@strapi/plugin-users-permissions 4.0.0-next.1 → 4.0.0-next.13

package/{controllers → server/controllers}/user/admin.js

@@ -11,16 +11,16 @@ const formatError = error => [
   { messages: [{ id: error.id, message: error.message, field: error.field }] },
 ];
 
-const userModel = 'plugins::users-permissions.user';
+const userModel = 'plugin::users-permissions.user';
 const ACTIONS = {
-  read: 'plugins::content-manager.explorer.read',
-  create: 'plugins::content-manager.explorer.create',
-  edit: 'plugins::content-manager.explorer.update',
-  delete: 'plugins::content-manager.explorer.delete',
+  read: 'plugin::content-manager.explorer.read',
+  create: 'plugin::content-manager.explorer.create',
+  edit: 'plugin::content-manager.explorer.update',
+  delete: 'plugin::content-manager.explorer.delete',
 };
 
 const findEntityAndCheckPermissions = async (ability, action, model, id) => {
-  const entity = await strapi.query('plugins::users-permissions.user').findOne({ where: { id } });
+  const entity = await strapi.query('plugin::users-permissions.user').findOne({ where: { id } });
 
   if (_.isNil(entity)) {
     throw strapi.errors.notFound();
@@ -29,7 +29,7 @@ const findEntityAndCheckPermissions = async (ability, action, model, id) => {
   const pm = strapi.admin.services.permission.createPermissionsManager({ ability, action, model });
 
   const roles = _.has(entity, `${CREATED_BY_ATTRIBUTE}.id`)
-    ? await strapi.query('strapi::role').findMany({
+    ? await strapi.query('admin::role').findMany({
         where: {
           users: { id: entity[CREATED_BY_ATTRIBUTE].id },
         },
@@ -51,10 +51,9 @@ module.exports = {
    * @return {Object}
    */
   async create(ctx) {
-    const {
-      request: { body },
-      state: { userAbility, admin },
-    } = ctx;
+    const { body } = ctx.request;
+    const { user: admin, userAbility } = ctx.state;
+
     const { email, username, password } = body;
 
     const pm = strapi.admin.services.permission.createPermissionsManager({
@@ -70,12 +69,7 @@ module.exports = {
     const sanitizedBody = pm.pickPermittedFieldsOf(body, { subject: userModel });
 
     const advanced = await strapi
-      .store({
-        environment: '',
-        type: 'plugin',
-        name: 'users-permissions',
-        key: 'advanced',
-      })
+      .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })
       .get();
 
     if (!email) return ctx.badRequest('missing.email');
@@ -83,7 +77,7 @@ module.exports = {
     if (!password) return ctx.badRequest('missing.password');
 
     const userWithSameUsername = await strapi
-      .query('plugins::users-permissions.user')
+      .query('plugin::users-permissions.user')
       .findOne({ where: { username } });
 
     if (userWithSameUsername) {
@@ -99,7 +93,7 @@ module.exports = {
 
     if (advanced.unique_email) {
       const userWithSameEmail = await strapi
-        .query('plugins::users-permissions.user')
+        .query('plugin::users-permissions.user')
         .findOne({ where: { email: email.toLowerCase() } });
 
       if (userWithSameEmail) {
@@ -122,18 +116,18 @@ module.exports = {
       [UPDATED_BY_ATTRIBUTE]: admin.id,
     };
 
-    user.email = user.email.toLowerCase();
+    user.email = _.toLower(user.email);
 
     if (!user.role) {
       const defaultRole = await strapi
-        .query('plugins::users-permissions.role')
+        .query('plugin::users-permissions.role')
         .findOne({ where: { type: advanced.default_role } });
 
       user.role = defaultRole.id;
     }
 
     try {
-      const data = await strapi.plugins['users-permissions'].services.user.add(user);
+      const data = await getService('user').add(user);
 
       ctx.created(pm.sanitize(data, { action: ACTIONS.read }));
     } catch (error) {
@@ -146,20 +140,14 @@ module.exports = {
    */
 
   async update(ctx) {
+    const { id } = ctx.params;
+    const { body } = ctx.request;
+    const { user: admin, userAbility } = ctx.state;
+
     const advancedConfigs = await strapi
-      .store({
-        environment: '',
-        type: 'plugin',
-        name: 'users-permissions',
-        key: 'advanced',
-      })
+      .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })
       .get();
 
