Ghost/core/server/services/permissions/providers.js

const _ = require('lodash');
const Promise = require('bluebird');
const models = require('../../models');
const errors = require('@tryghost/errors');
const i18n = require('../../../shared/i18n');

module.exports = {
    user: function (id) {
        return models.User.findOne({id: id}, {withRelated: ['permissions', 'roles', 'roles.permissions']})
            .then(function (foundUser) {
            // CASE: {context: {user: id}} where the id is not in our database
                if (!foundUser) {
                    return Promise.reject(new errors.NotFoundError({
                        message: i18n.t('errors.models.user.userNotFound')
                    }));
                }

                if (foundUser.get('status') !== 'active') {
                    return Promise.reject(new errors.UnauthorizedError());
                }

                const seenPerms = {};

                const rolePerms = _.map(foundUser.related('roles').models, function (role) {
                    return role.related('permissions').models;
                });

                const allPerms = [];
                const user = foundUser.toJSON();

                rolePerms.push(foundUser.related('permissions').models);

                _.each(rolePerms, function (rolePermGroup) {
                    _.each(rolePermGroup, function (perm) {
                        const key = perm.get('action_type') + '-' + perm.get('object_type') + '-' + perm.get('object_id');

                        // Only add perms once
                        if (seenPerms[key]) {
                            return;
                        }

                        allPerms.push(perm);
                        seenPerms[key] = true;
                    });
                });

                // @TODO fix this!
                // Permissions is an array of models
                // Roles is a JSON array
                return {permissions: allPerms, roles: user.roles};
            });
    },

    apiKey(id) {
        return models.ApiKey.findOne({id}, {withRelated: ['role', 'role.permissions']})
            .then((foundApiKey) => {
                if (!foundApiKey) {
                    throw new errors.NotFoundError({
                        message: i18n.t('errors.models.api_key.apiKeyNotFound')
                    });
                }

                // api keys have a belongs_to relationship to a role and no individual permissions
                // so there's no need for permission deduplication
                const permissions = foundApiKey.related('role').related('permissions').models;
                const roles = [foundApiKey.toJSON().role];

                return {permissions, roles};
            });
    }
};
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted! 2020-04-29 18:44:27 +03:00			`const _ = require('lodash');`
			`const Promise = require('bluebird');`
			`const models = require('../../models');`
Refactor common pattern in service files - Use array destructuring - Use @tryghost/errors - Part of the big move towards decoupling, this gives visibility on what's being used where - Biting off manageable chunks / fixing bits of code I'm refactoring for other reasons 2020-04-30 22:26:12 +03:00			`const errors = require('@tryghost/errors');`
Moved i18n to shared refs https://github.com/TryGhost/Ghost/commit/829e8ed010adf5d0856cdc840c53a447e6b8ac2e - i18n is used everywhere but only requires shared or external packages, therefore it's a good candidate for living in shared - this reduces invalid requires across frontend and server, and lets us use it everywhere until we come up with a better option 2021-05-03 19:29:44 +03:00			`const i18n = require('../../../shared/i18n');`
Add app permission checking to canThis - Pass permissions loading to buildObjectTypeHandlers to eliminate shared state - Load both app and user permissions to check - Check app permissions if present - Create apps table and App model - Move effectiveUserPermissions to permissions/effective - Change permissable interface to take context; user and app. - Add unit tests for app canThis checks and effective permissions 2014-02-12 07:40:39 +04:00
Permissions: minor refactors (#9104) refs #9043 - Cleanups / refactors to make the code more manageable - Move remaining code out of index.js - Only "init" function is left. Actions map cache and init function is based heavily on the settings cache module - refactor the odd way of exporting - This was cleaned up naturally by moving the actionsMap object out - rename "effective" -> "providers" - "Providers" provide permissions for different things that can have permissions (users, apps, in future clients). 2017-10-05 22:01:34 +03:00			`module.exports = {`
Add app permission checking to canThis - Pass permissions loading to buildObjectTypeHandlers to eliminate shared state - Load both app and user permissions to check - Check app permissions if present - Create apps table and App model - Move effectiveUserPermissions to permissions/effective - Change permissable interface to take context; user and app. - Add unit tests for app canThis checks and effective permissions 2014-02-12 07:40:39 +04:00			`user: function (id) {`
Improved password reset and session invalidation for "locked" users (#11790) - Fixed session invalidation for "locked" user - Currently Ghost API was returning 404 for users having status set to "locked". This lead the user to be stuck in Ghost-Admin with "Rousource Not Found" error message. - By returning 401 for non-"active" users it allows for the Ghost-Admin to redirect the user to "signin" screen where they would be instructed to reset their password - Fixed error message returned by session API - Instead of returning generic 'access' denied message when error happens during `User.check` we want to return more specific error thrown inside of the method, e.g.: 'accountLocked' or 'accountSuspended' - Fixed messaging for 'accountLocked' i18n, which not corresponds to the actual UI available to the end user - Added automatic password reset email to locked users on sign-in - uses alternative email for required password reset so it's clear that this is a security related reset and not a user-requested reset - Backported the auto sending of required password reset email to v2 sign-in route - used by 3rd party clients where the email is necessary for users to know why login is failing Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk> 2020-05-05 21:37:53 +03:00			`return models.User.findOne({id: id}, {withRelated: ['permissions', 'roles', 'roles.permissions']})`
Add app permission checking to canThis - Pass permissions loading to buildObjectTypeHandlers to eliminate shared state - Load both app and user permissions to check - Check app permissions if present - Create apps table and App model - Move effectiveUserPermissions to permissions/effective - Change permissable interface to take context; user and app. - Add unit tests for app canThis checks and effective permissions 2014-02-12 07:40:39 +04:00			`.then(function (foundUser) {`
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted! 2020-04-29 18:44:27 +03:00			`// CASE: {context: {user: id}} where the id is not in our database`
improvement: general fixes - add NODE_LEVEL to print errors while running tests - try/catch while parsing translations file - run setup/teardown as promise or callback - some general error improvements 2016-05-25 10:34:46 +03:00			`if (!foundUser) {`
Refactor common pattern in service files - Use array destructuring - Use @tryghost/errors - Part of the big move towards decoupling, this gives visibility on what's being used where - Biting off manageable chunks / fixing bits of code I'm refactoring for other reasons 2020-04-30 22:26:12 +03:00			`return Promise.reject(new errors.NotFoundError({`
			`message: i18n.t('errors.models.user.userNotFound')`
Import lib/common only refs #9178 - avoid importing 4 modules (logging, errors, events and i18n) - simply require common in each file 2017-12-12 00:47:46 +03:00			`}));`
improvement: general fixes - add NODE_LEVEL to print errors while running tests - try/catch while parsing translations file - run setup/teardown as promise or callback - some general error improvements 2016-05-25 10:34:46 +03:00			`}`

