@strapi/plugin-users-permissions 0.0.0-next.e21fe90bf2ab9906267ea6e6ca620bdcc729906c → 0.0.0-next.e2e3ca14971ee768e1a227a209362264fd0132d4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (144) hide show
  1. package/admin/src/components/Permissions/PermissionRow/SubCategory.jsx +8 -1
  2. package/admin/src/components/Policies/index.jsx +1 -0
  3. package/admin/src/components/UsersPermissions/index.jsx +1 -0
  4. package/admin/src/pages/EmailTemplates/components/EmailForm.jsx +2 -1
  5. package/admin/src/pages/Providers/index.jsx +74 -76
  6. package/admin/src/pages/Roles/pages/CreatePage.jsx +20 -7
  7. package/admin/src/pages/Roles/pages/EditPage.jsx +12 -7
  8. package/admin/src/pages/Roles/pages/ListPage/index.jsx +91 -93
  9. package/admin/src/translations/en.json +1 -0
  10. package/admin/src/utils/formatPluginName.js +1 -1
  11. package/dist/admin/components/FormModal/Input/index.js.map +1 -1
  12. package/dist/admin/components/FormModal/Input/index.mjs.map +1 -1
  13. package/dist/admin/components/Permissions/PermissionRow/SubCategory.js +3 -1
  14. package/dist/admin/components/Permissions/PermissionRow/SubCategory.js.map +1 -1
  15. package/dist/admin/components/Permissions/PermissionRow/SubCategory.mjs +3 -1
  16. package/dist/admin/components/Permissions/PermissionRow/SubCategory.mjs.map +1 -1
  17. package/dist/admin/components/Permissions/PermissionRow/index.js.map +1 -1
  18. package/dist/admin/components/Permissions/PermissionRow/index.mjs.map +1 -1
  19. package/dist/admin/components/Policies/index.js +1 -0
  20. package/dist/admin/components/Policies/index.js.map +1 -1
  21. package/dist/admin/components/Policies/index.mjs +1 -0
  22. package/dist/admin/components/Policies/index.mjs.map +1 -1
  23. package/dist/admin/components/UsersPermissions/index.js +1 -0
  24. package/dist/admin/components/UsersPermissions/index.js.map +1 -1
  25. package/dist/admin/components/UsersPermissions/index.mjs +1 -0
  26. package/dist/admin/components/UsersPermissions/index.mjs.map +1 -1
  27. package/dist/admin/pages/EmailTemplates/components/EmailForm.js +2 -1
  28. package/dist/admin/pages/EmailTemplates/components/EmailForm.js.map +1 -1
  29. package/dist/admin/pages/EmailTemplates/components/EmailForm.mjs +2 -1
  30. package/dist/admin/pages/EmailTemplates/components/EmailForm.mjs.map +1 -1
  31. package/dist/admin/pages/Providers/index.js +84 -88
  32. package/dist/admin/pages/Providers/index.js.map +1 -1
  33. package/dist/admin/pages/Providers/index.mjs +84 -88
  34. package/dist/admin/pages/Providers/index.mjs.map +1 -1
  35. package/dist/admin/pages/Roles/pages/CreatePage.js +14 -1
  36. package/dist/admin/pages/Roles/pages/CreatePage.js.map +1 -1
  37. package/dist/admin/pages/Roles/pages/CreatePage.mjs +16 -3
  38. package/dist/admin/pages/Roles/pages/CreatePage.mjs.map +1 -1
  39. package/dist/admin/pages/Roles/pages/EditPage.js +13 -3
  40. package/dist/admin/pages/Roles/pages/EditPage.js.map +1 -1
  41. package/dist/admin/pages/Roles/pages/EditPage.mjs +14 -4
  42. package/dist/admin/pages/Roles/pages/EditPage.mjs.map +1 -1
  43. package/dist/admin/pages/Roles/pages/ListPage/components/TableBody.js.map +1 -1
  44. package/dist/admin/pages/Roles/pages/ListPage/components/TableBody.mjs.map +1 -1
  45. package/dist/admin/pages/Roles/pages/ListPage/index.js +95 -99
  46. package/dist/admin/pages/Roles/pages/ListPage/index.js.map +1 -1
  47. package/dist/admin/pages/Roles/pages/ListPage/index.mjs +95 -99
  48. package/dist/admin/pages/Roles/pages/ListPage/index.mjs.map +1 -1
  49. package/dist/admin/translations/en.json.js +1 -0
  50. package/dist/admin/translations/en.json.js.map +1 -1
  51. package/dist/admin/translations/en.json.mjs +1 -0
  52. package/dist/admin/translations/en.json.mjs.map +1 -1
  53. package/dist/admin/utils/formatPluginName.js +1 -1
  54. package/dist/admin/utils/formatPluginName.js.map +1 -1
  55. package/dist/admin/utils/formatPluginName.mjs +1 -1
  56. package/dist/admin/utils/formatPluginName.mjs.map +1 -1
  57. package/dist/admin/utils/getTrad.js.map +1 -1
  58. package/dist/admin/utils/getTrad.mjs.map +1 -1
  59. package/dist/admin/utils/prefixPluginTranslations.js.map +1 -1
  60. package/dist/admin/utils/prefixPluginTranslations.mjs.map +1 -1
  61. package/dist/server/bootstrap/index.js +28 -7
  62. package/dist/server/bootstrap/index.js.map +1 -1
  63. package/dist/server/bootstrap/index.mjs +28 -7
  64. package/dist/server/bootstrap/index.mjs.map +1 -1
  65. package/dist/server/config.js +16 -0
  66. package/dist/server/config.js.map +1 -1
  67. package/dist/server/config.mjs +16 -0
  68. package/dist/server/config.mjs.map +1 -1
  69. package/dist/server/controllers/auth.js +204 -3
  70. package/dist/server/controllers/auth.js.map +1 -1
  71. package/dist/server/controllers/auth.mjs +204 -3
  72. package/dist/server/controllers/auth.mjs.map +1 -1
  73. package/dist/server/controllers/content-manager-user.js +3 -3
  74. package/dist/server/controllers/content-manager-user.js.map +1 -1
  75. package/dist/server/controllers/content-manager-user.mjs +3 -3
  76. package/dist/server/controllers/content-manager-user.mjs.map +1 -1
  77. package/dist/server/controllers/validation/user.js +6 -1
  78. package/dist/server/controllers/validation/user.js.map +1 -1
  79. package/dist/server/controllers/validation/user.mjs +6 -1
  80. package/dist/server/controllers/validation/user.mjs.map +1 -1
  81. package/dist/server/graphql/resolvers-configs.js.map +1 -1
  82. package/dist/server/graphql/resolvers-configs.mjs.map +1 -1
  83. package/dist/server/middlewares/rateLimit.js.map +1 -1
  84. package/dist/server/middlewares/rateLimit.mjs.map +1 -1
  85. package/dist/server/routes/content-api/auth.js +155 -91
  86. package/dist/server/routes/content-api/auth.js.map +1 -1
  87. package/dist/server/routes/content-api/auth.mjs +155 -91
  88. package/dist/server/routes/content-api/auth.mjs.map +1 -1
  89. package/dist/server/routes/content-api/index.js +11 -9
  90. package/dist/server/routes/content-api/index.js.map +1 -1
  91. package/dist/server/routes/content-api/index.mjs +11 -9
  92. package/dist/server/routes/content-api/index.mjs.map +1 -1
  93. package/dist/server/routes/content-api/permissions.js +14 -7
  94. package/dist/server/routes/content-api/permissions.js.map +1 -1
  95. package/dist/server/routes/content-api/permissions.mjs +14 -7
  96. package/dist/server/routes/content-api/permissions.mjs.map +1 -1
  97. package/dist/server/routes/content-api/role.js +61 -27
  98. package/dist/server/routes/content-api/role.js.map +1 -1
  99. package/dist/server/routes/content-api/role.mjs +61 -27
  100. package/dist/server/routes/content-api/role.mjs.map +1 -1
  101. package/dist/server/routes/content-api/user.js +119 -57
  102. package/dist/server/routes/content-api/user.js.map +1 -1
  103. package/dist/server/routes/content-api/user.mjs +119 -57
  104. package/dist/server/routes/content-api/user.mjs.map +1 -1
  105. package/dist/server/routes/content-api/validation.js +217 -0
  106. package/dist/server/routes/content-api/validation.js.map +1 -0
  107. package/dist/server/routes/content-api/validation.mjs +215 -0
  108. package/dist/server/routes/content-api/validation.mjs.map +1 -0
  109. package/dist/server/services/constants.js +19 -0
  110. package/dist/server/services/constants.js.map +1 -0
  111. package/dist/server/services/constants.mjs +17 -0
  112. package/dist/server/services/constants.mjs.map +1 -0
  113. package/dist/server/services/jwt.js +45 -2
  114. package/dist/server/services/jwt.js.map +1 -1
  115. package/dist/server/services/jwt.mjs +45 -2
  116. package/dist/server/services/jwt.mjs.map +1 -1
  117. package/dist/server/services/providers-registry.js.map +1 -1
  118. package/dist/server/services/providers-registry.mjs.map +1 -1
  119. package/dist/server/services/role.js.map +1 -1
  120. package/dist/server/services/role.mjs.map +1 -1
  121. package/dist/server/services/user.js +29 -20
  122. package/dist/server/services/user.js.map +1 -1
  123. package/dist/server/services/user.mjs +29 -20
  124. package/dist/server/services/user.mjs.map +1 -1
  125. package/dist/server/services/users-permissions.js +4 -3
  126. package/dist/server/services/users-permissions.js.map +1 -1
  127. package/dist/server/services/users-permissions.mjs +4 -3
  128. package/dist/server/services/users-permissions.mjs.map +1 -1
  129. package/package.json +9 -8
  130. package/server/bootstrap/index.js +31 -0
  131. package/server/config.js +22 -0
  132. package/server/controllers/auth.js +248 -8
  133. package/server/controllers/content-manager-user.js +3 -4
  134. package/server/controllers/validation/user.js +12 -1
  135. package/server/routes/content-api/auth.js +119 -71
  136. package/server/routes/content-api/index.js +11 -4
  137. package/server/routes/content-api/permissions.js +14 -7
  138. package/server/routes/content-api/role.js +57 -27
  139. package/server/routes/content-api/user.js +108 -51
  140. package/server/routes/content-api/validation.js +250 -0
  141. package/server/services/constants.js +9 -0
  142. package/server/services/jwt.js +50 -2
  143. package/server/services/user.js +11 -0
  144. package/server/services/users-permissions.js +4 -2
package/dist/server/services/user.js CHANGED
@@ -23,13 +23,17 @@ function requireUser() {
23
23
  const { toNumber, getOr } = require$$0$1;
24
24
  const { getService } = index.__require();
25
25
  const USER_MODEL_UID = 'plugin::users-permissions.user';
26
- user = ({ strapi })=>({
26
+ const getSessionManager = ()=>{
27
+ const manager = strapi.sessionManager;
28
+ return manager ?? null;
29
+ };
30
+ user = ({ strapi: strapi1 })=>({
27
31
  /**
28
32
  * Promise to count users
29
33
  *
30
34
  * @return {Promise}
31
35
  */ count (params) {
32
- return strapi.db.query(USER_MODEL_UID).count({
36
+ return strapi1.db.query(USER_MODEL_UID).count({
33
37
  where: params
34
38
  });
35
39
  },
@@ -41,7 +45,7 @@ function requireUser() {
41
45
  * @param {object} values - The object containing the fields to be hashed.
42
46
  * @return {object} The values object with hashed password fields if they were present.
43
47
  */ async ensureHashedPasswords (values) {
44
- const attributes = strapi.getModel(USER_MODEL_UID).attributes;
48
+ const attributes = strapi1.getModel(USER_MODEL_UID).attributes;
45
49
  for(const key in values){
46
50
  if (attributes[key] && attributes[key].type === 'password') {
47
51
  // Check if a custom encryption.rounds has been set on the password attribute
@@ -55,7 +59,7 @@ function requireUser() {
55
59
  * Promise to add a/an user.
56
60
  * @return {Promise}
57
61
  */ async add (values) {
58
- return strapi.db.query(USER_MODEL_UID).create({
62
+ return strapi1.db.query(USER_MODEL_UID).create({
59
63
  data: await this.ensureHashedPasswords(values),
60
64
  populate: [
61
65
  'role'
@@ -68,7 +72,7 @@ function requireUser() {
68
72
  * @param {object} params
69
73
  * @return {Promise}
70
74
  */ async edit (userId, params = {}) {
71
- return strapi.db.query(USER_MODEL_UID).update({
75
+ return strapi1.db.query(USER_MODEL_UID).update({
72
76
  where: {
73
77
  id: userId
74
78
  },
@@ -82,8 +86,8 @@ function requireUser() {
82
86
  * Promise to fetch a/an user.
83
87
  * @return {Promise}
84
88
  */ fetch (id, params) {
85
- const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});
86
- return strapi.db.query(USER_MODEL_UID).findOne({
89
+ const query = strapi1.get('query-params').transform(USER_MODEL_UID, params ?? {});
90
+ return strapi1.db.query(USER_MODEL_UID).findOne({
87
91
  ...query,
88
92
  where: {
89
93
  $and: [
@@ -99,7 +103,7 @@ function requireUser() {
99
103
  * Promise to fetch authenticated user.
100
104
  * @return {Promise}
101
105
  */ fetchAuthenticatedUser (id) {
102
- return strapi.db.query(USER_MODEL_UID).findOne({
106
+ return strapi1.db.query(USER_MODEL_UID).findOne({
103
107
  where: {
104
108
  id
105
109
  },
@@ -112,14 +116,19 @@ function requireUser() {
112
116
  * Promise to fetch all users.
113
117
  * @return {Promise}
114
118
  */ fetchAll (params) {
115
- const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});
116
- return strapi.db.query(USER_MODEL_UID).findMany(query);
119
+ const query = strapi1.get('query-params').transform(USER_MODEL_UID, params ?? {});
120
+ return strapi1.db.query(USER_MODEL_UID).findMany(query);
117
121
  },
118
122
  /**
119
123
  * Promise to remove a/an user.
120
124
  * @return {Promise}
121
125
  */ async remove (params) {
122
- return strapi.db.query(USER_MODEL_UID).delete({
126
+ // Invalidate sessions for all affected users
127
+ const sessionManager = getSessionManager();
128
+ if (sessionManager && sessionManager.hasOrigin('users-permissions') && params.id) {
129
+ await sessionManager('users-permissions').invalidateRefreshToken(String(params.id));
130
+ }
131
+ return strapi1.db.query(USER_MODEL_UID).delete({
123
132
  where: params
124
133
  });
125
134
  },
@@ -128,29 +137,29 @@ function requireUser() {
128
137
  },
129
138
  async sendConfirmationEmail (user) {
130
139
  const userPermissionService = getService('users-permissions');
131
- const pluginStore = await strapi.store({
140
+ const pluginStore = await strapi1.store({
132
141
  type: 'plugin',
133
142
  name: 'users-permissions'
134
143
  });
135
- const userSchema = strapi.getModel(USER_MODEL_UID);
144
+ const userSchema = strapi1.getModel(USER_MODEL_UID);
136
145
  const settings = await pluginStore.get({
137
146
  key: 'email'
138
147
  }).then((storeEmail)=>storeEmail.email_confirmation.options);
139
148
  // Sanitize the template's user information
140
149
  const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput({
141
150
  schema: userSchema,
142
- getModel: strapi.getModel.bind(strapi)
151
+ getModel: strapi1.getModel.bind(strapi1)
143
152
  }, user);
144
153
  const confirmationToken = crypto.randomBytes(20).toString('hex');
145
154
  await this.edit(user.id, {
146
155
  confirmationToken
147
156
  });
148
- const apiPrefix = strapi.config.get('api.rest.prefix');
157
+ const apiPrefix = strapi1.config.get('api.rest.prefix');
149
158
  try {
150
159
  settings.message = await userPermissionService.template(settings.message, {
151
- URL: urlJoin(strapi.config.get('server.absoluteUrl'), apiPrefix, '/auth/email-confirmation'),
152
- SERVER_URL: strapi.config.get('server.absoluteUrl'),
153
- ADMIN_URL: strapi.config.get('admin.absoluteUrl'),
160
+ URL: urlJoin(strapi1.config.get('server.absoluteUrl'), apiPrefix, '/auth/email-confirmation'),
161
+ SERVER_URL: strapi1.config.get('server.absoluteUrl'),
162
+ ADMIN_URL: strapi1.config.get('admin.absoluteUrl'),
154
163
  USER: sanitizedUserInfo,
155
164
  CODE: confirmationToken
156
165
  });
@@ -158,11 +167,11 @@ function requireUser() {
158
167
  USER: sanitizedUserInfo
159
168
  });
160
169
  } catch {
161
- strapi.log.error('[plugin::users-permissions.sendConfirmationEmail]: Failed to generate a template for "user confirmation email". Please make sure your email template is valid and does not contain invalid characters or patterns');
170
+ strapi1.log.error('[plugin::users-permissions.sendConfirmationEmail]: Failed to generate a template for "user confirmation email". Please make sure your email template is valid and does not contain invalid characters or patterns');
162
171
  return;
163
172
  }
164
173
  // Send an email to the user.
