Ghost/core/server/services/permissions/providers.js

72 lines
2.7 KiB
JavaScript
Raw Normal View History

const _ = require('lodash');
const Promise = require('bluebird');
const models = require('../../models');
const errors = require('@tryghost/errors');
const {i18n} = require('../../lib/common');
module.exports = {
user: function (id) {
return models.User.findOne({id: id}, {withRelated: ['permissions', 'roles', 'roles.permissions']})
.then(function (foundUser) {
// CASE: {context: {user: id}} where the id is not in our database
if (!foundUser) {
return Promise.reject(new errors.NotFoundError({
message: i18n.t('errors.models.user.userNotFound')
}));
}
if (foundUser.get('status') !== 'active') {
return Promise.reject(new errors.UnauthorizedError());
}
const seenPerms = {};
const rolePerms = _.map(foundUser.related('roles').models, function (role) {
return role.related('permissions').models;
});
const allPerms = [];
const user = foundUser.toJSON();
rolePerms.push(foundUser.related('permissions').models);
_.each(rolePerms, function (rolePermGroup) {
_.each(rolePermGroup, function (perm) {
const key = perm.get('action_type') + '-' + perm.get('object_type') + '-' + perm.get('object_id');
// Only add perms once
if (seenPerms[key]) {
return;
}
allPerms.push(perm);
seenPerms[key] = true;
});
});
// @TODO fix this!
// Permissions is an array of models
// Roles is a JSON array
return {permissions: allPerms, roles: user.roles};
🎨 configurable logging with bunyan (#7431) - 🛠 add bunyan and prettyjson, remove morgan - ✨ add logging module - GhostLogger class that handles setup of bunyan - PrettyStream for stdout - ✨ config for logging - @TODO: testing level fatal? - ✨ log each request via GhostLogger (express middleware) - @TODO: add errors to output - 🔥 remove errors.updateActiveTheme - we can read the value from config - 🔥 remove 15 helper functions in core/server/errors/index.js - all these functions get replaced by modules: 1. logging 2. error middleware handling for html/json 3. error creation (which will be part of PR #7477) - ✨ add express error handler for html/json - one true error handler for express responses - contains still some TODO's, but they are not high priority for first implementation/integration - this middleware only takes responsibility of either rendering html responses or return json error responses - 🎨 use new express error handler in middleware/index - 404 and 500 handling - 🎨 return error instead of error message in permissions/index.js - the rule for error handling should be: if you call a unit, this unit should return a custom Ghost error - 🎨 wrap serve static module - rule: if you call a module/unit, you should always wrap this error - it's always the same rule - so the caller never has to worry about what comes back - it's always a clear error instance - in this case: we return our notfounderror if serve static does not find the resource - this avoid having checks everywhere - 🎨 replace usages of errors/index.js functions and adapt tests - use logging.error, logging.warn - make tests green - remove some usages of logging and throwing api errors -> because when a request is involved, logging happens automatically - 🐛 return errorDetails to Ghost-Admin - errorDetails is used for Theme error handling - 🎨 use 500er error for theme is missing error in theme-handler - 🎨 extend file rotation to 1w
2016-10-04 18:33:43 +03:00
});
},
apiKey(id) {
return models.ApiKey.findOne({id}, {withRelated: ['role', 'role.permissions']})
.then((foundApiKey) => {
if (!foundApiKey) {
throw new errors.NotFoundError({
message: i18n.t('errors.models.api_key.apiKeyNotFound')
});
}
// api keys have a belongs_to relationship to a role and no individual permissions
// so there's no need for permission deduplication
const permissions = foundApiKey.related('role').related('permissions').models;
const roles = [foundApiKey.toJSON().role];
return {permissions, roles};
});
}
};