 -91
  15. package/dist/server/routes/content-api/auth.js.map +1 -1
  16. package/dist/server/routes/content-api/auth.mjs +139 -91
  17. package/dist/server/routes/content-api/auth.mjs.map +1 -1
  18. package/dist/server/routes/content-api/index.js +11 -9
  19. package/dist/server/routes/content-api/index.js.map +1 -1
  20. package/dist/server/routes/content-api/index.mjs +11 -9
  21. package/dist/server/routes/content-api/index.mjs.map +1 -1
  22. package/dist/server/routes/content-api/permissions.js +14 -7
  23. package/dist/server/routes/content-api/permissions.js.map +1 -1
  24. package/dist/server/routes/content-api/permissions.mjs +14 -7
  25. package/dist/server/routes/content-api/permissions.mjs.map +1 -1
  26. package/dist/server/routes/content-api/role.js +61 -27
  27. package/dist/server/routes/content-api/role.js.map +1 -1
  28. package/dist/server/routes/content-api/role.mjs +61 -27
  29. package/dist/server/routes/content-api/role.mjs.map +1 -1
  30. package/dist/server/routes/content-api/user.js +119 -57
  31. package/dist/server/routes/content-api/user.js.map +1 -1
  32. package/dist/server/routes/content-api/user.mjs +119 -57
  33. package/dist/server/routes/content-api/user.mjs.map +1 -1
  34. package/dist/server/routes/content-api/validation.js +216 -0
  35. package/dist/server/routes/content-api/validation.js.map +1 -0
  36. package/dist/server/routes/content-api/validation.mjs +214 -0
  37. package/dist/server/routes/content-api/validation.mjs.map +1 -0
  38. package/dist/server/services/users-permissions.js +4 -3
  39. package/dist/server/services/users-permissions.js.map +1 -1
  40. package/dist/server/services/users-permissions.mjs +4 -3
  41. package/dist/server/services/users-permissions.mjs.map +1 -1
  42. package/package.json +8 -7
  43. package/server/controllers/content-manager-user.js +3 -4
  44. package/server/controllers/validation/user.js +12 -1
  45. package/server/routes/content-api/auth.js +107 -71
  46. package/server/routes/content-api/index.js +11 -4
  47. package/server/routes/content-api/permissions.js +14 -7
  48. package/server/routes/content-api/role.js +57 -27
  49. package/server/routes/content-api/user.js +108 -51
  50. package/server/routes/content-api/validation.js +249 -0
  51. package/server/services/users-permissions.js +4 -2
package/dist/server/services/users-permissions.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"users-permissions.mjs","sources":["../../../server/services/users-permissions.js"],"sourcesContent":["'use strict';\n\nconst _ = require('lodash');\nconst { filter, map, pipe, prop } = require('lodash/fp');\nconst urlJoin = require('url-join');\nconst {\n template: { createStrictInterpolationRegExp },\n errors,\n objects,\n} = require('@strapi/utils');\n\nconst { getService } = require('../utils');\n\nconst DEFAULT_PERMISSIONS = [\n { action: 'plugin::users-permissions.auth.callback', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.connect', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.forgotPassword', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.resetPassword', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.register', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.emailConfirmation', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.sendEmailConfirmation', roleType: 'public' },\n { action: 'plugin::users-permissions.user.me', roleType: 'authenticated' },\n { action: 'plugin::users-permissions.auth.changePassword', roleType: 'authenticated' },\n];\n\nconst transformRoutePrefixFor = (pluginName) => (route) => {\n const prefix = route.config && route.config.prefix;\n const path = prefix !== undefined ? `${prefix}${route.path}` : `/${pluginName}${route.path}`;\n\n return {\n ...route,\n path,\n };\n};\n\nmodule.exports = ({ strapi }) => ({\n getActions({ defaultEnable = false } = {}) {\n const actionMap = {};\n\n const isContentApi = (action) => {\n if (!_.has(action, Symbol.for('__type__'))) {\n return false;\n }\n\n return action[Symbol.for('__type__')].includes('content-api');\n };\n\n _.forEach(strapi.apis, (api, apiName) => {\n const controllers = _.reduce(\n api.controllers,\n (acc, controller, controllerName) => {\n const contentApiActions = _.pickBy(controller, isContentApi);\n\n if (_.isEmpty(contentApiActions)) {\n return acc;\n }\n\n acc[controllerName] = _.mapValues(contentApiActions, () => {\n return {\n enabled: defaultEnable,\n policy: '',\n };\n });\n\n return acc;\n },\n {}\n );\n\n if (!_.isEmpty(controllers)) {\n actionMap[`api::${apiName}`] = { controllers };\n }\n });\n\n _.forEach(strapi.plugins, (plugin, pluginName) => {\n const controllers = _.reduce(\n plugin.controllers,\n (acc, controller, controllerName) => {\n const contentApiActions = _.pickBy(controller, isContentApi);\n\n if (_.isEmpty(contentApiActions)) {\n return acc;\n }\n\n acc[controllerName] = _.mapValues(contentApiActions, () => {\n return {\n enabled: defaultEnable,\n policy: '',\n };\n });\n\n return acc;\n },\n {}\n );\n\n if (!