Software: Apache/2.4.41 (Ubuntu). PHP/8.0.30 

uname -a: Linux apirnd 5.4.0-204-generic #224-Ubuntu SMP Thu Dec 5 13:38:28 UTC 2024 x86_64 

uid=33(www-data) gid=33(www-data) groups=33(www-data) 

Safe-mode: OFF (not secure)

/var/www/html/wincloud_gateway/node_modules/strapi-admin/config/policies/   drwxr-xr-x
Free 13.29 GB of 57.97 GB (22.94%)
                            Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Self remove    Logout    

Viewing file:     hasPermissions.js (1.17 KB)      -rw-r--r--

'use strict';

const _ = require('lodash');
const {
  policy: { createPolicyFactory },
} = require('strapi-utils');
const { validateHasPermissionsInput } = require('../../validation/policies/hasPermissions');

const inputModifiers = [
  {
    check: _.isString,
    transform: action => ({ action }),
  },
  {
    check: _.isArray,
    transform: arr => ({ action: arr[0], subject: arr[1] }),
  },
  {
    // Has to be after the isArray check since _.isObject also matches arrays
    check: _.isObject,
    transform: perm => perm,
  },
];

module.exports = createPolicyFactory(
  input => {
    const permissions = input.map(val =>
      inputModifiers.find(modifier => modifier.check(val)).transform(val)
    );

    return (ctx, next) => {
      const { userAbility: ability, isAuthenticatedAdmin } = ctx.state;

      if (!isAuthenticatedAdmin || !ability) {
        return next();
      }

      const isAuthorized = permissions.every(({ action, subject }) => ability.can(action, subject));

      if (!isAuthorized) {
        throw strapi.errors.forbidden();
      }

      return next();
    };
  },
  {
    validator: validateHasPermissionsInput,
    name: 'admin::hasPermissions',
  }
);