2022-12-01 15:28:37 +03:00
|
|
|
import AuthenticatedRoute from 'ghost-admin/routes/authenticated';
|
|
|
|
import {pluralize} from 'ember-inflector';
|
|
|
|
|
|
|
|
export default class Debug extends AuthenticatedRoute {
|
|
|
|
model(params) {
|
|
|
|
let {post_id: id} = params;
|
|
|
|
|
|
|
|
let query = {
|
|
|
|
id,
|
|
|
|
include: [
|
2022-12-02 12:08:40 +03:00
|
|
|
'tags',
|
|
|
|
'authors',
|
|
|
|
'authors.roles',
|
|
|
|
'email',
|
|
|
|
'tiers',
|
2022-12-02 16:45:06 +03:00
|
|
|
'newsletter'
|
2022-12-01 15:28:37 +03:00
|
|
|
].join(',')
|
|
|
|
};
|
|
|
|
|
|
|
|
return this.store.query('post', query)
|
2022-12-02 12:08:40 +03:00
|
|
|
.then((records) => {
|
|
|
|
return records.get('firstObject');
|
|
|
|
});
|
2022-12-01 15:28:37 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
// the API will return a post even if the logged in user doesn't have
|
|
|
|
// permission to edit it (all posts are public) so we need to do our
|
|
|
|
// own permissions check and redirect if necessary
|
|
|
|
afterModel(post) {
|
|
|
|
super.afterModel(...arguments);
|
|
|
|
|
|
|
|
const user = this.session.user;
|
|
|
|
const returnRoute = pluralize(post.constructor.modelName);
|
|
|
|
|
|
|
|
if (user.isAuthorOrContributor && !post.isAuthoredByUser(user)) {
|
|
|
|
return this.replaceWith(returnRoute);
|
|
|
|
}
|
|
|
|
|
|
|
|
// If the post is not a draft and user is contributor, redirect to index
|
|
|
|
if (user.isContributor && !post.isDraft) {
|
|
|
|
return this.replaceWith(returnRoute);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
serialize(model) {
|
|
|
|
return {
|
|
|
|
post_id: model.id
|
|
|
|
};
|
|
|
|
}
|
|
|
|
}
|