@strapi/plugin-users-permissions 5.12.1 → 5.12.3

package/dist/server/controllers/content-manager-user.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"content-manager-user.js","sources":["../../../server/controllers/content-manager-user.js"],"sourcesContent":["'use strict';\n\nconst _ = require('lodash');\nconst { contentTypes: contentTypesUtils } = require('@strapi/utils');\nconst { ApplicationError, ValidationError, NotFoundError, ForbiddenError } =\n  require('@strapi/utils').errors;\nconst { validateCreateUserBody, validateUpdateUserBody } = require('./validation/user');\n\nconst { UPDATED_BY_ATTRIBUTE, CREATED_BY_ATTRIBUTE } = contentTypesUtils.constants;\n\nconst userModel = 'plugin::users-permissions.user';\nconst ACTIONS = {\n  read: 'plugin::content-manager.explorer.read',\n  create: 'plugin::content-manager.explorer.create',\n  edit: 'plugin::content-manager.explorer.update',\n  delete: 'plugin::content-manager.explorer.delete',\n};\n\nconst findEntityAndCheckPermissions = async (ability, action, model, id) => {\n  const doc = await strapi.service('plugin::content-manager.document-manager').findOne(id, model, {\n    populate: [`${CREATED_BY_ATTRIBUTE}.roles`],\n  });\n\n  if (_.isNil(doc)) {\n    throw new NotFoundError();\n  }\n\n  const pm = strapi\n    .service('admin::permission')\n    .createPermissionsManager({ ability, action, model });\n\n  if (pm.ability.cannot(pm.action, pm.toSubject(doc))) {\n    throw new ForbiddenError();\n  }\n\n  const docWithoutCreatorRoles = _.omit(doc, `${CREATED_BY_ATTRIBUTE}.roles`);\n\n  return { pm, doc: docWithoutCreatorRoles };\n};\n\nmodule.exports = {\n  /**\n   * Create a/an user record.\n   * @return {Object}\n   */\n  async create(ctx) {\n    const { body } = ctx.request;\n    const { user: admin, userAbility } = ctx.state;\n\n    const { email, username } = body;\n\n    const pm = strapi.service('admin::permission').createPermissionsManager({\n      ability: userAbility,\n      action: ACTIONS.create,\n      model: userModel,\n    });\n\n    if (!pm.isAllowed) {\n      return ctx.forbidden();\n    }\n\n    const sanitizedBody = await pm.pickPermittedFieldsOf(body, { subject: userModel });\n\n    const advanced = await strapi\n      .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })\n      .get();\n\n    await validateCreateUserBody(ctx.request.body);\n\n    const userWithSameUsername = await strapi.db\n      .query('plugin::users-permissions.user')\n      .findOne({ where: { username } });\n\n    if (userWithSameUsername) {\n      throw new ApplicationError('Username already taken');\n    }\n\n    if (advanced.unique_email) {\n      const userWithSameEmail = await strapi.db\n        .query('plugin::users-permissions.user')\n        .findOne({ where: { email: email.toLowerCase() } });\n\n      if (userWithSameEmail) {\n        throw new ApplicationError('Email already taken');\n      }\n    }\n\n    const user = {\n      ...sanitizedBody,\n      provider: 'local',\n      [CREATED_BY_ATTRIBUTE]: admin.id,\n      [UPDATED_BY_ATTRIBUTE]: admin.id,\n    };\n\n    user.email = _.toLower(user.email);\n\n    try {\n      const data = await strapi\n        .service('plugin::content-manager.document-manager')\n        .create(userModel, { data: user });\n\n      const sanitizedData = await pm.sanitizeOutput(data, { action: ACTIONS.read });\n\n      ctx.created(sanitizedData);\n    } catch (error) {\n      throw new ApplicationError(error.message);\n    }\n  },\n  /**\n   * Update a/an user record.\n   * @return {Object}\n   */\n\n  async update(ctx) {\n    const { id: documentId } = ctx.params;\n    const { body } = ctx.request;\n    const { user: admin, userAbility } = ctx.state;\n\n    const advancedConfigs = await strapi\n      .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })\n      .get();\n\n    const { email, username, password } = body;\n\n    const { pm, doc } = await findEntityAndCheckPermissions(\n      userAbility,\n      ACTIONS.edit,\n      userModel,\n      documentId\n    );\n\n    const user = doc;\n\n    await validateUpdateUserBody(ctx.request.body);\n\n    if (_.has(body, 'password') && !password && user.provider === 'local') {\n      throw new ValidationError('password.notNull');\n    }\n\n    if (_.has(body, 'username')) {\n      const userWithSameUsername = await strapi.db\n        .query('plugin::users-permissions.user')\n        .findOne({ where: { username } });\n\n      if (userWithSameUsername && _.toString(userWithSameUsername.id) !== _.toString(user.id)) {\n        throw new ApplicationError('Username already taken');\n      }\n    }\n\n    if (_.has(body, 'email') && advancedConfigs.unique_email) {\n      const userWithSameEmail = await strapi.db\n        .query('plugin::users-permissions.user')\n        .findOne({ where: { email: _.toLower(email) } });\n\n      if (userWithSameEmail && _.toString(userWithSameEmail.id) !== _.toString(user.id)) {\n        throw new ApplicationError('Email already taken');\n      }\n\n      body.email = _.toLower(body.email);\n    }\n\n    const sanitizedData = await pm.pickPermittedFieldsOf(body, { subject: pm.toSubject(user) });\n    const updateData = _.omit({ ...sanitizedData, updatedBy: admin.id }, 'createdBy');\n\n    const data = await strapi\n      .service('plugin::content-manager.document-manager')\n      .update(documentId, userModel, {\n        data: updateData,\n      });\n\n    ctx.body = await pm.sanitizeOutput(data, { action: ACTIONS.read });\n  },\n};\n"],"names":["_","require$$0","contentTypes","contentTypesUtils","require$$1","ApplicationError","ValidationError","NotFoundError","ForbiddenError","errors","validateCreateUserBody","validateUpdateUserBody","require$$2","UPDATED_BY_ATTRIBUTE","CREATED_BY_ATTRIBUTE","constants","userModel","ACTIONS","read","create","edit","delete","findEntityAndCheckPermissions","ability","action","model","id","doc","strapi","service","findOne","populate","isNil","pm","createPermissionsManager","cannot","toSubject","docWithoutCreatorRoles","omit","contentManagerUser","ctx","body","request","user","admin","userAbility","state","email","username","isAllowed","forbidden","sanitizedBody","pickPermittedFieldsOf","subject","advanced","store","type","name","key","get","userWithSameUsername","db","query","where","unique_email","userWithSameEmail","toLowerCase","provider","toLower","data","sanitizedData","sanitizeOutput","created","error","message","update","documentId","params","advancedConfigs","password","has","toString","updateData","updatedBy"],"mappings":";;;;;;;;;;;AAEA,IAAA,MAAMA,CAAIC,GAAAA,UAAAA;AACV,IAAA,MAAM,EAAEC,YAAAA,EAAcC,iBAAiB,EAAE,GAAGC,UAAAA;IAC5C,MAAM,EAAEC,gBAAgB,EAAEC,eAAe,EAAEC,aAAa,EAAEC,cAAc,EAAE,GACxEJ,UAAAA,CAAyBK,MAAM;AACjC,IAAA,MAAM,EAAEC,sBAAsB,EAAEC,sBAAsB,EAAE,GAAGC,cAAAA,EAAAA;AAE3D,IAAA,MAAM,EAAEC,oBAAoB,EAAEC,oBAAoB,EAAE,GAAGX,kBAAkBY,SAAS;AAElF,IAAA,MAAMC,SAAY,GAAA,gCAAA;AAClB,IAAA,MAAMC,OAAU,GAAA;QACdC,IAAM,EAAA,uCAAA;QACNC,MAAQ,EAAA,yCAAA;QACRC,IAAM,EAAA,yCAAA;QACNC,MAAQ,EAAA;AACV,KAAA;AAEA,IAAA,MAAMC,6BAAgC,GAAA,OAAOC,OAASC,EAAAA,MAAAA,EAAQC,KAAOC,EAAAA,EAAAA,GAAAA;QACnE,MAAMC,GAAAA,GAAM,MAAMC,MAAOC,CAAAA,OAAO,CAAC,0CAA4CC,CAAAA,CAAAA,OAAO,CAACJ,EAAAA,EAAID,KAAO,EAAA;YAC9FM,QAAU,EAAA;gBAAC,CAAC,EAAEjB,oBAAqB,CAAA,MAAM;AAAE;AAC/C,SAAA,CAAA;QAEE,IAAId,CAAAA,CAAEgC,KAAK,CAACL,GAAM,CAAA,EAAA;AAChB,YAAA,MAAM,IAAIpB,aAAAA,EAAAA;AACX;AAED,QAAA,MAAM0B,KAAKL,MACRC,CAAAA,OAAO,CAAC,mBAAA,CAAA,CACRK,wBAAwB,CAAC;AAAEX,YAAAA,OAAAA;AAASC,YAAAA,MAAAA;AAAQC,YAAAA;AAAO,SAAA,CAAA;QAEtD,IAAIQ,EAAAA,CAAGV,OAAO,CAACY,MAAM,CAACF,EAAGT,CAAAA,MAAM,EAAES,EAAAA,CAAGG,SAAS,CAACT,GAAO,CAAA,CAAA,EAAA;AACnD,YAAA,MAAM,IAAInB,cAAAA,EAAAA;AACX;QAED,MAAM6B,sBAAAA,GAAyBrC,EAAEsC,IAAI,CAACX,KAAK,CAAC,EAAEb,oBAAqB,CAAA,MAAM,CAAC,CAAA;QAE1E,OAAO;AAAEmB,YAAAA,EAAAA;YAAIN,GAAKU,EAAAA;;AACpB,KAAA;IAEAE,kBAAiB,GAAA;AACjB;;;OAIE,MAAMpB,QAAOqB,GAAG,EAAA;AACd,YAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;YAC5B,MAAM,EAAEC,MAAMC,KAAK,EAAEC,WAAW,EAAE,GAAGL,IAAIM,KAAK;AAE9C,YAAA,MAAM,EAAEC,KAAK,EAAEC,QAAQ,EAAE,GAAGP,IAAAA;AAE5B,YAAA,MAAMR,KAAKL,MAAOC,CAAAA,OAAO,CAAC,mBAAA,CAAA,CAAqBK,wBAAwB,CAAC;gBACtEX,OAASsB,EAAAA,WAAAA;AACTrB,gBAAAA,MAAAA,EAAQP,QAAQE,MAAM;gBACtBM,KAAOT,EAAAA;AACb,aAAA,CAAA;YAEI,IAAI,CAACiB,EAAGgB,CAAAA,SAAS,EAAE;AACjB,gBAAA,OAAOT,IAAIU,SAAS,EAAA;AACrB;AAED,YAAA,MAAMC,aAAgB,GAAA,MAAMlB,EAAGmB,CAAAA,qBAAqB,CAACX,IAAM,EAAA;gBAAEY,OAASrC,EAAAA;AAAS,aAAA,CAAA;AAE/E,YAAA,MAAMsC,QAAW,GAAA,MAAM1B,MACpB2B,CAAAA,KAAK,CAAC;gBAAEC,IAAM,EAAA,QAAA;gBAAUC,IAAM,EAAA,mBAAA;gBAAqBC,GAAK,EAAA;eACxDC,GAAG,EAAA;AAEN,YAAA,MAAMjD,sBAAuB8B,CAAAA,GAAAA,CAAIE,OAAO,CAACD,IAAI,CAAA;YAE7C,MAAMmB,oBAAAA,GAAuB,MAAMhC,MAAOiC,CAAAA,EAAE,CACzCC,KAAK,CAAC,gCACNhC,CAAAA,CAAAA,OAAO,CAAC;gBAAEiC,KAAO,EAAA;AAAEf,oBAAAA;AAAQ;AAAI,aAAA,CAAA;AAElC,YAAA,IAAIY,oBAAsB,EAAA;AACxB,gBAAA,MAAM,IAAIvD,gBAAiB,CAAA,wBAAA,CAAA;AAC5B;YAED,IAAIiD,QAAAA,CAASU,YAAY,EAAE;gBACzB,MAAMC,iBAAAA,GAAoB,MAAMrC,MAAOiC,CAAAA,EAAE,CACtCC,KAAK,CAAC,gCACNhC,CAAAA,CAAAA,OAAO,CAAC;oBAAEiC,KAAO,EAAA;AAAEhB,wBAAAA,KAAAA,EAAOA,MAAMmB,WAAW;AAAI;AAAA,iBAAA,CAAA;AAElD,gBAAA,IAAID,iBAAmB,EAAA;AACrB,oBAAA,MAAM,IAAI5D,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;AACF;AAED,YAAA,MAAMsC,IAAO,GAAA;AACX,gBAAA,GAAGQ,aAAa;gBAChBgB,QAAU,EAAA,OAAA;gBACV,CAACrD,oBAAAA,GAAuB8B,KAAAA,CAAMlB,EAAE;gBAChC,CAACb,oBAAAA,GAAuB+B,KAAAA,CAAMlB;AACpC,aAAA;AAEIiB,YAAAA,IAAAA,CAAKI,KAAK,GAAG/C,CAAAA,CAAEoE,OAAO,CAACzB,KAAKI,KAAK,CAAA;YAEjC,IAAI;gBACF,MAAMsB,IAAAA,GAAO,MAAMzC,MAChBC,CAAAA,OAAO,CAAC,0CACRV,CAAAA,CAAAA,MAAM,CAACH,SAAW,EAAA;oBAAEqD,IAAM1B,EAAAA;AAAM,iBAAA,CAAA;AAEnC,gBAAA,MAAM2B,aAAgB,GAAA,MAAMrC,EAAGsC,CAAAA,cAAc,CAACF,IAAM,EAAA;AAAE7C,oBAAAA,MAAAA,EAAQP,QAAQC;AAAI,iBAAA,CAAA;AAE1EsB,gBAAAA,GAAAA,CAAIgC,OAAO,CAACF,aAAAA,CAAAA;AACb,aAAA,CAAC,OAAOG,KAAO,EAAA;gBACd,MAAM,IAAIpE,gBAAiBoE,CAAAA,KAAAA,CAAMC,OAAO,CAAA;AACzC;AACF,SAAA;AACH;;;OAKE,MAAMC,QAAOnC,GAAG,EAAA;AACd,YAAA,MAAM,EAAEd,EAAIkD,EAAAA,UAAU,EAAE,GAAGpC,IAAIqC,MAAM;AACrC,YAAA,MAAM,EAAEpC,IAAI,EAAE,GAAGD,IAAIE,OAAO;YAC5B,MAAM,EAAEC,MAAMC,KAAK,EAAEC,WAAW,EAAE,GAAGL,IAAIM,KAAK;AAE9C,YAAA,MAAMgC,eAAkB,GAAA,MAAMlD,MAC3B2B,CAAAA,KAAK,CAAC;gBAAEC,IAAM,EAAA,QAAA;gBAAUC,IAAM,EAAA,mBAAA;gBAAqBC,GAAK,EAAA;eACxDC,GAAG,EAAA;AAEN,YAAA,MAAM,EAAEZ,KAAK,EAAEC,QAAQ,EAAE+B,QAAQ,EAAE,GAAGtC,IAAAA;AAEtC,YAAA,MAAM,EAAER,EAAE,EAAEN,GAAG,EAAE,GAAG,MAAML,6BAAAA,CACxBuB,WACA5B,EAAAA,OAAAA,CAAQG,IAAI,EACZJ,SACA4D,EAAAA,UAAAA,CAAAA;AAGF,YAAA,MAAMjC,IAAOhB,GAAAA,GAAAA;AAEb,YAAA,MAAMhB,sBAAuB6B,CAAAA,GAAAA,CAAIE,OAAO,CAACD,IAAI,CAAA;YAE7C,IAAIzC,CAAAA,CAAEgF,GAAG,CAACvC,IAAM,EAAA,UAAA,CAAA,IAAe,CAACsC,QAAYpC,IAAAA,IAAAA,CAAKwB,QAAQ,KAAK,OAAS,EAAA;AACrE,gBAAA,MAAM,IAAI7D,eAAgB,CAAA,kBAAA,CAAA;AAC3B;AAED,YAAA,IAAIN,CAAEgF,CAAAA,GAAG,CAACvC,IAAAA,EAAM,UAAa,CAAA,EAAA;gBAC3B,MAAMmB,oBAAAA,GAAuB,MAAMhC,MAAOiC,CAAAA,EAAE,CACzCC,KAAK,CAAC,gCACNhC,CAAAA,CAAAA,OAAO,CAAC;oBAAEiC,KAAO,EAAA;AAAEf,wBAAAA;AAAQ;AAAI,iBAAA,CAAA;AAElC,gBAAA,IAAIY,oBAAwB5D,IAAAA,CAAAA,CAAEiF,QAAQ,CAACrB,oBAAqBlC,CAAAA,EAAE,CAAM1B,KAAAA,CAAAA,CAAEiF,QAAQ,CAACtC,IAAKjB,CAAAA,EAAE,CAAG,EAAA;AACvF,oBAAA,MAAM,IAAIrB,gBAAiB,CAAA,wBAAA,CAAA;AAC5B;AACF;AAED,YAAA,IAAIL,EAAEgF,GAAG,CAACvC,MAAM,OAAYqC,CAAAA,IAAAA,eAAAA,CAAgBd,YAAY,EAAE;gBACxD,MAAMC,iBAAAA,GAAoB,MAAMrC,MAAOiC,CAAAA,EAAE,CACtCC,KAAK,CAAC,gCACNhC,CAAAA,CAAAA,OAAO,CAAC;oBAAEiC,KAAO,EAAA;wBAAEhB,KAAO/C,EAAAA,CAAAA,CAAEoE,OAAO,CAACrB,KAAAA;AAAQ;AAAA,iBAAA,CAAA;AAE/C,gBAAA,IAAIkB,iBAAqBjE,IAAAA,CAAAA,CAAEiF,QAAQ,CAAChB,iBAAkBvC,CAAAA,EAAE,CAAM1B,KAAAA,CAAAA,CAAEiF,QAAQ,CAACtC,IAAKjB,CAAAA,EAAE,CAAG,EAAA;AACjF,oBAAA,MAAM,IAAIrB,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;AAEDoC,gBAAAA,IAAAA,CAAKM,KAAK,GAAG/C,CAAAA,CAAEoE,OAAO,CAAC3B,KAAKM,KAAK,CAAA;AAClC;AAED,YAAA,MAAMuB,aAAgB,GAAA,MAAMrC,EAAGmB,CAAAA,qBAAqB,CAACX,IAAM,EAAA;gBAAEY,OAASpB,EAAAA,EAAAA,CAAGG,SAAS,CAACO,IAAAA;AAAO,aAAA,CAAA;YAC1F,MAAMuC,UAAAA,GAAalF,CAAEsC,CAAAA,IAAI,CAAC;AAAE,gBAAA,GAAGgC,aAAa;AAAEa,gBAAAA,SAAAA,EAAWvC,MAAMlB;aAAM,EAAA,WAAA,CAAA;YAErE,MAAM2C,IAAAA,GAAO,MAAMzC,MAChBC,CAAAA,OAAO,CAAC,0CACR8C,CAAAA,CAAAA,MAAM,CAACC,UAAAA,EAAY5D,SAAW,EAAA;gBAC7BqD,IAAMa,EAAAA;AACd,aAAA,CAAA;AAEI1C,YAAAA,GAAAA,CAAIC,IAAI,GAAG,MAAMR,EAAGsC,CAAAA,cAAc,CAACF,IAAM,EAAA;AAAE7C,gBAAAA,MAAAA,EAAQP,QAAQC;AAAI,aAAA,CAAA;AAChE;AACH,KAAA;;;;;;"}

