2019-02-04 17:16:24 +03:00
|
|
|
const should = require('should');
|
|
|
|
const supertest = require('supertest');
|
2020-05-27 20:47:53 +03:00
|
|
|
const config = require('../../../../../core/shared/config');
|
2019-02-04 17:16:24 +03:00
|
|
|
const testUtils = require('../../../../utils');
|
|
|
|
const localUtils = require('./utils');
|
|
|
|
const ghost = testUtils.startGhost;
|
|
|
|
|
2020-06-22 14:21:00 +03:00
|
|
|
// NOTE: in future iterations these fields should be fetched from a central module.
|
|
|
|
// Have put a list as is here for the lack of better place for it.
|
2020-06-25 08:13:24 +03:00
|
|
|
const defaultSettingsKeyTypes = [
|
|
|
|
{key: 'title',type: 'blog'},
|
|
|
|
{key: 'description',type: 'blog'},
|
|
|
|
{key: 'logo',type: 'blog'},
|
|
|
|
{key: 'cover_image',type: 'blog'},
|
|
|
|
{key: 'icon',type: 'blog'},
|
|
|
|
{key: 'codeinjection_head',type: 'blog'},
|
|
|
|
{key: 'codeinjection_foot',type: 'blog'},
|
|
|
|
{key: 'facebook',type: 'blog'},
|
|
|
|
{key: 'twitter',type: 'blog'},
|
|
|
|
{key: 'navigation',type: 'blog'},
|
|
|
|
{key: 'secondary_navigation',type: 'blog'},
|
|
|
|
{key: 'meta_title',type: 'blog'},
|
|
|
|
{key: 'meta_description',type: 'blog'},
|
|
|
|
{key: 'og_image',type: 'blog'},
|
|
|
|
{key: 'og_title',type: 'blog'},
|
|
|
|
{key: 'og_description',type: 'blog'},
|
|
|
|
{key: 'twitter_image',type: 'blog'},
|
|
|
|
{key: 'twitter_title',type: 'blog'},
|
|
|
|
{key: 'twitter_description',type: 'blog'},
|
|
|
|
{key: 'active_theme',type: 'theme'},
|
|
|
|
{key: 'is_private',type: 'private'},
|
|
|
|
{key: 'password',type: 'private'},
|
|
|
|
{key: 'public_hash',type: 'private'},
|
|
|
|
{key: 'default_content_visibility',type: 'members'},
|
|
|
|
{key: 'members_subscription_settings',type: 'members'},
|
|
|
|
{key: 'stripe_connect_integration',type: 'members'},
|
|
|
|
{key: 'portal_name',type: 'portal'},
|
|
|
|
{key: 'portal_button',type: 'portal'},
|
|
|
|
{key: 'portal_plans',type: 'portal'},
|
|
|
|
{key: 'bulk_email_settings',type: 'bulk_email'},
|
|
|
|
{key: 'amp',type: 'blog'},
|
|
|
|
{key: 'labs',type: 'blog'},
|
|
|
|
{key: 'slack',type: 'blog'},
|
|
|
|
{key: 'unsplash',type: 'blog'},
|
|
|
|
{key: 'shared_views',type: 'blog'},
|
|
|
|
{key: 'ghost_head',type: 'blog'},
|
|
|
|
{key: 'ghost_foot',type: 'blog'},
|
|
|
|
{key: 'active_timezone',type: 'blog'},
|
|
|
|
{key: 'default_locale',type: 'blog'}
|
2020-06-22 14:21:00 +03:00
|
|
|
];
|
|
|
|
|
2019-10-09 20:37:44 +03:00
|
|
|
describe('Settings API (v2)', function () {
|
2019-02-04 17:16:24 +03:00
|
|
|
let ghostServer;
|
2019-10-09 11:26:54 +03:00
|
|
|
let request;
|
2019-02-04 17:16:24 +03:00
|
|
|
|
2019-10-09 11:26:54 +03:00
|
|
|
describe('As Owner', function () {
|
|
|
|
before(function () {
|
|
|
|
return ghost()
|
|
|
|
.then(function (_ghostServer) {
|
|
|
|
ghostServer = _ghostServer;
|
|
|
|
request = supertest.agent(config.get('url'));
|
|
|
|
})
|
|
|
|
.then(function () {
|
|
|
|
return localUtils.doAuth(request);
|
|
|
|
});
|
|
|
|
});
|
2019-02-04 17:16:24 +03:00
|
|
|
|
2020-06-24 11:01:28 +03:00
|
|
|
it('Can request all settings', function () {
|
|
|
|
return request.get(localUtils.API.getApiQuery(`settings/`))
|
2019-10-09 11:26:54 +03:00
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
2020-06-24 11:01:28 +03:00
|
|
|
.expect(200)
|
|
|
|
.then((res) => {
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
|
|
|
|
|
|
const jsonResponse = res.body;
|
|
|
|
should.exist(jsonResponse.settings);
|
|
|
|
should.exist(jsonResponse.meta);
|
|
|
|
|
|
|
|
jsonResponse.settings.should.be.an.Object();
