@strapi/utils 5.12.1 → 5.12.2

package/dist/sanitize/visitors/expand-wildcard-populate.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"expand-wildcard-populate.mjs","sources":["../../../src/sanitize/visitors/expand-wildcard-populate.ts"],"sourcesContent":["import type { Visitor } from '../../traverse/factory';\n\nconst visitor: Visitor = ({ schema, key, value }, { set }) => {\n  if (key === '' && value === '*') {\n    const { attributes } = schema;\n\n    const newPopulateQuery = Object.entries(attributes)\n      .filter(([, attribute]) =>\n        ['relation', 'component', 'media', 'dynamiczone'].includes(attribute.type)\n      )\n      .reduce<Record<string, true>>((acc, [key]) => ({ ...acc, [key]: true }), {});\n\n    set('', newPopulateQuery);\n  }\n};\n\nexport default visitor;\n"],"names":["visitor","schema","key","value","set","attributes","newPopulateQuery","Object","entries","filter","attribute","includes","type","reduce","acc"],"mappings":"AAEA,MAAMA,OAAmB,GAAA,CAAC,EAAEC,MAAM,EAAEC,GAAG,EAAEC,KAAK,EAAE,EAAE,EAAEC,GAAG,EAAE,GAAA;IACvD,IAAIF,GAAAA,KAAQ,EAAMC,IAAAA,KAAAA,KAAU,GAAK,EAAA;QAC/B,MAAM,EAAEE,UAAU,EAAE,GAAGJ,MAAAA;QAEvB,MAAMK,gBAAAA,GAAmBC,MAAOC,CAAAA,OAAO,CAACH,UAAAA,CAAAA,CACrCI,MAAM,CAAC,CAAC,GAAGC,SAAAA,CAAU,GACpB;AAAC,gBAAA,UAAA;AAAY,gBAAA,WAAA;AAAa,gBAAA,OAAA;AAAS,gBAAA;AAAc,aAAA,CAACC,QAAQ,CAACD,SAAUE,CAAAA,IAAI,CAE1EC,CAAAA,CAAAA,MAAM,CAAuB,CAACC,GAAK,EAAA,CAACZ,GAAI,CAAA,IAAM;AAAE,gBAAA,GAAGY,GAAG;AAAE,gBAAA,CAACZ,MAAM;AAAK,aAAA,GAAI,EAAC,CAAA;AAE5EE,QAAAA,GAAAA,CAAI,EAAIE,EAAAA,gBAAAA,CAAAA;AACV;AACF;;;;"}

package/dist/sanitize/visitors/index.js

@@ -0,0 +1,22 @@
+'use strict';
+
+var removePassword = require('./remove-password.js');
+var removePrivate = require('./remove-private.js');
+var removeRestrictedRelations = require('./remove-restricted-relations.js');
+var removeMorphToRelations = require('./remove-morph-to-relations.js');
+var removeDynamicZones = require('./remove-dynamic-zones.js');
+var removeDisallowedFields = require('./remove-disallowed-fields.js');
+var removeRestrictedFields = require('./remove-restricted-fields.js');
+var expandWildcardPopulate = require('./expand-wildcard-populate.js');
+
+
+
+exports.removePassword = removePassword;
+exports.removePrivate = removePrivate;
+exports.removeRestrictedRelations = removeRestrictedRelations;
+exports.removeMorphToRelations = removeMorphToRelations;
+exports.removeDynamicZones = removeDynamicZones;
+exports.removeDisallowedFields = removeDisallowedFields;
+exports.removeRestrictedFields = removeRestrictedFields;
+exports.expandWildcardPopulate = expandWildcardPopulate;
+//# sourceMappingURL=index.js.map

package/dist/sanitize/visitors/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;"}

package/dist/sanitize/visitors/index.mjs

@@ -0,0 +1,9 @@
+export { default as removePassword } from './remove-password.mjs';
+export { default as removePrivate } from './remove-private.mjs';
+export { default as removeRestrictedRelations } from './remove-restricted-relations.mjs';
+export { default as removeMorphToRelations } from './remove-morph-to-relations.mjs';
+export { default as removeDynamicZones } from './remove-dynamic-zones.mjs';
+export { default as removeDisallowedFields } from './remove-disallowed-fields.mjs';
+export { default as removeRestrictedFields } from './remove-restricted-fields.mjs';
+export { default as expandWildcardPopulate } from './expand-wildcard-populate.mjs';
+//# sourceMappingURL=index.mjs.map

package/dist/sanitize/visitors/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;"}

package/dist/sanitize/visitors/remove-disallowed-fields.js

@@ -0,0 +1,87 @@
+'use strict';
+
+var fp = require('lodash/fp');
+
+var removeDisallowedFields = ((allowedFields = null)=>({ key, path: { attribute: path } }, { remove })=>{
+        // All fields are allowed
+        if (allowedFields === null) {
+            return;
+        }
+        // Throw on invalid formats
+        if (!(fp.isArray(allowedFields) && allowedFields.every(fp.isString))) {
+            throw new TypeError(`Expected array of strings for allowedFields but got "${typeof allowedFields}"`);
+        }
+        if (fp.isNil(path)) {
+            return;
+        }
+        const containedPaths = getContainedPaths(path);
+        /**
+     * Tells if the current path should be kept or not based
+     * on the success of the check functions for any of the allowed paths.
+     *
+     * The check functions are defined as follow:
+     *
+     * `containedPaths.includes(p)`
+     * @example
+     * ```js
+     * const path = 'foo.bar.field';
+     * const p = 'foo.bar';
+     * // it should match
+     *
+     * const path = 'foo.bar.field';
+     * const p = 'bar.foo';
+     * // it shouldn't match
+     *
+     * const path = 'foo.bar';
+     * const p = 'foo.bar.field';
+     * // it should match but isn't handled by this check
+     * ```
+     *
+     * `p.startsWith(`${path}.`)`
+     * @example
+     * ```js
+     * const path = 'foo.bar';
+     * const p = 'foo.bar.field';
+     * // it should match
+     *
+     * const path = 'foo.bar.field';
+     * const p = 'bar.foo';
+     * // it shouldn't match
+     *
+     * const path = 'foo.bar.field';
+     * const p = 'foo.bar';
+     * // it should match but isn't handled by this check
+     * ```
+     */ const isPathAllowed = allowedFields.some((p)=>containedPaths.includes(p) || p.startsWith(`${path}.`));
+        if (isPathAllowed) {
+            return;
+        }
+        // Remove otherwise
+        remove(key);
+    });
+/**
+ * Retrieve the list of allowed paths based on the given path
+ *
+ * @example
+ * ```js
+ * const containedPaths = getContainedPaths('foo');
+ * // ['foo']
+ *
+ *  * const containedPaths = getContainedPaths('foo.bar');
+ * // ['foo', 'foo.bar']
+ *
+ *  * const containedPaths = getContainedPaths('foo.bar.field');
+ * // ['foo', 'foo.bar', 'foo.bar.field']
+ * ```
+ */ const getContainedPaths = (path)=>{
+    const parts = fp.toPath(path);
+    return parts.reduce((acc, value, index, list)=>{
+        return [
+            ...acc,
+            list.slice(0, index + 1).join('.')
+        ];
+    }, []);
+};
+
+module.exports = removeDisallowedFields;
+//# sourceMappingURL=remove-disallowed-fields.js.map

