@strapi/plugin-users-permissions 4.13.0-beta.0 → 4.13.0

package/admin/src/pages/Roles/pages/CreatePage.js

@@ -0,0 +1,190 @@
+import * as React from 'react';
+
+import {
+  Button,
+  ContentLayout,
+  Flex,
+  Grid,
+  GridItem,
+  HeaderLayout,
+  Main,
+  Textarea,
+  TextInput,
+  Typography,
+} from '@strapi/design-system';
+import {
+  CheckPagePermissions,
+  Form,
+  SettingsPageTitle,
+  useFetchClient,
+  useNotification,
+  useOverlayBlocker,
+  useTracking,
+} from '@strapi/helper-plugin';
+import { Check } from '@strapi/icons';
+import { Formik } from 'formik';
+import { useIntl } from 'react-intl';
+import { useMutation } from 'react-query';
+import { useHistory } from 'react-router-dom';
+
+import UsersPermissions from '../../../components/UsersPermissions';
+import { PERMISSIONS } from '../../../constants';
+import getTrad from '../../../utils/getTrad';
+import { createRoleSchema } from '../constants';
+import { usePlugins } from '../hooks/usePlugins';
+
+export const CreatePage = () => {
+  const { formatMessage } = useIntl();
+  const toggleNotification = useNotification();
+  const { goBack } = useHistory();
+  const { lockApp, unlockApp } = useOverlayBlocker();
+  const { isLoading: isLoadingPlugins, permissions, routes } = usePlugins();
+  const { trackUsage } = useTracking();
+  const permissionsRef = React.useRef();
+  const { post } = useFetchClient();
+  const mutation = useMutation((body) => post(`/users-permissions/roles`, body), {
+    onError() {
+      toggleNotification({
+        type: 'warning',
+        message: {
+          id: 'notification.error',
+          defaultMessage: 'An error occurred',
+        },
+      });
+    },
+
+    onSuccess() {
+      trackUsage('didCreateRole');
+
+      toggleNotification({
+        type: 'success',
+        message: {
+          id: getTrad('Settings.roles.created'),
+          defaultMessage: 'Role created',
+        },
+      });
+
+      // Forcing redirecting since we don't have the id in the response
+      goBack();
+    },
+  });
+
+  const handleCreateRoleSubmit = async (data) => {
+    lockApp();
+
+    // TODO: refactor. Child -> parent component communication is evil;
+    // We should either move the provider one level up or move the state
+    // straight into redux.
+    const permissions = permissionsRef.current.getPermissions();
+
+    await mutation.mutate({ ...data, ...permissions, users: [] });
+
+    unlockApp();
+  };
+
+  return (
+    <Main>
+      {/* TODO: This needs to be translated */}
+      <SettingsPageTitle name="Roles" />
+      <Formik
+        enableReinitialize
+        initialValues={{ name: '', description: '' }}
+        onSubmit={handleCreateRoleSubmit}
+        validationSchema={createRoleSchema}
+      >
+        {({ handleSubmit, values, handleChange, errors }) => (
+          <Form noValidate onSubmit={handleSubmit}>
+            <HeaderLayout
+              primaryAction={
+                !isLoadingPlugins && (
+                  <Button type="submit" loading={mutation.isLoading} startIcon={<Check />}>
+                    {formatMessage({
+                      id: 'global.save',
+                      defaultMessage: 'Save',
+                    })}
+                  </Button>
+                )
+              }
+              title={formatMessage({
+                id: 'Settings.roles.create.title',
+                defaultMessage: 'Create a role',
+              })}
+              subtitle={formatMessage({
+                id: 'Settings.roles.create.description',
+                defaultMessage: 'Define the rights given to the role',
+              })}
+            />
+            <ContentLayout>
+              <Flex
+                background="neutral0"
+                direction="column"
+                alignItems="stretch"
+                gap={7}
+                hasRadius
+                paddingTop={6}
+                paddingBottom={6}
+                paddingLeft={7}
+                paddingRight={7}
+                shadow="filterShadow"
+              >
+                <Flex direction="column" alignItems="stretch">
+                  <Typography variant="delta" as="h2">
+                    {formatMessage({
+                      id: getTrad('EditPage.form.roles'),
+                      defaultMessage: 'Role details',
+                    })}
+                  </Typography>
+
+                  <Grid gap={4}>
+                    <GridItem col={6}>
+                      <TextInput
+                        name="name"
+                        value={values.name || ''}
+                        onChange={handleChange}
+                        label={formatMessage({
+                          id: 'global.name',
+                          defaultMessage: 'Name',
+                        })}
+                        error={errors?.name ? formatMessage({ id: errors.name }) : false}
+                        required
+                      />
+                    </GridItem>
+                    <GridItem col={6}>
+                      <Textarea
+                        id="description"
+                        value={values.description || ''}
+                        onChange={handleChange}
+                        label={formatMessage({
+                          id: 'global.description',
+                          defaultMessage: 'Description',
+                        })}
+                        error={
+                          errors?.description ? formatMessage({ id: errors.description }) : false
+                        }
+                        required
+                      />
+                    </GridItem>
+                  </Grid>
+                </Flex>
+
+                {!isLoadingPlugins && (
+                  <UsersPermissions
+                    ref={permissionsRef}
+                    permissions={permissions}
+                    routes={routes}
+                  />
+                )}
+              </Flex>
+            </ContentLayout>
+          </Form>
+        )}
+      </Formik>
+    </Main>
+  );
+};
+
+export const ProtectedRolesCreatePage = () => (
+  <CheckPagePermissions permissions={PERMISSIONS.createRole}>
+    <CreatePage />
+  </CheckPagePermissions>
+);