165
- await strapi.plugin('email').service('email').send({
174
+ await strapi1.plugin('email').service('email').send({
166
175
  to: user.email,
167
176
  from: settings.from.email && settings.from.name ? `${settings.from.name} <${settings.from.email}>` : undefined,
168
177
  replyTo: settings.response_email,
package/dist/server/services/user.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"user.js","sources":["../../../server/services/user.js"],"sourcesContent":["'use strict';\n\n/**\n * User.js service\n *\n * @description: A set of functions similar to controller's actions to avoid code duplication.\n */\n\nconst crypto = require('crypto');\nconst bcrypt = require('bcryptjs');\nconst urlJoin = require('url-join');\n\nconst { sanitize } = require('@strapi/utils');\nconst { toNumber, getOr } = require('lodash/fp');\nconst { getService } = require('../utils');\n\nconst USER_MODEL_UID = 'plugin::users-permissions.user';\n\nmodule.exports = ({ strapi }) => ({\n /**\n * Promise to count users\n *\n * @return {Promise}\n */\n\n count(params) {\n return strapi.db.query(USER_MODEL_UID).count({ where: params });\n },\n\n /**\n * Hashes password fields in the provided values object if they are present.\n * It checks each key in the values object against the model's attributes and\n * hashes it if the attribute type is 'password',\n *\n * @param {object} values - The object containing the fields to be hashed.\n * @return {object} The values object with hashed password fields if they were present.\n */\n async ensureHashedPasswords(values) {\n const attributes = strapi.getModel(USER_MODEL_UID).attributes;\n\n for (const key in values) {\n if (attributes[key] && attributes[key].type === 'password') {\n // Check if a custom encryption.rounds has been set on the password attribute\n const rounds = toNumber(getOr(10, 'encryption.rounds', attributes[key]));\n values[key] = await bcrypt.hash(values[key], rounds);\n }\n }\n\n return values;\n },\n\n /**\n * Promise to add a/an user.\n * @return {Promise}\n */\n async add(values) {\n return strapi.db.query(USER_MODEL_UID).create({\n data: await this.ensureHashedPasswords(values),\n populate: ['role'],\n });\n },\n\n /**\n * Promise to edit a/an user.\n * @param {string} userId\n * @param {object} params\n * @return {Promise}\n */\n async edit(userId, params = {}) {\n return strapi.db.query(USER_MODEL_UID).update({\n where: { id: userId },\n data: await this.ensureHashedPasswords(params),\n populate: ['role'],\n });\n },\n\n /**\n * Promise to fetch a/an user.\n * @return {Promise}\n */\n fetch(id, params) {\n const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});\n\n return strapi.db.query(USER_MODEL_UID).findOne({\n ...query,\n where: {\n $and: [{ id }, query.where || {}],\n },\n });\n },\n\n /**\n * Promise to fetch authenticated user.\n * @return {Promise}\n */\n fetchAuthenticatedUser(id) {\n return strapi.db.query(USER_MODEL_UID).findOne({ where: { id }, populate: ['role'] });\n },\n\n /**\n * Promise to fetch all users.\n * @return {Promise}\n */\n fetchAll(params) {\n const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});\n\n return strapi.db.query(USER_MODEL_UID).findMany(query);\n },\n\n /**\n * Promise to remove a/an user.\n * @return {Promise}\n */\n async remove(params) {\n return strapi.db.query(USER_MODEL_UID).delete({ where: params });\n },\n\n validatePassword(password, hash) {\n return bcrypt.compare(password, hash);\n },\n\n async sendConfirmationEmail(user) {\n const userPermissionService = getService('users-permissions');\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n const userSchema = strapi.getModel(USER_MODEL_UID);\n\n const settings = await pluginStore\n .get({ key: 'email' })\n .then((storeEmail) => storeEmail.email_confirmation.options);\n\n // Sanitize the template's user information\n const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput(\n {\n schema: userSchema,\n getModel: strapi.getModel.bind(strapi),\n },\n user\n );\n\n const confirmationToken = crypto.randomBytes(20).toString('hex');\n\n await this.edit(user.id, { confirmationToken });\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n\n try {\n settings.message = await userPermissionService.template(settings.message, {\n URL: urlJoin(\n strapi.config.get('server.absoluteUrl'),\n apiPrefix,\n '/auth/email-confirmation'\n ),\n SERVER_URL: strapi.config.get('server.absoluteUrl'),\n ADMIN_URL: strapi.config.get('admin.absoluteUrl'),\n USER: sanitizedUserInfo,\n CODE: confirmationToken,\n });\n\n settings.object = await userPermissionService.template(settings.object, {\n USER: sanitizedUserInfo,\n });\n } catch {\n strapi.log.error(\n '[plugin::users-permissions.sendConfirmationEmail]: Failed to generate a template for \"user confirmation email\". Please make sure your email template is valid and does not contain invalid characters or patterns'\n );\n return;\n }\n\n // Send an email to the user.\n await strapi\n .plugin('email')\n .service('email')\n .send({\n to: user.email,\n from:\n settings.from.email && settings.from.name\n ? `${settings.from.name} <${settings.from.email}>`\n : undefined,\n replyTo: settings.response_email,\n subject: settings.object,\n text: settings.message,\n html: settings.message,\n });\n },\n});\n"],"names":["crypto","require$$0","bcrypt","require$$1","urlJoin","require$$2","sanitize","require$$3","toNumber","getOr","require$$4","getService","require$$5","USER_MODEL_UID","user","strapi","count","params","db","query","where","ensureHashedPasswords","values","attributes","getModel","key","type","rounds","hash","add","create","data","populate","edit","userId","update","id","fetch","get","transform","findOne","$and","fetchAuthenticatedUser","fetchAll","findMany","remove","delete","validatePassword","password","compare","sendConfirmationEmail","userPermissionService","pluginStore","store","name","userSchema","settings","then","storeEmail","email_confirmation","options","sanitizedUserInfo","sanitizers","defaultSanitizeOutput","schema","bind","confirmationToken","randomBytes","toString","apiPrefix","config","message","template","URL","SERVER_URL","ADMIN_URL","USER","CODE","object","log","error","plugin","service","send","to","email","from","undefined","replyTo","response_email","subject","text","html"],"mappings":";;;;;;;;;;;;;;AAEA;;;;AAIA,KAEA,MAAMA,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,OAAUC,GAAAA,UAAAA;IAEhB,MAAM,EAAEC,QAAQ,EAAE,GAAGC,YAAAA;AACrB,IAAA,MAAM,EAAEC,QAAQ,EAAEC,KAAK,EAAE,GAAGC,YAAAA;IAC5B,MAAM,EAAEC,UAAU,EAAE,GAAGC,eAAAA,EAAAA;AAEvB,IAAA,MAAMC,cAAiB,GAAA,gCAAA;AAEvBC,IAAAA,IAAAA,GAAiB,CAAC,EAAEC,MAAM,EAAE,IAAM;AAClC;;;;AAIA,OAEEC,OAAMC,MAAM,EAAA;AACV,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgBG,KAAK,CAAC;oBAAEI,KAAOH,EAAAA;AAAM,iBAAA,CAAA;AAC7D,aAAA;AAEH;;;;;;;OAQE,MAAMI,uBAAsBC,MAAM,EAAA;AAChC,gBAAA,MAAMC,UAAaR,GAAAA,MAAAA,CAAOS,QAAQ,CAACX,gBAAgBU,UAAU;gBAE7D,IAAK,MAAME,OAAOH,MAAQ,CAAA;oBACxB,IAAIC,UAAU,CAACE,GAAAA,CAAI,IAAIF,UAAU,CAACE,GAAI,CAAA,CAACC,IAAI,KAAK,UAAY,EAAA;;AAE1D,wBAAA,MAAMC,SAASnB,QAASC,CAAAA,KAAAA,CAAM,IAAI,mBAAqBc,EAAAA,UAAU,CAACE,GAAI,CAAA,CAAA,CAAA;wBACtEH,MAAM,CAACG,GAAI,CAAA,GAAG,MAAMvB,MAAAA,CAAO0B,IAAI,CAACN,MAAM,CAACG,GAAAA,CAAI,EAAEE,MAAAA,CAAAA;AAC9C;AACF;gBAED,OAAOL,MAAAA;AACR,aAAA;AAEH;;;OAIE,MAAMO,KAAIP,MAAM,EAAA;AACd,gBAAA,OAAOP,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgBiB,MAAM,CAAC;AAC5CC,oBAAAA,IAAAA,EAAM,MAAM,IAAI,CAACV,qBAAqB,CAACC,MAAAA,CAAAA;oBACvCU,QAAU,EAAA;AAAC,wBAAA;AAAO;AACxB,iBAAA,CAAA;AACG,aAAA;AAEH;;;;;AAKA,OACE,MAAMC,IAAKC,CAAAA,CAAAA,MAAM,EAAEjB,MAAAA,GAAS,EAAE,EAAA;AAC5B,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgBsB,MAAM,CAAC;oBAC5Cf,KAAO,EAAA;wBAAEgB,EAAIF,EAAAA;AAAQ,qBAAA;AACrBH,oBAAAA,IAAAA,EAAM,MAAM,IAAI,CAACV,qBAAqB,CAACJ,MAAAA,CAAAA;oBACvCe,QAAU,EAAA;AAAC,wBAAA;AAAO;AACxB,iBAAA,CAAA;AACG,aAAA;AAEH;;;OAIEK,KAAAA,CAAAA,CAAMD,EAAE,EAAEnB,MAAM,EAAA;gBACd,MAAME,KAAAA,GAAQJ,OAAOuB,GAAG,CAAC,gBAAgBC,SAAS,CAAC1B,cAAgBI,EAAAA,MAAAA,IAAU,EAAA,CAAA;AAE7E,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgB2B,OAAO,CAAC;AAC7C,oBAAA,GAAGrB,KAAK;oBACRC,KAAO,EAAA;wBACLqB,IAAM,EAAA;AAAC,4BAAA;AAAEL,gCAAAA;AAAE,6BAAA;4BAAIjB,KAAMC,CAAAA,KAAK,IAAI;AAAG;AAClC;AACP,iBAAA,CAAA;AACG,aAAA;AAEH;;;AAGA,OACEsB,wBAAuBN,EAAE,EAAA;AACvB,gBAAA,OAAOrB,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgB2B,OAAO,CAAC;oBAAEpB,KAAO,EAAA;AAAEgB,wBAAAA;AAAE,qBAAA;oBAAIJ,QAAU,EAAA;AAAC,wBAAA;AAAO;AAAE,iBAAA,CAAA;AACrF,aAAA;AAEH;;;AAGA,OACEW,UAAS1B,MAAM,EAAA;gBACb,MAAME,KAAAA,GAAQJ,OAAOuB,GAAG,CAAC,gBAAgBC,SAAS,CAAC1B,cAAgBI,EAAAA,MAAAA,IAAU,EAAA,CAAA;AAE7E,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgB+B,QAAQ,CAACzB,KAAAA,CAAAA;AACjD,aAAA;AAEH;;;OAIE,MAAM0B,QAAO5B,MAAM,EAAA;AACjB,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgBiC,MAAM,CAAC;oBAAE1B,KAAOH,EAAAA;AAAM,iBAAA,CAAA;AAC9D,aAAA;YAED8B,gBAAiBC,CAAAA,CAAAA,QAAQ,EAAEpB,IAAI,EAAA;gBAC7B,OAAO1B,MAAAA,CAAO+C,OAAO,CAACD,QAAUpB,EAAAA,IAAAA,CAAAA;AACjC,aAAA;AAED,YAAA,MAAMsB,uBAAsBpC,IAAI,EAAA;AAC9B,gBAAA,MAAMqC,wBAAwBxC,UAAW,CAAA,mBAAA,CAAA;AACzC,gBAAA,MAAMyC,WAAc,GAAA,MAAMrC,MAAOsC,CAAAA,KAAK,CAAC;oBAAE3B,IAAM,EAAA,QAAA;oBAAU4B,IAAM,EAAA;AAAmB,iBAAA,CAAA;gBAClF,MAAMC,UAAAA,GAAaxC,MAAOS,CAAAA,QAAQ,CAACX,cAAAA,CAAAA;AAEnC,gBAAA,MAAM2C,QAAW,GAAA,MAAMJ,WACpBd,CAAAA,GAAG,CAAC;oBAAEb,GAAK,EAAA;mBACXgC,IAAI,CAAC,CAACC,aAAeA,UAAWC,CAAAA,kBAAkB,CAACC,OAAO,CAAA;;AAG7D,gBAAA,MAAMC,oBAAoB,MAAMvD,QAAAA,CAASwD,UAAU,CAACC,qBAAqB,CACvE;oBACEC,MAAQT,EAAAA,UAAAA;AACR/B,oBAAAA,QAAAA,EAAUT,MAAOS,CAAAA,QAAQ,CAACyC,IAAI,CAAClD,MAAAA;iBAEjCD,EAAAA,IAAAA,CAAAA;AAGF,gBAAA,MAAMoD,oBAAoBlE,MAAOmE,CAAAA,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,KAAA,CAAA;AAE1D,gBAAA,MAAM,IAAI,CAACnC,IAAI,CAACnB,IAAAA,CAAKsB,EAAE,EAAE;AAAE8B,oBAAAA;AAAiB,iBAAA,CAAA;AAE5C,gBAAA,MAAMG,SAAYtD,GAAAA,MAAAA,CAAOuD,MAAM,CAAChC,GAAG,CAAC,iBAAA,CAAA;gBAEpC,IAAI;oBACFkB,QAASe,CAAAA,OAAO,GAAG,MAAMpB,qBAAAA,CAAsBqB,QAAQ,CAAChB,QAAAA,CAASe,OAAO,EAAE;AACxEE,wBAAAA,GAAAA,EAAKrE,QACHW,MAAOuD,CAAAA,MAAM,CAAChC,GAAG,CAAC,uBAClB+B,SACA,EAAA,0BAAA,CAAA;AAEFK,wBAAAA,UAAAA,EAAY3D,MAAOuD,CAAAA,MAAM,CAAChC,GAAG,CAAC,oBAAA,CAAA;AAC9BqC,wBAAAA,SAAAA,EAAW5D,MAAOuD,CAAAA,MAAM,CAAChC,GAAG,CAAC,mBAAA,CAAA;wBAC7BsC,IAAMf,EAAAA,iBAAAA;wBACNgB,IAAMX,EAAAA;AACd,qBAAA,CAAA;oBAEMV,QAASsB,CAAAA,MAAM,GAAG,MAAM3B,qBAAAA,CAAsBqB,QAAQ,CAAChB,QAAAA,CAASsB,MAAM,EAAE;wBACtEF,IAAMf,EAAAA;AACd,qBAAA,CAAA;AACA,iBAAA,CAAM,OAAM;oBACN9C,MAAOgE,CAAAA,GAAG,CAACC,KAAK,CACd,mNAAA,CAAA;AAEF,oBAAA;AACD;;gBAGD,MAAMjE,MAAAA,CACHkE,MAAM,CAAC,OAAA,CAAA,CACPC,OAAO,CAAC,OAAA,CAAA,CACRC,IAAI,CAAC;AACJC,oBAAAA,EAAAA,EAAItE,KAAKuE,KAAK;oBACdC,IACE9B,EAAAA,QAAAA,CAAS8B,IAAI,CAACD,KAAK,IAAI7B,QAAS8B,CAAAA,IAAI,CAAChC,IAAI,GACrC,CAAC,EAAEE,QAAAA,CAAS8B,IAAI,CAAChC,IAAI,CAAC,EAAE,EAAEE,QAAAA,CAAS8B,IAAI,CAACD,KAAK,CAAC,CAAC,CAAC,GAChDE,SAAAA;AACNC,oBAAAA,OAAAA,EAAShC,SAASiC,cAAc;AAChCC,oBAAAA,OAAAA,EAASlC,SAASsB,MAAM;AACxBa,oBAAAA,IAAAA,EAAMnC,SAASe,OAAO;AACtBqB,oBAAAA,IAAAA,EAAMpC,SAASe;AACvB,iBAAA,CAAA;AACG;SACH,CAAA;;;;;;"}
1