_.isEmpty(controllers)) {\n actionMap[`plugin::${pluginName}`] = { controllers };\n }\n });\n\n return actionMap;\n },\n\n async getRoutes() {\n const routesMap = {};\n\n _.forEach(strapi.apis, (api, apiName) => {\n const routes = _.flatMap(api.routes, (route) => {\n if (_.has(route, 'routes')) {\n return route.routes;\n }\n\n return route;\n }).filter((route) => route.info.type === 'content-api');\n\n if (routes.length === 0) {\n return;\n }\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n routesMap[`api::${apiName}`] = routes.map((route) => ({\n ...route,\n path: urlJoin(apiPrefix, route.path),\n }));\n });\n\n _.forEach(strapi.plugins, (plugin, pluginName) => {\n const transformPrefix = transformRoutePrefixFor(pluginName);\n\n const routes = _.flatMap(plugin.routes, (route) => {\n if (_.has(route, 'routes')) {\n return route.routes.map(transformPrefix);\n }\n\n return transformPrefix(route);\n }).filter((route) => route.info.type === 'content-api');\n\n if (routes.length === 0) {\n return;\n }\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n routesMap[`plugin::${pluginName}`] = routes.map((route) => ({\n ...route,\n path: urlJoin(apiPrefix, route.path),\n }));\n });\n\n return routesMap;\n },\n\n async syncPermissions() {\n const roles = await strapi.db.query('plugin::users-permissions.role').findMany();\n const dbPermissions = await strapi.db.query('plugin::users-permissions.permission').findMany();\n\n const permissionsFoundInDB = _.uniq(_.map(dbPermissions, 'action'));\n\n const appActions = _.flatMap(strapi.apis, (api, apiName) => {\n return _.flatMap(api.controllers, (controller, controllerName) => {\n return _.keys(controller).map((actionName) => {\n return `api::${apiName}.${controllerName}.${actionName}`;\n });\n });\n });\n\n const pluginsActions = _.flatMap(strapi.plugins, (plugin, pluginName) => {\n return _.flatMap(plugin.controllers, (controller, controllerName) => {\n return _.keys(controller).map((actionName) => {\n return `plugin::${pluginName}.${controllerName}.${actionName}`;\n });\n });\n });\n\n const allActions = [...appActions, ...pluginsActions];\n\n const toDelete = _.difference(permissionsFoundInDB, allActions);\n\n await Promise.all(\n toDelete.map((action) => {\n return strapi.db\n .query('plugin::users-permissions.permission')\n .delete({ where: { action } });\n })\n );\n\n if (permissionsFoundInDB.length === 0) {\n // create default permissions\n for (const role of roles) {\n const toCreate = pipe(\n filter(({ roleType }) => roleType === role.type || roleType === null),\n map(prop('action'))\n )(DEFAULT_PERMISSIONS);\n\n await Promise.all(\n toCreate.map((action) => {\n return strapi.db.query('plugin::users-permissions.permission').create({\n data: {\n action,\n role: role.id,\n },\n });\n })\n );\n }\n }\n },\n\n async initialize() {\n const roleCount = await strapi.db.query('plugin::users-permissions.role').count();\n\n if (roleCount === 0) {\n await strapi.db.query('plugin::users-permissions.role').create({\n data: {\n name: 'Authenticated',\n description: 'Default role given to authenticated user.',\n type: 'authenticated',\n },\n });\n\n await strapi.db.query('plugin::users-permissions.role').create({\n data: {\n name: 'Public',\n description: 'Default role given to unauthenticated user.',\n type: 'public',\n },\n });\n }\n\n return getService('users-permissions').syncPermissions();\n },\n\n async updateUserRole(user, role) {\n return strapi.db\n .query('plugin::users-permissions.user')\n .update({ where: { id: user.id }, data: { role } });\n },\n\n template(layout, data) {\n const allowedTemplateVariables = objects.keysDeep(data);\n\n // Create a strict interpolation RegExp based on possible variable names\n const interpolate = createStrictInterpolationRegExp(allowedTemplateVariables, 'g');\n\n try {\n return _.template(layout, { interpolate, evaluate: false, escape: false })(data);\n } catch (e) {\n throw new errors.ApplicationError('Invalid email template');\n }\n },\n});\n"],"names":["_","require$$0","filter","map","pipe","prop","require$$1","urlJoin","require$$2","template","createStrictInterpolationRegExp","errors","objects","require$$3","getService","require$$4","DEFAULT_PERMISSIONS","action","roleType","transformRoutePrefixFor","pluginName","route","prefix","config","path","undefined","usersPermissions","strapi","getActions","defaultEnable","actionMap","isContentApi","has","Symbol","for","includes","forEach","apis","api","apiName","controllers","reduce","acc","controller","controllerName","contentApiActions","pickBy","isEmpty","mapValues","enabled","policy","plugins","plugin","getRoutes","routesMap","routes","flatMap","info","type","length","apiPrefix","get","transformPrefix","syncPermissions","roles","db","query","findMany","dbPermissions","permissionsFoundInDB","uniq","appActions","keys","actionName","pluginsActions","allActions","toDelete","difference","Promise","all","delete","where","role","toCreate","create","data","id","initialize","roleCount","count","name","description","updateUserRole","user","update","layout","allowedTemplateVariables","keysDeep","interpolate","evaluate","escape","e","ApplicationError"],"mappings":";;;;;;;;;;;AAEA,IAAA,MAAMA,CAAIC,GAAAA,UAAAA;IACV,MAAM,EAAEC,MAAM,EAAEC,GAAG,EAAEC,IAAI,EAAEC,IAAI,EAAE,GAAGC,YAAAA;AACpC,IAAA,MAAMC,OAAUC,GAAAA,UAAAA;IAChB,MAAM,EACJC,QAAU,EAAA,EAAEC,+BAA+B,EAAE,EAC7CC,MAAM,EACNC,OAAO,EACR,GAAGC,UAAAA;IAEJ,MAAM,EAAEC,UAAU,EAAE,GAAGC,YAAAA,EAAAA;AAEvB,IAAA,MAAMC,mBAAsB,GAAA;AAC1B,QAAA;YAAEC,MAAQ,EAAA,yCAAA;YAA2CC,QAAU,EAAA;AAAU,SAAA;AACzE,QAAA;YAAED,MAAQ,EAAA,wCAAA;YAA0CC,QAAU,EAAA;AAAU,SAAA;AACxE,QAAA;YAAED,MAAQ,EAAA,+CAAA;YAAiDC,QAAU,EAAA;AAAU,SAAA;AAC/E,QAAA;YAAED,MAAQ,EAAA,8CAAA;YAAgDC,QAAU,EAAA;AAAU,SAAA;AAC9E,QAAA;YAAED,MAAQ,EAAA,yCAAA;YAA2CC,QAAU,EAAA;AAAU,SAAA;AACzE,QAAA;YAAED,MAAQ,EAAA,kDAAA;YAAoDC,QAAU,EAAA;AAAU,SAAA;AAClF,QAAA;YAAED,MAAQ,EAAA,sDAAA;YAAwDC,QAAU,EAAA;AAAU,SAAA;AACtF,QAAA;YAAED,MAAQ,EAAA,mCAAA;YAAqCC,QAAU,EAAA;AAAiB,SAAA;AAC1E,QAAA;YAAED,MAAQ,EAAA,+CAAA;YAAiDC,QAAU,EAAA;AAAiB;AACvF,KAAA;IAED,MAAMC,uBAAAA,GAA0B,CAACC,UAAAA,GAAe,CAACC,KAAAA,GAAAA;AAC/C,YAAA,MAAMC,SAASD,KAAME,CAAAA,MAAM,IAAIF,KAAME,CAAAA,MAAM,CAACD,MAAM;YAClD,MAAME,IAAAA,GAAOF,WAAWG,SAAY,GAAA,CAAC,EAAEH,MAAO,CAAA,EAAED,MAAMG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAEJ,UAAAA,CAAW,EAAEC,KAAMG,CAAAA,IAAI,CAAC,CAAC;YAE5F,OAAO;AACL,gBAAA,GAAGH,KAAK;AACRG,gBAAAA;AACJ,aAAA;AACA,SAAA;AAEAE,IAAAA,gBAAAA,GAAiB,CAAC,EAAEC,MAAM,EAAE,IAAM;AAChCC,YAAAA,UAAAA,CAAAA,CAAW,EAAEC,aAAgB,GAAA,KAAK,EAAE,GAAG,EAAE,EAAA;AACvC,gBAAA,MAAMC,YAAY,EAAA;AAElB,gBAAA,MAAMC,eAAe,CAACd,MAAAA,GAAAA;oBACpB,IAAI,CAACjB,EAAEgC,GAAG,CAACf,QAAQgB,MAAOC,CAAAA,GAAG,CAAC,UAAc,CAAA,CAAA,EAAA;wBAC1C,OAAO,KAAA;AACR;oBAED,OAAOjB,MAAM,CAACgB,MAAOC,CAAAA,GAAG,CAAC,UAAY,CAAA,CAAA,CAACC,QAAQ,CAAC,aAAA,CAAA;AACrD,iBAAA;AAEInC,gBAAAA,CAAAA,CAAEoC,OAAO,CAACT,MAAAA,CAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;oBAC3B,MAAMC,WAAAA,GAAcxC,EAAEyC,MAAM,CAC1BH,IAAIE,WAAW,EACf,CAACE,GAAAA,EAAKC,UAAYC,EAAAA,cAAAA,GAAAA;AAChB,wBAAA,MAAMC,iBAAoB7C,GAAAA,CAAAA,CAAE8C,MAAM,CAACH,UAAYZ,EAAAA,YAAAA,CAAAA;wBAE/C,IAAI/B,CAAAA,CAAE+C,OAAO,CAACF,iBAAoB,CAAA,EAAA;4BAChC,OAAOH,GAAAA;AACR;AAEDA,wBAAAA,GAAG,CAACE,cAAe,CAAA,GAAG5C,CAAEgD,CAAAA,SAAS,CAACH,iBAAmB,EAAA,IAAA;4BACnD,OAAO;gCACLI,OAASpB,EAAAA,aAAAA;gCACTqB,MAAQ,EAAA;AACtB,6BAAA;AACA,yBAAA,CAAA;wBAEU,OAAOR,GAAAA;AACR,qBAAA,EACD,EAAE,CAAA;AAGJ,oBAAA,IAAI,CAAC1C,CAAAA,CAAE+C,OAAO,CAACP,WAAc,CAAA,EAAA;AAC3BV,wBAAAA,SAAS,CAAC,CAAC,KAAK,EAAES,OAAQ,CAAA,CAAC,CAAC,GAAG;AAAEC,4BAAAA;;AAClC;AACP,iBAAA,CAAA;AAEIxC,gBAAAA,CAAAA,CAAEoC,OAAO,CAACT,MAAAA,CAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;oBACjC,MAAMoB,WAAAA,GAAcxC,EAAEyC,MAAM,CAC1BW,OAAOZ,WAAW,EAClB,CAACE,GAAAA,EAAKC,UAAYC,EAAAA,cAAAA,GAAAA;AAChB,wBAAA,MAAMC,iBAAoB7C,GAAAA,CAAAA,CAAE8C,MAAM,CAACH,UAAYZ,EAAAA,YAAAA,CAAAA;wBAE/C,IAAI/B,CAAAA,CAAE+C,OAAO,CAACF,iBAAoB,CAAA,EAAA;4BAChC,OAAOH,GAAAA;AACR;AAEDA,wBAAAA,GAAG,CAACE,cAAe,CAAA,GAAG5C,CAAEgD,CAAAA,SAAS,CAACH,iBAAmB,EAAA,IAAA;4BACnD,OAAO;gCACLI,OAASpB,EAAAA,aAAAA;gCACTqB,MAAQ,EAAA;AACtB,6BAAA;AACA,yBAAA,CAAA;wBAEU,OAAOR,GAAAA;AACR,qBAAA,EACD,EAAE,CAAA;AAGJ,oBAAA,IAAI,CAAC1C,CAAAA,CAAE+C,OAAO,CAACP,WAAc,CAAA,EAAA;AAC3BV,wBAAAA,SAAS,CAAC,CAAC,QAAQ,EAAEV,UAAW,CAAA,CAAC,CAAC,GAAG;AAAEoB,4BAAAA;;AACxC;AACP,iBAAA,CAAA;gBAEI,OAAOV,SAAAA;AACR,aAAA;YAED,MAAMuB,SAAAA,CAAAA,GAAAA;AACJ,gBAAA,MAAMC,YAAY,EAAA;AAElBtD,gBAAAA,CAAAA,CAAEoC,OAAO,CAACT,MAAAA,CAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;AAC3B,oBAAA,MAAMgB,SAASvD,CAAEwD,CAAAA,OAAO,CAAClB,GAAIiB,CAAAA,MAAM,EAAE,CAAClC,KAAAA,GAAAA;AACpC,wBAAA,IAAIrB,CAAEgC,CAAAA,GAAG,CAACX,KAAAA,EAAO,QAAW,CAAA,EAAA;AAC1B,4BAAA,OAAOA,MAAMkC,MAAM;AACpB;wBAED,OAAOlC,KAAAA;qBACNnB,CAAAA,CAAAA,MAAM,CAAC,CAACmB,KAAAA,GAAUA,MAAMoC,IAAI,CAACC,IAAI,KAAK,aAAA,CAAA;oBAEzC,IAAIH,MAAAA,CAAOI,MAAM,KAAK,CAAG,EAAA;AACvB,wBAAA;AACD;AAED,oBAAA,MAAMC,SAAYjC,GAAAA,MAAAA,CAAOJ,MAAM,CAACsC,GAAG,CAAC,iBAAA,CAAA;AACpCP,oBAAAA,SAAS,CAAC,CAAC,KAAK,EAAEf,OAAQ,CAAA,CAAC,CAAC,GAAGgB,MAAOpD,CAAAA,GAAG,CAAC,CAACkB,SAAW;AACpD,4BAAA,GAAGA,KAAK;4BACRG,IAAMjB,EAAAA,OAAAA,CAAQqD,SAAWvC,EAAAA,KAAAA,CAAMG,IAAI;yBACpC,CAAA,CAAA;AACP,iBAAA,CAAA;AAEIxB,gBAAAA,CAAAA,CAAEoC,OAAO,CAACT,MAAAA,CAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;AACjC,oBAAA,MAAM0C,kBAAkB3C,uBAAwBC,CAAAA,UAAAA,CAAAA;AAEhD,oBAAA,MAAMmC,SAASvD,CAAEwD,CAAAA,OAAO,CAACJ,MAAOG,CAAAA,MAAM,EAAE,CAAClC,KAAAA,GAAAA;AACvC,wBAAA,IAAIrB,CAAEgC,CAAAA,GAAG,CAACX,KAAAA,EAAO,QAAW,CAAA,EAAA;AAC1B,4BAAA,OAAOA,KAAMkC,CAAAA,MAAM,CAACpD,GAAG,CAAC2D,eAAAA,CAAAA;AACzB;AAED,wBAAA,OAAOA,eAAgBzC,CAAAA,KAAAA,CAAAA;qBACtBnB,CAAAA,CAAAA,MAAM,CAAC,CAACmB,KAAAA,GAAUA,MAAMoC,IAAI,CAACC,IAAI,KAAK,aAAA,CAAA;oBAEzC,IAAIH,MAAAA,CAAOI,MAAM,KAAK,CAAG,EAAA;AACvB,wBAAA;AACD;AAED,oBAAA,MAAMC,SAAYjC,GAAAA,MAAAA,CAAOJ,MAAM,CAACsC,GAAG,CAAC,iBAAA,CAAA;AACpCP,oBAAAA,SAAS,CAAC,CAAC,QAAQ,EAAElC,UAAW,CAAA,CAAC,CAAC,GAAGmC,MAAOpD,CAAAA,GAAG,CAAC,CAACkB,SAAW;AAC1D,4BAAA,GAAGA,KAAK;4BACRG,IAAMjB,EAAAA,OAAAA,CAAQqD,SAAWvC,EAAAA,KAAAA,CAAMG,IAAI;yBACpC,CAAA,CAAA;AACP,iBAAA,CAAA;gBAEI,OAAO8B,SAAAA;AACR,aAAA;YAED,MAAMS,eAAAA,CAAAA,GAAAA;gBACJ,MAAMC,KAAAA,GAAQ,MAAMrC,MAAOsC,CAAAA,EAAE,CAACC,KAAK,CAAC,kCAAkCC,QAAQ,EAAA;gBAC9E,MAAMC,aAAAA,GAAgB,MAAMzC,MAAOsC,CAAAA,EAAE,CAACC,KAAK,CAAC,wCAAwCC,QAAQ,EAAA;AAE5F,gBAAA,MAAME,uBAAuBrE,CAAEsE,CAAAA,IAAI,CAACtE,CAAEG,CAAAA,GAAG,CAACiE,aAAe,EAAA,QAAA,CAAA,CAAA;gBAEzD,MAAMG,UAAAA,GAAavE,EAAEwD,OAAO,CAAC7B,OAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;AAC9C,oBAAA,OAAOvC,EAAEwD,OAAO,CAAClB,IAAIE,WAAW,EAAE,CAACG,UAAYC,EAAAA,cAAAA,GAAAA;AAC7C,wBAAA,OAAO5C,EAAEwE,IAAI,CAAC7B,UAAYxC,CAAAA,CAAAA,GAAG,CAAC,CAACsE,UAAAA,GAAAA;4BAC7B,OAAO,CAAC,KAAK,EAAElC,OAAQ,CAAA,CAAC,EAAEK,cAAe,CAAA,CAAC,EAAE6B,UAAAA,CAAW,CAAC;AAClE,yBAAA,CAAA;AACA,qBAAA,CAAA;AACA,iBAAA,CAAA;gBAEI,MAAMC,cAAAA,GAAiB1E,EAAEwD,OAAO,CAAC7B,OAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;AACxD,oBAAA,OAAOpB,EAAEwD,OAAO,CAACJ,OAAOZ,WAAW,EAAE,CAACG,UAAYC,EAAAA,cAAAA,GAAAA;AAChD,wBAAA,OAAO5C,EAAEwE,IAAI,CAAC7B,UAAYxC,CAAAA,CAAAA,GAAG,CAAC,CAACsE,UAAAA,GAAAA;4BAC7B,OAAO,CAAC,QAAQ,EAAErD,UAAW,CAAA,CAAC,EAAEwB,cAAe,CAAA,CAAC,EAAE6B,UAAAA,CAAW,CAAC;AACxE,yBAAA,CAAA;AACA,qBAAA,CAAA;AACA,iBAAA,CAAA;AAEI,gBAAA,MAAME,UAAa,GAAA;AAAIJ,oBAAAA,GAAAA,UAAAA;AAAeG,oBAAAA,GAAAA;AAAe,iBAAA;AAErD,gBAAA,MAAME,QAAW5E,GAAAA,CAAAA,CAAE6E,UAAU,CAACR,oBAAsBM,EAAAA,UAAAA,CAAAA;AAEpD,gBAAA,MAAMG,QAAQC,GAAG,CACfH,QAASzE,CAAAA,GAAG,CAAC,CAACc,MAAAA,GAAAA;AACZ,oBAAA,OAAOU,OAAOsC,EAAE,CACbC,KAAK,CAAC,sCAAA,CAAA,CACNc,MAAM,CAAC;wBAAEC,KAAO,EAAA;AAAEhE,4BAAAA;AAAM;AAAI,qBAAA,CAAA;AACvC,iBAAA,CAAA,CAAA;gBAGI,IAAIoD,oBAAAA,CAAqBV,MAAM,KAAK,CAAG,EAAA;;oBAErC,KAAK,MAAMuB,QAAQlB,KAAO,CAAA;AACxB,wBAAA,MAAMmB,WAAW/E,IACfF,CAAAA,MAAAA,CAAO,CAAC,EAAEgB,QAAQ,EAAE,GAAKA,QAAagE,KAAAA,IAAAA,CAAKxB,IAAI,IAAIxC,QAAAA,KAAa,IAChEf,CAAAA,EAAAA,GAAAA,CAAIE,KAAK,QACTW,CAAAA,CAAAA,CAAAA,CAAAA,mBAAAA,CAAAA;AAEF,wBAAA,MAAM8D,QAAQC,GAAG,CACfI,QAAShF,CAAAA,GAAG,CAAC,CAACc,MAAAA,GAAAA;AACZ,4BAAA,OAAOU,OAAOsC,EAAE,CAACC,KAAK,CAAC,sCAAA,CAAA,CAAwCkB,MAAM,CAAC;gCACpEC,IAAM,EAAA;AACJpE,oCAAAA,MAAAA;AACAiE,oCAAAA,IAAAA,EAAMA,KAAKI;AACZ;AACf,6BAAA,CAAA;AACA,yBAAA,CAAA,CAAA;AAEO;AACF;AACF,aAAA;YAED,MAAMC,UAAAA,CAAAA,GAAAA