Ghost/core/server/models/subscriber.js

'use strict';

const Promise = require('bluebird'),
    ghostBookshelf = require('./base'),
    common = require('../lib/common');

let Subscriber,
    Subscribers;

Subscriber = ghostBookshelf.Model.extend({
    tableName: 'subscribers',

    emitChange: function emitChange(event, options) {
        const eventToTrigger = 'subscriber' + '.' + event;
        ghostBookshelf.Model.prototype.emitChange.bind(this)(this, eventToTrigger, options);
    },

    defaults: function defaults() {
        return {
            status: 'subscribed'
        };
    },

    onCreated: function onCreated(model, response, options) {
        model.emitChange('added', options);
    },

    onUpdated: function onUpdated(model, response, options) {
        model.emitChange('edited', options);
    },

    onDestroyed: function onDestroyed(model, options) {
        model.emitChange('deleted', options);
    }
}, {

    orderDefaultOptions: function orderDefaultOptions() {
        return {};
    },
    /**
     * @deprecated in favour of filter
     */
    processOptions: function processOptions(options) {
        return options;
    },

    permittedOptions: function permittedOptions(methodName) {
        var options = ghostBookshelf.Model.permittedOptions(),

            // whitelists for the `options` hash argument on methods, by method name.
            // these are the only options that can be passed to Bookshelf / Knex.
            validOptions = {
                findPage: ['page', 'limit', 'columns', 'filter', 'order'],
                findAll: ['columns']
            };

        if (validOptions[methodName]) {
            options = options.concat(validOptions[methodName]);
        }

        return options;
    },

    permissible: function permissible(postModelOrId, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasAppPermission) {
        // CASE: external is only allowed to add and edit subscribers
        if (context.external) {
            if (['add', 'edit'].indexOf(action) !== -1) {
                return Promise.resolve();
            }
        }

        if (hasUserPermission && hasAppPermission) {
            return Promise.resolve();
        }

        return Promise.reject(new common.errors.NoPermissionError({message: common.i18n.t('errors.models.subscriber.notEnoughPermission')}));
    },

    // TODO: This is a copy paste of models/user.js!
    getByEmail: function getByEmail(email, unfilteredOptions) {
        var options = ghostBookshelf.Model.filterOptions(unfilteredOptions, 'getByEmail');
        options.require = true;

        return Subscribers.forge().fetch(options).then(function then(subscribers) {
            var subscriberWithEmail = subscribers.find(function findSubscriber(subscriber) {
                return subscriber.get('email').toLowerCase() === email.toLowerCase();
            });

            if (subscriberWithEmail) {
                return subscriberWithEmail;
            }
        }).catch(function (error) {
            if (error.message === 'NotFound' || error.message === 'EmptyResponse') {
                return Promise.resolve();
            }

            return Promise.reject(error);
        });
    }
});

Subscribers = ghostBookshelf.Collection.extend({
    model: Subscriber
});

module.exports = {
    Subscriber: ghostBookshelf.model('Subscriber', Subscriber),
    Subscribers: ghostBookshelf.collection('Subscriber', Subscribers)
};
Fixed model events and transactions (#9524) no issue - if multiple queries run in a transaction, the model events are triggered before the txn finished - if the txn rolls back, the events are anyway emitted - the events are triggered too early - solution: - `emitChange` needs to detect that a transaction is happening - it listens on a txn event to determine if events should be triggered 2018-04-06 19:19:45 +03:00			`'use strict';`

			`const Promise = require('bluebird'),`
Import lib/common only refs #9178 - avoid importing 4 modules (logging, errors, events and i18n) - simply require common in each file 2017-12-12 00:47:46 +03:00			`ghostBookshelf = require('./base'),`
Fixed model events and transactions (#9524) no issue - if multiple queries run in a transaction, the model events are triggered before the txn finished - if the txn rolls back, the events are anyway emitted - the events are triggered too early - solution: - `emitChange` needs to detect that a transaction is happening - it listens on a txn event to determine if events should be triggered 2018-04-06 19:19:45 +03:00			`common = require('../lib/common');`