+ {"version":3,"file":"user.js","sources":["../../../server/services/user.js"],"sourcesContent":["'use strict';\n\n/**\n * User.js service\n *\n * @description: A set of functions similar to controller's actions to avoid code duplication.\n */\n\nconst crypto = require('crypto');\nconst bcrypt = require('bcryptjs');\nconst urlJoin = require('url-join');\n\nconst { sanitize } = require('@strapi/utils');\nconst { toNumber, getOr } = require('lodash/fp');\nconst { getService } = require('../utils');\n\nconst USER_MODEL_UID = 'plugin::users-permissions.user';\n\nconst getSessionManager = () => {\n const manager = strapi.sessionManager;\n return manager ?? null;\n};\n\nmodule.exports = ({ strapi }) => ({\n /**\n * Promise to count users\n *\n * @return {Promise}\n */\n\n count(params) {\n return strapi.db.query(USER_MODEL_UID).count({ where: params });\n },\n\n /**\n * Hashes password fields in the provided values object if they are present.\n * It checks each key in the values object against the model's attributes and\n * hashes it if the attribute type is 'password',\n *\n * @param {object} values - The object containing the fields to be hashed.\n * @return {object} The values object with hashed password fields if they were present.\n */\n async ensureHashedPasswords(values) {\n const attributes = strapi.getModel(USER_MODEL_UID).attributes;\n\n for (const key in values) {\n if (attributes[key] && attributes[key].type === 'password') {\n // Check if a custom encryption.rounds has been set on the password attribute\n const rounds = toNumber(getOr(10, 'encryption.rounds', attributes[key]));\n values[key] = await bcrypt.hash(values[key], rounds);\n }\n }\n\n return values;\n },\n\n /**\n * Promise to add a/an user.\n * @return {Promise}\n */\n async add(values) {\n return strapi.db.query(USER_MODEL_UID).create({\n data: await this.ensureHashedPasswords(values),\n populate: ['role'],\n });\n },\n\n /**\n * Promise to edit a/an user.\n * @param {string} userId\n * @param {object} params\n * @return {Promise}\n */\n async edit(userId, params = {}) {\n return strapi.db.query(USER_MODEL_UID).update({\n where: { id: userId },\n data: await this.ensureHashedPasswords(params),\n populate: ['role'],\n });\n },\n\n /**\n * Promise to fetch a/an user.\n * @return {Promise}\n */\n fetch(id, params) {\n const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});\n\n return strapi.db.query(USER_MODEL_UID).findOne({\n ...query,\n where: {\n $and: [{ id }, query.where || {}],\n },\n });\n },\n\n /**\n * Promise to fetch authenticated user.\n * @return {Promise}\n */\n fetchAuthenticatedUser(id) {\n return strapi.db.query(USER_MODEL_UID).findOne({ where: { id }, populate: ['role'] });\n },\n\n /**\n * Promise to fetch all users.\n * @return {Promise}\n */\n fetchAll(params) {\n const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});\n\n return strapi.db.query(USER_MODEL_UID).findMany(query);\n },\n\n /**\n * Promise to remove a/an user.\n * @return {Promise}\n */\n async remove(params) {\n // Invalidate sessions for all affected users\n const sessionManager = getSessionManager();\n if (sessionManager && sessionManager.hasOrigin('users-permissions') && params.id) {\n await sessionManager('users-permissions').invalidateRefreshToken(String(params.id));\n }\n\n return strapi.db.query(USER_MODEL_UID).delete({ where: params });\n },\n\n validatePassword(password, hash) {\n return bcrypt.compare(password, hash);\n },\n\n async sendConfirmationEmail(user) {\n const userPermissionService = getService('users-permissions');\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n const userSchema = strapi.getModel(USER_MODEL_UID);\n\n const settings = await pluginStore\n .get({ key: 'email' })\n .then((storeEmail) => storeEmail.email_confirmation.options);\n\n // Sanitize the template's user information\n const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput(\n {\n schema: userSchema,\n getModel: strapi.getModel.bind(strapi),\n },\n user\n );\n\n const confirmationToken = crypto.randomBytes(20).toString('hex');\n\n await this.edit(user.id, { confirmationToken });\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n\n try {\n settings.message = await userPermissionService.template(settings.message, {\n URL: urlJoin(\n strapi.config.get('server.absoluteUrl'),\n apiPrefix,\n '/auth/email-confirmation'\n ),\n SERVER_URL: strapi.config.get('server.absoluteUrl'),\n ADMIN_URL: strapi.config.get('admin.absoluteUrl'),\n USER: sanitizedUserInfo,\n CODE: confirmationToken,\n });\n\n settings.object = await userPermissionService.template(settings.object, {\n USER: sanitizedUserInfo,\n });\n } catch {\n strapi.log.error(\n '[plugin::users-permissions.sendConfirmationEmail]: Failed to generate a template for \"user confirmation email\". Please make sure your email template is valid and does not contain invalid characters or patterns'\n );\n return;\n }\n\n // Send an email to the user.\n await strapi\n .plugin('email')\n .service('email')\n .send({\n to: user.email,\n from:\n settings.from.email && settings.from.name\n ? `${settings.from.name} <${settings.from.email}>`\n : undefined,\n replyTo: settings.response_email,\n subject: settings.object,\n text: settings.message,\n html: settings.message,\n });\n },\n});\n"],"names":["crypto","require$$0","bcrypt","require$$1","urlJoin","require$$2","sanitize","require$$3","toNumber","getOr","require$$4","getService","require$$5","USER_MODEL_UID","getSessionManager","manager","strapi","sessionManager","user","count","params","db","query","where","ensureHashedPasswords","values","attributes","getModel","key","type","rounds","hash","add","create","data","populate","edit","userId","update","id","fetch","get","transform","findOne","$and","fetchAuthenticatedUser","fetchAll","findMany","remove","hasOrigin","invalidateRefreshToken","String","delete","validatePassword","password","compare","sendConfirmationEmail","userPermissionService","pluginStore","store","name","userSchema","settings","then","storeEmail","email_confirmation","options","sanitizedUserInfo","sanitizers","defaultSanitizeOutput","schema","bind","confirmationToken","randomBytes","toString","apiPrefix","config","message","template","URL","SERVER_URL","ADMIN_URL","USER","CODE","object","log","error","plugin","service","send","to","email","from","undefined","replyTo","response_email","subject","text","html"],"mappings":";;;;;;;;;;;;;;AAEA;;;;AAIA,KAEA,MAAMA,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,OAAUC,GAAAA,UAAAA;IAEhB,MAAM,EAAEC,QAAQ,EAAE,GAAGC,YAAAA;AACrB,IAAA,MAAM,EAAEC,QAAQ,EAAEC,KAAK,EAAE,GAAGC,YAAAA;IAC5B,MAAM,EAAEC,UAAU,EAAE,GAAGC,eAAAA,EAAAA;AAEvB,IAAA,MAAMC,cAAiB,GAAA,gCAAA;AAEvB,IAAA,MAAMC,iBAAoB,GAAA,IAAA;QACxB,MAAMC,OAAAA,GAAUC,OAAOC,cAAc;AACrC,QAAA,OAAOF,OAAW,IAAA,IAAA;AACpB,KAAA;AAEAG,IAAAA,IAAAA,GAAiB,CAAC,EAAEF,MAAAA,EAAAA,OAAM,EAAE,IAAM;AAClC;;;;AAIA,OAEEG,OAAMC,MAAM,EAAA;AACV,gBAAA,OAAOJ,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgBM,KAAK,CAAC;oBAAEI,KAAOH,EAAAA;AAAM,iBAAA,CAAA;AAC7D,aAAA;AAEH;;;;;;;OAQE,MAAMI,uBAAsBC,MAAM,EAAA;AAChC,gBAAA,MAAMC,UAAaV,GAAAA,OAAAA,CAAOW,QAAQ,CAACd,gBAAgBa,UAAU;gBAE7D,IAAK,MAAME,OAAOH,MAAQ,CAAA;oBACxB,IAAIC,UAAU,CAACE,GAAAA,CAAI,IAAIF,UAAU,CAACE,GAAI,CAAA,CAACC,IAAI,KAAK,UAAY,EAAA;;AAE1D,wBAAA,MAAMC,SAAStB,QAASC,CAAAA,KAAAA,CAAM,IAAI,mBAAqBiB,EAAAA,UAAU,CAACE,GAAI,CAAA,CAAA,CAAA;wBACtEH,MAAM,CAACG,GAAI,CAAA,GAAG,MAAM1B,MAAAA,CAAO6B,IAAI,CAACN,MAAM,CAACG,GAAAA,CAAI,EAAEE,MAAAA,CAAAA;AAC9C;AACF;gBAED,OAAOL,MAAAA;AACR,aAAA;AAEH;;;OAIE,MAAMO,KAAIP,MAAM,EAAA;AACd,gBAAA,OAAOT,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgBoB,MAAM,CAAC;AAC5CC,oBAAAA,IAAAA,EAAM,MAAM,IAAI,CAACV,qBAAqB,CAACC,MAAAA,CAAAA;oBACvCU,QAAU,EAAA;AAAC,wBAAA;AAAO;AACxB,iBAAA,CAAA;AACG,aAAA;AAEH;;;;;AAKA,OACE,MAAMC,IAAKC,CAAAA,CAAAA,MAAM,EAAEjB,MAAAA,GAAS,EAAE,EAAA;AAC5B,gBAAA,OAAOJ,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgByB,MAAM,CAAC;oBAC5Cf,KAAO,EAAA;wBAAEgB,EAAIF,EAAAA;AAAQ,qBAAA;AACrBH,oBAAAA,IAAAA,EAAM,MAAM,IAAI,CAACV,qBAAqB,CAACJ,MAAAA,CAAAA;oBACvCe,QAAU,EAAA;AAAC,wBAAA;AAAO;AACxB,iBAAA,CAAA;AACG,aAAA;AAEH;;;OAIEK,KAAAA,CAAAA,CAAMD,EAAE,EAAEnB,MAAM,EAAA;gBACd,MAAME,KAAAA,GAAQN,QAAOyB,GAAG,CAAC,gBAAgBC,SAAS,CAAC7B,cAAgBO,EAAAA,MAAAA,IAAU,EAAA,CAAA;AAE7E,gBAAA,OAAOJ,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgB8B,OAAO,CAAC;AAC7C,oBAAA,GAAGrB,KAAK;oBACRC,KAAO,EAAA;wBACLqB,IAAM,EAAA;AAAC,4BAAA;AAAEL,gCAAAA;AAAE,6BAAA;4BAAIjB,KAAMC,CAAAA,KAAK,IAAI;AAAG;AAClC;AACP,iBAAA,CAAA;AACG,aAAA;AAEH;;;AAGA,OACEsB,wBAAuBN,EAAE,EAAA;AACvB,gBAAA,OAAOvB,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgB8B,OAAO,CAAC;oBAAEpB,KAAO,EAAA;AAAEgB,wBAAAA;AAAE,qBAAA;oBAAIJ,QAAU,EAAA;AAAC,wBAAA;AAAO;AAAE,iBAAA,CAAA;AACrF,aAAA;AAEH;;;AAGA,OACEW,UAAS1B,MAAM,EAAA;gBACb,MAAME,KAAAA,GAAQN,QAAOyB,GAAG,CAAC,gBAAgBC,SAAS,CAAC7B,cAAgBO,EAAAA,MAAAA,IAAU,EAAA,CAAA;AAE7E,gBAAA,OAAOJ,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgBkC,QAAQ,CAACzB,KAAAA,CAAAA;AACjD,aAAA;AAEH;;;OAIE,MAAM0B,QAAO5B,MAAM,EAAA;;AAEjB,gBAAA,MAAMH,cAAiBH,GAAAA,iBAAAA,EAAAA;AACvB,gBAAA,IAAIG,kBAAkBA,cAAegC,CAAAA,SAAS,CAAC,mBAAwB7B,CAAAA,IAAAA,MAAAA,CAAOmB,EAAE,EAAE;AAChF,oBAAA,MAAMtB,eAAe,mBAAqBiC,CAAAA,CAAAA,sBAAsB,CAACC,MAAAA,CAAO/B,OAAOmB,EAAE,CAAA,CAAA;AAClF;AAED,gBAAA,OAAOvB,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgBuC,MAAM,CAAC;oBAAE7B,KAAOH,EAAAA;AAAM,iBAAA,CAAA;AAC9D,aAAA;YAEDiC,gBAAiBC,CAAAA,CAAAA,QAAQ,EAAEvB,IAAI,EAAA;gBAC7B,OAAO7B,MAAAA,CAAOqD,OAAO,CAACD,QAAUvB,EAAAA,IAAAA,CAAAA;AACjC,aAAA;AAED,YAAA,MAAMyB,uBAAsBtC,IAAI,EAAA;AAC9B,gBAAA,MAAMuC,wBAAwB9C,UAAW,CAAA,mBAAA,CAAA;AACzC,gBAAA,MAAM+C,WAAc,GAAA,MAAM1C,OAAO2C,CAAAA,KAAK,CAAC;oBAAE9B,IAAM,EAAA,QAAA;oBAAU+B,IAAM,EAAA;AAAmB,iBAAA,CAAA;gBAClF,MAAMC,UAAAA,GAAa7C,OAAOW,CAAAA,QAAQ,CAACd,cAAAA,CAAAA;AAEnC,gBAAA,MAAMiD,QAAW,GAAA,MAAMJ,WACpBjB,CAAAA,GAAG,CAAC;oBAAEb,GAAK,EAAA;mBACXmC,IAAI,CAAC,CAACC,aAAeA,UAAWC,CAAAA,kBAAkB,CAACC,OAAO,CAAA;;AAG7D,gBAAA,MAAMC,oBAAoB,MAAM7D,QAAAA,CAAS8D,UAAU,CAACC,qBAAqB,CACvE;oBACEC,MAAQT,EAAAA,UAAAA;AACRlC,oBAAAA,QAAAA,EAAUX,OAAOW,CAAAA,QAAQ,CAAC4C,IAAI,CAACvD,OAAAA;iBAEjCE,EAAAA,IAAAA,CAAAA;AAGF,gBAAA,MAAMsD,oBAAoBxE,MAAOyE,CAAAA,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,KAAA,CAAA;AAE1D,gBAAA,MAAM,IAAI,CAACtC,IAAI,CAAClB,IAAAA,CAAKqB,EAAE,EAAE;AAAEiC,oBAAAA;AAAiB,iBAAA,CAAA;AAE5C,gBAAA,MAAMG,SAAY3D,GAAAA,OAAAA,CAAO4D,MAAM,CAACnC,GAAG,CAAC,iBAAA,CAAA;gBAEpC,IAAI;oBACFqB,QAASe,CAAAA,OAAO,GAAG,MAAMpB,qBAAAA,CAAsBqB,QAAQ,CAAChB,QAAAA,CAASe,OAAO,EAAE;AACxEE,wBAAAA,GAAAA,EAAK3E,QACHY,OAAO4D,CAAAA,MAAM,CAACnC,GAAG,CAAC,uBAClBkC,SACA,EAAA,0BAAA,CAAA;AAEFK,wBAAAA,UAAAA,EAAYhE,OAAO4D,CAAAA,MAAM,CAACnC,GAAG,CAAC,oBAAA,CAAA;AAC9BwC,wBAAAA,SAAAA,EAAWjE,OAAO4D,CAAAA,MAAM,CAACnC,GAAG,CAAC,mBAAA,CAAA;wBAC7ByC,IAAMf,EAAAA,iBAAAA;wBACNgB,IAAMX,EAAAA;AACd,qBAAA,CAAA;oBAEMV,QAASsB,CAAAA,MAAM,GAAG,MAAM3B,qBAAAA,CAAsBqB,QAAQ,CAAChB,QAAAA,CAASsB,MAAM,EAAE;wBACtEF,IAAMf,EAAAA;AACd,qBAAA,CAAA;AACA,iBAAA,CAAM,OAAM;oBACNnD,OAAOqE,CAAAA,GAAG,CAACC,KAAK,CACd,mNAAA,CAAA;AAEF,oBAAA;AACD;;gBAGD,MAAMtE,OAAAA,CACHuE,MAAM,CAAC,OAAA,CAAA,CACPC,OAAO,CAAC,OAAA,CAAA,CACRC,IAAI,CAAC;AACJC,oBAAAA,EAAAA,EAAIxE,KAAKyE,KAAK;oBACdC,IACE9B,EAAAA,QAAAA,CAAS8B,IAAI,CAACD,KAAK,IAAI7B,SAAS8B,IAAI,CAAChC,IAAI,GACrC,CAAGE,EAAAA,QAAAA,CAAS8B,IAAI,CAAChC,IAAI,CAAC,EAAE,EAAEE,QAAAA,CAAS8B,IAAI,CAACD,KAAK,CAAC,CAAC,CAAC,GAChDE,SAAAA;AACNC,oBAAAA,OAAAA,EAAShC,SAASiC,cAAc;AAChCC,oBAAAA,OAAAA,EAASlC,SAASsB,MAAM;AACxBa,oBAAAA,IAAAA,EAAMnC,SAASe,OAAO;AACtBqB,oBAAAA,IAAAA,EAAMpC,SAASe;AACvB,iBAAA,CAAA;AACG;SACH,CAAA;;;;;;"}
package/dist/server/services/user.mjs CHANGED
@@ -21,13 +21,17 @@ function requireUser() {
21
21
  const { toNumber, getOr } = require$$0$1;
22
22
  const { getService } = requireUtils();
23
23
  const USER_MODEL_UID = 'plugin::users-permissions.user';
24
- user = ({ strapi })=>({
24
+ const getSessionManager = ()=>{
25
+ const manager = strapi.sessionManager;
26
+ return manager ?? null;
27
+ };
28
+ user = ({ strapi: strapi1 })=>({
25
29
  /**
26
30
  * Promise to count users
27
31
  *
28
32
  * @return {Promise}
29
33
  */ count (params) {
30
- return strapi.db.query(USER_MODEL_UID).count({
34
+ return strapi1.db.query(USER_MODEL_UID).count({
31
35
  where: params
32
36
  });
33
37
  },
@@ -39,7 +43,7 @@ function requireUser() {
39
43
  * @param {object} values - The object containing the fields to be hashed.
40
44
  * @return {object} The values object with hashed password fields if they were present.
41
45
  */ async ensureHashedPasswords (values) {
42
- const attributes = strapi.getModel(USER_MODEL_UID).attributes;
46
+ const attributes = strapi1.getModel(USER_MODEL_UID).attributes;
43
47
  for(const key in values){
44
48
  if (attributes[key] && attributes[key].type === 'password') {
45
49
  // Check if a custom encryption.rounds has been set on the password attribute
@@ -53,7 +57,7 @@ function requireUser() {
53
57
  * Promise to add a/an user.
54
58
  * @return {Promise}
55
59
  */ async add (values) {
56
- return strapi.db.query(USER_MODEL_UID).create({
60
+ return strapi1.db.query(USER_MODEL_UID).create({
57
61
  data: await this.ensureHashedPasswords(values),
58
62
  populate: [
59
63
  'role'
@@ -66,7 +70,7 @@ function requireUser() {
66
70
  * @param {object} params
67
71
  * @return {Promise}
68
72
  */ async edit (userId, params = {}) {
69
- return strapi.db.query(USER_MODEL_UID).update({
73
+ return strapi1.db.query(USER_MODEL_UID).update({
70
74
  where: {
71
75
  id: userId
72
76
  },
@@ -80,8 +84,8 @@ function requireUser() {
80
84
  * Promise to fetch a/an user.
81
85
  * @return {Promise}
82
86
  */ fetch (id, params) {
83
- const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});
84
- return strapi.db.query(USER_MODEL_UID).findOne({
87
+ const query = strapi1.get('query-params').transform(USER_MODEL_UID, params ?? {});
88
+ return strapi1.db.query(USER_MODEL_UID).findOne({
85
89
  ...query,
86
90
  where: {
87
91
  $and: [
@@ -97,7 +101,7 @@ function requireUser() {
97
101
  * Promise to fetch authenticated user.
98
102
  * @return {Promise}
99
103
  */ fetchAuthenticatedUser (id) {
100
- return strapi.db.query(USER_MODEL_UID).findOne({
104
+ return strapi1.db.query(USER_MODEL_UID).findOne({
101
105
  where: {
102
106
  id
103
107
  },
@@ -110,14 +114,19 @@ function requireUser() {
110
114
  * Promise to fetch all users.
111
115
  * @return {Promise}
112
116
  */ fetchAll (params) {
113
- const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});
114
- return strapi.db.query(USER_MODEL_UID).findMany(query);
117
+ const query = strapi1.get('query-params').transform(USER_MODEL_UID, params ?? {});
118
+ return strapi1.db.query(USER_MODEL_UID).findMany(query);
115
119
  },
116
120
  /**
117
121
  * Promise to remove a/an user.
