@strapi/utils 4.12.6 → 4.13.0-alpha.0

package/dist/validate/index.js

@@ -0,0 +1,121 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const fp_1 = require("lodash/fp");
+const content_types_1 = require("../content-types");
+const async_1 = require("../async");
+const visitors = __importStar(require("./visitors"));
+const validators = __importStar(require("./validators"));
+const traverse_entity_1 = __importDefault(require("../traverse-entity"));
+const traverse_1 = require("../traverse");
+const createContentAPIValidators = () => {
+    const validateInput = async (data, schema, { auth } = {}) => {
+        if (!schema) {
+            throw new Error('Missing schema in validateInput');
+        }
+        if ((0, fp_1.isArray)(data)) {
+            await Promise.all(data.map((entry) => validateInput(entry, schema, { auth })));
+            return;
+        }
+        const nonWritableAttributes = (0, content_types_1.getNonWritableAttributes)(schema);
+        const transforms = [
+            // non writable attributes
+            (0, traverse_entity_1.default)(visitors.throwRestrictedFields(nonWritableAttributes), { schema }),
+        ];
+        if (auth) {
+            // restricted relations
+            transforms.push((0, traverse_entity_1.default)(visitors.throwRestrictedRelations(auth), { schema }));
+        }
+        // Apply validators from registry if exists
+        strapi.validators
+            .get('content-api.input')
+            .forEach((validator) => transforms.push(validator(schema)));
+        (0, async_1.pipeAsync)(...transforms)(data);
+    };
+    const validateQuery = async (query, schema, { auth } = {}) => {
+        if (!schema) {
+            throw new Error('Missing schema in validateQuery');
+        }
+        const { filters, sort, fields } = query;
+        if (filters) {
+            await validateFilters(filters, schema, { auth });
+        }
+        if (sort) {
+            await validateSort(sort, schema, { auth });
+        }
+        if (fields) {
+            await validateFields(fields, schema);
+        }
+        // TODO: validate populate
+    };
+    const validateFilters = async (filters, schema, { auth } = {}) => {
+        if (!schema) {
+            throw new Error('Missing schema in validateFilters');
+        }
+        if ((0, fp_1.isArray)(filters)) {
+            await Promise.all(filters.map((filter) => validateFilters(filter, schema, { auth })));
+            return;
+        }
+        const transforms = [validators.defaultValidateFilters(schema)];
+        if (auth) {
+            transforms.push((0, traverse_1.traverseQueryFilters)(visitors.throwRestrictedRelations(auth), { schema }));
+        }
+        return (0, async_1.pipeAsync)(...transforms)(filters);
+    };
+    const validateSort = async (sort, schema, { auth } = {}) => {
+        if (!schema) {
+            throw new Error('Missing schema in validateSort');
+        }
+        const transforms = [validators.defaultValidateSort(schema)];
+        if (auth) {
+            transforms.push((0, traverse_1.traverseQuerySort)(visitors.throwRestrictedRelations(auth), { schema }));
+        }
+        return (0, async_1.pipeAsync)(...transforms)(sort);
+    };
+    const validateFields = (fields, schema) => {
+        if (!schema) {
+            throw new Error('Missing schema in validateFields');
+        }
+        const transforms = [validators.defaultValidateFields(schema)];
+        return (0, async_1.pipeAsync)(...transforms)(fields);
+    };
+    return {
+        input: validateInput,
+        query: validateQuery,
+        filters: validateFilters,
+        sort: validateSort,
+        fields: validateFields,
+    };
+};
+const contentAPI = createContentAPIValidators();
+exports.default = {
+    contentAPI,
+    validators,
+    visitors,
+};
+//# sourceMappingURL=index.js.map