			`let Subscriber,`
Subscribers: Model, API & CSV import/export - subscriber model - subscriber app updates - subscriber end points - import/export CSV - added headers to export file - added dynamic email field detection for import - returns stats object after CSV import - mask error message from DB 2016-04-14 23:44:05 +03:00			`Subscribers;`

			`Subscriber = ghostBookshelf.Model.extend({`
Subscribers: finish permission handling no issue - add some more tests, optimise tests and finish tests - subscriber model checks external context permissions in permissible fn - add missing permissions for subscriber csv 2016-04-29 13:58:40 +03:00			`tableName: 'subscribers',`

Webhooks support for subscriber events (#9230) no issue Support for http://resthooks.org style webhooks that can be used with Zapier triggers. This can currently be used in two ways: a) adding a webhook record to the DB manually b) using the API with password auth and POSTing to /webhooks/ (this is private API so not documented) ⚠️ only _https_ URLs are supported in the webhook `target_url` field 🚨 - add `webhooks` table to store event names and target urls - add `POST` and `DELETE` endpoints for `/webhooks/` - configure `subscribers.added` and `subscribers.deleted` events to trigger registered webhooks 2017-11-21 18:43:14 +03:00			`emitChange: function emitChange(event, options) {`
Fixed model events and transactions (#9524) no issue - if multiple queries run in a transaction, the model events are triggered before the txn finished - if the txn rolls back, the events are anyway emitted - the events are triggered too early - solution: - `emitChange` needs to detect that a transaction is happening - it listens on a txn event to determine if events should be triggered 2018-04-06 19:19:45 +03:00			`const eventToTrigger = 'subscriber' + '.' + event;`
			`ghostBookshelf.Model.prototype.emitChange.bind(this)(this, eventToTrigger, options);`
Subscribers: finish permission handling no issue - add some more tests, optimise tests and finish tests - subscriber model checks external context permissions in permissible fn - add missing permissions for subscriber csv 2016-04-29 13:58:40 +03:00			`},`
🎨 register events in base model (#7560) refs #7432 - all models implemented it's own initialize fn to register events - we can register all events in the base model - important: we only listen on the event, if the model has defined a hook for it - this is just a small clean up PR - register more bookshelf events 2016-10-14 15:37:01 +03:00
Subscribers: finish permission handling no issue - add some more tests, optimise tests and finish tests - subscriber model checks external context permissions in permissible fn - add missing permissions for subscriber csv 2016-04-29 13:58:40 +03:00			`defaults: function defaults() {`
			`return {`
			`status: 'subscribed'`
			`};`
			`},`
🎨 register events in base model (#7560) refs #7432 - all models implemented it's own initialize fn to register events - we can register all events in the base model - important: we only listen on the event, if the model has defined a hook for it - this is just a small clean up PR - register more bookshelf events 2016-10-14 15:37:01 +03:00
Webhooks support for subscriber events (#9230) no issue Support for http://resthooks.org style webhooks that can be used with Zapier triggers. This can currently be used in two ways: a) adding a webhook record to the DB manually b) using the API with password auth and POSTing to /webhooks/ (this is private API so not documented) ⚠️ only _https_ URLs are supported in the webhook `target_url` field 🚨 - add `webhooks` table to store event names and target urls - add `POST` and `DELETE` endpoints for `/webhooks/` - configure `subscribers.added` and `subscribers.deleted` events to trigger registered webhooks 2017-11-21 18:43:14 +03:00			`onCreated: function onCreated(model, response, options) {`
			`model.emitChange('added', options);`
🎨 register events in base model (#7560) refs #7432 - all models implemented it's own initialize fn to register events - we can register all events in the base model - important: we only listen on the event, if the model has defined a hook for it - this is just a small clean up PR - register more bookshelf events 2016-10-14 15:37:01 +03:00			`},`

