@strapi/plugin-users-permissions 0.0.0-next.d8f8da8f5b333be4a20563a1a15cd61350139956 → 0.0.0-next.d9724d67b33363354d7171a9f2265e1c42485e13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. package/admin/src/utils/formatPluginName.js +1 -1
  2. package/dist/admin/utils/formatPluginName.js +1 -1
  3. package/dist/admin/utils/formatPluginName.js.map +1 -1
  4. package/dist/admin/utils/formatPluginName.mjs +1 -1
  5. package/dist/admin/utils/formatPluginName.mjs.map +1 -1
  6. package/dist/server/controllers/content-manager-user.js +3 -3
  7. package/dist/server/controllers/content-manager-user.js.map +1 -1
  8. package/dist/server/controllers/content-manager-user.mjs +3 -3
  9. package/dist/server/controllers/content-manager-user.mjs.map +1 -1
  10. package/dist/server/controllers/validation/user.js +6 -1
  11. package/dist/server/controllers/validation/user.js.map +1 -1
  12. package/dist/server/controllers/validation/user.mjs +6 -1
  13. package/dist/server/controllers/validation/user.mjs.map +1 -1
  14. package/dist/server/routes/content-api/auth.js +139 -91
  15. package/dist/server/routes/content-api/auth.js.map +1 -1
  16. package/dist/server/routes/content-api/auth.mjs +139 -91
  17. package/dist/server/routes/content-api/auth.mjs.map +1 -1
  18. package/dist/server/routes/content-api/index.js +11 -9
  19. package/dist/server/routes/content-api/index.js.map +1 -1
  20. package/dist/server/routes/content-api/index.mjs +11 -9
  21. package/dist/server/routes/content-api/index.mjs.map +1 -1
  22. package/dist/server/routes/content-api/permissions.js +14 -7
  23. package/dist/server/routes/content-api/permissions.js.map +1 -1
  24. package/dist/server/routes/content-api/permissions.mjs +14 -7
  25. package/dist/server/routes/content-api/permissions.mjs.map +1 -1
  26. package/dist/server/routes/content-api/role.js +61 -27
  27. package/dist/server/routes/content-api/role.js.map +1 -1
  28. package/dist/server/routes/content-api/role.mjs +61 -27
  29. package/dist/server/routes/content-api/role.mjs.map +1 -1
  30. package/dist/server/routes/content-api/user.js +119 -57
  31. package/dist/server/routes/content-api/user.js.map +1 -1
  32. package/dist/server/routes/content-api/user.mjs +119 -57
  33. package/dist/server/routes/content-api/user.mjs.map +1 -1
  34. package/dist/server/routes/content-api/validation.js +216 -0
  35. package/dist/server/routes/content-api/validation.js.map +1 -0
  36. package/dist/server/routes/content-api/validation.mjs +214 -0
  37. package/dist/server/routes/content-api/validation.mjs.map +1 -0
  38. package/dist/server/services/users-permissions.js +4 -3
  39. package/dist/server/services/users-permissions.js.map +1 -1
  40. package/dist/server/services/users-permissions.mjs +4 -3
  41. package/dist/server/services/users-permissions.mjs.map +1 -1
  42. package/package.json +8 -7
  43. package/server/controllers/content-manager-user.js +3 -4
  44. package/server/controllers/validation/user.js +12 -1
  45. package/server/routes/content-api/auth.js +107 -71
  46. package/server/routes/content-api/index.js +11 -4
  47. package/server/routes/content-api/permissions.js +14 -7
  48. package/server/routes/content-api/role.js +57 -27
