npm - @strapi/plugin-users-permissions - Versions diffs - 0.0.0-next.ff946d2c25a3e577b47132a357cac2932eb8e635 → 0.0.0-next.ffc36acb308febe288f1a31b62cbbb75b286585c - Mend

@strapi/plugin-users-permissions 0.0.0-next.ff946d2c25a3e577b47132a357cac2932eb8e635 → 0.0.0-next.ffc36acb308febe288f1a31b62cbbb75b286585c

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (681) hide show

package/server/services/providers.js CHANGED Viewed

@@ -8,7 +8,6 @@
 const _ = require('lodash');
 const urlJoin = require('url-join');
-const { getAbsoluteServerUrl } = require('@strapi/utils');
 const { getService } = require('../utils');
 module.exports = ({ strapi }) => {
@@ -60,7 +59,7 @@ module.exports = ({ strapi }) => {
       throw new Error('Email was not available.');
     }
-    const users = await strapi.query('plugin::users-permissions.user').findMany({
+    const users = await strapi.db.query('plugin::users-permissions.user').findMany({
       where: { email },
     });
@@ -83,7 +82,7 @@ module.exports = ({ strapi }) => {
     }
     // Retrieve default role.
-    const defaultRole = await strapi
+    const defaultRole = await strapi.db
       .query('plugin::users-permissions.role')
       .findOne({ where: { type: advancedSettings.default_role } });
@@ -96,7 +95,7 @@ module.exports = ({ strapi }) => {
       confirmed: true,
     };
-    const createdUser = await strapi
+    const createdUser = await strapi.db
       .query('plugin::users-permissions.user')
       .create({ data: newUser });
@@ -105,7 +104,13 @@ module.exports = ({ strapi }) => {
   const buildRedirectUri = (provider = '') => {
     const apiPrefix = strapi.config.get('api.rest.prefix');
-    return urlJoin(getAbsoluteServerUrl(strapi.config), apiPrefix, 'connect', provider, 'callback');
+    return urlJoin(
+      strapi.config.get('server.absoluteUrl'),
+      apiPrefix,
+      'connect',
+      provider,
+      'callback'
+    );
   };
   return {

