@strapi/plugin-users-permissions 4.0.0-next.9 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (177) hide show
  1. package/admin/src/components/BoundRoute/getMethodColor.js +41 -0
  2. package/admin/src/components/BoundRoute/index.js +40 -24
  3. package/admin/src/components/FormModal/Input/index.js +121 -0
  4. package/admin/src/components/FormModal/index.js +123 -0
  5. package/admin/src/components/Permissions/PermissionRow/CheckboxWrapper.js +19 -26
  6. package/admin/src/components/Permissions/PermissionRow/SubCategory.js +118 -0
  7. package/admin/src/components/Permissions/PermissionRow/index.js +9 -48
  8. package/admin/src/components/Permissions/index.js +36 -24
  9. package/admin/src/components/Permissions/init.js +1 -6
  10. package/admin/src/components/Policies/index.js +46 -47
  11. package/admin/src/components/UsersPermissions/index.js +29 -26
  12. package/admin/src/components/UsersPermissions/init.js +1 -2
  13. package/admin/src/hooks/useFetchRole/index.js +17 -7
  14. package/admin/src/hooks/useForm/index.js +3 -29
  15. package/admin/src/hooks/useForm/reducer.js +2 -21
  16. package/admin/src/hooks/usePlugins/index.js +12 -21
  17. package/admin/src/hooks/usePlugins/reducer.js +0 -3
  18. package/admin/src/index.js +0 -8
  19. package/admin/src/pages/AdvancedSettings/index.js +203 -193
  20. package/admin/src/pages/AdvancedSettings/utils/api.js +13 -0
  21. package/admin/src/pages/AdvancedSettings/utils/layout.js +96 -0
  22. package/admin/src/pages/AdvancedSettings/utils/schema.js +22 -0
  23. package/admin/src/pages/EmailTemplates/components/EmailForm.js +173 -0
  24. package/admin/src/pages/EmailTemplates/components/EmailTable.js +116 -0
  25. package/admin/src/pages/EmailTemplates/index.js +117 -197
  26. package/admin/src/pages/EmailTemplates/utils/api.js +13 -0
  27. package/admin/src/pages/Providers/index.js +206 -221
  28. package/admin/src/pages/Providers/utils/api.js +21 -0
  29. package/admin/src/pages/Providers/utils/forms.js +168 -126
  30. package/admin/src/pages/Roles/CreatePage/index.js +155 -147
  31. package/admin/src/pages/Roles/EditPage/index.js +162 -134
  32. package/admin/src/pages/Roles/ListPage/components/TableBody.js +96 -0
  33. package/admin/src/pages/Roles/ListPage/index.js +176 -156
  34. package/admin/src/pages/Roles/ListPage/utils/api.js +28 -0
  35. package/admin/src/translations/ar.json +0 -8
  36. package/admin/src/translations/cs.json +0 -8
  37. package/admin/src/translations/de.json +0 -8
  38. package/admin/src/translations/dk.json +0 -8
  39. package/admin/src/translations/en.json +33 -12
  40. package/admin/src/translations/es.json +0 -8
  41. package/admin/src/translations/fr.json +0 -8
  42. package/admin/src/translations/id.json +0 -8
  43. package/admin/src/translations/it.json +0 -8
  44. package/admin/src/translations/ja.json +0 -8
  45. package/admin/src/translations/ko.json +0 -8
  46. package/admin/src/translations/ms.json +0 -8
  47. package/admin/src/translations/nl.json +0 -8
  48. package/admin/src/translations/pl.json +0 -8
  49. package/admin/src/translations/pt-BR.json +0 -8
  50. package/admin/src/translations/pt.json +0 -8
  51. package/admin/src/translations/ru.json +0 -8
  52. package/admin/src/translations/sk.json +0 -8
  53. package/admin/src/translations/sv.json +0 -8
  54. package/admin/src/translations/th.json +0 -8
  55. package/admin/src/translations/tr.json +0 -8
  56. package/admin/src/translations/uk.json +0 -8
  57. package/admin/src/translations/vi.json +0 -8
  58. package/admin/src/translations/zh-Hans.json +5 -14
  59. package/admin/src/translations/zh.json +0 -8
  60. package/admin/src/utils/axiosInstance.js +36 -0
  61. package/admin/src/utils/formatPluginName.js +26 -0
  62. package/admin/src/utils/index.js +1 -0
  63. package/documentation/1.0.0/overrides/users-permissions-Role.json +6 -6
  64. package/documentation/1.0.0/overrides/users-permissions-User.json +7 -7
  65. package/package.json +30 -31
