@strapi/plugin-users-permissions 4.1.10-beta.0 → 4.1.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/admin/src/pages/Roles/EditPage/index.js +11 -11
- package/package.json +4 -4
- package/server/controllers/auth.js +1 -1
- package/server/controllers/role.js +4 -4
- package/server/controllers/settings.js +1 -1
- package/server/controllers/user.js +11 -5
- package/server/graphql/mutations/auth/email-confirmation.js +1 -1
- package/server/graphql/mutations/crud/user/delete-user.js +1 -1
- package/server/graphql/resolvers-configs.js +4 -4
- package/server/register.js +2 -0
- package/server/routes/admin/role.js +2 -2
- package/server/routes/content-api/role.js +2 -2
- package/server/services/role.js +2 -2
- package/server/services/user.js +4 -4
- package/server/utils/index.js +3 -0
- package/server/utils/sanitize/index.js +9 -0
- package/server/utils/sanitize/sanitizers.js +19 -0
- package/server/utils/sanitize/visitors/index.js +5 -0
- package/server/utils/sanitize/visitors/remove-user-relation-from-role-entities.js +11 -0
|
@@ -1,4 +1,15 @@
|
|
|
1
1
|
import React, { useState, useRef } from 'react';
|
|
2
|
+
import { Formik } from 'formik';
|
|
3
|
+
import { useIntl } from 'react-intl';
|
|
4
|
+
import { useRouteMatch } from 'react-router-dom';
|
|
5
|
+
import {
|
|
6
|
+
useOverlayBlocker,
|
|
7
|
+
SettingsPageTitle,
|
|
8
|
+
LoadingIndicatorPage,
|
|
9
|
+
Form,
|
|
10
|
+
useNotification,
|
|
11
|
+
Link,
|
|
12
|
+
} from '@strapi/helper-plugin';
|
|
2
13
|
import { ContentLayout, HeaderLayout } from '@strapi/design-system/Layout';
|
|
3
14
|
import { Main } from '@strapi/design-system/Main';
|
|
4
15
|
import { Button } from '@strapi/design-system/Button';
|
|
@@ -9,18 +20,7 @@ import { Textarea } from '@strapi/design-system/Textarea';
|
|
|
9
20
|
import { Typography } from '@strapi/design-system/Typography';
|
|
10
21
|
import ArrowLeft from '@strapi/icons/ArrowLeft';
|
|
11
22
|
import Check from '@strapi/icons/Check';
|
|
12
|
-
import { Link } from '@strapi/design-system/Link';
|
|
13
23
|
import { GridItem, Grid } from '@strapi/design-system/Grid';
|
|
14
|
-
import { Formik } from 'formik';
|
|
15
|
-
import { useIntl } from 'react-intl';
|
|
16
|
-
import { useRouteMatch } from 'react-router-dom';
|
|
17
|
-
import {
|
|
18
|
-
useOverlayBlocker,
|
|
19
|
-
SettingsPageTitle,
|
|
20
|
-
LoadingIndicatorPage,
|
|
21
|
-
Form,
|
|
22
|
-
useNotification,
|
|
23
|
-
} from '@strapi/helper-plugin';
|
|
24
24
|
import UsersPermissions from '../../../components/UsersPermissions';
|
|
25
25
|
import getTrad from '../../../utils/getTrad';
|
|
26
26
|
import pluginId from '../../../pluginId';
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@strapi/plugin-users-permissions",
|
|
3
|
-
"version": "4.1.
|
|
3
|
+
"version": "4.1.12",
|
|
4
4
|
"description": "Protect your API with a full-authentication process based on JWT",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -27,8 +27,8 @@
|
|
|
27
27
|
"test:front:watch:ce": "cross-env IS_EE=false jest --config ./jest.config.front.js --watchAll"
|
|
28
28
|
},
|
|
29
29
|
"dependencies": {
|
|
30
|
-
"@strapi/helper-plugin": "4.1.