package/server/services/role.js CHANGED Viewed

@@ -10,7 +10,7 @@ module.exports = ({ strapi }) => ({
       params.type = _.snakeCase(_.deburr(_.toLower(params.name)));
     }
-    const role = await strapi
+    const role = await strapi.db
       .query('plugin::users-permissions.role')
       .create({ data: _.omit(params, ['users', 'permissions']) });
@@ -25,7 +25,7 @@ module.exports = ({ strapi }) => ({
               const actionID = `${typeName}.${controllerName}.${actionName}`;
               acc.push(
-                strapi
+                strapi.db
                   .query('plugin::users-permissions.permission')
                   .create({ data: { action: actionID, role: role.id } })
               );
@@ -42,7 +42,7 @@ module.exports = ({ strapi }) => ({
   },
   async findOne(roleID) {
-    const role = await strapi
+    const role = await strapi.db
       .query('plugin::users-permissions.role')
       .findOne({ where: { id: roleID }, populate: ['permissions'] });
@@ -69,10 +69,12 @@ module.exports = ({ strapi }) => ({
   },
   async find() {
-    const roles = await strapi.query('plugin::users-permissions.role').findMany({ sort: ['name'] });
+    const roles = await strapi.db
+      .query('plugin::users-permissions.role')
+      .findMany({ sort: ['name'] });
     for (const role of roles) {
-      role.nb_users = await strapi
+      role.nb_users = await strapi.db
         .query('plugin::users-permissions.user')
         .count({ where: { role: { id: role.id } } });
     }
@@ -81,7 +83,7 @@ module.exports = ({ strapi }) => ({
   },
   async updateRole(roleID, data) {
-    const role = await strapi
+    const role = await strapi.db
       .query('plugin::users-permissions.role')
       .findOne({ where: { id: roleID }, populate: ['permissions'] });
@@ -89,7 +91,7 @@ module.exports = ({ strapi }) => ({
       throw new NotFoundError('Role not found');
     }
-    await strapi.query('plugin::users-permissions.role').update({
+    await strapi.db.query('plugin::users-permissions.role').update({
       where: { id: roleID },
       data: _.pick(data, ['name', 'description']),
     });
@@ -129,7 +131,7 @@ module.exports = ({ strapi }) => ({
     await Promise.all(
       toDelete.map((permission) =>
-        strapi
+        strapi.db
           .query('plugin::users-permissions.permission')
           .delete({ where: { id: permission.id } })
       )
@@ -137,13 +139,13 @@ module.exports = ({ strapi }) => ({
     await Promise.all(
       toCreate.map((permissionInfo) =>
-        strapi.query('plugin::users-permissions.permission').create({ data: permissionInfo })
+        strapi.db.query('plugin::users-permissions.permission').create({ data: permissionInfo })
       )
     );
   },
   async deleteRole(roleID, publicRoleID) {
-    const role = await strapi
+    const role = await strapi.db
       .query('plugin::users-permissions.role')
       .findOne({ where: { id: roleID }, populate: ['users', 'permissions'] });
@@ -154,7 +156,7 @@ module.exports = ({ strapi }) => ({
     // Move users to guest role.
     await Promise.all(
       role.users.map((user) => {
-        return strapi.query('plugin::users-permissions.user').update({
+        return strapi.db.query('plugin::users-permissions.user').update({
           where: { id: user.id },
           data: { role: publicRoleID },
         });
@@ -165,13 +167,13 @@ module.exports = ({ strapi }) => ({
     // TODO: use delete many
     await Promise.all(
       role.permissions.map((permission) => {
-        return strapi.query('plugin::users-permissions.permission').delete({
+        return strapi.db.query('plugin::users-permissions.permission').delete({
           where: { id: permission.id },
         });
       })
     );
     // Delete the role.
-    await strapi.query('plugin::users-permissions.role').delete({ where: { id: roleID } });
+    await strapi.db.query('plugin::users-permissions.role').delete({ where: { id: roleID } });
   },
 });

