@strapi/plugin-users-permissions 4.3.2 → 4.3.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/admin/src/components/BoundRoute/getMethodColor.js +1 -1
- package/admin/src/components/BoundRoute/index.js +1 -1
- package/admin/src/components/FormModal/Input/index.js +1 -1
- package/admin/src/components/FormModal/index.js +7 -9
- package/admin/src/components/Permissions/PermissionRow/CheckboxWrapper.js +3 -3
- package/admin/src/components/Permissions/PermissionRow/SubCategory.js +10 -14
- package/admin/src/components/Permissions/PermissionRow/index.js +1 -1
- package/admin/src/components/Permissions/index.js +2 -2
- package/admin/src/components/Permissions/init.js +1 -1
- package/admin/src/components/Permissions/reducer.js +1 -1
- package/admin/src/components/Policies/index.js +1 -1
- package/admin/src/components/UsersPermissions/index.js +5 -5
- package/admin/src/components/UsersPermissions/reducer.js +1 -1
- package/admin/src/hooks/useFetchRole/index.js +3 -3
- package/admin/src/hooks/useFetchRole/reducer.js +1 -1
- package/admin/src/hooks/useForm/index.js +1 -1
- package/admin/src/hooks/useForm/reducer.js +1 -1
- package/admin/src/hooks/usePlugins/index.js +1 -1
- package/admin/src/hooks/usePlugins/reducer.js +1 -1
- package/admin/src/hooks/useRolesList/reducer.js +1 -1
- package/admin/src/index.js +5 -5
- package/admin/src/pages/AdvancedSettings/index.js +11 -10
- package/admin/src/pages/AdvancedSettings/utils/api.js +1 -1
- package/admin/src/pages/AdvancedSettings/utils/schema.js +2 -4
- package/admin/src/pages/EmailTemplates/index.js +8 -8
- package/admin/src/pages/EmailTemplates/utils/api.js +1 -1
- package/admin/src/pages/EmailTemplates/utils/schema.js +1 -4
- package/admin/src/pages/Providers/index.js +22 -22
- package/admin/src/pages/Providers/reducer.js +1 -1
- package/admin/src/pages/Providers/utils/api.js +2 -2
- package/admin/src/pages/Providers/utils/createProvidersArray.js +1 -1
- package/admin/src/pages/Roles/CreatePage/index.js +1 -1
- package/admin/src/pages/Roles/EditPage/index.js +1 -1
- package/admin/src/pages/Roles/ListPage/components/TableBody.js +5 -4
- package/admin/src/pages/Roles/ListPage/index.js +2 -2
- package/admin/src/utils/axiosInstance.js +4 -4
- package/admin/src/utils/cleanPermissions.js +1 -1
- package/admin/src/utils/formatPolicies.js +1 -1
- package/admin/src/utils/getRequestURL.js +1 -1
- package/admin/src/utils/getTrad.js +1 -1
- package/documentation/content-api.yaml +36 -1
- package/jest.config.front.js +1 -1
- package/package.json +12 -7
- package/server/bootstrap/grant-config.js +1 -1
- package/server/bootstrap/index.js +39 -39
- package/server/controllers/auth.js +33 -5
- package/server/controllers/content-manager-user.js +4 -12
- package/server/controllers/settings.js +1 -1
- package/server/controllers/user.js +2 -2
- package/server/controllers/validation/auth.js +15 -12
- package/server/controllers/validation/email-template.js +3 -2
- package/server/controllers/validation/user.js +4 -16
- package/server/graphql/mutations/auth/change-password.js +38 -0
- package/server/graphql/mutations/auth/forgot-password.js +1 -4
- package/server/graphql/mutations/auth/login.js +1 -4
- package/server/graphql/mutations/auth/register.js +1 -4
- package/server/graphql/mutations/auth/reset-password.js +1 -4
- package/server/graphql/mutations/crud/role/create-role.js +1 -4
- package/server/graphql/mutations/crud/role/delete-role.js +1 -4
- package/server/graphql/mutations/crud/role/update-role.js +1 -4
- package/server/graphql/mutations/crud/user/create-user.js +1 -4
- package/server/graphql/mutations/crud/user/delete-user.js +1 -4
- package/server/graphql/mutations/crud/user/update-user.js +1 -4
- package/server/graphql/mutations/index.js +2 -1
- package/server/graphql/resolvers-configs.js +5 -0
- package/server/graphql/types/index.js +1 -1
- package/server/middlewares/rateLimit.js +22 -25
- package/server/register.js +2 -4
- package/server/routes/content-api/auth.js +9 -0
- package/server/services/jwt.js +11 -9
- package/server/services/providers-registry.js +33 -42
- package/server/services/providers.js +6 -6
- package/server/services/role.js +7 -7
- package/server/services/user.js +1 -8
- package/server/services/users-permissions.js +13 -12
- package/server/strategies/users-permissions.js +3 -3
- package/server/utils/index.js +1 -1
package/server/services/role.js
CHANGED
|
@@ -53,7 +53,7 @@ module.exports = ({ strapi }) => ({
|
|
|
53
53
|
const allActions = getService('users-permissions').getActions();
|
|
54
54
|
|
|
55
55
|
// Group by `type`.
