npm - @strapi/plugin-users-permissions - Versions diffs - 4.0.0-next.9 → 4.0.0 - Mend

@strapi/plugin-users-permissions 4.0.0-next.9 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (177) hide show

package/admin/src/components/BoundRoute/getMethodColor.js +41 -0
package/admin/src/components/BoundRoute/index.js +40 -24
package/admin/src/components/FormModal/Input/index.js +121 -0
package/admin/src/components/FormModal/index.js +123 -0
package/admin/src/components/Permissions/PermissionRow/CheckboxWrapper.js +19 -26
package/admin/src/components/Permissions/PermissionRow/SubCategory.js +118 -0
package/admin/src/components/Permissions/PermissionRow/index.js +9 -48
package/admin/src/components/Permissions/index.js +36 -24
package/admin/src/components/Permissions/init.js +1 -6
package/admin/src/components/Policies/index.js +46 -47
package/admin/src/components/UsersPermissions/index.js +29 -26
package/admin/src/components/UsersPermissions/init.js +1 -2
package/admin/src/hooks/useFetchRole/index.js +17 -7
package/admin/src/hooks/useForm/index.js +3 -29
package/admin/src/hooks/useForm/reducer.js +2 -21
package/admin/src/hooks/usePlugins/index.js +12 -21
package/admin/src/hooks/usePlugins/reducer.js +0 -3
package/admin/src/index.js +0 -8
package/admin/src/pages/AdvancedSettings/index.js +203 -193
package/admin/src/pages/AdvancedSettings/utils/api.js +13 -0
package/admin/src/pages/AdvancedSettings/utils/layout.js +96 -0
package/admin/src/pages/AdvancedSettings/utils/schema.js +22 -0
package/admin/src/pages/EmailTemplates/components/EmailForm.js +173 -0
package/admin/src/pages/EmailTemplates/components/EmailTable.js +116 -0
package/admin/src/pages/EmailTemplates/index.js +117 -197
package/admin/src/pages/EmailTemplates/utils/api.js +13 -0
package/admin/src/pages/Providers/index.js +206 -221
package/admin/src/pages/Providers/utils/api.js +21 -0
package/admin/src/pages/Providers/utils/forms.js +168 -126
package/admin/src/pages/Roles/CreatePage/index.js +155 -147
package/admin/src/pages/Roles/EditPage/index.js +162 -134
package/admin/src/pages/Roles/ListPage/components/TableBody.js +96 -0
package/admin/src/pages/Roles/ListPage/index.js +176 -156
package/admin/src/pages/Roles/ListPage/utils/api.js +28 -0
package/admin/src/translations/ar.json +0 -8
package/admin/src/translations/cs.json +0 -8
package/admin/src/translations/de.json +0 -8
package/admin/src/translations/dk.json +0 -8
package/admin/src/translations/en.json +33 -12
package/admin/src/translations/es.json +0 -8
package/admin/src/translations/fr.json +0 -8
package/admin/src/translations/id.json +0 -8
package/admin/src/translations/it.json +0 -8
package/admin/src/translations/ja.json +0 -8
package/admin/src/translations/ko.json +0 -8
package/admin/src/translations/ms.json +0 -8
package/admin/src/translations/nl.json +0 -8
package/admin/src/translations/pl.json +0 -8
package/admin/src/translations/pt-BR.json +0 -8
package/admin/src/translations/pt.json +0 -8
package/admin/src/translations/ru.json +0 -8
package/admin/src/translations/sk.json +0 -8
package/admin/src/translations/sv.json +0 -8
package/admin/src/translations/th.json +0 -8
package/admin/src/translations/tr.json +0 -8
package/admin/src/translations/uk.json +0 -8
package/admin/src/translations/vi.json +0 -8
package/admin/src/translations/zh-Hans.json +5 -14
package/admin/src/translations/zh.json +0 -8
package/admin/src/utils/axiosInstance.js +36 -0
package/admin/src/utils/formatPluginName.js +26 -0
package/admin/src/utils/index.js +1 -0
package/documentation/1.0.0/overrides/users-permissions-Role.json +6 -6
package/documentation/1.0.0/overrides/users-permissions-User.json +7 -7
package/package.json +30 -31
package/server/bootstrap/index.js +19 -21
package/server/config.js +3 -3
package/server/content-types/index.js +3 -3
