2018-04-06 19:19:45 +03:00
|
|
|
const Promise = require('bluebird'),
|
2017-12-12 00:47:46 +03:00
|
|
|
ghostBookshelf = require('./base'),
|
2018-04-06 19:19:45 +03:00
|
|
|
common = require('../lib/common');
|
|
|
|
|
|
|
|
let Subscriber,
|
2016-04-14 23:44:05 +03:00
|
|
|
Subscribers;
|
|
|
|
|
|
|
|
Subscriber = ghostBookshelf.Model.extend({
|
2016-04-29 13:58:40 +03:00
|
|
|
tableName: 'subscribers',
|
|
|
|
|
2017-11-21 18:43:14 +03:00
|
|
|
emitChange: function emitChange(event, options) {
|
2018-04-06 19:19:45 +03:00
|
|
|
const eventToTrigger = 'subscriber' + '.' + event;
|
|
|
|
ghostBookshelf.Model.prototype.emitChange.bind(this)(this, eventToTrigger, options);
|
2016-04-29 13:58:40 +03:00
|
|
|
},
|
2016-10-14 15:37:01 +03:00
|
|
|
|
2016-04-29 13:58:40 +03:00
|
|
|
defaults: function defaults() {
|
|
|
|
return {
|
|
|
|
status: 'subscribed'
|
|
|
|
};
|
|
|
|
},
|
2016-10-14 15:37:01 +03:00
|
|
|
|
2017-11-21 18:43:14 +03:00
|
|
|
onCreated: function onCreated(model, response, options) {
|
|
|
|
model.emitChange('added', options);
|
2016-10-14 15:37:01 +03:00
|
|
|
},
|
|
|
|
|
2017-11-21 18:43:14 +03:00
|
|
|
onUpdated: function onUpdated(model, response, options) {
|
|
|
|
model.emitChange('edited', options);
|
2016-10-14 15:37:01 +03:00
|
|
|
},
|
|
|
|
|
2018-04-06 19:19:45 +03:00
|
|
|
onDestroyed: function onDestroyed(model, options) {
|
2017-11-21 18:43:14 +03:00
|
|
|
model.emitChange('deleted', options);
|
2016-04-29 13:58:40 +03:00
|
|
|
}
|
2016-04-14 23:44:05 +03:00
|
|
|
}, {
|
|
|
|
|
|
|
|
orderDefaultOptions: function orderDefaultOptions() {
|
|
|
|
return {};
|
|
|
|
},
|
|
|
|
/**
|
|
|
|
* @deprecated in favour of filter
|
|
|
|
*/
|
|
|
|
processOptions: function processOptions(options) {
|
|
|
|
return options;
|
|
|
|
},
|
|
|
|
|
|
|
|
permittedOptions: function permittedOptions(methodName) {
|
|
|
|
var options = ghostBookshelf.Model.permittedOptions(),
|
|
|
|
|
|
|
|
// whitelists for the `options` hash argument on methods, by method name.
|
|
|
|
// these are the only options that can be passed to Bookshelf / Knex.
|
|
|
|
validOptions = {
|
|
|
|
findPage: ['page', 'limit', 'columns', 'filter', 'order'],
|
|
|
|
findAll: ['columns']
|
|
|
|
};
|
|
|
|
|
|
|
|
if (validOptions[methodName]) {
|
|
|
|
options = options.concat(validOptions[methodName]);
|
|
|
|
}
|
|
|
|
|
|
|
|
return options;
|
2016-04-29 13:58:40 +03:00
|
|
|
},
|
|
|
|
|
2017-09-26 19:06:14 +03:00
|
|
|
permissible: function permissible(postModelOrId, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasAppPermission) {
|
2016-04-29 13:58:40 +03:00
|
|
|
// CASE: external is only allowed to add and edit subscribers
|
|
|
|
if (context.external) {
|
|
|
|
if (['add', 'edit'].indexOf(action) !== -1) {
|
|
|
|
return Promise.resolve();
|
|
|
|
}
|
|
|
|
}
|
2016-04-14 23:44:05 +03:00
|
|
|
|
2016-04-29 13:58:40 +03:00
|
|
|
if (hasUserPermission && hasAppPermission) {
|
|
|
|
return Promise.resolve();
|
|
|
|
}
|
|
|
|
|
2017-12-12 00:47:46 +03:00
|
|
|
return Promise.reject(new common.errors.NoPermissionError({message: common.i18n.t('errors.models.subscriber.notEnoughPermission')}));
|
2016-05-08 17:49:12 +03:00
|
|
|
},
|
|
|
|
|
|
|
|
// TODO: This is a copy paste of models/user.js!
|
Sorted out the mixed usages of `include` and `withRelated` (#9425)
no issue
- this commit cleans up the usages of `include` and `withRelated`.
