{"version":3,"file":"stage-permissions.mjs","sources":["../../../server/src/services/stage-permissions.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport { prop } from 'lodash/fp';\nimport { async, errors } from '@strapi/utils';\nimport { getAdminService } from '../utils';\nimport { STAGE_TRANSITION_UID, STAGE_MODEL_UID } from '../constants/workflows';\n\nconst { ApplicationError } = errors;\nconst validActions = [STAGE_TRANSITION_UID];\n\nexport default ({ strapi }: { strapi: Core.Strapi }) => {\n  const roleService = getAdminService('role');\n  const permissionService = getAdminService('permission');\n\n  const getUserRoles = () => {\n    const requestState = strapi.requestContext.get()?.state;\n    if (!requestState) {\n      return null;\n    }\n\n    return (requestState.user?.roles as { id: number; code: string }[] | undefined) ?? null;\n  };\n\n  return {\n    async register({\n      roleId,\n      action,\n      fromStage,\n    }: {\n      roleId: number;\n      action: string;\n      fromStage: number;\n    }) {\n      if (!validActions.includes(action)) {\n        throw new ApplicationError(`Invalid action ${action}`);\n      }\n      const permissions = await roleService.addPermissions(roleId, [\n        {\n          action,\n          actionParameters: {\n            from: fromStage,\n          },\n        },\n      ]);\n\n      // TODO: Filter response\n      return permissions;\n    },\n    async registerMany(permissions: { roleId: number; action: string; fromStage: number }[]) {\n      return async.map(permissions, this.register);\n    },\n    async registerTo({\n      roleId,\n      action,\n      toStage,\n    }: {\n      roleId: number;\n      action: string;\n      toStage: number;\n    }) {\n      if (!validActions.includes(action)) {\n        throw new ApplicationError(`Invalid action ${action}`);\n      }\n      const permissions = await roleService.addPermissions(roleId, [\n        {\n          action,\n          actionParameters: {\n            to: toStage,\n          },\n        },\n      ]);\n\n      return permissions;\n    },\n    async registerManyTo(permissions: { roleId: number; action: string; toStage: number }[]) {\n      return async.map(permissions, this.registerTo);\n    },\n    async unregister(permissions: { id: number }[]) {\n      const permissionIds = permissions.map(prop('id'));\n      await permissionService.deleteByIds(permissionIds);\n    },\n    can(action: string, fromStage: number) {\n      const requestState = strapi.requestContext.get()?.state;\n\n      if (!requestState) {\n        return false;\n      }\n\n      const userRoles = getUserRoles();\n      if (!userRoles) {\n        return false;\n      }\n\n      if (userRoles.some((role) => role.code === 'strapi-super-admin')) {\n        return true;\n      }\n\n      return requestState.userAbility.can({\n        name: action,\n        params: { from: fromStage },\n      });\n    },\n    async canTransitionToStage(toStageId: number) {\n      const userRoles = getUserRoles();\n      if (!userRoles) {\n        return false;\n      }\n\n      if (userRoles.some((role) => role.code === 'strapi-super-admin')) {\n        return true;\n      }\n\n      const targetStage = await strapi.db.query(STAGE_MODEL_UID).findOne({\n        where: { id: toStageId },\n        populate: { permissions: { populate: ['role'] } },\n      });\n\n      if (!targetStage) {\n        return false;\n      }\n\n      return this.canTransitionToStageWithPermissions(targetStage);\n    },\n    /**\n     * Check if the current user can transition to a stage using pre-loaded permissions.\n     * The stage must already have its permissions populated with roles.\n     */\n    canTransitionToStageWithPermissions(stage: {\n      permissions?: { actionParameters?: { to?: number }; role?: { id: number } | number }[];\n    }) {\n      const userRoles = getUserRoles();\n      if (!userRoles) {\n        return false;\n      }\n\n      if (userRoles.some((role) => role.code === 'strapi-super-admin')) {\n        return true;\n      }\n\n      const toPermissions = (stage.permissions || []).filter(\n        (p: { actionParameters?: { to?: number } }) => p.actionParameters?.to\n      );\n\n      const userRoleIds = new Set(userRoles.map((role) => role.id));\n\n      return toPermissions.some((p: { role?: { id: number } | number }) => {\n        const roleId = typeof p.role === 'object' ? p.role?.id : p.role;\n        return roleId !== undefined && userRoleIds.has(roleId);\n      });\n    },\n  };\n};\n"],"names":["ApplicationError","errors","validActions","STAGE_TRANSITION_UID","strapi","roleService","getAdminService","permissionService","getUserRoles","requestState","requestContext","get","state","user","roles","register","roleId","action","fromStage","includes","permissions","addPermissions","actionParameters","from","registerMany","async","map","registerTo","toStage","to","registerManyTo","unregister","permissionIds","prop","deleteByIds","can","userRoles","some","role","code","userAbility","name","params","canTransitionToStage","toStageId","targetStage","db","query","STAGE_MODEL_UID","findOne","where","id","populate","canTransitionToStageWithPermissions","stage","toPermissions","filter","p","userRoleIds","Set","undefined","has"],"mappings":";;;;;AAMA,MAAM,EAAEA,gBAAgB,EAAE,GAAGC,MAAAA;AAC7B,MAAMC,YAAAA,GAAe;AAACC,IAAAA;AAAqB,CAAA;AAE3C,uBAAe,CAAA,CAAC,EAAEC,MAAM,EAA2B,GAAA;AACjD,IAAA,MAAMC,cAAcC,eAAAA,CAAgB,MAAA,CAAA;AACpC,IAAA,MAAMC,oBAAoBD,eAAAA,CAAgB,YAAA,CAAA;AAE1C,IAAA,MAAME,YAAAA,GAAe,IAAA;AACnB,QAAA,MAAMC,YAAAA,GAAeL,MAAAA,CAAOM,cAAc,CAACC,GAAG,EAAA,EAAIC,KAAAA;AAClD,QAAA,IAAI,CAACH,YAAAA,EAAc;YACjB,OAAO,IAAA;AACT,QAAA;AAEA,QAAA,OAAO,YAACA,CAAaI,IAAI,EAAEC,KAAAA,IAAwD,IAAA;AACrF,IAAA,CAAA;IAEA,OAAO;AACL,QAAA,MAAMC,UAAS,EACbC,MAAM,EACNC,MAAM,EACNC,SAAS,EAKV,EAAA;AACC,YAAA,IAAI,CAAChB,YAAAA,CAAaiB,QAAQ,CAACF,MAAAA,CAAAA,EAAS;AAClC,gBAAA,MAAM,IAAIjB,gBAAAA,CAAiB,CAAC,eAAe,EAAEiB,MAAAA,CAAAA,CAAQ,CAAA;AACvD