package/server/content-types/permission/index.js +30 -3
package/server/content-types/role/index.js +47 -3
package/server/content-types/user/index.js +65 -4
package/server/controllers/auth.js +81 -244
package/server/controllers/content-manager-user.js +183 -0
package/server/controllers/index.js +12 -6
package/server/controllers/permissions.js +26 -0
package/server/controllers/role.js +77 -0
package/server/controllers/settings.js +85 -0
package/server/controllers/user.js +118 -44
package/server/controllers/validation/auth.js +29 -0
package/server/controllers/validation/user.js +38 -0
package/server/graphql/index.js +44 -0
package/server/graphql/mutations/auth/email-confirmation.js +39 -0
package/server/graphql/mutations/auth/forgot-password.js +38 -0
package/server/graphql/mutations/auth/login.js +38 -0
package/server/graphql/mutations/auth/register.js +39 -0
package/server/graphql/mutations/auth/reset-password.js +41 -0
package/server/graphql/mutations/crud/role/create-role.js +37 -0
package/server/graphql/mutations/crud/role/delete-role.js +28 -0
package/server/graphql/mutations/crud/role/update-role.js +38 -0
package/server/graphql/mutations/crud/user/create-user.js +48 -0
package/server/graphql/mutations/crud/user/delete-user.js +42 -0
package/server/graphql/mutations/crud/user/update-user.js +49 -0
package/server/graphql/mutations/index.js +42 -0
package/server/graphql/queries/index.js +13 -0
package/server/graphql/queries/me.js +17 -0
package/server/graphql/resolvers-configs.js +37 -0
package/server/graphql/types/create-role-payload.js +11 -0
package/server/graphql/types/delete-role-payload.js +11 -0
package/server/graphql/types/index.js +21 -0
package/server/graphql/types/login-input.js +13 -0
package/server/graphql/types/login-payload.js +12 -0
package/server/graphql/types/me-role.js +14 -0
package/server/graphql/types/me.js +16 -0
package/server/graphql/types/password-payload.js +11 -0
package/server/graphql/types/register-input.js +13 -0
package/server/graphql/types/update-role-payload.js +11 -0
package/server/graphql/utils.js +27 -0
package/server/index.js +21 -0
package/server/middlewares/index.js +2 -2
package/server/{policies → middlewares}/rateLimit.js +3 -7
package/server/register.js +11 -0
package/server/routes/admin/index.js +10 -0
package/server/routes/admin/permissions.js +20 -0
package/server/routes/admin/role.js +79 -0
package/server/routes/admin/settings.js +95 -0
package/server/routes/content-api/auth.js +73 -0
package/server/routes/content-api/index.js +11 -0
package/server/routes/content-api/permissions.js +9 -0
package/server/routes/content-api/role.js +29 -0
package/server/routes/content-api/user.js +61 -0
package/server/routes/index.js +4 -428
package/server/services/index.js +10 -8
package/server/services/jwt.js +9 -17
package/server/services/providers.js +32 -33
package/server/services/role.js +177 -0
package/server/services/user.js +9 -15
package/server/services/users-permissions.js +140 -338
package/server/strategies/users-permissions.js +123 -0
package/server/utils/index.d.ts +2 -0
package/strapi-admin.js +3 -0
package/strapi-server.js +1 -19
package/admin/src/assets/images/logo.svg +0 -1
package/admin/src/components/BaselineAlignement/index.js +0 -33
package/admin/src/components/Bloc/index.js +0 -10
package/admin/src/components/BoundRoute/Components.js +0 -78
package/admin/src/components/ContainerFluid/index.js +0 -13
package/admin/src/components/FormBloc/index.js +0 -61
package/admin/src/components/IntlInput/index.js +0 -38
package/admin/src/components/ListBaselineAlignment/index.js +0 -8
package/admin/src/components/ListRow/Components.js +0 -74
package/admin/src/components/ListRow/index.js +0 -35
package/admin/src/components/ModalForm/Wrapper.js +0 -12
package/admin/src/components/ModalForm/index.js +0 -59