-    const {
-      params: { id },
-      request: { body },
-      state: { userAbility, admin },
-    } = ctx;
     const { email, username, password } = body;
 
     const { pm, entity: user } = await findEntityAndCheckPermissions(
@@ -183,7 +171,7 @@ module.exports = {
 
     if (_.has(body, 'username')) {
       const userWithSameUsername = await strapi
-        .query('plugins::users-permissions.user')
+        .query('plugin::users-permissions.user')
         .findOne({ where: { username } });
 
       if (userWithSameUsername && userWithSameUsername.id != id) {
@@ -200,8 +188,8 @@ module.exports = {
 
     if (_.has(body, 'email') && advancedConfigs.unique_email) {
       const userWithSameEmail = await strapi
-        .query('plugins::users-permissions.user')
-        .findOne({ where: { email: email.toLowerCase() } });
+        .query('plugin::users-permissions.user')
+        .findOne({ where: { email: _.toLower(email) } });
 
       if (userWithSameEmail && userWithSameEmail.id != id) {
         return ctx.badRequest(
@@ -213,15 +201,11 @@ module.exports = {
           })
         );
       }
-      body.email = body.email.toLowerCase();
+      body.email = _.toLower(body.email);
     }
 
     const sanitizedData = pm.pickPermittedFieldsOf(body, { subject: pm.toSubject(user) });
-    const updateData = _.omit({ ...sanitizedData, updated_by: admin.id }, 'created_by');
-
-    if (_.has(body, 'password') && password === user.password) {
-      delete updateData.password;
-    }
+    const updateData = _.omit({ ...sanitizedData, updatedBy: admin.id }, 'createdBy');
 
     const data = await getService('user').edit({ id }, updateData);
 

package/{controllers → server/controllers}/user/api.js

@@ -6,7 +6,7 @@ const { getService } = require('../../utils');
 
 const sanitizeUser = user =>
   sanitizeEntity(user, {
-    model: strapi.getModel('plugins::users-permissions.user'),
+    model: strapi.getModel('plugin::users-permissions.user'),
   });
 
 const formatError = error => [
@@ -20,12 +20,7 @@ module.exports = {
    */
   async create(ctx) {
     const advanced = await strapi
-      .store({
-        environment: '',
-        type: 'plugin',
-        name: 'users-permissions',
-        key: 'advanced',
-      })
+      .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })
       .get();
 
     const { email, username, password, role } = ctx.request.body;
@@ -35,7 +30,7 @@ module.exports = {
     if (!password) return ctx.badRequest('missing.password');
 
     const userWithSameUsername = await strapi
-      .query('plugins::users-permissions.user')
+      .query('plugin::users-permissions.user')
       .findOne({ where: { username } });
 
     if (userWithSameUsername) {
@@ -51,7 +46,7 @@ module.exports = {
 
     if (advanced.unique_email) {
       const userWithSameEmail = await strapi
-        .query('plugins::users-permissions.user')
+        .query('plugin::users-permissions.user')
         .findOne({ where: { email: email.toLowerCase() } });
 
       if (userWithSameEmail) {
@@ -72,11 +67,11 @@ module.exports = {
       provider: 'local',
     };
 
-    user.email = user.email.toLowerCase();
+    user.email = _.toLower(user.email);
 
     if (!role) {
       const defaultRole = await strapi
-        .query('plugins::users-permissions.role')
+        .query('plugin::users-permissions.role')
         .findOne({ where: { type: advanced.default_role } });
 
       user.role = defaultRole.id;
@@ -90,27 +85,20 @@ module.exports = {
       ctx.badRequest(null, formatError(error));
     }
   },
+
   /**
    * Update a/an user record.
    * @return {Object}
    */
-
   async update(ctx) {
     const advancedConfigs = await strapi
-      .store({
-        environment: '',
-        type: 'plugin',
-        name: 'users-permissions',
-        key: 'advanced',
-      })
+      .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })
       .get();
 
     const { id } = ctx.params;
     const { email, username, password } = ctx.request.body;
 
