Skip to content

Commit

Permalink
Fix removal of user leaking permissions to public user
Browse files Browse the repository at this point in the history
  • Loading branch information
@MariusDoe
MariusDoe committed Aug 22, 2024
1 parent 8139bd5 commit 713d6f2
Showing 1 changed file with 13 additions and 15 deletions.
28 changes: 13 additions & 15 deletions projects/bp-strapi/src/api/parameterized-permission/services/custom-update.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,12 +198,6 @@ export const removeUser = async (id: string) => {
return;
}

await userQuery.delete({
where: {
id,
},
});

const permissionQuery = strapi.db.query('api::parameterized-permission.parameterized-permission');
// deleteMany currently doesn't support relational filters:
// https://github.com/strapi/strapi/issues/11998
Expand All @@ -214,15 +208,19 @@ export const removeUser = async (id: string) => {
},
},
});
await Promise.all(
permissionsToDelete.map(permission => {
permissionQuery.delete({
where: {
id: permission.id,
},
});
})
);
await permissionQuery.delete({
where: {
id: {
$in: permissionsToDelete.map(permission => permission.id),
},
},
});

await userQuery.delete({
where: {
id,
},
});

return 1;
};

0 comments on commit 713d6f2

Please sign in to comment.