package/admin/src/components/Permissions/ListWrapper.js +0 -9
package/admin/src/components/Permissions/PermissionRow/BaselineAlignment.js +0 -7
package/admin/src/components/Permissions/PermissionRow/RowStyle.js +0 -28
package/admin/src/components/Permissions/PermissionRow/SubCategory/ConditionsButtonWrapper.js +0 -13
package/admin/src/components/Permissions/PermissionRow/SubCategory/PolicyWrapper.js +0 -8
package/admin/src/components/Permissions/PermissionRow/SubCategory/SubCategoryWrapper.js +0 -26
package/admin/src/components/Permissions/PermissionRow/SubCategory/index.js +0 -116
package/admin/src/components/Policies/Components.js +0 -26
package/admin/src/components/PrefixedIcon/index.js +0 -27
package/admin/src/components/Roles/EmptyRole/BaselineAlignment.js +0 -7
package/admin/src/components/Roles/EmptyRole/index.js +0 -27
package/admin/src/components/Roles/RoleListWrapper/index.js +0 -17
package/admin/src/components/Roles/RoleRow/RoleDescription.js +0 -9
package/admin/src/components/Roles/RoleRow/index.js +0 -45
package/admin/src/components/Roles/index.js +0 -3
package/admin/src/components/SizedInput/index.js +0 -24
package/admin/src/pages/AdvancedSettings/reducer.js +0 -65
package/admin/src/pages/AdvancedSettings/utils/form.js +0 -52
package/admin/src/pages/EmailTemplates/CustomTextInput.js +0 -105
package/admin/src/pages/EmailTemplates/Wrapper.js +0 -36
package/admin/src/pages/EmailTemplates/reducer.js +0 -58
package/admin/src/pages/EmailTemplates/utils/forms.js +0 -81
package/admin/src/pages/Roles/ListPage/BaselineAlignment.js +0 -8
package/server/content-types/permission/schema.json +0 -48
package/server/content-types/role/schema.json +0 -46
package/server/content-types/user/schema.json +0 -66
package/server/controllers/user/admin.js +0 -230
package/server/controllers/user/api.js +0 -174
package/server/controllers/users-permissions.js +0 -271
package/server/middlewares/users-permissions.js +0 -44
package/server/policies/index.js +0 -11
package/server/policies/isAuthenticated.js +0 -9
package/server/policies/permissions.js +0 -94
package/server/schema.graphql.js +0 -317

package/server/services/users-permissions.js CHANGED Viewed

@@ -1,346 +1,198 @@
 'use strict';
 const _ = require('lodash');
-const request = require('request');
+const { filter, map, pipe, prop } = require('lodash/fp');
 const { getService } = require('../utils');
 const DEFAULT_PERMISSIONS = [
-  { action: 'admincallback', controller: 'auth', type: 'users-permissions', roleType: 'public' },
-  { action: 'adminregister', controller: 'auth', type: 'users-permissions', roleType: 'public' },
-  { action: 'callback', controller: 'auth', type: 'users-permissions', roleType: 'public' },
-  { action: 'connect', controller: 'auth', type: 'users-permissions', roleType: null },
-  { action: 'forgotpassword', controller: 'auth', type: 'users-permissions', roleType: 'public' },
-  { action: 'resetpassword', controller: 'auth', type: 'users-permissions', roleType: 'public' },
-  { action: 'register', controller: 'auth', type: 'users-permissions', roleType: 'public' },
-  {
-    action: 'emailconfirmation',
-    controller: 'auth',
-    type: 'users-permissions',
-    roleType: 'public',
-  },
-  { action: 'me', controller: 'user', type: 'users-permissions', roleType: null },
+  { action: 'plugin::users-permissions.auth.admincallback', roleType: 'public' },
+  { action: 'plugin::users-permissions.auth.adminregister', roleType: 'public' },
+  { action: 'plugin::users-permissions.auth.callback', roleType: 'public' },
+  { action: 'plugin::users-permissions.auth.connect', roleType: null },
+  { action: 'plugin::users-permissions.auth.forgotpassword', roleType: 'public' },
+  { action: 'plugin::users-permissions.auth.resetpassword', roleType: 'public' },
+  { action: 'plugin::users-permissions.auth.register', roleType: 'public' },