|
|
56
|
-
role.permissions.forEach(permission => {
|
|
56
|
+
role.permissions.forEach((permission) => {
|
|
57
57
|
const [type, controller, action] = permission.action.split('.');
|
|
58
58
|
|
|
59
59
|
_.set(allActions, `${type}.controllers.${controller}.${action}`, {
|
|
@@ -124,11 +124,11 @@ module.exports = ({ strapi }) => ({
|
|
|
124
124
|
}, []);
|
|
125
125
|
|
|
126
126
|
const toCreate = newActions
|
|
127
|
-
.filter(action => !oldActions.includes(action))
|
|
128
|
-
.map(action => ({ action, role: role.id }));
|
|
127
|
+
.filter((action) => !oldActions.includes(action))
|
|
128
|
+
.map((action) => ({ action, role: role.id }));
|
|
129
129
|
|
|
130
130
|
await Promise.all(
|
|
131
|
-
toDelete.map(permission =>
|
|
131
|
+
toDelete.map((permission) =>
|
|
132
132
|
strapi
|
|
133
133
|
.query('plugin::users-permissions.permission')
|
|
134
134
|
.delete({ where: { id: permission.id } })
|
|
@@ -136,7 +136,7 @@ module.exports = ({ strapi }) => ({
|
|
|
136
136
|
);
|
|
137
137
|
|
|
138
138
|
await Promise.all(
|
|
139
|
-
toCreate.map(permissionInfo =>
|
|
139
|
+
toCreate.map((permissionInfo) =>
|
|
140
140
|
strapi.query('plugin::users-permissions.permission').create({ data: permissionInfo })
|
|
141
141
|
)
|
|
142
142
|
);
|
|
@@ -153,7 +153,7 @@ module.exports = ({ strapi }) => ({
|
|
|
153
153
|
|
|
154
154
|
// Move users to guest role.
|
|
155
155
|
await Promise.all(
|
|
156
|
-
role.users.map(user => {
|
|
156
|
+
role.users.map((user) => {
|
|
157
157
|
return strapi.query('plugin::users-permissions.user').update({
|
|
158
158
|
where: { id: user.id },
|
|
159
159
|
data: { role: publicRoleID },
|
|
@@ -164,7 +164,7 @@ module.exports = ({ strapi }) => ({
|
|
|
164
164
|
// Remove permissions related to this role.