package/dist/sanitize/visitors/remove-disallowed-fields.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove-disallowed-fields.js","sources":["../../../src/sanitize/visitors/remove-disallowed-fields.ts"],"sourcesContent":["import { isArray, isNil, isString, toPath } from 'lodash/fp';\nimport type { Visitor } from '../../traverse/factory';\n\nexport default (allowedFields: string[] | null = null): Visitor =>\n  ({ key, path: { attribute: path } }, { remove }) => {\n    // All fields are allowed\n    if (allowedFields === null) {\n      return;\n    }\n\n    // Throw on invalid formats\n    if (!(isArray(allowedFields) && allowedFields.every(isString))) {\n      throw new TypeError(\n        `Expected array of strings for allowedFields but got \"${typeof allowedFields}\"`\n      );\n    }\n\n    if (isNil(path)) {\n      return;\n    }\n\n    const containedPaths = getContainedPaths(path);\n\n    /**\n     * Tells if the current path should be kept or not based\n     * on the success of the check functions for any of the allowed paths.\n     *\n     * The check functions are defined as follow:\n     *\n     * `containedPaths.includes(p)`\n     * @example\n     * ```js\n     * const path = 'foo.bar.field';\n     * const p = 'foo.bar';\n     * // it should match\n     *\n     * const path = 'foo.bar.field';\n     * const p = 'bar.foo';\n     * // it shouldn't match\n     *\n     * const path = 'foo.bar';\n     * const p = 'foo.bar.field';\n     * // it should match but isn't handled by this check\n     * ```\n     *\n     * `p.startsWith(`${path}.`)`\n     * @example\n     * ```js\n     * const path = 'foo.bar';\n     * const p = 'foo.bar.field';\n     * // it should match\n     *\n     * const path = 'foo.bar.field';\n     * const p = 'bar.foo';\n     * // it shouldn't match\n     *\n     * const path = 'foo.bar.field';\n     * const p = 'foo.bar';\n     * // it should match but isn't handled by this check\n     * ```\n     */\n    const isPathAllowed = allowedFields.some(\n      (p) => containedPaths.includes(p) || p.startsWith(`${path}.`)\n    );\n\n    if (isPathAllowed) {\n      return;\n    }\n\n    // Remove otherwise\n    remove(key);\n  };\n\n/**\n * Retrieve the list of allowed paths based on the given path\n *\n * @example\n * ```js\n * const containedPaths = getContainedPaths('foo');\n * // ['foo']\n *\n *  * const containedPaths = getContainedPaths('foo.bar');\n * // ['foo', 'foo.bar']\n *\n *  * const containedPaths = getContainedPaths('foo.bar.field');\n * // ['foo', 'foo.bar', 'foo.bar.field']\n * ```\n */\nconst getContainedPaths = (path: string) => {\n  const parts = toPath(path);\n\n  return parts.reduce((acc, value, index, list) => {\n    return [...acc, list.slice(0, index + 1).join('.')];\n  }, [] as string[]);\n};\n"],"names":["allowedFields","key","path","attribute","remove","isArray","every","isString","TypeError","isNil","containedPaths","getContainedPaths","isPathAllowed","some","p","includes","startsWith","parts","toPath","reduce","acc","value","index","list","slice","join"],"mappings":";;;;AAGA,6BAAe,CAAA,CAACA,aAAAA,GAAiC,IAAI,GACnD,CAAC,EAAEC,GAAG,EAAEC,IAAM,EAAA,EAAEC,WAAWD,IAAI,EAAE,EAAE,EAAE,EAAEE,MAAM,EAAE,GAAA;;AAE7C,QAAA,IAAIJ,kBAAkB,IAAM,EAAA;AAC1B,YAAA;AACF;;QAGA,IAAI,EAAEK,UAAQL,CAAAA,aAAAA,CAAAA,IAAkBA,cAAcM,KAAK,CAACC,YAAQ,CAAI,EAAA;YAC9D,MAAM,IAAIC,UACR,CAAC,qDAAqD,EAAE,OAAOR,aAAAA,CAAc,CAAC,CAAC,CAAA;AAEnF;AAEA,QAAA,IAAIS,SAAMP,IAAO,CAAA,EAAA;AACf,YAAA;AACF;AAEA,QAAA,MAAMQ,iBAAiBC,iBAAkBT,CAAAA,IAAAA,CAAAA;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqCC,QACD,MAAMU,aAAgBZ,GAAAA,aAAAA,CAAca,IAAI,CACtC,CAACC,IAAMJ,cAAeK,CAAAA,QAAQ,CAACD,CAAAA,CAAAA,IAAMA,EAAEE,UAAU,CAAC,CAAC,EAAEd,IAAAA,CAAK,CAAC,CAAC,CAAA,CAAA;AAG9D,QAAA,IAAIU,aAAe,EAAA;AACjB,YAAA;AACF;;QAGAR,MAAOH,CAAAA,GAAAA,CAAAA;AACT,KAAA;AAEF;;;;;;;;;;;;;;IAeA,MAAMU,oBAAoB,CAACT,IAAAA,GAAAA;AACzB,IAAA,MAAMe,QAAQC,SAAOhB,CAAAA,IAAAA,CAAAA;AAErB,IAAA,OAAOe,MAAME,MAAM,CAAC,CAACC,GAAAA,EAAKC,OAAOC,KAAOC,EAAAA,IAAAA,GAAAA;QACtC,OAAO;AAAIH,YAAAA,GAAAA,GAAAA;AAAKG,YAAAA,IAAAA,CAAKC,KAAK,CAAC,CAAA,EAAGF,KAAQ,GAAA,CAAA,CAAA,CAAGG,IAAI,CAAC,GAAA;AAAK,SAAA;AACrD,KAAA,EAAG,EAAE,CAAA;AACP,CAAA;;;;"}

package/dist/sanitize/visitors/remove-disallowed-fields.mjs

@@ -0,0 +1,85 @@
+import { isArray, isString, isNil, toPath } from 'lodash/fp';
+
+var removeDisallowedFields = ((allowedFields = null)=>({ key, path: { attribute: path } }, { remove })=>{
+        // All fields are allowed
+        if (allowedFields === null) {
+            return;
+        }
+        // Throw on invalid formats
+        if (!(isArray(allowedFields) && allowedFields.every(isString))) {
+            throw new TypeError(`Expected array of strings for allowedFields but got "${typeof allowedFields}"`);
+        }
+        if (isNil(path)) {
+            return;
+        }
+        const containedPaths = getContainedPaths(path);
+        /**
+     * Tells if the current path should be kept or not based
+     * on the success of the check functions for any of the allowed paths.
+     *
+     * The check functions are defined as follow:
+     *
+     * `containedPaths.includes(p)`
+     * @example
+     * ```js
+     * const path = 'foo.bar.field';
+     * const p = 'foo.bar';
+     * // it should match
+     *
+     * const path = 'foo.bar.field';
+     * const p = 'bar.foo';
+     * // it shouldn't match
+     *
+     * const path = 'foo.bar';
+     * const p = 'foo.bar.field';
+     * // it should match but isn't handled by this check
+     * ```
+     *
+     * `p.startsWith(`${path}.`)`
+     * @example
+     * ```js
+     * const path = 'foo.bar';
+     * const p = 'foo.bar.field';
+     * // it should match
+     *
+     * const path = 'foo.bar.field';
+     * const p = 'bar.foo';
+     * // it shouldn't match
+     *
+     * const path = 'foo.bar.field';
+     * const p = 'foo.bar';
+     * // it should match but isn't handled by this check
+     * ```
+     */ const isPathAllowed = allowedFields.some((p)=>containedPaths.includes(p) || p.startsWith(`${path}.`));
+        if (isPathAllowed) {
+            return;
+        }
+        // Remove otherwise
+        remove(key);
+    });
+/**
+ * Retrieve the list of allowed paths based on the given path
+ *
+ * @example
+ * ```js
+ * const containedPaths = getContainedPaths('foo');
+ * // ['foo']
+ *
+ *  * const containedPaths = getContainedPaths('foo.bar');
+ * // ['foo', 'foo.bar']
+ *
+ *  * const containedPaths = getContainedPaths('foo.bar.field');
+ * // ['foo', 'foo.bar', 'foo.bar.field']
+ * ```
+ */ const getContainedPaths = (path)=>{
+    const parts = toPath(path);
+    return parts.reduce((acc, value, index, list)=>{
+        return [
+            ...acc,
+            list.slice(0, index + 1).join('.')
+        ];
+    }, []);
+};
+
+export { removeDisallowedFields as default };
+//# sourceMappingURL=remove-disallowed-fields.mjs.map

