{"version":3,"file":"hasPermissions.mjs","sources":["../../../server/src/policies/hasPermissions.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport { policy } from '@strapi/utils';\nimport { validateHasPermissionsInput } from '../validation/policies/hasPermissions';\n\nconst { createPolicy } = policy;\n\nexport default createPolicy({\n name: 'plugin::content-manager.hasPermissions',\n validator: validateHasPermissionsInput,\n /**\n * NOTE: Action aliases are currently not checked at this level (policy).\n * This is currently the intended behavior to avoid changing the behavior of API related permissions.\n * If you want to add support for it, please create a dedicated RFC with a list of potential side effect this could have.\n */\n handler(ctx: Context, config = {}) {\n const { actions = [], hasAtLeastOne = false }: { actions: string[]; hasAtLeastOne: boolean } =\n config;\n\n const { userAbility } = ctx.state;\n const { model }: { model: string } = ctx.params;\n\n const isAuthorized = hasAtLeastOne\n ? actions.some((action) => userAbility.can(action, model))\n : actions.every((action) => userAbility.can(action, model));\n\n return isAuthorized;\n },\n});\n"],"names":["createPolicy","policy","name","validator","validateHasPermissionsInput","handler","ctx","config","actions","hasAtLeastOne","userAbility","state","model","params","isAuthorized","some","action","can","every"],"mappings":";;;AAIA,MAAM,EAAEA,YAAY,EAAE,GAAGC,MAAAA;AAEzB,qBAAeD,YAAa,CAAA;IAC1BE,IAAM,EAAA,wCAAA;IACNC,SAAWC,EAAAA,2BAAAA;AACX;;;;AAIC,MACDC,OAAQC,CAAAA,CAAAA,GAAY,EAAEC,MAAAA,GAAS,EAAE,EAAA;AAC/B,QAAA,MAAM,EAAEC,OAAU,GAAA,EAAE,EAAEC,aAAgB,GAAA,KAAK,EAAE,GAC3CF,MAAAA;AAEF,QAAA,MAAM,EAAEG,WAAW,EAAE,GAAGJ,IAAIK,KAAK;AACjC,QAAA,MAAM,EAAEC,KAAK,EAAE,GAAsBN,IAAIO,MAAM;QAE/C,MAAMC,YAAAA,GAAeL,gBACjBD,OAAQO,CAAAA,IAAI,CAAC,CAACC,MAAAA,GAAWN,YAAYO,GAAG,CAACD,QAAQJ,KACjDJ,CAAAA,CAAAA,GAAAA,OAAAA,CAAQU,KAAK,CAAC,CAACF,SAAWN,WAAYO,CAAAA,GAAG,CAACD,MAAQJ,EAAAA,KAAAA,CAAAA,CAAAA;QAEtD,OAAOE,YAAAA;AACT;AACF,CAAG,CAAA;;;;"}