package/admin/src/pages/Roles/pages/EditPage.js

@@ -0,0 +1,211 @@
+import * as React from 'react';
+
+import {
+  ContentLayout,
+  HeaderLayout,
+  Main,
+  Button,
+  Flex,
+  TextInput,
+  Textarea,
+  Typography,
+  GridItem,
+  Grid,
+} from '@strapi/design-system';
+import {
+  CheckPagePermissions,
+  useOverlayBlocker,
+  SettingsPageTitle,
+  LoadingIndicatorPage,
+  Form,
+  useAPIErrorHandler,
+  useFetchClient,
+  useNotification,
+  Link,
+} from '@strapi/helper-plugin';
+import { ArrowLeft, Check } from '@strapi/icons';
+import { Formik } from 'formik';
+import { useIntl } from 'react-intl';
+import { useQuery, useMutation } from 'react-query';
+import { useRouteMatch } from 'react-router-dom';
+
+import UsersPermissions from '../../../components/UsersPermissions';
+import { PERMISSIONS } from '../../../constants';
+import getTrad from '../../../utils/getTrad';
+import { createRoleSchema } from '../constants';
+import { usePlugins } from '../hooks/usePlugins';
+
+export const EditPage = () => {
+  const { formatMessage } = useIntl();
+  const toggleNotification = useNotification();
+  const { lockApp, unlockApp } = useOverlayBlocker();
+  const {
+    params: { id },
+  } = useRouteMatch(`/settings/users-permissions/roles/:id`);
+  const { get } = useFetchClient();
+  const { isLoading: isLoadingPlugins, routes } = usePlugins();
+  const {
+    data: role,
+    isLoading: isLoadingRole,
+    refetch: refetchRole,
+  } = useQuery(['users-permissions', 'role', id], async () => {
+    // TODO: why doesn't this endpoint follow the admin API conventions?
+    const {
+      data: { role },
+    } = await get(`/users-permissions/roles/${id}`);
+
+    return role;
+  });
+
+  const permissionsRef = React.useRef();
+  const { put } = useFetchClient();
+  const { formatAPIError } = useAPIErrorHandler();
+  const mutation = useMutation((body) => put(`/users-permissions/roles/${id}`, body), {
+    onError(error) {
+      toggleNotification({
+        type: 'warning',
+        message: formatAPIError(error),
+      });
+    },
+
+    async onSuccess() {
+      toggleNotification({
+        type: 'success',
+        message: {
+          id: getTrad('Settings.roles.created'),
+          defaultMessage: 'Role edited',
+        },
+      });
+
+      await refetchRole();
+    },
+  });
+
+  const handleEditRoleSubmit = async (data) => {
+    // Set loading state
+    lockApp();
+
+    const permissions = permissionsRef.current.getPermissions();
+
+    await mutation.mutate({ ...data, ...permissions, users: [] });
+
+    unlockApp();
+  };
+
+  if (isLoadingRole) {
+    return <LoadingIndicatorPage />;
+  }
+
+  return (
+    <Main>
+      {/* TODO: this needs to be translated */}
+      <SettingsPageTitle name="Roles" />
+      <Formik
+        enableReinitialize
+        initialValues={{ name: role.name, description: role.description }}
+        onSubmit={handleEditRoleSubmit}
+        validationSchema={createRoleSchema}
+      >
+        {({ handleSubmit, values, handleChange, errors }) => (
+          <Form noValidate onSubmit={handleSubmit}>
+            <HeaderLayout
+              primaryAction={
+                !isLoadingPlugins && (
+                  <Button
+                    disabled={role.code === 'strapi-super-admin'}
+                    type="submit"
+                    loading={mutation.isLoading}
+                    startIcon={<Check />}
+                  >
+                    {formatMessage({
+                      id: 'global.save',
+                      defaultMessage: 'Save',
+                    })}
+                  </Button>
+                )
+              }
+              title={role.name}