  49. package/server/routes/content-api/user.js +108 -51
  50. package/server/routes/content-api/validation.js +249 -0
  51. package/server/services/users-permissions.js +4 -2
@@ -1,60 +1,117 @@
1
1
  'use strict';
2
2
 
3
- module.exports = [
4
- {
5
- method: 'GET',
6
- path: '/users/count',
7
- handler: 'user.count',
8
- config: {
9
- prefix: '',
3
+ const z = require('zod/v4');
4
+ const { UsersPermissionsRouteValidator } = require('./validation');
5
+
6
+ module.exports = (strapi) => {
7
+ const validator = new UsersPermissionsRouteValidator(strapi);
8
+
9
+ return [
10
+ {
11
+ method: 'GET',
12
+ path: '/users/count',
13
+ handler: 'user.count',
14
+ config: {
15
+ prefix: '',
16
+ },
17
+ request: {
18
+ query: {
19
+ filters: validator.filters.optional(),
20
+ },
21
+ },
22
+ response: z.number(),
10
23
  },
11
- },
12
- {
13
- method: 'GET',
14
- path: '/users',
15
- handler: 'user.find',
16
- config: {
17
- prefix: '',
24
+ {
25
+ method: 'GET',
26
+ path: '/users',
27
+ handler: 'user.find',
28
+ config: {
29
+ prefix: '',
30
+ },
31
+ request: {
32
+ query: {
33
+ fields: validator.queryFields.optional(),
34
+ populate: validator.queryPopulate.optional(),
35
+ sort: validator.querySort.optional(),
36
+ pagination: validator.pagination.optional(),
37
+ filters: validator.filters.optional(),
38
+ },
39
+ },
40
+ response: z.array(validator.userSchema),
18
41
  },
19
- },
20
- {
21
- method: 'GET',
22
- path: '/users/me',
23
- handler: 'user.me',
24
- config: {
25
- prefix: '',
42
+ {
43
+ method: 'GET',
44
+ path: '/users/me',
45
+ handler: 'user.me',
46
+ config: {
47
+ prefix: '',
48
+ },
49
+ request: {
50
+ query: {
51
+ fields: validator.queryFields.optional(),
52
+ populate: validator.queryPopulate.optional(),
53
+ },
54
+ },
55
+ response: validator.userSchema,
26
56
  },
27
- },
28
- {
29
- method: 'GET',
30
- path: '/users/:id',
31
- handler: 'user.findOne',
32
- config: {
33
- prefix: '',
57
+ {
58
+ method: 'GET',
59
+ path: '/users/:id',
60
+ handler: 'user.findOne',
61
+ config: {
62
+ prefix: '',
63
+ },
64
+ request: {
65
+ params: {
66
+ id: validator.userIdParam,
67
+ },
68
+ query: {
69
+ fields: validator.queryFields.optional(),
70
+ populate: validator.queryPopulate.optional(),
71
+ },
72
+ },
73
+ response: validator.userSchema,
34
74
  },
35
- },
36
- {
37
- method: 'POST',
38
- path: '/users',
39
- handler: 'user.create',
40
- config: {
41
- prefix: '',
75
+ {
76
+ method: 'POST',
77
+ path: '/users',
78
+ handler: 'user.create',
79
+ config: {
80
+ prefix: '',
81
+ },
82
+ request: {
83
+ body: { 'application/json': validator.createUserBodySchema },
84
+ },
85
+ response: validator.userSchema,
42
86
  },
43
- },
44
- {
45
- method: 'PUT',
46
- path: '/users/:id',
47
- handler: 'user.update',
48
- config: {
49
- prefix: '',
87
+ {
88
+ method: 'PUT',
89
+ path: '/users/:id',
90
+ handler: 'user.update',
91
+ config: {
92
+ prefix: '',
93
+ },
94
+ request: {
95
+ params: {
96
+ id: validator.userIdParam,
97
+ },
98
+ body: { 'application/json': validator.updateUserBodySchema },
99
+ },
100
+ response: validator.userSchema,
50
101
  },
51
- },
52
- {
53
- method: 'DELETE',
54
- path: '/users/:id',
55
- handler: 'user.destroy',
56
- config: {
