Ghost/core/server/api/v2/settings.js

const Promise = require('bluebird');
const _ = require('lodash');
const models = require('../../models');
const routing = require('../../../frontend/services/routing');
const {i18n} = require('../../lib/common');
const {NoPermissionError, NotFoundError} = require('@tryghost/errors');
const settingsCache = require('../../services/settings/cache');

module.exports = {
    docName: 'settings',

    browse: {
        options: ['type'],
        permissions: true,
        query(frame) {
            let settings = settingsCache.getAll();

            // CASE: no context passed (functional call)
            if (!frame.options.context) {
                return Promise.resolve(settings.filter((setting) => {
                    return setting.group === 'site';
                }));
            }

            // CASE: omit core settings unless internal request
            if (!frame.options.context.internal) {
                settings = _.filter(settings, (setting) => {
                    const isCore = setting.group === 'core';
                    return !isCore;
                });
            }

            return settings;
        }
    },

    read: {
        options: ['key'],
        validation: {
            options: {
                key: {
                    required: true
                }
            }
        },
        permissions: {
            identifier(frame) {
                return frame.options.key;
            }
        },
        query(frame) {
            let setting = settingsCache.get(frame.options.key, {resolve: false});

            if (!setting) {
                return Promise.reject(new NotFoundError({
                    message: i18n.t('errors.api.settings.problemFindingSetting', {
                        key: frame.options.key
                    })
                }));
            }

            // @TODO: handle in settings model permissible fn
            if (setting.group === 'core' && !(frame.options.context && frame.options.context.internal)) {
                return Promise.reject(new NoPermissionError({
                    message: i18n.t('errors.api.settings.accessCoreSettingFromExtReq')
                }));
            }

            return {
                [frame.options.key]: setting
            };
        }
    },

    edit: {
        headers: {
            cacheInvalidate: true
        },
        permissions: {
            unsafeAttrsObject(frame) {
                return _.find(frame.data.settings, {key: 'labs'});
            },
            before(frame) {
                const errors = [];

                frame.data.settings.map((setting) => {
                    if (setting.group === 'core' && !(frame.options.context && frame.options.context.internal)) {
                        errors.push(new NoPermissionError({
                            message: i18n.t('errors.api.settings.accessCoreSettingFromExtReq')
                        }));
                    }
                });

                if (errors.length) {
                    return Promise.reject(errors[0]);
                }
            }
        },
        query(frame) {
            let type = frame.data.settings.find((setting) => {
                return setting.key === 'type';
            });

            if (_.isObject(type)) {
                type = type.value;
            }

            frame.data.settings = _.reject(frame.data.settings, (setting) => {
                return setting.key === 'type';
            });

            const errors = [];

            _.each(frame.data.settings, (setting) => {
                const settingFromCache = settingsCache.get(setting.key, {resolve: false});

                if (!settingFromCache) {
                    errors.push(new NotFoundError({
                        message: i18n.t('errors.api.settings.problemFindingSetting', {
                            key: setting.key
                        })
                    }));
                } else if (settingFromCache.core === 'core' && !(frame.options.context && frame.options.context.internal)) {
                    // @TODO: handle in settings model permissible fn
                    errors.push(new NoPermissionError({
                        message: i18n.t('errors.api.settings.accessCoreSettingFromExtReq')
                    }));
                }
            });

            if (errors.length) {
                return Promise.reject(errors[0]);
            }

            return models.Settings.edit(frame.data.settings, frame.options);
        }
    },

    upload: {
        headers: {
            cacheInvalidate: true
        },
        permissions: {
            method: 'edit'
        },
        query(frame) {
            return routing.settings.setFromFilePath(frame.file.path);
        }
    },

    download: {
        headers: {
            disposition: {
                type: 'yaml',
                value: 'routes.yaml'
            }
        },
        response: {
            format: 'plain'
        },
        permissions: {
            method: 'browse'
        },
        query() {
            return routing.settings.get();
        }
    }
};
Added settings ctrl to v2 refs #9866 2018-10-12 20:44:02 +03:00			`const Promise = require('bluebird');`
			`const _ = require('lodash');`
			`const models = require('../../models');`
Moved settings dynamicRouting to routing.settings 2019-06-21 17:34:17 +03:00			`const routing = require('../../../frontend/services/routing');`
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope 2020-05-22 21:22:20 +03:00			`const {i18n} = require('../../lib/common');`
			`const {NoPermissionError, NotFoundError} = require('@tryghost/errors');`
Added settings ctrl to v2 refs #9866 2018-10-12 20:44:02 +03:00			`const settingsCache = require('../../services/settings/cache');`