+              subtitle={role.description}
+              navigationAction={
+                <Link startIcon={<ArrowLeft />} to="/settings/users-permissions/roles">
+                  {formatMessage({
+                    id: 'global.back',
+                    defaultMessage: 'Back',
+                  })}
+                </Link>
+              }
+            />
+            <ContentLayout>
+              <Flex
+                background="neutral0"
+                direction="column"
+                alignItems="stretch"
+                gap={7}
+                hasRadius
+                paddingTop={6}
+                paddingBottom={6}
+                paddingLeft={7}
+                paddingRight={7}
+                shadow="filterShadow"
+              >
+                <Flex direction="column" alignItems="stretch" gap={4}>
+                  <Typography variant="delta" as="h2">
+                    {formatMessage({
+                      id: getTrad('EditPage.form.roles'),
+                      defaultMessage: 'Role details',
+                    })}
+                  </Typography>
+
+                  <Grid gap={4}>
+                    <GridItem col={6}>
+                      <TextInput
+                        name="name"
+                        value={values.name || ''}
+                        onChange={handleChange}
+                        label={formatMessage({
+                          id: 'global.name',
+                          defaultMessage: 'Name',
+                        })}
+                        error={errors?.name ? formatMessage({ id: errors.name }) : false}
+                        required
+                      />
+                    </GridItem>
+                    <GridItem col={6}>
+                      <Textarea
+                        id="description"
+                        value={values.description || ''}
+                        onChange={handleChange}
+                        label={formatMessage({
+                          id: 'global.description',
+                          defaultMessage: 'Description',
+                        })}
+                        error={
+                          errors?.description ? formatMessage({ id: errors.description }) : false
+                        }
+                        required
+                      />
+                    </GridItem>
+                  </Grid>
+                </Flex>
+
+                {!isLoadingPlugins && (
+                  <UsersPermissions
+                    ref={permissionsRef}
+                    permissions={role.permissions}
+                    routes={routes}
+                  />
+                )}
+              </Flex>
+            </ContentLayout>
+          </Form>
+        )}
+      </Formik>
+    </Main>
+  );
+};
+
+export const ProtectedRolesEditPage = () => (
+  <CheckPagePermissions permissions={PERMISSIONS.updateRole}>
+    <EditPage />
+  </CheckPagePermissions>
+);

package/admin/src/pages/Roles/{ListPage → pages/ListPage}/components/TableBody.js

@@ -1,13 +1,39 @@
 import React from 'react';
 
-import { Flex, IconButton, Tbody, Td, Tr, Typography } from '@strapi/design-system';
-import { CheckPermissions, onRowClick, stopPropagation } from '@strapi/helper-plugin';
+import { Flex, IconButton, Link, Tbody, Td, Tr, Typography } from '@strapi/design-system';
+import { CheckPermissions, onRowClick, pxToRem, stopPropagation } from '@strapi/helper-plugin';
 import { Pencil, Trash } from '@strapi/icons';
 import PropTypes from 'prop-types';
 import { useIntl } from 'react-intl';
 import { useHistory } from 'react-router-dom';
+import styled from 'styled-components';
 