Improved password reset and session invalidation for "locked" users (#11790) - Fixed session invalidation for "locked" user - Currently Ghost API was returning 404 for users having status set to "locked". This lead the user to be stuck in Ghost-Admin with "Rousource Not Found" error message. - By returning 401 for non-"active" users it allows for the Ghost-Admin to redirect the user to "signin" screen where they would be instructed to reset their password - Fixed error message returned by session API - Instead of returning generic 'access' denied message when error happens during `User.check` we want to return more specific error thrown inside of the method, e.g.: 'accountLocked' or 'accountSuspended' - Fixed messaging for 'accountLocked' i18n, which not corresponds to the actual UI available to the end user - Added automatic password reset email to locked users on sign-in - uses alternative email for required password reset so it's clear that this is a security related reset and not a user-requested reset - Backported the auto sending of required password reset email to v2 sign-in route - used by 3rd party clients where the email is necessary for users to know why login is failing Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk> 2020-05-05 21:37:53 +03:00			`if (foundUser.get('status') !== 'active') {`
			`return Promise.reject(new errors.UnauthorizedError());`
			`}`

Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted! 2020-04-29 18:44:27 +03:00			`const seenPerms = {};`

			`const rolePerms = _.map(foundUser.related('roles').models, function (role) {`
			`return role.related('permissions').models;`
			`});`

			`const allPerms = [];`
			`const user = foundUser.toJSON();`
Owner has all user permissions closes #3075 - added special treatment for role with name ‚Owner‘ 2014-07-09 15:34:38 +04:00
Add app permission checking to canThis - Pass permissions loading to buildObjectTypeHandlers to eliminate shared state - Load both app and user permissions to check - Check app permissions if present - Create apps table and App model - Move effectiveUserPermissions to permissions/effective - Change permissable interface to take context; user and app. - Add unit tests for app canThis checks and effective permissions 2014-02-12 07:40:39 +04:00			`rolePerms.push(foundUser.related('permissions').models);`

			`_.each(rolePerms, function (rolePermGroup) {`
			`_.each(rolePermGroup, function (perm) {`
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted! 2020-04-29 18:44:27 +03:00			`const key = perm.get('action_type') + '-' + perm.get('object_type') + '-' + perm.get('object_id');`
Add app permission checking to canThis - Pass permissions loading to buildObjectTypeHandlers to eliminate shared state - Load both app and user permissions to check - Check app permissions if present - Create apps table and App model - Move effectiveUserPermissions to permissions/effective - Change permissable interface to take context; user and app. - Add unit tests for app canThis checks and effective permissions 2014-02-12 07:40:39 +04:00
			`// Only add perms once`
			`if (seenPerms[key]) {`
			`return;`
			`}`