  66. package/server/bootstrap/index.js +19 -21
  67. package/server/config.js +3 -3
  68. package/server/content-types/index.js +3 -3
  69. package/server/content-types/permission/index.js +30 -3
  70. package/server/content-types/role/index.js +47 -3
  71. package/server/content-types/user/index.js +65 -4
  72. package/server/controllers/auth.js +81 -244
  73. package/server/controllers/content-manager-user.js +183 -0
  74. package/server/controllers/index.js +12 -6
  75. package/server/controllers/permissions.js +26 -0
  76. package/server/controllers/role.js +77 -0
  77. package/server/controllers/settings.js +85 -0
  78. package/server/controllers/user.js +118 -44
  79. package/server/controllers/validation/auth.js +29 -0
  80. package/server/controllers/validation/user.js +38 -0
  81. package/server/graphql/index.js +44 -0
  82. package/server/graphql/mutations/auth/email-confirmation.js +39 -0
  83. package/server/graphql/mutations/auth/forgot-password.js +38 -0
  84. package/server/graphql/mutations/auth/login.js +38 -0
  85. package/server/graphql/mutations/auth/register.js +39 -0
  86. package/server/graphql/mutations/auth/reset-password.js +41 -0
  87. package/server/graphql/mutations/crud/role/create-role.js +37 -0
  88. package/server/graphql/mutations/crud/role/delete-role.js +28 -0
  89. package/server/graphql/mutations/crud/role/update-role.js +38 -0
  90. package/server/graphql/mutations/crud/user/create-user.js +48 -0
  91. package/server/graphql/mutations/crud/user/delete-user.js +42 -0
  92. package/server/graphql/mutations/crud/user/update-user.js +49 -0
  93. package/server/graphql/mutations/index.js +42 -0
  94. package/server/graphql/queries/index.js +13 -0
  95. package/server/graphql/queries/me.js +17 -0
  96. package/server/graphql/resolvers-configs.js +37 -0
  97. package/server/graphql/types/create-role-payload.js +11 -0
  98. package/server/graphql/types/delete-role-payload.js +11 -0
  99. package/server/graphql/types/index.js +21 -0
  100. package/server/graphql/types/login-input.js +13 -0
  101. package/server/graphql/types/login-payload.js +12 -0
  102. package/server/graphql/types/me-role.js +14 -0
  103. package/server/graphql/types/me.js +16 -0
  104. package/server/graphql/types/password-payload.js +11 -0
  105. package/server/graphql/types/register-input.js +13 -0
  106. package/server/graphql/types/update-role-payload.js +11 -0
  107. package/server/graphql/utils.js +27 -0
  108. package/server/index.js +21 -0
  109. package/server/middlewares/index.js +2 -2
  110. package/server/{policies → middlewares}/rateLimit.js +3 -7
  111. package/server/register.js +11 -0
  112. package/server/routes/admin/index.js +10 -0
  113. package/server/routes/admin/permissions.js +20 -0
  114. package/server/routes/admin/role.js +79 -0
  115. package/server/routes/admin/settings.js +95 -0
  116. package/server/routes/content-api/auth.js +73 -0
  117. package/server/routes/content-api/index.js +11 -0
  118. package/server/routes/content-api/permissions.js +9 -0
  119. package/server/routes/content-api/role.js +29 -0
  120. package/server/routes/content-api/user.js +61 -0
  121. package/server/routes/index.js +4 -428
  122. package/server/services/index.js +10 -8
  123. package/server/services/jwt.js +9 -17
  124. package/server/services/providers.js +32 -33
  125. package/server/services/role.js +177 -0
  126. package/server/services/user.js +9 -15
  127. package/server/services/users-permissions.js +140 -338
  128. package/server/strategies/users-permissions.js +123 -0
  129. package/server/utils/index.d.ts +2 -0
  130. package/strapi-admin.js +3 -0
  131. package/strapi-server.js +1 -19
  132. package/admin/src/assets/images/logo.svg +0 -1
  133. package/admin/src/components/BaselineAlignement/index.js +0 -33
  134. package/admin/src/components/Bloc/index.js +0 -10
  135. package/admin/src/components/BoundRoute/Components.js +0 -78