-    const user = await getService('user').fetch({
-      id,
-    });
+    const user = await getService('user').fetch({ id });
 
     if (_.has(ctx.request.body, 'email') && !email) {
       return ctx.badRequest('email.notNull');
@@ -126,7 +114,7 @@ module.exports = {
 
     if (_.has(ctx.request.body, 'username')) {
       const userWithSameUsername = await strapi
-        .query('plugins::users-permissions.user')
+        .query('plugin::users-permissions.user')
         .findOne({ where: { username } });
 
       if (userWithSameUsername && userWithSameUsername.id != id) {
@@ -143,7 +131,7 @@ module.exports = {
 
     if (_.has(ctx.request.body, 'email') && advancedConfigs.unique_email) {
       const userWithSameEmail = await strapi
-        .query('plugins::users-permissions.user')
+        .query('plugin::users-permissions.user')
         .findOne({ where: { email: email.toLowerCase() } });
 
       if (userWithSameEmail && userWithSameEmail.id != id) {
@@ -163,10 +151,6 @@ module.exports = {
       ...ctx.request.body,
     };
 
-    if (_.has(ctx.request.body, 'password') && password === user.password) {
-      delete updateData.password;
-    }
-
     const data = await getService('user').edit({ id }, updateData);
 
     ctx.send(sanitizeUser(data));

package/{controllers → server/controllers}/user.js

@@ -14,7 +14,7 @@ const apiUserController = require('./user/api');
 
 const sanitizeUser = user =>
   sanitizeEntity(user, {
-    model: strapi.getModel('plugins::users-permissions.user'),
+    model: strapi.getModel('plugin::users-permissions.user'),
   });
 
 const resolveController = ctx => {
@@ -62,7 +62,6 @@ module.exports = {
       data = sanitizeUser(data);
     }
 
-    // Send 200 `ok`
     ctx.body = data;
   },
 
@@ -86,21 +85,6 @@ module.exports = {
     ctx.send(sanitizeUser(data));
   },
 
-  async destroyAll(ctx) {
-    const {
-      request: { query },
-    } = ctx;
-
-    const toRemove = Object.values(_.omit(query, 'source'));
-
-    // FIXME: delete many
-    const finalQuery = { id: toRemove };
-
-    const data = await getService('user').removeAll(finalQuery);
-
-    ctx.send(data);
-  },
-
   /**
    * Retrieve authenticated user.
    * @return {Object|Array}
@@ -109,7 +93,7 @@ module.exports = {
     const user = ctx.state.user;
 
     if (!user) {
-      return ctx.badRequest(null, [{ messages: [{ id: 'No authorization header was found' }] }]);
+      return ctx.badRequest('Unauthenticated request');
     }
 
     ctx.body = sanitizeUser(user);

package/server/index.js

@@ -0,0 +1,21 @@
+'use strict';
+
+const register = require('./register');
+const bootstrap = require('./bootstrap');
+const contentTypes = require('./content-types');
+const policies = require('./policies');
+const services = require('./services');
+const routes = require('./routes');
+const controllers = require('./controllers');
+const config = require('./config');
+
+module.exports = () => ({
+  register,
+  bootstrap,
+  config,
+  routes,
+  controllers,
+  contentTypes,
+  policies,
+  services,
+});

package/server/policies/index.js

@@ -0,0 +1,7 @@
+'use strict';
+
+const rateLimit = require('./rateLimit');
+
+module.exports = {
+  rateLimit,
+};

package/{config → server}/policies/rateLimit.js

@@ -1,12 +1,8 @@
 'use strict';
 