			`allPerms.push(perm);`
			`seenPerms[key] = true;`
			`});`
			`});`

Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 12:17:06 +03:00			`// @TODO fix this!`
			`// Permissions is an array of models`
			`// Roles is a JSON array`
Permissions Improvements refs #3083, #3096 In order to implement advanced permissions based on roles for specific actions, we need to know what role the current context user has and also what action we are granting permissions for: - Permissible gets passed the action type - Effective permissions keeps the user role and eventually passes it to permissible - Fixed spelling - Still needs tests 2014-07-23 22:17:29 +04:00			`return {permissions: allPerms, roles: user.roles};`
🎨 configurable logging with bunyan (#7431) - 🛠 add bunyan and prettyjson, remove morgan - ✨ add logging module - GhostLogger class that handles setup of bunyan - PrettyStream for stdout - ✨ config for logging - @TODO: testing level fatal? - ✨ log each request via GhostLogger (express middleware) - @TODO: add errors to output - 🔥 remove errors.updateActiveTheme - we can read the value from config - 🔥 remove 15 helper functions in core/server/errors/index.js - all these functions get replaced by modules: 1. logging 2. error middleware handling for html/json 3. error creation (which will be part of PR #7477) - ✨ add express error handler for html/json - one true error handler for express responses - contains still some TODO's, but they are not high priority for first implementation/integration - this middleware only takes responsibility of either rendering html responses or return json error responses - 🎨 use new express error handler in middleware/index - 404 and 500 handling - 🎨 return error instead of error message in permissions/index.js - the rule for error handling should be: if you call a unit, this unit should return a custom Ghost error - 🎨 wrap serve static module - rule: if you call a module/unit, you should always wrap this error - it's always the same rule - so the caller never has to worry about what comes back - it's always a clear error instance - in this case: we return our notfounderror if serve static does not find the resource - this avoid having checks everywhere - 🎨 replace usages of errors/index.js functions and adapt tests - use logging.error, logging.warn - make tests green - remove some usages of logging and throwing api errors -> because when a request is involved, logging happens automatically - 🐛 return errorDetails to Ghost-Admin - errorDetails is used for Theme error handling - 🎨 use 500er error for theme is missing error in theme-handler - 🎨 extend file rotation to 1w 2016-10-04 18:33:43 +03:00			`});`
Add app permission checking to canThis - Pass permissions loading to buildObjectTypeHandlers to eliminate shared state - Load both app and user permissions to check - Check app permissions if present - Create apps table and App model - Move effectiveUserPermissions to permissions/effective - Change permissable interface to take context; user and app. - Add unit tests for app canThis checks and effective permissions 2014-02-12 07:40:39 +04:00			`},`

Updated permissions service to handle api keys (#9967) refs #9865 - Enabled the permissions module to lookup permissions based on an api_key id. - Updated the "can this" part of the permissions service to load permissions for any api key in the context, and correctly use that to determine whether an action is permissible. It also updates the permissible interface that models can implement to pass in the hasApiKeyPermissions param. 2019-01-18 14:17:12 +03:00			`apiKey(id) {`
			`return models.ApiKey.findOne({id}, {withRelated: ['role', 'role.permissions']})`
			`.then((foundApiKey) => {`
			`if (!foundApiKey) {`
Refactor common pattern in service files - Use array destructuring - Use @tryghost/errors - Part of the big move towards decoupling, this gives visibility on what's being used where - Biting off manageable chunks / fixing bits of code I'm refactoring for other reasons 2020-04-30 22:26:12 +03:00			`throw new errors.NotFoundError({`
			`message: i18n.t('errors.models.api_key.apiKeyNotFound')`
Updated permissions service to handle api keys (#9967) refs #9865 - Enabled the permissions module to lookup permissions based on an api_key id. - Updated the "can this" part of the permissions service to load permissions for any api key in the context, and correctly use that to determine whether an action is permissible. It also updates the permissible interface that models can implement to pass in the hasApiKeyPermissions param. 2019-01-18 14:17:12 +03:00			`});`
			`}`

			`// api keys have a belongs_to relationship to a role and no individual permissions`
			`// so there's no need for permission deduplication`
			`const permissions = foundApiKey.related('role').related('permissions').models;`
			`const roles = [foundApiKey.toJSON().role];`

			`return {permissions, roles};`
			`});`
Add app permission checking to canThis - Pass permissions loading to buildObjectTypeHandlers to eliminate shared state - Load both app and user permissions to check - Check app permissions if present - Create apps table and App model - Move effectiveUserPermissions to permissions/effective - Change permissable interface to take context; user and app. - Add unit tests for app canThis checks and effective permissions 2014-02-12 07:40:39 +04:00			`}`
			`};`