|
|
31
|
-
"@strapi/utils": "4.1.
|
|
30
|
+
"@strapi/helper-plugin": "4.1.12",
|
|
31
|
+
"@strapi/utils": "4.1.12",
|
|
32
32
|
"bcryptjs": "2.4.3",
|
|
33
33
|
"grant-koa": "5.4.8",
|
|
34
34
|
"jsonwebtoken": "^8.1.0",
|
|
@@ -59,5 +59,5 @@
|
|
|
59
59
|
"required": true,
|
|
60
60
|
"kind": "plugin"
|
|
61
61
|
},
|
|
62
|
-
"gitHead": "
|
|
62
|
+
"gitHead": "ab698015cfc4f43fa0ce2ae94ec59e00a67e4cda"
|
|
63
63
|
}
|
|
@@ -378,7 +378,7 @@ module.exports = {
|
|
|
378
378
|
throw new ValidationError('token.invalid');
|
|
379
379
|
}
|
|
380
380
|
|
|
381
|
-
const user = await userService.
|
|
381
|
+
const [user] = await userService.fetchAll({ filters: { confirmationToken } });
|
|
382
382
|
|
|
383
383
|
if (!user) {
|
|
384
384
|
throw new ValidationError('token.invalid');
|
|
@@ -21,10 +21,10 @@ module.exports = {
|
|
|
21
21
|
ctx.send({ ok: true });
|
|
22
22
|
},
|
|
23
23
|
|
|
24
|
-
async
|
|
24
|
+
async findOne(ctx) {
|
|
25
25
|
const { id } = ctx.params;
|
|
26
26
|
|
|
27
|
-
const role = await getService('role').
|
|
27
|
+
const role = await getService('role').findOne(id);
|
|
28
28
|
|
|
29
29
|
if (!role) {
|
|
30
30
|
return ctx.notFound();
|
|
@@ -33,8 +33,8 @@ module.exports = {
|
|
|
33
33
|
ctx.send({ role });
|
|
34
34
|
},
|
|
35
35
|
|
|
36
|
-
async
|
|
37
|
-
const roles = await getService('role').
|
|
36
|
+
async find(ctx) {
|
|
37
|
+
const roles = await getService('role').find();
|
|
38
38
|
|
|
39
39
|
ctx.send({ roles });
|
|
40
40
|
},
|
|
@@ -12,7 +12,7 @@ const { getService } = require('../utils');
|
|
|
12
12
|
const { validateCreateUserBody, validateUpdateUserBody } = require('./validation/user');
|
|
13
13
|
|
|
14
14
|
const { sanitize } = utils;
|
|
15
|
-
const { ApplicationError, ValidationError } = utils.errors;
|
|
15
|
+
const { ApplicationError, ValidationError, NotFoundError } = utils.errors;
|
|
16
16
|
|
|
17
17
|
const sanitizeOutput = (user, ctx) => {
|
|
18
18
|
const schema = strapi.getModel('plugin::users-permissions.user');
|
|
@@ -90,7 +90,11 @@ module.exports = {
|
|
|
90
90
|
const { id } = ctx.params;
|
|
91
91
|
const { email, username, password } = ctx.request.body;
|
|
92
92
|
|
|
93
|
-
const user = await getService('user').fetch(
|
|
93
|
+
const user = await getService('user').fetch(id);
|
|
94
|
+
if (!user) {
|
|
95
|
+
throw new NotFoundError(`User not found`);
|
|
96
|
+
}
|
|
97
|
+
|
|
94
98
|
|
|
95
99
|
await validateUpdateUserBody(ctx.request.body);
|
|
96
100
|
|
|
@@ -133,8 +137,8 @@ module.exports = {
|
|
|
133
137
|
* Retrieve user records.
