@strapi/plugin-users-permissions 4.3.3 → 4.3.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/admin/src/components/BoundRoute/getMethodColor.js +1 -1
- package/admin/src/components/BoundRoute/index.js +1 -1
- package/admin/src/components/FormModal/Input/index.js +1 -1
- package/admin/src/components/FormModal/index.js +7 -9
- package/admin/src/components/Permissions/PermissionRow/CheckboxWrapper.js +3 -3
- package/admin/src/components/Permissions/PermissionRow/SubCategory.js +10 -14
- package/admin/src/components/Permissions/PermissionRow/index.js +1 -1
- package/admin/src/components/Permissions/index.js +2 -2
- package/admin/src/components/Permissions/init.js +1 -1
- package/admin/src/components/Permissions/reducer.js +1 -1
- package/admin/src/components/Policies/index.js +1 -1
- package/admin/src/components/UsersPermissions/index.js +5 -5
- package/admin/src/components/UsersPermissions/reducer.js +1 -1
- package/admin/src/hooks/useFetchRole/index.js +3 -3
- package/admin/src/hooks/useFetchRole/reducer.js +1 -1
- package/admin/src/hooks/useForm/index.js +1 -1
- package/admin/src/hooks/useForm/reducer.js +1 -1
- package/admin/src/hooks/usePlugins/index.js +1 -1
- package/admin/src/hooks/usePlugins/reducer.js +1 -1
- package/admin/src/hooks/useRolesList/reducer.js +1 -1
- package/admin/src/index.js +5 -5
- package/admin/src/pages/AdvancedSettings/index.js +11 -10
- package/admin/src/pages/AdvancedSettings/utils/api.js +1 -1
- package/admin/src/pages/AdvancedSettings/utils/schema.js +2 -4
- package/admin/src/pages/EmailTemplates/index.js +8 -8
- package/admin/src/pages/EmailTemplates/utils/api.js +1 -1
- package/admin/src/pages/EmailTemplates/utils/schema.js +1 -4
- package/admin/src/pages/Providers/index.js +22 -22
- package/admin/src/pages/Providers/reducer.js +1 -1
- package/admin/src/pages/Providers/utils/api.js +2 -2
- package/admin/src/pages/Providers/utils/createProvidersArray.js +1 -1
- package/admin/src/pages/Roles/CreatePage/index.js +1 -1
- package/admin/src/pages/Roles/EditPage/index.js +1 -1
- package/admin/src/pages/Roles/ListPage/components/TableBody.js +5 -4
- package/admin/src/pages/Roles/ListPage/index.js +2 -2
- package/admin/src/utils/axiosInstance.js +4 -4
- package/admin/src/utils/cleanPermissions.js +1 -1
- package/admin/src/utils/formatPolicies.js +1 -1
- package/admin/src/utils/getRequestURL.js +1 -1
- package/admin/src/utils/getTrad.js +1 -1
- package/documentation/content-api.yaml +1 -1
- package/jest.config.front.js +1 -1
- package/package.json +12 -7
- package/server/bootstrap/grant-config.js +1 -1
- package/server/bootstrap/index.js +39 -39
- package/server/controllers/auth.js +14 -5
- package/server/controllers/content-manager-user.js +4 -12
- package/server/controllers/settings.js +1 -1
- package/server/controllers/user.js +2 -2
- package/server/controllers/validation/auth.js +3 -12
- package/server/controllers/validation/email-template.js +3 -2
- package/server/controllers/validation/user.js +4 -16
- package/server/graphql/mutations/auth/change-password.js +1 -4
- package/server/graphql/mutations/auth/forgot-password.js +1 -4
- package/server/graphql/mutations/auth/login.js +1 -4
- package/server/graphql/mutations/auth/register.js +1 -4
- package/server/graphql/mutations/auth/reset-password.js +1 -4
