Strapi4 plugin server route permission

Inspired from strapi-plugin-route-permission, same plugin but for strapi V3.

A plugin for Strapi that provides the ability to config roles on server route for generate permissions.

🚀   Overview

This plugin implements a simple way to seed strapi users-permissions from routes configuration (only server). It means that you can define your routes permissions direcly on route files. So every time your server ups, it will recreate yours routes permissions from your route config, allowing you to migrate your application without worrying about redefine your routes permissions over strapi panel.

⚠️ this plugin create route permission but don't delete any route permission

⏳   Installation

With npm:

npm install strapi-plugin-server-route-permission

With yarn:

yarn add strapi-plugin-server-route-permission

✨   Getting Started

Add an array of roles on each route configuration

Examples:

Core route example :

1"use strict";
2
3"use strict";
4
5/**
6 * restaurant router
7 */
8
9const { createCoreRouter } = require("@strapi/strapi").factories;
10
11module.exports = createCoreRouter("api::restaurant.restaurant", {
12  config: {
13    find: {
14      // @ts-ignore
15      roles: ["authenticated", "public"],
16    },
17    create: {
18      // @ts-ignore
19      roles: ["authenticated"],
20    },
21    findOne: {
22      // @ts-ignore
23      roles: ["authenticated", "public", "test"],
24    },
25    update: {
26      // @ts-ignore
27      roles: ["authenticated"],
28    },
29    delete: {
30      // @ts-ignore
31      roles: ["authenticated"],
32    },
33  },
34});

custom route :

1// server/routes/task.js
2"use strict";
3
4/**
5 *  router.
6 */
7
8module.exports = {
9  type: "content-api",
10  routes: [
11    {
12      method: "POST",
13      path: "/user/update-avatar",
14      handler: "user.updateAvatar",
15      config: {
16        // @ts-ignore
17        roles: ["authenticated"],
18        policies: [],
19        middlewares: [],
20      },
21    },
22    {
23      method: "DELETE",
24      path: "/user/delete-avatar",
25      handler: "user.deleteAvatar",
26      config: {
27        // @ts-ignore
28        roles: ["authenticated"],
29      },
30    },
31    {
32      method: "GET",
33      path: "/avatar/:id",
34      handler: "avatar.getAvatar",
35      config: {
36        // @ts-ignore
37        roles: ["authenticated"],
38      },
39    },
40  ],
41};

🎉   Result

On strapi startup it add only new permission configured in your route config

Configurated routes are visible on admin panel :

if admin remove a permission from admin panel, you got the log and the route is'nt configured

You can restore via settings on admin panel, this remove the configured routes history and reconfigure route which was deleted from the admin on next restart

🐛   Bugs

If any bugs are found please report them as a Github Issue

Typescript support problem

Issue You can put this line upside the role propertie : // @ts-ignore