118
122
  * @return {Promise}
119
123
  */ async remove (params) {
120
- return strapi.db.query(USER_MODEL_UID).delete({
124
+ // Invalidate sessions for all affected users
125
+ const sessionManager = getSessionManager();
126
+ if (sessionManager && sessionManager.hasOrigin('users-permissions') && params.id) {
127
+ await sessionManager('users-permissions').invalidateRefreshToken(String(params.id));
128
+ }
129
+ return strapi1.db.query(USER_MODEL_UID).delete({
121
130
  where: params
122
131
  });
123
132
  },
@@ -126,29 +135,29 @@ function requireUser() {
126
135
  },
127
136
  async sendConfirmationEmail (user) {
128
137
  const userPermissionService = getService('users-permissions');
129
- const pluginStore = await strapi.store({
138
+ const pluginStore = await strapi1.store({
130
139
  type: 'plugin',
131
140
  name: 'users-permissions'
132
141
  });
133
- const userSchema = strapi.getModel(USER_MODEL_UID);
142
+ const userSchema = strapi1.getModel(USER_MODEL_UID);
134
143
  const settings = await pluginStore.get({
135
144
  key: 'email'
136
145
  }).then((storeEmail)=>storeEmail.email_confirmation.options);
137
146
  // Sanitize the template's user information
138
147
  const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput({
139
148
  schema: userSchema,
140
- getModel: strapi.getModel.bind(strapi)
149
+ getModel: strapi1.getModel.bind(strapi1)
141
150
  }, user);
142
151
  const confirmationToken = crypto.randomBytes(20).toString('hex');
143
152
  await this.edit(user.id, {
144
153
  confirmationToken
145
154
  });
146
- const apiPrefix = strapi.config.get('api.rest.prefix');
155
+ const apiPrefix = strapi1.config.get('api.rest.prefix');
147
156
  try {
148
157
  settings.message = await userPermissionService.template(settings.message, {
149
- URL: urlJoin(strapi.config.get('server.absoluteUrl'), apiPrefix, '/auth/email-confirmation'),
150
- SERVER_URL: strapi.config.get('server.absoluteUrl'),
151
- ADMIN_URL: strapi.config.get('admin.absoluteUrl'),
158
+ URL: urlJoin(strapi1.config.get('server.absoluteUrl'), apiPrefix, '/auth/email-confirmation'),
159
+ SERVER_URL: strapi1.config.get('server.absoluteUrl'),
160
+ ADMIN_URL: strapi1.config.get('admin.absoluteUrl'),
152
161
  USER: sanitizedUserInfo,
153
162
  CODE: confirmationToken
154
163
  });
@@ -156,11 +165,11 @@ function requireUser() {
156
165
  USER: sanitizedUserInfo
157
166
  });
158
167
  } catch {
159
- strapi.log.error('[plugin::users-permissions.sendConfirmationEmail]: Failed to generate a template for "user confirmation email". Please make sure your email template is valid and does not contain invalid characters or patterns');
168
+ strapi1.log.error('[plugin::users-permissions.sendConfirmationEmail]: Failed to generate a template for "user confirmation email". Please make sure your email template is valid and does not contain invalid characters or patterns');
160
169
  return;
161
170
  }
162
171
  // Send an email to the user.
163
- await strapi.plugin('email').service('email').send({
172
+ await strapi1.plugin('email').service('email').send({
164
173
  to: user.email,
165
174
  from: settings.from.email && settings.from.name ? `${settings.from.name} <${settings.from.email}>` : undefined,
166
175
  replyTo: settings.response_email,
package/dist/server/services/user.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"user.mjs","sources":["../../../server/services/user.js"],"sourcesContent":["'use strict';\n\n/**\n * User.js service\n *\n * @description: A set of functions similar to controller's actions to avoid code duplication.\n */\n\nconst crypto = require('crypto');\nconst bcrypt = require('bcryptjs');\nconst urlJoin = require('url-join');\n\nconst { sanitize } = require('@strapi/utils');\nconst { toNumber, getOr } = require('lodash/fp');\nconst { getService } = require('../utils');\n\nconst USER_MODEL_UID = 'plugin::users-permissions.user';\n\nmodule.exports = ({ strapi }) => ({\n /**\n * Promise to count users\n *\n * @return {Promise}\n */\n\n count(params) {\n return strapi.db.query(USER_MODEL_UID).count({ where: params });\n },\n\n /**\n * Hashes password fields in the provided values object if they are present.\n * It checks each key in the values object against the model's attributes and\n * hashes it if the attribute type is 'password',\n *\n * @param {object} values - The object containing the fields to be hashed.\n * @return {object} The values object with hashed password fields if they were present.\n */\n async ensureHashedPasswords(values) {\n const attributes = strapi.getModel(USER_MODEL_UID).attributes;\n\n for (const key in values) {\n if (attributes[key] && attributes[key].type === 'password') {\n // Check if a custom encryption.rounds has been set on the password attribute\n const rounds = toNumber(getOr(10, 'encryption.rounds', attributes[key]));\n values[key] = await bcrypt.hash(values[key], rounds);\n }\n }\n\n return values;\n },\n\n /**\n * Promise to add a/an user.\n * @return {Promise}\n */\n async add(values) {\n return strapi.db.query(USER_MODEL_UID).create({\n data: await this.ensureHashedPasswords(values),\n populate: ['role'],\n });\n },\n\n /**\n * Promise to edit a/an user.\n * @param {string} userId\n * @param {object} params\n * @return {Promise}\n */\n async edit(userId, params = {}) {\n return strapi.db.query(USER_MODEL_UID).update({\n where: { id: userId },\n data: await this.ensureHashedPasswords(params),\n populate: ['role'],\n });\n },\n\n /**\n * Promise to fetch a/an user.\n * @return {Promise}\n */\n fetch(id, params) {\n const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});\n\n return strapi.db.query(USER_MODEL_UID).findOne({\n ...query,\n where: {\n $and: [{ id }, query.where || {}],\n },\n });\n },\n\n /**\n * Promise to fetch authenticated user.\n * @return {Promise}\n */\n fetchAuthenticatedUser(id) {\n return strapi.db.query(USER_MODEL_UID).findOne({ where: { id }, populate: ['role'] });\n },\n\n /**\n * Promise to fetch all users.\n * @return {Promise}\n */\n fetchAll(params) {\n const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});\n\n return strapi.db.query(USER_MODEL_UID).findMany(query);\n },\n\n /**\n * Promise to remove a/an user.\n * @return {Promise}\n */\n async remove(params) {\n return strapi.db.query(USER_MODEL_UID).delete({ where: params });\n },\n\n validatePassword(password, hash) {\n return bcrypt.compare(password, hash);\n },\n\n async sendConfirmationEmail(user) {\n const userPermissionService = getService('users-permissions');\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n const userSchema = strapi.getModel(USER_MODEL_UID);\n\n const settings = await pluginStore\n .get({ key: 'email' })\n .then((storeEmail) => storeEmail.email_confirmation.options);\n\n // Sanitize the template's user information\n const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput(\n {\n schema: userSchema,\n getModel: strapi.getModel.bind(strapi),\n },\n user\n );\n\n const confirmationToken = crypto.randomBytes(20).toString('hex');\n\n await this.edit(user.id, { confirmationToken });\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n\n try {\n settings.message = await userPermissionService.template(settings.message, {\n URL: urlJoin(\n strapi.config.get('server.absoluteUrl'),\n apiPrefix,\n '/auth/email-confirmation'\n ),\n SERVER_URL: strapi.config.get('server.absoluteUrl'),\n ADMIN_URL: strapi.config.get('admin.absoluteUrl'),\n USER: sanitizedUserInfo,\n CODE: confirmationToken,\n });\n\n settings.object = await userPermissionService.template(settings.object, {\n USER: sanitizedUserInfo,\n });\n } catch {\n strapi.log.error(\n '[plugin::users-permissions.sendConfirmationEmail]: Failed to generate a template for \"user confirmation email\". Please make sure your email template is valid and does not contain invalid characters or patterns'\n );\n return;\n }\n\n // Send an email to the user.\n await strapi\n .plugin('email')\n .service('email')\n .send({\n to: user.email,\n from:\n settings.from.email && settings.from.name\n ? `${settings.from.name} <${settings.from.email}>`\n : undefined,\n replyTo: settings.response_email,\n subject: settings.object,\n text: settings.message,\n html: settings.message,\n });\n },\n});\n"],"names":["crypto","require$$0","bcrypt","require$$1","urlJoin","require$$2","sanitize","require$$3","toNumber","getOr","require$$4","getService","require$$5","USER_MODEL_UID","user","strapi","count","params","db","query","where","ensureHashedPasswords","values","attributes","getModel","key","type","rounds","hash","add","create","data","populate","edit","userId","update","id","fetch","get","transform","findOne","$and","fetchAuthenticatedUser","fetchAll","findMany","remove","delete","validatePassword","password","compare","sendConfirmationEmail","userPermissionService","pluginStore","store","name","userSchema","settings","then","storeEmail","email_confirmation","options","sanitizedUserInfo","sanitizers","defaultSanitizeOutput","schema","bind","confirmationToken","randomBytes","toString","apiPrefix","config","message","template","URL","SERVER_URL","ADMIN_URL","USER","CODE","object","log","error","plugin","service","send","to","email","from","undefined","replyTo","response_email","subject","text","html"],"mappings":";;;;;;;;;;;;AAEA;;;;AAIA,KAEA,MAAMA,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,OAAUC,GAAAA,UAAAA;IAEhB,MAAM,EAAEC,QAAQ,EAAE,GAAGC,YAAAA;AACrB,IAAA,MAAM,EAAEC,QAAQ,EAAEC,KAAK,EAAE,GAAGC,YAAAA;IAC5B,MAAM,EAAEC,UAAU,EAAE,GAAGC,YAAAA,EAAAA;AAEvB,IAAA,MAAMC,cAAiB,GAAA,gCAAA;AAEvBC,IAAAA,IAAAA,GAAiB,CAAC,EAAEC,MAAM,EAAE,IAAM;AAClC;;;;AAIA,OAEEC,OAAMC,MAAM,EAAA;AACV,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgBG,KAAK,CAAC;oBAAEI,KAAOH,EAAAA;AAAM,iBAAA,CAAA;AAC7D,aAAA;AAEH;;;;;;;OAQE,MAAMI,uBAAsBC,MAAM,EAAA;AAChC,gBAAA,MAAMC,UAAaR,GAAAA,MAAAA,CAAOS,QAAQ,CAACX,gBAAgBU,UAAU;gBAE7D,IAAK,MAAME,OAAOH,MAAQ,CAAA;oBACxB,IAAIC,UAAU,CAACE,GAAAA,CAAI,IAAIF,UAAU,CAACE,GAAI,CAAA,CAACC,IAAI,KAAK,UAAY,EAAA;;AAE1D,wBAAA,MAAMC,SAASnB,QAASC,CAAAA,KAAAA,CAAM,IAAI,mBAAqBc,EAAAA,UAAU,CAACE,GAAI,CAAA,CAAA,CAAA;wBACtEH,MAAM,CAACG,GAAI,CAAA,GAAG,MAAMvB,MAAAA,CAAO0B,IAAI,CAACN,MAAM,CAACG,GAAAA,CAAI,EAAEE,MAAAA,CAAAA;AAC9C;AACF;gBAED,OAAOL,MAAAA;AACR,aAAA;AAEH;;;OAIE,MAAMO,KAAIP,MAAM,EAAA;AACd,gBAAA,OAAOP,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgBiB,MAAM,CAAC;AAC5CC,oBAAAA,IAAAA,EAAM,MAAM,IAAI,CAACV,qBAAqB,CAACC,MAAAA,CAAAA;oBACvCU,QAAU,EAAA;AAAC,wBAAA;AAAO;AACxB,iBAAA,CAAA;AACG,aAAA;AAEH;;;;;AAKA,OACE,MAAMC,IAAKC,CAAAA,CAAAA,MAAM,EAAEjB,MAAAA,GAAS,EAAE,EAAA;AAC5B,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgBsB,MAAM,CAAC;oBAC5Cf,KAAO,EAAA;wBAAEgB,EAAIF,EAAAA;AAAQ,qBAAA;AACrBH,oBAAAA,IAAAA,EAAM,MAAM,IAAI,CAACV,qBAAqB,CAACJ,MAAAA,CAAAA;oBACvCe,QAAU,EAAA;AAAC,wBAAA;AAAO;AACxB,iBAAA,CAAA;AACG,aAAA;AAEH;;;OAIEK,KAAAA,CAAAA,CAAMD,EAAE,EAAEnB,MAAM,EAAA;gBACd,MAAME,KAAAA,GAAQJ,OAAOuB,GAAG,CAAC,gBAAgBC,SAAS,CAAC1B,cAAgBI,EAAAA,MAAAA,IAAU,EAAA,CAAA;AAE7E,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgB2B,OAAO,CAAC;AAC7C,oBAAA,GAAGrB,KAAK;oBACRC,KAAO,EAAA;wBACLqB,IAAM,EAAA;AAAC,4BAAA;AAAEL,gCAAAA;AAAE,6BAAA;4BAAIjB,KAAMC,CAAAA,KAAK,IAAI;AAAG;AAClC;AACP,iBAAA,CAAA;AACG,aAAA;AAEH;;;AAGA,OACEsB,wBAAuBN,EAAE,EAAA;AACvB,gBAAA,OAAOrB,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgB2B,OAAO,CAAC;oBAAEpB,KAAO,EAAA;AAAEgB,wBAAAA;AAAE,qBAAA;oBAAIJ,QAAU,EAAA;AAAC,wBAAA;AAAO;AAAE,iBAAA,CAAA;AACrF,aAAA;AAEH;;;AAGA,OACEW,UAAS1B,MAAM,EAAA;gBACb,MAAME,KAAAA,GAAQJ,OAAOuB,GAAG,CAAC,gBAAgBC,SAAS,CAAC1B,cAAgBI,EAAAA,MAAAA,IAAU,EAAA,CAAA;AAE7E,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgB+B,QAAQ,CAACzB,KAAAA,CAAAA;AACjD,aAAA;AAEH;;;OAIE,MAAM0B,QAAO5B,MAAM,EAAA;AACjB,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgBiC,MAAM,CAAC;oBAAE1B,KAAOH,EAAAA;AAAM,iBAAA,CAAA;AAC9D,aAAA;YAED8B,gBAAiBC,CAAAA,CAAAA,QAAQ,EAAEpB,IAAI,EAAA;gBAC7B,OAAO1B,MAAAA,CAAO+C,OAAO,CAACD,QAAUpB,EAAAA,IAAAA,CAAAA;AACjC,aAAA;AAED,YAAA,MAAMsB,uBAAsBpC,IAAI,EAAA;AAC9B,gBAAA,MAAMqC,wBAAwBxC,UAAW,CAAA,mBAAA,CAAA;AACzC,gBAAA,MAAMyC,WAAc,GAAA,MAAMrC,MAAOsC,CAAAA,KAAK,CAAC;oBAAE3B,IAAM,EAAA,QAAA;oBAAU4B,IAAM,EAAA;AAAmB,iBAAA,CAAA;gBAClF,MAAMC,UAAAA,GAAaxC,MAAOS,CAAAA,QAAQ,CAACX,cAAAA,CAAAA;AAEnC,gBAAA,MAAM2C,QAAW,GAAA,MAAMJ,WACpBd,CAAAA,GAAG,CAAC;oBAAEb,GAAK,EAAA;mBACXgC,IAAI,CAAC,CAACC,aAAeA,UAAWC,CAAAA,kBAAkB,CAACC,OAAO,CAAA;;AAG7D,gBAAA,MAAMC,oBAAoB,MAAMvD,QAAAA,CAASwD,UAAU,CAACC,qBAAqB,CACvE;oBACEC,MAAQT,EAAAA,UAAAA;AACR/B,oBAAAA,QAAAA,EAAUT,MAAOS,CAAAA,QAAQ,CAACyC,IAAI,CAAClD,MAAAA;iBAEjCD,EAAAA,IAAAA,CAAAA;AAGF,gBAAA,MAAMoD,oBAAoBlE,MAAOmE,CAAAA,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,KAAA,CAAA;AAE1D,gBAAA,MAAM,IAAI,CAACnC,IAAI,CAACnB,IAAAA,CAAKsB,EAAE,EAAE;AAAE8B,oBAAAA;AAAiB,iBAAA,CAAA;AAE5C,gBAAA,MAAMG,SAAYtD,GAAAA,MAAAA,CAAOuD,MAAM,CAAChC,GAAG,CAAC,iBAAA,CAAA;gBAEpC,IAAI;oBACFkB,QAASe,CAAAA,OAAO,GAAG,MAAMpB,qBAAAA,CAAsBqB,QAAQ,CAAChB,QAAAA,CAASe,OAAO,EAAE;AACxEE,wBAAAA,GAAAA,EAAKrE,QACHW,MAAOuD,CAAAA,MAAM,CAAChC,GAAG,CAAC,uBAClB+B,SACA,EAAA,0BAAA,CAAA;AAEFK,wBAAAA,UAAAA,EAAY3D,MAAOuD,CAAAA,MAAM,CAAChC,GAAG,CAAC,oBAAA,CAAA;AAC9BqC,wBAAAA,SAAAA,EAAW5D,MAAOuD,CAAAA,MAAM,CAAChC,GAAG,CAAC,mBAAA,CAAA;wBAC7BsC,IAAMf,EAAAA,iBAAAA;wBACNgB,IAAMX,EAAAA;AACd,qBAAA,CAAA;oBAEMV,QAASsB,CAAAA,MAAM,GAAG,MAAM3B,qBAAAA,CAAsBqB,QAAQ,CAAChB,QAAAA,CAASsB,MAAM,EAAE;wBACtEF,IAAMf,EAAAA;AACd,qBAAA,CAAA;AACA,iBAAA,CAAM,OAAM;oBACN9C,MAAOgE,CAAAA,GAAG,CAACC,KAAK,CACd,mNAAA,CAAA;AAEF,oBAAA;AACD;;gBAGD,MAAMjE,MAAAA,CACHkE,MAAM,CAAC,OAAA,CAAA,CACPC,OAAO,CAAC,OAAA,CAAA,CACRC,IAAI,CAAC;AACJC,oBAAAA,EAAAA,EAAItE,KAAKuE,KAAK;oBACdC,IACE9B,EAAAA,QAAAA,CAAS8B,IAAI,CAACD,KAAK,IAAI7B,QAAS8B,CAAAA,IAAI,CAAChC,IAAI,GACrC,CAAC,EAAEE,QAAAA,CAAS8B,IAAI,CAAChC,IAAI,CAAC,EAAE,EAAEE,QAAAA,CAAS8B,IAAI,CAACD,KAAK,CAAC,CAAC,CAAC,GAChDE,SAAAA;AACNC,oBAAAA,OAAAA,EAAShC,SAASiC,cAAc;AAChCC,oBAAAA,OAAAA,EAASlC,SAASsB,MAAM;AACxBa,oBAAAA,IAAAA,EAAMnC,SAASe,OAAO;AACtBqB,oBAAAA,IAAAA,EAAMpC,SAASe;AACvB,iBAAA,CAAA;AACG;SACH,CAAA;;;;;;"}
1
+ {"version":3,"file":"user.mjs","sources":["../../../server/services/user.js"],"sourcesContent":["'use strict';\n\n/**\n * User.js service\n *\n * @description: A set of functions similar to controller's actions to avoid code duplication.\n */\n\nconst crypto = require('crypto');\nconst bcrypt = require('bcryptjs');\nconst urlJoin = require('url-join');\n\nconst { sanitize } = require('@strapi/utils');\nconst { toNumber, getOr } = require('lodash/fp');\nconst { getService } = require('../utils');\n\nconst USER_MODEL_UID = 'plugin::users-permissions.user';\n\nconst getSessionManager = () => {\n const manager = strapi.sessionManager;\n return manager ?? null;\n};\n\nmodule.exports = ({ strapi }) => ({\n /**\n * Promise to count users\n *\n * @return {Promise}\n */\n\n count(params) {\n return strapi.db.query(USER_MODEL_UID).count({ where: params });\n },\n\n /**\n * Hashes password fields in the provided values object if they are present.\n * It checks each key in the values object against the model's attributes and\n * hashes it if the attribute type is 'password',\n *\n * @param {object} values - The object containing the fields to be hashed.\n * @return {object} The values object with hashed password fields if they were present.\n */\n async ensureHashedPasswords(values) {\n const attributes = strapi.getModel(USER_MODEL_UID).attributes;\n\n for (const key in values) {\n if (attributes[key] && attributes[key].type === 'password') {\n // Check if a custom encryption.rounds has been set on the password attribute\n const rounds = toNumber(getOr(10, 'encryption.rounds', attributes[key]));\n values[key] = await bcrypt.hash(values[key], rounds);\n }\n }\n\n return values;\n },\n\n /**\n * Promise to add a/an user.\n * @return {Promise}\n */\n async add(values) {\n return strapi.db.query(USER_MODEL_UID).create({\n data: await this.ensureHashedPasswords(values),\n populate: ['role'],\n });\n },\n\n /**\n * Promise to edit a/an user.\n * @param {string} userId\n * @param {object} params\n * @return {Promise}\n */\n async edit(userId, params = {}) {\n return strapi.db.query(USER_MODEL_UID).update({\n where: { id: userId },\n data: await this.ensureHashedPasswords(params),\n populate: ['role'],\n });\n },\n\n /**\n * Promise to fetch a/an user.\n * @return {Promise}\n */\n fetch(id, params) {\n const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});\n\n return strapi.db.query(USER_MODEL_UID).findOne({\n ...query,\n where: {\n $and: [{ id }, query.where || {}],\n },\n });\n },\n\n /**\n * Promise to fetch authenticated user.\n * @return {Promise}\n */\n fetchAuthenticatedUser(id) {\n return strapi.db.query(USER_MODEL_UID).findOne({ where: { id }, populate: ['role'] });\n },\n\n /**\n * Promise to fetch all users.\n * @return {Promise}\n */\n fetchAll(params) {\n const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});\n\n return strapi.db.query(USER_MODEL_UID).findMany(query);\n },\n\n /**\n * Promise to remove a/an user.\n * @return {Promise}\n */\n async remove(params) {\n // Invalidate sessions for all affected users\n const sessionManager = getSessionManager();\n if (sessionManager && sessionManager.hasOrigin('users-permissions') && params.id) {\n await sessionManager('users-permissions').invalidateRefreshToken(String(params.id));\n }\n\n return strapi.db.query(USER_MODEL_UID).delete({ where: params });\n },\n\n validatePassword(password, hash) {\n return bcrypt.compare(password, hash);\n },\n\n async sendConfirmationEmail(user) {\n const userPermissionService = getService('users-permissions');\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n const userSchema = strapi.getModel(USER_MODEL_UID);\n\n const settings = await pluginStore\n .get({ key: 'email' })\n .then((storeEmail) => storeEmail.email_confirmation.options);\n\n // Sanitize the template's user information\n const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput(\n {\n schema: userSchema,\n getModel: strapi.getModel.bind(strapi),\n },\n user\n );\n\n const confirmationToken = crypto.randomBytes(20).toString('hex');\n\n await this.edit(user.id, { confirmationToken });\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n\n try {\n settings.message = await userPermissionService.template(settings.message, {\n URL: urlJoin(\n strapi.config.get('server.absoluteUrl'),\n apiPrefix,\n '/auth/email-confirmation'\n ),\n SERVER_URL: strapi.config.get('server.absoluteUrl'),\n ADMIN_URL: strapi.config.get('admin.absoluteUrl'),\n USER: sanitizedUserInfo,\n CODE: confirmationToken,\n });\n\n settings.object = await userPermissionService.template(settings.object, {\n USER: sanitizedUserInfo,\n });\n } catch {\n strapi.log.error(\n '[plugin::users-permissions.sendConfirmationEmail]: Failed to generate a template for \"user confirmation email\". Please make sure your email template is valid and does not contain invalid characters or patterns'\n );\n return;\n }\n\n // Send an email to the user.\n await strapi\n .plugin('email')\n .service('email')\n .send({\n to: user.email,\n from:\n settings.from.email && settings.from.name\n ? `${settings.from.name} <${settings.from.email}>`\n : undefined,\n replyTo: settings.response_email,\n subject: settings.object,\n text: settings.message,\n html: settings.message,\n });\n },\n});\n"],"names":["crypto","require$$0","bcrypt","require$$1","urlJoin","require$$2","sanitize","require$$3","toNumber","getOr","require$$4","getService","require$$5","USER_MODEL_UID","getSessionManager","manager","strapi","sessionManager","user","count","params","db","query","where","ensureHashedPasswords","values","attributes","getModel","key","type","rounds","hash","add","create","data","populate","edit","userId","update","id","fetch","get","transform","findOne","$and","fetchAuthenticatedUser","fetchAll","findMany","remove","hasOrigin","invalidateRefreshToken","String","delete","validatePassword","password","compare","sendConfirmationEmail","userPermissionService","pluginStore","store","name","userSchema","settings","then","storeEmail","email_confirmation","options","sanitizedUserInfo","sanitizers","defaultSanitizeOutput","schema","bind","confirmationToken","randomBytes","toString","apiPrefix","config","message","template","URL","SERVER_URL","ADMIN_URL","USER","CODE","object","log","error","plugin","service","send","to","email","from","undefined","replyTo","response_email","subject","text","html"],"mappings":";;;;;;;;;;;;AAEA;;;;AAIA,KAEA,MAAMA,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,OAAUC,GAAAA,UAAAA;IAEhB,MAAM,EAAEC,QAAQ,EAAE,GAAGC,YAAAA;AACrB,IAAA,MAAM,EAAEC,QAAQ,EAAEC,KAAK,EAAE,GAAGC,YAAAA;IAC5B,MAAM,EAAEC,UAAU,EAAE,GAAGC,YAAAA,EAAAA;AAEvB,IAAA,MAAMC,cAAiB,GAAA,gCAAA;AAEvB,IAAA,MAAMC,iBAAoB,GAAA,IAAA;QACxB,MAAMC,OAAAA,GAAUC,OAAOC,cAAc;AACrC,QAAA,OAAOF,OAAW,IAAA,IAAA;AACpB,KAAA;AAEAG,IAAAA,IAAAA,GAAiB,CAAC,EAAEF,MAAAA,EAAAA,OAAM,EAAE,IAAM;AAClC;;;;AAIA,OAEEG,OAAMC,MAAM,EAAA;AACV,gBAAA,OAAOJ,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgBM,KAAK,CAAC;oBAAEI,KAAOH,EAAAA;AAAM,iBAAA,CAAA;AAC7D,aAAA;AAEH;;;;;;;OAQE,MAAMI,uBAAsBC,MAAM,EAAA;AAChC,gBAAA,MAAMC,UAAaV,GAAAA,OAAAA,CAAOW,QAAQ,CAACd,gBAAgBa,UAAU;gBAE7D,IAAK,MAAME,OAAOH,MAAQ,CAAA;oBACxB,IAAIC,UAAU,CAACE,GAAAA,CAAI,IAAIF,UAAU,CAACE,GAAI,CAAA,CAACC,IAAI,KAAK,UAAY,EAAA;;AAE1D,wBAAA,MAAMC,SAAStB,QAASC,CAAAA,KAAAA,CAAM,IAAI,mBAAqBiB,EAAAA,UAAU,CAACE,GAAI,CAAA,CAAA,CAAA;wBACtEH,MAAM,CAACG,GAAI,CAAA,GAAG,MAAM1B,MAAAA,CAAO6B,IAAI,CAACN,MAAM,CAACG,GAAAA,CAAI,EAAEE,MAAAA,CAAAA;AAC9C;AACF;gBAED,OAAOL,MAAAA;AACR,aAAA;AAEH;;;OAIE,MAAMO,KAAIP,MAAM,EAAA;AACd,gBAAA,OAAOT,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgBoB,MAAM,CAAC;AAC5CC,oBAAAA,IAAAA,EAAM,MAAM,IAAI,CAACV,qBAAqB,CAACC,MAAAA,CAAAA;oBACvCU,QAAU,EAAA;AAAC,wBAAA;AAAO;AACxB,iBAAA,CAAA;AACG,aAAA;AAEH;;;;;AAKA,OACE,MAAMC,IAAKC,CAAAA,CAAAA,MAAM,EAAEjB,MAAAA,GAAS,EAAE,EAAA;AAC5B,gBAAA,OAAOJ,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgByB,MAAM,CAAC;oBAC5Cf,KAAO,EAAA;wBAAEgB,EAAIF,EAAAA;AAAQ,qBAAA;AACrBH,oBAAAA,IAAAA,EAAM,MAAM,IAAI,CAACV,qBAAqB,CAACJ,MAAAA,CAAAA;oBACvCe,QAAU,EAAA;AAAC,wBAAA;AAAO;AACxB,iBAAA,CAAA;AACG,aAAA;AAEH;;;OAIEK,KAAAA,CAAAA,CAAMD,EAAE,EAAEnB,MAAM,EAAA;gBACd,MAAME,KAAAA,GAAQN,QAAOyB,GAAG,CAAC,gBAAgBC,SAAS,CAAC7B,cAAgBO,EAAAA,MAAAA,IAAU,EAAA,CAAA;AAE7E,gBAAA,OAAOJ,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgB8B,OAAO,CAAC;AAC7C,oBAAA,GAAGrB,KAAK;oBACRC,KAAO,EAAA;wBACLqB,IAAM,EAAA;AAAC,4BAAA;AAAEL,gCAAAA;AAAE,6BAAA;4BAAIjB,KAAMC,CAAAA,KAAK,IAAI;AAAG;AAClC;AACP,iBAAA,CAAA;AACG,aAAA;AAEH;;;AAGA,OACEsB,wBAAuBN,EAAE,EAAA;AACvB,gBAAA,OAAOvB,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgB8B,OAAO,CAAC;oBAAEpB,KAAO,EAAA;AAAEgB,wBAAAA;AAAE,qBAAA;oBAAIJ,QAAU,EAAA;AAAC,wBAAA;AAAO;AAAE,iBAAA,CAAA;AACrF,aAAA;AAEH;;;AAGA,OACEW,UAAS1B,MAAM,EAAA;gBACb,MAAME,KAAAA,GAAQN,QAAOyB,GAAG,CAAC,gBAAgBC,SAAS,CAAC7B,cAAgBO,EAAAA,MAAAA,IAAU,EAAA,CAAA;AAE7E,gBAAA,OAAOJ,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgBkC,QAAQ,CAACzB,KAAAA,CAAAA;AACjD,aAAA;AAEH;;;OAIE,MAAM0B,QAAO5B,MAAM,EAAA;;AAEjB,gBAAA,MAAMH,cAAiBH,GAAAA,iBAAAA,EAAAA;AACvB,gBAAA,IAAIG,kBAAkBA,cAAegC,CAAAA,SAAS,CAAC,mBAAwB7B,CAAAA,IAAAA,MAAAA,CAAOmB,EAAE,EAAE;AAChF,oBAAA,MAAMtB,eAAe,mBAAqBiC,CAAAA,CAAAA,sBAAsB,CAACC,MAAAA,CAAO/B,OAAOmB,EAAE,CAAA,CAAA;AAClF;AAED,gBAAA,OAAOvB,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgBuC,MAAM,CAAC;oBAAE7B,KAAOH,EAAAA;AAAM,iBAAA,CAAA;AAC9D,aAAA;YAEDiC,gBAAiBC,CAAAA,CAAAA,QAAQ,EAAEvB,IAAI,EAAA;gBAC7B,OAAO7B,MAAAA,CAAOqD,OAAO,CAACD,QAAUvB,EAAAA,IAAAA,CAAAA;AACjC,aAAA;AAED,YAAA,MAAMyB,uBAAsBtC,IAAI,EAAA;AAC9B,gBAAA,MAAMuC,wBAAwB9C,UAAW,CAAA,mBAAA,CAAA;AACzC,gBAAA,MAAM+C,WAAc,GAAA,MAAM1C,OAAO2C,CAAAA,KAAK,CAAC;oBAAE9B,IAAM,EAAA,QAAA;oBAAU+B,IAAM,EAAA;AAAmB,iBAAA,CAAA;gBAClF,MAAMC,UAAAA,GAAa7C,OAAOW,CAAAA,QAAQ,CAACd,cAAAA,CAAAA;AAEnC,gBAAA,MAAMiD,QAAW,GAAA,MAAMJ,WACpBjB,CAAAA,GAAG,CAAC;oBAAEb,GAAK,EAAA;mBACXmC,IAAI,CAAC,CAACC,aAAeA,UAAWC,CAAAA,kBAAkB,CAACC,OAAO,CAAA;;AAG7D,gBAAA,MAAMC,oBAAoB,MAAM7D,QAAAA,CAAS8D,UAAU,CAACC,qBAAqB,CACvE;oBACEC,MAAQT,EAAAA,UAAAA;AACRlC,oBAAAA,QAAAA,EAAUX,OAAOW,CAAAA,QAAQ,CAAC4C,IAAI,CAACvD,OAAAA;iBAEjCE,EAAAA,IAAAA,CAAAA;AAGF,gBAAA,MAAMsD,oBAAoBxE,MAAOyE,CAAAA,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,KAAA,CAAA;AAE1D,gBAAA,MAAM,IAAI,CAACtC,IAAI,CAAClB,IAAAA,CAAKqB,EAAE,EAAE;AAAEiC,oBAAAA;AAAiB,iBAAA,CAAA;AAE5C,gBAAA,MAAMG,SAAY3D,GAAAA,OAAAA,CAAO4D,MAAM,CAACnC,GAAG,CAAC,iBAAA,CAAA;gBAEpC,IAAI;oBACFqB,QAASe,CAAAA,OAAO,GAAG,MAAMpB,qBAAAA,CAAsBqB,QAAQ,CAAChB,QAAAA,CAASe,OAAO,EAAE;AACxEE,wBAAAA,GAAAA,EAAK3E,QACHY,OAAO4D,CAAAA,MAAM,CAACnC,GAAG,CAAC,uBAClBkC,SACA,EAAA,0BAAA,CAAA;AAEFK,wBAAAA,UAAAA,EAAYhE,OAAO4D,CAAAA,MAAM,CAACnC,GAAG,CAAC,oBAAA,CAAA;AAC9BwC,wBAAAA,SAAAA,EAAWjE,OAAO4D,CAAAA,MAAM,CAACnC,GAAG,CAAC,mBAAA,CAAA;wBAC7ByC,IAAMf,EAAAA,iBAAAA;wBACNgB,IAAMX,EAAAA;AACd,qBAAA,CAAA;oBAEMV,QAASsB,CAAAA,MAAM,GAAG,MAAM3B,qBAAAA,CAAsBqB,QAAQ,CAAChB,QAAAA,CAASsB,MAAM,EAAE;wBACtEF,IAAMf,EAAAA;AACd,qBAAA,CAAA;AACA,iBAAA,CAAM,OAAM;oBACNnD,OAAOqE,CAAAA,GAAG,CAACC,KAAK,CACd,mNAAA,CAAA;AAEF,oBAAA;AACD;;gBAGD,MAAMtE,OAAAA,CACHuE,MAAM,CAAC,OAAA,CAAA,CACPC,OAAO,CAAC,OAAA,CAAA,CACRC,IAAI,CAAC;AACJC,oBAAAA,EAAAA,EAAIxE,KAAKyE,KAAK;oBACdC,IACE9B,EAAAA,QAAAA,CAAS8B,IAAI,CAACD,KAAK,IAAI7B,SAAS8B,IAAI,CAAChC,IAAI,GACrC,CAAGE,EAAAA,QAAAA,CAAS8B,IAAI,CAAChC,IAAI,CAAC,EAAE,EAAEE,QAAAA,CAAS8B,IAAI,CAACD,KAAK,CAAC,CAAC,CAAC,GAChDE,SAAAA;AACNC,oBAAAA,OAAAA,EAAShC,SAASiC,cAAc;AAChCC,oBAAAA,OAAAA,EAASlC,SAASsB,MAAM;AACxBa,oBAAAA,IAAAA,EAAMnC,SAASe,OAAO;AACtBqB,oBAAAA,IAAAA,EAAMpC,SAASe;AACvB,iBAAA,CAAA;AACG;SACH,CAAA;;;;;;"}
