npm - @strapi/review-workflows - Versions diffs - 5.0.0-rc.9 → 5.0.0 - Mend

@strapi/review-workflows 5.0.0-rc.9 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

package/dist/server/index.js CHANGED Viewed

@@ -6901,7 +6901,7 @@ const reviewWorkflows = {
           {
             name: "admin::hasPermissions",
             config: {
-              actions: ["admin::users.read", "admin::review-workflows.read"]
+              actions: ["admin::users.read"]
             }
           }
         ]
@@ -7322,23 +7322,17 @@ const stages$1 = ({ strapi: strapi2 }) => {
     },
     /**
      * Update the stage of an entity
-     *
-     * @param {object} entityInfo
-     * @param {number} entityInfo.id - Entity id
-     * @param {string} entityInfo.modelUID - the content-type of the entity
-     * @param {number} stageId - The id of the stage to assign to the entity
      */
-    async updateEntity(entityInfo, stageId) {
+    async updateEntity(documentId, locale, model, stageId) {
       const stage = await this.findById(stageId);
       await workflowValidator.validateWorkflowCount();
       if (!stage) {
         throw new ApplicationError$2(`Selected stage does not exist`);
       }
-      const entity = await strapi2.db.query(entityInfo.modelUID).update({
-        where: {
-          id: entityInfo.id
-        },
-        data: { [ENTITY_STAGE_ATTRIBUTE]: stageId },
+      const entity = await strapi2.documents(model).update({
+        documentId,
+        locale,
+        data: { [ENTITY_STAGE_ATTRIBUTE]: stage },
         populate: [ENTITY_STAGE_ATTRIBUTE]
       });
       metrics.sendDidChangeEntryStage();
@@ -7811,6 +7805,7 @@ const handleStageOnUpdate = async (ctx, next) => {
     strapi.eventHub.emit(WORKFLOW_UPDATE_STAGE, {
       model: model.modelName,
       uid: model.uid,
+      // TODO v6: Rename to "entry", which is what is used for regular CRUD updates
       entity: {
         // @ts-expect-error
         id: result?.id,
@@ -8096,7 +8091,12 @@ const stages = {
     );
     const workflow2 = await workflowService.assertContentTypeBelongsToWorkflow(modelUID);
     workflowService.assertStageBelongsToWorkflow(stageId, workflow2);
-    const updatedEntity = await stagesService.updateEntity({ id: entity.id, modelUID }, stageId);
+    const updatedEntity = await stagesService.updateEntity(
+      entity.documentId,
+      entity.locale,
+      modelUID,
+      stageId
+    );
     ctx.body = { data: await sanitizeOutput(updatedEntity) };
   },
   /**
@@ -8116,10 +8116,9 @@ const stages = {
     if (strapi.plugin("content-manager").service("permission-checker").create({ userAbility: ctx.state.userAbility, model: modelUID }).cannot.read()) {
       return ctx.forbidden();
     }
-    const locale = await validateLocale(query?.locale);
+    const locale = await validateLocale(query?.locale) ?? void 0;
     const entity = await strapi.documents(modelUID).findOne({
       documentId,
-      // @ts-expect-error - locale should be also null in the doc service types
       locale,
       populate: [ENTITY_STAGE_ATTRIBUTE]
     });
@@ -8128,12 +8127,13 @@ const stages = {
     }
     const entityStageId = entity[ENTITY_STAGE_ATTRIBUTE]?.id;
     const canTransition = stagePermissions2.can(STAGE_TRANSITION_UID, entityStageId);
-    const [workflowCount, { stages: workflowStages }] = await Promise.all([
+    const [workflowCount, workflowResult] = await Promise.all([
       workflowService.count(),
       workflowService.getAssignedWorkflow(modelUID, {
         populate: "stages"
       })
     ]);
+    const workflowStages = workflowResult ? workflowResult.stages : [];
     const meta = {
       stageCount: workflowStages.length,
       workflowCount
@@ -8169,22 +8169,37 @@ const assignees = {
   async updateEntity(ctx) {
     const assigneeService = getService("assignees");
     const workflowService = getService("workflows");
+    const stagePermissions2 = getService("stage-permissions");
     const { model_uid: model, id: documentId } = ctx.params;
-    const { locale } = ctx.request.query || {};
+    const locale = await validateLocale(ctx.request.query?.locale) ?? void 0;
     const { sanitizeOutput } = strapi.plugin("content-manager").service("permission-checker").create({ userAbility: ctx.state.userAbility, model });
+    const entity = await strapi.documents(model).findOne({
+      documentId,
+      locale,
+      populate: [ENTITY_STAGE_ATTRIBUTE]
+    });
+    if (!entity) {
+      ctx.throw(404, "Entity not found");
+    }
+    const canTransitionStage = stagePermissions2.can(
+      STAGE_TRANSITION_UID,
+      entity[ENTITY_STAGE_ATTRIBUTE]?.id
+    );
+    if (!canTransitionStage) {
+      ctx.throw(403, "Stage transition permission is required");
+    }
     const { id: assigneeId } = await validateUpdateAssigneeOnEntity(
       ctx.request?.body?.data,
       "You should pass a valid id to the body of the put request."
     );
-    await validateLocale(locale);
     await workflowService.assertContentTypeBelongsToWorkflow(model);
-    const entity = await assigneeService.updateEntityAssignee(
+    const updatedEntity = await assigneeService.updateEntityAssignee(
       documentId,
       locale || null,
       model,
       assigneeId
     );
-    ctx.body = { data: await sanitizeOutput(entity) };
+    ctx.body = { data: await sanitizeOutput(updatedEntity) };
   }
 };
 const controllers = {