package/server/services/user.js CHANGED Viewed

@@ -10,9 +10,12 @@ const crypto = require('crypto');
 const bcrypt = require('bcryptjs');
 const urlJoin = require('url-join');
-const { getAbsoluteAdminUrl, getAbsoluteServerUrl, sanitize } = require('@strapi/utils');
+const { sanitize } = require('@strapi/utils');
+const { toNumber, getOr } = require('lodash/fp');
 const { getService } = require('../utils');
+const USER_MODEL_UID = 'plugin::users-permissions.user';
 module.exports = ({ strapi }) => ({
   /**
    * Promise to count users
@@ -21,22 +24,38 @@ module.exports = ({ strapi }) => ({
    */
   count(params) {
-    return strapi.query('plugin::users-permissions.user').count({ where: params });
+    return strapi.db.query(USER_MODEL_UID).count({ where: params });
   },
   /**
-   * Promise to search count users
+   * Hashes password fields in the provided values object if they are present.
+   * It checks each key in the values object against the model's attributes and
+   * hashes it if the attribute type is 'password',
    *
-   * @return {Promise}
+   * @param {object} values - The object containing the fields to be hashed.
+   * @return {object} The values object with hashed password fields if they were present.
    */
+  async ensureHashedPasswords(values) {
+    const attributes = strapi.getModel(USER_MODEL_UID).attributes;
+    for (const key in values) {
+      if (attributes[key] && attributes[key].type === 'password') {
+        // Check if a custom encryption.rounds has been set on the password attribute
+        const rounds = toNumber(getOr(10, 'encryption.rounds', attributes[key]));
+        values[key] = await bcrypt.hash(values[key], rounds);
+      }
+    }
+    return values;
+  },
   /**
    * Promise to add a/an user.
    * @return {Promise}
    */
   async add(values) {
-    return strapi.entityService.create('plugin::users-permissions.user', {
-      data: values,
+    return strapi.db.query(USER_MODEL_UID).create({
+      data: await this.ensureHashedPasswords(values),
       populate: ['role'],
     });
   },
@@ -48,8 +67,9 @@ module.exports = ({ strapi }) => ({
    * @return {Promise}
    */
   async edit(userId, params = {}) {
-    return strapi.entityService.update('plugin::users-permissions.user', userId, {
-      data: params,
+    return strapi.db.query(USER_MODEL_UID).update({
+      where: { id: userId },
+      data: await this.ensureHashedPasswords(params),
       populate: ['role'],
     });
   },
@@ -59,7 +79,14 @@ module.exports = ({ strapi }) => ({
    * @return {Promise}
    */
   fetch(id, params) {
-    return strapi.entityService.findOne('plugin::users-permissions.user', id, params);
+    const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});
+    return strapi.db.query(USER_MODEL_UID).findOne({
+      ...query,
+      where: {
+        $and: [{ id }, query.where || {}],
+      },
+    });
   },
   /**
@@ -67,9 +94,7 @@ module.exports = ({ strapi }) => ({
    * @return {Promise}
    */
   fetchAuthenticatedUser(id) {
-    return strapi
-      .query('plugin::users-permissions.user')
-      .findOne({ where: { id }, populate: ['role'] });
+    return strapi.db.query(USER_MODEL_UID).findOne({ where: { id }, populate: ['role'] });
   },
   /**
@@ -77,7 +102,9 @@ module.exports = ({ strapi }) => ({
    * @return {Promise}
    */
   fetchAll(params) {
-    return strapi.entityService.findMany('plugin::users-permissions.user', params);
+    const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});
+    return strapi.db.query(USER_MODEL_UID).findMany(query);
   },
   /**
@@ -85,7 +112,7 @@ module.exports = ({ strapi }) => ({
    * @return {Promise}
    */
   async remove(params) {
-    return strapi.query('plugin::users-permissions.user').delete({ where: params });
+    return strapi.db.query(USER_MODEL_UID).delete({ where: params });
   },
   validatePassword(password, hash) {
@@ -95,14 +122,20 @@ module.exports = ({ strapi }) => ({
   async sendConfirmationEmail(user) {
     const userPermissionService = getService('users-permissions');
     const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });
-    const userSchema = strapi.getModel('plugin::users-permissions.user');
+    const userSchema = strapi.getModel(USER_MODEL_UID);
     const settings = await pluginStore
       .get({ key: 'email' })
       .then((storeEmail) => storeEmail.email_confirmation.options);
     // Sanitize the template's user information
-    const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput(userSchema, user);
+    const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput(
+      {
+        schema: userSchema,
+        getModel: strapi.getModel.bind(strapi),
+      },
+      user
+    );
     const confirmationToken = crypto.randomBytes(20).toString('hex');
@@ -112,9 +145,13 @@ module.exports = ({ strapi }) => ({
     try {
       settings.message = await userPermissionService.template(settings.message, {
-        URL: urlJoin(getAbsoluteServerUrl(strapi.config), apiPrefix, '/auth/email-confirmation'),
-        SERVER_URL: getAbsoluteServerUrl(strapi.config),
-        ADMIN_URL: getAbsoluteAdminUrl(strapi.config),
+        URL: urlJoin(
+          strapi.config.get('server.absoluteUrl'),
+          apiPrefix,
+          '/auth/email-confirmation'
+        ),
+        SERVER_URL: strapi.config.get('server.absoluteUrl'),
+        ADMIN_URL: strapi.config.get('admin.absoluteUrl'),
         USER: sanitizedUserInfo,
         CODE: confirmationToken,
       });

