Ghost/core/server/api/roles.js

// # Roles API
// RESTful API for the Role resource
var Promise         = require('bluebird'),
    canThis         = require('../permissions').canThis,
    dataProvider    = require('../models'),
    errors          = require('../errors'),
    pipeline        = require('../utils/pipeline'),
    utils           = require('./utils'),
    docName         = 'roles',

    roles;

/**
 * ## Roles API Methods
 *
 * **See:** [API Methods](index.js.html#api%20methods)
 */
roles = {
    /**
     * ### Browse
     * Find all roles
     *
     * If a 'permissions' property is passed in the options object then
     * the results will be filtered based on whether or not the context user has the given
     * permission on a role.
     *
     *
     * @public
     * @param {{context, permissions}} options (optional)
     * @returns {Promise(Roles)} Roles Collection
     */
    browse: function browse(options) {
        var tasks;

        /**
         * ### Handle Permissions
         * We need to be an authorised user.
         * @param {Object} options
         * @returns {Object} options
         */
        function handlePermissions(options) {
            return canThis(options.context).browse.role().then(function () {
                return options;
            }).catch(function handleError(error) {
                return errors.handleAPIError(error, 'You do not have permission to browse roles.');
            });
        }

        /**
         * ### Model Query
         * Make the call to the Model layer
         * @param {Object} options
         * @returns {Object} options
         */
        function modelQuery(options) {
            return dataProvider.Role.findAll(options);
        }

        // Push all of our tasks into a `tasks` array in the correct order
        tasks = [utils.validate(docName), handlePermissions, modelQuery];

        // Pipeline calls each task passing the result of one to be the arguments for the next
        return pipeline(tasks, options).then(function formatResponse(results) {
            var roles = results.map(function (r) {
                return r.toJSON();
            });

            if (options.permissions !== 'assign') {
                return {roles: roles};
            }

            return Promise.filter(roles.map(function (role) {
                return canThis(options.context).assign.role(role)
                    .return(role)
                    .catch(function () {});
            }), function (value) {
                return value && value.name !== 'Owner';
            }).then(function (roles) {
                return {roles: roles};
            });
        });
    }
};

module.exports = roles;
Improve handling of users and roles in admin Closes #3083 Refs #3229 - Populates the dropdown list in the invite user menu with the list of roles a user is permitted to create. - Users API now checks the invite user request for allowed roles. - Change API response from 200 to 201 on successful invitation. - Change API response from 500 to 201 when the user was created but the email was not sent. The client will show a warning notification when it sees 'invite-pending' as the new user's status. - Add support for "?status=all" to the /users endpoint. - Refactor the route and controller for the /settings/users page so that there's only one network API call to load users instead of two. 2014-07-23 10:13:20 +04:00			`// # Roles API`
			`// RESTful API for the Role resource`
Replace the when promise library with bluebird. Closes #968 2014-08-17 10:17:23 +04:00			`var Promise = require('bluebird'),`
Added /roles/ API endpoint Closes #3196 * adds `/roles/` endpoint * is given the current user as context * wraps everything in a canthis.browse.role * gets all the available roles (should "Owner" be filtered out?) * optional parameter: `permission=assign`. Gets all roles authenticated user could assign * if we're not signed in, gives a "please sign in" (standard) error * if we're signed in, but user is not in the context, gives a "there was no user in the context" error * if the user is an "Author", gives a "there are no available roles to assign" error * implemented hacky filter because when.js produces heisenbugs past 3.2.3 (when.filter not available) * added extra fixtures to `permissions.json`. Might need a migration. Caveats: * there are no tests * for some reason the setup functional test was failing for me locally 2014-07-15 19:22:06 +04:00			`canThis = require('../permissions').canThis,`
			`dataProvider = require('../models'),`
			`errors = require('../errors'),`
Pipeline roles and slugs API refs #5508 2015-07-02 17:38:31 +03:00			`pipeline = require('../utils/pipeline'),`
			`utils = require('./utils'),`
			`docName = 'roles',`
Added /roles/ API endpoint Closes #3196 * adds `/roles/` endpoint * is given the current user as context * wraps everything in a canthis.browse.role * gets all the available roles (should "Owner" be filtered out?) * optional parameter: `permission=assign`. Gets all roles authenticated user could assign * if we're not signed in, gives a "please sign in" (standard) error * if we're signed in, but user is not in the context, gives a "there was no user in the context" error * if the user is an "Author", gives a "there are no available roles to assign" error * implemented hacky filter because when.js produces heisenbugs past 3.2.3 (when.filter not available) * added extra fixtures to `permissions.json`. Might need a migration. Caveats: * there are no tests * for some reason the setup functional test was failing for me locally 2014-07-15 19:22:06 +04:00
			`roles;`