;gBACJ,MAAMC,SAAAA,GAAY,MAAM7D,MAAOsC,CAAAA,EAAE,CAACC,KAAK,CAAC,kCAAkCuB,KAAK,EAAA;AAE/E,gBAAA,IAAID,cAAc,CAAG,EAAA;AACnB,oBAAA,MAAM7D,OAAOsC,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCkB,MAAM,CAAC;wBAC7DC,IAAM,EAAA;4BACJK,IAAM,EAAA,eAAA;4BACNC,WAAa,EAAA,2CAAA;4BACbjC,IAAM,EAAA;AACP;AACT,qBAAA,CAAA;AAEM,oBAAA,MAAM/B,OAAOsC,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCkB,MAAM,CAAC;wBAC7DC,IAAM,EAAA;4BACJK,IAAM,EAAA,QAAA;4BACNC,WAAa,EAAA,6CAAA;4BACbjC,IAAM,EAAA;AACP;AACT,qBAAA,CAAA;AACK;gBAED,OAAO5C,UAAAA,CAAW,qBAAqBiD,eAAe,EAAA;AACvD,aAAA;YAED,MAAM6B,cAAAA,CAAAA,CAAeC,IAAI,EAAEX,IAAI,EAAA;AAC7B,gBAAA,OAAOvD,OAAOsC,EAAE,CACbC,KAAK,CAAC,gCAAA,CAAA,CACN4B,MAAM,CAAC;oBAAEb,KAAO,EAAA;AAAEK,wBAAAA,EAAAA,EAAIO,KAAKP;AAAI,qBAAA;oBAAED,IAAM,EAAA;AAAEH,wBAAAA;AAAM;AAAA,iBAAA,CAAA;AACnD,aAAA;YAEDzE,QAASsF,CAAAA,CAAAA,MAAM,EAAEV,IAAI,EAAA;gBACnB,MAAMW,wBAAAA,GAA2BpF,OAAQqF,CAAAA,QAAQ,CAACZ,IAAAA,CAAAA;;gBAGlD,MAAMa,WAAAA,GAAcxF,gCAAgCsF,wBAA0B,EAAA,GAAA,CAAA;gBAE9E,IAAI;oBACF,OAAOhG,CAAAA,CAAES,QAAQ,CAACsF,MAAQ,EAAA;AAAEG,wBAAAA,WAAAA;wBAAaC,QAAU,EAAA,KAAA;wBAAOC,MAAQ,EAAA;qBAASf,CAAAA,CAAAA,IAAAA,CAAAA;AAC5E,iBAAA,CAAC,OAAOgB,CAAG,EAAA;oBACV,MAAM,IAAI1F,MAAO2F,CAAAA,gBAAgB,CAAC,wBAAA,CAAA;AACnC;AACF;SACH,CAAA;;;;;;"}
1
+ {"version":3,"file":"users-permissions.mjs","sources":["../../../server/services/users-permissions.js"],"sourcesContent":["'use strict';\n\nconst _ = require('lodash');\nconst { filter, map, pipe, prop } = require('lodash/fp');\nconst urlJoin = require('url-join');\nconst {\n template: { createStrictInterpolationRegExp },\n errors,\n objects,\n sanitizeRoutesMapForSerialization,\n} = require('@strapi/utils');\n\nconst { getService } = require('../utils');\n\nconst DEFAULT_PERMISSIONS = [\n { action: 'plugin::users-permissions.auth.callback', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.connect', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.forgotPassword', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.resetPassword', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.register', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.emailConfirmation', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.sendEmailConfirmation', roleType: 'public' },\n { action: 'plugin::users-permissions.user.me', roleType: 'authenticated' },\n { action: 'plugin::users-permissions.auth.changePassword', roleType: 'authenticated' },\n];\n\nconst transformRoutePrefixFor = (pluginName) => (route) => {\n const prefix = route.config && route.config.prefix;\n const path = prefix !== undefined ? `${prefix}${route.path}` : `/${pluginName}${route.path}`;\n\n return {\n ...route,\n path,\n };\n};\n\nmodule.exports = ({ strapi }) => ({\n getActions({ defaultEnable = false } = {}) {\n const actionMap = {};\n\n const isContentApi = (action) => {\n if (!_.has(action, Symbol.for('__type__'))) {\n return false;\n }\n\n return action[Symbol.for('__type__')].includes('content-api');\n };\n\n _.forEach(strapi.apis, (api, apiName) => {\n const controllers = _.reduce(\n api.controllers,\n (acc, controller, controllerName) => {\n const contentApiActions = _.pickBy(controller, isContentApi);\n\n if (_.isEmpty(contentApiActions)) {\n return acc;\n }\n\n acc[controllerName] = _.mapValues(contentApiActions, () => {\n return {\n enabled: defaultEnable,\n policy: '',\n };\n });\n\n return acc;\n },\n {}\n );\n\n if (!_.isEmpty(controllers)) {\n actionMap[`api::${apiName}`] = { controllers };\n }\n });\n\n _.forEach(strapi.plugins, (plugin, pluginName) => {\n const controllers = _.reduce(\n plugin.controllers,\n (acc, controller, controllerName) => {\n const contentApiActions = _.pickBy(controller, isContentApi);\n\n if (_.isEmpty(contentApiActions)) {\n return acc;\n }\n\n acc[controllerName] = _.mapValues(contentApiActions, () => {\n return {\n enabled: defaultEnable,\n policy: '',\n };\n });\n\n return acc;\n },\n {}\n );\n\n if (!_.isEmpty(controllers)) {\n actionMap[`plugin::${pluginName}`] = { controllers };\n }\n });\n\n // Return a deeply cloned version to avoid circular references\n return _.cloneDeep(actionMap);\n },\n\n async getRoutes() {\n const routesMap = {};\n\n _.forEach(strapi.apis, (api, apiName) => {\n const routes = _.flatMap(api.routes, (route) => {\n if (_.has(route, 'routes')) {\n return route.routes;\n }\n\n return route;\n }).filter((route) => route.info.type === 'content-api');\n\n if (routes.length === 0) {\n return;\n }\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n routesMap[`api::${apiName}`] = routes.map((route) => ({\n ...route,\n path: urlJoin(apiPrefix, route.path),\n }));\n });\n\n _.forEach(strapi.plugins, (plugin, pluginName) => {\n const transformPrefix = transformRoutePrefixFor(pluginName);\n\n const routes = _.flatMap(plugin.routes, (route) => {\n if (_.has(route, 'routes')) {\n return route.routes.map(transformPrefix);\n }\n\n return transformPrefix(route);\n }).filter((route) => route.info.type === 'content-api');\n\n if (routes.length === 0) {\n return;\n }\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n routesMap[`plugin::${pluginName}`] = routes.map((route) => ({\n ...route,\n path: urlJoin(apiPrefix, route.path),\n }));\n });\n\n return sanitizeRoutesMapForSerialization(routesMap);\n },\n\n async syncPermissions() {\n const roles = await strapi.db.query('plugin::users-permissions.role').findMany();\n const dbPermissions = await strapi.db.query('plugin::users-permissions.permission').findMany();\n\n const permissionsFoundInDB = _.uniq(_.map(dbPermissions, 'action'));\n\n const appActions = _.flatMap(strapi.apis, (api, apiName) => {\n return _.flatMap(api.controllers, (controller, controllerName) => {\n return _.keys(controller).map((actionName) => {\n return `api::${apiName}.