package/dist/server/controllers/content-manager-user.mjs

@@ -0,0 +1,166 @@
+import require$$0 from 'lodash';
+import require$$1 from '@strapi/utils';
+import { __require as requireUser } from './validation/user.mjs';
+
+var contentManagerUser;
+var hasRequiredContentManagerUser;
+function requireContentManagerUser() {
+    if (hasRequiredContentManagerUser) return contentManagerUser;
+    hasRequiredContentManagerUser = 1;
+    const _ = require$$0;
+    const { contentTypes: contentTypesUtils } = require$$1;
+    const { ApplicationError, ValidationError, NotFoundError, ForbiddenError } = require$$1.errors;
+    const { validateCreateUserBody, validateUpdateUserBody } = requireUser();
+    const { UPDATED_BY_ATTRIBUTE, CREATED_BY_ATTRIBUTE } = contentTypesUtils.constants;
+    const userModel = 'plugin::users-permissions.user';
+    const ACTIONS = {
+        read: 'plugin::content-manager.explorer.read',
+        create: 'plugin::content-manager.explorer.create',
+        edit: 'plugin::content-manager.explorer.update',
+        delete: 'plugin::content-manager.explorer.delete'
+    };
+    const findEntityAndCheckPermissions = async (ability, action, model, id)=>{
+        const doc = await strapi.service('plugin::content-manager.document-manager').findOne(id, model, {
+            populate: [
+                `${CREATED_BY_ATTRIBUTE}.roles`
+            ]
+        });
+        if (_.isNil(doc)) {
+            throw new NotFoundError();
+        }
+        const pm = strapi.service('admin::permission').createPermissionsManager({
+            ability,
+            action,
+            model
+        });
+        if (pm.ability.cannot(pm.action, pm.toSubject(doc))) {
+            throw new ForbiddenError();
+        }
+        const docWithoutCreatorRoles = _.omit(doc, `${CREATED_BY_ATTRIBUTE}.roles`);
+        return {
+            pm,
+            doc: docWithoutCreatorRoles
+        };
+    };
+    contentManagerUser = {
+        /**
+	   * Create a/an user record.
+	   * @return {Object}
+	   */ async create (ctx) {
+            const { body } = ctx.request;
+            const { user: admin, userAbility } = ctx.state;
+            const { email, username } = body;
+            const pm = strapi.service('admin::permission').createPermissionsManager({
+                ability: userAbility,
+                action: ACTIONS.create,
+                model: userModel
+            });
+            if (!pm.isAllowed) {
+                return ctx.forbidden();
+            }
+            const sanitizedBody = await pm.pickPermittedFieldsOf(body, {
+                subject: userModel
+            });
+            const advanced = await strapi.store({
+                type: 'plugin',
+                name: 'users-permissions',
+                key: 'advanced'
+            }).get();
+            await validateCreateUserBody(ctx.request.body);
+            const userWithSameUsername = await strapi.db.query('plugin::users-permissions.user').findOne({
+                where: {
+                    username
+                }
+            });
+            if (userWithSameUsername) {
+                throw new ApplicationError('Username already taken');
+            }
+            if (advanced.unique_email) {
+                const userWithSameEmail = await strapi.db.query('plugin::users-permissions.user').findOne({
+                    where: {
+                        email: email.toLowerCase()
+                    }
+                });
+                if (userWithSameEmail) {
+                    throw new ApplicationError('Email already taken');
+                }
+            }
+            const user = {
+                ...sanitizedBody,
+                provider: 'local',
+                [CREATED_BY_ATTRIBUTE]: admin.id,
+                [UPDATED_BY_ATTRIBUTE]: admin.id
+            };
+            user.email = _.toLower(user.email);
+            try {
+                const data = await strapi.service('plugin::content-manager.document-manager').create(userModel, {
+                    data: user
+                });
+                const sanitizedData = await pm.sanitizeOutput(data, {
+                    action: ACTIONS.read
+                });
+                ctx.created(sanitizedData);
+            } catch (error) {
+                throw new ApplicationError(error.message);
+            }
+        },
+        /**
+	   * Update a/an user record.
+	   * @return {Object}
+	   */ async update (ctx) {
+            const { id: documentId } = ctx.params;
+            const { body } = ctx.request;
+            const { user: admin, userAbility } = ctx.state;
+            const advancedConfigs = await strapi.store({
+                type: 'plugin',
+                name: 'users-permissions',
+                key: 'advanced'
+            }).get();
+            const { email, username, password } = body;
+            const { pm, doc } = await findEntityAndCheckPermissions(userAbility, ACTIONS.edit, userModel, documentId);
+            const user = doc;
+            await validateUpdateUserBody(ctx.request.body);
+            if (_.has(body, 'password') && !password && user.provider === 'local') {
+                throw new ValidationError('password.notNull');
+            }
+            if (_.has(body, 'username')) {
+                const userWithSameUsername = await strapi.db.query('plugin::users-permissions.user').findOne({
+                    where: {
+                        username
+                    }
+                });
+                if (userWithSameUsername && _.toString(userWithSameUsername.id) !== _.toString(user.id)) {
+                    throw new ApplicationError('Username already taken');
+                }
+            }
+            if (_.has(body, 'email') && advancedConfigs.unique_email) {
+                const userWithSameEmail = await strapi.db.query('plugin::users-permissions.user').findOne({
+                    where: {
+                        email: _.toLower(email)
+                    }
+                });
+                if (userWithSameEmail && _.toString(userWithSameEmail.id) !== _.toString(user.id)) {
+                    throw new ApplicationError('Email already taken');
+                }
+                body.email = _.toLower(body.email);
+            }
+            const sanitizedData = await pm.pickPermittedFieldsOf(body, {
+                subject: pm.toSubject(user)
+            });
+            const updateData = _.omit({
+                ...sanitizedData,
+                updatedBy: admin.id
+            }, 'createdBy');
+            const data = await strapi.service('plugin::content-manager.document-manager').update(documentId, userModel, {
+                data: updateData
+            });
+            ctx.body = await pm.sanitizeOutput(data, {
+                action: ACTIONS.read
+            });
+        }
+    };
+    return contentManagerUser;
+}
+
+export { requireContentManagerUser as __require };
+//# sourceMappingURL=content-manager-user.mjs.map