  136. package/admin/src/components/ContainerFluid/index.js +0 -13
  137. package/admin/src/components/FormBloc/index.js +0 -61
  138. package/admin/src/components/IntlInput/index.js +0 -38
  139. package/admin/src/components/ListBaselineAlignment/index.js +0 -8
  140. package/admin/src/components/ListRow/Components.js +0 -74
  141. package/admin/src/components/ListRow/index.js +0 -35
  142. package/admin/src/components/ModalForm/Wrapper.js +0 -12
  143. package/admin/src/components/ModalForm/index.js +0 -59
  144. package/admin/src/components/Permissions/ListWrapper.js +0 -9
  145. package/admin/src/components/Permissions/PermissionRow/BaselineAlignment.js +0 -7
  146. package/admin/src/components/Permissions/PermissionRow/RowStyle.js +0 -28
  147. package/admin/src/components/Permissions/PermissionRow/SubCategory/ConditionsButtonWrapper.js +0 -13
  148. package/admin/src/components/Permissions/PermissionRow/SubCategory/PolicyWrapper.js +0 -8
  149. package/admin/src/components/Permissions/PermissionRow/SubCategory/SubCategoryWrapper.js +0 -26
  150. package/admin/src/components/Permissions/PermissionRow/SubCategory/index.js +0 -116
  151. package/admin/src/components/Policies/Components.js +0 -26
  152. package/admin/src/components/PrefixedIcon/index.js +0 -27
  153. package/admin/src/components/Roles/EmptyRole/BaselineAlignment.js +0 -7
  154. package/admin/src/components/Roles/EmptyRole/index.js +0 -27
  155. package/admin/src/components/Roles/RoleListWrapper/index.js +0 -17
  156. package/admin/src/components/Roles/RoleRow/RoleDescription.js +0 -9
  157. package/admin/src/components/Roles/RoleRow/index.js +0 -45
  158. package/admin/src/components/Roles/index.js +0 -3
  159. package/admin/src/components/SizedInput/index.js +0 -24
  160. package/admin/src/pages/AdvancedSettings/reducer.js +0 -65
  161. package/admin/src/pages/AdvancedSettings/utils/form.js +0 -52
  162. package/admin/src/pages/EmailTemplates/CustomTextInput.js +0 -105
  163. package/admin/src/pages/EmailTemplates/Wrapper.js +0 -36
  164. package/admin/src/pages/EmailTemplates/reducer.js +0 -58
  165. package/admin/src/pages/EmailTemplates/utils/forms.js +0 -81
  166. package/admin/src/pages/Roles/ListPage/BaselineAlignment.js +0 -8
  167. package/server/content-types/permission/schema.json +0 -48
  168. package/server/content-types/role/schema.json +0 -46
  169. package/server/content-types/user/schema.json +0 -66
  170. package/server/controllers/user/admin.js +0 -230
  171. package/server/controllers/user/api.js +0 -174
  172. package/server/controllers/users-permissions.js +0 -271
  173. package/server/middlewares/users-permissions.js +0 -44
  174. package/server/policies/index.js +0 -11
  175. package/server/policies/isAuthenticated.js +0 -9
  176. package/server/policies/permissions.js +0 -94
  177. package/server/schema.graphql.js +0 -317
package/server/services/role.js ADDED
@@ -0,0 +1,177 @@
1
+ 'use strict';
2
+
3
+ const _ = require('lodash');
4
+ const { NotFoundError } = require('@strapi/utils').errors;
5
+ const { getService } = require('../utils');
6
+
7
+ module.exports = ({ strapi }) => ({
8
+ async createRole(params) {
9
+ if (!params.type) {
10
+ params.type = _.snakeCase(_.deburr(_.toLower(params.name)));
11
+ }
12
+
13
+ const role = await strapi
14
+ .query('plugin::users-permissions.role')
15
+ .create({ data: _.omit(params, ['users', 'permissions']) });
16
+
17
+ const createPromises = _.flatMap(params.permissions, (type, typeName) => {
18
+ return _.flatMap(type.controllers, (controller, controllerName) => {
19
+ return _.reduce(
20
+ controller,
21
+ (acc, action, actionName) => {
22
+ const { enabled /* policy */ } = action;
23
+
24
+ if (enabled) {
25
+ const actionID = `${typeName}.${controllerName}.${actionName}`;
26
+
27
+ acc.push(
28
+ strapi
29
+ .query('plugin::users-permissions.permission')
30
+ .create({ data: { action: actionID, role: role.id } })
31
+ );
32
+ }
33
+
34
+ return acc;
35
+ },
36
+ []
