{"version":3,"file":"remove-restricted-relations.mjs","sources":["../../../src/sanitize/visitors/remove-restricted-relations.ts"],"sourcesContent":["import { isArray, isObject } from 'lodash/fp';\nimport * as contentTypeUtils from '../../content-types';\nimport type { Visitor } from '../../traverse/factory';\nimport { RelationOrderingOptions } from '../../types';\nimport { VALID_RELATION_ORDERING_KEYS } from '../../relations';\n\nconst ACTIONS_TO_VERIFY = ['find'];\nconst { CREATED_BY_ATTRIBUTE, UPDATED_BY_ATTRIBUTE } = contentTypeUtils.constants;\n\ntype MorphArray = Array<{ __type: string }>;\n\nexport default (auth: unknown): Visitor =>\n  async ({ data, key, attribute, schema }, { remove, set }) => {\n    if (!attribute) {\n      return;\n    }\n\n    const isRelation = attribute.type === 'relation';\n\n    if (!isRelation) {\n      return;\n    }\n\n    const handleMorphRelation = async () => {\n      const elements: any = (data as Record<string, MorphArray>)[key];\n\n      if (!elements) {\n        return;\n      }\n\n      if ('connect' in elements || 'set' in elements || 'disconnect' in elements) {\n        const newValue: Record<string, unknown> = {};\n\n        const connect = await handleMorphElements(elements.connect || []);\n        const relSet = await handleMorphElements(elements.set || []);\n        const disconnect = await handleMorphElements(elements.disconnect || []);\n\n        if (connect.length > 0) {\n          newValue.connect = connect;\n        }\n\n        if (relSet.length > 0) {\n          newValue.set = relSet;\n        }\n\n        if (disconnect.length > 0) {\n          newValue.disconnect = disconnect;\n        }\n\n        // TODO: this should technically be in its own visitor to check morph options, but for now we'll handle it here\n        if (\n          'options' in elements &&\n          typeof elements.options === 'object' &&\n          elements.options !== null\n        ) {\n          const filteredOptions: RelationOrderingOptions = {};\n\n          // Iterate through the keys of elements.options\n          Object.keys(elements.options).forEach((key) => {\n            const validator = VALID_RELATION_ORDERING_KEYS[key as keyof RelationOrderingOptions];\n\n            // Ensure the key exists in VALID_RELATION_ORDERING_KEYS and the validator is defined before calling it\n            if (validator && validator(elements.options[key])) {\n              filteredOptions[key as keyof RelationOrderingOptions] = elements.options[key];\n            }\n          });\n\n          // Assign the filtered options back to newValue\n          newValue.options = filteredOptions;\n        } else {\n          newValue.options = {};\n        }\n\n        set(key, newValue);\n      } else {\n        const newMorphValue = await handleMorphElements(elements);\n\n        if (newMorphValue.length) {\n          set(key, newMorphValue);\n        }\n      }\n    };\n\n    const handleMorphElements = async (elements: any[]) => {\n      const allowedElements: Record<string, unknown>[] = [];\n\n      if (!isArray(elements)) {\n        return allowedElements;\n      }\n\n      for (const element of elements) {\n        if (!isObject(element) || !('__type' in element)) {\n          continue;\n        }\n\n        const scopes = ACTIONS_TO_VERIFY.map((action) => `${element.__type}.${action}`);\n        const isAllowed = await hasAccessToSomeScopes(scopes, auth);\n\n        if (isAllowed) {\n          allowedElements.push(element);\n        }\n      }\n\n      return allowedElements;\n    };\n\n    const handleRegularRelation = async () => {\n      const scopes = ACTIONS_TO_VERIFY.map((action) => `${attribute.target}.${action}`);\n\n      const isAllowed = await hasAccessToSomeScopes(scopes, auth);\n\n      // If the authenticated user don't have access to any of the scopes, then remove the field\n      if (!isAllowed) {\n        remove(key);\n      }\n    };\n\n    const isCreatorRelation = [CREATED_BY_ATTRIBUTE, UPDATED_BY_ATTRIBUTE].includes(key);\n\n    // Polymorphic relations\n    if (contentTypeUtils.isMorphToRelationalAttribute(attribute)) {\n      await handleMorphRelation();\n      return;\n    }\n\n    // Creator relations\n    if (isCreatorRelation && schema.options?.populateCreatorFields) {\n      // do nothing\n      return;\n    }\n\n    // Regular relations\n    await handleRegularRelation();\n  };\n\nconst hasAccessToSomeScopes = async (scopes: string[], auth: unknown) => {\n  for (const scope of scopes) {\n    try {\n      await strapi.auth.verify(auth, { scope });\n      return true;\n    } catch {\n      continue;\n    }\n  }\n\n  return false;\n};\n"],"names":["ACTIONS_TO_VERIFY","CREATED_BY_ATTRIBUTE","UPDATED_BY_ATTRIBUTE","contentTypeUtils","auth","data","key","attribute","schema","remove","set","isRelation","type","handleMorphRelation","elements","newValue","connect","handleMorphElements","relSet","disconnect","length","options","filteredOptions","Object","keys","forEach","validator","VALID_RELATION_ORDERING_KEYS","newMorphValue","allowedElements","isArray","element","isObject","scopes","map","action","__type","isAllowed","hasAccessToSomeScopes","push","handleRegularRelation","target","isCreatorRelation","includes","populateCreatorFields","scope","strapi","verify"],"mappings":";;;;AAMA,MAAMA,iBAAAA,GAAoB;AAAC,IAAA;AAAO,CAAA;AAClC,MAAM,EAAEC,oBAAoB,EAAEC,oBAAoB,EAAE,GAAGC,SAA0B;AAIjF,gCAAe,CAAA,CAACC,IAAAA,GACd,OAAO,EAAEC,IAAI,EAAEC,GAAG,EAAEC,SAAS,EAAEC,MAAM,EAAE,EAAE,EAAEC,MAAM,EAAEC,GAAG,EAAE,GAAA;AACtD,QAAA,IAAI,CAACH,SAAAA,EAAW;AACd,YAAA;AACF,QAAA;QAEA,MAAMI,UAAAA,GAAaJ,SAAAA,CAAUK,IAAI,KAAK,UAAA;AAEtC,QAAA,IAAI,CAACD,UAAAA,EAAY;AACf,YAAA;AACF,QAAA;AAEA,QAAA,MAAME,mBAAAA,GAAsB,UAAA;AAC1B,YAAA,MAAMC,QAAAA,GAAiBT,IAAmC,CAACC,GAAAA,CAAI;AAE/D,YAAA,IAAI,CAACQ,QAAAA,EAAU;AACb,gBAAA;AACF,YAAA;AAEA,YAAA,IAAI,SAAA,IAAaA,QAAAA,IAAY,KAAA,IAASA,QAAAA,IAAY,gBAAgBA,QAAAA,