+  { action: 'plugin::users-permissions.auth.emailconfirmation', roleType: 'public' },
+  { action: 'plugin::users-permissions.user.me', roleType: null },
 ];
-const isEnabledByDefault = (permission, role) => {
-  return DEFAULT_PERMISSIONS.some(
-    defaultPerm =>
-      (defaultPerm.action === null || permission.action === defaultPerm.action) &&
-      (defaultPerm.controller === null || permission.controller === defaultPerm.controller) &&
-      (defaultPerm.type === null || permission.type === defaultPerm.type) &&
-      (defaultPerm.roleType === null || role.type === defaultPerm.roleType)
-  );
+const transformRoutePrefixFor = pluginName => route => {
+  const prefix = route.config && route.config.prefix;
+  const path = prefix !== undefined ? `${prefix}${route.path}` : `/${pluginName}${route.path}`;
+  return {
+    ...route,
+    path,
+  };
 };
 module.exports = ({ strapi }) => ({
-  async createRole(params) {
-    if (!params.type) {
-      params.type = _.snakeCase(_.deburr(_.toLower(params.name)));
-    }
+  getActions({ defaultEnable = false } = {}) {
+    const actionMap = {};
-    const role = await strapi
-      .query('plugin::users-permissions.role')
-      .create({ data: _.omit(params, ['users', 'permissions']) });
+    const isContentApi = action => {
+      if (!_.has(action, Symbol.for('__type__'))) {
+        return false;
+      }
-    const arrayOfPromises = Object.keys(params.permissions || {}).reduce((acc, type) => {
-      Object.keys(params.permissions[type].controllers).forEach(controller => {
-        Object.keys(params.permissions[type].controllers[controller]).forEach(action => {
-          acc.push(
-            strapi.query('plugin::users-permissions.permission').create({
-              data: {
-                role: role.id,
-                type,
-                controller,
-                action: action.toLowerCase(),
-                ...params.permissions[type].controllers[controller][action],
-              },
-            })
-          );
-        });
-      });
+      return action[Symbol.for('__type__')].includes('content-api');
+    };
-      return acc;
-    }, []);
-    // Use Content Manager business logic to handle relation.
-    if (params.users && params.users.length > 0)
-      arrayOfPromises.push(
-        strapi.query('plugin::users-permissions.role').update({
-          where: {
-            id: role.id,
-          },
-          data: { users: params.users },
-        })
-      );
+    _.forEach(strapi.api, (api, apiName) => {
+      const controllers = _.reduce(
+        api.controllers,
+        (acc, controller, controllerName) => {
+          const contentApiActions = _.pickBy(controller, isContentApi);
-    return await Promise.all(arrayOfPromises);
-  },
-  async deleteRole(roleID, publicRoleID) {
-    const role = await strapi
-      .query('plugin::users-permissions.role')
-      .findOne({ where: { id: roleID }, populate: ['users', 'permissions'] });
+          if (_.isEmpty(contentApiActions)) {
+            return acc;
+          }
-    if (!role) {
-      throw new Error('Cannot find this role');
-    }
+          acc[controllerName] = _.mapValues(contentApiActions, () => {
+            return {
+              enabled: defaultEnable,
+              policy: '',
+            };
+          });
-    // Move users to guest role.
-    const arrayOfPromises = role.users.reduce((acc, user) => {
-      acc.push(
-        strapi.query('plugin::users-permissions.user').update({
-          where: {
-            id: user.id,
-          },
-          data: {
-            role: publicRoleID,
-          },
-        })
+          return acc;
+        },
+        {}
       );
-      return acc;
-    }, []);
-    // Remove permissions related to this role.