package/dist/server/services/users-permissions.js CHANGED
@@ -14,7 +14,7 @@ function requireUsersPermissions() {
14
14
  const _ = require$$0;
15
15
  const { filter, map, pipe, prop } = require$$0$1;
16
16
  const urlJoin = require$$2;
17
- const { template: { createStrictInterpolationRegExp }, errors, objects } = require$$1;
17
+ const { template: { createStrictInterpolationRegExp }, errors, objects, sanitizeRoutesMapForSerialization } = require$$1;
18
18
  const { getService } = index.__require();
19
19
  const DEFAULT_PERMISSIONS = [
20
20
  {
@@ -111,7 +111,8 @@ function requireUsersPermissions() {
111
111
  };
112
112
  }
113
113
  });
114
- return actionMap;
114
+ // Return a deeply cloned version to avoid circular references
115
+ return _.cloneDeep(actionMap);
115
116
  },
116
117
  async getRoutes () {
117
118
  const routesMap = {};
@@ -148,7 +149,7 @@ function requireUsersPermissions() {
148
149
  path: urlJoin(apiPrefix, route.path)
149
150
  }));
150
151
  });
151
- return routesMap;
152
+ return sanitizeRoutesMapForSerialization(routesMap);
152
153
  },
153
154
  async syncPermissions () {
154
155
  const roles = await strapi.db.query('plugin::users-permissions.role').findMany();
package/dist/server/services/users-permissions.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"users-permissions.js","sources":["../../../server/services/users-permissions.js"],"sourcesContent":["'use strict';\n\nconst _ = require('lodash');\nconst { filter, map, pipe, prop } = require('lodash/fp');\nconst urlJoin = require('url-join');\nconst {\n template: { createStrictInterpolationRegExp },\n errors,\n objects,\n} = require('@strapi/utils');\n\nconst { getService } = require('../utils');\n\nconst DEFAULT_PERMISSIONS = [\n { action: 'plugin::users-permissions.auth.callback', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.connect', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.forgotPassword', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.resetPassword', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.register', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.emailConfirmation', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.sendEmailConfirmation', roleType: 'public' },\n { action: 'plugin::users-permissions.user.me', roleType: 'authenticated' },\n { action: 'plugin::users-permissions.auth.changePassword', roleType: 'authenticated' },\n];\n\nconst transformRoutePrefixFor = (pluginName) => (route) => {\n const prefix = route.config && route.config.prefix;\n const path = prefix !== undefined ? `${prefix}${route.path}` : `/${pluginName}${route.path}`;\n\n return {\n ...route,\n path,\n };\n};\n\nmodule.exports = ({ strapi }) => ({\n getActions({ defaultEnable = false } = {}) {\n const actionMap = {};\n\n const isContentApi = (action) => {\n if (!_.has(action, Symbol.for('__type__'))) {\n return false;\n }\n\n return action[Symbol.for('__type__')].includes('content-api');\n };\n\n _.forEach(strapi.apis, (api, apiName) => {\n const controllers = _.reduce(\n api.controllers,\n (acc, controller, controllerName) => {\n const contentApiActions = _.pickBy(controller, isContentApi);\n\n if (_.isEmpty(contentApiActions)) {\n return acc;\n }\n\n acc[controllerName] = _.mapValues(contentApiActions, () => {\n return {\n enabled: defaultEnable,\n policy: '',\n };\n });\n\n return acc;\n },\n {}\n );\n\n if (!_.isEmpty(controllers)) {\n actionMap[`api::${apiName}`] = { controllers };\n }\n });\n\n _.forEach(strapi.plugins, (plugin, pluginName) => {\n const controllers = _.reduce(\n plugin.controllers,\n (acc, controller, controllerName) => {\n const contentApiActions = _.pickBy(controller, isContentApi);\n\n if (_.isEmpty(contentApiActions)) {\n return acc;\n }\n\n acc[controllerName] = _.mapValues(contentApiActions, () => {\n return {\n enabled: defaultEnable,\n policy: '',\n };\n });\n\n return acc;\n },\n {}\n );\n\n if (!_.isEmpty(controllers)) {\n actionMap[`plugin::${pluginName}`] = { controllers };\n }\n });\n\n return actionMap;\n },\n\n async getRoutes() {\n const routesMap = {};\n\n _.forEach(strapi.apis, (api, apiName) => {\n const routes = _.flatMap(api.routes, (route) => {\n if (_.has(route, 'routes')) {\n return route.routes;\n }\n\n return route;\n }).filter((route) => route.info.type === 'content-api');\n\n if (routes.length === 0) {\n return;\n }\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n routesMap[`api::${apiName}`] = routes.map((route) => ({\n ...route,\n path: urlJoin(apiPrefix, route.path),\n }));\n });\n\n _.forEach(strapi.plugins, (plugin, pluginName) => {\n const transformPrefix = transformRoutePrefixFor(pluginName);\n\n const routes = _.flatMap(plugin.routes, (route) => {\n if (_.has(route, 'routes')) {\n return route.routes.map(transformPrefix);\n }\n\n return transformPrefix(route);\n }).filter((route) => route.info.type === 'content-api');\n\n if (routes.length === 0) {\n return;\n }\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n routesMap[`plugin::${pluginName}`] = routes.map((route) => ({\n ...route,\n path: urlJoin(apiPrefix, route.path),\n }));\n });\n\n return routesMap;\n },\n\n async syncPermissions() {\n const roles = await strapi.db.query('plugin::users-permissions.role').findMany();\n const dbPermissions = await strapi.db.query('plugin::users-permissions.permission').findMany();\n\n const permissionsFoundInDB = _.uniq(_.map(dbPermissions, 'action'));\n\n const appActions = _.flatMap(strapi.apis, (api, apiName) => {\n return _.flatMap(api.controllers, (controller, controllerName) => {\n return _.keys(controller).map((actionName) => {\n return `api::${apiName}.${controllerName}.${actionName}`;\n });\n });\n });\n\n const pluginsActions = _.flatMap(strapi.plugins, (plugin, pluginName) => {\n return _.flatMap(plugin.controllers, (controller, controllerName) => {\n return _.keys(controller).map((actionName) => {\n return `plugin::${pluginName}.${controllerName}.${actionName}`;\n });\n });\n });\n\n const allActions = [...appActions, ...pluginsActions];\n\n const toDelete = _.difference(permissionsFoundInDB, allActions);\n\n await Promise.all(\n toDelete.map((action) => {\n return strapi.db\n .query('plugin::users-permissions.permission')\n .delete({ where: { action } });\n })\n );\n\n if (permissionsFoundInDB.length === 0) {\n // create default permissions\n for (const role of roles) {\n const toCreate = pipe(\n filter(({ roleType }) => roleType === role.type || roleType === null),\n map(prop('action'))\n )(DEFAULT_PERMISSIONS);\n\n await Promise.all(\n toCreate.map((action) => {\n return strapi.db.query('plugin::users-permissions.permission').create({\n data: {\n action,\n role: role.id,\n },\n });\n })\n );\n }\n }\n },\n\n async initialize() {\n const roleCount = await strapi.db.query('plugin::users-permissions.role').count();\n\n if (roleCount === 0) {\n await strapi.db.query('plugin::users-permissions.role').create({\n data: {\n name: 'Authenticated',\n description: 'Default role given to authenticated user.',\n type: 'authenticated',\n },\n });\n\n await strapi.db.query('plugin::users-permissions.role').create({\n data: {\n name: 'Public',\n description: 'Default role given to unauthenticated user.',\n type: 'public',\n },\n });\n }\n\n return getService('users-permissions').syncPermissions();\n },\n\n async updateUserRole(user, role) {\n return strapi.db\n .query('plugin::users-permissions.user')\n .update({ where: { id: user.id }, data: { role } });\n },\n\n template(layout, data) {\n const allowedTemplateVariables = objects.keysDeep(data);\n\n // Create a strict interpolation RegExp based on possible variable names\n const interpolate = createStrictInterpolationRegExp(allowedTemplateVariables, 'g');\n\n try {\n return _.template(layout, { interpolate, evaluate: false, escape: false })(data);\n } catch (e) {\n throw new errors.ApplicationError('Invalid email template');\n }\n },\n});\n"],"names":["_","require$$0","filter","map","pipe","prop","require$$1","urlJoin","require$$2","template","createStrictInterpolationRegExp","errors","objects","require$$3","getService","require$$4","DEFAULT_PERMISSIONS","action","roleType","transformRoutePrefixFor","pluginName","route","prefix","config","path","undefined","usersPermissions","strapi","getActions","defaultEnable","actionMap","isContentApi","has","Symbol","for","includes","forEach","apis","api","apiName","controllers","reduce","acc","controller","controllerName","contentApiActions","pickBy","isEmpty","mapValues","enabled","policy","plugins","plugin","getRoutes","routesMap","routes","flatMap","info","type","length","apiPrefix","get","transformPrefix","syncPermissions","roles","db","query","findMany","dbPermissions","permissionsFoundInDB","uniq","appActions","keys","actionName","pluginsActions","allActions","toDelete","difference","Promise","all","delete","where","role","toCreate","create","data","id","initialize","roleCount","count","name","description","updateUserRole","user","update","layout","allowedTemplateVariables","keysDeep","interpolate","evaluate","escape","e","ApplicationError"],"mappings":";;;;;;;;;;;;;AAEA,IAAA,MAAMA,CAAIC,GAAAA,UAAAA;IACV,MAAM,EAAEC,MAAM,EAAEC,GAAG,EAAEC,IAAI,EAAEC,IAAI,EAAE,GAAGC,YAAAA;AACpC,IAAA,MAAMC,OAAUC,GAAAA,UAAAA;IAChB,MAAM,EACJC,QAAU,EAAA,EAAEC,+BAA+B,EAAE,EAC7CC,MAAM,EACNC,OAAO,EACR,GAAGC,UAAAA;IAEJ,MAAM,EAAEC,UAAU,EAAE,GAAGC,eAAAA,EAAAA;AAEvB,IAAA,MAAMC,mBAAsB,GAAA;AAC1B,QAAA;YAAEC,MAAQ,EAAA,yCAAA;YAA2CC,QAAU,EAAA;AAAU,SAAA;AACzE,QAAA;YAAED,MAAQ,EAAA,wCAAA;YAA0CC,QAAU,EAAA;AAAU,SAAA;AACxE,QAAA;YAAED,MAAQ,EAAA,+CAAA;YAAiDC,QAAU,EAAA;AAAU,SAAA;AAC/E,QAAA;YAAED,MAAQ,EAAA,8CAAA;YAAgDC,QAAU,EAAA;AAAU,SAAA;AAC9E,QAAA;YAAED,MAAQ,EAAA,yCAAA;YAA2CC,QAAU,EAAA;AAAU,SAAA;AACzE,QAAA;YAAED,MAAQ,EAAA,kDAAA;YAAoDC,QAAU,EAAA;AAAU,SAAA;AAClF,QAAA;YAAED,MAAQ,EAAA,sDAAA;YAAwDC,QAAU,EAAA;AAAU,SAAA;AACtF,QAAA;YAAED,MAAQ,EAAA,mCAAA;YAAqCC,QAAU,EAAA;AAAiB,SAAA;AAC1E,QAAA;YAAED,MAAQ,EAAA,+CAAA;YAAiDC,QAAU,EAAA;AAAiB;AACvF,KAAA;IAED,MAAMC,uBAAAA,GAA0B,CAACC,UAAAA,GAAe,CAACC,KAAAA,GAAAA;AAC/C,YAAA,MAAMC,SAASD,KAAME,CAAAA,MAAM,IAAIF,KAAME,CAAAA,MAAM,CAACD,MAAM;YAClD,MAAME,IAAAA,GAAOF,WAAWG,SAAY,GAAA,CAAC,EAAEH,MAAO,CAAA,EAAED,MAAMG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAEJ,UAAAA,CAAW,EAAEC,KAAMG,CAAAA,IAAI,CAAC,CAAC;YAE5F,OAAO;AACL,gBAAA,GAAGH,KAAK;AACRG,gBAAAA;AACJ,aAAA;AACA,SAAA;AAEAE,IAAAA,gBAAAA,GAAiB,CAAC,EAAEC,MAAM,EAAE,IAAM;AAChCC,YAAAA,UAAAA,CAAAA,CAAW,EAAEC,aAAgB,GAAA,KAAK,EAAE,GAAG,EAAE,EAAA;AACvC,gBAAA,MAAMC,YAAY,EAAA;AAElB,gBAAA,MAAMC,eAAe,CAACd,MAAAA,GAAAA;oBACpB,IAAI,CAACjB,EAAEgC,GAAG,CAACf,QAAQgB,MAAOC,CAAAA,GAAG,CAAC,UAAc,CAAA,CAAA,EAAA;wBAC1C,OAAO,KAAA;AACR;oBAED,OAAOjB,MAAM,CAACgB,MAAOC,CAAAA,GAAG,CAAC,UAAY,CAAA,CAAA,CAACC,QAAQ,CAAC,aAAA,CAAA;AACrD,iBAAA;AAEInC,gBAAAA,CAAAA,CAAEoC,OAAO,CAACT,MAAAA,CAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;oBAC3B,MAAMC,WAAAA,GAAcxC,EAAEyC,MAAM,CAC1BH,IAAIE,WAAW,EACf,CAACE,GAAAA,EAAKC,UAAYC,EAAAA,cAAAA,GAAAA;AAChB,wBAAA,MAAMC,iBAAoB7C,GAAAA,CAAAA,CAAE8C,MAAM,CAACH,UAAYZ,EAAAA,YAAAA,CAAAA;wBAE/C,IAAI/B,CAAAA,CAAE+C,OAAO,CAACF,iBAAoB,CAAA,EAAA;4BAChC,OAAOH,GAAAA;AACR;AAEDA,wBAAAA,GAAG,CAACE,cAAe,CAAA,GAAG5C,CAAEgD,CAAAA,SAAS,CAACH,iBAAmB,EAAA,IAAA;4BACnD,OAAO;gCACLI,OAASpB,EAAAA,aAAAA;gCACTqB,MAAQ,EAAA;AACtB,6BAAA;AACA,yBAAA,CAAA;wBAEU,OAAOR,GAAAA;AACR,qBAAA,EACD,EAAE,CAAA;AAGJ,oBAAA,IAAI,CAAC1C,CAAAA,CAAE+C,OAAO,CAACP,WAAc,CAAA,EAAA;AAC3BV,wBAAAA,SAAS,CAAC,CAAC,KAAK,EAAES,OAAQ,CAAA,CAAC,CAAC,GAAG;AAAEC,4BAAAA;;AAClC;AACP,iBAAA,CAAA;AAEIxC,gBAAAA,CAAAA,CAAEoC,OAAO,CAACT,MAAAA,CAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;oBACjC,MAAMoB,WAAAA,GAAcxC,EAAEyC,MAAM,CAC1BW,OAAOZ,WAAW,EAClB,CAACE,GAAAA,EAAKC,UAAYC,EAAAA,cAAAA,GAAAA;AAChB,wBAAA,MAAMC,iBAAoB7C,GAAAA,CAAAA,CAAE8C,MAAM,CAACH,UAAYZ,EAAAA,YAAAA,CAAAA;wBAE/C,IAAI/B,CAAAA,CAAE+C,OAAO,CAACF,iBAAoB,CAAA,EAAA;4BAChC,OAAOH,GAAAA;AACR;AAEDA,wBAAAA,GAAG,CAACE,cAAe,CAAA,GAAG5C,CAAEgD,CAAAA,SAAS,CAACH,iBAAmB,EAAA,IAAA;4BACnD,OAAO;gCACLI,OAASpB,EAAAA,aAAAA;gCACTqB,MAAQ,EAAA;AACtB,6BAAA;AACA,yBAAA,CAAA;wBAEU,OAAOR,GAAAA;AACR,qBAAA,EACD,EAAE,CAAA;AAGJ,oBAAA,IAAI,CAAC1C,CAAAA,CAAE+C,OAAO,CAACP,WAAc,CAAA,EAAA;AAC3BV,wBAAAA,SAAS,CAAC,CAAC,QAAQ,EAAEV,UAAW,CAAA,CAAC,CAAC,GAAG;AAAEoB,4BAAAA;;AACxC;AACP,iBAAA,CAAA;gBAEI,OAAOV,SAAAA;AACR,aAAA;YAED,MAAMuB,SAAAA,CAAAA,GAAAA;AACJ,gBAAA,MAAMC,YAAY,EAAA;AAElBtD,gBAAAA,CAAAA,CAAEoC,OAAO,CAACT,MAAAA,CAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;AAC3B,oBAAA,MAAMgB,SAASvD,CAAEwD,CAAAA,OAAO,CAAClB,GAAIiB,CAAAA,MAAM,EAAE,CAAClC,KAAAA,GAAAA;AACpC,wBAAA,IAAIrB,CAAEgC,CAAAA,GAAG,CAACX,KAAAA,EAAO,QAAW,CAAA,EAAA;AAC1B,4BAAA,OAAOA,MAAMkC,MAAM;AACpB;wBAED,OAAOlC,KAAAA;qBACNnB,CAAAA,CAAAA,MAAM,CAAC,CAACmB,KAAAA,GAAUA,MAAMoC,IAAI,CAACC,IAAI,KAAK,aAAA,CAAA;oBAEzC,IAAIH,MAAAA,CAAOI,MAAM,KAAK,CAAG,EAAA;AACvB,wBAAA;AACD;AAED,oBAAA,MAAMC,SAAYjC,GAAAA,MAAAA,CAAOJ,MAAM,CAACsC,GAAG,CAAC,iBAAA,CAAA;AACpCP,oBAAAA,SAAS,CAAC,CAAC,KAAK,EAAEf,OAAQ,CAAA,CAAC,CAAC,GAAGgB,MAAOpD,CAAAA,GAAG,CAAC,CAACkB,SAAW;AACpD,4BAAA,GAAGA,KAAK;4BACRG,IAAMjB,EAAAA,OAAAA,CAAQqD,SAAWvC,EAAAA,KAAAA,CAAMG,IAAI;yBACpC,CAAA,CAAA;AACP,iBAAA,CAAA;AAEIxB,gBAAAA,CAAAA,CAAEoC,OAAO,CAACT,MAAAA,CAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;AACjC,oBAAA,MAAM0C,kBAAkB3C,uBAAwBC,CAAAA,UAAAA,CAAAA;AAEhD,oBAAA,MAAMmC,SAASvD,CAAEwD,CAAAA,OAAO,CAACJ,MAAOG,CAAAA,MAAM,EAAE,CAAClC,KAAAA,GAAAA;AACvC,wBAAA,IAAIrB,CAAEgC,CAAAA,GAAG,CAACX,KAAAA,EAAO,QAAW,CAAA,EAAA;AAC1B,4BAAA,OAAOA,KAAMkC,CAAAA,MAAM,CAACpD,GAAG,CAAC2D,eAAAA,CAAAA;AACzB;AAED,wBAAA,OAAOA,eAAgBzC,CAAAA,KAAAA,CAAAA;qBACtBnB,CAAAA,CAAAA,MAAM,CAAC,CAACmB,KAAAA,GAAUA,MAAMoC,IAAI,CAACC,IAAI,KAAK,aAAA,CAAA;oBAEzC,IAAIH,MAAAA,CAAOI,MAAM,KAAK,CAAG,EAAA;AACvB,wBAAA;AACD;AAED,oBAAA,MAAMC,SAAYjC,GAAAA,MAAAA,CAAOJ,MAAM,CAACsC,GAAG,CAAC,iBAAA,CAAA;AACpCP,oBAAAA,SAAS,CAAC,CAAC,QAAQ,EAAElC,UAAW,CAAA,CAAC,CAAC,GAAGmC,MAAOpD,CAAAA,GAAG,CAAC,CAACkB,SAAW;AAC1D,4BAAA,GAAGA,KAAK;4BACRG,IAAMjB,EAAAA,OAAAA,CAAQqD,SAAWvC,EAAAA,KAAAA,CAAMG,IAAI;yBACpC,CAAA,CAAA;AACP,iBAAA,CAAA;gBAEI,OAAO8B,SAAAA;AACR,aAAA;YAED,MAAMS,eAAAA,CAAAA,GAAAA;gBACJ,MAAMC,KAAAA,GAAQ,MAAMrC,MAAOsC,CAAAA,EAAE,CAACC,KAAK,CAAC,kCAAkCC,QAAQ,EAAA;gBAC9E,MAAMC,aAAAA,GAAgB,MAAMzC,MAAOsC,CAAAA,EAAE,CAACC,KAAK,CAAC,wCAAwCC,QAAQ,EAAA;AAE5F,gBAAA,MAAME,uBAAuBrE,CAAEsE,CAAAA,IAAI,CAACtE,CAAEG,CAAAA,GAAG,CAACiE,aAAe,EAAA,QAAA,CAAA,CAAA;gBAEzD,MAAMG,UAAAA,GAAavE,EAAEwD,OAAO,CAAC7B,OAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;AAC9C,oBAAA,OAAOvC,EAAEwD,OAAO,CAAClB,IAAIE,WAAW,EAAE,CAACG,UAAYC,EAAAA,cAAAA,GAAAA;AAC7C,wBAAA,OAAO5C,EAAEwE,IAAI,CAAC7B,UAAYxC,CAAAA,CAAAA,GAAG,CAAC,CAACsE,UAAAA,GAAAA;4BAC7B,OAAO,CAAC,KAAK,EAAElC,OAAQ,CAAA,CAAC,EAAEK,cAAe,CAAA,CAAC,EAAE6B,UAAAA,CAAW,CAAC;AAClE,yBAAA,CAAA;AACA,qBAAA,CAAA;AACA,iBAAA,CAAA;gBAEI,MAAMC,cAAAA,GAAiB1E,EAAEwD,OAAO,CAAC7B,OAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;AACxD,oBAAA,OAAOpB,EAAEwD,OAAO,CAACJ,OAAOZ,WAAW,EAAE,CAACG,UAAYC,EAAAA,cAAAA,GAAAA;AAChD,wBAAA,OAAO5C,EAAEwE,IAAI,CAAC7B,UAAYxC,CAAAA,CAAAA,GAAG,CAAC,CAACsE,UAAAA,GAAAA;4BAC7B,OAAO,CAAC,QAAQ,EAAErD,UAAW,CAAA,CAAC,EAAEwB,cAAe,CAAA,CAAC,EAAE6B,UAAAA,CAAW,CAAC;AACxE,yBAAA,CAAA;AACA,qBAAA,CAAA;AACA,iBAAA,CAAA;AAEI,gBAAA,MAAME,UAAa,GAAA;AAAIJ,oBAAAA,GAAAA,UAAAA;AAAeG,oBAAAA,GAAAA;AAAe,iBAAA;AAErD,gBAAA,MAAME,QAAW5E,GAAAA,CAAAA,CAAE6E,UAAU,CAACR,oBAAsBM,EAAAA,UAAAA,CAAAA;AAEpD,gBAAA,MAAMG,QAAQC,GAAG,CACfH,QAASzE,CAAAA,GAAG,CAAC,CAACc,MAAAA,GAAAA;AACZ,oBAAA,OAAOU,OAAOsC,EAAE,CACbC,KAAK,CAAC,sCAAA,CAAA,CACNc,MAAM,CAAC;wBAAEC,KAAO,EAAA;AAAEhE,4BAAAA;AAAM;AAAI,qBAAA,CAAA;AACvC,iBAAA,CAAA,CAAA;gBAGI,IAAIoD,oBAAAA,CAAqBV,MAAM,KAAK,CAAG,EAAA;;oBAErC,KAAK,MAAMuB,QAAQlB,KAAO,CAAA;AACxB,wBAAA,MAAMmB,WAAW/E,IACfF,CAAAA,MAAAA,CAAO,CAAC,EAAEgB,QAAQ,EAAE,GAAKA,QAAagE,KAAAA,IAAAA,CAAKxB,IAAI,IAAIxC,QAAAA,KAAa,IAChEf,CAAAA,EAAAA,GAAAA,CAAIE,KAAK,QACTW,CAAAA,CAAAA,CAAAA,CAAAA,mBAAAA,CAAAA;AAEF,wBAAA,MAAM8D,QAAQC,GAAG,CACfI,QAAShF,CAAAA,GAAG,CAAC,CAACc,MAAAA,GAAAA;AACZ,4BAAA,OAAOU,OAAOsC,EAAE,CAACC,KAAK,CAAC,sCAAA,CAAA,CAAwCkB,MAAM,CAAC;gCACpEC,IAAM,EAAA;AACJpE,oCAAAA,MAAAA;AACAiE,oCAAAA,IAAAA,EAAMA,KAAKI;AACZ;AACf,6BAAA,CAAA;AACA,yBAAA,CAAA,CAAA;AAEO;AACF;AACF,aAAA;YAED,MAAMC,UAAAA,CAAAA,GAAAA;gBACJ,MAAMC,SAAAA,GAAY,MAAM7D,MAAOsC,CAAAA,EAAE,CAACC,KAAK,CAAC,kCAAkCuB,KAAK,EAAA;AAE/E,gBAAA,IAAID,cAAc,CAAG,EAAA;AACnB,oBAAA,MAAM7D,OAAOsC,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCkB,MAAM,CAAC;wBAC7DC,IAAM,EAAA;4BACJK,IAAM,EAAA,eAAA;4BACNC,WAAa,EAAA,2CAAA;4BACbjC,IAAM,EAAA;AACP;AACT,qBAAA,CAAA;AAEM,oBAAA,MAAM/B,OAAOsC,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCkB,MAAM,CAAC;wBAC7DC,IAAM,EAAA;4BACJK,IAAM,EAAA,QAAA;4BACNC,WAAa,EAAA,6CAAA;4BACbjC,IAAM,EAAA;AACP;AACT,qBAAA,CAAA;AACK;gBAED,OAAO5C,UAAAA,CAAW,qBAAqBiD,eAAe,EAAA;AACvD,aAAA;YAED,MAAM6B,cAAAA,CAAAA,CAAeC,IAAI,EAAEX,IAAI,EAAA;AAC7B,gBAAA,OAAOvD,OAAOsC,EAAE,CACbC,KAAK,CAAC,gCAAA,CAAA,CACN4B,MAAM,CAAC;oBAAEb,KAAO,EAAA;AAAEK,wBAAAA,EAAAA,EAAIO,KAAKP;AAAI,qBAAA;oBAAED,IAAM,EAAA;AAAEH,wBAAAA;AAAM;AAAA,iBAAA,CAAA;AACnD,aAAA;YAEDzE,QAASsF,CAAAA,CAAAA,MAAM,EAAEV,IAAI,EAAA;gBACnB,MAAMW,wBAAAA,GAA2BpF,OAAQqF,CAAAA,QAAQ,CAACZ,IAAAA,CAAAA;;gBAGlD,MAAMa,WAAAA,GAAcxF,gCAAgCsF,wBAA0B,EAAA,GAAA,CAAA;gBAE9E,IAAI;oBACF,OAAOhG,CAAAA,CAAES,QAAQ,CAACsF,MAAQ,EAAA;AAAEG,wBAAAA,WAAAA;wBAAaC,QAAU,EAAA,KAAA;wBAAOC,MAAQ,EAAA;qBAASf,CAAAA,CAAAA,IAAAA,CAAAA;AAC5E,iBAAA,CAAC,OAAOgB,CAAG,EAAA;oBACV,MAAM,IAAI1F,MAAO2F,CAAAA,gBAAgB,CAAC,wBAAA,CAAA;AACnC;AACF;SACH,CAAA;;;;;;"}
1
+ {"version":3,"file":"users-permissions.js","sources":["../../../server/services/users-permissions.js"],"sourcesContent":["'use strict';\n\nconst _ = require('lodash');\nconst { filter, map, pipe, prop } = require('lodash/fp');\nconst urlJoin = require('url-join');\nconst {\n template: { createStrictInterpolationRegExp },\n errors,\n objects,\n sanitizeRoutesMapForSerialization,\n} = require('@strapi/utils');\n\nconst { getService } = require('../utils');\n\nconst DEFAULT_PERMISSIONS = [\n { action: 'plugin::users-permissions.auth.callback', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.connect', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.forgotPassword', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.resetPassword', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.register', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.emailConfirmation', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.sendEmailConfirmation', roleType: 'public' },\n { action: 'plugin::users-permissions.user.me', roleType: 'authenticated' },\n { action: 'plugin::users-permissions.auth.changePassword', roleType: 'authenticated' },\n];\n\nconst transformRoutePrefixFor = (pluginName) => (route) => {\n const prefix = route.config && route.config.prefix;\n const path = prefix !== undefined ? `${prefix}${route.path}` : `/${pluginName}${route.path}`;\n\n return {\n ...route,\n path,\n };\n};\n\nmodule.exports = ({ strapi }) => ({\n getActions({ defaultEnable = false } = {}) {\n const actionMap = {};\n\n const isContentApi = (action) => {\n if (!_.has(action, Symbol.for('__type__'))) {\n return false;\n }\n\n return action[Symbol.for('__type__')].includes('content-api');\n };\n\n _.forEach(strapi.apis, (api, apiName) => {\n const controllers = _.reduce(\n api.controllers,\n (acc, controller, controllerName) => {\n const contentApiActions = _.pickBy(controller, isContentApi);\n\n if (_.isEmpty(contentApiActions)) {\n return acc;\n }\n\n acc[controllerName] = _.mapValues(contentApiActions, () => {\n return {\n enabled: defaultEnable,\n policy: '',\n };\n });\n\n return acc;\n },\n {}\n );\n\n if (!_.isEmpty(controllers)) {\n actionMap[`api::${apiName}`] = { controllers };\n }\n });\n\n _.forEach(strapi.plugins, (plugin, pluginName) => {\n const controllers = _.reduce(\n plugin.controllers,\n (acc, controller, controllerName) => {\n const contentApiActions = _.pickBy(controller, isContentApi);\n\n if (_.isEmpty(contentApiActions)) {\n return acc;\n }\n\n acc[controllerName] = _.mapValues(contentApiActions, () => {\n return {\n enabled: defaultEnable,\n policy: '',\n };\n });\n\n return acc;\n },\n {}\n );\n\n if (!_.isEmpty(controllers)) {\n actionMap[`plugin::${pluginName}`] = { controllers };\n }\n });\n\n // Return a deeply cloned version to avoid circular references\n return _.cloneDeep(actionMap);\n },\n\n async getRoutes() {\n const routesMap = {};\n\n _.forEach(strapi.apis, (api, apiName) => {\n const routes = _.flatMap(api.routes, (route) => {\n if (_.has(route, 'routes')) {\n return route.routes;\n }\n\n return route;\n }).filter((route) => route.info.type === 'content-api');\n\n if (routes.length === 0) {\n return;\n }\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n routesMap[`api::${apiName}`] = routes.map((route) => ({\n ...route,\n path: urlJoin(apiPrefix, route.path),\n }));\n });\n\n _.forEach(strapi.plugins, (plugin, pluginName) => {\n const transformPrefix = transformRoutePrefixFor(pluginName);\n\n const routes = _.flatMap(plugin.routes, (route) => {\n if (_.has(route, 'routes')) {\n return route.routes.map(transformPrefix);\n }\n\n return transformPrefix(route);\n }).filter((route) => route.info.type === 'content-api');\n\n if (routes.length === 0) {\n return;\n }\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n routesMap[`plugin::${pluginName}`] = routes.map((route) => ({\n ...route,\n path: urlJoin(apiPrefix, route.path),\n }));\n });\n\n return sanitizeRoutesMapForSerialization(routesMap);\n },\n\n async syncPermissions() {\n const roles = await strapi.db.query('plugin::users-permissions.role').findMany();\n const dbPermissions = await strapi.db.query('plugin::users-permissions.permission').findMany();\n\n const permissionsFoundInDB = _.uniq(_.map(dbPermissions, 'action'));\n\n const appActions = _.flatMap(strapi.apis, (api, apiName) => {\n return _.flatMap(api.controllers, (controller, controllerName) => {\n return _.keys(controller).map((actionName) => {\n return `api::${apiName}.${controllerName}.${actionName}`;\n });\n });\n });\n\n const pluginsActions = _.flatMap(strapi.plugins, (plugin, pluginName) => {\n return _.flatMap(plugin.controllers, (controller, controllerName) => {\n return _.keys(controller).map((actionName) => {\n return `plugin::${pluginName}.${controllerName}.