package/server/services/users-permissions.js CHANGED Viewed

@@ -6,7 +6,7 @@ const urlJoin = require('url-join');
 const {
   template: { createStrictInterpolationRegExp },
   errors,
-  keysDeep,
+  objects,
 } = require('@strapi/utils');
 const { getService } = require('../utils');
@@ -45,7 +45,7 @@ module.exports = ({ strapi }) => ({
       return action[Symbol.for('__type__')].includes('content-api');
     };
-    _.forEach(strapi.api, (api, apiName) => {
+    _.forEach(strapi.apis, (api, apiName) => {
       const controllers = _.reduce(
         api.controllers,
         (acc, controller, controllerName) => {
@@ -105,7 +105,7 @@ module.exports = ({ strapi }) => ({
   async getRoutes() {
     const routesMap = {};
-    _.forEach(strapi.api, (api, apiName) => {
+    _.forEach(strapi.apis, (api, apiName) => {
       const routes = _.flatMap(api.routes, (route) => {
         if (_.has(route, 'routes')) {
           return route.routes;
@@ -151,12 +151,12 @@ module.exports = ({ strapi }) => ({
   },
   async syncPermissions() {
-    const roles = await strapi.query('plugin::users-permissions.role').findMany();
-    const dbPermissions = await strapi.query('plugin::users-permissions.permission').findMany();
+    const roles = await strapi.db.query('plugin::users-permissions.role').findMany();
+    const dbPermissions = await strapi.db.query('plugin::users-permissions.permission').findMany();
     const permissionsFoundInDB = _.uniq(_.map(dbPermissions, 'action'));
-    const appActions = _.flatMap(strapi.api, (api, apiName) => {
+    const appActions = _.flatMap(strapi.apis, (api, apiName) => {
       return _.flatMap(api.controllers, (controller, controllerName) => {
         return _.keys(controller).map((actionName) => {
           return `api::${apiName}.${controllerName}.${actionName}`;
@@ -178,7 +178,9 @@ module.exports = ({ strapi }) => ({
     await Promise.all(
       toDelete.map((action) => {
-        return strapi.query('plugin::users-permissions.permission').delete({ where: { action } });
+        return strapi.db
+          .query('plugin::users-permissions.permission')
+          .delete({ where: { action } });
       })
     );
@@ -192,7 +194,7 @@ module.exports = ({ strapi }) => ({
         await Promise.all(
           toCreate.map((action) => {
-            return strapi.query('plugin::users-permissions.permission').create({
+            return strapi.db.query('plugin::users-permissions.permission').create({
               data: {
                 action,
                 role: role.id,
@@ -205,10 +207,10 @@ module.exports = ({ strapi }) => ({
   },
   async initialize() {
-    const roleCount = await strapi.query('plugin::users-permissions.role').count();
+    const roleCount = await strapi.db.query('plugin::users-permissions.role').count();
     if (roleCount === 0) {
-      await strapi.query('plugin::users-permissions.role').create({
+      await strapi.db.query('plugin::users-permissions.role').create({
         data: {
           name: 'Authenticated',
           description: 'Default role given to authenticated user.',
@@ -216,7 +218,7 @@ module.exports = ({ strapi }) => ({
         },
       });
-      await strapi.query('plugin::users-permissions.role').create({
+      await strapi.db.query('plugin::users-permissions.role').create({
         data: {
           name: 'Public',
           description: 'Default role given to unauthenticated user.',
@@ -229,13 +231,13 @@ module.exports = ({ strapi }) => ({
   },
   async updateUserRole(user, role) {
-    return strapi
+    return strapi.db
       .query('plugin::users-permissions.user')
       .update({ where: { id: user.id }, data: { role } });
   },
   template(layout, data) {
-    const allowedTemplateVariables = keysDeep(data);
+    const allowedTemplateVariables = objects.keysDeep(data);
     // Create a strict interpolation RegExp based on possible variable names
     const interpolate = createStrictInterpolationRegExp(allowedTemplateVariables, 'g');

package/server/strategies/users-permissions.js CHANGED Viewed

@@ -1,6 +1,6 @@
 'use strict';
-const { castArray, map, every, pipe, isEmpty } = require('lodash/fp');
+const { castArray, map, every, pipe } = require('lodash/fp');
 const { ForbiddenError, UnauthorizedError } = require('@strapi/utils').errors;
 const { getService } = require('../utils');
@@ -80,13 +80,6 @@ const authenticate = async (ctx) => {
 const verify = async (auth, config) => {
   const { credentials: user, ability } = auth;
-  strapi.telemetry.send('didReceiveAPIRequest', {
-    eventProperties: {
-      authenticationMethod: auth?.strategy?.name,
-      isAuthenticated: !isEmpty(user),
-    },
-  });
   if (!config.scope) {
     if (!user) {
       // A non authenticated user cannot access routes that do not have a scope