package/dist/validate/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/validate/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,kCAAoC;AAEpC,oDAA4D;AAC5D,oCAAqC;AAErC,qDAAuC;AACvC,yDAA2C;AAC3C,yEAA0D;AAE1D,0CAAsE;AAetE,MAAM,0BAA0B,GAAG,GAAG,EAAE;IACtC,MAAM,aAAa,GAAiB,KAAK,EAAE,IAAa,EAAE,MAAa,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;QACxF,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;SACpD;QAED,IAAI,IAAA,YAAO,EAAC,IAAI,CAAC,EAAE;YACjB,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC/E,OAAO;SACR;QAED,MAAM,qBAAqB,GAAG,IAAA,wCAAwB,EAAC,MAAM,CAAC,CAAC;QAE/D,MAAM,UAAU,GAAG;YACjB,0BAA0B;YAC1B,IAAA,yBAAc,EAAC,QAAQ,CAAC,qBAAqB,CAAC,qBAAqB,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC;SAClF,CAAC;QAEF,IAAI,IAAI,EAAE;YACR,uBAAuB;YACvB,UAAU,CAAC,IAAI,CAAC,IAAA,yBAAc,EAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;SACtF;QAED,2CAA2C;QAC3C,MAAM,CAAC,UAAU;aACd,GAAG,CAAC,mBAAmB,CAAC;aACxB,OAAO,CAAC,CAAC,SAAoB,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAEzE,IAAA,iBAAS,EAAC,GAAG,UAAU,CAAC,CAAC,IAAY,CAAC,CAAC;IACzC,CAAC,CAAC;IAEF,MAAM,aAAa,GAAG,KAAK,EACzB,KAA8B,EAC9B,MAAa,EACb,EAAE,IAAI,KAAc,EAAE,EACtB,EAAE;QACF,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;SACpD;QACD,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,KAAK,CAAC;QAExC,IAAI,OAAO,EAAE;YACX,MAAM,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;SAClD;QAED,IAAI,IAAI,EAAE;YACR,MAAM,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;SAC5C;QAED,IAAI,MAAM,EAAE;YACV,MAAM,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;SACtC;QAED,0BAA0B;IAC5B,CAAC,CAAC;IAEF,MAAM,eAAe,GAAiB,KAAK,EAAE,OAAO,EAAE,MAAa,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;QACpF,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;SACtD;QACD,IAAI,IAAA,YAAO,EAAC,OAAO,CAAC,EAAE;YACpB,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YACtF,OAAO;SACR;QAED,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,CAAC;QAE/D,IAAI,IAAI,EAAE;YACR,UAAU,CAAC,IAAI,CAAC,IAAA,+BAAoB,EAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;SAC5F;QAED,OAAO,IAAA,iBAAS,EAAC,GAAG,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC;IAC3C,CAAC,CAAC;IAEF,MAAM,YAAY,GAAiB,KAAK,EAAE,IAAI,EAAE,MAAa,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;QAC9E,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;SACnD;QACD,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;QAE5D,IAAI,IAAI,EAAE;YACR,UAAU,CAAC,IAAI,CAAC,IAAA,4BAAiB,EAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;SACzF;QAED,OAAO,IAAA,iBAAS,EAAC,GAAG,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC,CAAC;IAEF,MAAM,cAAc,GAAiB,CAAC,MAAM,EAAE,MAAa,EAAE,EAAE;QAC7D,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;SACrD;QACD,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC;QAE9D,OAAO,IAAA,iBAAS,EAAC,GAAG,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC,CAAC;IAEF,OAAO;QACL,KAAK,EAAE,aAAa;QACpB,KAAK,EAAE,aAAa;QACpB,OAAO,EAAE,eAAe;QACxB,IAAI,EAAE,YAAY;QAClB,MAAM,EAAE,cAAc;KACvB,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,0BAA0B,EAAE,CAAC;AAEhD,kBAAe;IACb,UAAU;IACV,UAAU;IACV,QAAQ;CACT,CAAC"}

package/dist/validate/utils.d.ts

@@ -0,0 +1,3 @@
+export declare const throwInvalidParam: ({ key }: {
+    key: string;
+}) => never;

package/dist/validate/utils.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.throwInvalidParam = void 0;
+const errors_1 = require("../errors");
+const throwInvalidParam = ({ key }) => {
+    throw new errors_1.ValidationError(`Invalid parameter ${key}`);
+};
+exports.throwInvalidParam = throwInvalidParam;
+//# sourceMappingURL=utils.js.map

package/dist/validate/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/validate/utils.ts"],"names":[],"mappings":";;;AAAA,sCAA4C;AAErC,MAAM,iBAAiB,GAAG,CAAC,EAAE,GAAG,EAAmB,EAAE,EAAE;IAC5D,MAAM,IAAI,wBAAe,CAAC,qBAAqB,GAAG,EAAE,CAAC,CAAC;AACxD,CAAC,CAAC;AAFW,QAAA,iBAAiB,qBAE5B"}

package/dist/validate/validators.d.ts

@@ -0,0 +1,8 @@
+/// <reference types="lodash" />
+import { Data } from '../traverse-entity';
+import type { Model } from '../types';
+declare const throwPasswords: (schema: Model) => (entity: Data) => Promise<Data>;
+declare const defaultValidateFilters: import("lodash").CurriedFunction2<Model, unknown, Promise<unknown>>;
+declare const defaultValidateSort: import("lodash").CurriedFunction2<Model, unknown, Promise<unknown>>;
+declare const defaultValidateFields: import("lodash").CurriedFunction2<Model, unknown, Promise<unknown>>;
+export { throwPasswords, defaultValidateFilters, defaultValidateSort, defaultValidateFields };