			`module.exports = {`
			`docName: 'settings',`

			`browse: {`
			`options: ['type'],`
			`permissions: true,`
			`query(frame) {`
			`let settings = settingsCache.getAll();`

			`// CASE: no context passed (functional call)`
			`if (!frame.options.context) {`
			`return Promise.resolve(settings.filter((setting) => {`
Added naive settings type options parameter support to settings API v2 refs TryGhost/Ghost#10318 refs 8fc526ff6 - This is symetric change to one done for v3 API (commited as 8fc526ff6) - Added 'core' filtering for v2 API controller 2020-06-25 07:32:16 +03:00			`return setting.group === 'site';`
Added settings ctrl to v2 refs #9866 2018-10-12 20:44:02 +03:00			`}));`
			`}`

			`// CASE: omit core settings unless internal request`
			`if (!frame.options.context.internal) {`
			`settings = _.filter(settings, (setting) => {`
Added naive settings type options parameter support to settings API v2 refs TryGhost/Ghost#10318 refs 8fc526ff6 - This is symetric change to one done for v3 API (commited as 8fc526ff6) - Added 'core' filtering for v2 API controller 2020-06-25 07:32:16 +03:00			`const isCore = setting.group === 'core';`
Removed API filter of settings now correctly grouped in "core" refs https://github.com/TryGhost/Ghost/issues/10318 - `members_public_key` and `members_private_key` are now correctly grouped under `core` which is already filtered out so we don't need the extra filter to exclude them 2020-06-24 16:55:50 +03:00			`return !isCore;`
Added settings ctrl to v2 refs #9866 2018-10-12 20:44:02 +03:00			`});`
			`}`

			`return settings;`
			`}`
			`},`

			`read: {`
			`options: ['key'],`
			`validation: {`
			`options: {`
			`key: {`
			`required: true`
			`}`
			`}`
			`},`
			`permissions: {`
			`identifier(frame) {`
			`return frame.options.key;`
			`}`
			`},`
			`query(frame) {`
			`let setting = settingsCache.get(frame.options.key, {resolve: false});`

🐛 Fixed 404 when trying to update codeinjection_* settings in Admin API v2 refs #10560 2019-03-05 00:59:13 +03:00			`if (!setting) {`
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope 2020-05-22 21:22:20 +03:00			`return Promise.reject(new NotFoundError({`
			`message: i18n.t('errors.api.settings.problemFindingSetting', {`
🐛 Fixed 404 when trying to update codeinjection_* settings in Admin API v2 refs #10560 2019-03-05 00:59:13 +03:00			`key: frame.options.key`
			`})`
			`}));`
			`}`

			`// @TODO: handle in settings model permissible fn`
Added naive settings type options parameter support to settings API v2 refs TryGhost/Ghost#10318 refs 8fc526ff6 - This is symetric change to one done for v3 API (commited as 8fc526ff6) - Added 'core' filtering for v2 API controller 2020-06-25 07:32:16 +03:00			`if (setting.group === 'core' && !(frame.options.context && frame.options.context.internal)) {`
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope 2020-05-22 21:22:20 +03:00			`return Promise.reject(new NoPermissionError({`
			`message: i18n.t('errors.api.settings.accessCoreSettingFromExtReq')`
🐛 Fixed 404 when trying to update codeinjection_* settings in Admin API v2 refs #10560 2019-03-05 00:59:13 +03:00			`}));`
			`}`

Added settings ctrl to v2 refs #9866 2018-10-12 20:44:02 +03:00			`return {`
			`[frame.options.key]: setting`
			`};`
			`}`
			`},`

			`edit: {`
			`headers: {`
			`cacheInvalidate: true`
			`},`
			`permissions: {`
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property 2019-10-09 11:26:54 +03:00			`unsafeAttrsObject(frame) {`
			`return _.find(frame.data.settings, {key: 'labs'});`
			`},`
Added settings ctrl to v2 refs #9866 2018-10-12 20:44:02 +03:00			`before(frame) {`
			`const errors = [];`

