// Create crate export async function create(parentValue, { name, description }, { auth }) { if(auth.user && auth.user.role === params.user.roles.admin) { return await models.Crate.create({ name, description }) } else { throw new Error('Operation denied.') } }
function send_string(body, admin_only) { return function(request, reply, next) { if (admin_only) { const user = getUser(request) || {}; if (!user.admin) return next(); } if (request.baseUrl.endsWith('.js')) { reply.header('Content-Type', 'application/javascript'); } reply.send(body); }; }
async init(ctx) { const currentEnvironment = strapi.app.env; const uuid = strapi.config.get('uuid', false); const autoReload = strapi.config.get('autoReload', false); const strapiVersion = strapi.config.get('info.strapi', null); const hasAdmin = await strapi.admin.services.user.exists(); return ctx.send({ data: { uuid, currentEnvironment, autoReload, strapiVersion, hasAdmin }, }); }
/** * remove condition ids that don't exist * @returns {[string]} */ const removeUnkownConditionIds = conditionsIds => { if (!Array.isArray(conditionsIds)) { return conditionsIds; } const existingIds = strapi.admin.services.permission.conditionProvider.getAllIds(); return _.intersection(conditionsIds, existingIds); }
yup .strapiID() .required() .test('no-admin-single-delete', 'You cannot delete the super admin role', async function(id) { const superAdminRole = await strapi.admin.services.role.getSuperAdmin(); return !superAdminRole || !stringEquals(id, superAdminRole.id) ? true : this.createError({ path: 'id', message: `You cannot delete the super admin role` }); })
yup .array() .of(yup.string()) .test('is-an-array-of-conditions', 'is not a plugin name', function(value) { const ids = strapi.admin.services.permission.conditionProvider.getAll().map(c => c.id); return _.isUndefined(value) || _.difference(value, ids).length === 0 ? true : this.createError({ path: this.path, message: `contains conditions that don't exist` }); })
/** * Generate an ability based on the given user (using associated roles & permissions) * @param user * @param options * @returns {Promise<Ability>} */ async generateUserAbility(user, options) { const permissions = await strapi.admin.services.permission.findUserPermissions(user); const abilityCreator = this.generateAbilityCreatorFor(user); return abilityCreator(permissions, options); }
async getOwnPermissions(ctx) { const { findUserPermissions, sanitizePermission } = strapi.admin.services.permission; const userPermissions = await findUserPermissions(ctx.state.user); ctx.body = { data: userPermissions.map(sanitizePermission), }; }
/** * Initialize the hook */ initialize() { strapi.app.use(async (ctx, next) => { if (ctx.request.admin) return next(); return await convert(p3p(strapi.config.middleware.settings.p3p))( ctx, next ); }); }
async getMe(ctx) { const userInfo = strapi.admin.services.user.sanitizeUser(ctx.state.user); ctx.body = { data: userInfo, }; }
/** * Initialize the hook */ initialize() { strapi.app.use(async (ctx, next) => { if (ctx.request.admin) return await next(); return await convert(csp(strapi.config.middleware.settings.csp))( ctx, next ); }); }
async getOwnPermissions(ctx) { const { findUserPermissions, sanitizePermission } = strapi.admin.services.permission; const userPermissions = await findUserPermissions(ctx.state.user); ctx.body = { data: userPermissions.map(sanitizePermission), }; }