${actionName}`;\n });\n });\n });\n\n const allActions = [...appActions, ...pluginsActions];\n\n const toDelete = _.difference(permissionsFoundInDB, allActions);\n\n await Promise.all(\n toDelete.map((action) => {\n return strapi.db\n .query('plugin::users-permissions.permission')\n .delete({ where: { action } });\n })\n );\n\n if (permissionsFoundInDB.length === 0) {\n // create default permissions\n for (const role of roles) {\n const toCreate = pipe(\n filter(({ roleType }) => roleType === role.type || roleType === null),\n map(prop('action'))\n )(DEFAULT_PERMISSIONS);\n\n await Promise.all(\n toCreate.map((action) => {\n return strapi.db.query('plugin::users-permissions.permission').create({\n data: {\n action,\n role: role.id,\n },\n });\n })\n );\n }\n }\n },\n\n async initialize() {\n const roleCount = await strapi.db.query('plugin::users-permissions.role').count();\n\n if (roleCount === 0) {\n await strapi.db.query('plugin::users-permissions.role').create({\n data: {\n name: 'Authenticated',\n description: 'Default role given to authenticated user.',\n type: 'authenticated',\n },\n });\n\n await strapi.db.query('plugin::users-permissions.role').create({\n data: {\n name: 'Public',\n description: 'Default role given to unauthenticated user.',\n type: 'public',\n },\n });\n }\n\n return getService('users-permissions').syncPermissions();\n },\n\n async updateUserRole(user, role) {\n return strapi.db\n .query('plugin::users-permissions.user')\n .update({ where: { id: user.id }, data: { role } });\n },\n\n template(layout, data) {\n const allowedTemplateVariables = objects.keysDeep(data);\n\n // Create a strict interpolation RegExp based on possible variable names\n const interpolate = createStrictInterpolationRegExp(allowedTemplateVariables, 'g');\n\n try {\n return _.template(layout, { interpolate, evaluate: false, escape: false })(data);\n } catch (e) {\n throw new errors.ApplicationError('Invalid email template');\n }\n },\n});\n"],"names":["_","require$$0","filter","map","pipe","prop","require$$1","urlJoin","require$$2","template","createStrictInterpolationRegExp","errors","objects","sanitizeRoutesMapForSerialization","require$$3","getService","require$$4","DEFAULT_PERMISSIONS","action","roleType","transformRoutePrefixFor","pluginName","route","prefix","config","path","undefined","usersPermissions","strapi","getActions","defaultEnable","actionMap","isContentApi","has","Symbol","for","includes","forEach","apis","api","apiName","controllers","reduce","acc","controller","controllerName","contentApiActions","pickBy","isEmpty","mapValues","enabled","policy","plugins","plugin","cloneDeep","getRoutes","routesMap","routes","flatMap","info","type","length","apiPrefix","get","transformPrefix","syncPermissions","roles","db","query","findMany","dbPermissions","permissionsFoundInDB","uniq","appActions","keys","actionName","pluginsActions","allActions","toDelete","difference","Promise","all","delete","where","role","toCreate","create","data","id","initialize","roleCount","count","name","description","updateUserRole","user","update","layout","allowedTemplateVariables","keysDeep","interpolate","evaluate","escape","e","ApplicationError"],"mappings":";;;;;;;;;;;;;AAEA,IAAA,MAAMA,CAAIC,GAAAA,UAAAA;IACV,MAAM,EAAEC,MAAM,EAAEC,GAAG,EAAEC,IAAI,EAAEC,IAAI,EAAE,GAAGC,YAAAA;AACpC,IAAA,MAAMC,OAAUC,GAAAA,UAAAA;AAChB,IAAA,MAAM,EACJC,QAAAA,EAAU,EAAEC,+BAA+B,EAAE,EAC7CC,MAAM,EACNC,OAAO,EACPC,iCAAiC,EAClC,GAAGC,UAAAA;IAEJ,MAAM,EAAEC,UAAU,EAAE,GAAGC,eAAAA,EAAAA;AAEvB,IAAA,MAAMC,mBAAsB,GAAA;AAC1B,QAAA;YAAEC,MAAQ,EAAA,yCAAA;YAA2CC,QAAU,EAAA;AAAU,SAAA;AACzE,QAAA;YAAED,MAAQ,EAAA,wCAAA;YAA0CC,QAAU,EAAA;AAAU,SAAA;AACxE,QAAA;YAAED,MAAQ,EAAA,+CAAA;YAAiDC,QAAU,EAAA;AAAU,SAAA;AAC/E,QAAA;YAAED,MAAQ,EAAA,8CAAA;YAAgDC,QAAU,EAAA;AAAU,SAAA;AAC9E,QAAA;YAAED,MAAQ,EAAA,yCAAA;YAA2CC,QAAU,EAAA;AAAU,SAAA;AACzE,QAAA;YAAED,MAAQ,EAAA,kDAAA;YAAoDC,QAAU,EAAA;AAAU,SAAA;AAClF,QAAA;YAAED,MAAQ,EAAA,sDAAA;YAAwDC,QAAU,EAAA;AAAU,SAAA;AACtF,QAAA;YAAED,MAAQ,EAAA,mCAAA;YAAqCC,QAAU,EAAA;AAAiB,SAAA;AAC1E,QAAA;YAAED,MAAQ,EAAA,+CAAA;YAAiDC,QAAU,EAAA;AAAiB;AACvF,KAAA;IAED,MAAMC,uBAAAA,GAA0B,CAACC,UAAAA,GAAe,CAACC,KAAAA,GAAAA;AAC/C,YAAA,MAAMC,SAASD,KAAME,CAAAA,MAAM,IAAIF,KAAME,CAAAA,MAAM,CAACD,MAAM;AAClD,YAAA,MAAME,IAAOF,GAAAA,MAAAA,KAAWG,SAAY,GAAA,CAAA,EAAGH,SAASD,KAAMG,CAAAA,IAAI,CAAE,CAAA,GAAG,CAAC,CAAC,EAAEJ,UAAaC,CAAAA,EAAAA,KAAAA,CAAMG,IAAI,CAAE,CAAA;YAE5F,OAAO;AACL,gBAAA,GAAGH,KAAK;AACRG,gBAAAA;AACJ,aAAA;AACA,SAAA;AAEAE,IAAAA,gBAAAA,GAAiB,CAAC,EAAEC,MAAM,EAAE,IAAM;AAChCC,YAAAA,UAAAA,CAAAA,CAAW,EAAEC,aAAgB,GAAA,KAAK,EAAE,GAAG,EAAE,EAAA;AACvC,gBAAA,MAAMC,YAAY,EAAA;AAElB,gBAAA,MAAMC,eAAe,CAACd,MAAAA,GAAAA;oBACpB,IAAI,CAAClB,EAAEiC,GAAG,CAACf,QAAQgB,MAAOC,CAAAA,GAAG,CAAC,UAAc,CAAA,CAAA,EAAA;wBAC1C,OAAO,KAAA;AACR;oBAED,OAAOjB,MAAM,CAACgB,MAAOC,CAAAA,GAAG,CAAC,UAAY,CAAA,CAAA,CAACC,QAAQ,CAAC,aAAA,CAAA;AACrD,iBAAA;AAEIpC,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;oBAC3B,MAAMC,WAAAA,GAAczC,EAAE0C,MAAM,CAC1BH,IAAIE,WAAW,EACf,CAACE,GAAAA,EAAKC,UAAYC,EAAAA,cAAAA,GAAAA;AAChB,wBAAA,MAAMC,iBAAoB9C,GAAAA,CAAAA,CAAE+C,MAAM,CAACH,UAAYZ,EAAAA,YAAAA,CAAAA;wBAE/C,IAAIhC,CAAAA,CAAEgD,OAAO,CAACF,iBAAoB,CAAA,EAAA;4BAChC,OAAOH,GAAAA;AACR;AAEDA,wBAAAA,GAAG,CAACE,cAAe,CAAA,GAAG7C,CAAEiD,CAAAA,SAAS,CAACH,iBAAmB,EAAA,IAAA;4BACnD,OAAO;gCACLI,OAASpB,EAAAA,aAAAA;gCACTqB,MAAQ,EAAA;AACtB,6BAAA;AACA,yBAAA,CAAA;wBAEU,OAAOR,GAAAA;AACR,qBAAA,EACD,EAAE,CAAA;AAGJ,oBAAA,IAAI,CAAC3C,CAAAA,CAAEgD,OAAO,CAACP,WAAc,CAAA,EAAA;AAC3BV,wBAAAA,SAAS,CAAC,CAAC,KAAK,EAAES,OAAAA,CAAAA,CAAS,CAAC,GAAG;AAAEC,4BAAAA;;AAClC;AACP,iBAAA,CAAA;AAEIzC,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;oBACjC,MAAMoB,WAAAA,GAAczC,EAAE0C,MAAM,CAC1BW,OAAOZ,WAAW,EAClB,CAACE,GAAAA,EAAKC,UAAYC,EAAAA,cAAAA,GAAAA;AAChB,wBAAA,MAAMC,iBAAoB9C,GAAAA,CAAAA,CAAE+C,MAAM,CAACH,UAAYZ,EAAAA,YAAAA,CAAAA;wBAE/C,IAAIhC,CAAAA,CAAEgD,OAAO,CAACF,iBAAoB,CAAA,EAAA;4BAChC,OAAOH,GAAAA;AACR;AAEDA,wBAAAA,GAAG,CAACE,cAAe,CAAA,GAAG7C,CAAEiD,CAAAA,SAAS,CAACH,iBAAmB,EAAA,IAAA;4BACnD,OAAO;gCACLI,OAASpB,EAAAA,aAAAA;gCACTqB,MAAQ,EAAA;AACtB,6BAAA;AACA,yBAAA,CAAA;wBAEU,OAAOR,GAAAA;AACR,qBAAA,EACD,EAAE,CAAA;AAGJ,oBAAA,IAAI,CAAC3C,CAAAA,CAAEgD,OAAO,CAACP,WAAc,CAAA,EAAA;AAC3BV,wBAAAA,SAAS,CAAC,CAAC,QAAQ,EAAEV,UAAAA,CAAAA,CAAY,CAAC,GAAG;AAAEoB,4BAAAA;;AACxC;AACP,iBAAA,CAAA;;gBAGI,OAAOzC,CAAAA,CAAEsD,SAAS,CAACvB,SAAAA,CAAAA;AACpB,aAAA;YAED,MAAMwB,SAAAA,CAAAA,GAAAA;AACJ,gBAAA,MAAMC,YAAY,EAAA;AAElBxD,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;AAC3B,oBAAA,MAAMiB,SAASzD,CAAE0D,CAAAA,OAAO,CAACnB,GAAIkB,CAAAA,MAAM,EAAE,CAACnC,KAAAA,GAAAA;AACpC,wBAAA,IAAItB,CAAEiC,CAAAA,GAAG,CAACX,KAAAA,EAAO,QAAW,CAAA,EAAA;AAC1B,4BAAA,OAAOA,MAAMmC,MAAM;AACpB;wBAED,OAAOnC,KAAAA;qBACNpB,CAAAA,CAAAA,MAAM,CAAC,CAACoB,KAAAA,GAAUA,MAAMqC,IAAI,CAACC,IAAI,KAAK,aAAA,CAAA;oBAEzC,IAAIH,MAAAA,CAAOI,MAAM,KAAK,CAAG,EAAA;AACvB,wBAAA;AACD;AAED,oBAAA,MAAMC,SAAYlC,GAAAA,MAAAA,CAAOJ,MAAM,CAACuC,GAAG,CAAC,iBAAA,CAAA;AACpCP,oBAAAA,SAAS,CAAC,CAAC,KAAK,EAAEhB,OAAS,CAAA,CAAA,CAAC,GAAGiB,MAAAA,CAAOtD,GAAG,CAAC,CAACmB,KAAAA,IAAW;AACpD,4BAAA,GAAGA,KAAK;4BACRG,IAAMlB,EAAAA,OAAAA,CAAQuD,SAAWxC,EAAAA,KAAAA,CAAMG,IAAI;yBACpC,CAAA,CAAA;AACP,iBAAA,CAAA;AAEIzB,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;AACjC,oBAAA,MAAM2C,kBAAkB5C,uBAAwBC,CAAAA,UAAAA,CAAAA;AAEhD,oBAAA,MAAMoC,SAASzD,CAAE0D,CAAAA,OAAO,CAACL,MAAOI,CAAAA,MAAM,EAAE,CAACnC,KAAAA,GAAAA;AACvC,wBAAA,IAAItB,CAAEiC,CAAAA,GAAG,CAACX,KAAAA,EAAO,QAAW,CAAA,EAAA;AAC1B,4BAAA,OAAOA,KAAMmC,CAAAA,MAAM,CAACtD,GAAG,CAAC6D,eAAAA,CAAAA;AACzB;AAED,wBAAA,OAAOA,eAAgB1C,CAAAA,KAAAA,CAAAA;qBACtBpB,CAAAA,CAAAA,MAAM,CAAC,CAACoB,KAAAA,GAAUA,MAAMqC,IAAI,CAACC,IAAI,KAAK,aAAA,CAAA;oBAEzC,IAAIH,MAAAA,CAAOI,MAAM,KAAK,CAAG,EAAA;AACvB,wBAAA;AACD;AAED,oBAAA,MAAMC,SAAYlC,GAAAA,MAAAA,CAAOJ,MAAM,CAACuC,GAAG,CAAC,iBAAA,CAAA;AACpCP,oBAAAA,SAAS,CAAC,CAAC,QAAQ,EAAEnC,UAAY,CAAA,CAAA,CAAC,GAAGoC,MAAAA,CAAOtD,GAAG,CAAC,CAACmB,KAAAA,IAAW;AAC1D,4BAAA,GAAGA,KAAK;4BACRG,IAAMlB,EAAAA,OAAAA,CAAQuD,SAAWxC,EAAAA,KAAAA,CAAMG,IAAI;yBACpC,CAAA,CAAA;AACP,iBAAA,CAAA;AAEI,gBAAA,OAAOZ,iCAAkC2C,CAAAA,SAAAA,CAAAA;AAC1C,aAAA;YAED,MAAMS,eAAAA,CAAAA,GAAAA;gBACJ,MAAMC,KAAAA,GAAQ,MAAMtC,MAAOuC,CAAAA,EAAE,CAACC,KAAK,CAAC,kCAAkCC,QAAQ,EAAA;gBAC9E,MAAMC,aAAAA,GAAgB,MAAM1C,MAAOuC,CAAAA,EAAE,CAACC,KAAK,CAAC,wCAAwCC,QAAQ,EAAA;AAE5F,gBAAA,MAAME,uBAAuBvE,CAAEwE,CAAAA,IAAI,CAACxE,CAAEG,CAAAA,GAAG,CAACmE,aAAe,EAAA,QAAA,CAAA,CAAA;gBAEzD,MAAMG,UAAAA,GAAazE,EAAE0D,OAAO,CAAC9B,OAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;AAC9C,oBAAA,OAAOxC,EAAE0D,OAAO,CAACnB,IAAIE,WAAW,EAAE,CAACG,UAAYC,EAAAA,cAAAA,GAAAA;AAC7C,wBAAA,OAAO7C,EAAE0E,IAAI,CAAC9B,UAAYzC,CAAAA,CAAAA,GAAG,CAAC,CAACwE,UAAAA,GAAAA;4BAC7B,OAAO,CAAC,KAAK,EAAEnC,OAAAA,CAAQ,CAAC,EAAEK,cAAAA,CAAe,CAAC,EAAE8B,UAAY,CAAA,CAAA;AAClE,yBAAA,CAAA;AACA,qBAAA,CAAA;AACA,iBAAA,CAAA;gBAEI,MAAMC,cAAAA,GAAiB5E,EAAE0D,OAAO,CAAC9B,OAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;AACxD,oBAAA,OAAOrB,EAAE0D,OAAO,CAACL,OAAOZ,WAAW,EAAE,CAACG,UAAYC,EAAAA,cAAAA,GAAAA;AAChD,wBAAA,OAAO7C,EAAE0E,IAAI,CAAC9B,UAAYzC,CAAAA,CAAAA,GAAG,CAAC,CAACwE,UAAAA,GAAAA;4BAC7B,OAAO,CAAC,QAAQ,EAAEtD,UAAAA,CAAW,CAAC,EAAEwB,cAAAA,CAAe,CAAC,EAAE8B,UAAY,CAAA,CAAA;AACxE,yBAAA,CAAA;AACA,qBAAA,CAAA;AACA,iBAAA,CAAA;AAEI,gBAAA,MAAME,UAAa,GAAA;AAAIJ,oBAAAA,GAAAA,UAAAA;AAAeG,oBAAAA,GAAAA;AAAe,iBAAA;AAErD,gBAAA,MAAME,QAAW9E,GAAAA,CAAAA,CAAE+E,UAAU,CAACR,oBAAsBM,EAAAA,UAAAA,CAAAA;AAEpD,gBAAA,MAAMG,QAAQC,GAAG,CACfH,QAAS3E,CAAAA,GAAG,CAAC,CAACe,MAAAA,GAAAA;AACZ,oBAAA,OAAOU,OAAOuC,EAAE,CACbC,KAAK,CAAC,sCAAA,CAAA,CACNc,MAAM,CAAC;wBAAEC,KAAO,EAAA;AAAEjE,4BAAAA;AAAM;AAAI,qBAAA,CAAA;AACvC,iBAAA,CAAA,CAAA;gBAGI,IAAIqD,oBAAAA,CAAqBV,MAAM,KAAK,CAAG,EAAA;;oBAErC,KAAK,MAAMuB,QAAQlB,KAAO,CAAA;AACxB,wBAAA,MAAMmB,WAAWjF,IACfF,CAAAA,MAAAA,CAAO,CAAC,EAAEiB,QAAQ,EAAE,GAAKA,QAAaiE,KAAAA,IAAAA,CAAKxB,IAAI,IAAIzC,QAAAA,KAAa,IAChEhB,CAAAA,EAAAA,GAAAA,CAAIE,KAAK,QACTY,CAAAA,CAAAA,CAAAA,CAAAA,mBAAAA,CAAAA;AAEF,wBAAA,MAAM+D,QAAQC,GAAG,CACfI,QAASlF,CAAAA,GAAG,CAAC,CAACe,MAAAA,GAAAA;AACZ,4BAAA,OAAOU,OAAOuC,EAAE,CAACC,KAAK,CAAC,sCAAA,CAAA,CAAwCkB,MAAM,CAAC;gCACpEC,IAAM,EAAA;AACJrE,oCAAAA,MAAAA;AACAkE,oCAAAA,IAAAA,EAAMA,KAAKI;AACZ;AACf,6BAAA,CAAA;AACA,yBAAA,CAAA,CAAA;AAEO;AACF;AACF,aAAA;YAED,MAAMC,UAAAA,CAAAA,GAAAA;gBACJ,MAAMC,SAAAA,GAAY,MAAM9D,MAAOuC,CAAAA,EAAE,CAACC,KAAK,CAAC,kCAAkCuB,KAAK,EAAA;AAE/E,gBAAA,IAAID,cAAc,CAAG,EAAA;AACnB,oBAAA,MAAM9D,OAAOuC,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCkB,MAAM,CAAC;wBAC7DC,IAAM,EAAA;4BACJK,IAAM,EAAA,eAAA;4BACNC,WAAa,EAAA,2CAAA;4BACbjC,IAAM,EAAA;AACP;AACT,qBAAA,CAAA;AAEM,oBAAA,MAAMhC,OAAOuC,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCkB,MAAM,CAAC;wBAC7DC,IAAM,EAAA;4BACJK,IAAM,EAAA,QAAA;4BACNC,WAAa,EAAA,6CAAA;4BACbjC,IAAM,EAAA;AACP;AACT,qBAAA,CAAA;AACK;gBAED,OAAO7C,UAAAA,CAAW,qBAAqBkD,eAAe,EAAA;AACvD,aAAA;YAED,MAAM6B,cAAAA,CAAAA,CAAeC,IAAI,EAAEX,IAAI,EAAA;AAC7B,gBAAA,OAAOxD,OAAOuC,EAAE,CACbC,KAAK,CAAC,gCAAA,CAAA,CACN4B,MAAM,CAAC;oBAAEb,KAAO,EAAA;AAAEK,wBAAAA,EAAAA,EAAIO,KAAKP;AAAI,qBAAA;oBAAED,IAAM,EAAA;AAAEH,wBAAAA;AAAM;AAAA,iBAAA,CAAA;AACnD,aAAA;YAED3E,QAASwF,CAAAA,CAAAA,MAAM,EAAEV,IAAI,EAAA;gBACnB,MAAMW,wBAAAA,GAA2BtF,OAAQuF,CAAAA,QAAQ,CAACZ,IAAAA,CAAAA;;gBAGlD,MAAMa,WAAAA,GAAc1F,gCAAgCwF,wBAA0B,EAAA,GAAA,CAAA;gBAE9E,IAAI;oBACF,OAAOlG,CAAAA,CAAES,QAAQ,CAACwF,MAAQ,EAAA;AAAEG,wBAAAA,WAAAA;wBAAaC,QAAU,EAAA,KAAA;wBAAOC,MAAQ,EAAA;qBAASf,CAAAA,CAAAA,IAAAA,CAAAA;AAC5E,iBAAA,CAAC,OAAOgB,CAAG,EAAA;oBACV,MAAM,IAAI5F,MAAO6F,CAAAA,gBAAgB,CAAC,wBAAA,CAAA;AACnC;AACF;SACH,CAAA;;;;;;"}
package/dist/server/services/users-permissions.mjs CHANGED
@@ -12,7 +12,7 @@ function requireUsersPermissions() {
12
12
  const _ = require$$0;
13
13
  const { filter, map, pipe, prop } = require$$0$1;
14
14
  const urlJoin = require$$2;
15
- const { template: { createStrictInterpolationRegExp }, errors, objects } = require$$1;
15
+ const { template: { createStrictInterpolationRegExp }, errors, objects, sanitizeRoutesMapForSerialization } = require$$1;
16
16
  const { getService } = requireUtils();
17
17
  const DEFAULT_PERMISSIONS = [
18
18
  {
@@ -109,7 +109,8 @@ function requireUsersPermissions() {
109
109
  };
110
110
  }
111
111
  });
112
- return actionMap;
112
+ // Return a deeply cloned version to avoid circular references
113
+ return _.cloneDeep(actionMap);
113
114
  },
114
115
  async getRoutes () {
115
116
  const routesMap = {};
@@ -146,7 +147,7 @@ function requireUsersPermissions() {
146
147
  path: urlJoin(apiPrefix, route.path)
147
148
  }));
148
149
  });
149
- return routesMap;
150
+ return sanitizeRoutesMapForSerialization(routesMap);
150
151
  },
151
152
  async syncPermissions () {
152
153
  const roles = await strapi.db.query('plugin::users-permissions.role').findMany();