-const lazyRateLimit = {
-  get RateLimit() {
-    return require('koa2-ratelimit').RateLimit;
-  },
-};
-
 module.exports = async (ctx, next) => {
+  const ratelimit = require('koa2-ratelimit').RateLimit;
+
   const message = [
     {
       messages: [
@@ -18,7 +14,7 @@ module.exports = async (ctx, next) => {
     },
   ];
 
-  return lazyRateLimit.RateLimit.middleware(
+  return ratelimit.middleware(
     Object.assign(
       {},
       {
@@ -27,7 +23,7 @@ module.exports = async (ctx, next) => {
         prefixKey: `${ctx.request.path}:${ctx.request.ip}`,
         message,
       },
-      strapi.plugins['users-permissions'].config.ratelimit
+      strapi.config.get('plugin.users-permissions.ratelimit')
     )
   )(ctx, next);
 };

package/server/register.js

@@ -0,0 +1,7 @@
+'use strict';
+
+const authStrategy = require('./strategies/users-permissions');
+
+module.exports = strapi => {
+  strapi.container.get('auth').register('content-api', authStrategy);
+};

package/server/routes/admin/index.js

@@ -0,0 +1,10 @@
+'use strict';
+
+const permissionsRoutes = require('./permissions');
+const settingsRoutes = require('./settings');
+const roleRoutes = require('./role');
+
+module.exports = {
+  type: 'admin',
+  routes: [...roleRoutes, ...settingsRoutes, ...permissionsRoutes],
+};

package/server/routes/admin/permissions.js

@@ -0,0 +1,20 @@
+'use strict';
+
+module.exports = [
+  {
+    method: 'GET',
+    path: '/permissions',
+    handler: 'permissions.getPermissions',
+  },
+  {
+    method: 'GET',
+    path: '/policies',
+    handler: 'permissions.getPolicies',
+  },
+
+  {
+    method: 'GET',
+    path: '/routes',
+    handler: 'permissions.getRoutes',
+  },
+];

package/server/routes/admin/role.js

@@ -0,0 +1,79 @@
+'use strict';
+
+module.exports = [
+  {
+    method: 'GET',
+    path: '/roles/:id',
+    handler: 'role.getRole',
+    config: {
+      policies: [
+        {
+          name: 'admin::hasPermissions',
+          options: {
+            actions: ['plugin::users-permissions.roles.read'],
+          },
+        },
+      ],
+    },
+  },
+  {
+    method: 'GET',
+    path: '/roles',
+    handler: 'role.getRoles',
+    config: {
+      policies: [
+        {
+          name: 'admin::hasPermissions',
+          options: {
+            actions: ['plugin::users-permissions.roles.read'],
+          },
+        },
+      ],
+    },
+  },
+  {
+    method: 'POST',
+    path: '/roles',
+    handler: 'role.createRole',
+    config: {
+      policies: [
+        {
+          name: 'admin::hasPermissions',
+          options: {
+            actions: ['plugin::users-permissions.roles.create'],
+          },
+        },
+      ],
+    },
+  },
+  {
+    method: 'PUT',
+    path: '/roles/:role',
+    handler: 'role.updateRole',
+    config: {
+      policies: [
+        {
+          name: 'admin::hasPermissions',
+          options: {
+            actions: ['plugin::users-permissions.roles.update'],
+          },
+        },
+      ],
+    },
+  },
+  {
+    method: 'DELETE',
+    path: '/roles/:role',
+    handler: 'role.deleteRole',
+    config: {
+      policies: [
+        {
+          name: 'admin::hasPermissions',
+          options: {
+            actions: ['plugin::users-permissions.roles.delete'],
+          },
+        },
+      ],
+    },
+  },
+];

