npm - @strapi/review-workflows - Versions diffs - 0.0.0-experimental.e9122b401c96877b6707775c4f893660eab93ae3 → 0.0.0-experimental.f0d3b2d782e972f1dcb8acf0dce31d4090d1e420 - Mend

@strapi/review-workflows 0.0.0-experimental.e9122b401c96877b6707775c4f893660eab93ae3 → 0.0.0-experimental.f0d3b2d782e972f1dcb8acf0dce31d4090d1e420

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

package/dist/server/index.mjs CHANGED Viewed

@@ -6900,7 +6900,7 @@ const reviewWorkflows = {
           {
             name: "admin::hasPermissions",
             config: {
-              actions: ["admin::users.read", "admin::review-workflows.read"]
+              actions: ["admin::users.read"]
             }
           }
         ]
@@ -7331,7 +7331,9 @@ const stages$1 = ({ strapi: strapi2 }) => {
       const entity = await strapi2.documents(model).update({
         documentId,
         locale,
-        data: { [ENTITY_STAGE_ATTRIBUTE]: stage },
+        // Stage doesn't have DP or i18n enabled, connecting it through the `id`
+        // will be safer than relying on the `documentId` + `locale` + `status` transformation
+        data: { [ENTITY_STAGE_ATTRIBUTE]: fp.pick(["id"], stage) },
         populate: [ENTITY_STAGE_ATTRIBUTE]
       });
       metrics.sendDidChangeEntryStage();
@@ -7607,13 +7609,13 @@ const reviewWorkflowsMetrics = {
   sendDidSendReviewWorkflowPropertiesOnceAWeek,
   sendDidEditAssignee
 };
-function _typeof(obj) {
+function _typeof(o) {
   "@babel/helpers - typeof";
-  return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function(obj2) {
-    return typeof obj2;
-  } : function(obj2) {
-    return obj2 && "function" == typeof Symbol && obj2.constructor === Symbol && obj2 !== Symbol.prototype ? "symbol" : typeof obj2;
-  }, _typeof(obj);
+  return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function(o2) {
+    return typeof o2;
+  } : function(o2) {
+    return o2 && "function" == typeof Symbol && o2.constructor === Symbol && o2 !== Symbol.prototype ? "symbol" : typeof o2;
+  }, _typeof(o);
 }
 function toInteger(dirtyNumber) {
   if (dirtyNumber === null || dirtyNumber === true || dirtyNumber === false) {
@@ -7748,7 +7750,12 @@ const reviewWorkflowsWeeklyMetrics = ({ strapi: strapi2 }) => {
     },
     async registerCron() {
       const weeklySchedule = await this.ensureWeeklyStoredCronSchedule();
-      strapi2.cron.add({ [weeklySchedule]: this.sendMetrics.bind(this) });
+      strapi2.cron.add({
+        reviewWorkflowsWeekly: {
+          task: this.sendMetrics.bind(this),
+          options: weeklySchedule
+        }
+      });
     }
   };
 };
@@ -8115,10 +8122,9 @@ const stages = {
     if (strapi.plugin("content-manager").service("permission-checker").create({ userAbility: ctx.state.userAbility, model: modelUID }).cannot.read()) {
       return ctx.forbidden();
     }
-    const locale = await validateLocale(query?.locale);
+    const locale = await validateLocale(query?.locale) ?? void 0;
     const entity = await strapi.documents(modelUID).findOne({
       documentId,
-      // @ts-expect-error - locale should be also null in the doc service types
       locale,
       populate: [ENTITY_STAGE_ATTRIBUTE]
     });
@@ -8127,12 +8133,13 @@ const stages = {
     }
     const entityStageId = entity[ENTITY_STAGE_ATTRIBUTE]?.id;
     const canTransition = stagePermissions2.can(STAGE_TRANSITION_UID, entityStageId);
-    const [workflowCount, { stages: workflowStages }] = await Promise.all([
+    const [workflowCount, workflowResult] = await Promise.all([
       workflowService.count(),
       workflowService.getAssignedWorkflow(modelUID, {
         populate: "stages"
       })
     ]);
+    const workflowStages = workflowResult ? workflowResult.stages : [];
     const meta = {
       stageCount: workflowStages.length,
       workflowCount
@@ -8168,22 +8175,37 @@ const assignees = {
   async updateEntity(ctx) {
     const assigneeService = getService("assignees");
     const workflowService = getService("workflows");
+    const stagePermissions2 = getService("stage-permissions");
     const { model_uid: model, id: documentId } = ctx.params;
-    const { locale } = ctx.request.query || {};
+    const locale = await validateLocale(ctx.request.query?.locale) ?? void 0;
     const { sanitizeOutput } = strapi.plugin("content-manager").service("permission-checker").create({ userAbility: ctx.state.userAbility, model });
+    const entity = await strapi.documents(model).findOne({
+      documentId,
+      locale,
+      populate: [ENTITY_STAGE_ATTRIBUTE]
+    });
+    if (!entity) {
+      ctx.throw(404, "Entity not found");
+    }
+    const canTransitionStage = stagePermissions2.can(
+      STAGE_TRANSITION_UID,
+      entity[ENTITY_STAGE_ATTRIBUTE]?.id
+    );
+    if (!canTransitionStage) {
+      ctx.throw(403, "Stage transition permission is required");
+    }
     const { id: assigneeId } = await validateUpdateAssigneeOnEntity(
       ctx.request?.body?.data,
       "You should pass a valid id to the body of the put request."
     );
-    await validateLocale(locale);
     await workflowService.assertContentTypeBelongsToWorkflow(model);
-    const entity = await assigneeService.updateEntityAssignee(
+    const updatedEntity = await assigneeService.updateEntityAssignee(
       documentId,
       locale || null,
       model,
       assigneeId
     );
-    ctx.body = { data: await sanitizeOutput(entity) };
+    ctx.body = { data: await sanitizeOutput(updatedEntity) };
   }
 };
 const controllers = {