Webhooks support for subscriber events (#9230) no issue Support for http://resthooks.org style webhooks that can be used with Zapier triggers. This can currently be used in two ways: a) adding a webhook record to the DB manually b) using the API with password auth and POSTing to /webhooks/ (this is private API so not documented) ⚠️ only _https_ URLs are supported in the webhook `target_url` field 🚨 - add `webhooks` table to store event names and target urls - add `POST` and `DELETE` endpoints for `/webhooks/` - configure `subscribers.added` and `subscribers.deleted` events to trigger registered webhooks 2017-11-21 18:43:14 +03:00			`onUpdated: function onUpdated(model, response, options) {`
			`model.emitChange('edited', options);`
🎨 register events in base model (#7560) refs #7432 - all models implemented it's own initialize fn to register events - we can register all events in the base model - important: we only listen on the event, if the model has defined a hook for it - this is just a small clean up PR - register more bookshelf events 2016-10-14 15:37:01 +03:00			`},`

Fixed model events and transactions (#9524) no issue - if multiple queries run in a transaction, the model events are triggered before the txn finished - if the txn rolls back, the events are anyway emitted - the events are triggered too early - solution: - `emitChange` needs to detect that a transaction is happening - it listens on a txn event to determine if events should be triggered 2018-04-06 19:19:45 +03:00			`onDestroyed: function onDestroyed(model, options) {`
Webhooks support for subscriber events (#9230) no issue Support for http://resthooks.org style webhooks that can be used with Zapier triggers. This can currently be used in two ways: a) adding a webhook record to the DB manually b) using the API with password auth and POSTing to /webhooks/ (this is private API so not documented) ⚠️ only _https_ URLs are supported in the webhook `target_url` field 🚨 - add `webhooks` table to store event names and target urls - add `POST` and `DELETE` endpoints for `/webhooks/` - configure `subscribers.added` and `subscribers.deleted` events to trigger registered webhooks 2017-11-21 18:43:14 +03:00			`model.emitChange('deleted', options);`
Subscribers: finish permission handling no issue - add some more tests, optimise tests and finish tests - subscriber model checks external context permissions in permissible fn - add missing permissions for subscriber csv 2016-04-29 13:58:40 +03:00			`}`
Subscribers: Model, API & CSV import/export - subscriber model - subscriber app updates - subscriber end points - import/export CSV - added headers to export file - added dynamic email field detection for import - returns stats object after CSV import - mask error message from DB 2016-04-14 23:44:05 +03:00			`}, {`

			`orderDefaultOptions: function orderDefaultOptions() {`
			`return {};`
			`},`
			`/**`
			`* @deprecated in favour of filter`
			`*/`
			`processOptions: function processOptions(options) {`
			`return options;`
			`},`

			`permittedOptions: function permittedOptions(methodName) {`
			`var options = ghostBookshelf.Model.permittedOptions(),`

			// whitelists for the `options` hash argument on methods, by method name.
			`// these are the only options that can be passed to Bookshelf / Knex.`
			`validOptions = {`
			`findPage: ['page', 'limit', 'columns', 'filter', 'order'],`
			`findAll: ['columns']`
			`};`

			`if (validOptions[methodName]) {`
			`options = options.concat(validOptions[methodName]);`
			`}`

			`return options;`
Subscribers: finish permission handling no issue - add some more tests, optimise tests and finish tests - subscriber model checks external context permissions in permissible fn - add missing permissions for subscriber csv 2016-04-29 13:58:40 +03:00			`},`

Support for attribute-based permissions (#9025) refs #8602 - Add the wiring to pass attributes around the permission system - Allows us to get access to the important "unsafe" attributes that are changing - E.g. status for posts - This can then be used to determine whether a user has permission to perform an attribute-based action - E.g. publish a post (change status) 2017-09-26 19:06:14 +03:00			`permissible: function permissible(postModelOrId, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasAppPermission) {`
Subscribers: finish permission handling no issue - add some more tests, optimise tests and finish tests - subscriber model checks external context permissions in permissible fn - add missing permissions for subscriber csv 2016-04-29 13:58:40 +03:00			`// CASE: external is only allowed to add and edit subscribers`
			`if (context.external) {`
			`if (['add', 'edit'].indexOf(action) !== -1) {`
			`return Promise.resolve();`
			`}`
			`}`
Subscribers: Model, API & CSV import/export - subscriber model - subscriber app updates - subscriber end points - import/export CSV - added headers to export file - added dynamic email field detection for import - returns stats object after CSV import - mask error message from DB 2016-04-14 23:44:05 +03:00
Subscribers: finish permission handling no issue - add some more tests, optimise tests and finish tests - subscriber model checks external context permissions in permissible fn - add missing permissions for subscriber csv 2016-04-29 13:58:40 +03:00			`if (hasUserPermission && hasAppPermission) {`
			`return Promise.resolve();`
			`}`