package/dist/server/controllers/content-manager-user.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"content-manager-user.mjs","sources":["../../../server/controllers/content-manager-user.js"],"sourcesContent":["'use strict';\n\nconst _ = require('lodash');\nconst { contentTypes: contentTypesUtils } = require('@strapi/utils');\nconst { ApplicationError, ValidationError, NotFoundError, ForbiddenError } =\n  require('@strapi/utils').errors;\nconst { validateCreateUserBody, validateUpdateUserBody } = require('./validation/user');\n\nconst { UPDATED_BY_ATTRIBUTE, CREATED_BY_ATTRIBUTE } = contentTypesUtils.constants;\n\nconst userModel = 'plugin::users-permissions.user';\nconst ACTIONS = {\n  read: 'plugin::content-manager.explorer.read',\n  create: 'plugin::content-manager.explorer.create',\n  edit: 'plugin::content-manager.explorer.update',\n  delete: 'plugin::content-manager.explorer.delete',\n};\n\nconst findEntityAndCheckPermissions = async (ability, action, model, id) => {\n  const doc = await strapi.service('plugin::content-manager.document-manager').findOne(id, model, {\n    populate: [`${CREATED_BY_ATTRIBUTE}.roles`],\n  });\n\n  if (_.isNil(doc)) {\n    throw new NotFoundError();\n  }\n\n  const pm = strapi\n    .service('admin::permission')\n    .createPermissionsManager({ ability, action, model });\n\n  if (pm.ability.cannot(pm.action, pm.toSubject(doc))) {\n    throw new ForbiddenError();\n  }\n\n  const docWithoutCreatorRoles = _.omit(doc, `${CREATED_BY_ATTRIBUTE}.roles`);\n\n  return { pm, doc: docWithoutCreatorRoles };\n};\n\nmodule.exports = {\n  /**\n   * Create a/an user record.\n   * @return {Object}\n   */\n  async create(ctx) {\n    const { body } = ctx.request;\n    const { user: admin, userAbility } = ctx.state;\n\n    const { email, username } = body;\n\n    const pm = strapi.service('admin::permission').createPermissionsManager({\n      ability: userAbility,\n      action: ACTIONS.create,\n      model: userModel,\n    });\n\n    if (!pm.isAllowed) {\n      return ctx.forbidden();\n    }\n\n    const sanitizedBody = await pm.pickPermittedFieldsOf(body, { subject: userModel });\n\n    const advanced = await strapi\n      .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })\n      .get();\n\n    await validateCreateUserBody(ctx.request.body);\n\n    const userWithSameUsername = await strapi.db\n      .query('plugin::users-permissions.user')\n      .findOne({ where: { username } });\n\n    if (userWithSameUsername) {\n      throw new ApplicationError('Username already taken');\n    }\n\n    if (advanced.unique_email) {\n      const userWithSameEmail = await strapi.db\n        .query('plugin::users-permissions.user')\n        .findOne({ where: { email: email.toLowerCase() } });\n\n      if (userWithSameEmail) {\n        throw new ApplicationError('Email already taken');\n      }\n    }\n\n    const user = {\n      ...sanitizedBody,\n      provider: 'local',\n      [CREATED_BY_ATTRIBUTE]: admin.id,\n      [UPDATED_BY_ATTRIBUTE]: admin.id,\n    };\n\n    user.email = _.toLower(user.email);\n\n    try {\n      const data = await strapi\n        .service('plugin::content-manager.document-manager')\n        .create(userModel, { data: user });\n\n      const sanitizedData = await pm.sanitizeOutput(data, { action: ACTIONS.read });\n\n      ctx.created(sanitizedData);\n    } catch (error) {\n      throw new ApplicationError(error.message);\n    }\n  },\n  /**\n   * Update a/an user record.\n   * @return {Object}\n   */\n\n  async update(ctx) {\n    const { id: documentId } = ctx.params;\n    const { body } = ctx.request;\n    const { user: admin, userAbility } = ctx.state;\n\n    const advancedConfigs = await strapi\n      .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })\n      .get();\n\n    const { email, username, password } = body;\n\n    const { pm, doc } = await findEntityAndCheckPermissions(\n      userAbility,\n      ACTIONS.edit,\n      userModel,\n      documentId\n    );\n\n    const user = doc;\n\n    await validateUpdateUserBody(ctx.request.body);\n\n    if (_.has(body, 'password') && !password && user.provider === 'local') {\n      throw new ValidationError('password.notNull');\n    }\n\n    if (_.has(body, 'username')) {\n      const userWithSameUsername = await strapi.db\n        .query('plugin::users-permissions.user')\n        .findOne({ where: { username } });\n\n      if (userWithSameUsername && _.toString(userWithSameUsername.id) !== _.toString(user.id)) {\n        throw new ApplicationError('Username already taken');\n      }\n    }\n\n    if (_.has(body, 'email') && advancedConfigs.unique_email) {\n      const userWithSameEmail = await strapi.db\n        .query('plugin::users-permissions.user')\n        .findOne({ where: { email: _.toLower(email) } });\n\n      if (userWithSameEmail && _.toString(userWithSameEmail.id) !== _.toString(user.id)) {\n        throw new ApplicationError('Email already taken');\n      }\n\n      body.email = _.toLower(body.email);\n    }\n\n    const sanitizedData = await pm.pickPermittedFieldsOf(body, { subject: pm.toSubject(user) });\n    const updateData = _.omit({ ...sanitizedData, updatedBy: admin.id }, 'createdBy');\n\n    const data = await strapi\n      .service('plugin::content-manager.document-manager')\n      .update(documentId, userModel, {\n        data: updateData,\n      });\n\n    ctx.body = await pm.sanitizeOutput(data, { action: ACTIONS.read });\n  },\n};\n"],"names":["_","require$$0","contentTypes","contentTypesUtils","require$$1","ApplicationError","ValidationError","NotFoundError","ForbiddenError","errors","validateCreateUserBody","validateUpdateUserBody","require$$2","UPDATED_BY_ATTRIBUTE","CREATED_BY_ATTRIBUTE","constants","userModel","ACTIONS","read","create","edit","delete","findEntityAndCheckPermissions","ability","action","model","id","doc","strapi","service","findOne","populate","isNil","pm","createPermissionsManager","cannot","toSubject","docWithoutCreatorRoles","omit","contentManagerUser","ctx","body","request","user","admin","userAbility","state","email","username","isAllowed","forbidden","sanitizedBody","pickPermittedFieldsOf","subject","advanced","store","type","name","key","get","userWithSameUsername","db","query","where","unique_email","userWithSameEmail","toLowerCase","provider","toLower","data","sanitizedData","sanitizeOutput","created","error","message","update","documentId","params","advancedConfigs","password","has","toString","updateData","updatedBy"],"mappings":";;;;;;;;;AAEA,IAAA,MAAMA,CAAIC,GAAAA,UAAAA;AACV,IAAA,MAAM,EAAEC,YAAAA,EAAcC,iBAAiB,EAAE,GAAGC,UAAAA;IAC5C,MAAM,EAAEC,gBAAgB,EAAEC,eAAe,EAAEC,aAAa,EAAEC,cAAc,EAAE,GACxEJ,UAAAA,CAAyBK,MAAM;AACjC,IAAA,MAAM,EAAEC,sBAAsB,EAAEC,sBAAsB,EAAE,GAAGC,WAAAA,EAAAA;AAE3D,IAAA,MAAM,EAAEC,oBAAoB,EAAEC,oBAAoB,EAAE,GAAGX,kBAAkBY,SAAS;AAElF,IAAA,MAAMC,SAAY,GAAA,gCAAA;AAClB,IAAA,MAAMC,OAAU,GAAA;QACdC,IAAM,EAAA,uCAAA;QACNC,MAAQ,EAAA,yCAAA;QACRC,IAAM,EAAA,yCAAA;QACNC,MAAQ,EAAA;AACV,KAAA;AAEA,IAAA,MAAMC,6BAAgC,GAAA,OAAOC,OAASC,EAAAA,MAAAA,EAAQC,KAAOC,EAAAA,EAAAA,GAAAA;QACnE,MAAMC,GAAAA,GAAM,MAAMC,MAAOC,CAAAA,OAAO,CAAC,0CAA4CC,CAAAA,CAAAA,OAAO,CAACJ,EAAAA,EAAID,KAAO,EAAA;YAC9FM,QAAU,EAAA;gBAAC,CAAC,EAAEjB,oBAAqB,CAAA,MAAM;AAAE;AAC/C,SAAA,CAAA;QAEE,IAAId,CAAAA,CAAEgC,KAAK,CAACL,GAAM,CAAA,EAAA;AAChB,YAAA,MAAM,IAAIpB,aAAAA,EAAAA;AACX;AAED,QAAA,MAAM0B,KAAKL,MACRC,CAAAA,OAAO,CAAC,mBAAA,CAAA,CACRK,wBAAwB,CAAC;AAAEX,YAAAA,OAAAA;AAASC,YAAAA,MAAAA;AAAQC,YAAAA;AAAO,SAAA,CAAA;QAEtD,IAAIQ,EAAAA,CAAGV,OAAO,CAACY,MAAM,CAACF,EAAGT,CAAAA,MAAM,EAAES,EAAAA,CAAGG,SAAS,CAACT,GAAO,CAAA,CAAA,EAAA;AACnD,YAAA,MAAM,IAAInB,cAAAA,EAAAA;AACX;QAED,MAAM6B,sBAAAA,GAAyBrC,EAAEsC,IAAI,CAACX,KAAK,CAAC,EAAEb,oBAAqB,CAAA,MAAM,CAAC,CAAA;QAE1E,OAAO;AAAEmB,YAAAA,EAAAA;YAAIN,GAAKU,EAAAA;;AACpB,KAAA;IAEAE,kBAAiB,GAAA;AACjB;;;OAIE,MAAMpB,QAAOqB,GAAG,EAAA;AACd,YAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;YAC5B,MAAM,EAAEC,MAAMC,KAAK,EAAEC,WAAW,EAAE,GAAGL,IAAIM,KAAK;AAE9C,YAAA,MAAM,EAAEC,KAAK,EAAEC,QAAQ,EAAE,GAAGP,IAAAA;AAE5B,YAAA,MAAMR,KAAKL,MAAOC,CAAAA,OAAO,CAAC,mBAAA,CAAA,CAAqBK,wBAAwB,CAAC;gBACtEX,OAASsB,EAAAA,WAAAA;AACTrB,gBAAAA,MAAAA,EAAQP,QAAQE,MAAM;gBACtBM,KAAOT,EAAAA;AACb,aAAA,CAAA;YAEI,IAAI,CAACiB,EAAGgB,CAAAA,SAAS,EAAE;AACjB,gBAAA,OAAOT,IAAIU,SAAS,EAAA;AACrB;AAED,YAAA,MAAMC,aAAgB,GAAA,MAAMlB,EAAGmB,CAAAA,qBAAqB,CAACX,IAAM,EAAA;gBAAEY,OAASrC,EAAAA;AAAS,aAAA,CAAA;AAE/E,YAAA,MAAMsC,QAAW,GAAA,MAAM1B,MACpB2B,CAAAA,KAAK,CAAC;gBAAEC,IAAM,EAAA,QAAA;gBAAUC,IAAM,EAAA,mBAAA;gBAAqBC,GAAK,EAAA;eACxDC,GAAG,EAAA;AAEN,YAAA,MAAMjD,sBAAuB8B,CAAAA,GAAAA,CAAIE,OAAO,CAACD,IAAI,CAAA;YAE7C,MAAMmB,oBAAAA,GAAuB,MAAMhC,MAAOiC,CAAAA,EAAE,CACzCC,KAAK,CAAC,gCACNhC,CAAAA,CAAAA,OAAO,CAAC;gBAAEiC,KAAO,EAAA;AAAEf,oBAAAA;AAAQ;AAAI,aAAA,CAAA;AAElC,YAAA,IAAIY,oBAAsB,EAAA;AACxB,gBAAA,MAAM,IAAIvD,gBAAiB,CAAA,wBAAA,CAAA;AAC5B;YAED,IAAIiD,QAAAA,CAASU,YAAY,EAAE;gBACzB,MAAMC,iBAAAA,GAAoB,MAAMrC,MAAOiC,CAAAA,EAAE,CACtCC,KAAK,CAAC,gCACNhC,CAAAA,CAAAA,OAAO,CAAC;oBAAEiC,KAAO,EAAA;AAAEhB,wBAAAA,KAAAA,EAAOA,MAAMmB,WAAW;AAAI;AAAA,iBAAA,CAAA;AAElD,gBAAA,IAAID,iBAAmB,EAAA;AACrB,oBAAA,MAAM,IAAI5D,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;AACF;AAED,YAAA,MAAMsC,IAAO,GAAA;AACX,gBAAA,GAAGQ,aAAa;gBAChBgB,QAAU,EAAA,OAAA;gBACV,CAACrD,oBAAAA,GAAuB8B,KAAAA,CAAMlB,EAAE;gBAChC,CAACb,oBAAAA,GAAuB+B,KAAAA,CAAMlB;AACpC,aAAA;AAEIiB,YAAAA,IAAAA,CAAKI,KAAK,GAAG/C,CAAAA,CAAEoE,OAAO,CAACzB,KAAKI,KAAK,CAAA;YAEjC,IAAI;gBACF,MAAMsB,IAAAA,GAAO,MAAMzC,MAChBC,CAAAA,OAAO,CAAC,0CACRV,CAAAA,CAAAA,MAAM,CAACH,SAAW,EAAA;oBAAEqD,IAAM1B,EAAAA;AAAM,iBAAA,CAAA;AAEnC,gBAAA,MAAM2B,aAAgB,GAAA,MAAMrC,EAAGsC,CAAAA,cAAc,CAACF,IAAM,EAAA;AAAE7C,oBAAAA,MAAAA,EAAQP,QAAQC;AAAI,iBAAA,CAAA;AAE1EsB,gBAAAA,GAAAA,CAAIgC,OAAO,CAACF,aAAAA,CAAAA;AACb,aAAA,CAAC,OAAOG,KAAO,EAAA;gBACd,MAAM,IAAIpE,gBAAiBoE,CAAAA,KAAAA,CAAMC,OAAO,CAAA;AACzC;AACF,SAAA;AACH;;;OAKE,MAAMC,QAAOnC,GAAG,EAAA;AACd,YAAA,MAAM,EAAEd,EAAIkD,EAAAA,UAAU,EAAE,GAAGpC,IAAIqC,MAAM;AACrC,YAAA,MAAM,EAAEpC,IAAI,EAAE,GAAGD,IAAIE,OAAO;YAC5B,MAAM,EAAEC,MAAMC,KAAK,EAAEC,WAAW,EAAE,GAAGL,IAAIM,KAAK;AAE9C,YAAA,MAAMgC,eAAkB,GAAA,MAAMlD,MAC3B2B,CAAAA,KAAK,CAAC;gBAAEC,IAAM,EAAA,QAAA;gBAAUC,IAAM,EAAA,mBAAA;gBAAqBC,GAAK,EAAA;eACxDC,GAAG,EAAA;AAEN,YAAA,MAAM,EAAEZ,KAAK,EAAEC,QAAQ,EAAE+B,QAAQ,EAAE,GAAGtC,IAAAA;AAEtC,YAAA,MAAM,EAAER,EAAE,EAAEN,GAAG,EAAE,GAAG,MAAML,6BAAAA,CACxBuB,WACA5B,EAAAA,OAAAA,CAAQG,IAAI,EACZJ,SACA4D,EAAAA,UAAAA,CAAAA;AAGF,YAAA,MAAMjC,IAAOhB,GAAAA,GAAAA;AAEb,YAAA,MAAMhB,sBAAuB6B,CAAAA,GAAAA,CAAIE,OAAO,CAACD,IAAI,CAAA;YAE7C,IAAIzC,CAAAA,CAAEgF,GAAG,CAACvC,IAAM,EAAA,UAAA,CAAA,IAAe,CAACsC,QAAYpC,IAAAA,IAAAA,CAAKwB,QAAQ,KAAK,OAAS,EAAA;AACrE,gBAAA,MAAM,IAAI7D,eAAgB,CAAA,kBAAA,CAAA;AAC3B;AAED,YAAA,IAAIN,CAAEgF,CAAAA,GAAG,CAACvC,IAAAA,EAAM,UAAa,CAAA,EAAA;gBAC3B,MAAMmB,oBAAAA,GAAuB,MAAMhC,MAAOiC,CAAAA,EAAE,CACzCC,KAAK,CAAC,gCACNhC,CAAAA,CAAAA,OAAO,CAAC;oBAAEiC,KAAO,EAAA;AAAEf,wBAAAA;AAAQ;AAAI,iBAAA,CAAA;AAElC,gBAAA,IAAIY,oBAAwB5D,IAAAA,CAAAA,CAAEiF,QAAQ,CAACrB,oBAAqBlC,CAAAA,EAAE,CAAM1B,KAAAA,CAAAA,CAAEiF,QAAQ,CAACtC,IAAKjB,CAAAA,EAAE,CAAG,EAAA;AACvF,oBAAA,MAAM,IAAIrB,gBAAiB,CAAA,wBAAA,CAAA;AAC5B;AACF;AAED,YAAA,IAAIL,EAAEgF,GAAG,CAACvC,MAAM,OAAYqC,CAAAA,IAAAA,eAAAA,CAAgBd,YAAY,EAAE;gBACxD,MAAMC,iBAAAA,GAAoB,MAAMrC,MAAOiC,CAAAA,EAAE,CACtCC,KAAK,CAAC,gCACNhC,CAAAA,CAAAA,OAAO,CAAC;oBAAEiC,KAAO,EAAA;wBAAEhB,KAAO/C,EAAAA,CAAAA,CAAEoE,OAAO,CAACrB,KAAAA;AAAQ;AAAA,iBAAA,CAAA;AAE/C,gBAAA,IAAIkB,iBAAqBjE,IAAAA,CAAAA,CAAEiF,QAAQ,CAAChB,iBAAkBvC,CAAAA,EAAE,CAAM1B,KAAAA,CAAAA,CAAEiF,QAAQ,CAACtC,IAAKjB,CAAAA,EAAE,CAAG,EAAA;AACjF,oBAAA,MAAM,IAAIrB,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;AAEDoC,gBAAAA,IAAAA,CAAKM,KAAK,GAAG/C,CAAAA,CAAEoE,OAAO,CAAC3B,KAAKM,KAAK,CAAA;AAClC;AAED,YAAA,MAAMuB,aAAgB,GAAA,MAAMrC,EAAGmB,CAAAA,qBAAqB,CAACX,IAAM,EAAA;gBAAEY,OAASpB,EAAAA,EAAAA,CAAGG,SAAS,CAACO,IAAAA;AAAO,aAAA,CAAA;YAC1F,MAAMuC,UAAAA,GAAalF,CAAEsC,CAAAA,IAAI,CAAC;AAAE,gBAAA,GAAGgC,aAAa;AAAEa,gBAAAA,SAAAA,EAAWvC,MAAMlB;aAAM,EAAA,WAAA,CAAA;YAErE,MAAM2C,IAAAA,GAAO,MAAMzC,MAChBC,CAAAA,OAAO,CAAC,0CACR8C,CAAAA,CAAAA,MAAM,CAACC,UAAAA,EAAY5D,SAAW,EAAA;gBAC7BqD,IAAMa,EAAAA;AACd,aAAA,CAAA;AAEI1C,YAAAA,GAAAA,CAAIC,IAAI,GAAG,MAAMR,EAAGsC,CAAAA,cAAc,CAACF,IAAM,EAAA;AAAE7C,gBAAAA,MAAAA,EAAQP,QAAQC;AAAI,aAAA,CAAA;AAChE;AACH,KAAA;;;;;;"}