package/dist/validate/validators.js

@@ -0,0 +1,115 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.defaultValidateFields = exports.defaultValidateSort = exports.defaultValidateFilters = exports.throwPasswords = void 0;
+const fp_1 = require("lodash/fp");
+const async_1 = require("../async");
+const traverse_entity_1 = __importDefault(require("../traverse-entity"));
+const content_types_1 = require("../content-types");
+const traverse_1 = require("../traverse");
+const visitors_1 = require("./visitors");
+const operators_1 = require("../operators");
+const utils_1 = require("./utils");
+const throwPasswords = (schema) => async (entity) => {
+    if (!schema) {
+        throw new Error('Missing schema in throwPasswords');
+    }
+    return (0, traverse_entity_1.default)(visitors_1.throwPassword, { schema }, entity);
+};
+exports.throwPasswords = throwPasswords;
+const defaultValidateFilters = (0, fp_1.curry)((schema, filters) => {
+    // TODO: schema checks should check that it is a validate schema with yup
+    if (!schema) {
+        throw new Error('Missing schema in defaultValidateFilters');
+    }
+    return (0, async_1.pipeAsync)(
+    // keys that are not attributes or valid operators
+    (0, traverse_1.traverseQueryFilters)(({ key, attribute }) => {
+        // ID is not an attribute per se, so we need to make
+        // an extra check to ensure we're not removing it
+        if (key === 'id') {
+            return;
+        }
+        const isAttribute = !!attribute;
+        if (!isAttribute && !(0, operators_1.isOperator)(key)) {
+            (0, utils_1.throwInvalidParam)({ key });
+        }
+    }, { schema }), 
+    // dynamic zones from filters
+    (0, traverse_1.traverseQueryFilters)(visitors_1.throwDynamicZones, { schema }), 
+    // morphTo relations from filters; because you can't have deep filtering on morph relations
+    (0, traverse_1.traverseQueryFilters)(visitors_1.throwMorphToRelations, { schema }), 
+    // passwords from filters
+    (0, traverse_1.traverseQueryFilters)(visitors_1.throwPassword, { schema }), 
+    // private from filters
+    (0, traverse_1.traverseQueryFilters)(visitors_1.throwPrivate, { schema }), 
+    // empty objects
+    (0, traverse_1.traverseQueryFilters)(({ key, value }) => {
+        if ((0, fp_1.isObject)(value) && (0, fp_1.isEmpty)(value)) {
+            (0, utils_1.throwInvalidParam)({ key });
+        }
+    }, { schema }))(filters);
+});
+exports.defaultValidateFilters = defaultValidateFilters;
+const defaultValidateSort = (0, fp_1.curry)((schema, sort) => {
+    if (!schema) {
+        throw new Error('Missing schema in defaultValidateSort');
+    }
+    return (0, async_1.pipeAsync)(
+    // non attribute keys
+    (0, traverse_1.traverseQuerySort)(({ key, attribute }) => {
+        // ID is not an attribute per se, so we need to make
+        // an extra check to ensure we're not removing it
+        if (key === 'id') {
+            return;
+        }
+        if (!attribute) {
+            (0, utils_1.throwInvalidParam)({ key });
+        }
+    }, { schema }), 
+    // dynamic zones from sort
+    (0, traverse_1.traverseQuerySort)(visitors_1.throwDynamicZones, { schema }), 
+    // morphTo relations from sort
+    (0, traverse_1.traverseQuerySort)(visitors_1.throwMorphToRelations, { schema }), 
+    // private from sort
+    (0, traverse_1.traverseQuerySort)(visitors_1.throwPrivate, { schema }), 
+    // passwords from filters
+    (0, traverse_1.traverseQuerySort)(visitors_1.throwPassword, { schema }), 
+    // keys for empty non-scalar values
+    (0, traverse_1.traverseQuerySort)(({ key, attribute, value }) => {
+        // ID is not an attribute per se, so we need to make
+        // an extra check to ensure we're not removing it
+        if (key === 'id') {
+            return;
+        }
+        if (!(0, content_types_1.isScalarAttribute)(attribute) && (0, fp_1.isEmpty)(value)) {
+            (0, utils_1.throwInvalidParam)({ key });
+        }
+    }, { schema }))(sort);
+});
+exports.defaultValidateSort = defaultValidateSort;
+const defaultValidateFields = (0, fp_1.curry)((schema, fields) => {
+    if (!schema) {
+        throw new Error('Missing schema in defaultValidateFields');
+    }
+    return (0, async_1.pipeAsync)(
+    // Only allow scalar attributes
+    (0, traverse_1.traverseQueryFields)(({ key, attribute }) => {
+        // ID is not an attribute per se, so we need to make
+        // an extra check to ensure we're not removing it
+        if (key === 'id') {
+            return;
+        }
+        if ((0, fp_1.isNil)(attribute) || !(0, content_types_1.isScalarAttribute)(attribute)) {
+            (0, utils_1.throwInvalidParam)({ key });
+        }
+    }, { schema }), 
+    // private fields
+    (0, traverse_1.traverseQueryFields)(visitors_1.throwPrivate, { schema }), 
+    // password fields
+    (0, traverse_1.traverseQueryFields)(visitors_1.throwPassword, { schema }))(fields);
+});
+exports.defaultValidateFields = defaultValidateFields;
+//# sourceMappingURL=validators.js.map