EAAU;AAC1E,gBAAA,MAAMC,WAAoC,EAAC;AAE3C,gBAAA,MAAMC,UAAU,MAAMC,mBAAAA,CAAoBH,QAAAA,CAASE,OAAO,IAAI,EAAE,CAAA;AAChE,gBAAA,MAAME,SAAS,MAAMD,mBAAAA,CAAoBH,QAAAA,CAASJ,GAAG,IAAI,EAAE,CAAA;AAC3D,gBAAA,MAAMS,aAAa,MAAMF,mBAAAA,CAAoBH,QAAAA,CAASK,UAAU,IAAI,EAAE,CAAA;gBAEtE,IAAIH,OAAAA,CAAQI,MAAM,GAAG,CAAA,EAAG;AACtBL,oBAAAA,QAAAA,CAASC,OAAO,GAAGA,OAAAA;AACrB,gBAAA;gBAEA,IAAIE,MAAAA,CAAOE,MAAM,GAAG,CAAA,EAAG;AACrBL,oBAAAA,QAAAA,CAASL,GAAG,GAAGQ,MAAAA;AACjB,gBAAA;gBAEA,IAAIC,UAAAA,CAAWC,MAAM,GAAG,CAAA,EAAG;AACzBL,oBAAAA,QAAAA,CAASI,UAAU,GAAGA,UAAAA;AACxB,gBAAA;;gBAGA,IACE,SAAA,IAAaL,QAAAA,IACb,OAAOA,QAAAA,CAASO,OAAO,KAAK,QAAA,IAC5BP,QAAAA,CAASO,OAAO,KAAK,IAAA,EACrB;AACA,oBAAA,MAAMC,kBAA2C,EAAC;;AAGlDC,oBAAAA,MAAAA,CAAOC,IAAI,CAACV,QAAAA,CAASO,OAAO,CAAA,CAAEI,OAAO,CAAC,CAACnB,GAAAA,GAAAA;wBACrC,MAAMoB,SAAAA,GAAYC,4BAA4B,CAACrB,GAAAA,CAAqC;;AAGpF,wBAAA,IAAIoB,aAAaA,SAAAA,CAAUZ,QAAAA,CAASO,OAAO,CAACf,IAAI,CAAA,EAAG;AACjDgB,4BAAAA,eAAe,CAAChB,GAAAA,CAAqC,GAAGQ,QAAAA,CAASO,OAAO,CAACf,GAAAA,CAAI;AAC/E,wBAAA;AACF,oBAAA,CAAA,CAAA;;AAGAS,oBAAAA,QAAAA,CAASM,OAAO,GAAGC,eAAAA;gBACrB,CAAA,MAAO;oBACLP,QAAAA,CAASM,OAAO,GAAG,EAAC;AACtB,gBAAA;AAEAX,gBAAAA,GAAAA,CAAIJ,GAAAA,EAAKS,QAAAA,CAAAA;YACX,CAAA,MAAO;gBACL,MAAMa,aAAAA,GAAgB,MAAMX,mBAAAA,CAAoBH,QAAAA,CAAAA;gBAEhD,IAAIc,aAAAA,CAAcR,MAAM,EAAE;AACxBV,oBAAAA,GAAAA,CAAIJ,GAAAA,EAAKsB,aAAAA,CAAAA;AACX,gBAAA;AACF,YAAA;AACF,QAAA,CAAA;AAEA,QAAA,MAAMX,sBAAsB,OAAOH,QAAAA,GAAAA;AACjC,YAAA,MAAMe,kBAA6C,EAAE;YAErD,IAAI,CAACC,QAAQhB,QAAAA,CAAAA,EAAW;gBACtB,OAAOe,eAAAA;AACT,YAAA;YAEA,KAAK,MAAME,WAAWjB,QAAAA,CAAU;AAC9B,gBAAA,IAAI,CAACkB,QAAAA,CAASD,OAAAA,CAAAA,IAAY,EAAE,QAAA,IAAYA,OAAM,CAAA,EAAI;AAChD,oBAAA;AACF,gBAAA;AAEA,gBAAA,MAAME,MAAAA,GAASjC,iBAAAA,CAAkBkC,GAAG,CAAC,CAACC,MAAAA,GAAW,CAAA,EAAGJ,OAAAA,CAAQK,MAAM,CAAC,CAAC,EAAED,MAAAA,CAAAA,CAAQ,CAAA;gBAC9E,MAAME,SAAAA,GAAY,MAAMC,qBAAAA,CAAsBL,MAAAA,EAAQ7B,IAAAA,CAAAA;AAEtD,gBAAA,IAAIiC,SAAAA,EAAW;AACbR,oBAAAA,eAAAA,CAAgBU,IAAI,CAACR,OAAAA,CAAAA;AACvB,gBAAA;AACF,YAAA;YAEA,OAAOF,eAAAA;AACT,QAAA,CAAA;AAEA,QAAA,MAAMW,qBAAAA,GAAwB,UAAA;AAC5B,YAAA,MAAMP,MAAAA,GAASjC,iBAAAA,CAAkBkC,GAAG,CAAC,CAACC,MAAAA,GAAW,CAAA,EAAG5B,SAAAA,CAAUkC,MAAM,CAAC,CAAC,EAAEN,MAAAA,CAAAA,CAAQ,CAAA;YAEhF,MAAME,SAAAA,GAAY,MAAMC,qBAAAA,CAAsBL,MAAAA,EAAQ7B,IAAAA,CAAAA;;AAGtD,YAAA,IAAI,CAACiC,SAAAA,EAAW;gBACd5B,MAAAA,CAAOH,GAAAA,CAAAA;AACT,YAAA;AACF,QAAA,CAAA;AAEA,QAAA,MAAMoC,iBAAAA,GAAoB;AAACzC,YAAAA,oBAAAA;AAAsBC,YAAAA;AAAqB,SAAA,CAACyC,QAAQ,CAACrC,GAAAA,CAAAA;;QAGhF,IAAIH,4BAA6C,CAACI,SAAAA,CAAAA,EAAY;YAC5D,MAAMM,mBAAAA,EAAAA;AACN,YAAA;AACF,QAAA;;AAGA,QAAA,IAAI6B,iBAAAA,IAAqBlC,MAAAA,CAAOa,OAAO,EAAEuB,qBAAAA,EAAuB;;AAE9D,YAAA;AACF,QAAA;;QAGA,MAAMJ,qBAAAA,EAAAA;AACR,IAAA,CAAA;AAEF,MAAMF,qBAAAA,GAAwB,OAAOL,MAAAA,EAAkB7B,IAAAA,GAAAA;IACrD,KAAK,MAAMyC,SAASZ,MAAAA,CAAQ;QAC1B,IAAI;AACF,YAAA,MAAMa,MAAAA,CAAO1C,IAAI,CAAC2C,MAAM,CAAC3C,IAAAA,EAAM;AAAEyC,gBAAAA;AAAM,aAAA,CAAA;YACvC,OAAO,IAAA;AACT,QAAA,CAAA,CAAE,OAAM;AACN,YAAA;AACF,QAAA;AACF,IAAA;IAEA,OAAO,KAAA;AACT,CAAA;;;;"}