package/dist/server/controllers/index.js

@@ -0,0 +1,33 @@
+'use strict';
+
+var auth = require('./auth.js');
+var user = require('./user.js');
+var role = require('./role.js');
+var permissions = require('./permissions.js');
+var settings = require('./settings.js');
+var contentManagerUser = require('./content-manager-user.js');
+
+var controllers;
+var hasRequiredControllers;
+function requireControllers() {
+    if (hasRequiredControllers) return controllers;
+    hasRequiredControllers = 1;
+    const auth$1 = auth.__require();
+    const user$1 = user.__require();
+    const role$1 = role.__require();
+    const permissions$1 = permissions.__require();
+    const settings$1 = settings.__require();
+    const contentmanageruser = contentManagerUser.__require();
+    controllers = {
+        auth: auth$1,
+        user: user$1,
+        role: role$1,
+        permissions: permissions$1,
+        settings: settings$1,
+        contentmanageruser
+    };
+    return controllers;
+}
+
+exports.__require = requireControllers;
+//# sourceMappingURL=index.js.map

package/dist/server/controllers/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sources":["../../../server/controllers/index.js"],"sourcesContent":["'use strict';\n\nconst auth = require('./auth');\nconst user = require('./user');\nconst role = require('./role');\nconst permissions = require('./permissions');\nconst settings = require('./settings');\nconst contentmanageruser = require('./content-manager-user');\n\nmodule.exports = {\n  auth,\n  user,\n  role,\n  permissions,\n  settings,\n  contentmanageruser,\n};\n"],"names":["auth","require$$0","user","require$$1","role","require$$2","permissions","require$$3","settings","require$$4","contentmanageruser","require$$5","controllers"],"mappings":";;;;;;;;;;;;;;AAEA,IAAA,MAAMA,MAAOC,GAAAA,cAAAA,EAAAA;AACb,IAAA,MAAMC,MAAOC,GAAAA,cAAAA,EAAAA;AACb,IAAA,MAAMC,MAAOC,GAAAA,cAAAA,EAAAA;AACb,IAAA,MAAMC,aAAcC,GAAAA,qBAAAA,EAAAA;AACpB,IAAA,MAAMC,UAAWC,GAAAA,kBAAAA,EAAAA;AACjB,IAAA,MAAMC,kBAAqBC,GAAAA,4BAAAA,EAAAA;IAE3BC,WAAiB,GAAA;AACfZ,cAAAA,MAAAA;AACAE,cAAAA,MAAAA;AACAE,cAAAA,MAAAA;AACAE,qBAAAA,aAAAA;AACAE,kBAAAA,UAAAA;AACAE,QAAAA;AACF,KAAA;;;;;;"}

package/dist/server/controllers/index.mjs

@@ -0,0 +1,31 @@
+import { __require as requireAuth } from './auth.mjs';
+import { __require as requireUser } from './user.mjs';
+import { __require as requireRole } from './role.mjs';
+import { __require as requirePermissions } from './permissions.mjs';
+import { __require as requireSettings } from './settings.mjs';
+import { __require as requireContentManagerUser } from './content-manager-user.mjs';
+
+var controllers;
+var hasRequiredControllers;
+function requireControllers() {
+    if (hasRequiredControllers) return controllers;
+    hasRequiredControllers = 1;
+    const auth = requireAuth();
+    const user = requireUser();
+    const role = requireRole();
+    const permissions = requirePermissions();
+    const settings = requireSettings();
+    const contentmanageruser = requireContentManagerUser();
+    controllers = {
+        auth,
+        user,
+        role,
+        permissions,
+        settings,
+        contentmanageruser
+    };
+    return controllers;
+}
+
+export { requireControllers as __require };
+//# sourceMappingURL=index.mjs.map

package/dist/server/controllers/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","sources":["../../../server/controllers/index.js"],"sourcesContent":["'use strict';\n\nconst auth = require('./auth');\nconst user = require('./user');\nconst role = require('./role');\nconst permissions = require('./permissions');\nconst settings = require('./settings');\nconst contentmanageruser = require('./content-manager-user');\n\nmodule.exports = {\n  auth,\n  user,\n  role,\n  permissions,\n  settings,\n  contentmanageruser,\n};\n"],"names":["auth","require$$0","user","require$$1","role","require$$2","permissions","require$$3","settings","require$$4","contentmanageruser","require$$5","controllers"],"mappings":";;;;;;;;;;;;AAEA,IAAA,MAAMA,IAAOC,GAAAA,WAAAA,EAAAA;AACb,IAAA,MAAMC,IAAOC,GAAAA,WAAAA,EAAAA;AACb,IAAA,MAAMC,IAAOC,GAAAA,WAAAA,EAAAA;AACb,IAAA,MAAMC,WAAcC,GAAAA,kBAAAA,EAAAA;AACpB,IAAA,MAAMC,QAAWC,GAAAA,eAAAA,EAAAA;AACjB,IAAA,MAAMC,kBAAqBC,GAAAA,yBAAAA,EAAAA;IAE3BC,WAAiB,GAAA;AACfZ,QAAAA,IAAAA;AACAE,QAAAA,IAAAA;AACAE,QAAAA,IAAAA;AACAE,QAAAA,WAAAA;AACAE,QAAAA,QAAAA;AACAE,QAAAA;AACF,KAAA;;;;;;"}

