Merge pull request #6 from wistityhq/improvement/roles

Optimize role management

files/api/user/models/Route.settings.json

@@ -8,14 +8,26 @@
     "name": {
       "type": "string"
     },
+    "policies": {
+      "type": "array"
+    },
     "controller": {
       "type": "string"
     },
     "action": {
       "type": "string"
     },
     "isPublic": {
-      "type": "boolean"
+      "type": "boolean",
+      "defaultsTo": false
+    },
+    "registeredAuthorized": {
+      "type": "boolean",
+      "defaultsTo": false
+    },
+    "contributorsAuthorized": {
+      "type": "boolean",
+      "defaultsTo": false
     },
     "roles": {
       "collection": "role",

files/api/user/services/user.js

@@ -37,12 +37,12 @@ module.exports = {
     const authorizedRoles = _.isArray(route.roles) ? _.map(route.roles, 'name') : [];
 
     // Registered
-    if (user.id && _.contains(authorizedRoles, 'registered')) {
+    if (user.id && route.registeredAuthorized === true) {
       return isAuthorized = true;
     }
 
     // Owner policy.
-    if (ctx.request.route.controller && _.find(authorizedRoles, 'contributor')) {
+    if (ctx.request.route.controller && route.contributorsAuthorized === true) {
       entry = yield strapi.orm.collections[ctx.request.route.controller].findOne(ctx.params.id).populate('contributors');
 
       if (entry && entry.contributors && ctx.user && ctx.user.id) {
@@ -55,7 +55,7 @@ module.exports = {
 
     for (let i = 0; i < user.roles.length; i++) {
       let userRole = user.roles[i].name;
-      if (userRole && _.contains(authorizedRoles, userRole) && userRole !== 'owner') {
+      if (userRole && _.contains(authorizedRoles, userRole)) {
         isAuthorized = true;
         break;
       }

files/config/fixtures/role.js

@@ -6,8 +6,6 @@
  */
 exports.create = function () {
   return Promise.all([
-    strapi.orm.collections.role.findOrCreate({name: 'admin'}, {name: 'admin'}),
-    strapi.orm.collections.role.findOrCreate({name: 'contributor'}, {name: 'contributor'}),
-    strapi.orm.collections.role.findOrCreate({name: 'registered'}, {name: 'registered'})
+    strapi.orm.collections.role.findOrCreate({name: 'admin'}, {name: 'admin'})
   ]);
 };

files/config/fixtures/route.js

@@ -59,13 +59,15 @@ exports.create = function () {
             name: key
           }, {
             name: key,
+            policies: route.policies,
             controller: route.controller,
             action: route.action
           }));
         } else {
           newRoutes.push(key);
           promises.push(strapi.orm.collections.route.create({
             name: key,
+            policies: route.policies,
             controller: route.controller,
             action: route.action
           }));
@@ -127,22 +129,24 @@ exports.create = function () {
           // Contributor permissions.
           verb = regex.detectRoute(newRoute.name).verb;
           newRoute.isPublic = false;
+          newRoute.registeredAuthorized = false;
+          newRoute.contributorsAuthorized = false;
 
           if (_.contains(newRoute.name, '/auth')) {
             newRoute.isPublic = true;
           } else if (_.contains(newRoute.name, '/user')) {
             if (_.contains(userContributorRoutes, newRoute.name)) {
-              newRoute.roles.add(contributorRole.id);
+              newRoute.contributorsAuthorized = true;
             }
             if (_.contains(userRegisteredRoutes, newRoute.name)) {
-              newRoute.roles.add(registeredRole.id);
+              newRoute.registeredAuthorized = true;
             }
           } else {
             if (verb === 'get') {
               newRoute.isPublic = true;
-              newRoute.roles.add(registeredRole.id);
+              newRoute.registeredAuthorized = true;
             }
-            newRoute.roles.add(contributorRole.id);
+            newRoute.contributorsAuthorized = true;
           }
 
           newRoute.roles.add(adminRole.id);