package/dist/validate/validators.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validators.js","sourceRoot":"","sources":["../../src/validate/validators.ts"],"names":[],"mappings":";;;;;;AAAA,kCAA4D;AAE5D,oCAAqC;AACrC,yEAA0D;AAC1D,oDAAqD;AAErD,0CAA2F;AAE3F,yCAAmG;AACnG,4CAA0C;AAG1C,mCAA4C;AAE5C,MAAM,cAAc,GAAG,CAAC,MAAa,EAAE,EAAE,CAAC,KAAK,EAAE,MAAY,EAAE,EAAE;IAC/D,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;KACrD;IAED,OAAO,IAAA,yBAAc,EAAC,wBAAa,EAAE,EAAE,MAAM,EAAE,EAAE,MAAM,CAAC,CAAC;AAC3D,CAAC,CAAC;AAuHO,wCAAc;AArHvB,MAAM,sBAAsB,GAAG,IAAA,UAAK,EAAC,CAAC,MAAa,EAAE,OAAgB,EAAE,EAAE;IACvE,yEAAyE;IACzE,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;KAC7D;IACD,OAAO,IAAA,iBAAS;IACd,kDAAkD;IAClD,IAAA,+BAAoB,EAClB,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE;QACrB,oDAAoD;QACpD,iDAAiD;QACjD,IAAI,GAAG,KAAK,IAAI,EAAE;YAChB,OAAO;SACR;QAED,MAAM,WAAW,GAAG,CAAC,CAAC,SAAS,CAAC;QAEhC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAA,sBAAU,EAAC,GAAG,CAAC,EAAE;YACpC,IAAA,yBAAiB,EAAC,EAAE,GAAG,EAAE,CAAC,CAAC;SAC5B;IACH,CAAC,EACD,EAAE,MAAM,EAAE,CACX;IACD,6BAA6B;IAC7B,IAAA,+BAAoB,EAAC,4BAAiB,EAAE,EAAE,MAAM,EAAE,CAAC;IACnD,2FAA2F;IAC3F,IAAA,+BAAoB,EAAC,gCAAqB,EAAE,EAAE,MAAM,EAAE,CAAC;IACvD,yBAAyB;IACzB,IAAA,+BAAoB,EAAC,wBAAa,EAAE,EAAE,MAAM,EAAE,CAAC;IAC/C,uBAAuB;IACvB,IAAA,+BAAoB,EAAC,uBAAY,EAAE,EAAE,MAAM,EAAE,CAAC;IAC9C,gBAAgB;IAChB,IAAA,+BAAoB,EAClB,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE;QACjB,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,IAAI,IAAA,YAAO,EAAC,KAAK,CAAC,EAAE;YACrC,IAAA,yBAAiB,EAAC,EAAE,GAAG,EAAE,CAAC,CAAC;SAC5B;IACH,CAAC,EACD,EAAE,MAAM,EAAE,CACX,CACF,CAAC,OAAO,CAAC,CAAC;AACb,CAAC,CAAC,CAAC;AA4EsB,wDAAsB;AA1E/C,MAAM,mBAAmB,GAAG,IAAA,UAAK,EAAC,CAAC,MAAa,EAAE,IAAa,EAAE,EAAE;IACjE,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;KAC1D;IAED,OAAO,IAAA,iBAAS;IACd,qBAAqB;IACrB,IAAA,4BAAiB,EACf,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE;QACrB,oDAAoD;QACpD,iDAAiD;QACjD,IAAI,GAAG,KAAK,IAAI,EAAE;YAChB,OAAO;SACR;QAED,IAAI,CAAC,SAAS,EAAE;YACd,IAAA,yBAAiB,EAAC,EAAE,GAAG,EAAE,CAAC,CAAC;SAC5B;IACH,CAAC,EACD,EAAE,MAAM,EAAE,CACX;IACD,0BAA0B;IAC1B,IAAA,4BAAiB,EAAC,4BAAiB,EAAE,EAAE,MAAM,EAAE,CAAC;IAChD,8BAA8B;IAC9B,IAAA,4BAAiB,EAAC,gCAAqB,EAAE,EAAE,MAAM,EAAE,CAAC;IACpD,oBAAoB;IACpB,IAAA,4BAAiB,EAAC,uBAAY,EAAE,EAAE,MAAM,EAAE,CAAC;IAC3C,yBAAyB;IACzB,IAAA,4BAAiB,EAAC,wBAAa,EAAE,EAAE,MAAM,EAAE,CAAC;IAC5C,mCAAmC;IACnC,IAAA,4BAAiB,EACf,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE;QAC5B,oDAAoD;QACpD,iDAAiD;QACjD,IAAI,GAAG,KAAK,IAAI,EAAE;YAChB,OAAO;SACR;QAED,IAAI,CAAC,IAAA,iCAAiB,EAAC,SAAS,CAAC,IAAI,IAAA,YAAO,EAAC,KAAK,CAAC,EAAE;YACnD,IAAA,yBAAiB,EAAC,EAAE,GAAG,EAAE,CAAC,CAAC;SAC5B;IACH,CAAC,EACD,EAAE,MAAM,EAAE,CACX,CACF,CAAC,IAAI,CAAC,CAAC;AACV,CAAC,CAAC,CAAC;AA6B8C,kDAAmB;AA3BpE,MAAM,qBAAqB,GAAG,IAAA,UAAK,EAAC,CAAC,MAAa,EAAE,MAAe,EAAE,EAAE;IACrE,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;KAC5D;IACD,OAAO,IAAA,iBAAS;IACd,+BAA+B;IAC/B,IAAA,8BAAmB,EACjB,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE;QACrB,oDAAoD;QACpD,iDAAiD;QACjD,IAAI,GAAG,KAAK,IAAI,EAAE;YAChB,OAAO;SACR;QAED,IAAI,IAAA,UAAK,EAAC,SAAS,CAAC,IAAI,CAAC,IAAA,iCAAiB,EAAC,SAAS,CAAC,EAAE;YACrD,IAAA,yBAAiB,EAAC,EAAE,GAAG,EAAE,CAAC,CAAC;SAC5B;IACH,CAAC,EACD,EAAE,MAAM,EAAE,CACX;IACD,iBAAiB;IACjB,IAAA,8BAAmB,EAAC,uBAAY,EAAE,EAAE,MAAM,EAAE,CAAC;IAC7C,kBAAkB;IAClB,IAAA,8BAAmB,EAAC,wBAAa,EAAE,EAAE,MAAM,EAAE,CAAC,CAC/C,CAAC,MAAM,CAAC,CAAC;AACZ,CAAC,CAAC,CAAC;AAEmE,sDAAqB"}

