Bootstraping new Strapi Role Permissions

Question

The question is about role permissions in Strapi - Open source Node.js Headless CMS

How to create new strapi role permissions relative to Authenticated or Public role? I want to create new role with these same all permissions in the bootstrap function. I'm not sure how should look payload to create new role.

const payload = ?
strapi.plugins['users-permissions']
    .queries('role', 'users-permissions')
    .create(payload)

I checked relative stackoverflow question but isn't about creating new strapi role permission Bootstraping Strapi Role Permissions!

main problem

How look the best way to resolve above problem?

side questions

Is documented schema for plugins or services if yes where could find it?
Which api is better use services or orm from queries instance?

Hello! Do you want to create the new role on the first bootstrap? Are it's after? About this topic, there is no documentation. — Jim LAURIE, Jul 22 '19 at 14:45
Hello Jim! Yes, I want to create the new role on the first bootstrap and extend this role by all permissions which are available. I'm going to configure permissions for new role by custom requirements per new role - it's next step — Daniel Karski, Jul 23 '19 at 06:40

score 9 · Accepted Answer · answered Jul 24 '19 at 13:23

9

OKay so since the data structure can change I will give you the way to access to useful data that will help you to deal with what you want.

In this this file you will find service function that create roles and the function that inits permissions.

You can write your code in your bootstrap.js file.

You will have to call the functions that let you generate permission object

const lang = 'en';
const plugins = await strapi.plugins[
  'users-permissions'
].services.userspermissions.getPlugins(lang);

const permissions = await strapi.plugins[
  'users-permissions'
].services.userspermissions.getActions(plugins);

Customize this object (the permissions object) to allow controller functions you want.
And finaly create your role

const role = {
  name: 'NewRole',
  description: 'can be an empty string',
  permissions, // That is the step 1/2 object
  users: []
};

await strapi.plugins[
  'users-permissions'
].services.userspermissions.createRole(role);

answered Jul 24 '19 at 13:23

Jim LAURIE

3,859
1
11
14

Thanks a lot. It's work very well. Payload is very complex - are you that this is necessary? – Daniel Karski Jul 26 '19 at 13:33
I see that you use services. Which api is better use services or orm from queries instance? :) – Daniel Karski Jul 26 '19 at 13:33
I suggest you use services. Cause you can add custom logic in one point that will be applied to all place that uses these services. So it's easier to spread a modification all around your code. – Jim LAURIE Jul 26 '19 at 15:16
Thanks so much for this. Sadly things like these are not documented at all. – Frébo May 28 '20 at 10:01

score 1 · Answer 2 · answered Aug 19 '20 at 15:44

I took @Jim LAURIE 's answer and made it relevant to updating permissions on existing roles. The pointer to look at node_modules/strapi-plugin-users-permissions/services/UsersPermissions.js was very useful :)

I have a page and post type, and this code lets the default authenticated and public users do all view actions on them.

(PS I'm using TypeScript annotations, but this is plain JS).

// bootstrap.js
'use strict';

const _ = require("lodash");

/**
 * Bootstrap function, run every startup.
 * See https://strapi.io/documentation/v3.x/concepts/configurations.html#bootstrap
 */
module.exports = async () => {

  // https://stackoverflow.com/a/57184017/268555
  // Ref to https://github.com/strapi/strapi/blob/master/packages/strapi-plugin-users-permissions/services/UsersPermissions.js
  const service = await strapi.plugins["users-permissions"].services.userspermissions;
  const plugins = await service.getPlugins("en");

  /** @type Role[] */
  const roles = await service.getRoles();

  /**
   * @param {Role["type"]} type
   */
  const getRole = async (type) => {
    const {id} = _.find(roles, x => x.type === type);
    return service.getRole(id, plugins);
  }

  /**
   * @param {Role} role
   * @param {PluginPermissionKey} type
   * @param {string} controller
   * @param {string} action
   * @param {boolean} enabled
   */
  const setPermission = (role, type, controller, action, enabled) => {
    try {
      role.permissions[type].controllers[controller][action].enabled = enabled;
    }
    catch (e) {
      console.error(`Couldn't set permission ${role.name} ${type}:${controller}:${action}:${enabled}`);
    }
  }

  const authRole = await getRole("authenticated");
  setPermission(authRole, "application", "page", "count", true);
  setPermission(authRole, "application", "page", "find", true);
  setPermission(authRole, "application", "page", "findone", true);
  setPermission(authRole, "application", "post", "count", true);
  setPermission(authRole, "application", "post", "find", true);
  setPermission(authRole, "application", "post", "findone", true);
  await service.updateRole(authRole.id, authRole);

  const publicRole = await getRole("public");
  setPermission(publicRole, "application", "page", "count", true);
  setPermission(publicRole, "application", "page", "find", true);
  setPermission(publicRole, "application", "page", "findone", true);
  setPermission(publicRole, "application", "post", "count", true);
  setPermission(publicRole, "application", "post", "find", true);
  setPermission(publicRole, "application", "post", "findone", true);
  await service.updateRole(publicRole.id, publicRole);

  return;
};

Bootstraping new Strapi Role Permissions

2 Answers2