,YAAA;AACA,YAAA,MAAMG,WAAAA,GAAc,MAAMf,WAAAA,CAAYgB,cAAc,CAACL,MAAAA,EAAQ;AAC3D,gBAAA;AACEC,oBAAAA,MAAAA;oBACAK,gBAAAA,EAAkB;wBAChBC,IAAAA,EAAML;AACR;AACF;AACD,aAAA,CAAA;;YAGD,OAAOE,WAAAA;AACT,QAAA,CAAA;AACA,QAAA,MAAMI,cAAaJ,WAAoE,EAAA;AACrF,YAAA,OAAOK,MAAMC,GAAG,CAACN,WAAAA,EAAa,IAAI,CAACL,QAAQ,CAAA;AAC7C,QAAA,CAAA;AACA,QAAA,MAAMY,YAAW,EACfX,MAAM,EACNC,MAAM,EACNW,OAAO,EAKR,EAAA;AACC,YAAA,IAAI,CAAC1B,YAAAA,CAAaiB,QAAQ,CAACF,MAAAA,CAAAA,EAAS;AAClC,gBAAA,MAAM,IAAIjB,gBAAAA,CAAiB,CAAC,eAAe,EAAEiB,MAAAA,CAAAA,CAAQ,CAAA;AACvD,YAAA;AACA,YAAA,MAAMG,WAAAA,GAAc,MAAMf,WAAAA,CAAYgB,cAAc,CAACL,MAAAA,EAAQ;AAC3D,gBAAA;AACEC,oBAAAA,MAAAA;oBACAK,gBAAAA,EAAkB;wBAChBO,EAAAA,EAAID;AACN;AACF;AACD,aAAA,CAAA;YAED,OAAOR,WAAAA;AACT,QAAA,CAAA;AACA,QAAA,MAAMU,gBAAeV,WAAkE,EAAA;AACrF,YAAA,OAAOK,MAAMC,GAAG,CAACN,WAAAA,EAAa,IAAI,CAACO,UAAU,CAAA;AAC/C,QAAA,CAAA;AACA,QAAA,MAAMI,YAAWX,WAA6B,EAAA;AAC5C,YAAA,MAAMY,aAAAA,GAAgBZ,WAAAA,CAAYM,GAAG,CAACO,IAAAA,CAAK,IAAA,CAAA,CAAA;YAC3C,MAAM1B,iBAAAA,CAAkB2B,WAAW,CAACF,aAAAA,CAAAA;AACtC,QAAA,CAAA;QACAG,GAAAA,CAAAA,CAAIlB,MAAc,EAAEC,SAAiB,EAAA;AACnC,YAAA,MAAMT,YAAAA,GAAeL,MAAAA,CAAOM,cAAc,CAACC,GAAG,EAAA,EAAIC,KAAAA;AAElD,YAAA,IAAI,CAACH,YAAAA,EAAc;gBACjB,OAAO,KAAA;AACT,YAAA;AAEA,YAAA,MAAM2B,SAAAA,GAAY5B,YAAAA,EAAAA;AAClB,YAAA,IAAI,CAAC4B,SAAAA,EAAW;gBACd,OAAO,KAAA;AACT,YAAA;YAEA,IAAIA,SAAAA,CAAUC,IAAI,CAAC,CAACC,OAASA,IAAAA,CAAKC,IAAI,KAAK,oBAAA,CAAA,EAAuB;gBAChE,OAAO,IAAA;AACT,YAAA;AAEA,YAAA,OAAO9B,YAAAA,CAAa+B,WAAW,CAACL,GAAG,CAAC;gBAClCM,IAAAA,EAAMxB,MAAAA;gBACNyB,MAAAA,EAAQ;oBAAEnB,IAAAA,EAAML;AAAU;AAC5B,aAAA,CAAA;AACF,QAAA,CAAA;AACA,QAAA,MAAMyB,sBAAqBC,SAAiB,EAAA;AAC1C,YAAA,MAAMR,SAAAA,GAAY5B,YAAAA,EAAAA;AAClB,YAAA,IAAI,CAAC4B,SAAAA,EAAW;gBACd,OAAO,KAAA;AACT,YAAA;YAEA,IAAIA,SAAAA,CAAUC,IAAI,CAAC,CAACC,OAASA,IAAAA,CAAKC,IAAI,KAAK,oBAAA,CAAA,EAAuB;gBAChE,OAAO,IAAA;AACT,YAAA;YAEA,MAAMM,WAAAA,GAAc,MAAMzC,MAAAA,CAAO0C,EAAE,CAACC,KAAK,CAACC,eAAAA,CAAAA,CAAiBC,OAAO,CAAC;gBACjEC,KAAAA,EAAO;oBAAEC,EAAAA,EAAIP;AAAU,iBAAA;gBACvBQ,QAAAA,EAAU;oBAAEhC,WAAAA,EAAa;wBAAEgC,QAAAA,EAAU;AAAC,4BAAA;AAAO;AAAC;AAAE;AAClD,aAAA,CAAA;AAEA,YAAA,IAAI,CAACP,WAAAA,EAAa;gBAChB,OAAO,KAAA;AACT,YAAA;YAEA,OAAO,IAAI,CAACQ,mCAAmC,CAACR,WAAAA,CAAAA;AAClD,QAAA,CAAA;AACA;;;AAGC,QACDQ,qCAAoCC,KAEnC,EAAA;AACC,YAAA,MAAMlB,SAAAA,GAAY5B,YAAAA,EAAAA;AAClB,YAAA,IAAI,CAAC4B,SAAAA,EAAW;gBACd,OAAO,KAAA;AACT,YAAA;YAEA,IAAIA,SAAAA,CAAUC,IAAI,CAAC,CAACC,OAASA,IAAAA,CAAKC,IAAI,KAAK,oBAAA,CAAA,EAAuB;gBAChE,OAAO,IAAA;AACT,YAAA;AAEA,YAAA,MAAMgB,aAAAA,GAAiBD,CAAAA,KAAAA,CAAMlC,WAAW,IAAI,EAAE,EAAEoC,MAAM,CACpD,CAACC,CAAAA,GAA8CA,CAAAA,CAAEnC,gBAAgB,EAAEO,EAAAA,CAAAA;YAGrE,MAAM6B,WAAAA,GAAc,IAAIC,GAAAA,CAAIvB,SAAAA,CAAUV,GAAG,CAAC,CAACY,IAAAA,GAASA,IAAAA,CAAKa,EAAE,CAAA,CAAA;YAE3D,OAAOI,aAAAA,CAAclB,IAAI,CAAC,CAACoB,CAAAA,GAAAA;gBACzB,MAAMzC,MAAAA,GAAS,OAAOyC,CAAAA,CAAEnB,IAAI,KAAK,QAAA,GAAWmB,CAAAA,CAAEnB,IAAI,EAAEa,EAAAA,GAAKM,CAAAA,CAAEnB,IAAI;AAC/D,gBAAA,OAAOtB,MAAAA,KAAW4C,SAAAA,IAAaF,WAAAA,CAAYG,GAAG,CAAC7C,MAAAA,CAAAA;AACjD,YAAA,CAAA,CAAA;AACF,QAAA;AACF,KAAA;AACF,CAAA;;;;"}