package/dist/sanitize/visitors/remove-disallowed-fields.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove-disallowed-fields.mjs","sources":["../../../src/sanitize/visitors/remove-disallowed-fields.ts"],"sourcesContent":["import { isArray, isNil, isString, toPath } from 'lodash/fp';\nimport type { Visitor } from '../../traverse/factory';\n\nexport default (allowedFields: string[] | null = null): Visitor =>\n  ({ key, path: { attribute: path } }, { remove }) => {\n    // All fields are allowed\n    if (allowedFields === null) {\n      return;\n    }\n\n    // Throw on invalid formats\n    if (!(isArray(allowedFields) && allowedFields.every(isString))) {\n      throw new TypeError(\n        `Expected array of strings for allowedFields but got \"${typeof allowedFields}\"`\n      );\n    }\n\n    if (isNil(path)) {\n      return;\n    }\n\n    const containedPaths = getContainedPaths(path);\n\n    /**\n     * Tells if the current path should be kept or not based\n     * on the success of the check functions for any of the allowed paths.\n     *\n     * The check functions are defined as follow:\n     *\n     * `containedPaths.includes(p)`\n     * @example\n     * ```js\n     * const path = 'foo.bar.field';\n     * const p = 'foo.bar';\n     * // it should match\n     *\n     * const path = 'foo.bar.field';\n     * const p = 'bar.foo';\n     * // it shouldn't match\n     *\n     * const path = 'foo.bar';\n     * const p = 'foo.bar.field';\n     * // it should match but isn't handled by this check\n     * ```\n     *\n     * `p.startsWith(`${path}.`)`\n     * @example\n     * ```js\n     * const path = 'foo.bar';\n     * const p = 'foo.bar.field';\n     * // it should match\n     *\n     * const path = 'foo.bar.field';\n     * const p = 'bar.foo';\n     * // it shouldn't match\n     *\n     * const path = 'foo.bar.field';\n     * const p = 'foo.bar';\n     * // it should match but isn't handled by this check\n     * ```\n     */\n    const isPathAllowed = allowedFields.some(\n      (p) => containedPaths.includes(p) || p.startsWith(`${path}.`)\n    );\n\n    if (isPathAllowed) {\n      return;\n    }\n\n    // Remove otherwise\n    remove(key);\n  };\n\n/**\n * Retrieve the list of allowed paths based on the given path\n *\n * @example\n * ```js\n * const containedPaths = getContainedPaths('foo');\n * // ['foo']\n *\n *  * const containedPaths = getContainedPaths('foo.bar');\n * // ['foo', 'foo.bar']\n *\n *  * const containedPaths = getContainedPaths('foo.bar.field');\n * // ['foo', 'foo.bar', 'foo.bar.field']\n * ```\n */\nconst getContainedPaths = (path: string) => {\n  const parts = toPath(path);\n\n  return parts.reduce((acc, value, index, list) => {\n    return [...acc, list.slice(0, index + 1).join('.')];\n  }, [] as string[]);\n};\n"],"names":["allowedFields","key","path","attribute","remove","isArray","every","isString","TypeError","isNil","containedPaths","getContainedPaths","isPathAllowed","some","p","includes","startsWith","parts","toPath","reduce","acc","value","index","list","slice","join"],"mappings":";;AAGA,6BAAe,CAAA,CAACA,aAAAA,GAAiC,IAAI,GACnD,CAAC,EAAEC,GAAG,EAAEC,IAAM,EAAA,EAAEC,WAAWD,IAAI,EAAE,EAAE,EAAE,EAAEE,MAAM,EAAE,GAAA;;AAE7C,QAAA,IAAIJ,kBAAkB,IAAM,EAAA;AAC1B,YAAA;AACF;;QAGA,IAAI,EAAEK,OAAQL,CAAAA,aAAAA,CAAAA,IAAkBA,cAAcM,KAAK,CAACC,SAAQ,CAAI,EAAA;YAC9D,MAAM,IAAIC,UACR,CAAC,qDAAqD,EAAE,OAAOR,aAAAA,CAAc,CAAC,CAAC,CAAA;AAEnF;AAEA,QAAA,IAAIS,MAAMP,IAAO,CAAA,EAAA;AACf,YAAA;AACF;AAEA,QAAA,MAAMQ,iBAAiBC,iBAAkBT,CAAAA,IAAAA,CAAAA;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqCC,QACD,MAAMU,aAAgBZ,GAAAA,aAAAA,CAAca,IAAI,CACtC,CAACC,IAAMJ,cAAeK,CAAAA,QAAQ,CAACD,CAAAA,CAAAA,IAAMA,EAAEE,UAAU,CAAC,CAAC,EAAEd,IAAAA,CAAK,CAAC,CAAC,CAAA,CAAA;AAG9D,QAAA,IAAIU,aAAe,EAAA;AACjB,YAAA;AACF;;QAGAR,MAAOH,CAAAA,GAAAA,CAAAA;AACT,KAAA;AAEF;;;;;;;;;;;;;;IAeA,MAAMU,oBAAoB,CAACT,IAAAA,GAAAA;AACzB,IAAA,MAAMe,QAAQC,MAAOhB,CAAAA,IAAAA,CAAAA;AAErB,IAAA,OAAOe,MAAME,MAAM,CAAC,CAACC,GAAAA,EAAKC,OAAOC,KAAOC,EAAAA,IAAAA,GAAAA;QACtC,OAAO;AAAIH,YAAAA,GAAAA,GAAAA;AAAKG,YAAAA,IAAAA,CAAKC,KAAK,CAAC,CAAA,EAAGF,KAAQ,GAAA,CAAA,CAAA,CAAGG,IAAI,CAAC,GAAA;AAAK,SAAA;AACrD,KAAA,EAAG,EAAE,CAAA;AACP,CAAA;;;;"}