|
|
|
|
const settings = jsonResponse.settings;
|
|
|
|
|
|
|
|
Object.keys(settings).length.should.equal(39);
|
2020-06-25 08:13:24 +03:00
|
|
|
settings.map(s => ({key: s.key, type: s.type})).should.deepEqual(defaultSettingsKeyTypes);
|
2020-06-24 11:01:28 +03:00
|
|
|
|
|
|
|
localUtils.API.checkResponse(jsonResponse, 'settings');
|
|
|
|
});
|
2019-10-09 11:26:54 +03:00
|
|
|
});
|
2019-02-04 17:16:24 +03:00
|
|
|
|
2020-06-24 11:01:28 +03:00
|
|
|
it('Can request settings by type', function () {
|
|
|
|
return request.get(localUtils.API.getApiQuery(`settings/?type=theme`))
|
2020-06-22 14:21:00 +03:00
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(200)
|
|
|
|
.then((res) => {
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
|
|
|
|
|
|
const jsonResponse = res.body;
|
|
|
|
should.exist(jsonResponse.settings);
|
|
|
|
should.exist(jsonResponse.meta);
|
|
|
|
|
|
|
|
jsonResponse.settings.should.be.an.Object();
|
|
|
|
const settings = jsonResponse.settings;
|
|
|
|
|
2020-06-24 11:01:28 +03:00
|
|
|
Object.keys(settings).length.should.equal(1);
|
|
|
|
settings[0].key.should.equal('active_theme');
|
|
|
|
settings[0].value.should.equal('casper');
|
|
|
|
settings[0].type.should.equal('theme');
|
|
|
|
|
|
|
|
localUtils.API.checkResponse(jsonResponse, 'settings');
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2020-06-25 08:13:24 +03:00
|
|
|
xit('Can not request settings by group, returns all settings instead', function () {
|
2020-06-25 07:32:16 +03:00
|
|
|
return request.get(localUtils.API.getApiQuery(`settings/?group=theme`))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(200)
|
|
|
|
.then((res) => {
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
|
|
|
|
|
|
const jsonResponse = res.body;
|
|
|
|
should.exist(jsonResponse.settings);
|
|
|
|
should.exist(jsonResponse.meta);
|
|
|
|
|
|
|
|
jsonResponse.settings.should.be.an.Object();
|
|
|
|
const settings = jsonResponse.settings;
|
|
|
|
|
|
|
|
Object.keys(settings).length.should.equal(39);
|
2020-06-25 08:13:24 +03:00
|
|
|
settings.map(s => s.key).should.deepEqual(defaultSettingsKeyTypes);
|
2020-06-25 07:32:16 +03:00
|
|
|
|
|
|
|
localUtils.API.checkResponse(jsonResponse, 'settings');
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('Can request settings by type and ignores group ', function () {
|
|
|
|
return request.get(localUtils.API.getApiQuery(`settings/?group=theme&type=private`))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(200)
|
|
|
|
.then((res) => {
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
|
|
|
|
|
|
const jsonResponse = res.body;
|
|
|
|
should.exist(jsonResponse.settings);
|
|
|
|
should.exist(jsonResponse.meta);
|
|
|
|
|
|
|
|
jsonResponse.settings.should.be.an.Object();
|
|
|
|
const settings = jsonResponse.settings;
|
|
|
|
|
|
|
|
Object.keys(settings).length.should.equal(3);
|
|
|
|
settings[0].key.should.equal('is_private');
|
|
|
|
settings[0].value.should.equal(false);
|
|
|
|
settings[0].type.should.equal('private');
|
|
|
|
|
|
|
|
testUtils.API.checkResponseValue(jsonResponse.settings[0], ['id', 'key', 'value', 'type', 'flags', 'created_at', 'updated_at']);
|
|
|
|
localUtils.API.checkResponse(jsonResponse, 'settings');
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2020-06-24 11:01:28 +03:00
|
|
|
it('Requesting core settings type returns no results', function () {
|
|
|
|
return request.get(localUtils.API.getApiQuery(`settings/?type=core`))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(200)
|
|
|
|
.then((res) => {
