'Strapi Plugin Route Default Permission
I am building a plugin for Strapi with several routes, for example:
{
"method": "GET",
"path": "/preAnalyzeImportFile",
"handler": "ImportConfig.preAnalyzeImportFile",
"config": {
"policies": ["global.isAuthenticated"]
}
}
When the plugin is installed, any authenticated user should be able to use the new routes. I can change the permissions manually so that the routes work, but that should not be a required workflow to use the plugin.
How do I set default permissions for plugin routes?
Solution 1:[1]
There is no documentation about how to do it in Strapi but.
Here is how to use permissions function to get, create, update permissions strapi.plugins['users-permissions'].models.permission. So how to deal with.
You will have to write your code in the ./config/function/bootstrap.js.
This code is executed every time your server start.
To create your permission you will have to find the role you want to update (with the type authenticated) strapi.plugins['users-permissions'].models.role.find.
When you have the id of the role you will create a permission with strapi.plugins['users-permissions'].models.permission.create
Object params to send:
- type: will be the name of your plugin
- controller: will be the name of your controller
importconfigin your case - action: the name of the function
preanalyzeimportfilein your case - enabled: true
- role: the role id you want to apply this policy
Solution 2:[2]
This is how you set permissions.
// In your bootstrap.js file
'use strict';
module.exports = async () => {
const authenticated = await strapi.query('role', 'users-permissions').findOne({ type: 'authenticated' });
authenticated.permissions.forEach(permission => {
if (permission.type === 'application'){ // Whatever permissions you want to change
let newPermission = permission;
newPermission.enabled = true; // Editing permission as needed
strapi.query('permission', 'users-permissions').update( { id: newPermission.id }, newPermission ); // Updating Strapi with the permission
}
});
return;
};
Solution 3:[3]
For Strapi version 3.0.0-beta.x & later,
Create a JavaScript file named isAuthenticated.js in ./config/policies/
Path: ./config/policies/isAuthenticated.js
module.exports = async (ctx, next) => {
if (ctx.state.user) {
// Go to next policy or will reach the controller's action.
return await next();
}
ctx.unauthorized(`You're not logged in!`);
};
Here, we are verifying that a session is open. If it is the case, we call the next() method that will execute the next policy or controller's action. Otherwise, a 401 error is returned.
{
"method": "GET",
"path": "/preAnalyzeImportFile",
"handler": "ImportConfig.preAnalyzeImportFile",
"config": {
"policies": ["global::isAuthenticated"]
}
}
Solution 4:[4]
Here's how to set plugins permissions programatically in Strapi v4:
const wantedPermission =await strapi
.query("plugin::users-permissions.permission")
.findOne({where: {action: "api::testssd.testssd.find"}});
const publicRole = await strapi
.query('plugin::users-permissions.role')
.findOne({where: {type: "public"}, populate: ['users', 'permissions']});
//add the permission to the public role in the db if not already present
if (!publicRole.permissions.some(permission => permission.action == "api::testssd.testssd.find")) {
publicRole.permissions.push(wantedPermission);
await strapi.query('plugin::users-permissions.role').update({
where: {id: publicRole.id},
data: {permissions: publicRole.permissions},
});
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Jim LAURIE |
| Solution 2 | Quinn Keaveney |
| Solution 3 | Anubhav Das |
| Solution 4 | Ana |