${controllerName}.${actionName}`;\n });\n });\n });\n\n const pluginsActions = _.flatMap(strapi.plugins, (plugin, pluginName) => {\n return _.flatMap(plugin.controllers, (controller, controllerName) => {\n return _.keys(controller).map((actionName) => {\n return `plugin::${pluginName}.${controllerName}.${actionName}`;\n });\n });\n });\n\n const allActions = [...appActions, ...pluginsActions];\n\n const toDelete = _.difference(permissionsFoundInDB, allActions);\n\n await Promise.all(\n toDelete.map((action) => {\n return strapi.db\n .query('plugin::users-permissions.permission')\n .delete({ where: { action } });\n })\n );\n\n if (permissionsFoundInDB.length === 0) {\n // create default permissions\n for (const role of roles) {\n const toCreate = pipe(\n filter(({ roleType }) => roleType === role.type || roleType === null),\n map(prop('action'))\n )(DEFAULT_PERMISSIONS);\n\n await Promise.all(\n toCreate.map((action) => {\n return strapi.db.query('plugin::users-permissions.permission').create({\n data: {\n action,\n role: role.id,\n },\n });\n })\n );\n }\n }\n },\n\n async initialize() {\n const roleCount = await strapi.db.query('plugin::users-permissions.role').count();\n\n if (roleCount === 0) {\n await strapi.db.query('plugin::users-permissions.role').create({\n data: {\n name: 'Authenticated',\n description: 'Default role given to authenticated user.',\n type: 'authenticated',\n },\n });\n\n await strapi.db.query('plugin::users-permissions.role').create({\n data: {\n name: 'Public',\n description: 'Default role given to unauthenticated user.',\n type: 'public',\n },\n });\n }\n\n return getService('users-permissions').syncPermissions();\n },\n\n async updateUserRole(user, role) {\n return strapi.db\n .query('plugin::users-permissions.user')\n .update({ where: { id: user.id }, data: { role } });\n },\n\n template(layout, data) {\n const allowedTemplateVariables = objects.keysDeep(data);\n\n // Create a strict interpolation RegExp based on possible variable names\n const interpolate = createStrictInterpolationRegExp(allowedTemplateVariables, 'g');\n\n try {\n return _.template(layout, { interpolate, evaluate: false, escape: false })(data);\n } catch (e) {\n throw new errors.ApplicationError('Invalid email template');\n }\n },\n});\n"],"names":["_","require$$0","filter","map","pipe","prop","require$$1","urlJoin","require$$2","template","createStrictInterpolationRegExp","errors","objects","sanitizeRoutesMapForSerialization","require$$3","getService","require$$4","DEFAULT_PERMISSIONS","action","roleType","transformRoutePrefixFor","pluginName","route","prefix","config","path","undefined","usersPermissions","strapi","getActions","defaultEnable","actionMap","isContentApi","has","Symbol","for","includes","forEach","apis","api","apiName","controllers","reduce","acc","controller","controllerName","contentApiActions","pickBy","isEmpty","mapValues","enabled","policy","plugins","plugin","cloneDeep","getRoutes","routesMap","routes","flatMap","info","type","length","apiPrefix","get","transformPrefix","syncPermissions","roles","db","query","findMany","dbPermissions","permissionsFoundInDB","uniq","appActions","keys","actionName","pluginsActions","allActions","toDelete","difference","Promise","all","delete","where","role","toCreate","create","data","id","initialize","roleCount","count","name","description","updateUserRole","user","update","layout","allowedTemplateVariables","keysDeep","interpolate","evaluate","escape","e","ApplicationError"],"mappings":";;;;;;;;;;;AAEA,IAAA,MAAMA,CAAIC,GAAAA,UAAAA;IACV,MAAM,EAAEC,MAAM,EAAEC,GAAG,EAAEC,IAAI,EAAEC,IAAI,EAAE,GAAGC,YAAAA;AACpC,IAAA,MAAMC,OAAUC,GAAAA,UAAAA;AAChB,IAAA,MAAM,EACJC,QAAAA,EAAU,EAAEC,+BAA+B,EAAE,EAC7CC,MAAM,EACNC,OAAO,EACPC,iCAAiC,EAClC,GAAGC,UAAAA;IAEJ,MAAM,EAAEC,UAAU,EAAE,GAAGC,YAAAA,EAAAA;AAEvB,IAAA,MAAMC,mBAAsB,GAAA;AAC1B,QAAA;YAAEC,MAAQ,EAAA,yCAAA;YAA2CC,QAAU,EAAA;AAAU,SAAA;AACzE,QAAA;YAAED,MAAQ,EAAA,wCAAA;YAA0CC,QAAU,EAAA;AAAU,SAAA;AACxE,QAAA;YAAED,MAAQ,EAAA,+CAAA;YAAiDC,QAAU,EAAA;AAAU,SAAA;AAC/E,QAAA;YAAED,MAAQ,EAAA,8CAAA;YAAgDC,QAAU,EAAA;AAAU,SAAA;AAC9E,QAAA;YAAED,MAAQ,EAAA,yCAAA;YAA2CC,QAAU,EAAA;AAAU,SAAA;AACzE,QAAA;YAAED,MAAQ,EAAA,kDAAA;YAAoDC,QAAU,EAAA;AAAU,SAAA;AAClF,QAAA;YAAED,MAAQ,EAAA,sDAAA;YAAwDC,QAAU,EAAA;AAAU,SAAA;AACtF,QAAA;YAAED,MAAQ,EAAA,mCAAA;YAAqCC,QAAU,EAAA;AAAiB,SAAA;AAC1E,QAAA;YAAED,MAAQ,EAAA,+CAAA;YAAiDC,QAAU,EAAA;AAAiB;AACvF,KAAA;IAED,MAAMC,uBAAAA,GAA0B,CAACC,UAAAA,GAAe,CAACC,KAAAA,GAAAA;AAC/C,YAAA,MAAMC,SAASD,KAAME,CAAAA,MAAM,IAAIF,KAAME,CAAAA,MAAM,CAACD,MAAM;YAClD,MAAME,IAAAA,GAAOF,WAAWG,SAAY,GAAA,CAAC,EAAEH,MAAO,CAAA,EAAED,MAAMG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAEJ,UAAAA,CAAW,EAAEC,KAAMG,CAAAA,IAAI,CAAC,CAAC;YAE5F,OAAO;AACL,gBAAA,GAAGH,KAAK;AACRG,gBAAAA;AACJ,aAAA;AACA,SAAA;AAEAE,IAAAA,gBAAAA,GAAiB,CAAC,EAAEC,MAAM,EAAE,IAAM;AAChCC,YAAAA,UAAAA,CAAAA,CAAW,EAAEC,aAAgB,GAAA,KAAK,EAAE,GAAG,EAAE,EAAA;AACvC,gBAAA,MAAMC,YAAY,EAAA;AAElB,gBAAA,MAAMC,eAAe,CAACd,MAAAA,GAAAA;oBACpB,IAAI,CAAClB,EAAEiC,GAAG,CAACf,QAAQgB,MAAOC,CAAAA,GAAG,CAAC,UAAc,CAAA,CAAA,EAAA;wBAC1C,OAAO,KAAA;AACR;oBAED,OAAOjB,MAAM,CAACgB,MAAOC,CAAAA,GAAG,CAAC,UAAY,CAAA,CAAA,CAACC,QAAQ,CAAC,aAAA,CAAA;AACrD,iBAAA;AAEIpC,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;oBAC3B,MAAMC,WAAAA,GAAczC,EAAE0C,MAAM,CAC1BH,IAAIE,WAAW,EACf,CAACE,GAAAA,EAAKC,UAAYC,EAAAA,cAAAA,GAAAA;AAChB,wBAAA,MAAMC,iBAAoB9C,GAAAA,CAAAA,CAAE+C,MAAM,CAACH,UAAYZ,EAAAA,YAAAA,CAAAA;wBAE/C,IAAIhC,CAAAA,CAAEgD,OAAO,CAACF,iBAAoB,CAAA,EAAA;4BAChC,OAAOH,GAAAA;AACR;AAEDA,wBAAAA,GAAG,CAACE,cAAe,CAAA,GAAG7C,CAAEiD,CAAAA,SAAS,CAACH,iBAAmB,EAAA,IAAA;4BACnD,OAAO;gCACLI,OAASpB,EAAAA,aAAAA;gCACTqB,MAAQ,EAAA;AACtB,6BAAA;AACA,yBAAA,CAAA;wBAEU,OAAOR,GAAAA;AACR,qBAAA,EACD,EAAE,CAAA;AAGJ,oBAAA,IAAI,CAAC3C,CAAAA,CAAEgD,OAAO,CAACP,WAAc,CAAA,EAAA;AAC3BV,wBAAAA,SAAS,CAAC,CAAC,KAAK,EAAES,OAAQ,CAAA,CAAC,CAAC,GAAG;AAAEC,4BAAAA;;AAClC;AACP,iBAAA,CAAA;AAEIzC,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;oBACjC,MAAMoB,WAAAA,GAAczC,EAAE0C,MAAM,CAC1BW,OAAOZ,WAAW,EAClB,CAACE,GAAAA,EAAKC,UAAYC,EAAAA,cAAAA,GAAAA;AAChB,wBAAA,MAAMC,iBAAoB9C,GAAAA,CAAAA,CAAE+C,MAAM,CAACH,UAAYZ,EAAAA,YAAAA,CAAAA;wBAE/C,IAAIhC,CAAAA,CAAEgD,OAAO,CAACF,iBAAoB,CAAA,EAAA;4BAChC,OAAOH,GAAAA;AACR;AAEDA,wBAAAA,GAAG,CAACE,cAAe,CAAA,GAAG7C,CAAEiD,CAAAA,SAAS,CAACH,iBAAmB,EAAA,IAAA;4BACnD,OAAO;gCACLI,OAASpB,EAAAA,aAAAA;gCACTqB,MAAQ,EAAA;AACtB,6BAAA;AACA,yBAAA,CAAA;wBAEU,OAAOR,GAAAA;AACR,qBAAA,EACD,EAAE,CAAA;AAGJ,oBAAA,IAAI,CAAC3C,CAAAA,CAAEgD,OAAO,CAACP,WAAc,CAAA,EAAA;AAC3BV,wBAAAA,SAAS,CAAC,CAAC,QAAQ,EAAEV,UAAW,CAAA,CAAC,CAAC,GAAG;AAAEoB,4BAAAA;;AACxC;AACP,iBAAA,CAAA;;gBAGI,OAAOzC,CAAAA,CAAEsD,SAAS,CAACvB,SAAAA,CAAAA;AACpB,aAAA;YAED,MAAMwB,SAAAA,CAAAA,GAAAA;AACJ,gBAAA,MAAMC,YAAY,EAAA;AAElBxD,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;AAC3B,oBAAA,MAAMiB,SAASzD,CAAE0D,CAAAA,OAAO,CAACnB,GAAIkB,CAAAA,MAAM,EAAE,CAACnC,KAAAA,GAAAA;AACpC,wBAAA,IAAItB,CAAEiC,CAAAA,GAAG,CAACX,KAAAA,EAAO,QAAW,CAAA,EAAA;AAC1B,4BAAA,OAAOA,MAAMmC,MAAM;AACpB;wBAED,OAAOnC,KAAAA;qBACNpB,CAAAA,CAAAA,MAAM,CAAC,CAACoB,KAAAA,GAAUA,MAAMqC,IAAI,CAACC,IAAI,KAAK,aAAA,CAAA;oBAEzC,IAAIH,MAAAA,CAAOI,MAAM,KAAK,CAAG,EAAA;AACvB,wBAAA;AACD;AAED,oBAAA,MAAMC,SAAYlC,GAAAA,MAAAA,CAAOJ,MAAM,CAACuC,GAAG,CAAC,iBAAA,CAAA;AACpCP,oBAAAA,SAAS,CAAC,CAAC,KAAK,EAAEhB,OAAQ,CAAA,CAAC,CAAC,GAAGiB,MAAOtD,CAAAA,GAAG,CAAC,CAACmB,SAAW;AACpD,4BAAA,GAAGA,KAAK;4BACRG,IAAMlB,EAAAA,OAAAA,CAAQuD,SAAWxC,EAAAA,KAAAA,CAAMG,IAAI;yBACpC,CAAA,CAAA;AACP,iBAAA,CAAA;AAEIzB,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;AACjC,oBAAA,MAAM2C,kBAAkB5C,uBAAwBC,CAAAA,UAAAA,CAAAA;AAEhD,oBAAA,MAAMoC,SAASzD,CAAE0D,CAAAA,OAAO,CAACL,MAAOI,CAAAA,MAAM,EAAE,CAACnC,KAAAA,GAAAA;AACvC,wBAAA,IAAItB,CAAEiC,CAAAA,GAAG,CAACX,KAAAA,EAAO,QAAW,CAAA,EAAA;AAC1B,4BAAA,OAAOA,KAAMmC,CAAAA,MAAM,CAACtD,GAAG,CAAC6D,eAAAA,CAAAA;AACzB;AAED,wBAAA,OAAOA,eAAgB1C,CAAAA,KAAAA,CAAAA;qBACtBpB,CAAAA,CAAAA,MAAM,CAAC,CAACoB,KAAAA,GAAUA,MAAMqC,IAAI,CAACC,IAAI,KAAK,aAAA,CAAA;oBAEzC,IAAIH,MAAAA,CAAOI,MAAM,KAAK,CAAG,EAAA;AACvB,wBAAA;AACD;AAED,oBAAA,MAAMC,SAAYlC,GAAAA,MAAAA,CAAOJ,MAAM,CAACuC,GAAG,CAAC,iBAAA,CAAA;AACpCP,oBAAAA,SAAS,CAAC,CAAC,QAAQ,EAAEnC,UAAW,CAAA,CAAC,CAAC,GAAGoC,MAAOtD,CAAAA,GAAG,CAAC,CAACmB,SAAW;AAC1D,4BAAA,GAAGA,KAAK;4BACRG,IAAMlB,EAAAA,OAAAA,CAAQuD,SAAWxC,EAAAA,KAAAA,CAAMG,IAAI;yBACpC,CAAA,CAAA;AACP,iBAAA,CAAA;AAEI,gBAAA,OAAOZ,iCAAkC2C,CAAAA,SAAAA,CAAAA;AAC1C,aAAA;YAED,MAAMS,eAAAA,CAAAA,GAAAA;gBACJ,MAAMC,KAAAA,GAAQ,MAAMtC,MAAOuC,CAAAA,EAAE,CAACC,KAAK,CAAC,kCAAkCC,QAAQ,EAAA;gBAC9E,MAAMC,aAAAA,GAAgB,MAAM1C,MAAOuC,CAAAA,EAAE,CAACC,KAAK,CAAC,wCAAwCC,QAAQ,EAAA;AAE5F,gBAAA,MAAME,uBAAuBvE,CAAEwE,CAAAA,IAAI,CAACxE,CAAEG,CAAAA,GAAG,CAACmE,aAAe,EAAA,QAAA,CAAA,CAAA;gBAEzD,MAAMG,UAAAA,GAAazE,EAAE0D,OAAO,CAAC9B,OAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;AAC9C,oBAAA,OAAOxC,EAAE0D,OAAO,CAACnB,IAAIE,WAAW,EAAE,CAACG,UAAYC,EAAAA,cAAAA,GAAAA;AAC7C,wBAAA,OAAO7C,EAAE0E,IAAI,CAAC9B,UAAYzC,CAAAA,CAAAA,GAAG,CAAC,CAACwE,UAAAA,GAAAA;4BAC7B,OAAO,CAAC,KAAK,EAAEnC,OAAQ,CAAA,CAAC,EAAEK,cAAe,CAAA,CAAC,EAAE8B,UAAAA,CAAW,CAAC;AAClE,yBAAA,CAAA;AACA,qBAAA,CAAA;AACA,iBAAA,CAAA;gBAEI,MAAMC,cAAAA,GAAiB5E,EAAE0D,OAAO,CAAC9B,OAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;AACxD,oBAAA,OAAOrB,EAAE0D,OAAO,CAACL,OAAOZ,WAAW,EAAE,CAACG,UAAYC,EAAAA,cAAAA,GAAAA;AAChD,wBAAA,OAAO7C,EAAE0E,IAAI,CAAC9B,UAAYzC,CAAAA,CAAAA,GAAG,CAAC,CAACwE,UAAAA,GAAAA;4BAC7B,OAAO,CAAC,QAAQ,EAAEtD,UAAW,CAAA,CAAC,EAAEwB,cAAe,CAAA,CAAC,EAAE8B,UAAAA,CAAW,CAAC;AACxE,yBAAA,CAAA;AACA,qBAAA,CAAA;AACA,iBAAA,CAAA;AAEI,gBAAA,MAAME,UAAa,GAAA;AAAIJ,oBAAAA,GAAAA,UAAAA;AAAeG,oBAAAA,GAAAA;AAAe,iBAAA;AAErD,gBAAA,MAAME,QAAW9E,GAAAA,CAAAA,CAAE+E,UAAU,CAACR,oBAAsBM,EAAAA,UAAAA,CAAAA;AAEpD,gBAAA,MAAMG,QAAQC,GAAG,CACfH,QAAS3E,CAAAA,GAAG,CAAC,CAACe,MAAAA,GAAAA;AACZ,oBAAA,OAAOU,OAAOuC,EAAE,CACbC,KAAK,CAAC,sCAAA,CAAA,CACNc,MAAM,CAAC;wBAAEC,KAAO,EAAA;AAAEjE,4BAAAA;AAAM;AAAI,qBAAA,CAAA;AACvC,iBAAA,CAAA,CAAA;gBAGI,IAAIqD,oBAAAA,CAAqBV,MAAM,KAAK,CAAG,EAAA;;oBAErC,KAAK,MAAMuB,QAAQlB,KAAO,CAAA;AACxB,wBAAA,MAAMmB,WAAWjF,IACfF,CAAAA,MAAAA,CAAO,CAAC,EAAEiB,QAAQ,EAAE,GAAKA,QAAaiE,KAAAA,IAAAA,CAAKxB,IAAI,IAAIzC,QAAAA,KAAa,IAChEhB,CAAAA,EAAAA,GAAAA,CAAIE,KAAK,QACTY,CAAAA,CAAAA,CAAAA,CAAAA,mBAAAA,CAAAA;AAEF,wBAAA,MAAM+D,QAAQC,GAAG,CACfI,QAASlF,CAAAA,GAAG,CAAC,CAACe,MAAAA,GAAAA;AACZ,4BAAA,OAAOU,OAAOuC,EAAE,CAACC,KAAK,CAAC,sCAAA,CAAA,CAAwCkB,MAAM,CAAC;gCACpEC,IAAM,EAAA;AACJrE,oCAAAA,MAAAA;AACAkE,oCAAAA,IAAAA,EAAMA,KAAKI;AACZ;AACf,6BAAA,CAAA;AACA,yBAAA,CAAA,CAAA;AAEO;AACF;AACF,aAAA;YAED,MAAMC,UAAAA,CAAAA,GAAAA;gBACJ,MAAMC,SAAAA,GAAY,MAAM9D,MAAOuC,CAAAA,EAAE,CAACC,KAAK,CAAC,kCAAkCuB,KAAK,EAAA;AAE/E,gBAAA,IAAID,cAAc,CAAG,EAAA;AACnB,oBAAA,MAAM9D,OAAOuC,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCkB,MAAM,CAAC;wBAC7DC,IAAM,EAAA;4BACJK,IAAM,EAAA,eAAA;4BACNC,WAAa,EAAA,2CAAA;4BACbjC,IAAM,EAAA;AACP;AACT,qBAAA,CAAA;AAEM,oBAAA,MAAMhC,OAAOuC,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCkB,MAAM,CAAC;wBAC7DC,IAAM,EAAA;4BACJK,IAAM,EAAA,QAAA;4BACNC,WAAa,EAAA,6CAAA;4BACbjC,IAAM,EAAA;AACP;AACT,qBAAA,CAAA;AACK;gBAED,OAAO7C,UAAAA,CAAW,qBAAqBkD,eAAe,EAAA;AACvD,aAAA;YAED,MAAM6B,cAAAA,CAAAA,CAAeC,IAAI,EAAEX,IAAI,EAAA;AAC7B,gBAAA,OAAOxD,OAAOuC,EAAE,CACbC,KAAK,CAAC,gCAAA,CAAA,CACN4B,MAAM,CAAC;oBAAEb,KAAO,EAAA;AAAEK,wBAAAA,EAAAA,EAAIO,KAAKP;AAAI,qBAAA;oBAAED,IAAM,EAAA;AAAEH,wBAAAA;AAAM;AAAA,iBAAA,CAAA;AACnD,aAAA;YAED3E,QAASwF,CAAAA,CAAAA,MAAM,EAAEV,IAAI,EAAA;gBACnB,MAAMW,wBAAAA,GAA2BtF,OAAQuF,CAAAA,QAAQ,CAACZ,IAAAA,CAAAA;;gBAGlD,MAAMa,WAAAA,GAAc1F,gCAAgCwF,wBAA0B,EAAA,GAAA,CAAA;gBAE9E,IAAI;oBACF,OAAOlG,CAAAA,CAAES,QAAQ,CAACwF,MAAQ,EAAA;AAAEG,wBAAAA,WAAAA;wBAAaC,QAAU,EAAA,KAAA;wBAAOC,MAAQ,EAAA;qBAASf,CAAAA,CAAAA,IAAAA,CAAAA;AAC5E,iBAAA,CAAC,OAAOgB,CAAG,EAAA;oBACV,MAAM,IAAI5F,MAAO6F,CAAAA,gBAAgB,CAAC,wBAAA,CAAA;AACnC;AACF;SACH,CAAA;;;;;;"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@strapi/plugin-users-permissions",
