UNPKG

payload

Version:

Node, React, Headless CMS and Application Framework built on Next.js

payloadcms.com

payloadcms/payload

176 lines (175 loc) • 6.92 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
// @ts-strict-ignore function checkAndSanitizeFieldsPermssions(data) { let allFieldPermissionsTrue = true; for(const key in data){ if (typeof data[key] === 'object') { if (!checkAndSanitizePermissions(data[key])) { allFieldPermissionsTrue = false; } else { ; data[key] = true; } } else if (data[key] !== true) { allFieldPermissionsTrue = false; } } // If all values are true or it's an empty object, return true return allFieldPermissionsTrue; } /** * Check if all permissions in a FieldPermissions, CollectionPermission or GlobalPermission object are true. * If nested fields or blocks are present, the function will recursively check those as well. */ function checkAndSanitizePermissions(data) { /** * Check blocks permissions */ let blocksPermissions = true; if ('blocks' in data && data.blocks) { for(const blockSlug in data.blocks){ if (typeof data.blocks[blockSlug] === 'object') { for(const key in data.blocks[blockSlug]){ /** * Check fields in nested blocks */ if (key === 'fields') { if (data.blocks[blockSlug].fields) { if (!checkAndSanitizeFieldsPermssions(data.blocks[blockSlug].fields)) { blocksPermissions = false; } else { ; data.blocks[blockSlug].fields = true; } } } else { if (typeof data.blocks[blockSlug][key] === 'object') { /** * Check Permissions in nested blocks */ if (isPermissionObject(data.blocks[blockSlug][key])) { if (data.blocks[blockSlug][key]['permission'] === true && !('where' in data.blocks[blockSlug][key])) { // If the permission is true and there is no where clause, set the key to true data.blocks[blockSlug][key] = true; continue; } else if (data.blocks[blockSlug][key]['permission'] === true && 'where' in data.blocks[blockSlug][key]) { // otherwise do nothing so we can keep the where clause blocksPermissions = false; } else { blocksPermissions = false; data.blocks[blockSlug][key] = false; delete data.blocks[blockSlug][key]; continue; } } else { throw new Error('Unexpected object in block permissions'); } } } } } else if (data.blocks[blockSlug] !== true) { // If any value is not true, return false blocksPermissions = false; delete data.blocks[blockSlug]; } } if (blocksPermissions) { ; data.blocks = true; } } /** * Check nested Fields permissions */ let fieldsPermissions = true; if (data.fields) { if (!checkAndSanitizeFieldsPermssions(data.fields)) { fieldsPermissions = false; } else { ; data.fields = true; } } /** * Check other Permissions objects (e.g. read, write) */ let otherPermissions = true; for(const key in data){ if (key === 'fields' || key === 'blocks') { continue; } if (typeof data[key] === 'object') { if (isPermissionObject(data[key])) { if (data[key]['permission'] === true && !('where' in data[key])) { // If the permission is true and there is no where clause, set the key to true data[key] = true; continue; } else if (data[key]['permission'] === true && 'where' in data[key]) { // otherwise do nothing so we can keep the where clause otherPermissions = false; } else { otherPermissions = false; data[key] = false; delete data[key]; continue; } } else { throw new Error('Unexpected object in fields permissions'); } } else if (data[key] !== true) { // If any value is not true, return false otherPermissions = false; } } // If all values are true or it's an empty object, return true return fieldsPermissions && blocksPermissions && otherPermissions; } /** * Check if an object is a permission object. */ function isPermissionObject(data) { return typeof data === 'object' && 'permission' in data && typeof data['permission'] === 'boolean'; } /** * Recursively remove empty objects from an object. */ function cleanEmptyObjects(obj) { Object.keys(obj).forEach((key)=>{ if (typeof obj[key] === 'object' && obj[key] !== null) { // Recursive call cleanEmptyObjects(obj[key]); if (Object.keys(obj[key]).length === 0) { // Delete the key if the object is empty delete obj[key]; } } else if (obj[key] === null || obj[key] === undefined) { delete obj[key]; } }); } export function recursivelySanitizeCollections(obj) { if (typeof obj !== 'object') { return; } const collectionPermissions = Object.values(obj); for (const collectionPermission of collectionPermissions){ checkAndSanitizePermissions(collectionPermission); } } export function recursivelySanitizeGlobals(obj) { if (typeof obj !== 'object') { return; } const globalPermissions = Object.values(obj); for (const globalPermission of globalPermissions){ checkAndSanitizePermissions(globalPermission); } } /** * Recursively remove empty objects and false values from an object. */ export function sanitizePermissions(data) { if (data.canAccessAdmin === false) { delete data.canAccessAdmin; } if (data.collections) { recursivelySanitizeCollections(data.collections); } if (data.globals) { recursivelySanitizeGlobals(data.globals); } // Run clean up of empty objects at the end cleanEmptyObjects(data); return data; } //# sourceMappingURL=sanitizePermissions.js.map