package/dist/server/controllers/permissions.js

@@ -0,0 +1,37 @@
+'use strict';
+
+var require$$0 = require('lodash');
+var index = require('../utils/index.js');
+
+var permissions;
+var hasRequiredPermissions;
+function requirePermissions() {
+    if (hasRequiredPermissions) return permissions;
+    hasRequiredPermissions = 1;
+    const _ = require$$0;
+    const { getService } = index.__require();
+    permissions = {
+        async getPermissions (ctx) {
+            const permissions = await getService('users-permissions').getActions();
+            ctx.send({
+                permissions
+            });
+        },
+        async getPolicies (ctx) {
+            const policies = _.keys(strapi.plugin('users-permissions').policies);
+            ctx.send({
+                policies: _.without(policies, 'permissions')
+            });
+        },
+        async getRoutes (ctx) {
+            const routes = await getService('users-permissions').getRoutes();
+            ctx.send({
+                routes
+            });
+        }
+    };
+    return permissions;
+}
+
+exports.__require = requirePermissions;
+//# sourceMappingURL=permissions.js.map

package/dist/server/controllers/permissions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissions.js","sources":["../../../server/controllers/permissions.js"],"sourcesContent":["'use strict';\n\nconst _ = require('lodash');\nconst { getService } = require('../utils');\n\nmodule.exports = {\n  async getPermissions(ctx) {\n    const permissions = await getService('users-permissions').getActions();\n\n    ctx.send({ permissions });\n  },\n\n  async getPolicies(ctx) {\n    const policies = _.keys(strapi.plugin('users-permissions').policies);\n\n    ctx.send({\n      policies: _.without(policies, 'permissions'),\n    });\n  },\n\n  async getRoutes(ctx) {\n    const routes = await getService('users-permissions').getRoutes();\n\n    ctx.send({ routes });\n  },\n};\n"],"names":["_","require$$0","getService","require$$1","permissions","getPermissions","ctx","getActions","send","getPolicies","policies","keys","strapi","plugin","without","getRoutes","routes"],"mappings":";;;;;;;;;;AAEA,IAAA,MAAMA,CAAIC,GAAAA,UAAAA;IACV,MAAM,EAAEC,UAAU,EAAE,GAAGC,eAAAA,EAAAA;IAEvBC,WAAiB,GAAA;AACf,QAAA,MAAMC,gBAAeC,GAAG,EAAA;AACtB,YAAA,MAAMF,WAAc,GAAA,MAAMF,UAAW,CAAA,mBAAA,CAAA,CAAqBK,UAAU,EAAA;AAEpED,YAAAA,GAAAA,CAAIE,IAAI,CAAC;AAAEJ,gBAAAA;AAAW,aAAA,CAAA;AACvB,SAAA;AAED,QAAA,MAAMK,aAAYH,GAAG,EAAA;YACnB,MAAMI,QAAAA,GAAWV,EAAEW,IAAI,CAACC,OAAOC,MAAM,CAAC,qBAAqBH,QAAQ,CAAA;AAEnEJ,YAAAA,GAAAA,CAAIE,IAAI,CAAC;gBACPE,QAAUV,EAAAA,CAAAA,CAAEc,OAAO,CAACJ,QAAU,EAAA,aAAA;AACpC,aAAA,CAAA;AACG,SAAA;AAED,QAAA,MAAMK,WAAUT,GAAG,EAAA;AACjB,YAAA,MAAMU,MAAS,GAAA,MAAMd,UAAW,CAAA,mBAAA,CAAA,CAAqBa,SAAS,EAAA;AAE9DT,YAAAA,GAAAA,CAAIE,IAAI,CAAC;AAAEQ,gBAAAA;AAAM,aAAA,CAAA;AAClB;AACH,KAAA;;;;;;"}

package/dist/server/controllers/permissions.mjs

@@ -0,0 +1,35 @@
+import require$$0 from 'lodash';
+import { __require as requireUtils } from '../utils/index.mjs';
+
+var permissions;
+var hasRequiredPermissions;
+function requirePermissions() {
+    if (hasRequiredPermissions) return permissions;
+    hasRequiredPermissions = 1;
+    const _ = require$$0;
+    const { getService } = requireUtils();
+    permissions = {
+        async getPermissions (ctx) {
+            const permissions = await getService('users-permissions').getActions();
+            ctx.send({
+                permissions
+            });
+        },
+        async getPolicies (ctx) {
+            const policies = _.keys(strapi.plugin('users-permissions').policies);
+            ctx.send({
+                policies: _.without(policies, 'permissions')
+            });
+        },
+        async getRoutes (ctx) {
+            const routes = await getService('users-permissions').getRoutes();
+            ctx.send({
+                routes
+            });
+        }
+    };
+    return permissions;
+}
+
+export { requirePermissions as __require };
+//# sourceMappingURL=permissions.mjs.map

package/dist/server/controllers/permissions.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissions.mjs","sources":["../../../server/controllers/permissions.js"],"sourcesContent":["'use strict';\n\nconst _ = require('lodash');\nconst { getService } = require('../utils');\n\nmodule.exports = {\n  async getPermissions(ctx) {\n    const permissions = await getService('users-permissions').getActions();\n\n    ctx.send({ permissions });\n  },\n\n  async getPolicies(ctx) {\n    const policies = _.keys(strapi.plugin('users-permissions').policies);\n\n    ctx.send({\n      policies: _.without(policies, 'permissions'),\n    });\n  },\n\n  async getRoutes(ctx) {\n    const routes = await getService('users-permissions').getRoutes();\n\n    ctx.send({ routes });\n  },\n};\n"],"names":["_","require$$0","getService","require$$1","permissions","getPermissions","ctx","getActions","send","getPolicies","policies","keys","strapi","plugin","without","getRoutes","routes"],"mappings":";;;;;;;;AAEA,IAAA,MAAMA,CAAIC,GAAAA,UAAAA;IACV,MAAM,EAAEC,UAAU,EAAE,GAAGC,YAAAA,EAAAA;IAEvBC,WAAiB,GAAA;AACf,QAAA,MAAMC,gBAAeC,GAAG,EAAA;AACtB,YAAA,MAAMF,WAAc,GAAA,MAAMF,UAAW,CAAA,mBAAA,CAAA,CAAqBK,UAAU,EAAA;AAEpED,YAAAA,GAAAA,CAAIE,IAAI,CAAC;AAAEJ,gBAAAA;AAAW,aAAA,CAAA;AACvB,SAAA;AAED,QAAA,MAAMK,aAAYH,GAAG,EAAA;YACnB,MAAMI,QAAAA,GAAWV,EAAEW,IAAI,CAACC,OAAOC,MAAM,CAAC,qBAAqBH,QAAQ,CAAA;AAEnEJ,YAAAA,GAAAA,CAAIE,IAAI,CAAC;gBACPE,QAAUV,EAAAA,CAAAA,CAAEc,OAAO,CAACJ,QAAU,EAAA,aAAA;AACpC,aAAA,CAAA;AACG,SAAA;AAED,QAAA,MAAMK,WAAUT,GAAG,EAAA;AACjB,YAAA,MAAMU,MAAS,GAAA,MAAMd,UAAW,CAAA,mBAAA,CAAA,CAAqBa,SAAS,EAAA;AAE9DT,YAAAA,GAAAA,CAAIE,IAAI,CAAC;AAAEQ,gBAAAA;AAAM,aAAA,CAAA;AAClB;AACH,KAAA;;;;;;"}

package/dist/server/controllers/role.js

@@ -0,0 +1,91 @@
+'use strict';
+
+var require$$0 = require('lodash');
+var require$$1 = require('@strapi/utils');
+var index = require('../utils/index.js');
+var user = require('./validation/user.js');
+
+var role;
+var hasRequiredRole;
+function requireRole() {
+    if (hasRequiredRole) return role;
+    hasRequiredRole = 1;
+    const _ = require$$0;
+    const { async, errors } = require$$1;
+    const { getService } = index.__require();
+    const { validateDeleteRoleBody } = user.__require();
+    const { ApplicationError, ValidationError } = errors;
+    const sanitizeOutput = async (role)=>{
+        const { sanitizeLocalizationFields } = strapi.plugin('i18n').service('sanitize');
+        const schema = strapi.getModel('plugin::users-permissions.role');
+        return async.pipe(sanitizeLocalizationFields(schema))(role);
+    };
+    role = {
+        /**
+	   * Default action.
+	   *
+	   * @return {Object}
+	   */ async createRole (ctx) {
+            if (_.isEmpty(ctx.request.body)) {
+                throw new ValidationError('Request body cannot be empty');
+            }
+            await getService('role').createRole(ctx.request.body);
+            ctx.send({
+                ok: true
+            });
+        },
+        async findOne (ctx) {
+            const { id } = ctx.params;
+            const role = await getService('role').findOne(id);
+            if (!role) {
+                return ctx.notFound();
+            }
+            const safeRole = await sanitizeOutput(role);
+            ctx.send({
+                role: safeRole
+            });
+        },
+        async find (ctx) {
+            const roles = await getService('role').find();
+            const safeRoles = await Promise.all(roles.map(sanitizeOutput));
+            ctx.send({
+                roles: safeRoles
+            });
+        },
+        async updateRole (ctx) {
+            const roleID = ctx.params.role;
+            if (_.isEmpty(ctx.request.body)) {
+                throw new ValidationError('Request body cannot be empty');
+            }
+            await getService('role').updateRole(roleID, ctx.request.body);
+            ctx.send({
+                ok: true
+            });
+        },
+        async deleteRole (ctx) {
+            const roleID = ctx.params.role;
+            if (!roleID) {
+                await validateDeleteRoleBody(ctx.params);
+            }
+            // Fetch public role.
+            const publicRole = await strapi.db.query('plugin::users-permissions.role').findOne({
+                where: {
+                    type: 'public'
+                }
+            });
+            const publicRoleID = publicRole.id;
+            // Prevent from removing the public role.
+            if (roleID.toString() === publicRoleID.toString()) {
+                throw new ApplicationError('Cannot delete public role');
+            }
+            await getService('role').deleteRole(roleID, publicRoleID);
+            ctx.send({
+                ok: true
+            });
+        }
+    };
+    return role;
+}
+
+exports.__require = requireRole;
+//# sourceMappingURL=role.js.map