package/dist/sanitize/visitors/remove-dynamic-zones.js

@@ -0,0 +1,12 @@
+'use strict';
+
+var contentTypes = require('../../content-types.js');
+
+const visitor = ({ key, attribute }, { remove })=>{
+    if (contentTypes.isDynamicZoneAttribute(attribute)) {
+        remove(key);
+    }
+};
+
+module.exports = visitor;
+//# sourceMappingURL=remove-dynamic-zones.js.map

package/dist/sanitize/visitors/remove-dynamic-zones.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove-dynamic-zones.js","sources":["../../../src/sanitize/visitors/remove-dynamic-zones.ts"],"sourcesContent":["import { isDynamicZoneAttribute } from '../../content-types';\nimport type { Visitor } from '../../traverse/factory';\n\nconst visitor: Visitor = ({ key, attribute }, { remove }) => {\n  if (isDynamicZoneAttribute(attribute)) {\n    remove(key);\n  }\n};\n\nexport default visitor;\n"],"names":["visitor","key","attribute","remove","isDynamicZoneAttribute"],"mappings":";;;;AAGMA,MAAAA,OAAAA,GAAmB,CAAC,EAAEC,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;AACtD,IAAA,IAAIC,oCAAuBF,SAAY,CAAA,EAAA;QACrCC,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF;;;;"}

package/dist/sanitize/visitors/remove-dynamic-zones.mjs

@@ -0,0 +1,10 @@
+import { isDynamicZoneAttribute } from '../../content-types.mjs';
+
+const visitor = ({ key, attribute }, { remove })=>{
+    if (isDynamicZoneAttribute(attribute)) {
+        remove(key);
+    }
+};
+
+export { visitor as default };
+//# sourceMappingURL=remove-dynamic-zones.mjs.map

package/dist/sanitize/visitors/remove-dynamic-zones.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove-dynamic-zones.mjs","sources":["../../../src/sanitize/visitors/remove-dynamic-zones.ts"],"sourcesContent":["import { isDynamicZoneAttribute } from '../../content-types';\nimport type { Visitor } from '../../traverse/factory';\n\nconst visitor: Visitor = ({ key, attribute }, { remove }) => {\n  if (isDynamicZoneAttribute(attribute)) {\n    remove(key);\n  }\n};\n\nexport default visitor;\n"],"names":["visitor","key","attribute","remove","isDynamicZoneAttribute"],"mappings":";;AAGMA,MAAAA,OAAAA,GAAmB,CAAC,EAAEC,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;AACtD,IAAA,IAAIC,uBAAuBF,SAAY,CAAA,EAAA;QACrCC,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF;;;;"}

package/dist/sanitize/visitors/remove-morph-to-relations.js

@@ -0,0 +1,12 @@
+'use strict';
+
+var contentTypes = require('../../content-types.js');
+
+const visitor = ({ key, attribute }, { remove })=>{
+    if (contentTypes.isMorphToRelationalAttribute(attribute)) {
+        remove(key);
+    }
+};
+
+module.exports = visitor;
+//# sourceMappingURL=remove-morph-to-relations.js.map

package/dist/sanitize/visitors/remove-morph-to-relations.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove-morph-to-relations.js","sources":["../../../src/sanitize/visitors/remove-morph-to-relations.ts"],"sourcesContent":["import { isMorphToRelationalAttribute } from '../../content-types';\nimport type { Visitor } from '../../traverse/factory';\n\nconst visitor: Visitor = ({ key, attribute }, { remove }) => {\n  if (isMorphToRelationalAttribute(attribute)) {\n    remove(key);\n  }\n};\n\nexport default visitor;\n"],"names":["visitor","key","attribute","remove","isMorphToRelationalAttribute"],"mappings":";;;;AAGMA,MAAAA,OAAAA,GAAmB,CAAC,EAAEC,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;AACtD,IAAA,IAAIC,0CAA6BF,SAAY,CAAA,EAAA;QAC3CC,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF;;;;"}

package/dist/sanitize/visitors/remove-morph-to-relations.mjs

@@ -0,0 +1,10 @@
+import { isMorphToRelationalAttribute } from '../../content-types.mjs';
+
+const visitor = ({ key, attribute }, { remove })=>{
+    if (isMorphToRelationalAttribute(attribute)) {
+        remove(key);
+    }
+};
+
+export { visitor as default };
+//# sourceMappingURL=remove-morph-to-relations.mjs.map

package/dist/sanitize/visitors/remove-morph-to-relations.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove-morph-to-relations.mjs","sources":["../../../src/sanitize/visitors/remove-morph-to-relations.ts"],"sourcesContent":["import { isMorphToRelationalAttribute } from '../../content-types';\nimport type { Visitor } from '../../traverse/factory';\n\nconst visitor: Visitor = ({ key, attribute }, { remove }) => {\n  if (isMorphToRelationalAttribute(attribute)) {\n    remove(key);\n  }\n};\n\nexport default visitor;\n"],"names":["visitor","key","attribute","remove","isMorphToRelationalAttribute"],"mappings":";;AAGMA,MAAAA,OAAAA,GAAmB,CAAC,EAAEC,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;AACtD,IAAA,IAAIC,6BAA6BF,SAAY,CAAA,EAAA;QAC3CC,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF;;;;"}

package/dist/sanitize/visitors/remove-password.js

@@ -0,0 +1,10 @@
+'use strict';
+
+const visitor = ({ key, attribute }, { remove })=>{
+    if (attribute?.type === 'password') {
+        remove(key);
+    }
+};
+
+module.exports = visitor;
+//# sourceMappingURL=remove-password.js.map

package/dist/sanitize/visitors/remove-password.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove-password.js","sources":["../../../src/sanitize/visitors/remove-password.ts"],"sourcesContent":["import type { Visitor } from '../../traverse/factory';\n\nconst visitor: Visitor = ({ key, attribute }, { remove }) => {\n  if (attribute?.type === 'password') {\n    remove(key);\n  }\n};\n\nexport default visitor;\n"],"names":["visitor","key","attribute","remove","type"],"mappings":";;AAEMA,MAAAA,OAAAA,GAAmB,CAAC,EAAEC,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;IACtD,IAAID,SAAAA,EAAWE,SAAS,UAAY,EAAA;QAClCD,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF;;;;"}

package/dist/sanitize/visitors/remove-password.mjs

@@ -0,0 +1,8 @@
+const visitor = ({ key, attribute }, { remove })=>{
+    if (attribute?.type === 'password') {
+        remove(key);
+    }
+};
+
+export { visitor as default };
+//# sourceMappingURL=remove-password.mjs.map

package/dist/sanitize/visitors/remove-password.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove-password.mjs","sources":["../../../src/sanitize/visitors/remove-password.ts"],"sourcesContent":["import type { Visitor } from '../../traverse/factory';\n\nconst visitor: Visitor = ({ key, attribute }, { remove }) => {\n  if (attribute?.type === 'password') {\n    remove(key);\n  }\n};\n\nexport default visitor;\n"],"names":["visitor","key","attribute","remove","type"],"mappings":"AAEMA,MAAAA,OAAAA,GAAmB,CAAC,EAAEC,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;IACtD,IAAID,SAAAA,EAAWE,SAAS,UAAY,EAAA;QAClCD,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF;;;;"}