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
|
|
|
|
|
|
const jsonResponse = res.body;
|
|
|
|
should.exist(jsonResponse.settings);
|
|
|
|
should.exist(jsonResponse.meta);
|
|
|
|
|
|
|
|
jsonResponse.settings.should.be.an.Object();
|
|
|
|
const settings = jsonResponse.settings;
|
|
|
|
|
|
|
|
Object.keys(settings).length.should.equal(0);
|
2020-06-22 14:21:00 +03:00
|
|
|
|
|
|
|
localUtils.API.checkResponse(jsonResponse, 'settings');
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2020-06-24 11:01:28 +03:00
|
|
|
it('Can\'t read core setting', function () {
|
|
|
|
return request
|
|
|
|
.get(localUtils.API.getApiQuery('settings/db_hash/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(403);
|
|
|
|
});
|
|
|
|
|
2019-10-09 11:26:54 +03:00
|
|
|
it('Can\'t read permalinks', function (done) {
|
|
|
|
request.get(localUtils.API.getApiQuery('settings/permalinks/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(404)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
2019-02-04 17:16:24 +03:00
|
|
|
|
2019-10-09 11:26:54 +03:00
|
|
|
done();
|
2020-06-22 14:21:00 +03:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('Can read default_locale deprecated in v3', function (done) {
|
|
|
|
request.get(localUtils.API.getApiQuery('settings/default_locale/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(200)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
|
|
const jsonResponse = res.body;
|
|
|
|
|
|
|
|
should.exist(jsonResponse);
|
|
|
|
should.exist(jsonResponse.settings);
|
|
|
|
|
|
|
|
jsonResponse.settings.length.should.eql(1);
|
|
|
|
|
2020-06-25 07:32:16 +03:00
|
|
|
testUtils.API.checkResponseValue(jsonResponse.settings[0], ['id', 'key', 'value', 'type', 'flags', 'created_at', 'updated_at']);
|
2020-06-22 14:21:00 +03:00
|
|
|
jsonResponse.settings[0].key.should.eql('default_locale');
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('Can read active_timezone deprecated in v3', function (done) {
|
|
|
|
request.get(localUtils.API.getApiQuery('settings/active_timezone/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(200)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
|
|
const jsonResponse = res.body;
|
|
|
|
|
|
|
|
should.exist(jsonResponse);
|
|
|
|
should.exist(jsonResponse.settings);
|
|
|
|
|
|
|
|
jsonResponse.settings.length.should.eql(1);
|
|
|
|
|
2020-06-25 07:32:16 +03:00
|
|
|
testUtils.API.checkResponseValue(jsonResponse.settings[0], ['id', 'key', 'value', 'type', 'flags', 'created_at', 'updated_at']);
|
2020-06-22 14:21:00 +03:00
|
|
|
jsonResponse.settings[0].key.should.eql('active_timezone');
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('Can read ghost_head deprecated in v3', function (done) {
|
|
|
|
request.get(localUtils.API.getApiQuery('settings/ghost_head/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(200)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
|
|
const jsonResponse = res.body;
|
|
|
|
|
|
|
|
should.exist(jsonResponse);
|
|
|
|
should.exist(jsonResponse.settings);
|
|
|
|
|
|
|
|
jsonResponse.settings.length.should.eql(1);
|
|
|
|
|
2020-06-25 07:32:16 +03:00
|
|
|
testUtils.API.checkResponseValue(jsonResponse.settings[0], ['id', 'key', 'value', 'type', 'flags', 'created_at', 'updated_at']);
|
2020-06-22 14:21:00 +03:00
|
|
|
jsonResponse.settings[0].key.should.eql('ghost_head');
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('Can read codeinjection_foot renamed in v3', function (done) {
|
|
|
|
request.get(localUtils.API.getApiQuery('settings/codeinjection_foot/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(200)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