3
- "version": "0.0.0-next.d8f8da8f5b333be4a20563a1a15cd61350139956",
3
+ "version": "0.0.0-next.d9724d67b33363354d7171a9f2265e1c42485e13",
4
4
  "description": "Protect your API with a full-authentication process based on JWT",
5
5
  "repository": {
6
6
  "type": "git",
@@ -48,16 +48,16 @@
48
48
  "watch": "run -T rollup -c -w"
49
49
  },
50
50
  "dependencies": {
51
- "@strapi/design-system": "2.0.0-rc.23",
52
- "@strapi/icons": "2.0.0-rc.23",
53
- "@strapi/utils": "0.0.0-next.d8f8da8f5b333be4a20563a1a15cd61350139956",
51
+ "@strapi/design-system": "2.0.0-rc.29",
52
+ "@strapi/icons": "2.0.0-rc.29",
53
+ "@strapi/utils": "0.0.0-next.d9724d67b33363354d7171a9f2265e1c42485e13",
54
54
  "bcryptjs": "2.4.3",
55
55
  "formik": "2.4.5",
56
56
  "grant": "^5.4.8",
57
57
  "immer": "9.0.21",
58
58
  "jsonwebtoken": "9.0.0",
59
59
  "jwk-to-pem": "2.0.5",
60
- "koa": "2.15.4",
60
+ "koa": "2.16.1",
61
61
  "koa2-ratelimit": "^1.1.3",
62
62
  "lodash": "4.17.21",
63
63
  "prop-types": "^15.8.1",
@@ -66,10 +66,11 @@
66
66
  "react-query": "3.39.3",
67
67
  "react-redux": "8.1.3",
68
68
  "url-join": "4.0.1",
69
- "yup": "0.32.9"
69
+ "yup": "0.32.9",
70
+ "zod": "3.25.67"
70
71
  },
71
72
  "devDependencies": {
72
- "@strapi/strapi": "0.0.0-next.d8f8da8f5b333be4a20563a1a15cd61350139956",
73
+ "@strapi/strapi": "0.0.0-next.d9724d67b33363354d7171a9f2265e1c42485e13",
73
74
  "@testing-library/dom": "10.1.0",
74
75
  "@testing-library/react": "15.0.7",
75
76
  "@testing-library/user-event": "14.5.2",
package/server/controllers/content-manager-user.js CHANGED
@@ -2,8 +2,7 @@
2
2
 
3
3
  const _ = require('lodash');
4
4
  const { contentTypes: contentTypesUtils } = require('@strapi/utils');
5
- const { ApplicationError, ValidationError, NotFoundError, ForbiddenError } =
6
- require('@strapi/utils').errors;
5
+ const { ApplicationError, NotFoundError, ForbiddenError } = require('@strapi/utils').errors;
7
6
  const { validateCreateUserBody, validateUpdateUserBody } = require('./validation/user');
8
7
 
9
8
  const { UPDATED_BY_ATTRIBUTE, CREATED_BY_ATTRIBUTE } = contentTypesUtils.constants;
@@ -133,8 +132,8 @@ module.exports = {
133
132
 
134
133
  await validateUpdateUserBody(ctx.request.body);
135
134
 
136
- if (_.has(body, 'password') && !password && user.provider === 'local') {
137
- throw new ValidationError('password.notNull');
135
+ if (_.has(body, 'password') && (password == null || password === '')) {
136
+ delete body.password;
138
137
  }
139
138
 
140
139
  if (_.has(body, 'username')) {
package/server/controllers/validation/user.js CHANGED
@@ -29,7 +29,18 @@ const createUserBodySchema = yup.object().shape({
29
29
  const updateUserBodySchema = yup.object().shape({
30
30
  email: yup.string().email().min(1),
31
31
  username: yup.string().min(1),
32
- password: yup.string().min(1),
32
+ password: yup
33
+ .mixed()
34
+ .test(
35
+ 'password-validation',
36
+ 'Password must be at least 1 character',
37
+ function validatePassword(value) {
38
+ if (value == null || value === '') {
39
+ return true;
40
+ }
41
+ return typeof value === 'string' && value.length >= 1;
42
+ }
43
+ ),
33
44
  role: yup.lazy((value) =>
34
45
  typeof value === 'object'
35
46
  ? yup.object().shape({
package/server/routes/content-api/auth.js CHANGED
@@ -1,82 +1,118 @@
1
1
  'use strict';
2
2
 
3
- module.exports = [
4
- {
5
- method: 'GET',
6
- path: '/connect/(.*)',
7
- handler: 'auth.connect',
8
- config: {
9
- middlewares: ['plugin::users-permissions.rateLimit'],
10
- prefix: '',
3
+ const { UsersPermissionsRouteValidator } = require('./validation');
4
+
5
+ module.exports = (strapi) => {
6
+ const validator = new UsersPermissionsRouteValidator(strapi);
7
+
8
+ return [
9
+ {
10
+ method: 'GET',
11
+ path: '/connect/(.*)',
12
+ handler: 'auth.connect',
13
+ config: {
14
+ middlewares: ['plugin::users-permissions.rateLimit'],
15
+ prefix: '',
16
+ },
11
17
  },
12
- },
13
- {
14
- method: 'POST',
15
- path: '/auth/local',
16
- handler: 'auth.callback',
17
- config: {
18
- middlewares: ['plugin::users-permissions.rateLimit'],
19
- prefix: '',
18
+ {
19
+ method: 'POST',
20
+ path: '/auth/local',
21
+ handler: 'auth.callback',
22
+ config: {
23
+ middlewares: ['plugin::users-permissions.rateLimit'],
24
+ prefix: '',
25
+ },
26
+ request: {
27
+ body: { 'application/json': validator.loginBodySchema },
28
+ },
29
+ response: validator.authResponseSchema,
20
30
  },
21
- },
22
- {
23
- method: 'POST',
24
- path: '/auth/local/register',
25
- handler: 'auth.register',
26
- config: {
27
- middlewares: ['plugin::users-permissions.rateLimit'],
28
- prefix: '',
31
+ {
32
+ method: 'POST',
33
+ path: '/auth/local/register',
34
+ handler: 'auth.register',
35
+ config: {
36
+ middlewares: ['plugin::users-permissions.rateLimit'],
37
+ prefix: '',
38
+ },
39
+ request: {
40
+ body: { 'application/json': validator.registerBodySchema },
41
+ },
42
+ response: validator.authRegisterResponseSchema,
29
43
  },
30
- },
31
- {
32
- method: 'GET',
33
- path: '/auth/:provider/callback',
34
- handler: 'auth.callback',
35
- config: {
36
- prefix: '',
44
+ {
45
+ method: 'GET',
46
+ path: '/auth/:provider/callback',
47
+ handler: 'auth.callback',
48
+ config: {
49
+ prefix: '',
50
+ },
51
+ request: {
52
+ params: {
53
+ provider: validator.providerParam,
54
+ },
55
+ },
56
+ response: validator.authResponseSchema,
37
57
  },
38
- },
39
- {
40
- method: 'POST',
41