-import pluginId from '../../../../pluginId';
+const EditLink = styled(Link)`
+  align-items: center;
+  height: ${pxToRem(32)};
+  display: flex;
+  justify-content: center;
+  padding: ${({ theme }) => `${theme.spaces[2]}}`};
+  width: ${pxToRem(32)};
+
+  svg {
+    height: ${pxToRem(12)};
+    width: ${pxToRem(12)};
+
+    path {
+      fill: ${({ theme }) => theme.colors.neutral500};
+    }
+  }
+
+  &:hover,
+  &:focus {
+    svg {
+      path {
+        fill: ${({ theme }) => theme.colors.neutral800};
+      }
+    }
+  }
+`;
 
 const TableBody = ({ sortedRoles, canDelete, permissions, setRoleToDelete, onDelete }) => {
   const { formatMessage } = useIntl();
@@ -23,7 +49,7 @@ const TableBody = ({ sortedRoles, canDelete, permissions, setRoleToDelete, onDel
   };
 
   const handleClickEdit = (id) => {
-    push(`/settings/${pluginId}/roles/${id}`);
+    push(`/settings/users-permissions/roles/${id}`);
   };
 
   return (
@@ -50,16 +76,17 @@ const TableBody = ({ sortedRoles, canDelete, permissions, setRoleToDelete, onDel
           <Td>
             <Flex justifyContent="end" {...stopPropagation}>
               <CheckPermissions permissions={permissions.updateRole}>
-                <IconButton
-                  onClick={() => handleClickEdit(role.id)}
-                  noBorder
-                  icon={<Pencil />}
-                  label={formatMessage(
+                <EditLink
+                  to={`/settings/users-permissions/roles/${role.id}`}
+                  aria-label={formatMessage(
                     { id: 'app.component.table.edit', defaultMessage: 'Edit {target}' },
                     { target: `${role.name}` }
                   )}
-                />
+                >
+                  <Pencil />
+                </EditLink>
               </CheckPermissions>
+
               {checkCanDeleteRole(role) && (
                 <CheckPermissions permissions={permissions.deleteRole}>
                   <IconButton

package/admin/src/pages/Roles/{ListPage → pages/ListPage}/index.js

@@ -2,7 +2,6 @@ import React, { useState } from 'react';
 
 import {
   ActionLayout,
-  Button,
   ContentLayout,
   HeaderLayout,
   Layout,
@@ -16,9 +15,11 @@ import {
   VisuallyHidden,
 } from '@strapi/design-system';
 import {
+  CheckPagePermissions,
   CheckPermissions,
   ConfirmDialog,
   EmptyStateLayout,
+  LinkButton,
   LoadingIndicatorPage,
   NoPermissions,
   SearchURLQuery,
@@ -34,19 +35,16 @@ import {
 import { Plus } from '@strapi/icons';
 import { useIntl } from 'react-intl';
 import { useMutation, useQuery } from 'react-query';
-import { useHistory } from 'react-router-dom';
 
-import { PERMISSIONS } from '../../../constants';
-import pluginId from '../../../pluginId';
-import { getTrad } from '../../../utils';
+import { PERMISSIONS } from '../../../../constants';
+import { getTrad } from '../../../../utils';
 
 import TableBody from './components/TableBody';
 import { deleteData, fetchData } from './utils/api';
 
-const RoleListPage = () => {
+export const RolesListPage = () => {
   const { trackUsage } = useTracking();
   const { formatMessage, locale } = useIntl();
-  const { push } = useHistory();
   const toggleNotification = useNotification();
   const { notifyStatus } = useNotifyAT();
   const [{ query }] = useQueryParams();
@@ -89,11 +87,6 @@ const RoleListPage = () => {
 
   const isLoading = isLoadingForData || isFetching;
 
-  const handleNewRoleClick = () => {
-    trackUsage('willCreateRole');
-    push(`/settings/${pluginId}/roles/new`);
-  };
-
   const handleShowConfirmDelete = () => {
     setShowConfirmDelete(!showConfirmDelete);
   };
@@ -153,12 +146,17 @@ const RoleListPage = () => {
           })}
           primaryAction={
             <CheckPermissions permissions={PERMISSIONS.createRole}>
-              <Button onClick={handleNewRoleClick} startIcon={<Plus />} size="S">
+              <LinkButton
+                to="/settings/users-permissions/roles/new"
+                onClick={() => trackUsage('willCreateRole')}
+                startIcon={<Plus />}
+                size="S"
+              >
                 {formatMessage({
                   id: getTrad('List.button.roles'),
                   defaultMessage: 'Add new role',
                 })}
-              </Button>
+              </LinkButton>
             </CheckPermissions>
           }
         />
@@ -235,4 +233,10 @@ const RoleListPage = () => {
   );
 };
 