37
+ );
38
+ });
39
+ });
40
+
41
+ await Promise.all(createPromises);
42
+ },
43
+
44
+ async getRole(roleID) {
45
+ const role = await strapi
46
+ .query('plugin::users-permissions.role')
47
+ .findOne({ where: { id: roleID }, populate: ['permissions'] });
48
+
49
+ if (!role) {
50
+ throw new NotFoundError('Role not found');
51
+ }
52
+
53
+ const allActions = getService('users-permissions').getActions();
54
+
55
+ // Group by `type`.
56
+ role.permissions.forEach(permission => {
57
+ const [type, controller, action] = permission.action.split('.');
58
+
59
+ _.set(allActions, `${type}.controllers.${controller}.${action}`, {
60
+ enabled: true,
61
+ policy: '',
62
+ });
63
+ });
64
+
65
+ return {
66
+ ...role,
67
+ permissions: allActions,
68
+ };
69
+ },
70
+
71
+ async getRoles() {
72
+ const roles = await strapi.query('plugin::users-permissions.role').findMany({ sort: ['name'] });
73
+
74
+ for (const role of roles) {
75
+ role.nb_users = await strapi
76
+ .query('plugin::users-permissions.user')
77
+ .count({ where: { role: { id: role.id } } });
78
+ }
79
+
80
+ return roles;
81
+ },
82
+
83
+ async updateRole(roleID, data) {
84
+ const role = await strapi
85
+ .query('plugin::users-permissions.role')
86
+ .findOne({ where: { id: roleID }, populate: ['permissions'] });
87
+
88
+ if (!role) {
89
+ throw new NotFoundError('Role not found');
90
+ }
91
+
92
+ await strapi.query('plugin::users-permissions.role').update({
93
+ where: { id: roleID },
94
+ data: _.pick(data, ['name', 'description']),
95
+ });
96
+
97
+ const { permissions } = data;
98
+
99
+ const newActions = _.flatMap(permissions, (type, typeName) => {
100
+ return _.flatMap(type.controllers, (controller, controllerName) => {
101
+ return _.reduce(
102
+ controller,
103
+ (acc, action, actionName) => {
104
+ const { enabled /* policy */ } = action;
105
+
106
+ if (enabled) {
107
+ acc.push(`${typeName}.${controllerName}.${actionName}`);
108
+ }
109
+
110
+ return acc;
111
+ },
112
+ []
113
+ );
114
+ });
115
+ });
116
+
117
+ const oldActions = role.permissions.map(({ action }) => action);
118
+
119
+ const toDelete = role.permissions.reduce((acc, permission) => {
120
+ if (!newActions.includes(permission.action)) {
121
+ acc.push(permission);
122
+ }
123
+ return acc;
124
+ }, []);
125
+
126
+ const toCreate = newActions
127
+ .filter(action => !oldActions.includes(action))
128
+ .map(action => ({ action, role: role.id }));
129
+
130
+ await Promise.all(
131
+ toDelete.map(permission =>
132
+ strapi
133
+ .query('plugin::users-permissions.permission')
134
+ .delete({ where: { id: permission.id } })
135
+ )
136
+ );
137
+
138
+ await Promise.all(
139
+ toCreate.map(permissionInfo =>
140
+ strapi.query('plugin::users-permissions.permission').create({ data: permissionInfo })
141
+ )
142
+ );
143
+ },
144
+
145
+ async deleteRole(roleID, publicRoleID) {
146
+ const role = await strapi
147
+ .query('plugin::users-permissions.role')
148
+ .findOne({ where: { id: roleID }, populate: ['users', 'permissions'] });
149
+
150
+ if (!role) {
151
+ throw new NotFoundError('Role not found');
152
+ }
153
+
154
+ // Move users to guest role.
155
+ await Promise.all(
156
+ role.users.map(user => {
157
+ return strapi.query('plugin::users-permissions.user').update({
158
+ where: { id: user.id },
159
+ data: { role: publicRoleID },
160
+ });
161
+ })
162
+ );
163
+
164
+ // Remove permissions related to this role.
165
+ // TODO: use delete many
166
+ await Promise.all(
167
+ role.permissions.map(permission => {
168
+ return strapi.query('plugin::users-permissions.permission').delete({
169
+ where: { id: permission.id },
170
+ });
171
+ })
172
+ );
173
+
174
+ // Delete the role.
175
+ await strapi.query('plugin::users-permissions.role').delete({ where: { id: roleID } });
176
+ },
177
+ });
package/server/services/user.js CHANGED
@@ -9,7 +9,7 @@
9
9
  const crypto = require('crypto');
10
10
  const bcrypt = require('bcryptjs');
11
11
 