package/dist/sanitize/visitors/remove-private.js

@@ -0,0 +1,16 @@
+'use strict';
+
+var contentTypes = require('../../content-types.js');
+
+const visitor = ({ schema, key, attribute }, { remove })=>{
+    if (!attribute) {
+        return;
+    }
+    const isPrivate = attribute.private === true || contentTypes.isPrivateAttribute(schema, key);
+    if (isPrivate) {
+        remove(key);
+    }
+};
+
+module.exports = visitor;
+//# sourceMappingURL=remove-private.js.map

package/dist/sanitize/visitors/remove-private.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove-private.js","sources":["../../../src/sanitize/visitors/remove-private.ts"],"sourcesContent":["import { isPrivateAttribute } from '../../content-types';\nimport type { Visitor } from '../../traverse/factory';\n\nconst visitor: Visitor = ({ schema, key, attribute }, { remove }) => {\n  if (!attribute) {\n    return;\n  }\n\n  const isPrivate = attribute.private === true || isPrivateAttribute(schema, key);\n\n  if (isPrivate) {\n    remove(key);\n  }\n};\n\nexport default visitor;\n"],"names":["visitor","schema","key","attribute","remove","isPrivate","private","isPrivateAttribute"],"mappings":";;;;AAGA,MAAMA,OAAmB,GAAA,CAAC,EAAEC,MAAM,EAAEC,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;AAC9D,IAAA,IAAI,CAACD,SAAW,EAAA;AACd,QAAA;AACF;AAEA,IAAA,MAAME,YAAYF,SAAUG,CAAAA,OAAO,KAAK,IAAA,IAAQC,gCAAmBN,MAAQC,EAAAA,GAAAA,CAAAA;AAE3E,IAAA,IAAIG,SAAW,EAAA;QACbD,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF;;;;"}

package/dist/sanitize/visitors/remove-private.mjs

@@ -0,0 +1,14 @@
+import { isPrivateAttribute } from '../../content-types.mjs';
+
+const visitor = ({ schema, key, attribute }, { remove })=>{
+    if (!attribute) {
+        return;
+    }
+    const isPrivate = attribute.private === true || isPrivateAttribute(schema, key);
+    if (isPrivate) {
+        remove(key);
+    }
+};
+
+export { visitor as default };
+//# sourceMappingURL=remove-private.mjs.map

package/dist/sanitize/visitors/remove-private.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove-private.mjs","sources":["../../../src/sanitize/visitors/remove-private.ts"],"sourcesContent":["import { isPrivateAttribute } from '../../content-types';\nimport type { Visitor } from '../../traverse/factory';\n\nconst visitor: Visitor = ({ schema, key, attribute }, { remove }) => {\n  if (!attribute) {\n    return;\n  }\n\n  const isPrivate = attribute.private === true || isPrivateAttribute(schema, key);\n\n  if (isPrivate) {\n    remove(key);\n  }\n};\n\nexport default visitor;\n"],"names":["visitor","schema","key","attribute","remove","isPrivate","private","isPrivateAttribute"],"mappings":";;AAGA,MAAMA,OAAmB,GAAA,CAAC,EAAEC,MAAM,EAAEC,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;AAC9D,IAAA,IAAI,CAACD,SAAW,EAAA;AACd,QAAA;AACF;AAEA,IAAA,MAAME,YAAYF,SAAUG,CAAAA,OAAO,KAAK,IAAA,IAAQC,mBAAmBN,MAAQC,EAAAA,GAAAA,CAAAA;AAE3E,IAAA,IAAIG,SAAW,EAAA;QACbD,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF;;;;"}

package/dist/sanitize/visitors/remove-restricted-fields.js

@@ -0,0 +1,28 @@
+'use strict';
+
+var fp = require('lodash/fp');
+
+var removeRestrictedFields = ((restrictedFields = null)=>({ key, path: { attribute: path } }, { remove })=>{
+        // Remove all fields
+        if (restrictedFields === null) {
+            remove(key);
+            return;
+        }
+        // Throw on invalid formats
+        if (!(fp.isArray(restrictedFields) && restrictedFields.every(fp.isString))) {
+            throw new TypeError(`Expected array of strings for restrictedFields but got "${typeof restrictedFields}"`);
+        }
+        // Remove if an exact match was found
+        if (restrictedFields.includes(path)) {
+            remove(key);
+            return;
+        }
+        // Remove nested matches
+        const isRestrictedNested = restrictedFields.some((allowedPath)=>path?.toString().startsWith(`${allowedPath}.`));
+        if (isRestrictedNested) {
+            remove(key);
+        }
+    });
+
+module.exports = removeRestrictedFields;
+//# sourceMappingURL=remove-restricted-fields.js.map

package/dist/sanitize/visitors/remove-restricted-fields.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove-restricted-fields.js","sources":["../../../src/sanitize/visitors/remove-restricted-fields.ts"],"sourcesContent":["import { isArray, isString } from 'lodash/fp';\nimport type { Visitor } from '../../traverse/factory';\n\nexport default (restrictedFields: string[] | null = null): Visitor =>\n  ({ key, path: { attribute: path } }, { remove }) => {\n    // Remove all fields\n    if (restrictedFields === null) {\n      remove(key);\n      return;\n    }\n\n    // Throw on invalid formats\n    if (!(isArray(restrictedFields) && restrictedFields.every(isString))) {\n      throw new TypeError(\n        `Expected array of strings for restrictedFields but got \"${typeof restrictedFields}\"`\n      );\n    }\n\n    // Remove if an exact match was found\n    if (restrictedFields.includes(path as string)) {\n      remove(key);\n      return;\n    }\n\n    // Remove nested matches\n    const isRestrictedNested = restrictedFields.some((allowedPath) =>\n      path?.toString().startsWith(`${allowedPath}.`)\n    );\n    if (isRestrictedNested) {\n      remove(key);\n    }\n  };\n"],"names":["restrictedFields","key","path","attribute","remove","isArray","every","isString","TypeError","includes","isRestrictedNested","some","allowedPath","toString","startsWith"],"mappings":";;;;AAGA,6BAAe,CAAA,CAACA,gBAAAA,GAAoC,IAAI,GACtD,CAAC,EAAEC,GAAG,EAAEC,IAAM,EAAA,EAAEC,WAAWD,IAAI,EAAE,EAAE,EAAE,EAAEE,MAAM,EAAE,GAAA;;AAE7C,QAAA,IAAIJ,qBAAqB,IAAM,EAAA;YAC7BI,MAAOH,CAAAA,GAAAA,CAAAA;AACP,YAAA;AACF;;QAGA,IAAI,EAAEI,UAAQL,CAAAA,gBAAAA,CAAAA,IAAqBA,iBAAiBM,KAAK,CAACC,YAAQ,CAAI,EAAA;YACpE,MAAM,IAAIC,UACR,CAAC,wDAAwD,EAAE,OAAOR,gBAAAA,CAAiB,CAAC,CAAC,CAAA;AAEzF;;QAGA,IAAIA,gBAAAA,CAAiBS,QAAQ,CAACP,IAAiB,CAAA,EAAA;YAC7CE,MAAOH,CAAAA,GAAAA,CAAAA;AACP,YAAA;AACF;;AAGA,QAAA,MAAMS,kBAAqBV,GAAAA,gBAAAA,CAAiBW,IAAI,CAAC,CAACC,WAAAA,GAChDV,IAAMW,EAAAA,QAAAA,EAAAA,CAAWC,UAAW,CAAA,CAAC,EAAEF,WAAAA,CAAY,CAAC,CAAC,CAAA,CAAA;AAE/C,QAAA,IAAIF,kBAAoB,EAAA;YACtBN,MAAOH,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA;;;;"}