|
|
const jsonResponse = res.body;
|
|
|
|
|
|
|
|
should.exist(jsonResponse);
|
|
|
|
should.exist(jsonResponse.settings);
|
|
|
|
|
|
|
|
jsonResponse.settings.length.should.eql(1);
|
|
|
|
|
2020-06-25 07:32:16 +03:00
|
|
|
testUtils.API.checkResponseValue(jsonResponse.settings[0], ['id', 'key', 'value', 'type', 'flags', 'created_at', 'updated_at']);
|
2020-06-22 14:21:00 +03:00
|
|
|
jsonResponse.settings[0].key.should.eql('codeinjection_foot');
|
|
|
|
done();
|
2019-10-09 11:26:54 +03:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('can\'t read non existent setting', function (done) {
|
|
|
|
request.get(localUtils.API.getApiQuery('settings/testsetting/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.set('Accept', 'application/json')
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(404)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
2020-04-29 18:44:27 +03:00
|
|
|
const jsonResponse = res.body;
|
2019-10-09 11:26:54 +03:00
|
|
|
should.exist(jsonResponse);
|
|
|
|
should.exist(jsonResponse.errors);
|
|
|
|
testUtils.API.checkResponseValue(jsonResponse.errors[0], [
|
|
|
|
'message',
|
|
|
|
'context',
|
|
|
|
'type',
|
|
|
|
'details',
|
|
|
|
'property',
|
|
|
|
'help',
|
|
|
|
'code',
|
|
|
|
'id'
|
|
|
|
]);
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('can toggle member setting', function (done) {
|
|
|
|
request.get(localUtils.API.getApiQuery('settings/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
|
2020-04-29 18:44:27 +03:00
|
|
|
const jsonResponse = res.body;
|
|
|
|
const changedValue = [];
|
|
|
|
|
|
|
|
const settingToChange = {
|
|
|
|
settings: [
|
|
|
|
{
|
|
|
|
key: 'labs',
|
|
|
|
value: '{"subscribers":false,"members":false}'
|
|
|
|
}
|
|
|
|
]
|
|
|
|
};
|
2019-10-09 11:26:54 +03:00
|
|
|
|
|
|
|
should.exist(jsonResponse);
|
|
|
|
should.exist(jsonResponse.settings);
|
|
|
|
|
|
|
|
request.put(localUtils.API.getApiQuery('settings/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.send(settingToChange)
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(200)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
const putBody = res.body;
|
|
|
|
res.headers['x-cache-invalidate'].should.eql('/*');
|
|
|
|
should.exist(putBody);
|
|
|
|
|
|
|
|
putBody.settings[0].key.should.eql('labs');
|
|
|
|
putBody.settings[0].value.should.eql(JSON.stringify({subscribers: false, members: false}));
|
|
|
|
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('can\'t edit permalinks', function (done) {
|
|
|
|
const settingToChange = {
|
|
|
|
settings: [{key: 'permalinks', value: '/:primary_author/:slug/'}]
|
|
|
|
};
|
|
|
|
|
|
|
|
request.put(localUtils.API.getApiQuery('settings/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.send(settingToChange)
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(404)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('can\'t edit non existent setting', function (done) {
|
|
|
|
request.get(localUtils.API.getApiQuery('settings/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.set('Accept', 'application/json')
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
|
2020-04-29 18:44:27 +03:00
|
|
|
let jsonResponse = res.body;
|
|
|
|
const newValue = 'new value';
|
2019-10-09 11:26:54 +03:00
|
|
|
should.exist(jsonResponse);
|
|
|
|
should.exist(jsonResponse.settings);
|
|
|
|
jsonResponse.settings = [{key: 'testvalue', value: newValue}];
|
|
|
|
|
|
|
|
request.put(localUtils.API.getApiQuery('settings/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.send(jsonResponse)