-    role.permissions.forEach(permission => {
-      arrayOfPromises.push(
-        strapi.query('plugin::users-permissions.permission').delete({
-          where: { id: permission.id },
-        })
-      );
+      if (!_.isEmpty(controllers)) {
+        actionMap[`api::${apiName}`] = { controllers };
+      }
     });
-    // Delete the role.
-    arrayOfPromises.push(
-      strapi.query('plugin::users-permissions.role').delete({ where: { id: roleID } })
-    );
+    _.forEach(strapi.plugins, (plugin, pluginName) => {
+      const controllers = _.reduce(
+        plugin.controllers,
+        (acc, controller, controllerName) => {
+          const contentApiActions = _.pickBy(controller, isContentApi);
-    return await Promise.all(arrayOfPromises);
-  },
-  getPlugins(lang = 'en') {
-    return new Promise(resolve => {
-      request(
-        {
-          uri: `https://marketplace.strapi.io/plugins?lang=${lang}`,
-          json: true,
-          timeout: 3000,
-          headers: {
-            'cache-control': 'max-age=3600',
-          },
-        },
-        (err, response, body) => {
-          if (err || response.statusCode !== 200) {
-            return resolve([]);
+          if (_.isEmpty(contentApiActions)) {
+            return acc;
           }
-          resolve(body);
-        }
-      );
-    });
-  },
-  getActions() {
-    const generateActions = data =>
-      Object.keys(data).reduce((acc, key) => {
-        if (_.isFunction(data[key])) {
-          acc[key] = { enabled: false, policy: '' };
-        }
-        return acc;
-      }, {});
-    const appControllers = Object.keys(strapi.api || {})
-      .filter(key => !!strapi.api[key].controllers)
-      .reduce(
-        (acc, key) => {
-          Object.keys(strapi.api[key].controllers).forEach(controller => {
-            acc.controllers[controller] = generateActions(strapi.api[key].controllers[controller]);
+          acc[controllerName] = _.mapValues(contentApiActions, () => {
+            return {
+              enabled: defaultEnable,
+              policy: '',
+            };
           });
           return acc;
         },
-        { controllers: {} }
+        {}
       );
-    const pluginsPermissions = Object.keys(strapi.plugins).reduce((acc, key) => {
-      const initialState = {
-        controllers: {},
-      };
-      const pluginControllers = strapi.plugin(key).controllers;
-      acc[key] = Object.keys(pluginControllers).reduce((obj, k) => {
-        obj.controllers[k] = generateActions(pluginControllers[k]);
-        return obj;
-      }, initialState);
-      return acc;
-    }, {});
-    const permissions = {
-      application: {
-        controllers: appControllers.controllers,
-      },
-    };
+      if (!_.isEmpty(controllers)) {
+        actionMap[`plugin::${pluginName}`] = { controllers };
+      }
+    });
-    return _.merge(permissions, pluginsPermissions);
+    return actionMap;
   },
-  async getRole(roleID, plugins) {
-    const role = await strapi
-      .query('plugin::users-permissions.role')
-      .findOne({ where: { id: roleID }, populate: ['permissions'] });
+  async getRoutes() {
+    const routesMap = {};
-    if (!role) {
-      throw new Error('Cannot find this role');
-    }
+    _.forEach(strapi.api, (api, apiName) => {
+      const routes = _.flatMap(api.routes, route => {
+        if (_.has(route, 'routes')) {
+          return route.routes;
+        }
-    // Group by `type`.
