Eric Hansen
Eric Hansen

Reputation: 205

Bootstraping Strapi Role Permissions

I am a developer that is doing front end work, strapi and javascript for the first time. I hope someone could take pity on me and provide an example of how to set the Public role permissions via a bootstrap.js script. node.js v10.16.0
Strapi v3.0.0-next.11
Graphql 14.3.1
MongoDB: 3.6
All on Windows 10

In the Strapi UI, it is the Roles and Permissions for the Public Role Public Role

I want to set these boxes to CHECKED Toggle Checkboxes

Another developer has used the bootstrap.js file to add items to the services we created (menu). I don't know how to return even the most basic information on the role permissions. My function is called test() I searched for examples and the best I found was this on stackoverflow: Strapi Plugin Route Default Permission :


but I cannot figure out how to use it:

function add_widgets_from_sheet(sheet_name, model_object){
  console.log(`adding ${sheet_name}`)
  let xlsxSheet = Sheets[sheet_name]
  const widgets = XLSX.utils.sheet_to_json(xlsxSheet)

  widgets.forEach(function (widget) {
    //See if the object is already in the db before adding it
      .then(result => {
        if (result == 0) {
          console.log('Adding '+sheet_name+': ' + JSON.stringify(widget))
          return model_object.add(widget)

function test(){
  console.log(`Testing ${strapi.plugins['users-permissions'].models.role.find}`)

module.exports = next => {

  console.log('Starting Strapi bootstrap')
  add_widgets_from_sheet('Menus', //adding menus
  test() // Returning nothing
  console.log('Ending Strapi bootstrap')

I would like to toggle those checkboxes to TRUE, CHECKED or whatever its called. so that we don't have to manually do it through the UI everytime we dump the database.

I learn best from examples...I hope you can help. Thank you!

Upvotes: 8

Views: 4850

Answers (4)

Mihail Ignatiev
Mihail Ignatiev

Reputation: 853

For strapi 3.3.x and probably future versions
Slightly efficient way (queries role one time, uses query to filter permissions)

'use strict';

module.exports = async () => {
  const publicRole = await getRoleByName('Public')
  await grantPermissions(publicRole, 'application', 'images', ['upload', 'remove'])  // upload, remove in 'images' controller
  await grantPermissions(publicRole, 'application', 'project') // any action in 'project' controller                      

async function getRoleByName(name) {
  return strapi.query('role', 'users-permissions').findOne({ name }, [])

async function getPermissions(role, permissionType, controller, actions = null) {
  const permissionQuery = strapi.query('permission', 'users-permissions')
  const permissionRequest = {
    _limit: 1000,
    type: permissionType,
    controller: controller

  if (actions) {
    permissionRequest.action_in = Array.isArray(actions) ? actions : [actions]

  return permissionQuery.find(permissionRequest, [])

async function grantPermissions(role, permissionType, controller, actions) {
  if (actions && !Array.isArray(actions)) {
    actions = [ actions ]
  }`Setting '${controller}' [${actions ? actions.join(', ') : '*'}] permissions for '${}'`)

  const permissionQuery = strapi.query('permission', 'users-permissions')
  const permissions = await getPermissions(role, permissionType, controller, actions)
  if (permissions.length === 0) {
    throw new Error(`Error enabling permissions: ${}, ${permissionType}, ${controller}, ${actions}`)

  for (const { id } of permissions) {
    await permissionQuery.update({ id }, { enabled: true })

Upvotes: 0

Tom Saleeba
Tom Saleeba

Reputation: 4217

Building on both of the previous answers, it seems you can get away with a single loop and in that you can set permissions for both public and authenticated users.

This was written against strapi 3.2.4 and I'm using NodeJS 12 so things like the spread operator ... are available.

  const permOrm = strapi.query('permission', 'users-permissions')
  const perms = await permOrm.find({ type: 'application' })
  for (const curr of perms) {
    if (curr.role.type === 'authenticated') {
        `Allowing authenticated to call ${curr.controller}.${curr.action}`,
      permOrm.update({ id: }, { ...curr, enabled: true })
    // permission is for public
    const isReadEndpoint = ['find', 'findone', 'count'].includes(curr.action)
    if (isReadEndpoint) {
        `Allowing public to call ${curr.controller}.${curr.action}`,
      permOrm.update({ id: }, { ...curr, enabled: true })
    // TODO add custom logic for any non-standard actions here
      `Disallowing public from calling ${curr.controller}.${curr.action}`,
    permOrm.update({ id: }, { ...curr, enabled: false })

Upvotes: 3

Quinn Keaveney
Quinn Keaveney

Reputation: 1614

I find this simpler.