package/dist/server/controllers/role.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"role.js","sources":["../../../server/controllers/role.js"],"sourcesContent":["'use strict';\n\nconst _ = require('lodash');\nconst { async, errors } = require('@strapi/utils');\nconst { getService } = require('../utils');\nconst { validateDeleteRoleBody } = require('./validation/user');\n\nconst { ApplicationError, ValidationError } = errors;\n\nconst sanitizeOutput = async (role) => {\n  const { sanitizeLocalizationFields } = strapi.plugin('i18n').service('sanitize');\n  const schema = strapi.getModel('plugin::users-permissions.role');\n\n  return async.pipe(sanitizeLocalizationFields(schema))(role);\n};\n\nmodule.exports = {\n  /**\n   * Default action.\n   *\n   * @return {Object}\n   */\n  async createRole(ctx) {\n    if (_.isEmpty(ctx.request.body)) {\n      throw new ValidationError('Request body cannot be empty');\n    }\n\n    await getService('role').createRole(ctx.request.body);\n\n    ctx.send({ ok: true });\n  },\n\n  async findOne(ctx) {\n    const { id } = ctx.params;\n\n    const role = await getService('role').findOne(id);\n\n    if (!role) {\n      return ctx.notFound();\n    }\n\n    const safeRole = await sanitizeOutput(role);\n\n    ctx.send({ role: safeRole });\n  },\n\n  async find(ctx) {\n    const roles = await getService('role').find();\n\n    const safeRoles = await Promise.all(roles.map(sanitizeOutput));\n\n    ctx.send({ roles: safeRoles });\n  },\n\n  async updateRole(ctx) {\n    const roleID = ctx.params.role;\n\n    if (_.isEmpty(ctx.request.body)) {\n      throw new ValidationError('Request body cannot be empty');\n    }\n\n    await getService('role').updateRole(roleID, ctx.request.body);\n\n    ctx.send({ ok: true });\n  },\n\n  async deleteRole(ctx) {\n    const roleID = ctx.params.role;\n\n    if (!roleID) {\n      await validateDeleteRoleBody(ctx.params);\n    }\n\n    // Fetch public role.\n    const publicRole = await strapi.db\n      .query('plugin::users-permissions.role')\n      .findOne({ where: { type: 'public' } });\n\n    const publicRoleID = publicRole.id;\n\n    // Prevent from removing the public role.\n    if (roleID.toString() === publicRoleID.toString()) {\n      throw new ApplicationError('Cannot delete public role');\n    }\n\n    await getService('role').deleteRole(roleID, publicRoleID);\n\n    ctx.send({ ok: true });\n  },\n};\n"],"names":["_","require$$0","async","errors","require$$1","getService","require$$2","validateDeleteRoleBody","require$$3","ApplicationError","ValidationError","sanitizeOutput","role","sanitizeLocalizationFields","strapi","plugin","service","schema","getModel","pipe","createRole","ctx","isEmpty","request","body","send","ok","findOne","id","params","notFound","safeRole","find","roles","safeRoles","Promise","all","map","updateRole","roleID","deleteRole","publicRole","db","query","where","type","publicRoleID","toString"],"mappings":";;;;;;;;;;;;AAEA,IAAA,MAAMA,CAAIC,GAAAA,UAAAA;AACV,IAAA,MAAM,EAAEC,KAAK,EAAEC,MAAM,EAAE,GAAGC,UAAAA;IAC1B,MAAM,EAAEC,UAAU,EAAE,GAAGC,eAAAA,EAAAA;IACvB,MAAM,EAAEC,sBAAsB,EAAE,GAAGC,cAAAA,EAAAA;AAEnC,IAAA,MAAM,EAAEC,gBAAgB,EAAEC,eAAe,EAAE,GAAGP,MAAAA;AAE9C,IAAA,MAAMQ,iBAAiB,OAAOC,IAAAA,GAAAA;QAC5B,MAAM,EAAEC,0BAA0B,EAAE,GAAGC,OAAOC,MAAM,CAAC,MAAQC,CAAAA,CAAAA,OAAO,CAAC,UAAA,CAAA;QACrE,MAAMC,MAAAA,GAASH,MAAOI,CAAAA,QAAQ,CAAC,gCAAA,CAAA;AAE/B,QAAA,OAAOhB,KAAMiB,CAAAA,IAAI,CAACN,0BAAAA,CAA2BI,MAASL,CAAAA,CAAAA,CAAAA,IAAAA,CAAAA;AACxD,KAAA;IAEAA,IAAiB,GAAA;AACjB;;;;OAKE,MAAMQ,YAAWC,GAAG,EAAA;AAClB,YAAA,IAAIrB,EAAEsB,OAAO,CAACD,IAAIE,OAAO,CAACC,IAAI,CAAG,EAAA;AAC/B,gBAAA,MAAM,IAAId,eAAgB,CAAA,8BAAA,CAAA;AAC3B;AAED,YAAA,MAAML,WAAW,MAAQe,CAAAA,CAAAA,UAAU,CAACC,GAAIE,CAAAA,OAAO,CAACC,IAAI,CAAA;AAEpDH,YAAAA,GAAAA,CAAII,IAAI,CAAC;gBAAEC,EAAI,EAAA;AAAM,aAAA,CAAA;AACtB,SAAA;AAED,QAAA,MAAMC,SAAQN,GAAG,EAAA;AACf,YAAA,MAAM,EAAEO,EAAE,EAAE,GAAGP,IAAIQ,MAAM;AAEzB,YAAA,MAAMjB,IAAO,GAAA,MAAMP,UAAW,CAAA,MAAA,CAAA,CAAQsB,OAAO,CAACC,EAAAA,CAAAA;AAE9C,YAAA,IAAI,CAAChB,IAAM,EAAA;AACT,gBAAA,OAAOS,IAAIS,QAAQ,EAAA;AACpB;YAED,MAAMC,QAAAA,GAAW,MAAMpB,cAAeC,CAAAA,IAAAA,CAAAA;AAEtCS,YAAAA,GAAAA,CAAII,IAAI,CAAC;gBAAEb,IAAMmB,EAAAA;AAAU,aAAA,CAAA;AAC5B,SAAA;AAED,QAAA,MAAMC,MAAKX,GAAG,EAAA;AACZ,YAAA,MAAMY,KAAQ,GAAA,MAAM5B,UAAW,CAAA,MAAA,CAAA,CAAQ2B,IAAI,EAAA;AAE3C,YAAA,MAAME,YAAY,MAAMC,OAAAA,CAAQC,GAAG,CAACH,KAAAA,CAAMI,GAAG,CAAC1B,cAAAA,CAAAA,CAAAA;AAE9CU,YAAAA,GAAAA,CAAII,IAAI,CAAC;gBAAEQ,KAAOC,EAAAA;AAAW,aAAA,CAAA;AAC9B,SAAA;AAED,QAAA,MAAMI,YAAWjB,GAAG,EAAA;AAClB,YAAA,MAAMkB,MAASlB,GAAAA,GAAAA,CAAIQ,MAAM,CAACjB,IAAI;AAE9B,YAAA,IAAIZ,EAAEsB,OAAO,CAACD,IAAIE,OAAO,CAACC,IAAI,CAAG,EAAA;AAC/B,gBAAA,MAAM,IAAId,eAAgB,CAAA,8BAAA,CAAA;AAC3B;YAED,MAAML,UAAAA,CAAW,QAAQiC,UAAU,CAACC,QAAQlB,GAAIE,CAAAA,OAAO,CAACC,IAAI,CAAA;AAE5DH,YAAAA,GAAAA,CAAII,IAAI,CAAC;gBAAEC,EAAI,EAAA;AAAM,aAAA,CAAA;AACtB,SAAA;AAED,QAAA,MAAMc,YAAWnB,GAAG,EAAA;AAClB,YAAA,MAAMkB,MAASlB,GAAAA,GAAAA,CAAIQ,MAAM,CAACjB,IAAI;AAE9B,YAAA,IAAI,CAAC2B,MAAQ,EAAA;gBACX,MAAMhC,sBAAAA,CAAuBc,IAAIQ,MAAM,CAAA;AACxC;;YAGD,MAAMY,UAAAA,GAAa,MAAM3B,MAAO4B,CAAAA,EAAE,CAC/BC,KAAK,CAAC,gCACNhB,CAAAA,CAAAA,OAAO,CAAC;gBAAEiB,KAAO,EAAA;oBAAEC,IAAM,EAAA;AAAQ;AAAI,aAAA,CAAA;YAExC,MAAMC,YAAAA,GAAeL,WAAWb,EAAE;;AAGlC,YAAA,IAAIW,MAAOQ,CAAAA,QAAQ,EAAOD,KAAAA,YAAAA,CAAaC,QAAQ,EAAI,EAAA;AACjD,gBAAA,MAAM,IAAItC,gBAAiB,CAAA,2BAAA,CAAA;AAC5B;AAED,YAAA,MAAMJ,UAAW,CAAA,MAAA,CAAA,CAAQmC,UAAU,CAACD,MAAQO,EAAAA,YAAAA,CAAAA;AAE5CzB,YAAAA,GAAAA,CAAII,IAAI,CAAC;gBAAEC,EAAI,EAAA;AAAM,aAAA,CAAA;AACtB;AACH,KAAA;;;;;;"}

package/dist/server/controllers/role.mjs

@@ -0,0 +1,89 @@
+import require$$0 from 'lodash';
+import require$$1 from '@strapi/utils';
+import { __require as requireUtils } from '../utils/index.mjs';
+import { __require as requireUser } from './validation/user.mjs';
+
+var role;
+var hasRequiredRole;
+function requireRole() {
+    if (hasRequiredRole) return role;
+    hasRequiredRole = 1;
+    const _ = require$$0;
+    const { async, errors } = require$$1;
+    const { getService } = requireUtils();
+    const { validateDeleteRoleBody } = requireUser();
+    const { ApplicationError, ValidationError } = errors;
+    const sanitizeOutput = async (role)=>{
+        const { sanitizeLocalizationFields } = strapi.plugin('i18n').service('sanitize');
+        const schema = strapi.getModel('plugin::users-permissions.role');
+        return async.pipe(sanitizeLocalizationFields(schema))(role);
+    };
+    role = {
+        /**
+	   * Default action.
+	   *
+	   * @return {Object}
+	   */ async createRole (ctx) {
+            if (_.isEmpty(ctx.request.body)) {
+                throw new ValidationError('Request body cannot be empty');
+            }
+            await getService('role').createRole(ctx.request.body);
+            ctx.send({
+                ok: true
+            });
+        },
+        async findOne (ctx) {
+            const { id } = ctx.params;
+            const role = await getService('role').findOne(id);
+            if (!role) {
+                return ctx.notFound();
+            }
+            const safeRole = await sanitizeOutput(role);
+            ctx.send({
+                role: safeRole
+            });
+        },
+        async find (ctx) {
+            const roles = await getService('role').find();
+            const safeRoles = await Promise.all(roles.map(sanitizeOutput));
+            ctx.send({
+                roles: safeRoles
+            });
+        },
+        async updateRole (ctx) {
+            const roleID = ctx.params.role;
+            if (_.isEmpty(ctx.request.body)) {
+                throw new ValidationError('Request body cannot be empty');
+            }
+            await getService('role').updateRole(roleID, ctx.request.body);
+            ctx.send({
+                ok: true
+            });
+        },
+        async deleteRole (ctx) {
+            const roleID = ctx.params.role;
+            if (!roleID) {
+                await validateDeleteRoleBody(ctx.params);
+            }
+            // Fetch public role.
+            const publicRole = await strapi.db.query('plugin::users-permissions.role').findOne({
+                where: {
+                    type: 'public'
+                }
+            });
+            const publicRoleID = publicRole.id;
+            // Prevent from removing the public role.
+            if (roleID.toString() === publicRoleID.toString()) {
+                throw new ApplicationError('Cannot delete public role');
+            }
+            await getService('role').deleteRole(roleID, publicRoleID);
+            ctx.send({
+                ok: true
+            });
+        }
+    };
+    return role;
+}
+
+export { requireRole as __require };
+//# sourceMappingURL=role.mjs.map