57
- prefix: '',
102
+ {
103
+ method: 'DELETE',
104
+ path: '/users/:id',
105
+ handler: 'user.destroy',
106
+ config: {
107
+ prefix: '',
108
+ },
109
+ request: {
110
+ params: {
111
+ id: validator.userIdParam,
112
+ },
113
+ },
114
+ response: validator.userSchema,
58
115
  },
59
- },
60
- ];
116
+ ];
117
+ };
@@ -0,0 +1,249 @@
1
+ 'use strict';
2
+
3
+ const { AbstractRouteValidator } = require('@strapi/utils');
4
+ const z = require('zod/v4');
5
+
6
+ class UsersPermissionsRouteValidator extends AbstractRouteValidator {
7
+ constructor(strapi) {
8
+ super();
9
+ this._strapi = strapi;
10
+ }
11
+
12
+ get userSchema() {
13
+ return z.object({
14
+ id: z.number(),
15
+ documentId: z.string(),
16
+ username: z.string(),
17
+ email: z.string(),
18
+ provider: z.string(),
19
+ confirmed: z.boolean(),
20
+ blocked: z.boolean(),
21
+ role: z
22
+ .union([
23
+ z.number(),
24
+ z.object({
25
+ id: z.number(),
26
+ name: z.string(),
27
+ description: z.string().nullable(),
28
+ type: z.string(),
29
+ createdAt: z.string(),
30
+ updatedAt: z.string(),
31
+ }),
32
+ ])
33
+ .optional(),
34
+ createdAt: z.string(),
35
+ updatedAt: z.string(),
36
+ publishedAt: z.string(),
37
+ });
38
+ }
39
+
40
+ get roleSchema() {
41
+ return z.object({
42
+ id: z.number(),
43
+ documentId: z.string(),
44
+ name: z.string(),
45
+ description: z.string().nullable(),
46
+ type: z.string(),
47
+ createdAt: z.string(),
48
+ updatedAt: z.string(),
49
+ publishedAt: z.string(),
50
+ nb_users: z.number().optional(),
51
+ permissions: z
52
+ .record(
53
+ z.string(), // plugin name
54
+ z.object({
55
+ controllers: z.record(
56
+ z.string(), // controller name
57
+ z.record(
58
+ z.string(), // action name
59
+ z.object({
60
+ enabled: z.boolean(),
61
+ policy: z.string(),
62
+ })
63
+ )
64
+ ),
65
+ })
66
+ )
67
+ .optional(),
68
+ users: z.array(z.unknown()).optional(),
69
+ });
70
+ }
71
+
72
+ get permissionSchema() {
73
+ return z.object({
74
+ id: z.number(),
75
+ action: z.string(),
76
+ role: z.object({
77
+ id: z.number(),
78
+ name: z.string(),
79
+ description: z.string().nullable(),
80
+ type: z.string(),
81
+ }),
82
+ createdAt: z.string(),
83
+ updatedAt: z.string(),
84
+ });
85
+ }
86
+
87
+ get authResponseSchema() {
88
+ return z.object({
89
+ jwt: z.string(),
90
+ user: this.userSchema,
91
+ });
92
+ }
93
+
94
+ get authResponseWithoutJwtSchema() {
95
+ return z.object({
96
+ user: this.userSchema,
97
+ });
98
+ }
99
+
100
+ get authRegisterResponseSchema() {
101
+ return z.union([this.authResponseSchema, this.authResponseWithoutJwtSchema]);
102
+ }
103
+
104
+ get forgotPasswordResponseSchema() {
105
+ return z.object({
106
+ ok: z.boolean(),
107
+ });
108
+ }
109
+
110
+ get sendEmailConfirmationResponseSchema() {
111
+ return z.object({
112
+ email: z.string(),
113
+ sent: z.boolean(),
114
+ });
115
+ }
116
+
117
+ get rolesResponseSchema() {
118
+ return z.object({
119
+ roles: z.array(this.roleSchema),
120
+ });
121
+ }
122
+
123
+ get roleResponseSchema() {
124
+ return z.object({
125
+ role: this.roleSchema,
126
+ });
127
+ }
128
+
129
+ get roleSuccessResponseSchema() {
130
+ return z.object({
131
+ ok: z.boolean(),
132
+ });
133
+ }
134
+
135
+ get permissionsResponseSchema() {
