willnode/0-strapi-auto-permissions.md

## 0-strapi-auto-permissions.md

      
    Raw
  

              0-strapi-auto-permissions.md
            
          
    Strapi permissions and user roles are set using database, which will make your permission sets inconsistent.
Here make it automatic. Put these files in config/functions/

  
## bootstrap.js
'use strict';
const perms = require('./permissions');
const roles = require('./roles');

module.exports = async () => {
  // default admin admin in development mode
  if (process.env.NODE_ENV === 'development') {
    const params = {
      username: process.env.DEV_USER || 'admin',
      password: process.env.DEV_PASS || 'admin',
      firstname: process.env.DEV_USER || 'Admin',
      lastname: process.env.DEV_USER || 'Admin',
      email: process.env.DEV_EMAIL || 'admin@test.test',
      blocked: false,
      isActive: true,
    };
    //Check if any account exists.
    const admins = await strapi.query('user', 'admin').find();

    if (admins.length === 0) {
      try {
        let tempPass = params.password;
        let verifyRole = await strapi.query('role', 'admin').findOne({
          code: 'strapi-super-admin'
        });
        if (!verifyRole) {
          verifyRole = await strapi.query('role', 'admin').create({
            name: 'Super Admin',
            code: 'strapi-super-admin',
            description: 'Super Admins can access and manage all features and settings.',
          });
        }
        params.roles = [verifyRole.id];
        params.password = await strapi.admin.services.auth.hashPassword(params.password);
        await strapi.query('user', 'admin').create({
          ...params,
        });
        strapi.log.info('Admin account was successfully created.');
        strapi.log.info(`Email: ${params.email}`);
        strapi.log.info(`Password: ${tempPass}`);
      } catch (error) {
        strapi.log.error(`Couldn't create Admin account during bootstrap: `, error);
      }
    }
  }

  // check if "authenticated" role exist, if yes, replace with our own
  const authenticatedRole = await strapi.query('role', 'users-permissions').findOne({
    type: 'authenticated'
  }, []);

  if (authenticatedRole) {
    const userspermissions = strapi.plugins['users-permissions'].services.userspermissions;
    await userspermissions.deleteRole(authenticatedRole.id, 'public');
    await Promise.all(roles.roles.map(role =>
      userspermissions.createRole(role)
    ));
    // set default role
    const pluginStore = await strapi.store({
      environment: '',
      type: 'plugin',
      name: 'users-permissions',
    });
    const settings = await pluginStore.get({
      key: 'advanced',
    });
    settings.default_role = roles.default_role;
    pluginStore.set({
      key: 'advanced',
      value: settings
    });
    await userspermissions.updatePermissions();
    strapi.log.info('Default roles successfully created.');
  };
  // setDefaultPermissions
  {
    /** @ts-ignore @type {import('knex')} */
    const knex = strapi.connections.default;
    await knex.table('users-permissions_permission').update({
      enabled: 0 // Probably there's more "strapi" way but I couldn't find it.
    });
    const roles = await Promise.all(Object.keys(perms).map((type) => strapi.query("role", "users-permissions").findOne({
      type
    })));
    await Promise.all(roles.map(role => {
      return Promise.all(perms[role.type].map(perm => {
        return knex.table('users-permissions_permission').where({
          controller: perm.controller,
          role: role.id,
        }).whereIn('action', perm.actions).update({
          enabled: 1,
        });
      }))
    }));
  }
}

## permissions.js
// Controller methods that you want to grant explicitly with.
// Just keep remember to write all controller actions in lowercase!

const publicRoles = [{
  controller: 'article',
  actions: ['find', 'findone']
}, {
  controller: 'auth',
  actions: ['register', 'callback']
}, {
  controller: 'global',
  actions: ['find']
}];

const userRoles = [{
  controller: 'user',
  actions: ['me', 'updateme']
}];

const customerRoles = [];
const publisherRoles = [];
const editorRoles = [];
const adminRoles = [];

module.exports = {
  public: [...publicRoles],
  customer: [...publicRoles, ...userRoles, ...customerRoles],
  publisher: [...publicRoles, ...userRoles, ...publisherRoles],
  editor: [...publicRoles, ...userRoles, ...editorRoles],
  admin: [...publicRoles, ...userRoles, ...editorRoles, ...adminRoles],
}