package/server/routes/admin/settings.js

@@ -0,0 +1,95 @@
+'use strict';
+
+module.exports = [
+  {
+    method: 'GET',
+    path: '/email-templates',
+    handler: 'settings.getEmailTemplate',
+    config: {
+      policies: [
+        {
+          name: 'admin::hasPermissions',
+          options: {
+            actions: ['plugin::users-permissions.email-templates.read'],
+          },
+        },
+      ],
+    },
+  },
+  {
+    method: 'PUT',
+    path: '/email-templates',
+    handler: 'settings.updateEmailTemplate',
+    config: {
+      policies: [
+        {
+          name: 'admin::hasPermissions',
+          options: {
+            actions: ['plugin::users-permissions.email-templates.update'],
+          },
+        },
+      ],
+    },
+  },
+  {
+    method: 'GET',
+    path: '/advanced',
+    handler: 'settings.getAdvancedSettings',
+    config: {
+      policies: [
+        {
+          name: 'admin::hasPermissions',
+          options: {
+            actions: ['plugin::users-permissions.advanced-settings.read'],
+          },
+        },
+      ],
+    },
+  },
+  {
+    method: 'PUT',
+    path: '/advanced',
+    handler: 'settings.updateAdvancedSettings',
+    config: {
+      policies: [
+        {
+          name: 'admin::hasPermissions',
+          options: {
+            actions: ['plugin::users-permissions.advanced-settings.update'],
+          },
+        },
+      ],
+    },
+  },
+  {
+    method: 'GET',
+    path: '/providers',
+    handler: 'settings.getProviders',
+    config: {
+      policies: [
+        {
+          name: 'admin::hasPermissions',
+          options: {
+            actions: ['plugin::users-permissions.providers.read'],
+          },
+        },
+      ],
+    },
+  },
+
+  {
+    method: 'PUT',
+    path: '/providers',
+    handler: 'settings.updateProviders',
+    config: {
+      policies: [
+        {
+          name: 'admin::hasPermissions',
+          options: {
+            actions: ['plugin::users-permissions.providers.update'],
+          },
+        },
+      ],
+    },
+  },
+];

package/server/routes/content-api/auth.js

@@ -0,0 +1,73 @@
+'use strict';
+
+module.exports = [
+  {
+    method: 'GET',
+    path: '/connect/(.*)',
+    handler: 'auth.connect',
+    config: {
+      policies: ['plugin::users-permissions.rateLimit'],
+      prefix: '',
+    },
+  },
+  {
+    method: 'POST',
+    path: '/auth/local',
+    handler: 'auth.callback',
+    config: {
+      policies: ['plugin::users-permissions.rateLimit'],
+      prefix: '',
+    },
+  },
+  {
+    method: 'POST',
+    path: '/auth/local/register',
+    handler: 'auth.register',
+    config: {
+      policies: ['plugin::users-permissions.rateLimit'],
+      prefix: '',
+    },
+  },
+  {
+    method: 'GET',
+    path: '/auth/:provider/callback',
+    handler: 'auth.callback',
+    config: {
+      prefix: '',
+    },
+  },
+  {
+    method: 'POST',
+    path: '/auth/forgot-password',
+    handler: 'auth.forgotPassword',
+    config: {
+      policies: ['plugin::users-permissions.rateLimit'],
+      prefix: '',
+    },
+  },
+  {
+    method: 'POST',
+    path: '/auth/reset-password',
+    handler: 'auth.resetPassword',
+    config: {
+      policies: ['plugin::users-permissions.rateLimit'],
+      prefix: '',
+    },
+  },
+  {
+    method: 'GET',
+    path: '/auth/email-confirmation',
+    handler: 'auth.emailConfirmation',
+    config: {
+      prefix: '',
+    },
+  },
+  {
+    method: 'POST',
+    path: '/auth/send-email-confirmation',
+    handler: 'auth.sendEmailConfirmation',
+    config: {
+      prefix: '',
+    },
+  },
+];

package/server/routes/content-api/index.js

@@ -0,0 +1,11 @@
+'use strict';
+
+const authRoutes = require('./auth');
+const userRoutes = require('./user');
+const roleRoutes = require('./role');
+const permissionsRoutes = require('./permissions');
+
+module.exports = {
+  type: 'content-api',
+  routes: [...authRoutes, ...userRoutes, ...roleRoutes, ...permissionsRoutes],
+};