How to create programmatically new roles and add restrictions in strapi required help

hashirnouman · January 17, 2024, 4:51am

System Information

Strapi Version:4.16.2
Operating System: windows 11
Database: postgres
Node Version: 18.17.0
NPM Version: 9.6.7
Yarn Version: 1.22.21

the strapi provides and option to create a new roles and restric user to access certain api function like create read update delete how to manage this functionality programmatically via api

Hassan_WaqarButt · January 22, 2024, 3:21pm

@hashirnouman First You need to understand how Strapi users-permissions plugin works
If you look into you db you will see following tables

up_permissions
up_permissions_role_links
up_roles

roles and permissions of user is managed using these tables and you can create custom api and perfrom curd on above tables to add new roles programmatically
you can acess table like

        strapi.db.connection
          .table('up_roles')

strapi use KNEX ORM under the table so you can read KNEX Documentation for better understanding

LuisAlaguna · January 24, 2024, 4:55pm

Any snippet for it?

Hassan_WaqarButt · January 25, 2024, 3:03pm

@LuisAlaguna @hashirnouman here is snippet to create role using strapi Query Engine’s API

await strapi.db
        .query('plugin::users-permissions.role')
        .create({
          data: {
            name: 'Teacher',
            description: 'Teacher can upload grades',
            type: 'authenticated'
          }
        });

similarly below example create a permission for find course api

await strapi.db
        .query('plugin::users-permissions.permission')
        .create({
          data: {
            action: 'api::course.course.find',
          }
        });

and if you want to assign a new role permission using nested like

await strapi.db
        .query('plugin::users-permissions.role')
        .create({
          data: {
            name: 'Teacher',
            description: 'Default message',
            type: 'authenticated',
        // permission id of find course api
            permissions: [11]
          }
        });

gregg-cbs · May 1, 2024, 10:54am

Update: I found out these were the permissions that existed against a user role and that you have to create a new entry into “plugin::users-permissions.permission” and assign that new permission to a role.

Quick question to anyone. Howcome i see multiple of the same actions in permissions and how do i know which one to use?

Query:

await strapi.entityService.findMany("plugin::users-permissions.permission");

Summarized Response:

    {
      "id": 166,
      "action": "api::auth.auth.logout",
      "createdAt": "2023-10-30T06:18:03.788Z",
      "updatedAt": "2023-10-30T06:18:03.788Z"
    },
    {
      "id": 343,
      "action": "api::auth.auth.logout",
      "createdAt": "2024-03-20T15:09:18.185Z",
      "updatedAt": "2024-03-20T15:09:18.185Z"
    },
    {
      "id": 207,
      "action": "api::auth.auth.logout",
      "createdAt": "2023-10-31T07:49:33.623Z",
      "updatedAt": "2023-10-31T07:49:33.623Z"
    },
    {
      "id": 224,
      "action": "api::auth.auth.logout",
      "createdAt": "2023-12-07T05:23:29.123Z",
      "updatedAt": "2023-12-07T05:23:29.123Z"
    },