## roles.js
// This roles applies to API (via users-permissions) you can add as much as you like.
// Public (unauthicated) role is already defined
module.exports = {
  default_role: 'reader',
  roles: [
    {
      name: 'Customer',
      description: 'Customer role',
      type: 'customer',
    },
    {
      name: 'Publisher',
      description: 'Publisher role',
      type: 'publisher',
    },
    {
      name: 'Editor',
      description: 'Editor role',
      type: 'editor',
    },
    {
      name: 'Admin',
      description: 'Admin role',
      type: 'admin',
    }
  ],
}
	'use strict';
	const perms = require('./permissions');
	const roles = require('./roles');

	module.exports = async () => {
	// default admin admin in development mode
	if (process.env.NODE_ENV === 'development') {
	const params = {
	username: process.env.DEV_USER \|\| 'admin',
	password: process.env.DEV_PASS \|\| 'admin',
	firstname: process.env.DEV_USER \|\| 'Admin',
	lastname: process.env.DEV_USER \|\| 'Admin',
	email: process.env.DEV_EMAIL \|\| 'admin@test.test',
	blocked: false,
	isActive: true,
	};
	//Check if any account exists.
	const admins = await strapi.query('user', 'admin').find();

	if (admins.length === 0) {
	try {
	let tempPass = params.password;
	let verifyRole = await strapi.query('role', 'admin').findOne({
	code: 'strapi-super-admin'
	});
	if (!verifyRole) {
	verifyRole = await strapi.query('role', 'admin').create({
	name: 'Super Admin',
	code: 'strapi-super-admin',
	description: 'Super Admins can access and manage all features and settings.',
	});
	}
	params.roles = [verifyRole.id];
	params.password = await strapi.admin.services.auth.hashPassword(params.password);
	await strapi.query('user', 'admin').create({
	...params,
	});
	strapi.log.info('Admin account was successfully created.');
	strapi.log.info(`Email: ${params.email}`);
	strapi.log.info(`Password: ${tempPass}`);
	} catch (error) {
	strapi.log.error(`Couldn't create Admin account during bootstrap: `, error);
	}
	}
	}

	// check if "authenticated" role exist, if yes, replace with our own
	const authenticatedRole = await strapi.query('role', 'users-permissions').findOne({
	type: 'authenticated'
	}, []);

	if (authenticatedRole) {
	const userspermissions = strapi.plugins['users-permissions'].services.userspermissions;
	await userspermissions.deleteRole(authenticatedRole.id, 'public');
	await Promise.all(roles.roles.map(role =>
	userspermissions.createRole(role)
	));
	// set default role
	const pluginStore = await strapi.store({
	environment: '',
	type: 'plugin',
	name: 'users-permissions',
	});
	const settings = await pluginStore.get({
	key: 'advanced',
	});
	settings.default_role = roles.default_role;
	pluginStore.set({
	key: 'advanced',
	value: settings
	});
	await userspermissions.updatePermissions();
	strapi.log.info('Default roles successfully created.');
	};
	// setDefaultPermissions
	{
	/** @ts-ignore @type {import('knex')} */
	const knex = strapi.connections.default;
	await knex.table('users-permissions_permission').update({
	enabled: 0 // Probably there's more "strapi" way but I couldn't find it.
	});
	const roles = await Promise.all(Object.keys(perms).map((type) => strapi.query("role", "users-permissions").findOne({
	type
	})));
	await Promise.all(roles.map(role => {
	return Promise.all(perms[role.type].map(perm => {
	return knex.table('users-permissions_permission').where({
	controller: perm.controller,
	role: role.id,
	}).whereIn('action', perm.actions).update({
	enabled: 1,
	});
	}))
	}));
	}
	}
	// Controller methods that you want to grant explicitly with.
	// Just keep remember to write all controller actions in lowercase!

	const publicRoles = [{
	controller: 'article',
	actions: ['find', 'findone']
	}, {
	controller: 'auth',
	actions: ['register', 'callback']
	}, {
	controller: 'global',
	actions: ['find']
	}];

	const userRoles = [{
	controller: 'user',
	actions: ['me', 'updateme']
	}];

	const customerRoles = [];
	const publisherRoles = [];
	const editorRoles = [];
	const adminRoles = [];

	module.exports = {
	public: [...publicRoles],
	customer: [...publicRoles, ...userRoles, ...customerRoles],
	publisher: [...publicRoles, ...userRoles, ...publisherRoles],
	editor: [...publicRoles, ...userRoles, ...editorRoles],
	admin: [...publicRoles, ...userRoles, ...editorRoles, ...adminRoles],
	}
	// This roles applies to API (via users-permissions) you can add as much as you like.
	// Public (unauthicated) role is already defined
	module.exports = {
	default_role: 'reader',
	roles: [
	{
	name: 'Customer',
	description: 'Customer role',
	type: 'customer',
	},
	{
	name: 'Publisher',
	description: 'Publisher role',
	type: 'publisher',
	},
	{
	name: 'Editor',
	description: 'Editor role',
	type: 'editor',
	},
	{
	name: 'Admin',
	description: 'Admin role',
	type: 'admin',
	}
	],
	}