@strapi/utils/dist/sanitize/visitors/remove-restricted-relations.mjs.map

Shared utilities for the Strapi packages

{"version":3,"file":"remove-restricted-relations.mjs","sources":["../../../src/sanitize/visitors/remove-restricted-relations.ts"],"sourcesContent":["import { isArray, isObject } from 'lodash/fp';\nimport * as contentTypeUtils from '../../content-types';\nimport type { Visitor } from '../../traverse/factory';\nimport { RelationOrderingOptions } from '../../types';\nimport { VALID_RELATION_ORDERING_KEYS } from '../../relations';\n\nconst ACTIONS_TO_VERIFY = ['find'];\nconst { CREATED_BY_ATTRIBUTE, UPDATED_BY_ATTRIBUTE } = contentTypeUtils.constants;\n\ntype MorphArray = Array<{ __type: string }>;\n\nexport default (auth: unknown): Visitor =>\n  async ({ data, key, attribute, schema }, { remove, set }) => {\n    if (!attribute) {\n      return;\n    }\n\n    const isRelation = attribute.type === 'relation';\n\n    if (!isRelation) {\n      return;\n    }\n\n    const handleMorphRelation = async () => {\n      const elements: any = (data as Record<string, MorphArray>)[key];\n\n      if (!elements) {\n        return;\n      }\n\n      if ('connect' in elements || 'set' in elements || 'disconnect' in elements) {\n        const newValue: Record<string, unknown> = {};\n\n        const connect = await handleMorphElements(elements.connect || []);\n        const relSet = await handleMorphElements(elements.set || []);\n        const disconnect = await handleMorphElements(elements.disconnect || []);\n\n        if (connect.length > 0) {\n          newValue.connect = connect;\n        }\n\n        if (relSet.length > 0) {\n          newValue.set = relSet;\n        }\n\n        if (disconnect.length > 0) {\n          newValue.disconnect = disconnect;\n        }\n\n        // TODO: this should technically be in its own visitor to check morph options, but for now we'll handle it here\n        if (\n          'options' in elements &&\n          typeof elements.options === 'object' &&\n          elements.options !== null\n        ) {\n          const filteredOptions: RelationOrderingOptions = {};\n\n          // Iterate through the keys of elements.options\n          Object.keys(elements.options).forEach((key) => {\n            const validator = VALID_RELATION_ORDERING_KEYS[key as keyof RelationOrderingOptions];\n\n            // Ensure the key exists in VALID_RELATION_ORDERING_KEYS and the validator is defined before calling it\n            if (validator && validator(elements.options[key])) {\n              filteredOptions[key as keyof RelationOrderingOptions] = elements.options[key];\n            }\n          });\n\n          // Assign the filtered options back to newValue\n          newValue.options = filteredOptions;\n        } else {\n          newValue.options = {};\n        }\n\n        set(key, newValue);\n      } else {\n        const newMorphValue = await handleMorphElements(elements);\n\n        if (newMorphValue.length) {\n          set(key, newMorphValue);\n        }\n      }\n    };\n\n    const handleMorphElements = async (elements: any[]) => {\n      const allowedElements: Record<string, unknown>[] = [];\n\n      if (!isArray(elements)) {\n        return allowedElements;\n      }\n\n      for (const element of elements) {\n        if (!isObject(element) || !