package/dist/validate/visitors/index.d.ts

@@ -0,0 +1,7 @@
+export { default as throwPassword } from './throw-password';
+export { default as throwPrivate } from './throw-private';
+export { default as throwRestrictedRelations } from './throw-restricted-relations';
+export { default as throwMorphToRelations } from './throw-morph-to-relations';
+export { default as throwDynamicZones } from './throw-dynamic-zones';
+export { default as throwDisallowedFields } from './throw-disallowed-fields';
+export { default as throwRestrictedFields } from './throw-restricted-fields';

package/dist/validate/visitors/index.js

@@ -0,0 +1,21 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.throwRestrictedFields = exports.throwDisallowedFields = exports.throwDynamicZones = exports.throwMorphToRelations = exports.throwRestrictedRelations = exports.throwPrivate = exports.throwPassword = void 0;
+var throw_password_1 = require("./throw-password");
+Object.defineProperty(exports, "throwPassword", { enumerable: true, get: function () { return __importDefault(throw_password_1).default; } });
+var throw_private_1 = require("./throw-private");
+Object.defineProperty(exports, "throwPrivate", { enumerable: true, get: function () { return __importDefault(throw_private_1).default; } });
+var throw_restricted_relations_1 = require("./throw-restricted-relations");
+Object.defineProperty(exports, "throwRestrictedRelations", { enumerable: true, get: function () { return __importDefault(throw_restricted_relations_1).default; } });
+var throw_morph_to_relations_1 = require("./throw-morph-to-relations");
+Object.defineProperty(exports, "throwMorphToRelations", { enumerable: true, get: function () { return __importDefault(throw_morph_to_relations_1).default; } });
+var throw_dynamic_zones_1 = require("./throw-dynamic-zones");
+Object.defineProperty(exports, "throwDynamicZones", { enumerable: true, get: function () { return __importDefault(throw_dynamic_zones_1).default; } });
+var throw_disallowed_fields_1 = require("./throw-disallowed-fields");
+Object.defineProperty(exports, "throwDisallowedFields", { enumerable: true, get: function () { return __importDefault(throw_disallowed_fields_1).default; } });
+var throw_restricted_fields_1 = require("./throw-restricted-fields");
+Object.defineProperty(exports, "throwRestrictedFields", { enumerable: true, get: function () { return __importDefault(throw_restricted_fields_1).default; } });
+//# sourceMappingURL=index.js.map

package/dist/validate/visitors/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/validate/visitors/index.ts"],"names":[],"mappings":";;;;;;AAAA,mDAA4D;AAAnD,gIAAA,OAAO,OAAiB;AACjC,iDAA0D;AAAjD,8HAAA,OAAO,OAAgB;AAChC,2EAAmF;AAA1E,uJAAA,OAAO,OAA4B;AAC5C,uEAA8E;AAArE,kJAAA,OAAO,OAAyB;AACzC,6DAAqE;AAA5D,yIAAA,OAAO,OAAqB;AACrC,qEAA6E;AAApE,iJAAA,OAAO,OAAyB;AACzC,qEAA6E;AAApE,iJAAA,OAAO,OAAyB"}

package/dist/validate/visitors/throw-disallowed-fields.d.ts

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse/factory';
+declare const _default: (allowedFields?: string[] | null) => Visitor;
+export default _default;

package/dist/validate/visitors/throw-disallowed-fields.js

@@ -0,0 +1,84 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const fp_1 = require("lodash/fp");
+const utils_1 = require("../utils");
+exports.default = (allowedFields = null) => ({ key, path: { attribute: path } }) => {
+    // All fields are allowed
+    if (allowedFields === null) {
+        return;
+    }
+    // Throw on invalid formats
+    if (!((0, fp_1.isArray)(allowedFields) && allowedFields.every(fp_1.isString))) {
+        throw new TypeError(`Expected array of strings for allowedFields but got "${typeof allowedFields}"`);
+    }
+    if ((0, fp_1.isNil)(path)) {
+        return;
+    }
+    const containedPaths = getContainedPaths(path);
+    /**
+     * Tells if the current path should be kept or not based
+     * on the success of the check functions for any of the allowed paths.
+     *
+     * The check functions are defined as follow:
+     *
+     * `containedPaths.includes(p)`
+     * @example
+     * ```js
+     * const path = 'foo.bar.field';
+     * const p = 'foo.bar';
+     * // it should match
+     *
+     * const path = 'foo.bar.field';
+     * const p = 'bar.foo';
+     * // it shouldn't match
+     *
+     * const path = 'foo.bar';
+     * const p = 'foo.bar.field';
+     * // it should match but isn't handled by this check
+     * ```
+     *
+     * `p.startsWith(`${path}.`)`
+     * @example
+     * ```js
+     * const path = 'foo.bar';
+     * const p = 'foo.bar.field';
+     * // it should match
+     *
+     * const path = 'foo.bar.field';
+     * const p = 'bar.foo';
+     * // it shouldn't match
+     *
+     * const path = 'foo.bar.field';
+     * const p = 'foo.bar';
+     * // it should match but isn't handled by this check
+     * ```
+     */
+    const isPathAllowed = allowedFields.some((p) => containedPaths.includes(p) || p.startsWith(`${path}.`));
+    if (isPathAllowed) {
+        return;
+    }
+    // throw otherwise
+    (0, utils_1.throwInvalidParam)({ key });
+};
+/**
+ * Retrieve the list of allowed paths based on the given path
+ *
+ * @example
+ * ```js
+ * const containedPaths = getContainedPaths('foo');
+ * // ['foo']
+ *
+ *  * const containedPaths = getContainedPaths('foo.bar');
+ * // ['foo', 'foo.bar']
+ *
+ *  * const containedPaths = getContainedPaths('foo.bar.field');
+ * // ['foo', 'foo.bar', 'foo.bar.field']
+ * ```
+ */
+const getContainedPaths = (path) => {
+    const parts = (0, fp_1.toPath)(path);
+    return parts.reduce((acc, value, index, list) => {
+        return [...acc, list.slice(0, index + 1).join('.')];
+    }, []);
+};
+//# sourceMappingURL=throw-disallowed-fields.js.map

