{"version":3,"file":"content-manager-user.mjs","sources":["../../../server/controllers/content-manager-user.js"],"sourcesContent":["'use strict';\n\nconst _ = require('lodash');\nconst { contentTypes: contentTypesUtils } = require('@strapi/utils');\nconst { ApplicationError, NotFoundError, ForbiddenError } = require('@strapi/utils').errors;\nconst { validateCreateUserBody, validateUpdateUserBody } = require('./validation/user');\n\nconst { UPDATED_BY_ATTRIBUTE, CREATED_BY_ATTRIBUTE } = contentTypesUtils.constants;\n\nconst userModel = 'plugin::users-permissions.user';\nconst ACTIONS = {\n  read: 'plugin::content-manager.explorer.read',\n  create: 'plugin::content-manager.explorer.create',\n  edit: 'plugin::content-manager.explorer.update',\n  delete: 'plugin::content-manager.explorer.delete',\n};\n\nconst findEntityAndCheckPermissions = async (ability, action, model, id) => {\n  const doc = await strapi.service('plugin::content-manager.document-manager').findOne(id, model, {\n    populate: [`${CREATED_BY_ATTRIBUTE}.roles`],\n  });\n\n  if (_.isNil(doc)) {\n    throw new NotFoundError();\n  }\n\n  const pm = strapi\n    .service('admin::permission')\n    .createPermissionsManager({ ability, action, model });\n\n  if (pm.ability.cannot(pm.action, pm.toSubject(doc))) {\n    throw new ForbiddenError();\n  }\n\n  const docWithoutCreatorRoles = _.omit(doc, `${CREATED_BY_ATTRIBUTE}.roles`);\n\n  return { pm, doc: docWithoutCreatorRoles };\n};\n\nmodule.exports = {\n  /**\n   * Create a/an user record.\n   * @return {Object}\n   */\n  async create(ctx) {\n    const { body } = ctx.request;\n    const { user: admin, userAbility } = ctx.state;\n\n    const { email, username } = body;\n\n    const pm = strapi.service('admin::permission').createPermissionsManager({\n      ability: userAbility,\n      action: ACTIONS.create,\n      model: userModel,\n    });\n\n    if (!pm.isAllowed) {\n      return ctx.forbidden();\n    }\n\n    const sanitizedBody = await pm.pickPermittedFieldsOf(body, { subject: userModel });\n\n    const advanced = await strapi\n      .