package/server/utils/index.d.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import * as user from '../services/user';
 import * as role from '../services/role';
 import * as jwt from '../services/jwt';
 import * as providers from '../services/providers';
+import * as providersRegistry from '../services/providers-registry';
 import * as permission from '../services/permission';
 type S = {
@@ -11,7 +12,7 @@ type S = {
   user: typeof user;
   jwt: typeof jwt;
   providers: typeof providers;
-  ['providers-registry']: typeof providers;
+  ['providers-registry']: typeof providersRegistry;
   permission: typeof permission;
 };

package/server/utils/sanitize/sanitizers.js CHANGED Viewed

@@ -1,16 +1,20 @@
 'use strict';
 const { curry } = require('lodash/fp');
-const { traverseEntity, pipeAsync } = require('@strapi/utils');
+const { traverseEntity, async } = require('@strapi/utils');
 const { removeUserRelationFromRoleEntities } = require('./visitors');
 const sanitizeUserRelationFromRoleEntities = curry((schema, entity) => {
-  return traverseEntity(removeUserRelationFromRoleEntities, { schema }, entity);
+  return traverseEntity(
+    removeUserRelationFromRoleEntities,
+    { schema, getModel: strapi.getModel.bind(strapi) },
+    entity
+  );
 });
 const defaultSanitizeOutput = curry((schema, entity) => {
-  return pipeAsync(sanitizeUserRelationFromRoleEntities(schema))(entity);
+  return async.pipe(sanitizeUserRelationFromRoleEntities(schema))(entity);
 });
 module.exports = {

package/server/utils/sanitize/visitors/remove-user-relation-from-role-entities.js CHANGED Viewed

@@ -2,8 +2,8 @@
 module.exports = ({ schema, key, attribute }, { remove }) => {
   if (
-    attribute.type === 'relation' &&
-    attribute.target === 'plugin::users-permissions.user' &&
+    attribute?.type === 'relation' &&
+    attribute?.target === 'plugin::users-permissions.user' &&
     schema.uid === 'plugin::users-permissions.role'
   ) {
     remove(key);

package/.eslintrc.js DELETED Viewed

@@ -1,14 +0,0 @@
-module.exports = {
-  root: true,
-  overrides: [
-    {
-      files: ['admin/**/*'],
-      extends: ['custom/front'],
-    },
-    {
-      files: ['**/*'],
-      excludedFiles: ['admin/**/*'],
-      extends: ['custom/back'],
-    },
-  ],
-};