package/dist/validate/visitors/throw-disallowed-fields.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"throw-disallowed-fields.js","sourceRoot":"","sources":["../../../src/validate/visitors/throw-disallowed-fields.ts"],"names":[],"mappings":";;AAAA,kCAA6D;AAE7D,oCAA6C;AAE7C,kBAAe,CAAC,gBAAiC,IAAI,EAAW,EAAE,CAChE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE;IACrC,yBAAyB;IACzB,IAAI,aAAa,KAAK,IAAI,EAAE;QAC1B,OAAO;KACR;IAED,2BAA2B;IAC3B,IAAI,CAAC,CAAC,IAAA,YAAO,EAAC,aAAa,CAAC,IAAI,aAAa,CAAC,KAAK,CAAC,aAAQ,CAAC,CAAC,EAAE;QAC9D,MAAM,IAAI,SAAS,CACjB,wDAAwD,OAAO,aAAa,GAAG,CAChF,CAAC;KACH;IAED,IAAI,IAAA,UAAK,EAAC,IAAI,CAAC,EAAE;QACf,OAAO;KACR;IAED,MAAM,cAAc,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IAE/C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAqCG;IACH,MAAM,aAAa,GAAG,aAAa,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,CAC9D,CAAC;IAEF,IAAI,aAAa,EAAE;QACjB,OAAO;KACR;IAED,kBAAkB;IAClB,IAAA,yBAAiB,EAAC,EAAE,GAAG,EAAE,CAAC,CAAC;AAC7B,CAAC,CAAC;AAEJ;;;;;;;;;;;;;;GAcG;AACH,MAAM,iBAAiB,GAAG,CAAC,IAAY,EAAE,EAAE;IACzC,MAAM,KAAK,GAAG,IAAA,WAAM,EAAC,IAAI,CAAC,CAAC;IAE3B,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QAC9C,OAAO,CAAC,GAAG,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACtD,CAAC,EAAE,EAAc,CAAC,CAAC;AACrB,CAAC,CAAC"}

package/dist/validate/visitors/throw-dynamic-zones.d.ts

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse/factory';
+declare const visitor: Visitor;
+export default visitor;

package/dist/validate/visitors/throw-dynamic-zones.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const content_types_1 = require("../../content-types");
+const utils_1 = require("../utils");
+const visitor = ({ key, attribute }) => {
+    if ((0, content_types_1.isDynamicZoneAttribute)(attribute)) {
+        (0, utils_1.throwInvalidParam)({ key });
+    }
+};
+exports.default = visitor;
+//# sourceMappingURL=throw-dynamic-zones.js.map

package/dist/validate/visitors/throw-dynamic-zones.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"throw-dynamic-zones.js","sourceRoot":"","sources":["../../../src/validate/visitors/throw-dynamic-zones.ts"],"names":[],"mappings":";;AAAA,uDAA6D;AAC7D,oCAA6C;AAG7C,MAAM,OAAO,GAAY,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE;IAC9C,IAAI,IAAA,sCAAsB,EAAC,SAAS,CAAC,EAAE;QACrC,IAAA,yBAAiB,EAAC,EAAE,GAAG,EAAE,CAAC,CAAC;KAC5B;AACH,CAAC,CAAC;AAEF,kBAAe,OAAO,CAAC"}

package/dist/validate/visitors/throw-morph-to-relations.d.ts

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse/factory';
+declare const visitor: Visitor;
+export default visitor;

package/dist/validate/visitors/throw-morph-to-relations.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const content_types_1 = require("../../content-types");
+const utils_1 = require("../utils");
+const visitor = ({ key, attribute }) => {
+    if ((0, content_types_1.isMorphToRelationalAttribute)(attribute)) {
+        (0, utils_1.throwInvalidParam)({ key });
+    }
+};
+exports.default = visitor;
+//# sourceMappingURL=throw-morph-to-relations.js.map

package/dist/validate/visitors/throw-morph-to-relations.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"throw-morph-to-relations.js","sourceRoot":"","sources":["../../../src/validate/visitors/throw-morph-to-relations.ts"],"names":[],"mappings":";;AAAA,uDAAmE;AACnE,oCAA6C;AAG7C,MAAM,OAAO,GAAY,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE;IAC9C,IAAI,IAAA,4CAA4B,EAAC,SAAS,CAAC,EAAE;QAC3C,IAAA,yBAAiB,EAAC,EAAE,GAAG,EAAE,CAAC,CAAC;KAC5B;AACH,CAAC,CAAC;AAEF,kBAAe,OAAO,CAAC"}

package/dist/validate/visitors/throw-password.d.ts

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse/factory';
+declare const visitor: Visitor;
+export default visitor;

