This plugin implements a simple way to seed strapi users-permissions from routes configuration.
Inspired from strapi-plugin-route-permission, same plugin but for strapi V3.
A plugin for Strapi that provides the ability to config roles on server route for generate permissions.
This plugin implements a simple way to seed strapi users-permissions from routes configuration (only server). It means that you can define your routes permissions direcly on route files. So every time your server ups, it will recreate yours routes permissions from your route config, allowing you to migrate your application without worrying about redefine your routes permissions over strapi panel.
⚠️ this plugin create route permission but don't delete any route permission
With npm:
npm install strapi-plugin-server-route-permission
With yarn:
yarn add strapi-plugin-server-route-permission
Add an array of roles on each route configuration
Core route example :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
'use strict';
'use strict';
/**
* restaurant router
*/
const { createCoreRouter } = require('@strapi/strapi').factories;
module.exports = createCoreRouter('api::restaurant.restaurant', {
config: {
find: {
roles: ["authenticated", "public"],
},
create: {
roles: ["authenticated"]
},
findOne: {
roles: ["authenticated", "public", "test"]
},
update: {
roles: ["authenticated"]
},
delete: {
roles: ["authenticated"]
}
}
});
custom route :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
// server/routes/task.js
'use strict';
/**
* router.
*/
module.exports = {
type: "content-api",
routes: [
{
method: 'POST',
path: '/user/update-avatar',
handler: 'user.updateAvatar',
config: {
roles: ["authenticated"],
policies: [],
middlewares: [],
},
},
{
method: 'DELETE',
path: '/user/delete-avatar',
handler: 'user.deleteAvatar',
config: {
roles: ["authenticated"],
},
},
{
method: 'GET',
path: '/avatar/:id',
handler: 'avatar.getAvatar',
config: {
roles: ["authenticated"],
},
},
],
};
On strapi startup it add only new permission configured in your route config
Configurated routes are visible on admin panel :
if admin remove a permission from admin panel, you got the log and the route is'nt configured
You can restore via settings on admin panel, this remove the configured routes history and reconfigure route which was deleted from the admin on next restart
If any bugs are found please report them as a Github Issue
npm install strapi-plugin-server-route-permission
Check out the available plugin resources that will help you to develop your plugin or provider and get it listed on the marketplace.