- path: '/auth/forgot-password',
42
- handler: 'auth.forgotPassword',
43
- config: {
44
- middlewares: ['plugin::users-permissions.rateLimit'],
45
- prefix: '',
58
+ {
59
+ method: 'POST',
60
+ path: '/auth/forgot-password',
61
+ handler: 'auth.forgotPassword',
62
+ config: {
63
+ middlewares: ['plugin::users-permissions.rateLimit'],
64
+ prefix: '',
65
+ },
66
+ request: {
67
+ body: { 'application/json': validator.forgotPasswordBodySchema },
68
+ },
69
+ response: validator.forgotPasswordResponseSchema,
46
70
  },
47
- },
48
- {
49
- method: 'POST',
50
- path: '/auth/reset-password',
51
- handler: 'auth.resetPassword',
52
- config: {
53
- middlewares: ['plugin::users-permissions.rateLimit'],
54
- prefix: '',
71
+ {
72
+ method: 'POST',
73
+ path: '/auth/reset-password',
74
+ handler: 'auth.resetPassword',
75
+ config: {
76
+ middlewares: ['plugin::users-permissions.rateLimit'],
77
+ prefix: '',
78
+ },
79
+ request: {
80
+ body: { 'application/json': validator.resetPasswordBodySchema },
81
+ },
82
+ response: validator.authResponseSchema,
55
83
  },
56
- },
57
- {
58
- method: 'GET',
59
- path: '/auth/email-confirmation',
60
- handler: 'auth.emailConfirmation',
61
- config: {
62
- prefix: '',
84
+ {
85
+ method: 'GET',
86
+ path: '/auth/email-confirmation',
87
+ handler: 'auth.emailConfirmation',
88
+ config: {
89
+ prefix: '',
90
+ },
63
91
  },
64
- },
65
- {
66
- method: 'POST',
67
- path: '/auth/send-email-confirmation',
68
- handler: 'auth.sendEmailConfirmation',
69
- config: {
70
- prefix: '',
92
+ {
93
+ method: 'POST',
94
+ path: '/auth/send-email-confirmation',
95
+ handler: 'auth.sendEmailConfirmation',
96
+ config: {
97
+ prefix: '',
98
+ },
99
+ request: {
100
+ body: { 'application/json': validator.sendEmailConfirmationBodySchema },
101
+ },
102
+ response: validator.sendEmailConfirmationResponseSchema,
71
103
  },
72
- },
73
- {
74
- method: 'POST',
75
- path: '/auth/change-password',
76
- handler: 'auth.changePassword',
77
- config: {
78
- middlewares: ['plugin::users-permissions.rateLimit'],
79
- prefix: '',
104
+ {
105
+ method: 'POST',
106
+ path: '/auth/change-password',
107
+ handler: 'auth.changePassword',
108
+ config: {
109
+ middlewares: ['plugin::users-permissions.rateLimit'],
110
+ prefix: '',
111
+ },
112
+ request: {
113
+ body: { 'application/json': validator.changePasswordBodySchema },
114
+ },
115
+ response: validator.authResponseSchema,
80
116
  },
81
- },
82
- ];
117
+ ];
118
+ };
package/server/routes/content-api/index.js CHANGED
@@ -1,11 +1,18 @@
1
1
  'use strict';
2
2
 
3
+ const { createContentApiRoutesFactory } = require('@strapi/utils');
3
4
  const authRoutes = require('./auth');
4
5
  const userRoutes = require('./user');
5
6
  const roleRoutes = require('./role');
6
7
  const permissionsRoutes = require('./permissions');
7
8
 
8
- module.exports = {
9
- type: 'content-api',
10
- routes: [...authRoutes, ...userRoutes, ...roleRoutes, ...permissionsRoutes],
11
- };
9
+ const createContentApiRoutes = createContentApiRoutesFactory(() => {
10
+ return [
11
+ ...authRoutes(strapi),
12
+ ...userRoutes(strapi),
13
+ ...roleRoutes(strapi),
14
+ ...permissionsRoutes(strapi),
15
+ ];
16
+ });
17
+
18
+ module.exports = createContentApiRoutes;
package/server/routes/content-api/permissions.js CHANGED
@@ -1,9 +1,16 @@
1
1
  'use strict';
2
2
 
3
- module.exports = [
4
- {
5
- method: 'GET',
6
- path: '/permissions',
7
- handler: 'permissions.getPermissions',
8
- },
9
- ];
3
+ const { UsersPermissionsRouteValidator } = require('./validation');
4
+
5
+ module.exports = (strapi) => {
6
+ const validator = new UsersPermissionsRouteValidator(strapi);
7
+
8
+ return [
9
+ {
10
+ method: 'GET',
11
+ path: '/permissions',
12
+ handler: 'permissions.getPermissions',
13
+ response: validator.permissionsResponseSchema,
14
+ },
15
+ ];
16
+ };
package/server/routes/content-api/role.js CHANGED
@@ -1,29 +1,59 @@
1
1
  'use strict';
2
2
 
3
- module.exports = [
4
- {
5
- method: 'GET',
6
- path: '/roles/:id',
7
- handler: 'role.findOne',
8
- },
9
- {
10
- method: 'GET',
11
- path: '/roles',
12
- handler: 'role.find',
13
- },
14
- {
15
- method: 'POST',
16
- path: '/roles',
17
- handler: 'role.createRole',
18
- },
19
- {
20
- method: 'PUT',
21
- path: '/roles/:role',
22
- handler: 'role.updateRole',
23
- },
24
- {
25
- method: 'DELETE',
26
- path: '/roles/:role',
27
- handler: 'role.deleteRole',
28
- },
29
- ];
3
+ const { UsersPermissionsRouteValidator } = require('./validation');
4
+
5
+ module.exports = (strapi) => {
6
+ const validator = new UsersPermissionsRouteValidator(strapi);
7
+
8
+ return [
9
+ {
10
+ method: 'GET',
11
+ path: '/roles/:id',
12
+ handler: 'role.findOne',
13
+ request: {
14
+ params: {
15
+ id: validator.roleIdParam,
16
+ },
17
+ },
18
+ response: validator.roleResponseSchema,
19
+ },
20
+ {
21
+ method: 'GET',
22
+ path: '/roles',
23
+ handler: 'role.find',
24
+ response: validator.rolesResponseSchema,
25
+ },
26
+ {
27
+ method: 'POST',
28
+ path: '/roles',
29
+ handler: 'role.createRole',
30
+ request: {
31
+ body: { 'application/json': validator.createRoleBodySchema },
32
+ },
33
+ response: validator.roleSuccessResponseSchema,
34
+ },
35
+ {
36
+ method: 'PUT',
37
+ path: '/roles/:role',
38
+ handler: 'role.updateRole',
39
+ request: {
40
+ params: {
41
+ role: validator.roleIdParam,
42
+ },
43
+ body: { 'application/json': validator.updateRoleBodySchema },
44
+ },
45
+ response: validator.roleSuccessResponseSchema,
46
+ },
47
+ {
48
+ method: 'DELETE',
49
+ path: '/roles/:role',
50
+ handler: 'role.deleteRole',
51
+ request: {
52
+ params: {
53
+ role: validator.roleIdParam,
54
+ },
55
+ },
56
+ response: validator.roleSuccessResponseSchema,
57
+ },
58
+ ];
59
+ };