|
|
165
165
|
// TODO: use delete many
|
|
166
166
|
await Promise.all(
|
|
167
|
-
role.permissions.map(permission => {
|
|
167
|
+
role.permissions.map((permission) => {
|
|
168
168
|
return strapi.query('plugin::users-permissions.permission').delete({
|
|
169
169
|
where: { id: permission.id },
|
|
170
170
|
});
|
package/server/services/user.js
CHANGED
|
@@ -87,13 +87,6 @@ module.exports = ({ strapi }) => ({
|
|
|
87
87
|
async remove(params) {
|
|
88
88
|
return strapi.query('plugin::users-permissions.user').delete({ where: params });
|
|
89
89
|
},
|
|
90
|
-
isHashed(password) {
|
|
91
|
-
if (typeof password !== 'string' || !password) {
|
|
92
|
-
return false;
|
|
93
|
-
}
|
|
94
|
-
|
|
95
|
-
return password.split('$').length === 4;
|
|
96
|
-
},
|
|
97
90
|
|
|
98
91
|
validatePassword(password, hash) {
|
|
99
92
|
return bcrypt.compare(password, hash);
|
|
@@ -106,7 +99,7 @@ module.exports = ({ strapi }) => ({
|
|
|
106
99
|
|
|
107
100
|
const settings = await pluginStore
|
|
108
101
|
.get({ key: 'email' })
|
|
109
|
-
.then(storeEmail => storeEmail
|
|
102
|
+
.then((storeEmail) => storeEmail.email_confirmation.options);
|
|
110
103
|
|
|
111
104
|
// Sanitize the template's user information
|
|
112
105
|
const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput(userSchema, user);
|
|
@@ -15,9 +15,10 @@ const DEFAULT_PERMISSIONS = [
|
|
|
15
15
|
{ action: 'plugin::users-permissions.auth.emailConfirmation', roleType: 'public' },
|
|
16
16
|
{ action: 'plugin::users-permissions.auth.sendEmailConfirmation', roleType: 'public' },
|
|
17
17
|
{ action: 'plugin::users-permissions.user.me', roleType: 'authenticated' },
|
|
18
|
+
{ action: 'plugin::users-permissions.auth.changePassword', roleType: 'authenticated' },
|
|
18
19
|
];
|
|
19
20
|
|
|
20
|
-
const transformRoutePrefixFor = pluginName => route => {
|
|
21
|
+
const transformRoutePrefixFor = (pluginName) => (route) => {
|
|
21
22
|
const prefix = route.config && route.config.prefix;
|
|
22
23
|
const path = prefix !== undefined ? `${prefix}${route.path}` : `/${pluginName}${route.path}`;
|
|
23
24
|
|
|
@@ -31,7 +32,7 @@ module.exports = ({ strapi }) => ({
|
|
|
31
32
|
getActions({ defaultEnable = false } = {}) {
|
|
32
33
|
const actionMap = {};
|
|
33
34
|
|
|
34
|
-
const isContentApi = action => {
|
|
35
|
+
const isContentApi = (action) => {
|
|
35
36
|
if (!_.has(action, Symbol.for('__type__'))) {
|
|
36
37
|
return false;
|
|
37
38
|
}
|
|
@@ -100,20 +101,20 @@ module.exports = ({ strapi }) => ({
|
|
|
100
101
|
const routesMap = {};
|
|
101
102
|
|
|
102
103
|
_.forEach(strapi.api, (api, apiName) => {
|
|
103
|
-
const routes = _.flatMap(api.routes, route => {
|
|
104
|
+
const routes = _.flatMap(api.routes, (route) => {
|
|
104
105
|
if (_.has(route, 'routes')) {
|
|
105
106
|
return route.routes;
|
|
106
107
|
}
|
|
107
108
|
|
|
108
109
|
return route;
|
|
109
|
-
}).filter(route => route.info.type === 'content-api');
|
|
110
|
+
}).filter((route) => route.info.type === 'content-api');
|
|
110
111
|
|
|
111
112
|
if (routes.length === 0) {
|
|
112
113
|
return;
|
|
113
114
|
}
|
|
114
115
|
|
|
115
116
|
const apiPrefix = strapi.config.get('api.rest.prefix');
|
|
116
|
-
routesMap[`api::${apiName}`] = routes.map(route => ({
|
|
117
|
+
routesMap[`api::${apiName}`] = routes.map((route) => ({
|
|
117
118
|
...route,
|
|
118
119
|
path: urlJoin(apiPrefix, route.path),
|
|
119
120
|
}));
|
|
@@ -122,20 +123,20 @@ module.exports = ({ strapi }) => ({
|
|
|
122
123
|
_.forEach(strapi.plugins, (plugin, pluginName) => {
|
|
123
124
|
const transformPrefix = transformRoutePrefixFor(pluginName);
|
|
124
125
|
|
|
125
|
-