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })\n      .get();\n\n    await validateCreateUserBody(ctx.request.body);\n\n    const userWithSameUsername = await strapi.db\n      .query('plugin::users-permissions.user')\n      .findOne({ where: { username } });\n\n    if (userWithSameUsername) {\n      throw new ApplicationError('Username already taken');\n    }\n\n    if (advanced.unique_email) {\n      const userWithSameEmail = await strapi.db\n        .query('plugin::users-permissions.user')\n        .findOne({ where: { email: email.toLowerCase() } });\n\n      if (userWithSameEmail) {\n        throw new ApplicationError('Email already taken');\n      }\n    }\n\n    const user = {\n      ...sanitizedBody,\n      provider: 'local',\n      [CREATED_BY_ATTRIBUTE]: admin.id,\n      [UPDATED_BY_ATTRIBUTE]: admin.id,\n    };\n\n    user.email = _.toLower(user.email);\n\n    try {\n      const data = await strapi\n        .service('plugin::content-manager.document-manager')\n        .create(userModel, { data: user });\n\n      const sanitizedData = await pm.sanitizeOutput(data, { action: ACTIONS.read });\n\n      ctx.created(sanitizedData);\n    } catch (error) {\n      throw new ApplicationError(error.message);\n    }\n  },\n  /**\n   * Update a/an user record.\n   * @return {Object}\n   */\n\n  async update(ctx) {\n    const { id: documentId } = ctx.params;\n    const { body } = ctx.request;\n    const { user: admin, userAbility } = ctx.state;\n\n    const advancedConfigs = await strapi\n      .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })\n      .get();\n\n    const { email, username, password } = body;\n\n    const { pm, doc } = await findEntityAndCheckPermissions(\n      userAbility,\n      ACTIONS.edit,\n      userModel,\n      documentId\n    );\n\n    const user = doc;\n\n    await validateUpdateUserBody(ctx.request.body);\n\n    if (_.has(body, 'password') && (password == null || password === '')) {\n      delete body.password;\n    }\n\n    if (_.has(body, 'username')) {\n      const userWithSameUsername = await strapi.db\n        .query('plugin::users-permissions.user')\n        .findOne({ where: { username } });\n\n      if (userWithSameUsername && _.toString(userWithSameUsername.id) !== _.toString(user.id)) {\n        throw new ApplicationError('Username already taken');\n      }\n    }\n\n    if (_.has(body, 'email') && advancedConfigs.unique_email) {\n      const userWithSameEmail = await strapi.db\n        .query('plugin::users-permissions.user')\n        .findOne({ where: { email: _.toLower(email) } });\n\n      if (userWithSameEmail && _.toString(userWithSameEmail.id) !