package/dist/sanitize/visitors/remove-restricted-fields.mjs

@@ -0,0 +1,26 @@
+import { isArray, isString } from 'lodash/fp';
+
+var removeRestrictedFields = ((restrictedFields = null)=>({ key, path: { attribute: path } }, { remove })=>{
+        // Remove all fields
+        if (restrictedFields === null) {
+            remove(key);
+            return;
+        }
+        // Throw on invalid formats
+        if (!(isArray(restrictedFields) && restrictedFields.every(isString))) {
+            throw new TypeError(`Expected array of strings for restrictedFields but got "${typeof restrictedFields}"`);
+        }
+        // Remove if an exact match was found
+        if (restrictedFields.includes(path)) {
+            remove(key);
+            return;
+        }
+        // Remove nested matches
+        const isRestrictedNested = restrictedFields.some((allowedPath)=>path?.toString().startsWith(`${allowedPath}.`));
+        if (isRestrictedNested) {
+            remove(key);
+        }
+    });
+
+export { removeRestrictedFields as default };
+//# sourceMappingURL=remove-restricted-fields.mjs.map

package/dist/sanitize/visitors/remove-restricted-fields.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove-restricted-fields.mjs","sources":["../../../src/sanitize/visitors/remove-restricted-fields.ts"],"sourcesContent":["import { isArray, isString } from 'lodash/fp';\nimport type { Visitor } from '../../traverse/factory';\n\nexport default (restrictedFields: string[] | null = null): Visitor =>\n  ({ key, path: { attribute: path } }, { remove }) => {\n    // Remove all fields\n    if (restrictedFields === null) {\n      remove(key);\n      return;\n    }\n\n    // Throw on invalid formats\n    if (!(isArray(restrictedFields) && restrictedFields.every(isString))) {\n      throw new TypeError(\n        `Expected array of strings for restrictedFields but got \"${typeof restrictedFields}\"`\n      );\n    }\n\n    // Remove if an exact match was found\n    if (restrictedFields.includes(path as string)) {\n      remove(key);\n      return;\n    }\n\n    // Remove nested matches\n    const isRestrictedNested = restrictedFields.some((allowedPath) =>\n      path?.toString().startsWith(`${allowedPath}.`)\n    );\n    if (isRestrictedNested) {\n      remove(key);\n    }\n  };\n"],"names":["restrictedFields","key","path","attribute","remove","isArray","every","isString","TypeError","includes","isRestrictedNested","some","allowedPath","toString","startsWith"],"mappings":";;AAGA,6BAAe,CAAA,CAACA,gBAAAA,GAAoC,IAAI,GACtD,CAAC,EAAEC,GAAG,EAAEC,IAAM,EAAA,EAAEC,WAAWD,IAAI,EAAE,EAAE,EAAE,EAAEE,MAAM,EAAE,GAAA;;AAE7C,QAAA,IAAIJ,qBAAqB,IAAM,EAAA;YAC7BI,MAAOH,CAAAA,GAAAA,CAAAA;AACP,YAAA;AACF;;QAGA,IAAI,EAAEI,OAAQL,CAAAA,gBAAAA,CAAAA,IAAqBA,iBAAiBM,KAAK,CAACC,SAAQ,CAAI,EAAA;YACpE,MAAM,IAAIC,UACR,CAAC,wDAAwD,EAAE,OAAOR,gBAAAA,CAAiB,CAAC,CAAC,CAAA;AAEzF;;QAGA,IAAIA,gBAAAA,CAAiBS,QAAQ,CAACP,IAAiB,CAAA,EAAA;YAC7CE,MAAOH,CAAAA,GAAAA,CAAAA;AACP,YAAA;AACF;;AAGA,QAAA,MAAMS,kBAAqBV,GAAAA,gBAAAA,CAAiBW,IAAI,CAAC,CAACC,WAAAA,GAChDV,IAAMW,EAAAA,QAAAA,EAAAA,CAAWC,UAAW,CAAA,CAAC,EAAEF,WAAAA,CAAY,CAAC,CAAC,CAAA,CAAA;AAE/C,QAAA,IAAIF,kBAAoB,EAAA;YACtBN,MAAOH,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA;;;;"}

package/dist/sanitize/visitors/remove-restricted-relations.js

@@ -0,0 +1,116 @@
+'use strict';
+
+var fp = require('lodash/fp');
+var contentTypes = require('../../content-types.js');
+var relations = require('../../relations.js');
+
+const ACTIONS_TO_VERIFY = [
+    'find'
+];
+const { CREATED_BY_ATTRIBUTE, UPDATED_BY_ATTRIBUTE } = contentTypes.constants;
+var removeRestrictedRelations = ((auth)=>async ({ data, key, attribute, schema }, { remove, set })=>{
+        if (!attribute) {
+            return;
+        }
+        const isRelation = attribute.type === 'relation';
+        if (!isRelation) {
+            return;
+        }
+        const handleMorphRelation = async ()=>{
+            const elements = data[key];
+            if ('connect' in elements || 'set' in elements || 'disconnect' in elements) {
+                const newValue = {};
+                const connect = await handleMorphElements(elements.connect || []);
+                const relSet = await handleMorphElements(elements.set || []);
+                const disconnect = await handleMorphElements(elements.disconnect || []);
+                if (connect.length > 0) {
+                    newValue.connect = connect;
+                }
+                if (relSet.length > 0) {
+                    newValue.set = relSet;
+                }
+                if (disconnect.length > 0) {
+                    newValue.disconnect = disconnect;
+                }
+                // TODO: this should technically be in its own visitor to check morph options, but for now we'll handle it here
+                if ('options' in elements && typeof elements.options === 'object' && elements.options !== null) {
+                    const filteredOptions = {};
+                    // Iterate through the keys of elements.options
+                    Object.keys(elements.options).forEach((key)=>{
+                        const validator = relations.VALID_RELATION_ORDERING_KEYS[key];
+                        // Ensure the key exists in VALID_RELATION_ORDERING_KEYS and the validator is defined before calling it
+                        if (validator && validator(elements.options[key])) {
+                            filteredOptions[key] = elements.options[key];
+                        }
+                    });
+                    // Assign the filtered options back to newValue
+                    newValue.options = filteredOptions;
+                } else {
+                    newValue.options = {};
+                }
+                set(key, newValue);
+            } else {
+                const newMorphValue = await handleMorphElements(elements);
+                if (newMorphValue.length) {
+                    set(key, newMorphValue);
+                }
+            }
+        };
+        const handleMorphElements = async (elements)=>{
+            const allowedElements = [];
+            if (!fp.isArray(elements)) {
+                return allowedElements;
+            }
+            for (const element of elements){
+                if (!fp.isObject(element) || !('__type' in element)) {
+                    continue;
+                }
+                const scopes = ACTIONS_TO_VERIFY.map((action)=>`${element.__type}.${action}`);
+                const isAllowed = await hasAccessToSomeScopes(scopes, auth);
+                if (isAllowed) {
+                    allowedElements.push(element);
+                }
+            }
+            return allowedElements;
+        };
+        const handleRegularRelation = async ()=>{
+            const scopes = ACTIONS_TO_VERIFY.map((action)=>`${attribute.target}.${action}`);
+            const isAllowed = await hasAccessToSomeScopes(scopes, auth);
+            // If the authenticated user don't have access to any of the scopes, then remove the field
+            if (!isAllowed) {
+                remove(key);
+            }
+        };
+        const isCreatorRelation = [
+            CREATED_BY_ATTRIBUTE,
+            UPDATED_BY_ATTRIBUTE
+        ].includes(key);
+        // Polymorphic relations
+        if (contentTypes.isMorphToRelationalAttribute(attribute)) {
+            await handleMorphRelation();
+            return;
+        }
+        // Creator relations
+        if (isCreatorRelation && schema.options?.populateCreatorFields) {
+            // do nothing
+            return;
+        }
+        // Regular relations
+        await handleRegularRelation();
+    });
+const hasAccessToSomeScopes = async (scopes, auth)=>{
+    for (const scope of scopes){
+        try {
+            await strapi.auth.verify(auth, {
+                scope
+            });
+            return true;
+        } catch  {
+            continue;
+        }
+    }
+    return false;
+};
+
+module.exports = removeRestrictedRelations;
+//# sourceMappingURL=remove-restricted-relations.js.map