// In your bootstrap.js file
'use strict';
module.exports = async () => {

    const authenticated = await strapi.query('role', 'users-permissions').findOne({ type: 'authenticated' });
    authenticated.permissions.forEach(permission => {

        if (permission.type === 'application'){ // Whatever permissions you want to change
            let newPermission = permission;
            newPermission.enabled = true; // Editing permission as needed

            strapi.query('permission', 'users-permissions').update( { id: }, newPermission ); // Updating Strapi with the permission

Upvotes: 1

Eric Hansen
Eric Hansen

Reputation: 205

So the code below is from a file called PROJECT/STRAPI/config/functions/bootstrap.js This automates creating the content types and content with information we keep in an excel spreadsheet. But in order to use those content types, there are roles and permissions that have to be activated so the web ui can access them. Basically, we do not want to manually go into the Strapi UI to create your user, create content types, create content or update the permissions. We want a script to do all of that.

'use strict'

Our Environment Variables

require('dotenv').config({ path:'../.env' })

Excel Spreadsheet Holding our data (attached)

const XLSX = require('xlsx')
const BOOTSTRAP_DATA = XLSX.readFile(process.env.BOOTSTRAP_DATA).Sheets

Variables pulled from .env

const ADMIN_EMAIL    = process.env.ADMIN_EMAIL

Reading in the XLSX

async function bootstrap_resource(resource_type, resource_service) {`Bootstrapping ${resource_type}`)

  const resources = XLSX.utils.sheet_to_json(BOOTSTRAP_DATA[resource_type])

  for (let resource of resources) {

    if (await resource_service.count(resource) === 0) {
      strapi.log.warn(`Bootstrapping ${resource_type}: ${JSON.stringify(resource)}`)

      await resource_service.create(resource)

Creating the initial USER for strapi

async function bootstrap_admin() {`Bootstrapping Admin`)

  const admin_orm = strapi.admin.queries('administrator', 'admin')

  const admins = await admin_orm.find({username: ADMIN_USERNAME})

  if ( admins.length === 0) {
    const blocked  = false
    const username = ADMIN_USERNAME
    const password = await
    const email    = ADMIN_EMAIL
    const user     = { blocked, username, password, email }

    const data = await admin_orm.create(user)

    strapi.log.warn(`Bootstrapped Admin User: ${JSON.stringify(user)}`)

The following are get_roles() - required for get_permissions(), and get_permissions() is required for enable_permissions() This is where we turn on those content types so the web ui can see it.

async function get_roles() {
  const role_orm = strapi.plugins['users-permissions'].queries('role', 'users-permissions')

  const role_list = await role_orm.find({}, [])

  const roles = {}

  for (let role of role_list) {
    roles[ role._id ] = role
    roles[ ] = role

  return roles

async function get_permissions( selected_role, selected_type, selected_controller ) {
  const roles          = await get_roles()
  const permission_orm = strapi.plugins['users-permissions'].queries('permission', 'users-permissions')

  let permission_list  = await permission_orm.find({_limit: 999}, [])

  if ( selected_role       ) permission_list = permission_list.filter( ({ role       }) => `${role}`       === `${roles[selected_role]._id}` )
  if ( selected_type       ) permission_list = permission_list.filter( ({ type       }) => `${type}`       === `${selected_type}`            )
  if ( selected_controller ) permission_list = permission_list.filter( ({ controller }) => `${controller}` === `${selected_controller}`      )

  return permission_list

async function enable_permissions(role, type, controller) {`Setting '${controller}' permissions for '${role}'`)

  const permission_orm = strapi.plugins['users-permissions'].queries('permission', 'users-permissions')

  const permissions = await get_permissions(role, type, controller)

  for (let { _id } of permissions) {
    permission_orm.update({ _id }, { enabled: true })

Finally, we run the program

module.exports = async next => {

  await bootstrap_admin()

  await bootstrap_resource( 'Clients', )
  await bootstrap_resource( 'Menus',   )

  enable_permissions('Public', 'application', 'client'     )
  enable_permissions('Public', 'application', 'github'     )
  enable_permissions('Public', 'application', 'menu'       )
  enable_permissions('Public', 'application', 'confluence' )


Take out my comments and you have the entire bootstrap.js file. The images below show the 3 tabs of the demo.xlsx workbook that is used to populate everything. clients tab menus tab users tab

Finally, showing the results. Menus (content), permissions set and the public website using Nuxt. list of menus permissions for the public users Nuxt Generate Web Page leveraging strapi

Upvotes: 5

Related Questions