== _.toString(user.id)) {\n        throw new ApplicationError('Email already taken');\n      }\n\n      body.email = _.toLower(body.email);\n    }\n\n    const sanitizedData = await pm.pickPermittedFieldsOf(body, { subject: pm.toSubject(user) });\n    const updateData = _.omit({ ...sanitizedData, updatedBy: admin.id }, 'createdBy');\n\n    const data = await strapi\n      .service('plugin::content-manager.document-manager')\n      .update(documentId, userModel, {\n        data: updateData,\n      });\n\n    ctx.body = await pm.sanitizeOutput(data, { action: ACTIONS.read });\n  },\n};\n"],"names":["_","require$$0","contentTypes","contentTypesUtils","require$$1","ApplicationError","NotFoundError","ForbiddenError","errors","validateCreateUserBody","validateUpdateUserBody","require$$2","UPDATED_BY_ATTRIBUTE","CREATED_BY_ATTRIBUTE","constants","userModel","ACTIONS","read","create","edit","delete","findEntityAndCheckPermissions","ability","action","model","id","doc","strapi","service","findOne","populate","isNil","pm","createPermissionsManager","cannot","toSubject","docWithoutCreatorRoles","omit","contentManagerUser","ctx","body","request","user","admin","userAbility","state","email","username","isAllowed","forbidden","sanitizedBody","pickPermittedFieldsOf","subject","advanced","store","type","name","key","get","userWithSameUsername","db","query","where","unique_email","userWithSameEmail","toLowerCase","provider","toLower","data","sanitizedData","sanitizeOutput","created","error","message","update","documentId","params","advancedConfigs","password","has","toString","updateData","updatedBy"],"mappings":";;;;;;;;;AAEA,IAAA,MAAMA,CAAAA,GAAIC,UAAAA;AACV,IAAA,MAAM,EAAEC,YAAAA,EAAcC,iBAAiB,EAAE,GAAGC,UAAAA;IAC5C,MAAM,EAAEC,gBAAgB,EAAEC,aAAa,EAAEC,cAAc,EAAE,GAAGH,UAAAA,CAAyBI,MAAM;AAC3F,IAAA,MAAM,EAAEC,sBAAsB,EAAEC,sBAAsB,EAAE,GAAGC,WAAAA,EAAAA;AAE3D,IAAA,MAAM,EAAEC,oBAAoB,EAAEC,oBAAoB,EAAE,GAAGV,kBAAkBW,SAAS;AAElF,IAAA,MAAMC,SAAAA,GAAY,gCAAA;AAClB,IAAA,MAAMC,OAAAA,GAAU;QACdC,IAAAA,EAAM,uCAAA;QACNC,MAAAA,EAAQ,yCAAA;QACRC,IAAAA,EAAM,yCAAA;QACNC,MAAAA,EAAQ;AACV,KAAA;AAEA,IAAA,MAAMC,6BAAAA,GAAgC,OAAOC,OAAAA,EAASC,MAAAA,EAAQC,KAAAA,EAAOC,EAAAA,GAAAA;QACnE,MAAMC,GAAAA,GAAM,MAAMC,MAAAA,CAAOC,OAAO,CAAC,0CAAA,CAAA,CAA4CC,OAAO,CAACJ,EAAAA,EAAID,KAAAA,EAAO;YAC9FM,QAAAA,EAAU;gBAAC,CAAA,EAAGjB,oBAAAA,CAAqB,MAAM;AAAE;AAC/C,SAAA,CAAA;QAEE,IAAIb,CAAAA,CAAE+B,KAAK,CAACL,GAAAA,CAAAA,EAAM;AAChB,YAAA,MAAM,IAAIpB,aAAAA,EAAAA;AACd,QAAA;AAEE,QAAA