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(404)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
jsonResponse = res.body;
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
|
|
should.exist(jsonResponse.errors);
|
|
|
|
testUtils.API.checkResponseValue(jsonResponse.errors[0], [
|
|
|
|
'message',
|
|
|
|
'context',
|
|
|
|
'type',
|
|
|
|
'details',
|
|
|
|
'property',
|
|
|
|
'help',
|
|
|
|
'code',
|
|
|
|
'id'
|
|
|
|
]);
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('Will transform "1"', function (done) {
|
|
|
|
request.get(localUtils.API.getApiQuery('settings/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
|
2020-04-29 18:44:27 +03:00
|
|
|
const jsonResponse = res.body;
|
|
|
|
|
|
|
|
const settingToChange = {
|
|
|
|
settings: [
|
|
|
|
{
|
|
|
|
key: 'is_private',
|
|
|
|
value: '1'
|
|
|
|
}
|
|
|
|
]
|
|
|
|
};
|
2019-10-09 11:26:54 +03:00
|
|
|
|
|
|
|
should.exist(jsonResponse);
|
|
|
|
should.exist(jsonResponse.settings);
|
2019-02-04 17:16:24 +03:00
|
|
|
|
2019-10-09 11:26:54 +03:00
|
|
|
request.put(localUtils.API.getApiQuery('settings/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.send(settingToChange)
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(200)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
const putBody = res.body;
|
|
|
|
res.headers['x-cache-invalidate'].should.eql('/*');
|
|
|
|
should.exist(putBody);
|
|
|
|
|
|
|
|
putBody.settings[0].key.should.eql('is_private');
|
|
|
|
putBody.settings[0].value.should.eql(true);
|
|
|
|
|
|
|
|
localUtils.API.checkResponse(putBody, 'settings');
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
2019-02-04 17:16:24 +03:00
|
|
|
});
|
|
|
|
|
2019-10-09 11:26:54 +03:00
|
|
|
describe('As Admin', function () {
|
|
|
|
before(function () {
|
|
|
|
return ghost()
|
|
|
|
.then(function (_ghostServer) {
|
|
|
|
ghostServer = _ghostServer;
|
|
|
|
request = supertest.agent(config.get('url'));
|
|
|
|
})
|
|
|
|
.then(function () {
|
|
|
|
// create admin
|
|
|
|
return testUtils.createUser({
|
|
|
|
user: testUtils.DataGenerator.forKnex.createUser({email: 'admin+1@ghost.org'}),
|
|
|
|
role: testUtils.DataGenerator.Content.roles[0].name
|
2019-02-04 17:16:24 +03:00
|
|
|
});
|
2019-10-09 11:26:54 +03:00
|
|
|
})
|
|
|
|
.then(function (admin) {
|
|
|
|
request.user = admin;
|
|
|
|
|
|
|
|
// by default we login with the owner
|
|
|
|
return localUtils.doAuth(request);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2019-10-10 00:24:40 +03:00
|
|
|
it('cannot toggle member setting', function (done) {
|
2019-10-09 11:26:54 +03:00
|
|
|
const settingToChange = {
|
|
|
|
settings: [
|
|
|
|
{
|
|
|
|
key: 'labs',
|
|
|
|
value: '{"subscribers":false,"members":true}'
|
|
|
|
}
|
|
|
|
]
|
|
|
|
};
|
|
|
|
|
|
|
|
request.put(localUtils.API.getApiQuery('settings/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.send(settingToChange)
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(403)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
2019-02-04 17:16:24 +03:00
|
|
|
});
|
2019-03-06 14:56:26 +03:00
|
|
|
|
2019-10-09 11:26:54 +03:00
|
|
|
describe('As Editor', function () {
|
|
|
|
let editor;
|
|
|
|
|
|
|
|
before(function () {
|
|
|
|
return ghost()
|
|
|
|
.then(function (_ghostServer) {
|
|
|
|
ghostServer = _ghostServer;
|
|
|
|
request = supertest.agent(config.get('url'));
|
|
|
|
})
|
|
|
|
.then(function () {
|
|
|
|
// create editor
|
|
|
|
return testUtils.createUser({
|
|
|
|
user: testUtils.DataGenerator.forKnex.createUser({email: 'test+1@ghost.org'}),
|
|
|
|