			`frame.data.settings.map((setting) => {`
Added naive settings type options parameter support to settings API v2 refs TryGhost/Ghost#10318 refs 8fc526ff6 - This is symetric change to one done for v3 API (commited as 8fc526ff6) - Added 'core' filtering for v2 API controller 2020-06-25 07:32:16 +03:00			`if (setting.group === 'core' && !(frame.options.context && frame.options.context.internal)) {`
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope 2020-05-22 21:22:20 +03:00			`errors.push(new NoPermissionError({`
			`message: i18n.t('errors.api.settings.accessCoreSettingFromExtReq')`
Added settings ctrl to v2 refs #9866 2018-10-12 20:44:02 +03:00			`}));`
			`}`
			`});`

			`if (errors.length) {`
			`return Promise.reject(errors[0]);`
			`}`
			`}`
			`},`
			`query(frame) {`
			`let type = frame.data.settings.find((setting) => {`
			`return setting.key === 'type';`
			`});`

			`if (_.isObject(type)) {`
			`type = type.value;`
			`}`

			`frame.data.settings = _.reject(frame.data.settings, (setting) => {`
			`return setting.key === 'type';`
			`});`

🐛 Fixed 404 when trying to update codeinjection_* settings in Admin API v2 refs #10560 2019-03-05 00:59:13 +03:00			`const errors = [];`

			`_.each(frame.data.settings, (setting) => {`
			`const settingFromCache = settingsCache.get(setting.key, {resolve: false});`

			`if (!settingFromCache) {`
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope 2020-05-22 21:22:20 +03:00			`errors.push(new NotFoundError({`
			`message: i18n.t('errors.api.settings.problemFindingSetting', {`
🐛 Fixed 404 when trying to update codeinjection_* settings in Admin API v2 refs #10560 2019-03-05 00:59:13 +03:00			`key: setting.key`
			`})`
			`}));`
Added naive settings type options parameter support to settings API v2 refs TryGhost/Ghost#10318 refs 8fc526ff6 - This is symetric change to one done for v3 API (commited as 8fc526ff6) - Added 'core' filtering for v2 API controller 2020-06-25 07:32:16 +03:00			`} else if (settingFromCache.core === 'core' && !(frame.options.context && frame.options.context.internal)) {`
🐛 Fixed 404 when trying to update codeinjection_* settings in Admin API v2 refs #10560 2019-03-05 00:59:13 +03:00			`// @TODO: handle in settings model permissible fn`
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope 2020-05-22 21:22:20 +03:00			`errors.push(new NoPermissionError({`
			`message: i18n.t('errors.api.settings.accessCoreSettingFromExtReq')`
🐛 Fixed 404 when trying to update codeinjection_* settings in Admin API v2 refs #10560 2019-03-05 00:59:13 +03:00			`}));`
			`}`
			`});`

			`if (errors.length) {`
			`return Promise.reject(errors[0]);`
			`}`

Added settings ctrl to v2 refs #9866 2018-10-12 20:44:02 +03:00			`return models.Settings.edit(frame.data.settings, frame.options);`
			`}`
			`},`

			`upload: {`
			`headers: {`
			`cacheInvalidate: true`
			`},`
			`permissions: {`
			`method: 'edit'`
			`},`
			`query(frame) {`
Moved settings dynamicRouting to routing.settings 2019-06-21 17:34:17 +03:00			`return routing.settings.setFromFilePath(frame.file.path);`
Added settings ctrl to v2 refs #9866 2018-10-12 20:44:02 +03:00			`}`
			`},`

			`download: {`
			`headers: {`
			`disposition: {`
			`type: 'yaml',`
Refactored content-disposition header handling in API v2 (#10374) closes https://github.com/TryGhost/Ghost/issues/10331 - Left only a filename part to be handled by controller configuration, the rest was extracted to more generic headers layer 2019-01-14 21:05:16 +03:00			`value: 'routes.yaml'`
Added settings ctrl to v2 refs #9866 2018-10-12 20:44:02 +03:00			`}`
			`},`
			`response: {`
			`format: 'plain'`
			`},`
			`permissions: {`
			`method: 'browse'`
			`},`
			`query() {`
Moved settings dynamicRouting to routing.settings 2019-06-21 17:34:17 +03:00			`return routing.settings.get();`
Added settings ctrl to v2 refs #9866 2018-10-12 20:44:02 +03:00			`}`
			`}`
			`};`