,MAAM0B,KAAKL,MAAAA,CACRC,OAAO,CAAC,mBAAA,CAAA,CACRK,wBAAwB,CAAC;AAAEX,YAAAA,OAAAA;AAASC,YAAAA,MAAAA;AAAQC,YAAAA;AAAK,SAAA,CAAA;QAEpD,IAAIQ,EAAAA,CAAGV,OAAO,CAACY,MAAM,CAACF,EAAAA,CAAGT,MAAM,EAAES,EAAAA,CAAGG,SAAS,CAACT,GAAAA,CAAAA,CAAAA,EAAO;AACnD,YAAA,MAAM,IAAInB,cAAAA,EAAAA;AACd,QAAA;QAEE,MAAM6B,sBAAAA,GAAyBpC,EAAEqC,IAAI,CAACX,KAAK,CAAA,EAAGb,oBAAAA,CAAqB,MAAM,CAAC,CAAA;QAE1E,OAAO;AAAEmB,YAAAA,EAAAA;YAAIN,GAAAA,EAAKU;AAAsB,SAAA;AAC1C,IAAA,CAAA;IAEAE,kBAAAA,GAAiB;AACjB;;;OAIE,MAAMpB,QAAOqB,GAAG,EAAA;AACd,YAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;YAC5B,MAAM,EAAEC,MAAMC,KAAK,EAAEC,WAAW,EAAE,GAAGL,IAAIM,KAAK;AAE9C,YAAA,MAAM,EAAEC,KAAK,EAAEC,QAAQ,EAAE,GAAGP,IAAAA;AAE5B,YAAA,MAAMR,KAAKL,MAAAA,CAAOC,OAAO,CAAC,mBAAA,CAAA,CAAqBK,wBAAwB,CAAC;gBACtEX,OAAAA,EAASsB,WAAAA;AACTrB,gBAAAA,MAAAA,EAAQP,QAAQE,MAAM;gBACtBM,KAAAA,EAAOT;AACb,aAAA,CAAA;YAEI,IAAI,CAACiB,EAAAA,CAAGgB,SAAS,EAAE;AACjB,gBAAA,OAAOT,IAAIU,SAAS,EAAA;AAC1B,YAAA;AAEI,YAAA,MAAMC,aAAAA,GAAgB,MAAMlB,EAAAA,CAAGmB,qBAAqB,CAACX,IAAAA,EAAM;gBAAEY,OAAAA,EAASrC;;AAEtE,YAAA,MAAMsC,QAAAA,GAAW,MAAM1B,MAAAA,CACpB2B,KAAK,CAAC;gBAAEC,IAAAA,EAAM,QAAA;gBAAUC,IAAAA,EAAM,mBAAA;gBAAqBC,GAAAA,EAAK;AAAU,aAAA,CAAA,CAClEC,GAAG,EAAA;AAEN,YAAA,MAAMjD,sBAAAA,CAAuB8B,GAAAA,CAAIE,OAAO,CAACD,IAAI,CAAA;YAE7C,MAAMmB,oBAAAA,GAAuB,MAAMhC,MAAAA,CAAOiC,EAAA,CACvCC,KAAK,CAAC,gCAAA,CAAA,CACNhC,OAAO,CAAC;gBAAEiC,KAAAA,EAAO;AAAEf,oBAAAA;AAAQ;AAAE,aAAA,CAAA;AAEhC,YAAA,IAAIY,oBAAAA,EAAsB;AACxB,gBAAA,MAAM,IAAItD,gBAAAA,CAAiB,wBAAA,CAAA;AACjC,YAAA;YAEI,IAAIgD,QAAAA,CAASU,YAAY,EAAE;gBACzB,MAAMC,iBAAAA,GAAoB,MAAMrC,MAAAA,CAAOiC,EAAA,CACpCC,KAAK,CAAC,gCAAA,CAAA,CACNhC,OAAO,CAAC;oBAAEiC,KAAAA,EAAO;AAAEhB,wBAAAA,KAAAA,EAAOA,MAAMmB,WAAW;AAAE;;AAEhD,gBAAA,IAAID,iBAAAA,EAAmB;AACrB,oBAAA,MAAM,IAAI3D,gBAAAA,CAAiB,qBAAA,CAAA;AACnC,gBAAA;AACA,YAAA;AAEI,YAAA,MAAMqC,IAAAA,GAAO;AACX,gBAAA,GAAGQ,aAAa;gBAChBgB,QAAAA,EAAU,OAAA;gBACV,CAACrD,oBAAAA,GAAuB8B,KAAAA,CAAMlB,EAAE;gBAChC,CAACb,oBAAAA,GAAuB+B,KAAAA,CAAMlB;AACpC,aAAA;AAEIiB,YAAAA,IAAAA,CAAKI,KAAK,GAAG9C,CAAAA,CAAEmE,OAAO,CAACzB,KAAKI,KAAK,CAAA;YAEjC,IAAI;gBACF,MAAMsB,IAAAA,GAAO,MAAMzC,MAAAA,CAChBC,OAAO,CAAC,0CAAA,CAAA,CACRV,MAAM,CAACH,SAAAA,EAAW;oBAAEqD,IAAAA,EAAM1B;AAAI,iBAAA,CAAA;AAEjC,gBAAA,MAAM2B,aAAAA,GAAgB,MAAMrC,EAAAA,CAAGsC,cAAc,CAACF,IAAAA,EAAM;AAAE7C,oBAAAA,MAAAA,EAAQP,QAAQC;;AAEtEsB,gBAAAA,GAAAA,CAAIgC,OAAO,CAACF,aAAAA,CAAAA;AAClB,YAAA,CAAA,CAAM,OAAOG,KAAAA,EAAO;gBACd,MAAM,IAAInE,gBAAAA,CAAiBmE,KAAAA,CAAMC,OAAO,CAAA;AAC9C,YAAA;AACA,QAAA,CAAA;AACA;;;OAKE,MAAMC,QAAOnC,GAAG,EAAA;AACd,YAAA,MAAM,EAAEd,EAAAA,EAAIkD,UAAU,EAAE,GAAGpC,IAAIqC,MAAM;AACrC,YAAA,MAAM,EAAEpC,IAAI,EAAE,GAAGD,IAAIE,OAAO;YAC5B,MAAM,EAAEC,MAAMC,KAAK,EAAEC,WAAW,EAAE,GAAGL,IAAIM,KAAK;AAE9C,YAAA,MAAMgC,eAAAA,GAAkB,MAAMlD,MAAAA,CAC3B2B,KAAK,CAAC;gBAAEC,IAAAA,EAAM,QAAA;gBAAUC,IAAAA,EAAM,mBAAA;gBAAqBC,GAAAA,EAAK;AAAU,aAAA,CAAA,CAClEC,GAAG,EAAA;AAEN,YAAA,MAAM,EAAEZ,KAAK,EAAEC,QAAQ,EAAE+B,QAAQ,EAAE,GAAGtC,IAAAA;AAEtC,YAAA,MAAM,EAAER,EAAE,EAAEN,GAAG,EAAE,GAAG,MAAML,6BAAAA,CACxBuB,WAAAA,EACA5B,OAAAA,CAAQG,IAAI,EACZJ,SAAAA,EACA4D,UAAAA,CAAAA;AAGF,YAAA,MAAMjC,IAAAA,GAAOhB,GAAAA;AAEb,YAAA,MAAMhB,sBAAAA,CAAuB6B,GAAAA,CAAIE,OAAO,CAACD,IAAI,CAAA;YAE7C,IAAIxC,CAAAA,CAAE+E,GAAG,CAACvC,IAAAA,EAAM,UAAA,CAAA,KAAgBsC,QAAAA,IAAY,IAAA,IAAQA,QAAAA,KAAa,EAAA,CAAA,EAAK;AACpE,gBAAA,OAAOtC,KAAKsC,QAAQ;AAC1B,YAAA;AAEI,YAAA,IAAI9E,CAAAA,CAAE+E,GAAG,CAACvC,IAAAA,EAAM,UAAA,CAAA,EAAa;gBAC3B,MAAMmB,oBAAAA,GAAuB,MAAMhC,MAAAA,CAAOiC,EAAA,CACvCC,KAAK,CAAC,gCAAA,CAAA,CACNhC,OAAO,CAAC;oBAAEiC,KAAAA,EAAO;AAAEf,wBAAAA;AAAQ;AAAE,iBAAA,CAAA;AAEhC,gBAAA,IAAIY,oBAAAA,IAAwB3D,CAAAA,CAAEgF,QAAQ,CAACrB,oBAAAA,CAAqBlC,EAAE,CAAA,KAAMzB,CAAAA,CAAEgF,QAAQ,CAACtC,IAAAA,CAAKjB,EAAE,CAAA,EAAG;AACvF,oBAAA,MAAM,IAAIpB,gBAAAA,CAAiB,wBAAA,CAAA;AACnC,gBAAA;AACA,YAAA;AAEI,YAAA,IAAIL,EAAE+E,GAAG,CAACvC,MAAM,OAAA,CAAA,IAAYqC,eAAAA,CAAgBd,YAAY,EAAE;gBACxD,MAAMC,iBAAAA,GAAoB,MAAMrC,MAAAA,CAAOiC,EAAA,CACpCC,KAAK,CAAC,gCAAA,CAAA,CACNhC,OAAO,CAAC;oBAAEiC,KAAAA,EAAO;wBAAEhB,KAAAA,EAAO9C,CAAAA,CAAEmE,OAAO,CAACrB,KAAAA;AAAM;;AAE7C,gBAAA,IAAIkB,iBAAAA,IAAqBhE,CAAAA,CAAEgF,QAAQ,CAAChB,iBAAAA,CAAkBvC,EAAE,CAAA,KAAMzB,CAAAA,CAAEgF,QAAQ,CAACtC,IAAAA,CAAKjB,EAAE,CAAA,EAAG;AACjF,oBAAA,MAAM,IAAIpB,gBAAAA,CAAiB,qBAAA,CAAA;AACnC,gBAAA;AAEMmC,gBAAAA,IAAAA,CAAKM,KAAK,GAAG9C,CAAAA,CAAEmE,OAAO,CAAC3B,KAAKM,KAAK,CAAA;AACvC,YAAA;AAEI,YAAA,MAAMuB,aAAAA,GAAgB,MAAMrC,EAAAA,CAAGmB,qBAAqB,CAACX,IAAAA,EAAM;gBAAEY,OAAAA,EAASpB,EAAAA,CAAGG,SAAS,CAACO,IAAAA;;YACnF,MAAMuC,UAAAA,GAAajF,CAAAA,CAAEqC,IAAI,CAAC;AAAE,gBAAA,GAAGgC,aAAa;AAAEa,gBAAAA,SAAAA,EAAWvC,MAAMlB;aAAE,EAAI,WAAA,CAAA;YAErE,MAAM2C,IAAAA,GAAO,MAAMzC,MAAAA,CAChBC,OAAO,CAAC,0CAAA,CAAA,CACR8C,MAAM,CAACC,UAAAA,EAAY5D,SAAAA,EAAW;gBAC7BqD,IAAAA,EAAMa;AACd,aAAA,CAAA;AAEI1C,YAAAA,GAAAA,CAAIC,IAAI,GAAG,MAAMR,EAAAA,CAAGsC,cAAc,CAACF,IAAAA,EAAM;AAAE7C,gBAAAA,MAAAA,EAAQP,QAAQC;;AAC/D,QAAA;AACA,KAAA;;;;;;"}