package/dist/validate/visitors/throw-password.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const utils_1 = require("../utils");
+const visitor = ({ key, attribute }) => {
+    if (attribute?.type === 'password') {
+        (0, utils_1.throwInvalidParam)({ key });
+    }
+};
+exports.default = visitor;
+//# sourceMappingURL=throw-password.js.map

package/dist/validate/visitors/throw-password.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"throw-password.js","sourceRoot":"","sources":["../../../src/validate/visitors/throw-password.ts"],"names":[],"mappings":";;AAAA,oCAA6C;AAG7C,MAAM,OAAO,GAAY,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE;IAC9C,IAAI,SAAS,EAAE,IAAI,KAAK,UAAU,EAAE;QAClC,IAAA,yBAAiB,EAAC,EAAE,GAAG,EAAE,CAAC,CAAC;KAC5B;AACH,CAAC,CAAC;AAEF,kBAAe,OAAO,CAAC"}

package/dist/validate/visitors/throw-private.d.ts

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse/factory';
+declare const visitor: Visitor;
+export default visitor;

package/dist/validate/visitors/throw-private.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const content_types_1 = require("../../content-types");
+const utils_1 = require("../utils");
+const visitor = ({ schema, key, attribute }) => {
+    if (!attribute) {
+        return;
+    }
+    const isPrivate = attribute.private === true || (0, content_types_1.isPrivateAttribute)(schema, key);
+    if (isPrivate) {
+        (0, utils_1.throwInvalidParam)({ key });
+    }
+};
+exports.default = visitor;
+//# sourceMappingURL=throw-private.js.map

package/dist/validate/visitors/throw-private.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"throw-private.js","sourceRoot":"","sources":["../../../src/validate/visitors/throw-private.ts"],"names":[],"mappings":";;AAAA,uDAAyD;AACzD,oCAA6C;AAG7C,MAAM,OAAO,GAAY,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE;IACtD,IAAI,CAAC,SAAS,EAAE;QACd,OAAO;KACR;IAED,MAAM,SAAS,GAAG,SAAS,CAAC,OAAO,KAAK,IAAI,IAAI,IAAA,kCAAkB,EAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAEhF,IAAI,SAAS,EAAE;QACb,IAAA,yBAAiB,EAAC,EAAE,GAAG,EAAE,CAAC,CAAC;KAC5B;AACH,CAAC,CAAC;AAEF,kBAAe,OAAO,CAAC"}

package/dist/validate/visitors/throw-restricted-fields.d.ts

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse/factory';
+declare const _default: (restrictedFields?: string[] | null) => Visitor;
+export default _default;

package/dist/validate/visitors/throw-restricted-fields.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const fp_1 = require("lodash/fp");
+const utils_1 = require("../utils");
+exports.default = (restrictedFields = null) => ({ key, path: { attribute: path } }) => {
+    // all fields
+    if (restrictedFields === null) {
+        (0, utils_1.throwInvalidParam)({ key });
+    }
+    // Throw on invalid formats
+    if (!((0, fp_1.isArray)(restrictedFields) && restrictedFields.every(fp_1.isString))) {
+        throw new TypeError(`Expected array of strings for restrictedFields but got "${typeof restrictedFields}"`);
+    }
+    // if an exact match was found
+    if (restrictedFields.includes(path)) {
+        (0, utils_1.throwInvalidParam)({ key });
+    }
+    // nested matches
+    const isRestrictedNested = restrictedFields.some((allowedPath) => path?.toString().startsWith(`${allowedPath}.`));
+    if (isRestrictedNested) {
+        (0, utils_1.throwInvalidParam)({ key });
+    }
+};
+//# sourceMappingURL=throw-restricted-fields.js.map

package/dist/validate/visitors/throw-restricted-fields.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"throw-restricted-fields.js","sourceRoot":"","sources":["../../../src/validate/visitors/throw-restricted-fields.ts"],"names":[],"mappings":";;AAAA,kCAA8C;AAE9C,oCAA6C;AAE7C,kBAAe,CAAC,mBAAoC,IAAI,EAAW,EAAE,CACnE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE;IACrC,aAAa;IACb,IAAI,gBAAgB,KAAK,IAAI,EAAE;QAC7B,IAAA,yBAAiB,EAAC,EAAE,GAAG,EAAE,CAAC,CAAC;KAC5B;IAED,2BAA2B;IAC3B,IAAI,CAAC,CAAC,IAAA,YAAO,EAAC,gBAAgB,CAAC,IAAI,gBAAgB,CAAC,KAAK,CAAC,aAAQ,CAAC,CAAC,EAAE;QACpE,MAAM,IAAI,SAAS,CACjB,2DAA2D,OAAO,gBAAgB,GAAG,CACtF,CAAC;KACH;IAED,8BAA8B;IAC9B,IAAI,gBAAgB,CAAC,QAAQ,CAAC,IAAc,CAAC,EAAE;QAC7C,IAAA,yBAAiB,EAAC,EAAE,GAAG,EAAE,CAAC,CAAC;KAC5B;IAED,iBAAiB;IACjB,MAAM,kBAAkB,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAC/D,IAAI,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,GAAG,WAAW,GAAG,CAAC,CAC/C,CAAC;IACF,IAAI,kBAAkB,EAAE;QACtB,IAAA,yBAAiB,EAAC,EAAE,GAAG,EAAE,CAAC,CAAC;KAC5B;AACH,CAAC,CAAC"}