package/dist/server/controllers/role.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"role.mjs","sources":["../../../server/controllers/role.js"],"sourcesContent":["'use strict';\n\nconst _ = require('lodash');\nconst { async, errors } = require('@strapi/utils');\nconst { getService } = require('../utils');\nconst { validateDeleteRoleBody } = require('./validation/user');\n\nconst { ApplicationError, ValidationError } = errors;\n\nconst sanitizeOutput = async (role) => {\n  const { sanitizeLocalizationFields } = strapi.plugin('i18n').service('sanitize');\n  const schema = strapi.getModel('plugin::users-permissions.role');\n\n  return async.pipe(sanitizeLocalizationFields(schema))(role);\n};\n\nmodule.exports = {\n  /**\n   * Default action.\n   *\n   * @return {Object}\n   */\n  async createRole(ctx) {\n    if (_.isEmpty(ctx.request.body)) {\n      throw new ValidationError('Request body cannot be empty');\n    }\n\n    await getService('role').createRole(ctx.request.body);\n\n    ctx.send({ ok: true });\n  },\n\n  async findOne(ctx) {\n    const { id } = ctx.params;\n\n    const role = await getService('role').findOne(id);\n\n    if (!role) {\n      return ctx.notFound();\n    }\n\n    const safeRole = await sanitizeOutput(role);\n\n    ctx.send({ role: safeRole });\n  },\n\n  async find(ctx) {\n    const roles = await getService('role').find();\n\n    const safeRoles = await Promise.all(roles.map(sanitizeOutput));\n\n    ctx.send({ roles: safeRoles });\n  },\n\n  async updateRole(ctx) {\n    const roleID = ctx.params.role;\n\n    if (_.isEmpty(ctx.request.body)) {\n      throw new ValidationError('Request body cannot be empty');\n    }\n\n    await getService('role').updateRole(roleID, ctx.request.body);\n\n    ctx.send({ ok: true });\n  },\n\n  async deleteRole(ctx) {\n    const roleID = ctx.params.role;\n\n    if (!roleID) {\n      await validateDeleteRoleBody(ctx.params);\n    }\n\n    // Fetch public role.\n    const publicRole = await strapi.db\n      .query('plugin::users-permissions.role')\n      .findOne({ where: { type: 'public' } });\n\n    const publicRoleID = publicRole.id;\n\n    // Prevent from removing the public role.\n    if (roleID.toString() === publicRoleID.toString()) {\n      throw new ApplicationError('Cannot delete public role');\n    }\n\n    await getService('role').deleteRole(roleID, publicRoleID);\n\n    ctx.send({ ok: true });\n  },\n};\n"],"names":["_","require$$0","async","errors","require$$1","getService","require$$2","validateDeleteRoleBody","require$$3","ApplicationError","ValidationError","sanitizeOutput","role","sanitizeLocalizationFields","strapi","plugin","service","schema","getModel","pipe","createRole","ctx","isEmpty","request","body","send","ok","findOne","id","params","notFound","safeRole","find","roles","safeRoles","Promise","all","map","updateRole","roleID","deleteRole","publicRole","db","query","where","type","publicRoleID","toString"],"mappings":";;;;;;;;;;AAEA,IAAA,MAAMA,CAAIC,GAAAA,UAAAA;AACV,IAAA,MAAM,EAAEC,KAAK,EAAEC,MAAM,EAAE,GAAGC,UAAAA;IAC1B,MAAM,EAAEC,UAAU,EAAE,GAAGC,YAAAA,EAAAA;IACvB,MAAM,EAAEC,sBAAsB,EAAE,GAAGC,WAAAA,EAAAA;AAEnC,IAAA,MAAM,EAAEC,gBAAgB,EAAEC,eAAe,EAAE,GAAGP,MAAAA;AAE9C,IAAA,MAAMQ,iBAAiB,OAAOC,IAAAA,GAAAA;QAC5B,MAAM,EAAEC,0BAA0B,EAAE,GAAGC,OAAOC,MAAM,CAAC,MAAQC,CAAAA,CAAAA,OAAO,CAAC,UAAA,CAAA;QACrE,MAAMC,MAAAA,GAASH,MAAOI,CAAAA,QAAQ,CAAC,gCAAA,CAAA;AAE/B,QAAA,OAAOhB,KAAMiB,CAAAA,IAAI,CAACN,0BAAAA,CAA2BI,MAASL,CAAAA,CAAAA,CAAAA,IAAAA,CAAAA;AACxD,KAAA;IAEAA,IAAiB,GAAA;AACjB;;;;OAKE,MAAMQ,YAAWC,GAAG,EAAA;AAClB,YAAA,IAAIrB,EAAEsB,OAAO,CAACD,IAAIE,OAAO,CAACC,IAAI,CAAG,EAAA;AAC/B,gBAAA,MAAM,IAAId,eAAgB,CAAA,8BAAA,CAAA;AAC3B;AAED,YAAA,MAAML,WAAW,MAAQe,CAAAA,CAAAA,UAAU,CAACC,GAAIE,CAAAA,OAAO,CAACC,IAAI,CAAA;AAEpDH,YAAAA,GAAAA,CAAII,IAAI,CAAC;gBAAEC,EAAI,EAAA;AAAM,aAAA,CAAA;AACtB,SAAA;AAED,QAAA,MAAMC,SAAQN,GAAG,EAAA;AACf,YAAA,MAAM,EAAEO,EAAE,EAAE,GAAGP,IAAIQ,MAAM;AAEzB,YAAA,MAAMjB,IAAO,GAAA,MAAMP,UAAW,CAAA,MAAA,CAAA,CAAQsB,OAAO,CAACC,EAAAA,CAAAA;AAE9C,YAAA,IAAI,CAAChB,IAAM,EAAA;AACT,gBAAA,OAAOS,IAAIS,QAAQ,EAAA;AACpB;YAED,MAAMC,QAAAA,GAAW,MAAMpB,cAAeC,CAAAA,IAAAA,CAAAA;AAEtCS,YAAAA,GAAAA,CAAII,IAAI,CAAC;gBAAEb,IAAMmB,EAAAA;AAAU,aAAA,CAAA;AAC5B,SAAA;AAED,QAAA,MAAMC,MAAKX,GAAG,EAAA;AACZ,YAAA,MAAMY,KAAQ,GAAA,MAAM5B,UAAW,CAAA,MAAA,CAAA,CAAQ2B,IAAI,EAAA;AAE3C,YAAA,MAAME,YAAY,MAAMC,OAAAA,CAAQC,GAAG,CAACH,KAAAA,CAAMI,GAAG,CAAC1B,cAAAA,CAAAA,CAAAA;AAE9CU,YAAAA,GAAAA,CAAII,IAAI,CAAC;gBAAEQ,KAAOC,EAAAA;AAAW,aAAA,CAAA;AAC9B,SAAA;AAED,QAAA,MAAMI,YAAWjB,GAAG,EAAA;AAClB,YAAA,MAAMkB,MAASlB,GAAAA,GAAAA,CAAIQ,MAAM,CAACjB,IAAI;AAE9B,YAAA,IAAIZ,EAAEsB,OAAO,CAACD,IAAIE,OAAO,CAACC,IAAI,CAAG,EAAA;AAC/B,gBAAA,MAAM,IAAId,eAAgB,CAAA,8BAAA,CAAA;AAC3B;YAED,MAAML,UAAAA,CAAW,QAAQiC,UAAU,CAACC,QAAQlB,GAAIE,CAAAA,OAAO,CAACC,IAAI,CAAA;AAE5DH,YAAAA,GAAAA,CAAII,IAAI,CAAC;gBAAEC,EAAI,EAAA;AAAM,aAAA,CAAA;AACtB,SAAA;AAED,QAAA,MAAMc,YAAWnB,GAAG,EAAA;AAClB,YAAA,MAAMkB,MAASlB,GAAAA,GAAAA,CAAIQ,MAAM,CAACjB,IAAI;AAE9B,YAAA,IAAI,CAAC2B,MAAQ,EAAA;gBACX,MAAMhC,sBAAAA,CAAuBc,IAAIQ,MAAM,CAAA;AACxC;;YAGD,MAAMY,UAAAA,GAAa,MAAM3B,MAAO4B,CAAAA,EAAE,CAC/BC,KAAK,CAAC,gCACNhB,CAAAA,CAAAA,OAAO,CAAC;gBAAEiB,KAAO,EAAA;oBAAEC,IAAM,EAAA;AAAQ;AAAI,aAAA,CAAA;YAExC,MAAMC,YAAAA,GAAeL,WAAWb,EAAE;;AAGlC,YAAA,IAAIW,MAAOQ,CAAAA,QAAQ,EAAOD,KAAAA,YAAAA,CAAaC,QAAQ,EAAI,EAAA;AACjD,gBAAA,MAAM,IAAItC,gBAAiB,CAAA,2BAAA,CAAA;AAC5B;AAED,YAAA,MAAMJ,UAAW,CAAA,MAAA,CAAA,CAAQmC,UAAU,CAACD,MAAQO,EAAAA,YAAAA,CAAAA;AAE5CzB,YAAAA,GAAAA,CAAII,IAAI,CAAC;gBAAEC,EAAI,EAAA;AAAM,aAAA,CAAA;AACtB;AACH,KAAA;;;;;;"}