Strapi permissions and user roles are set using database, which will make your permission sets inconsistent.
Here make it automatic. Put these files in config/functions/
Strapi permissions and user roles are set using database, which will make your permission sets inconsistent.
Here make it automatic. Put these files in config/functions/
'use strict'; | |
const perms = require('./permissions'); | |
const roles = require('./roles'); | |
module.exports = async () => { | |
// default admin admin in development mode | |
if (process.env.NODE_ENV === 'development') { | |
const params = { | |
username: process.env.DEV_USER || 'admin', | |
password: process.env.DEV_PASS || 'admin', | |
firstname: process.env.DEV_USER || 'Admin', | |
lastname: process.env.DEV_USER || 'Admin', | |
email: process.env.DEV_EMAIL || 'admin@test.test', | |
blocked: false, | |
isActive: true, | |
}; | |
//Check if any account exists. | |
const admins = await strapi.query('user', 'admin').find(); | |
if (admins.length === 0) { | |
try { | |
let tempPass = params.password; | |
let verifyRole = await strapi.query('role', 'admin').findOne({ | |
code: 'strapi-super-admin' | |
}); | |
if (!verifyRole) { | |
verifyRole = await strapi.query('role', 'admin').create({ | |
name: 'Super Admin', | |
code: 'strapi-super-admin', | |
description: 'Super Admins can access and manage all features and settings.', | |
}); | |
} | |
params.roles = [verifyRole.id]; | |
params.password = await strapi.admin.services.auth.hashPassword(params.password); | |
await strapi.query('user', 'admin').create({ | |
...params, | |
}); | |
strapi.log.info('Admin account was successfully created.'); | |
strapi.log.info(`Email: ${params.email}`); | |
strapi.log.info(`Password: ${tempPass}`); | |
} catch (error) { | |
strapi.log.error(`Couldn't create Admin account during bootstrap: `, error); | |
} | |
} | |
} | |
// check if "authenticated" role exist, if yes, replace with our own | |
const authenticatedRole = await strapi.query('role', 'users-permissions').findOne({ | |
type: 'authenticated' | |
}, []); | |
if (authenticatedRole) { | |
const userspermissions = strapi.plugins['users-permissions'].services.userspermissions; | |
await userspermissions.deleteRole(authenticatedRole.id, 'public'); | |
await Promise.all(roles.roles.map(role => | |
userspermissions.createRole(role) | |
)); | |
// set default role | |
const pluginStore = await strapi.store({ | |
environment: '', | |
type: 'plugin', | |
name: 'users-permissions', | |
}); | |
const settings = await pluginStore.get({ | |
key: 'advanced', | |
}); | |
settings.default_role = roles.default_role; | |
pluginStore.set({ | |
key: 'advanced', | |
value: settings | |
}); | |
await userspermissions.updatePermissions(); | |
strapi.log.info('Default roles successfully created.'); | |
}; | |
// setDefaultPermissions | |
{ | |
/** @ts-ignore @type {import('knex')} */ | |
const knex = strapi.connections.default; | |
await knex.table('users-permissions_permission').update({ | |
enabled: 0 // Probably there's more "strapi" way but I couldn't find it. | |
}); | |
const roles = await Promise.all(Object.keys(perms).map((type) => strapi.query("role", "users-permissions").findOne({ | |
type | |
}))); | |
await Promise.all(roles.map(role => { | |
return Promise.all(perms[role.type].map(perm => { | |
return knex.table('users-permissions_permission').where({ | |
controller: perm.controller, | |
role: role.id, | |
}).whereIn('action', perm.actions).update({ | |
enabled: 1, | |
}); | |
})) | |
})); | |
} | |
} |
// Controller methods that you want to grant explicitly with. | |
// Just keep remember to write all controller actions in lowercase! | |
const publicRoles = [{ | |
controller: 'article', | |
actions: ['find', 'findone'] | |
}, { | |
controller: 'auth', | |
actions: ['register', 'callback'] | |
}, { | |
controller: 'global', | |
actions: ['find'] | |
}]; | |
const userRoles = [{ | |
controller: 'user', | |
actions: ['me', 'updateme'] | |
}]; | |
const customerRoles = []; | |
const publisherRoles = []; | |
const editorRoles = []; | |
const adminRoles = []; | |
module.exports = { | |
public: [...publicRoles], | |
customer: [...publicRoles, ...userRoles, ...customerRoles], | |
publisher: [...publicRoles, ...userRoles, ...publisherRoles], | |
editor: [...publicRoles, ...userRoles, ...editorRoles], | |
admin: [...publicRoles, ...userRoles, ...editorRoles, ...adminRoles], | |
} |
// This roles applies to API (via users-permissions) you can add as much as you like. | |
// Public (unauthicated) role is already defined | |
module.exports = { | |
default_role: 'reader', | |
roles: [ | |
{ | |
name: 'Customer', | |
description: 'Customer role', | |
type: 'customer', | |
}, | |
{ | |
name: 'Publisher', | |
description: 'Publisher role', | |
type: 'publisher', | |
}, | |
{ | |
name: 'Editor', | |
description: 'Editor role', | |
type: 'editor', | |
}, | |
{ | |
name: 'Admin', | |
description: 'Admin role', | |
type: 'admin', | |
} | |
], | |
} |