package/dist/sanitize/visitors/remove-restricted-relations.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove-restricted-relations.js","sources":["../../../src/sanitize/visitors/remove-restricted-relations.ts"],"sourcesContent":["import { isArray, isObject } from 'lodash/fp';\nimport * as contentTypeUtils from '../../content-types';\nimport type { Visitor } from '../../traverse/factory';\nimport { RelationOrderingOptions } from '../../types';\nimport { VALID_RELATION_ORDERING_KEYS } from '../../relations';\n\nconst ACTIONS_TO_VERIFY = ['find'];\nconst { CREATED_BY_ATTRIBUTE, UPDATED_BY_ATTRIBUTE } = contentTypeUtils.constants;\n\ntype MorphArray = Array<{ __type: string }>;\n\nexport default (auth: unknown): Visitor =>\n  async ({ data, key, attribute, schema }, { remove, set }) => {\n    if (!attribute) {\n      return;\n    }\n\n    const isRelation = attribute.type === 'relation';\n\n    if (!isRelation) {\n      return;\n    }\n\n    const handleMorphRelation = async () => {\n      const elements: any = (data as Record<string, MorphArray>)[key];\n\n      if ('connect' in elements || 'set' in elements || 'disconnect' in elements) {\n        const newValue: Record<string, unknown> = {};\n\n        const connect = await handleMorphElements(elements.connect || []);\n        const relSet = await handleMorphElements(elements.set || []);\n        const disconnect = await handleMorphElements(elements.disconnect || []);\n\n        if (connect.length > 0) {\n          newValue.connect = connect;\n        }\n\n        if (relSet.length > 0) {\n          newValue.set = relSet;\n        }\n\n        if (disconnect.length > 0) {\n          newValue.disconnect = disconnect;\n        }\n\n        // TODO: this should technically be in its own visitor to check morph options, but for now we'll handle it here\n        if (\n          'options' in elements &&\n          typeof elements.options === 'object' &&\n          elements.options !== null\n        ) {\n          const filteredOptions: RelationOrderingOptions = {};\n\n          // Iterate through the keys of elements.options\n          Object.keys(elements.options).forEach((key) => {\n            const validator = VALID_RELATION_ORDERING_KEYS[key as keyof RelationOrderingOptions];\n\n            // Ensure the key exists in VALID_RELATION_ORDERING_KEYS and the validator is defined before calling it\n            if (validator && validator(elements.options[key])) {\n              filteredOptions[key as keyof RelationOrderingOptions] = elements.options[key];\n            }\n          });\n\n          // Assign the filtered options back to newValue\n          newValue.options = filteredOptions;\n        } else {\n          newValue.options = {};\n        }\n\n        set(key, newValue);\n      } else {\n        const newMorphValue = await handleMorphElements(elements);\n\n        if (newMorphValue.length) {\n          set(key, newMorphValue);\n        }\n      }\n    };\n\n    const handleMorphElements = async (elements: any[]) => {\n      const allowedElements: Record<string, unknown>[] = [];\n\n      if (!isArray(elements)) {\n        return allowedElements;\n      }\n\n      for (const element of elements) {\n        if (!isObject(element) || !('__type' in element)) {\n          continue;\n        }\n\n        const scopes = ACTIONS_TO_VERIFY.map((action) => `${element.__type}.${action}`);\n        const isAllowed = await hasAccessToSomeScopes(scopes, auth);\n\n        if (isAllowed) {\n          allowedElements.push(element);\n        }\n      }\n\n      return allowedElements;\n    };\n\n    const handleRegularRelation = async () => {\n      const scopes = ACTIONS_TO_VERIFY.map((action) => `${attribute.target}.