-    const permissions = role.permissions.reduce((acc, permission) => {
-      _.set(acc, `${permission.type}.controllers.${permission.controller}.${permission.action}`, {
-        enabled: _.toNumber(permission.enabled) == true,
-        policy: permission.policy,
-      });
+        return route;
+      }).filter(route => route.info.type === 'content-api');
-      if (permission.type !== 'application' && !acc[permission.type].information) {
-        acc[permission.type].information =
-          plugins.find(plugin => plugin.id === permission.type) || {};
+      if (routes.length === 0) {
+        return;
       }
-      return acc;
-    }, {});
-    return {
-      ...role,
-      permissions,
-    };
-  },
-  async getRoles() {
-    const roles = await strapi.query('plugin::users-permissions.role').findMany({ sort: ['name'] });
-    for (let i = 0; i < roles.length; ++i) {
-      roles[i].nb_users = await strapi
-        .query('plugin::users-permissions.user')
-        .count({ where: { role: { id: roles[i].id } } });
-    }
+      routesMap[`api::${apiName}`] = routes.map(route => ({
+        ...route,
+        path: `/api${route.path}`,
+      }));
+    });
-    return roles;
-  },
+    _.forEach(strapi.plugins, (plugin, pluginName) => {
+      const transformPrefix = transformRoutePrefixFor(pluginName);
-  async getRoutes() {
-    const routes = Object.keys(strapi.api || {}).reduce((acc, current) => {
-      return acc.concat(_.get(strapi.api[current].config, 'routes', []));
-    }, []);
-    const pluginsRoutes = Object.keys(strapi.plugins).reduce((acc, current) => {
-      const routes = strapi.plugin(current).routes.reduce((acc, curr) => {
-        const prefix = curr.config.prefix;
-        const path = prefix !== undefined ? `${prefix}${curr.path}` : `/${current}${curr.path}`;
-        _.set(curr, 'path', path);
+      const routes = _.flatMap(plugin.routes, route => {
+        if (_.has(route, 'routes')) {
+          return route.routes.map(transformPrefix);
+        }
-        return acc.concat(curr);
-      }, []);
+        return transformPrefix(route);
+      }).filter(route => route.info.type === 'content-api');
-      acc[current] = routes;
+      if (routes.length === 0) {
+        return;
+      }
-      return acc;
-    }, {});
+      routesMap[`plugin::${pluginName}`] = routes.map(route => ({
+        ...route,
+        path: `/api${route.path}`,
+      }));
+    });
-    return _.merge({ application: routes }, pluginsRoutes);
+    return routesMap;
   },
-  async updatePermissions() {
+  async syncPermissions() {
     const roles = await strapi.query('plugin::users-permissions.role').findMany();
+    const dbPermissions = await strapi.query('plugin::users-permissions.permission').findMany();
-    const rolesMap = _.keyBy(roles, 'id');
-    const dbPermissions = await strapi
-      .query('plugin::users-permissions.permission')
-      .findMany({ populate: ['role'] });
-    let permissionsFoundInDB = dbPermissions.map(permission => {
-      const { type, controller, action, role } = permission;
-      return `${type}.${controller}.${action}.${role.id}`;
-    });
+    const permissionsFoundInDB = _.uniq(_.map(dbPermissions, 'action'));
-    permissionsFoundInDB = _.uniq(permissionsFoundInDB);
-    // Aggregate first level actions.
-    const appActions = Object.keys(strapi.api || {}).reduce((acc, api) => {
-      Object.keys(_.get(strapi.api[api], 'controllers', {})).forEach(controller => {
-        const actions = Object.keys(strapi.api[api].controllers[controller])
-          .filter(action => _.isFunction(strapi.api[api].controllers[controller][action]))
-          .map(action => `application.${controller}.${action.toLowerCase()}`);
-        acc = acc.concat(actions);
+    const appActions = _.flatMap(strapi.api, (api, apiName) => {
+      return _.flatMap(api.controllers, (controller, controllerName) => {
+        return _.keys(controller).map(actionName => {
+          return `api::${apiName}.${controllerName}.${actionName}`;
+        });
       });
+    });
-      return acc;
-    }, []);
-    // Aggregate plugins' actions.
