Strapi plugin logo for Route permission

Route permission

This plugin implements a simple way to seed strapi users-permissions from routes configuration.

thumbnail for Route permission

Strapi4 plugin server route permission

Inspired from strapi-plugin-route-permission, same plugin but for strapi V3.

A plugin for Strapi that provides the ability to config roles on server route for generate permissions.

Downloads Install size

🚀   Overview

This plugin implements a simple way to seed strapi users-permissions from routes configuration (only server). It means that you can define your routes permissions direcly on route files. So every time your server ups, it will recreate yours routes permissions from your route config, allowing you to migrate your application without worrying about redefine your routes permissions over strapi panel.

⚠️ this plugin create route permission but don't delete any route permission


  Installation

With npm:

npm install strapi-plugin-server-route-permission

With yarn:

yarn add strapi-plugin-server-route-permission

  Getting Started

Add an array of roles on each route configuration

Examples:

Core route example :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
'use strict';

'use strict';

/**
 * restaurant router
 */

const { createCoreRouter } = require('@strapi/strapi').factories;

module.exports = createCoreRouter('api::restaurant.restaurant', {
    config: {
        find: {
            roles: ["authenticated", "public"],
        },
        create: {
            roles: ["authenticated"]
        },
        findOne: {
            roles: ["authenticated", "public", "test"]
        },
        update: {
            roles: ["authenticated"]
        },
        delete: {
            roles: ["authenticated"]
        }
    }
});

custom route :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
// server/routes/task.js
'use strict';

/**
 *  router.
 */

module.exports = {
  type: "content-api",
  routes: [
    {
      method: 'POST',
      path: '/user/update-avatar',
      handler: 'user.updateAvatar',
      config: {
        roles: ["authenticated"],
        policies: [],
        middlewares: [],
      },
    },
    {
      method: 'DELETE',
      path: '/user/delete-avatar',
      handler: 'user.deleteAvatar',
      config: {
        roles: ["authenticated"],
      },
    },
    {
      method: 'GET',
      path: '/avatar/:id',
      handler: 'avatar.getAvatar',
      config: {
        roles: ["authenticated"],
      },
    },
  ],
};

🎉   Result

On strapi startup it add only new permission configured in your route config

Configurated routes are visible on admin panel :

if admin remove a permission from admin panel, you got the log and the route is'nt configured

You can restore via settings on admin panel, this remove the configured routes history and reconfigure route which was deleted from the admin on next restart

🐛   Bugs

If any bugs are found please report them as a Github Issue

Install now

npm install strapi-plugin-server-route-permission

Last updated

94 days ago

Strapi Compatibility

4.3.6 and above

Author

github profile image for Paul Richez
Paul Richez

Useful links

Create your own plugin

Check out the available plugin resources that will help you to develop your plugin or provider and get it listed on the marketplace.