${action}`);\n\n      const isAllowed = await hasAccessToSomeScopes(scopes, auth);\n\n      // If the authenticated user don't have access to any of the scopes, then remove the field\n      if (!isAllowed) {\n        remove(key);\n      }\n    };\n\n    const isCreatorRelation = [CREATED_BY_ATTRIBUTE, UPDATED_BY_ATTRIBUTE].includes(key);\n\n    // Polymorphic relations\n    if (contentTypeUtils.isMorphToRelationalAttribute(attribute)) {\n      await handleMorphRelation();\n      return;\n    }\n\n    // Creator relations\n    if (isCreatorRelation && schema.options?.populateCreatorFields) {\n      // do nothing\n      return;\n    }\n\n    // Regular relations\n    await handleRegularRelation();\n  };\n\nconst hasAccessToSomeScopes = async (scopes: string[], auth: unknown) => {\n  for (const scope of scopes) {\n    try {\n      await strapi.auth.verify(auth, { scope });\n      return true;\n    } catch {\n      continue;\n    }\n  }\n\n  return false;\n};\n"],"names":["ACTIONS_TO_VERIFY","CREATED_BY_ATTRIBUTE","UPDATED_BY_ATTRIBUTE","contentTypeUtils","auth","data","key","attribute","schema","remove","set","isRelation","type","handleMorphRelation","elements","newValue","connect","handleMorphElements","relSet","disconnect","length","options","filteredOptions","Object","keys","forEach","validator","VALID_RELATION_ORDERING_KEYS","newMorphValue","allowedElements","isArray","element","isObject","scopes","map","action","__type","isAllowed","hasAccessToSomeScopes","push","handleRegularRelation","target","isCreatorRelation","includes","populateCreatorFields","scope","strapi","verify"],"mappings":";;;;;;AAMA,MAAMA,iBAAoB,GAAA;AAAC,IAAA;AAAO,CAAA;AAClC,MAAM,EAAEC,oBAAoB,EAAEC,oBAAoB,EAAE,GAAGC,sBAA0B;AAIjF,gCAAe,CAAA,CAACC,IAAAA,GACd,OAAO,EAAEC,IAAI,EAAEC,GAAG,EAAEC,SAAS,EAAEC,MAAM,EAAE,EAAE,EAAEC,MAAM,EAAEC,GAAG,EAAE,GAAA;AACtD,QAAA,IAAI,CAACH,SAAW,EAAA;AACd,YAAA;AACF;QAEA,MAAMI,UAAAA,GAAaJ,SAAUK,CAAAA,IAAI,KAAK,UAAA;AAEtC,QAAA,IAAI,CAACD,UAAY,EAAA;AACf,YAAA;AACF;AAEA,QAAA,MAAME,mBAAsB,GAAA,UAAA;AAC1B,YAAA,MAAMC,QAAgB,GAACT,IAAmC,CAACC,GAAI,CAAA;AAE/D,YAAA,IAAI,SAAaQ,IAAAA,QAAAA,IAAY,KAASA,IAAAA,QAAAA,IAAY,gBAAgBA,QAAU,EAAA;AAC1E,gBAAA,MAAMC,WAAoC,EAAC;AAE3C,gBAAA,MAAMC,UAAU,MAAMC,mBAAAA,CAAoBH,QAASE,CAAAA,OAAO,IAAI,EAAE,CAAA;AAChE,gBAAA,MAAME,SAAS,MAAMD,mBAAAA,CAAoBH,QAASJ,CAAAA,GAAG,IAAI,EAAE,CAAA;AAC3D,gBAAA,MAAMS,aAAa,MAAMF,mBAAAA,CAAoBH,QAASK,CAAAA,UAAU,IAAI,EAAE,CAAA;gBAEtE,IAAIH,OAAAA,CAAQI,MAAM,GAAG,CAAG,EAAA;AACtBL,oBAAAA,QAAAA,CAASC,OAAO,GAAGA,OAAAA;AACrB;gBAEA,IAAIE,MAAAA,CAAOE,MAAM,GAAG,CAAG,EAAA;AACrBL,oBAAAA,QAAAA,CAASL,GAAG,GAAGQ,MAAAA;AACjB;gBAEA,IAAIC,UAAAA,CAAWC,MAAM,GAAG,CAAG,EAAA;AACzBL,oBAAAA,QAAAA,CAASI,UAAU,GAAGA,UAAAA;AACxB;;gBAGA,IACE,SAAA,IAAaL,QACb,IAAA,OAAOA,QAASO,CAAAA,OAAO,KAAK,QAC5BP,IAAAA,QAAAA,CAASO,OAAO,KAAK,IACrB,EAAA;AACA,oBAAA,MAAMC,kBAA2C,EAAC;;AAGlDC,oBAAAA,MAAAA,CAAOC,IAAI,CAACV,QAAAA,CAASO,OAAO,CAAEI,CAAAA,OAAO,CAAC,CAACnB,GAAAA,GAAAA;wBACrC,MAAMoB,SAAAA,GAAYC,sCAA4B,CAACrB,GAAqC,CAAA;;AAGpF,wBAAA,IAAIoB,aAAaA,SAAUZ,CAAAA,QAAAA,CAASO,OAAO,CAACf,IAAI,CAAG,EAAA;AACjDgB,4BAAAA,eAAe,CAAChB,GAAqC,CAAA,GAAGQ,QAASO,CAAAA,OAAO,CAACf,GAAI,CAAA;AAC/E;AACF,qBAAA,CAAA;;AAGAS,oBAAAA,QAAAA,CAASM,OAAO,GAAGC,eAAAA;iBACd,MAAA;oBACLP,QAASM,CAAAA,OAAO,GAAG,EAAC;AACtB;AAEAX,gBAAAA,GAAAA,CAAIJ,GAAKS,EAAAA,QAAAA,CAAAA;aACJ,MAAA;gBACL,MAAMa,aAAAA,GAAgB,MAAMX,mBAAoBH,CAAAA,QAAAA,CAAAA;gBAEhD,IAAIc,aAAAA,CAAcR,MAAM,EAAE;AACxBV,oBAAAA,GAAAA,CAAIJ,GAAKsB,EAAAA,aAAAA,CAAAA;AACX;AACF;AACF,SAAA;AAEA,QAAA,MAAMX,sBAAsB,OAAOH,QAAAA,GAAAA;AACjC,YAAA,MAAMe,kBAA6C,EAAE;YAErD,IAAI,CAACC,WAAQhB,QAAW,CAAA,EAAA;gBACtB,OAAOe,eAAAA;AACT;YAEA,KAAK,MAAME,WAAWjB,QAAU,CAAA;AAC9B,gBAAA,IAAI,CAACkB,WAASD,CAAAA,OAAAA,CAAAA,IAAY,EAAE,QAAA,IAAYA,OAAM,CAAI,EAAA;AAChD,oBAAA;AACF;AAEA,gBAAA,MAAME,MAASjC,GAAAA,iBAAAA,CAAkBkC,GAAG,CAAC,CAACC,MAAW,GAAA,CAAC,EAAEJ,OAAAA,CAAQK,MAAM,CAAC,CAAC,EAAED,OAAO,CAAC,CAAA;gBAC9E,MAAME,SAAAA,GAAY,MAAMC,qBAAAA,CAAsBL,MAAQ7B,EAAAA,IAAAA,CAAAA;AAEtD,gBAAA,IAAIiC,SAAW,EAAA;AACbR,oBAAAA,eAAAA,CAAgBU,IAAI,CAACR,OAAAA,CAAAA;AACvB;AACF;YAEA,OAAOF,eAAAA;AACT,SAAA;AAEA,QAAA,MAAMW,qBAAwB,GAAA,UAAA;AAC5B,YAAA,MAAMP,MAASjC,GAAAA,iBAAAA,CAAkBkC,GAAG,CAAC,CAACC,MAAW,GAAA,CAAC,EAAE5B,SAAAA,CAAUkC,MAAM,CAAC,CAAC,EAAEN,OAAO,CAAC,CAAA;YAEhF,MAAME,SAAAA,GAAY,MAAMC,qBAAAA,CAAsBL,MAAQ7B,EAAAA,IAAAA,CAAAA;;AAGtD,YAAA,IAAI,CAACiC,SAAW,EAAA;gBACd5B,MAAOH,CAAAA,GAAAA,CAAAA;AACT;AACF,SAAA;AAEA,QAAA,MAAMoC,iBAAoB,GAAA;AAACzC,YAAAA,oBAAAA;AAAsBC,YAAAA;AAAqB,SAAA,CAACyC,QAAQ,CAACrC,GAAAA,CAAAA;;QAGhF,IAAIH,yCAA6C,CAACI,SAAY,CAAA,EAAA;YAC5D,MAAMM,mBAAAA,EAAAA;AACN,YAAA;AACF;;AAGA,QAAA,IAAI6B,iBAAqBlC,IAAAA,MAAAA,CAAOa,OAAO,EAAEuB,qBAAuB,EAAA;;AAE9D,YAAA;AACF;;QAGA,MAAMJ,qBAAAA,EAAAA;AACR,KAAA;AAEF,MAAMF,qBAAAA,GAAwB,OAAOL,MAAkB7B,EAAAA,IAAAA,GAAAA;IACrD,KAAK,MAAMyC,SAASZ,MAAQ,CAAA;QAC1B,IAAI;AACF,YAAA,MAAMa,MAAO1C,CAAAA,IAAI,CAAC2C,MAAM,CAAC3C,IAAM,EAAA;AAAEyC,gBAAAA;AAAM,aAAA,CAAA;YACvC,OAAO,IAAA;AACT,SAAA,CAAE,OAAM;AACN,YAAA;AACF;AACF;IAEA,OAAO,KAAA;AACT,CAAA;;;;"}