-    const pluginsActions = Object.keys(strapi.plugins).reduce((acc, plugin) => {
-      const pluginControllers = strapi.plugin(plugin).controllers;
-      Object.keys(pluginControllers).forEach(controller => {
-        const controllerActions = pluginControllers[controller];
-        const actions = Object.keys(controllerActions)
-          .filter(action => _.isFunction(controllerActions[action]))
-          .map(action => `${plugin}.${controller}.${action.toLowerCase()}`);
-        acc = acc.concat(actions);
+    const pluginsActions = _.flatMap(strapi.plugins, (plugin, pluginName) => {
+      return _.flatMap(plugin.controllers, (controller, controllerName) => {
+        return _.keys(controller).map(actionName => {
+          return `plugin::${pluginName}.${controllerName}.${actionName}`;
+        });
       });
+    });
-      return acc;
-    }, []);
-    const actionsFoundInFiles = appActions.concat(pluginsActions);
+    const allActions = [...appActions, ...pluginsActions];
-    const permissionsFoundInFiles = [];
+    const toDelete = _.difference(permissionsFoundInDB, allActions);
-    for (const role of roles) {
-      actionsFoundInFiles.forEach(action => {
-        permissionsFoundInFiles.push(`${action}.${role.id}`);
-      });
-    }
-    // Compare to know if actions have been added or removed from controllers.
-    if (!_.isEqual(permissionsFoundInDB.sort(), permissionsFoundInFiles.sort())) {
-      const splitted = str => {
-        const [type, controller, action, roleId] = str.split('.');
-        return { type, controller, action, roleId };
-      };
-      // We have to know the difference to add or remove the permissions entries in the database.
-      const toRemove = _.difference(permissionsFoundInDB, permissionsFoundInFiles).map(splitted);
-      const toAdd = _.difference(permissionsFoundInFiles, permissionsFoundInDB).map(splitted);
-      const query = strapi.query('plugin::users-permissions.permission');
-      // Execute request to update entries in database for each role.
-      await Promise.all(
-        toAdd.map(permission => {
-          return query.create({
-            data: {
-              type: permission.type,
-              controller: permission.controller,
-              action: permission.action,
-              enabled: isEnabledByDefault(permission, rolesMap[permission.roleId]),
-              policy: '',
-              role: permission.roleId,
-            },
-          });
-        })
-      );
+    await Promise.all(
+      toDelete.map(action => {
+        return strapi.query('plugin::users-permissions.permission').delete({ where: { action } });
+      })
+    );
-      await Promise.all(
-        toRemove.map(permission => {
-          const { type, controller, action, roleId } = permission;
-          return query.delete({ where: { type, controller, action, role: { id: roleId } } });
-        })
-      );
+    if (permissionsFoundInDB.length === 0) {
+      // create default permissions
+      for (const role of roles) {
+        const toCreate = pipe(
+          filter(({ roleType }) => roleType === role.type || roleType === null),
+          map(prop('action'))
+        )(DEFAULT_PERMISSIONS);
+        await Promise.all(
+          toCreate.map(action => {
+            return strapi.query('plugin::users-permissions.permission').create({
+              data: {
+                action,
+                role: role.id,
+              },
+            });
+          })
+        );
+      }
     }
   },
@@ -365,57 +217,7 @@ module.exports = ({ strapi }) => ({
       });
     }
-    return getService('users-permissions').updatePermissions();
-  },
-  async updateRole(roleID, body) {
-    const [role, authenticated] = await Promise.all([
-      this.getRole(roleID, []),
-      strapi.query('plugin::users-permissions.role').findOne({ where: { type: 'authenticated' } }),
-    ]);
-    await strapi.query('plugin::users-permissions.role').update({
-      where: { id: roleID },
-      data: _.pick(body, ['name', 'description']),
-    });
-    await Promise.all(
-      Object.keys(body.permissions || {}).reduce((acc, type) => {
-        Object.keys(body.permissions[type].controllers).forEach(controller => {
-          Object.keys(body.permissions[type].controllers[controller]).forEach(action => {
-            const bodyAction = body.permissions[type].controllers[controller][action];
-            const currentAction = _.get(
-              role.permissions,
-              `${type}.controllers.${controller}.${action}`,
-              {}
-            );
-            if (!_.isEqual(bodyAction, currentAction)) {
-              acc.push(
-                strapi.query('plugin::users-permissions.permission').update({
-                  where: {
-                    role: roleID,
-                    type,
-                    controller,
-                    action: action.toLowerCase(),
-                  },
-                  data: bodyAction,
-                })
-              );
-            }
-          });
-        });
-        return acc;
-      }, [])
-    );
-    // Add user to this role.