('__type' in element)) {\n          continue;\n        }\n\n        const scopes = ACTIONS_TO_VERIFY.map((action) => `${element.__type}.${action}`);\n        const isAllowed = await hasAccessToSomeScopes(scopes, auth);\n\n        if (isAllowed) {\n          allowedElements.push(element);\n        }\n      }\n\n      return allowedElements;\n    };\n\n    const handleRegularRelation = async () => {\n      const scopes = ACTIONS_TO_VERIFY.map((action) => `${attribute.target}.${action}`);\n\n      const isAllowed = await hasAccessToSomeScopes(scopes, auth);\n\n      // If the authenticated user don't have access to any of the scopes, then remove the field\n      if (!isAllowed) {\n        remove(key);\n      }\n    };\n\n    const isCreatorRelation = [CREATED_BY_ATTRIBUTE, UPDATED_BY_ATTRIBUTE].includes(key);\n\n    // Polymorphic relations\n    if (contentTypeUtils.isMorphToRelationalAttribute(attribute)) {\n      await handleMorphRelation();\n      return;\n    }\n\n    // Creator relations\n    if (isCreatorRelation && schema.options?.populateCreatorFields) {\n      // do nothing\n      return;\n    }\n\n    // Regular relations\n    await handleRegularRelation();\n  };\n\nconst hasAccessToSomeScopes = async (scopes: string[], auth: unknown) => {\n  for (const scope of scopes) {\n    try {\n      await strapi.auth.verify(auth, { scope });\n      return true;\n    } catch {\n      continue;\n    }\n  }\n\n  return false;\n};\n"],"names":["ACTIONS_TO_VERIFY","CREATED_BY_ATTRIBUTE","UPDATED_BY_ATTRIBUTE","contentTypeUtils","auth","data","key","attribute","schema","remove","set","isRelation","type","handleMorphRelation","elements","newValue","connect","handleMorphElements","relSet","disconnect","length","options","filteredOptions","Object","keys","forEach","validator","VALID_RELATION_ORDERING_KEYS","newMorphValue","allowedElements","isArray","element","isObject","scopes","map","action","__type","isAllowed","hasAccessToSomeScopes","push","handleRegularRelation","target","isCreatorRelation","includes","populateCreatorFields","scope","strapi","verify"],"mappings":";;;;AAMA,MAAMA,iBAAoB,GAAA;AAAC,IAAA;AAAO,CAAA;AAClC,MAAM,EAAEC,oBAAoB,EAAEC,oBAAoB,EAAE,GAAGC,SAA0B;AAIjF,gCAAe,CAAA,CAACC,IAAAA,GACd,OAAO,EAAEC,IAAI,EAAEC,GAAG,EAAEC,SAAS,EAAEC,MAAM,EAAE,EAAE,EAAEC,MAAM,EAAEC,GAAG,EAAE,GAAA;AACtD,QAAA,IAAI,CAACH,SAAW,EAAA;AACd,YAAA;AACF;QAEA,MAAMI,UAAAA,GAAaJ,SAAUK,CAAAA,IAAI,KAAK,UAAA;AAEtC,QAAA,IAAI,CAACD,UAAY,EAAA;AACf,YAAA;AACF;AAEA,QAAA,MAAME,mBAAsB,GAAA,UAAA;AAC1B,YAAA,MAAMC,QAAgB,GAACT,IAAmC,CAACC,GAAI