			`/**`
			`* ## Roles API Methods`
			`*`
			`* See: [API Methods](index.js.html#api%20methods)`
			`*/`
			`roles = {`
			`/**`
			`* ### Browse`
			`* Find all roles`
			`*`
Improve handling of users and roles in admin Closes #3083 Refs #3229 - Populates the dropdown list in the invite user menu with the list of roles a user is permitted to create. - Users API now checks the invite user request for allowed roles. - Change API response from 200 to 201 on successful invitation. - Change API response from 500 to 201 when the user was created but the email was not sent. The client will show a warning notification when it sees 'invite-pending' as the new user's status. - Add support for "?status=all" to the /users endpoint. - Refactor the route and controller for the /settings/users page so that there's only one network API call to load users instead of two. 2014-07-23 10:13:20 +04:00			`* If a 'permissions' property is passed in the options object then`
			`* the results will be filtered based on whether or not the context user has the given`
			`* permission on a role.`
Added /roles/ API endpoint Closes #3196 * adds `/roles/` endpoint * is given the current user as context * wraps everything in a canthis.browse.role * gets all the available roles (should "Owner" be filtered out?) * optional parameter: `permission=assign`. Gets all roles authenticated user could assign * if we're not signed in, gives a "please sign in" (standard) error * if we're signed in, but user is not in the context, gives a "there was no user in the context" error * if the user is an "Author", gives a "there are no available roles to assign" error * implemented hacky filter because when.js produces heisenbugs past 3.2.3 (when.filter not available) * added extra fixtures to `permissions.json`. Might need a migration. Caveats: * there are no tests * for some reason the setup functional test was failing for me locally 2014-07-15 19:22:06 +04:00			`*`
			`*`
			`* @public`
Improve handling of users and roles in admin Closes #3083 Refs #3229 - Populates the dropdown list in the invite user menu with the list of roles a user is permitted to create. - Users API now checks the invite user request for allowed roles. - Change API response from 200 to 201 on successful invitation. - Change API response from 500 to 201 when the user was created but the email was not sent. The client will show a warning notification when it sees 'invite-pending' as the new user's status. - Add support for "?status=all" to the /users endpoint. - Refactor the route and controller for the /settings/users page so that there's only one network API call to load users instead of two. 2014-07-23 10:13:20 +04:00			`* @param {{context, permissions}} options (optional)`
Added /roles/ API endpoint Closes #3196 * adds `/roles/` endpoint * is given the current user as context * wraps everything in a canthis.browse.role * gets all the available roles (should "Owner" be filtered out?) * optional parameter: `permission=assign`. Gets all roles authenticated user could assign * if we're not signed in, gives a "please sign in" (standard) error * if we're signed in, but user is not in the context, gives a "there was no user in the context" error * if the user is an "Author", gives a "there are no available roles to assign" error * implemented hacky filter because when.js produces heisenbugs past 3.2.3 (when.filter not available) * added extra fixtures to `permissions.json`. Might need a migration. Caveats: * there are no tests * for some reason the setup functional test was failing for me locally 2014-07-15 19:22:06 +04:00			`* @returns {Promise(Roles)} Roles Collection`
			`*/`
			`browse: function browse(options) {`
Pipeline roles and slugs API refs #5508 2015-07-02 17:38:31 +03:00			`var tasks;`
Added /roles/ API endpoint Closes #3196 * adds `/roles/` endpoint * is given the current user as context * wraps everything in a canthis.browse.role * gets all the available roles (should "Owner" be filtered out?) * optional parameter: `permission=assign`. Gets all roles authenticated user could assign * if we're not signed in, gives a "please sign in" (standard) error * if we're signed in, but user is not in the context, gives a "there was no user in the context" error * if the user is an "Author", gives a "there are no available roles to assign" error * implemented hacky filter because when.js produces heisenbugs past 3.2.3 (when.filter not available) * added extra fixtures to `permissions.json`. Might need a migration. Caveats: * there are no tests * for some reason the setup functional test was failing for me locally 2014-07-15 19:22:06 +04:00
Pipeline roles and slugs API refs #5508 2015-07-02 17:38:31 +03:00			`/**`
			`* ### Handle Permissions`
			`* We need to be an authorised user.`
			`* @param {Object} options`
			`* @returns {Object} options`
			`*/`
			`function handlePermissions(options) {`
			`return canThis(options.context).browse.role().then(function () {`
			`return options;`
			`}).catch(function handleError(error) {`
			`return errors.handleAPIError(error, 'You do not have permission to browse roles.');`
			`});`
			`}`