Import lib/common only refs #9178 - avoid importing 4 modules (logging, errors, events and i18n) - simply require common in each file 2017-12-12 00:47:46 +03:00			`return Promise.reject(new common.errors.NoPermissionError({message: common.i18n.t('errors.models.subscriber.notEnoughPermission')}));`
Subscribers: Error Handling for adding subscribers no issue - do not expose information about adding subscribers 2016-05-08 17:49:12 +03:00			`},`

			`// TODO: This is a copy paste of models/user.js!`
Sorted out the mixed usages of `include` and `withRelated` (#9425) no issue - this commit cleans up the usages of `include` and `withRelated`. ### API layer (`include`) - as request parameter e.g. `?include=roles,tags` - as theme API parameter e.g. `{{get .... include="author"}}` - as internal API access e.g. `api.posts.browse({include: 'author,tags'})` - the `include` notation is more readable than `withRelated` - and it allows us to use a different easier format (comma separated list) - the API utility transforms these more readable properties into model style (or into Ghost style) ### Model access (`withRelated`) - e.g. `models.Post.findPage({withRelated: ['tags']})` - driven by bookshelf --- Commits explained. * Reorder the usage of `convertOptions` - 1. validation - 2. options convertion - 3. permissions - the reason is simple, the permission layer access the model layer - we have to prepare the options before talking to the model layer - added `convertOptions` where it was missed (not required, but for consistency reasons) * Use `withRelated` when accessing the model layer and use `include` when accessing the API layer * Change `convertOptions` API utiliy - API Usage - ghost.api(..., {include: 'tags,authors'}) - `include` should only be used when calling the API (either via request or via manual usage) - `include` is only for readability and easier format - Ghost (Model Layer Usage) - models.Post.findOne(..., {withRelated: ['tags', 'authors']}) - should only use `withRelated` - model layer cannot read 'tags,authors` - model layer has no idea what `include` means, speaks a different language - `withRelated` is bookshelf - internal usage * include-count plugin: use `withRelated` instead of `include` - imagine you outsource this plugin to git and publish it to npm - `include` is an unknown option in bookshelf * Updated `permittedOptions` in base model - `include` is no longer a known option * Remove all occurances of `include` in the model layer * Extend `filterOptions` base function - this function should be called as first action - we clone the unfiltered options - check if you are using `include` (this is a protection which could help us in the beginning) - check for permitted and (later on default `withRelated`) options - the usage is coming in next commit * Ensure we call `filterOptions` as first action - use `ghostBookshelf.Model.filterOptions` as first action - consistent naming pattern for incoming options: `unfilteredOptions` - re-added allowed options for `toJSON` - one unsolved architecture problem: - if you override a function e.g. `edit` - then you should call `filterOptions` as first action - the base implementation of e.g. `edit` will call it again - future improvement * Removed `findOne` from Invite model - no longer needed, the base implementation is the same 2018-02-15 12:53:53 +03:00			`getByEmail: function getByEmail(email, unfilteredOptions) {`
			`var options = ghostBookshelf.Model.filterOptions(unfilteredOptions, 'getByEmail');`
Subscribers: Error Handling for adding subscribers no issue - do not expose information about adding subscribers 2016-05-08 17:49:12 +03:00			`options.require = true;`