-export default RoleListPage;
+export const ProtectedRolesListPage = () => {
+  return (
+    <CheckPagePermissions permissions={PERMISSIONS.accessRoles}>
+      <RolesListPage />
+    </CheckPagePermissions>
+  );
+};

package/jest.config.front.js

@@ -3,5 +3,5 @@
 module.exports = {
   preset: '../../../jest-preset.front.js',
   displayName: 'Users & Permissions plugin',
-  setupFilesAfterEnv: ['./tests/setup.js'],
+  setupFilesAfterEnv: ['./admin/src/tests/setup.js'],
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/plugin-users-permissions",
-  "version": "4.13.0-beta.0",
+  "version": "4.13.0",
   "description": "Protect your API with a full-authentication process based on JWT",
   "repository": {
     "type": "git",
@@ -30,9 +30,9 @@
   },
   "dependencies": {
     "@strapi/design-system": "1.9.0",
-    "@strapi/helper-plugin": "4.13.0-beta.0",
+    "@strapi/helper-plugin": "4.13.0",
     "@strapi/icons": "1.9.0",
-    "@strapi/utils": "4.13.0-beta.0",
+    "@strapi/utils": "4.13.0",
     "bcryptjs": "2.4.3",
     "formik": "2.4.0",
     "grant-koa": "5.4.8",
@@ -77,5 +77,5 @@
     "required": true,
     "kind": "plugin"
   },
-  "gitHead": "f1b8431a6a0b7f9bd9a8444adb56217bba91ec07"
+  "gitHead": "cc7c99b8c74d829e98d6d4bc5a2ba364587a3be9"
 }

package/server/bootstrap/index.js

@@ -10,10 +10,12 @@
 const crypto = require('crypto');
 const _ = require('lodash');
 const urljoin = require('url-join');
+const { isArray } = require('lodash/fp');
 const { getService } = require('../utils');
 const getGrantConfig = require('./grant-config');
 
 const usersPermissionsActions = require('./users-permissions-actions');
+const userSchema = require('../content-types/user');
 
 const initGrant = async (pluginStore) => {
   const apiPrefix = strapi.config.get('api.rest.prefix');
@@ -97,6 +99,27 @@ const initAdvancedOptions = async (pluginStore) => {
   }
 };
 
+const userSchemaAdditions = () => {
+  const defaultSchema = Object.keys(userSchema.attributes);
+  const currentSchema = Object.keys(
+    strapi.contentTypes['plugin::users-permissions.user'].attributes
+  );
+
+  // Some dynamic fields may not have been initialized yet, so we need to ignore them
+  // TODO: we should have a global method for finding these
+  const ignoreDiffs = [
+    'createdBy',
+    'createdAt',
+    'updatedBy',
+    'updatedAt',
+    'publishedAt',
+    'strapi_stage',
+    'strapi_assignee',
+  ];
+
+  return currentSchema.filter((key) => !(ignoreDiffs.includes(key) || defaultSchema.includes(key)));
+};
+
 module.exports = async ({ strapi }) => {
   const pluginStore = strapi.store({ type: 'plugin', name: 'users-permissions' });
 
@@ -130,4 +153,17 @@ For security reasons, prefer storing the secret in an environment variable and r
       );
     }
   }
+
+  // TODO v5: Remove this block of code and default allowedFields to empty array
+  if (!isArray(strapi.config.get('plugin.users-permissions.register.allowedFields'))) {
+    const modifications = userSchemaAdditions();
+    if (modifications.length > 0) {
+      // if there is a potential vulnerability, show a warning
+      strapi.log.warn(
+        `Users-permissions registration has defaulted to accepting the following additional user fields during registration: ${modifications.join(
+          ','
+        )}`
+      );
+    }
+  }
 };