role: testUtils.DataGenerator.Content.roles[1].name
|
|
|
|
});
|
|
|
|
})
|
|
|
|
.then(function (_user1) {
|
|
|
|
editor = _user1;
|
|
|
|
request.user = editor;
|
|
|
|
|
|
|
|
// by default we login with the owner
|
|
|
|
return localUtils.doAuth(request);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should not be able to edit settings', function (done) {
|
|
|
|
request.get(localUtils.API.getApiQuery('settings/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.set('Accept', 'application/json')
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
|
2020-04-29 18:44:27 +03:00
|
|
|
let jsonResponse = res.body;
|
|
|
|
const newValue = 'new value';
|
2019-10-09 11:26:54 +03:00
|
|
|
should.exist(jsonResponse);
|
|
|
|
should.exist(jsonResponse.settings);
|
|
|
|
jsonResponse.settings = [{key: 'visibility', value: 'public'}];
|
|
|
|
|
|
|
|
request.put(localUtils.API.getApiQuery('settings/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.send(jsonResponse)
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(403)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
2019-03-06 14:56:26 +03:00
|
|
|
}
|
2019-10-09 11:26:54 +03:00
|
|
|
|
|
|
|
jsonResponse = res.body;
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
|
|
should.exist(jsonResponse.errors);
|
|
|
|
testUtils.API.checkResponseValue(jsonResponse.errors[0], [
|
|
|
|
'message',
|
|
|
|
'context',
|
|
|
|
'type',
|
|
|
|
'details',
|
|
|
|
'property',
|
|
|
|
'help',
|
|
|
|
'code',
|
|
|
|
'id'
|
|
|
|
]);
|
|
|
|
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
describe('As Author', function () {
|
|
|
|
before(function () {
|
|
|
|
return ghost()
|
|
|
|
.then(function (_ghostServer) {
|
|
|
|
ghostServer = _ghostServer;
|
|
|
|
request = supertest.agent(config.get('url'));
|
|
|
|
})
|
|
|
|
.then(function () {
|
|
|
|
// create author
|
|
|
|
return testUtils.createUser({
|
|
|
|
user: testUtils.DataGenerator.forKnex.createUser({email: 'test+2@ghost.org'}),
|
|
|
|
role: testUtils.DataGenerator.Content.roles[2].name
|
2019-03-06 14:56:26 +03:00
|
|
|
});
|
2019-10-09 11:26:54 +03:00
|
|
|
})
|
|
|
|
.then(function (author) {
|
|
|
|
request.user = author;
|
|
|
|
|
|
|
|
// by default we login with the owner
|
|
|
|
return localUtils.doAuth(request);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should not be able to edit settings', function (done) {
|
|
|
|
request.get(localUtils.API.getApiQuery('settings/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.set('Accept', 'application/json')
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
|
2020-04-29 18:44:27 +03:00
|
|
|
let jsonResponse = res.body;
|
|
|
|
const newValue = 'new value';
|
2019-10-09 11:26:54 +03:00
|
|
|
should.exist(jsonResponse);
|
|
|
|
should.exist(jsonResponse.settings);
|
|
|
|
jsonResponse.settings = [{key: 'visibility', value: 'public'}];
|
|
|
|
|
|
|
|
request.put(localUtils.API.getApiQuery('settings/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.send(jsonResponse)
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(403)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
jsonResponse = res.body;
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
|
|
should.exist(jsonResponse.errors);
|
|
|
|
testUtils.API.checkResponseValue(jsonResponse.errors[0], [
|
|
|
|
'message',
|
|
|
|
'context',
|
|
|
|
'type',
|
|
|
|
'details',
|
|
|
|
'property',
|
|
|
|
'help',
|
|
|
|
'code',
|
|
|
|
'id'
|
|
|
|
]);
|
|
|
|
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
2019-03-06 14:56:26 +03:00
|
|
|
});
|
2019-02-04 17:16:24 +03:00
|
|
|
});
|