			`/**`
			`* ### Model Query`
			`* Make the call to the Model layer`
			`* @param {Object} options`
			`* @returns {Object} options`
			`*/`
			`function modelQuery(options) {`
			`return dataProvider.Role.findAll(options);`
			`}`

			// Push all of our tasks into a `tasks` array in the correct order
			`tasks = [utils.validate(docName), handlePermissions, modelQuery];`

			`// Pipeline calls each task passing the result of one to be the arguments for the next`
			`return pipeline(tasks, options).then(function formatResponse(results) {`
			`var roles = results.map(function (r) {`
			`return r.toJSON();`
			`});`
Added /roles/ API endpoint Closes #3196 * adds `/roles/` endpoint * is given the current user as context * wraps everything in a canthis.browse.role * gets all the available roles (should "Owner" be filtered out?) * optional parameter: `permission=assign`. Gets all roles authenticated user could assign * if we're not signed in, gives a "please sign in" (standard) error * if we're signed in, but user is not in the context, gives a "there was no user in the context" error * if the user is an "Author", gives a "there are no available roles to assign" error * implemented hacky filter because when.js produces heisenbugs past 3.2.3 (when.filter not available) * added extra fixtures to `permissions.json`. Might need a migration. Caveats: * there are no tests * for some reason the setup functional test was failing for me locally 2014-07-15 19:22:06 +04:00
Pipeline roles and slugs API refs #5508 2015-07-02 17:38:31 +03:00			`if (options.permissions !== 'assign') {`
			`return {roles: roles};`
			`}`
Fix up filtering implementation 2015-05-11 04:48:32 +03:00
Pipeline roles and slugs API refs #5508 2015-07-02 17:38:31 +03:00			`return Promise.filter(roles.map(function (role) {`
			`return canThis(options.context).assign.role(role)`
Fix up filtering implementation 2015-05-11 04:48:32 +03:00			`.return(role)`
			`.catch(function () {});`
Pipeline roles and slugs API refs #5508 2015-07-02 17:38:31 +03:00			`}), function (value) {`
			`return value && value.name !== 'Owner';`
			`}).then(function (roles) {`
			`return {roles: roles};`
Added /roles/ API endpoint Closes #3196 * adds `/roles/` endpoint * is given the current user as context * wraps everything in a canthis.browse.role * gets all the available roles (should "Owner" be filtered out?) * optional parameter: `permission=assign`. Gets all roles authenticated user could assign * if we're not signed in, gives a "please sign in" (standard) error * if we're signed in, but user is not in the context, gives a "there was no user in the context" error * if the user is an "Author", gives a "there are no available roles to assign" error * implemented hacky filter because when.js produces heisenbugs past 3.2.3 (when.filter not available) * added extra fixtures to `permissions.json`. Might need a migration. Caveats: * there are no tests * for some reason the setup functional test was failing for me locally 2014-07-15 19:22:06 +04:00			`});`
Pipeline roles and slugs API refs #5508 2015-07-02 17:38:31 +03:00			`});`
Added /roles/ API endpoint Closes #3196 * adds `/roles/` endpoint * is given the current user as context * wraps everything in a canthis.browse.role * gets all the available roles (should "Owner" be filtered out?) * optional parameter: `permission=assign`. Gets all roles authenticated user could assign * if we're not signed in, gives a "please sign in" (standard) error * if we're signed in, but user is not in the context, gives a "there was no user in the context" error * if the user is an "Author", gives a "there are no available roles to assign" error * implemented hacky filter because when.js produces heisenbugs past 3.2.3 (when.filter not available) * added extra fixtures to `permissions.json`. Might need a migration. Caveats: * there are no tests * for some reason the setup functional test was failing for me locally 2014-07-15 19:22:06 +04:00			`}`
			`};`

			`module.exports = roles;`