136
+ return z.object({
137
+ permissions: z.record(
138
+ z.string(), // plugin name
139
+ z.object({
140
+ controllers: z.record(
141
+ z.string(), // controller name
142
+ z.record(
143
+ z.string(), // action name
144
+ z.object({
145
+ enabled: z.boolean(),
146
+ policy: z.string(),
147
+ })
148
+ )
149
+ ),
150
+ })
151
+ ),
152
+ });
153
+ }
154
+
155
+ get loginBodySchema() {
156
+ return z.object({
157
+ identifier: z.string(),
158
+ password: z.string(),
159
+ });
160
+ }
161
+
162
+ get registerBodySchema() {
163
+ return z.object({
164
+ username: z.string(),
165
+ email: z.email(),
166
+ password: z.string(),
167
+ });
168
+ }
169
+
170
+ get forgotPasswordBodySchema() {
171
+ return z.object({
172
+ email: z.email(),
173
+ });
174
+ }
175
+
176
+ get resetPasswordBodySchema() {
177
+ return z.object({
178
+ code: z.string(),
179
+ password: z.string(),
180
+ passwordConfirmation: z.string(),
181
+ });
182
+ }
183
+
184
+ get changePasswordBodySchema() {
185
+ return z.object({
186
+ currentPassword: z.string(),
187
+ password: z.string(),
188
+ passwordConfirmation: z.string(),
189
+ });
190
+ }
191
+
192
+ get sendEmailConfirmationBodySchema() {
193
+ return z.object({
194
+ email: z.email(),
195
+ });
196
+ }
197
+
198
+ get createUserBodySchema() {
199
+ return z.object({
200
+ username: z.string(),
201
+ email: z.email(),
202
+ password: z.string(),
203
+ role: z.number().optional(),
204
+ });
205
+ }
206
+
207
+ get updateUserBodySchema() {
208
+ return z.object({
209
+ username: z.string().optional(),
210
+ email: z.email().optional(),
211
+ password: z.string().optional(),
212
+ role: z.number().optional(),
213
+ });
214
+ }
215
+
216
+ get createRoleBodySchema() {
217
+ return z.object({
218
+ name: z.string(),
219
+ description: z.string().optional(),
220
+ type: z.string(),
221
+ permissions: z.record(z.string(), z.unknown()).optional(),
222
+ });
223
+ }
224
+
225
+ get updateRoleBodySchema() {
226
+ return z.object({
227
+ name: z.string().optional(),
228
+ description: z.string().optional(),
229
+ type: z.string().optional(),
230
+ permissions: z.record(z.string(), z.unknown()).optional(),
231
+ });
232
+ }
233
+
234
+ get userIdParam() {
235
+ return z.string();
236
+ }
237
+
238
+ get roleIdParam() {
239
+ return z.string();
240
+ }
241
+
242
+ get providerParam() {
243
+ return z.string();
244
+ }
245
+ }
246
+
247
+ module.exports = {
248
+ UsersPermissionsRouteValidator,
249
+ };
@@ -7,6 +7,7 @@ const {
7
7
  template: { createStrictInterpolationRegExp },
8
8
  errors,
9
9
  objects,
10
+ sanitizeRoutesMapForSerialization,
10
11
  } = require('@strapi/utils');
11
12
 
12
13
  const { getService } = require('../utils');
@@ -99,7 +100,8 @@ module.exports = ({ strapi }) => ({
99
100
  }
100
101
  });
101
102
 
102
- return actionMap;
103
+ // Return a deeply cloned version to avoid circular references
104
+ return _.cloneDeep(actionMap);
103
105
  },
104
106
 
105
107
  async getRoutes() {
@@ -147,7 +149,7 @@ module.exports = ({ strapi }) => ({
147
149
  }));
148
150
  });
149
151
 
150
- return routesMap;
152
+ return sanitizeRoutesMapForSerialization(routesMap);
151
153
  },
152
154
 
153
155
  async syncPermissions() {