Sorted out the mixed usages of `include` and `withRelated` (#9425) no issue - this commit cleans up the usages of `include` and `withRelated`. ### API layer (`include`) - as request parameter e.g. `?include=roles,tags` - as theme API parameter e.g. `{{get .... include="author"}}` - as internal API access e.g. `api.posts.browse({include: 'author,tags'})` - the `include` notation is more readable than `withRelated` - and it allows us to use a different easier format (comma separated list) - the API utility transforms these more readable properties into model style (or into Ghost style) ### Model access (`withRelated`) - e.g. `models.Post.findPage({withRelated: ['tags']})` - driven by bookshelf --- Commits explained. * Reorder the usage of `convertOptions` - 1. validation - 2. options convertion - 3. permissions - the reason is simple, the permission layer access the model layer - we have to prepare the options before talking to the model layer - added `convertOptions` where it was missed (not required, but for consistency reasons) * Use `withRelated` when accessing the model layer and use `include` when accessing the API layer * Change `convertOptions` API utiliy - API Usage - ghost.api(..., {include: 'tags,authors'}) - `include` should only be used when calling the API (either via request or via manual usage) - `include` is only for readability and easier format - Ghost (Model Layer Usage) - models.Post.findOne(..., {withRelated: ['tags', 'authors']}) - should only use `withRelated` - model layer cannot read 'tags,authors` - model layer has no idea what `include` means, speaks a different language - `withRelated` is bookshelf - internal usage * include-count plugin: use `withRelated` instead of `include` - imagine you outsource this plugin to git and publish it to npm - `include` is an unknown option in bookshelf * Updated `permittedOptions` in base model - `include` is no longer a known option * Remove all occurances of `include` in the model layer * Extend `filterOptions` base function - this function should be called as first action - we clone the unfiltered options - check if you are using `include` (this is a protection which could help us in the beginning) - check for permitted and (later on default `withRelated`) options - the usage is coming in next commit * Ensure we call `filterOptions` as first action - use `ghostBookshelf.Model.filterOptions` as first action - consistent naming pattern for incoming options: `unfilteredOptions` - re-added allowed options for `toJSON` - one unsolved architecture problem: - if you override a function e.g. `edit` - then you should call `filterOptions` as first action - the base implementation of e.g. `edit` will call it again - future improvement * Removed `findOne` from Invite model - no longer needed, the base implementation is the same 2018-02-15 12:53:53 +03:00			`return Subscribers.forge().fetch(options).then(function then(subscribers) {`
Subscribers: Error Handling for adding subscribers no issue - do not expose information about adding subscribers 2016-05-08 17:49:12 +03:00			`var subscriberWithEmail = subscribers.find(function findSubscriber(subscriber) {`
			`return subscriber.get('email').toLowerCase() === email.toLowerCase();`
			`});`

			`if (subscriberWithEmail) {`
			`return subscriberWithEmail;`
			`}`
subscribers: fix adding subscriber from admin if collection is empty 2016-05-11 19:48:59 +03:00			`}).catch(function (error) {`
			`if (error.message === 'NotFound' \|\| error.message === 'EmptyResponse') {`
			`return Promise.resolve();`
			`}`

			`return Promise.reject(error);`
Subscribers: Error Handling for adding subscribers no issue - do not expose information about adding subscribers 2016-05-08 17:49:12 +03:00			`});`
Subscribers: finish permission handling no issue - add some more tests, optimise tests and finish tests - subscriber model checks external context permissions in permissible fn - add missing permissions for subscriber csv 2016-04-29 13:58:40 +03:00			`}`
Subscribers: Model, API & CSV import/export - subscriber model - subscriber app updates - subscriber end points - import/export CSV - added headers to export file - added dynamic email field detection for import - returns stats object after CSV import - mask error message from DB 2016-04-14 23:44:05 +03:00			`});`

			`Subscribers = ghostBookshelf.Collection.extend({`
			`model: Subscriber`
			`});`

			`module.exports = {`
			`Subscriber: ghostBookshelf.model('Subscriber', Subscriber),`
			`Subscribers: ghostBookshelf.collection('Subscriber', Subscribers)`
			`};`