- package/server/graphql/mutations/crud/role/create-role.js +1 -4
- package/server/graphql/mutations/crud/role/delete-role.js +1 -4
- package/server/graphql/mutations/crud/role/update-role.js +1 -4
- package/server/graphql/mutations/crud/user/create-user.js +1 -4
- package/server/graphql/mutations/crud/user/delete-user.js +1 -4
- package/server/graphql/mutations/crud/user/update-user.js +1 -4
- package/server/graphql/mutations/index.js +1 -1
- package/server/graphql/types/index.js +1 -1
- package/server/middlewares/rateLimit.js +22 -25
- package/server/register.js +2 -4
- package/server/services/jwt.js +11 -9
- package/server/services/providers-registry.js +33 -42
- package/server/services/providers.js +6 -6
- package/server/services/role.js +7 -7
- package/server/services/user.js +1 -1
- package/server/services/users-permissions.js +12 -12
- package/server/strategies/users-permissions.js +3 -3
- package/server/utils/index.js +1 -1
|
@@ -18,7 +18,7 @@ const DEFAULT_PERMISSIONS = [
|
|
|
18
18
|
{ action: 'plugin::users-permissions.auth.changePassword', roleType: 'authenticated' },
|
|
19
19
|
];
|
|
20
20
|
|
|
21
|
-
const transformRoutePrefixFor = pluginName => route => {
|
|
21
|
+
const transformRoutePrefixFor = (pluginName) => (route) => {
|
|
22
22
|
const prefix = route.config && route.config.prefix;
|
|
23
23
|
const path = prefix !== undefined ? `${prefix}${route.path}` : `/${pluginName}${route.path}`;
|
|
24
24
|
|
|
@@ -32,7 +32,7 @@ module.exports = ({ strapi }) => ({
|
|
|
32
32
|
getActions({ defaultEnable = false } = {}) {
|
|
33
33
|
const actionMap = {};
|
|
34
34
|
|
|
35
|
-
const isContentApi = action => {
|
|
35
|
+
const isContentApi = (action) => {
|
|
36
36
|
if (!_.has(action, Symbol.for('__type__'))) {
|
|
37
37
|
return false;
|
|
38
38
|
}
|
|
@@ -101,20 +101,20 @@ module.exports = ({ strapi }) => ({
|
|
|
101
101
|
const routesMap = {};
|
|
102
102
|
|
|
103
103
|
_.forEach(strapi.api, (api, apiName) => {
|
|
104
|
-
const routes = _.flatMap(api.routes, route => {
|
|
104
|
+
const routes = _.flatMap(api.routes, (route) => {
|
|
105
105
|
if (_.has(route, 'routes')) {
|
|
106
106
|
return route.routes;
|
|
107
107
|
}
|
|
108
108
|
|
|
109
109
|
return route;
|
|
110
|
-
}).filter(route => route.info.type === 'content-api');
|
|
110
|
+
}).filter((route) => route.info.type === 'content-api');
|
|
111
111
|
|
|
112
112
|
if (routes.length === 0) {
|
|
113
113
|
return;
|
|
114
114
|
}
|
|
115
115
|
|
|
116
116
|
const apiPrefix = strapi.config.get('api.rest.prefix');
|
|
117
|
-
routesMap[`api::${apiName}`] = routes.map(route => ({
|
|
117
|
+
routesMap[`api::${apiName}`] = routes.map((route) => ({
|
|
118
118
|
...route,
|
|
119
119
|
path: urlJoin(apiPrefix, route.path),
|
|
120
120
|
}));
|
|
@@ -123,20 +123,20 @@ module.exports = ({ strapi }) => ({
|
|
|
123
123
|
_.forEach(strapi.plugins, (plugin, pluginName) => {
|
|
124
124
|
const transformPrefix = transformRoutePrefixFor(pluginName);
|
|
125
125
|
|
|
126
|
-
const routes = _.flatMap(plugin.routes, route => {
|
|
126
|
+
const routes = _.flatMap(plugin.routes, (route) => {
|
|
127
127
|
if (_.has(route, 'routes')) {
|
|
128
128
|
return route.routes.map(transformPrefix);
|
|
129
129
|
}
|
|
130
130
|
|
|
131
131
|
return transformPrefix(route);
|
|
132
|
-
}).filter(route => route.info.type === 'content-api');