,CAAA;AAE/D,YAAA,IAAI,CAACQ,QAAU,EAAA;AACb,gBAAA;AACF;AAEA,YAAA,IAAI,SAAaA,IAAAA,QAAAA,IAAY,KAASA,IAAAA,QAAAA,IAAY,gBAAgBA,QAAU,EAAA;AAC1E,gBAAA,MAAMC,WAAoC,EAAC;AAE3C,gBAAA,MAAMC,UAAU,MAAMC,mBAAAA,CAAoBH,QAASE,CAAAA,OAAO,IAAI,EAAE,CAAA;AAChE,gBAAA,MAAME,SAAS,MAAMD,mBAAAA,CAAoBH,QAASJ,CAAAA,GAAG,IAAI,EAAE,CAAA;AAC3D,gBAAA,MAAMS,aAAa,MAAMF,mBAAAA,CAAoBH,QAASK,CAAAA,UAAU,IAAI,EAAE,CAAA;gBAEtE,IAAIH,OAAAA,CAAQI,MAAM,GAAG,CAAG,EAAA;AACtBL,oBAAAA,QAAAA,CAASC,OAAO,GAAGA,OAAAA;AACrB;gBAEA,IAAIE,MAAAA,CAAOE,MAAM,GAAG,CAAG,EAAA;AACrBL,oBAAAA,QAAAA,CAASL,GAAG,GAAGQ,MAAAA;AACjB;gBAEA,IAAIC,UAAAA,CAAWC,MAAM,GAAG,CAAG,EAAA;AACzBL,oBAAAA,QAAAA,CAASI,UAAU,GAAGA,UAAAA;AACxB;;gBAGA,IACE,SAAA,IAAaL,QACb,IAAA,OAAOA,QAASO,CAAAA,OAAO,KAAK,QAC5BP,IAAAA,QAAAA,CAASO,OAAO,KAAK,IACrB,EAAA;AACA,oBAAA,MAAMC,kBAA2C,EAAC;;AAGlDC,oBAAAA,MAAAA,CAAOC,IAAI,CAACV,QAAAA,CAASO,OAAO,CAAEI,CAAAA,OAAO,CAAC,CAACnB,GAAAA,GAAAA;wBACrC,MAAMoB,SAAAA,GAAYC,4BAA4B,CAACrB,GAAqC,CAAA;;AAGpF,wBAAA,IAAIoB,aAAaA,SAAUZ,CAAAA,QAAAA,CAASO,OAAO,CAACf,IAAI,CAAG,EAAA;AACjDgB,4BAAAA,eAAe,CAAChB,GAAqC,CAAA,GAAGQ,QAASO,CAAAA,OAAO,CAACf,GAAI,CAAA;AAC/E;AACF,qBAAA,CAAA;;AAGAS,oBAAAA,QAAAA,CAASM,OAAO,GAAGC,eAAAA;iBACd,MAAA;oBACLP,QAASM,CAAAA,OAAO,GAAG,EAAC;AACtB;AAEAX,gBAAAA,GAAAA,CAAIJ,GAAKS,EAAAA,QAAAA,CAAAA;aACJ,MAAA;gBACL,MAAMa,aAAAA,GAAgB,MAAMX,mBAAoBH,CAAAA,QAAAA,CAAAA;gBAEhD,IAAIc,aAAAA,CAAcR,MAAM,EAAE;AACxBV,oBAAAA,GAAAA,CAAIJ,GAAKsB,EAAAA,aAAAA,CAAAA;AACX;AACF;AACF,SAAA;AAEA,QAAA,MAAMX,sBAAsB,OAAOH,QAAAA,GAAAA;AACjC,YAAA,MAAMe,kBAA6C,EAAE;YAErD,IAAI,CAACC,QAAQhB,QAAW,CAAA,EAAA;gBACtB,OAAOe,eAAAA;AACT;YAEA,KAAK,MAAME,WAAWjB,QAAU,CAAA;AAC9B,gBAAA,IAAI,CAACkB,QAASD,CAAAA,OAAAA,CAAAA,IAAY,EAAE,QAAA,IAAYA,OAAM,CAAI,EAAA;AAChD,oBAAA;AACF;AAEA,gBAAA,MAAME,MAASjC,GAAAA,iBAAAA,CAAkBkC,GAAG,CAAC,CAACC,MAAAA,GAAW,CAAGJ,EAAAA,OAAAA,CAAQK,MAAM,CAAC,CAAC,EAAED,MAAQ,CAAA,CAAA,CAAA;gBAC9E,MAAME,SAAAA,GAAY,MAAMC,qBAAAA,CAAsBL,MAAQ7B,EAAAA,IAAAA,CAAAA;AAEtD,gBAAA,IAAIiC,SAAW,EAAA;AACbR,oBAAAA,eAAAA,CAAgBU,IAAI,CAACR,OAAAA,CAAAA;AACvB;AACF;YAEA,OAAOF,eAAAA;AACT,SAAA;AAEA,QAAA,MAAMW,qBAAwB,GAAA,UAAA;AAC5B,YAAA,MAAMP,MAASjC,GAAAA,iBAAAA,CAAkBkC,GAAG,CAAC,CAACC,MAAAA,GAAW,CAAG5B,EAAAA,SAAAA,CAAUkC,MAAM,CAAC,CAAC,EAAEN,MAAQ,CAAA,CAAA,CAAA;YAEhF,MAAME,SAAAA,GAAY,MAAMC,qBAAAA,CAAsBL,MAAQ7B,EAAAA,IAAAA,CAAAA;;AAGtD,YAAA,IAAI,CAACiC,SAAW,EAAA;gBACd5B,MAAOH,CAAAA,GAAAA,CAAAA;AACT;AACF,SAAA;AAEA,QAAA,MAAMoC,iBAAoB,GAAA;AAACzC,YAAAA,oBAAAA;AAAsBC,YAAAA;AAAqB,SAAA,CAACyC,QAAQ,CAACrC,GAAAA,CAAAA;;QAGhF,IAAIH,4BAA6C,CAACI,SAAY,CAAA,EAAA;YAC5D,MAAMM,mBAAAA,EAAAA;AACN,YAAA;AACF;;AAGA,QAAA,IAAI6B,iBAAqBlC,IAAAA,MAAAA,CAAOa,OAAO,EAAEuB,qBAAuB,EAAA;;AAE9D,YAAA;AACF;;QAGA,MAAMJ,qBAAAA,EAAAA;AACR,KAAA;AAEF,MAAMF,qBAAAA,GAAwB,OAAOL,MAAkB7B,EAAAA,IAAAA,GAAAA;IACrD,KAAK,MAAMyC,SAASZ,MAAQ,CAAA;QAC1B,IAAI;AACF,YAAA,MAAMa,MAAO1C,CAAAA,IAAI,CAAC2C,MAAM,CAAC3C,IAAM,EAAA;AAAEyC,gBAAAA;AAAM,aAAA,CAAA;YACvC,OAAO,IAAA;AACT,SAAA,CAAE,OAAM;AACN,YAAA;AACF;AACF;IAEA,OAAO,KAAA;AACT,CAAA;;;;"}