package/dist/validate/visitors/throw-restricted-relations.d.ts

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse/factory';
+declare const _default: (auth: unknown) => Visitor;
+export default _default;

package/dist/validate/visitors/throw-restricted-relations.js

@@ -0,0 +1,81 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const contentTypeUtils = __importStar(require("../../content-types"));
+const utils_1 = require("../utils");
+const ACTIONS_TO_VERIFY = ['find'];
+const { CREATED_BY_ATTRIBUTE, UPDATED_BY_ATTRIBUTE } = contentTypeUtils.constants;
+exports.default = (auth) => async ({ data, key, attribute, schema }, { set }) => {
+    if (!attribute) {
+        return;
+    }
+    const isRelation = attribute.type === 'relation';
+    if (!isRelation) {
+        return;
+    }
+    const handleMorphRelation = async () => {
+        for (const element of data[key]) {
+            const scopes = ACTIONS_TO_VERIFY.map((action) => `${element.__type}.${action}`);
+            const isAllowed = await hasAccessToSomeScopes(scopes, auth);
+            if (!isAllowed) {
+                (0, utils_1.throwInvalidParam)({ key });
+            }
+        }
+    };
+    const handleRegularRelation = async () => {
+        const scopes = ACTIONS_TO_VERIFY.map((action) => `${attribute.target}.${action}`);
+        const isAllowed = await hasAccessToSomeScopes(scopes, auth);
+        // If the authenticated user don't have access to any of the scopes
+        if (!isAllowed) {
+            (0, utils_1.throwInvalidParam)({ key });
+        }
+    };
+    const isCreatorRelation = [CREATED_BY_ATTRIBUTE, UPDATED_BY_ATTRIBUTE].includes(key);
+    // Polymorphic relations
+    if (contentTypeUtils.isMorphToRelationalAttribute(attribute)) {
+        await handleMorphRelation();
+        return;
+    }
+    // Creator relations
+    if (isCreatorRelation && schema.options.populateCreatorFields) {
+        // do nothing
+        return;
+    }
+    // Regular relations
+    await handleRegularRelation();
+};
+const hasAccessToSomeScopes = async (scopes, auth) => {
+    for (const scope of scopes) {
+        try {
+            await strapi.auth.verify(auth, { scope });
+            return true;
+        }
+        catch {
+            continue;
+        }
+    }
+    return false;
+};
+//# sourceMappingURL=throw-restricted-relations.js.map

package/dist/validate/visitors/throw-restricted-relations.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"throw-restricted-relations.js","sourceRoot":"","sources":["../../../src/validate/visitors/throw-restricted-relations.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,sEAAwD;AACxD,oCAA6C;AAG7C,MAAM,iBAAiB,GAAG,CAAC,MAAM,CAAC,CAAC;AACnC,MAAM,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,GAAG,gBAAgB,CAAC,SAAS,CAAC;AAIlF,kBAAe,CAAC,IAAa,EAAW,EAAE,CACxC,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;IAClD,IAAI,CAAC,SAAS,EAAE;QACd,OAAO;KACR;IAED,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,KAAK,UAAU,CAAC;IAEjD,IAAI,CAAC,UAAU,EAAE;QACf,OAAO;KACR;IAED,MAAM,mBAAmB,GAAG,KAAK,IAAI,EAAE;QACrC,KAAK,MAAM,OAAO,IAAK,IAAmC,CAAC,GAAG,CAAC,EAAE;YAC/D,MAAM,MAAM,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,IAAI,MAAM,EAAE,CAAC,CAAC;YAChF,MAAM,SAAS,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YAE5D,IAAI,CAAC,SAAS,EAAE;gBACd,IAAA,yBAAiB,EAAC,EAAE,GAAG,EAAE,CAAC,CAAC;aAC5B;SACF;IACH,CAAC,CAAC;IAEF,MAAM,qBAAqB,GAAG,KAAK,IAAI,EAAE;QACvC,MAAM,MAAM,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,IAAI,MAAM,EAAE,CAAC,CAAC;QAElF,MAAM,SAAS,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAE5D,mEAAmE;QACnE,IAAI,CAAC,SAAS,EAAE;YACd,IAAA,yBAAiB,EAAC,EAAE,GAAG,EAAE,CAAC,CAAC;SAC5B;IACH,CAAC,CAAC;IAEF,MAAM,iBAAiB,GAAG,CAAC,oBAAoB,EAAE,oBAAoB,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAErF,wBAAwB;IACxB,IAAI,gBAAgB,CAAC,4BAA4B,CAAC,SAAS,CAAC,EAAE;QAC5D,MAAM,mBAAmB,EAAE,CAAC;QAC5B,OAAO;KACR;IAED,oBAAoB;IACpB,IAAI,iBAAiB,IAAI,MAAM,CAAC,OAAO,CAAC,qBAAqB,EAAE;QAC7D,aAAa;QACb,OAAO;KACR;IAED,oBAAoB;IACpB,MAAM,qBAAqB,EAAE,CAAC;AAChC,CAAC,CAAC;AAEJ,MAAM,qBAAqB,GAAG,KAAK,EAAE,MAAgB,EAAE,IAAa,EAAE,EAAE;IACtE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE;QAC1B,IAAI;YACF,MAAM,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC1C,OAAO,IAAI,CAAC;SACb;QAAC,MAAM;YACN,SAAS;SACV;KACF;IAED,OAAO,KAAK,CAAC;AACf,CAAC,CAAC"}