|
|
134
138
|
* @return {Object|Array}
|
|
135
139
|
*/
|
|
136
|
-
async find(ctx
|
|
137
|
-
const users = await getService('user').fetchAll(ctx.query
|
|
140
|
+
async find(ctx) {
|
|
141
|
+
const users = await getService('user').fetchAll(ctx.query);
|
|
138
142
|
|
|
139
143
|
ctx.body = await Promise.all(users.map(user => sanitizeOutput(user, ctx)));
|
|
140
144
|
},
|
|
@@ -145,7 +149,9 @@ module.exports = {
|
|
|
145
149
|
*/
|
|
146
150
|
async findOne(ctx) {
|
|
147
151
|
const { id } = ctx.params;
|
|
148
|
-
|
|
152
|
+
const { query } = ctx;
|
|
153
|
+
|
|
154
|
+
let data = await getService('user').fetch(id, query);
|
|
149
155
|
|
|
150
156
|
if (data) {
|
|
151
157
|
data = await sanitizeOutput(data, ctx);
|
|
@@ -19,7 +19,7 @@ module.exports = ({ nexus, strapi }) => {
|
|
|
19
19
|
async resolve(parent, args, context) {
|
|
20
20
|
const { koaContext } = context;
|
|
21
21
|
|
|
22
|
-
koaContext.
|
|
22
|
+
koaContext.query = toPlainObject(args);
|
|
23
23
|
|
|
24
24
|
await strapi
|
|
25
25
|
.plugin('users-permissions')
|
|
@@ -26,12 +26,12 @@ module.exports = ({ strapi }) => {
|
|
|
26
26
|
|
|
27
27
|
// Scoped auth for replaced CRUD operations
|
|
28
28
|
// Role
|
|
29
|
-
[`Mutation.${createRole}`]: { auth: { scope: [`${roleUID}.
|
|
30
|
-
[`Mutation.${updateRole}`]: { auth: { scope: [`${roleUID}.
|
|
31
|
-
[`Mutation.${deleteRole}`]: { auth: { scope: [`${roleUID}.
|
|
29
|
+
[`Mutation.${createRole}`]: { auth: { scope: [`${roleUID}.createRole`] } },
|
|
30
|
+
[`Mutation.${updateRole}`]: { auth: { scope: [`${roleUID}.updateRole`] } },
|
|
31
|
+
[`Mutation.${deleteRole}`]: { auth: { scope: [`${roleUID}.deleteRole`] } },
|
|
32
32
|
// User
|
|
33
33
|
[`Mutation.${createUser}`]: { auth: { scope: [`${userUID}.create`] } },
|
|
34
34
|
[`Mutation.${updateUser}`]: { auth: { scope: [`${userUID}.update`] } },
|
|
35
|
-
[`Mutation.${deleteUser}`]: { auth: { scope: [`${userUID}.
|
|
35
|
+
[`Mutation.${deleteUser}`]: { auth: { scope: [`${userUID}.destroy`] } },
|
|
36
36
|
};
|
|
37
37
|
};
|
package/server/register.js
CHANGED
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
const authStrategy = require('./strategies/users-permissions');
|
|
4
|
+
const sanitizers = require('./utils/sanitize/sanitizers');
|
|
4
5
|
|
|
5
6
|
module.exports = ({ strapi }) => {
|
|
6
7
|
strapi.container.get('auth').register('content-api', authStrategy);
|
|
8
|
+
strapi.sanitizers.add('content-api.output', sanitizers.defaultSanitizeOutput);
|
|
7
9
|
|
|
8
10
|
if (strapi.plugin('graphql')) {
|
|
9
11
|
require('./graphql')({ strapi });
|
|
@@ -4,7 +4,7 @@ module.exports = [
|
|
|
4
4
|
{
|
|
5
5
|
method: 'GET',
|
|
6
6
|
path: '/roles/:id',
|
|
7
|
-
handler: 'role.
|
|
7
|
+
handler: 'role.findOne',
|
|
8
8
|
config: {
|
|
9
9
|
policies: [
|
|
10
10
|
{
|
|
@@ -19,7 +19,7 @@ module.exports = [
|
|
|
19
19
|
{
|
|
20
20
|
method: 'GET',
|
|
21
21
|
path: '/roles',
|
|
22
|
-
handler: 'role.