-    const newUsers = _.differenceBy(body.users, role.users, 'id');
-    await Promise.all(newUsers.map(user => this.updateUserRole(user, roleID)));
-    const oldUsers = _.differenceBy(role.users, body.users, 'id');
-    await Promise.all(oldUsers.map(user => this.updateUserRole(user, authenticated.id)));
+    return getService('users-permissions').syncPermissions();
   },
   async updateUserRole(user, role) {

package/server/strategies/users-permissions.js ADDED Viewed

@@ -0,0 +1,123 @@
+'use strict';
+const { castArray, map } = require('lodash/fp');
+const { ForbiddenError, UnauthorizedError } = require('@strapi/utils').errors;
+const { getService } = require('../utils');
+const getAdvancedSettings = () => {
+  return strapi.store({ type: 'plugin', name: 'users-permissions' }).get({ key: 'advanced' });
+};
+const authenticate = async ctx => {
+  try {
+    const token = await getService('jwt').getToken(ctx);
+    if (token) {
+      const { id } = token;
+      if (id === undefined) {
+        return { authenticated: false };
+      }
+      // fetch authenticated user
+      const user = await getService('user').fetchAuthenticatedUser(id);
+      if (!user) {
+        return { error: 'Invalid credentials' };
+      }
+      const advancedSettings = await getAdvancedSettings();
+      if (advancedSettings.email_confirmation && !user.confirmed) {
+        return { error: 'Invalid credentials' };
+      }
+      if (user.blocked) {
+        return { error: 'Invalid credentials' };
+      }
+      ctx.state.user = user;
+      return {
+        authenticated: true,
+        credentials: user,
+      };
+    }
+    const publicPermissions = await strapi.query('plugin::users-permissions.permission').findMany({
+      where: {
+        role: { type: 'public' },
+      },
+    });
+    if (publicPermissions.length === 0) {
+      return { authenticated: false };
+    }
+    return {
+      authenticated: true,
+      credentials: null,
+    };
+  } catch (err) {
+    return { authenticated: false };
+  }
+};
+const verify = async (auth, config) => {
+  const { credentials: user } = auth;
+  // public accesss
+  if (!user) {
+    // test against public role
+    const publicPermissions = await strapi.query('plugin::users-permissions.permission').findMany({
+      where: {
+        role: { type: 'public' },
+      },
+    });
+    const allowedActions = map('action', publicPermissions);
+    // A non authenticated user cannot access routes that do not have a scope
+    if (!config.scope) {
+      throw new UnauthorizedError();
+    }
+    const isAllowed = castArray(config.scope).every(scope => allowedActions.includes(scope));
+    if (!isAllowed) {
+      throw new ForbiddenError();
+    }
+    return;
+  }
+  const permissions = await strapi.query('plugin::users-permissions.permission').findMany({
+    where: { role: user.role.id },
+  });
+  const allowedActions = map('action', permissions);
+  // An authenticated user can access non scoped routes
+  if (!config.scope) {
+    return;
+  }
+  const isAllowed = castArray(config.scope).every(scope => allowedActions.includes(scope));
+  if (!isAllowed) {
+    throw new ForbiddenError();
+  }
+  // TODO: if we need to keep policies for u&p execution
+  // Execute the policies.
+  // if (permission.policy) {
+  //   return await strapi.plugin('users-permissions').policy(permission.policy)(ctx, next);
+  // }
+};
+module.exports = {
+  name: 'users-permissions',
+  authenticate,
+  verify,
+};

package/server/utils/index.d.ts CHANGED Viewed

@@ -1,11 +1,13 @@
 import * as usersPermissions from '../services/users-permissions';
 import * as user from '../services/user';
+import * as role from '../services/role';
 import * as jwt from '../services/jwt';
 import * as providers from '../services/providers';
 type S = {
   ['users-permissions']: typeof usersPermissions;
+  ['role']: typeof role;
   user: typeof user;
   jwt: typeof jwt;
   providers: typeof providers;