|
|
132
|
+
}).filter((route) => route.info.type === 'content-api');
|
|
133
133
|
|
|
134
134
|
if (routes.length === 0) {
|
|
135
135
|
return;
|
|
136
136
|
}
|
|
137
137
|
|
|
138
138
|
const apiPrefix = strapi.config.get('api.rest.prefix');
|
|
139
|
-
routesMap[`plugin::${pluginName}`] = routes.map(route => ({
|
|
139
|
+
routesMap[`plugin::${pluginName}`] = routes.map((route) => ({
|
|
140
140
|
...route,
|
|
141
141
|
path: urlJoin(apiPrefix, route.path),
|
|
142
142
|
}));
|
|
@@ -153,7 +153,7 @@ module.exports = ({ strapi }) => ({
|
|
|
153
153
|
|
|
154
154
|
const appActions = _.flatMap(strapi.api, (api, apiName) => {
|
|
155
155
|
return _.flatMap(api.controllers, (controller, controllerName) => {
|
|
156
|
-
return _.keys(controller).map(actionName => {
|
|
156
|
+
return _.keys(controller).map((actionName) => {
|
|
157
157
|
return `api::${apiName}.${controllerName}.${actionName}`;
|
|
158
158
|
});
|
|
159
159
|
});
|
|
@@ -161,7 +161,7 @@ module.exports = ({ strapi }) => ({
|
|
|
161
161
|
|
|
162
162
|
const pluginsActions = _.flatMap(strapi.plugins, (plugin, pluginName) => {
|
|
163
163
|
return _.flatMap(plugin.controllers, (controller, controllerName) => {
|
|
164
|
-
return _.keys(controller).map(actionName => {
|
|
164
|
+
return _.keys(controller).map((actionName) => {
|
|
165
165
|
return `plugin::${pluginName}.${controllerName}.${actionName}`;
|
|
166
166
|
});
|
|
167
167
|
});
|
|
@@ -172,7 +172,7 @@ module.exports = ({ strapi }) => ({
|
|
|
172
172
|
const toDelete = _.difference(permissionsFoundInDB, allActions);
|
|
173
173
|
|
|
174
174
|
await Promise.all(
|
|
175
|
-
toDelete.map(action => {
|
|
175
|
+
toDelete.map((action) => {
|
|
176
176
|
return strapi.query('plugin::users-permissions.permission').delete({ where: { action } });
|
|
177
177
|
})
|
|
178
178
|
);
|
|
@@ -186,7 +186,7 @@ module.exports = ({ strapi }) => ({
|
|
|
186
186
|
)(DEFAULT_PERMISSIONS);
|
|
187
187
|
|
|
188
188
|
await Promise.all(
|
|
189
|
-
toCreate.map(action => {
|
|
189
|
+
toCreate.map((action) => {
|
|
190
190
|
return strapi.query('plugin::users-permissions.permission').create({
|
|
191
191
|
data: {
|
|
192
192
|
action,
|
|
@@ -9,7 +9,7 @@ const getAdvancedSettings = () => {
|
|
|
9
9
|
return strapi.store({ type: 'plugin', name: 'users-permissions' }).get({ key: 'advanced' });
|
|
10
10
|
};
|
|
11
11
|
|
|
12
|
-
const authenticate = async ctx => {
|
|
12
|
+
const authenticate = async (ctx) => {
|
|
13
13
|
try {
|
|
14
14
|
const token = await getService('jwt').getToken(ctx);
|
|
15
15
|
|
|
@@ -77,7 +77,7 @@ const verify = async (auth, config) => {
|
|
|
77
77
|
}
|
|
78
78
|
}
|
|
79
79
|
|
|
80
|
-
let allowedActions = auth
|
|
80
|
+
let { allowedActions } = auth;
|
|
81
81
|
|
|
82
82
|
if (!allowedActions) {
|
|
83
83
|
const permissions = await strapi.query('plugin::users-permissions.permission').findMany({
|
|
@@ -88,7 +88,7 @@ const verify = async (auth, config) => {
|
|
|
88
88
|
auth.allowedActions = allowedActions;
|
|
89
89
|
}
|
|
90
90
|
|
|
91
|
-
const isAllowed = castArray(config.scope).every(scope => allowedActions.includes(scope));
|
|
91
|
+
const isAllowed = castArray(config.scope).every((scope) => allowedActions.includes(scope));
|
|
92
92
|
|
|
93
93
|
if (!isAllowed) {
|
|
94
94
|
throw new ForbiddenError();
|