12
- const { sanitizeEntity, getAbsoluteServerUrl } = require('@strapi/utils');
12
+ const { getAbsoluteServerUrl, sanitize } = require('@strapi/utils');
13
13
  const { getService } = require('../utils');
14
14
 
15
15
  module.exports = ({ strapi }) => ({
@@ -114,29 +114,21 @@ module.exports = ({ strapi }) => ({
114
114
  return strapi.query('plugin::users-permissions.user').delete({ where: params });
115
115
  },
116
116
 
117
- async removeAll(params) {
118
- return strapi.query('plugin::users-permissions.user').delete({ where: params });
119
- },
120
-
121
117
  validatePassword(password, hash) {
122
118
  return bcrypt.compare(password, hash);
123
119
  },
124
120
 
125
121
  async sendConfirmationEmail(user) {
126
122
  const userPermissionService = getService('users-permissions');
127
- const pluginStore = await strapi.store({
128
- environment: '',
129
- type: 'plugin',
130
- name: 'users-permissions',
131
- });
123
+ const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });
124
+ const userSchema = strapi.getModel('plugin::users-permissions.user');
132
125
 
133
126
  const settings = await pluginStore
134
127
  .get({ key: 'email' })
135
128
  .then(storeEmail => storeEmail['email_confirmation'].options);
136
129
 
137
- const userInfo = sanitizeEntity(user, {
138
- model: strapi.getModel('plugin::users-permissions.user'),
139
- });
130
+ // Sanitize the template's user information
131
+ const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput(userSchema, user);
140
132
 
141
133
  const confirmationToken = crypto.randomBytes(20).toString('hex');
142
134
 
@@ -144,11 +136,13 @@ module.exports = ({ strapi }) => ({
144
136
 
145
137
  settings.message = await userPermissionService.template(settings.message, {
146
138
  URL: `${getAbsoluteServerUrl(strapi.config)}/auth/email-confirmation`,
147
- USER: userInfo,
139
+ USER: sanitizedUserInfo,
148
140
  CODE: confirmationToken,
149
141
  });
150
142
 
151
- settings.object = await userPermissionService.template(settings.object, { USER: userInfo });
143
+ settings.object = await userPermissionService.template(settings.object, {
144
+ USER: sanitizedUserInfo,
145
+ });
152
146
 
153
147
  // Send an email to the user.
154
148
  await strapi