|
|
22
|
+
handler: 'role.find',
|
|
23
23
|
config: {
|
|
24
24
|
policies: [
|
|
25
25
|
{
|
package/server/services/role.js
CHANGED
|
@@ -41,7 +41,7 @@ module.exports = ({ strapi }) => ({
|
|
|
41
41
|
await Promise.all(createPromises);
|
|
42
42
|
},
|
|
43
43
|
|
|
44
|
-
async
|
|
44
|
+
async findOne(roleID) {
|
|
45
45
|
const role = await strapi
|
|
46
46
|
.query('plugin::users-permissions.role')
|
|
47
47
|
.findOne({ where: { id: roleID }, populate: ['permissions'] });
|
|
@@ -68,7 +68,7 @@ module.exports = ({ strapi }) => ({
|
|
|
68
68
|
};
|
|
69
69
|
},
|
|
70
70
|
|
|
71
|
-
async
|
|
71
|
+
async find() {
|
|
72
72
|
const roles = await strapi.query('plugin::users-permissions.role').findMany({ sort: ['name'] });
|
|
73
73
|
|
|
74
74
|
for (const role of roles) {
|
package/server/services/user.js
CHANGED
|
@@ -58,8 +58,8 @@ module.exports = ({ strapi }) => ({
|
|
|
58
58
|
* Promise to fetch a/an user.
|
|
59
59
|
* @return {Promise}
|
|
60
60
|
*/
|
|
61
|
-
fetch(
|
|
62
|
-
return strapi.
|
|
61
|
+
fetch(id, params) {
|
|
62
|
+
return strapi.entityService.findOne('plugin::users-permissions.user', id, params);
|
|
63
63
|
},
|
|
64
64
|
|
|
65
65
|
/**
|
|
@@ -76,8 +76,8 @@ module.exports = ({ strapi }) => ({
|
|
|
76
76
|
* Promise to fetch all users.
|
|
77
77
|
* @return {Promise}
|
|
78
78
|
*/
|
|
79
|
-
fetchAll(params
|
|
80
|
-
return strapi.
|
|
79
|
+
fetchAll(params) {
|
|
80
|
+
return strapi.entityService.findMany('plugin::users-permissions.user', params);
|
|
81
81
|
},
|
|
82
82
|
|
|
83
83
|
/**
|
package/server/utils/index.js
CHANGED
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
const { curry } = require('lodash/fp');
|
|
4
|
+
const { traverseEntity, pipeAsync } = require('@strapi/utils');
|
|
5
|
+
|
|
6
|
+
const { removeUserRelationFromRoleEntities } = require('./visitors');
|
|
7
|
+
|
|
8
|
+
const sanitizeUserRelationFromRoleEntities = curry((schema, entity) => {
|
|
9
|
+
return traverseEntity(removeUserRelationFromRoleEntities, { schema }, entity);
|
|
10
|
+
});
|
|
11
|
+
|
|
12
|
+
const defaultSanitizeOutput = curry((schema, entity) => {
|
|
13
|
+
return pipeAsync(sanitizeUserRelationFromRoleEntities(schema))(entity);
|
|
14
|
+
});
|
|
15
|
+
|
|
16
|
+
module.exports = {
|
|
17
|
+
sanitizeUserRelationFromRoleEntities,
|
|
18
|
+
defaultSanitizeOutput,
|
|
19
|
+
};
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
module.exports = ({ schema, key, attribute }, { remove }) => {
|
|
4
|
+
if (
|
|
5
|
+
attribute.type === 'relation' &&
|
|
6
|
+
attribute.target === 'plugin::users-permissions.user' &&
|
|
7
|
+
schema.uid === 'plugin::users-permissions.role'
|
|
8
|
+
) {
|
|
9
|
+
remove(key);
|
|
10
|
+
}
|
|
11
|
+
};
|