package/admin/src/components/FormModal/index.js DELETED Viewed

@@ -1,123 +0,0 @@
-/**
- *
- * FormModal
- *
- */
-import React from 'react';
-import { useIntl } from 'react-intl';
-import {
-  Button,
-  Flex,
-  Breadcrumbs,
-  Crumb,
-  Grid,
-  GridItem,
-  ModalLayout,
-  ModalHeader,
-  ModalFooter,
-  ModalBody,
-} from '@strapi/design-system';
-import PropTypes from 'prop-types';
-import { Formik } from 'formik';
-import { Form } from '@strapi/helper-plugin';
-import Input from './Input';
-const FormModal = ({
-  headerBreadcrumbs,
-  initialData,
-  isSubmiting,
-  layout,
-  isOpen,
-  onSubmit,
-  onToggle,
-  providerToEditName,
-}) => {
-  const { formatMessage } = useIntl();
-  if (!isOpen) {
-    return null;
-  }
-  return (
-    <ModalLayout onClose={onToggle} labelledBy="title">
-      <ModalHeader>
-        <Breadcrumbs label={headerBreadcrumbs.join(', ')}>
-          {headerBreadcrumbs.map((crumb) => (
-            <Crumb key={crumb}>{crumb}</Crumb>
-          ))}
-        </Breadcrumbs>
-      </ModalHeader>
-      <Formik
-        onSubmit={(values) => onSubmit(values)}
-        initialValues={initialData}
-        validationSchema={layout.schema}
-        validateOnChange={false}
-      >
-        {({ errors, handleChange, values }) => {
-          return (
-            <Form>
-              <ModalBody>
-                <Flex direction="column" alignItems="stretch" gap={1}>
-                  <Grid gap={5}>
-                    {layout.form.map((row) => {
-                      return row.map((input) => {
-                        return (
-                          <GridItem key={input.name} col={input.size} xs={12}>
-                            <Input
-                              {...input}
-                              error={errors[input.name]}
-                              onChange={handleChange}
-                              value={values[input.name]}
-                              providerToEditName={providerToEditName}
-                            />
-                          </GridItem>
-                        );
-                      });
-                    })}
-                  </Grid>
-                </Flex>
-              </ModalBody>
-              <ModalFooter
-                startActions={
-                  <Button variant="tertiary" onClick={onToggle} type="button">
-                    {formatMessage({
-                      id: 'app.components.Button.cancel',
-                      defaultMessage: 'Cancel',
-                    })}
-                  </Button>
-                }
-                endActions={
-                  <Button type="submit" loading={isSubmiting}>
-                    {formatMessage({ id: 'global.save', defaultMessage: 'Save' })}
-                  </Button>
-                }
-              />
-            </Form>
-          );
-        }}
-      </Formik>
-    </ModalLayout>
-  );
-};
-FormModal.defaultProps = {
-  initialData: null,
-  providerToEditName: null,
-};
-FormModal.propTypes = {
-  headerBreadcrumbs: PropTypes.arrayOf(PropTypes.string).isRequired,
-  initialData: PropTypes.object,
-  layout: PropTypes.shape({
-    form: PropTypes.arrayOf(PropTypes.array),
-    schema: PropTypes.object,
-  }).isRequired,
-  isOpen: PropTypes.bool.isRequired,
-  isSubmiting: PropTypes.bool.isRequired,
-  onSubmit: PropTypes.func.isRequired,
-  onToggle: PropTypes.func.isRequired,
-  providerToEditName: PropTypes.string,
-};
-export default FormModal;

package/admin/src/components/Permissions/index.js DELETED Viewed

@@ -1,54 +0,0 @@
-import React, { useReducer } from 'react';
-import { Accordion, AccordionToggle, AccordionContent, Box, Flex } from '@strapi/design-system';
-import { useIntl } from 'react-intl';
-import { useUsersPermissions } from '../../contexts/UsersPermissionsContext';
-import formatPluginName from '../../utils/formatPluginName';
-import PermissionRow from './PermissionRow';
-import init from './init';
-import { initialState, reducer } from './reducer';
-const Permissions = () => {
-  const { modifiedData } = useUsersPermissions();
-  const { formatMessage } = useIntl();
-  const [{ collapses }, dispatch] = useReducer(reducer, initialState, (state) =>
-    init(state, modifiedData)
-  );
-  const handleToggle = (index) =>
-    dispatch({
-      type: 'TOGGLE_COLLAPSE',
-      index,
-    });
-  return (
-    <Flex direction="column" alignItems="stretch" gap={1}>
-      {collapses.map((collapse, index) => (
-        <Accordion
-          expanded={collapse.isOpen}
-          onToggle={() => handleToggle(index)}
-          key={collapse.name}
-          variant={index % 2 === 0 ? 'secondary' : undefined}
-        >
-          <AccordionToggle
-            title={formatPluginName(collapse.name)}
-            description={formatMessage(
-              {
-                id: 'users-permissions.Plugin.permissions.plugins.description',
-                defaultMessage: 'Define all allowed actions for the {name} plugin.',
-              },
-              { name: collapse.name }
-            )}
-            variant={index % 2 ? 'primary' : 'secondary'}
-          />
-          <AccordionContent>
-            <Box>
-              <PermissionRow permissions={modifiedData[collapse.name]} name={collapse.name} />
-            </Box>
-          </AccordionContent>
-        </Accordion>
-      ))}
-    </Flex>
-  );
-};
-export default Permissions;

package/admin/src/hooks/index.js DELETED Viewed

@@ -1,5 +0,0 @@
-// eslint-disable-next-line import/prefer-default-export
-export { default as useForm } from './useForm';
-export { default as useRolesList } from './useRolesList';
-export { default as usePlugins } from './usePlugins';
-export { default as useFetchRole } from './useFetchRole';