const routes = _.flatMap(plugin.routes, route => {
|
|
126
|
+
const routes = _.flatMap(plugin.routes, (route) => {
|
|
126
127
|
if (_.has(route, 'routes')) {
|
|
127
128
|
return route.routes.map(transformPrefix);
|
|
128
129
|
}
|
|
129
130
|
|
|
130
131
|
return transformPrefix(route);
|
|
131
|
-
}).filter(route => route.info.type === 'content-api');
|
|
132
|
+
}).filter((route) => route.info.type === 'content-api');
|
|
132
133
|
|
|
133
134
|
if (routes.length === 0) {
|
|
134
135
|
return;
|
|
135
136
|
}
|
|
136
137
|
|
|
137
138
|
const apiPrefix = strapi.config.get('api.rest.prefix');
|
|
138
|
-
routesMap[`plugin::${pluginName}`] = routes.map(route => ({
|
|
139
|
+
routesMap[`plugin::${pluginName}`] = routes.map((route) => ({
|
|
139
140
|
...route,
|
|
140
141
|
path: urlJoin(apiPrefix, route.path),
|
|
141
142
|
}));
|
|
@@ -152,7 +153,7 @@ module.exports = ({ strapi }) => ({
|
|
|
152
153
|
|
|
153
154
|
const appActions = _.flatMap(strapi.api, (api, apiName) => {
|
|
154
155
|
return _.flatMap(api.controllers, (controller, controllerName) => {
|
|
155
|
-
return _.keys(controller).map(actionName => {
|
|
156
|
+
return _.keys(controller).map((actionName) => {
|
|
156
157
|
return `api::${apiName}.${controllerName}.${actionName}`;
|
|
157
158
|
});
|
|
158
159
|
});
|
|
@@ -160,7 +161,7 @@ module.exports = ({ strapi }) => ({
|
|
|
160
161
|
|
|
161
162
|
const pluginsActions = _.flatMap(strapi.plugins, (plugin, pluginName) => {
|
|
162
163
|
return _.flatMap(plugin.controllers, (controller, controllerName) => {
|
|
163
|
-
return _.keys(controller).map(actionName => {
|
|
164
|
+
return _.keys(controller).map((actionName) => {
|
|
164
165
|
return `plugin::${pluginName}.${controllerName}.${actionName}`;
|
|
165
166
|
});
|
|
166
167
|
});
|
|
@@ -171,7 +172,7 @@ module.exports = ({ strapi }) => ({
|
|
|
171
172
|
const toDelete = _.difference(permissionsFoundInDB, allActions);
|
|
172
173
|
|
|
173
174
|
await Promise.all(
|
|
174
|
-
toDelete.map(action => {
|
|
175
|
+
toDelete.map((action) => {
|
|
175
176
|
return strapi.query('plugin::users-permissions.permission').delete({ where: { action } });
|
|
176
177
|
})
|
|
177
178
|
);
|
|
@@ -185,7 +186,7 @@ module.exports = ({ strapi }) => ({
|
|
|
185
186
|
)(DEFAULT_PERMISSIONS);
|
|
186
187
|
|
|
187
188
|
await Promise.all(
|
|
188
|
-
toCreate.map(action => {
|
|
189
|
+
toCreate.map((action) => {
|
|
189
190
|
return strapi.query('plugin::users-permissions.permission').create({
|
|
190
191
|
data: {
|
|
191
192
|
action,
|
|
@@ -9,7 +9,7 @@ const getAdvancedSettings = () => {
|
|
|
9
9
|
return strapi.store({ type: 'plugin', name: 'users-permissions' }).get({ key: 'advanced' });
|
|
10
10
|
};
|
|
11
11
|
|
|
12
|
-
const authenticate = async ctx => {
|
|
12
|
+
const authenticate = async (ctx) => {
|
|
13
13
|
try {
|
|
14
14
|
const token = await getService('jwt').getToken(ctx);
|
|
15
15
|
|
|
@@ -77,7 +77,7 @@ const verify = async (auth, config) => {
|
|
|
77
77
|
}
|
|
78
78
|
}
|
|
79
79
|
|
|
80
|
-
let allowedActions = auth
|
|
80
|
+
let { allowedActions } = auth;
|
|
81
81
|
|
|
82
82
|
if (!allowedActions) {
|
|
83
83
|
const permissions = await strapi.query('plugin::users-permissions.permission').findMany({
|
|
@@ -88,7 +88,7 @@ const verify = async (auth, config) => {
|
|
|
88
88
|
auth.allowedActions = allowedActions;
|
|
89
89
|
}
|
|
90
90
|
|
|
91
|
-
const isAllowed = castArray(config.scope).every(scope => allowedActions.includes(scope));
|
|
91
|
+
const isAllowed = castArray(config.scope).every((scope) => allowedActions.includes(scope));
|
|
92
92
|
|
|
93
93
|
if (!isAllowed) {
|
|
94
94
|
throw new ForbiddenError();
|