### API layer (`include`)
- as request parameter e.g. `?include=roles,tags`
- as theme API parameter e.g. `{{get .... include="author"}}`
- as internal API access e.g. `api.posts.browse({include: 'author,tags'})`
- the `include` notation is more readable than `withRelated`
- and it allows us to use a different easier format (comma separated list)
- the API utility transforms these more readable properties into model style (or into Ghost style)
### Model access (`withRelated`)
- e.g. `models.Post.findPage({withRelated: ['tags']})`
- driven by bookshelf
---
Commits explained.
* Reorder the usage of `convertOptions`
- 1. validation
- 2. options convertion
- 3. permissions
- the reason is simple, the permission layer access the model layer
- we have to prepare the options before talking to the model layer
- added `convertOptions` where it was missed (not required, but for consistency reasons)
* Use `withRelated` when accessing the model layer and use `include` when accessing the API layer
* Change `convertOptions` API utiliy
- API Usage
- ghost.api(..., {include: 'tags,authors'})
- `include` should only be used when calling the API (either via request or via manual usage)
- `include` is only for readability and easier format
- Ghost (Model Layer Usage)
- models.Post.findOne(..., {withRelated: ['tags', 'authors']})
- should only use `withRelated`
- model layer cannot read 'tags,authors`
- model layer has no idea what `include` means, speaks a different language
- `withRelated` is bookshelf
- internal usage
* include-count plugin: use `withRelated` instead of `include`
- imagine you outsource this plugin to git and publish it to npm
- `include` is an unknown option in bookshelf
* Updated `permittedOptions` in base model
- `include` is no longer a known option
* Remove all occurances of `include` in the model layer
* Extend `filterOptions` base function
- this function should be called as first action
- we clone the unfiltered options
- check if you are using `include` (this is a protection which could help us in the beginning)
- check for permitted and (later on default `withRelated`) options
- the usage is coming in next commit
* Ensure we call `filterOptions` as first action
- use `ghostBookshelf.Model.filterOptions` as first action
- consistent naming pattern for incoming options: `unfilteredOptions`
- re-added allowed options for `toJSON`
- one unsolved architecture problem:
- if you override a function e.g. `edit`
- then you should call `filterOptions` as first action
- the base implementation of e.g. `edit` will call it again
- future improvement
* Removed `findOne` from Invite model
- no longer needed, the base implementation is the same
2018-02-15 12:53:53 +03:00
|
|
|
getByEmail: function getByEmail(email, unfilteredOptions) {
|
|
|
|
var options = ghostBookshelf.Model.filterOptions(unfilteredOptions, 'getByEmail');
|
2016-05-08 17:49:12 +03:00
|
|
|
options.require = true;
|
|
|
|
|
Sorted out the mixed usages of `include` and `withRelated` (#9425)
no issue
- this commit cleans up the usages of `include` and `withRelated`.
### API layer (`include`)
- as request parameter e.g. `?include=roles,tags`
- as theme API parameter e.g. `{{get .... include="author"}}`
- as internal API access e.g. `api.posts.browse({include: 'author,tags'})`
- the `include` notation is more readable than `withRelated`
- and it allows us to use a different easier format (comma separated list)
- the API utility transforms these more readable properties into model style (or into Ghost style)
### Model access (`withRelated`)
- e.g. `models.Post.findPage({withRelated: ['tags']})`
- driven by bookshelf
---
Commits explained.
* Reorder the usage of `convertOptions`
- 1. validation
- 2. options convertion
- 3. permissions
- the reason is simple, the permission layer access the model layer
- we have to prepare the options before talking to the model layer
- added `convertOptions` where it was missed (not required, but for consistency reasons)
* Use `withRelated` when accessing the model layer and use `include` when accessing the API layer
* Change `convertOptions` API utiliy
- API Usage
- ghost.api(..., {include: 'tags,authors'})
- `include` should only be used when calling the API (either via request or via manual usage)
- `include` is only for readability and easier format
- Ghost (Model Layer Usage)
- models.Post.findOne(..., {withRelated: ['tags', 'authors']})
- should only use `withRelated`
- model layer cannot read 'tags,authors`
- model layer has no idea what `include` means, speaks a different language
- `withRelated` is bookshelf
- internal usage
* include-count plugin: use `withRelated` instead of `include`
- imagine you outsource this plugin to git and publish it to npm
- `include` is an unknown option in bookshelf
* Updated `permittedOptions` in base model
- `include` is no longer a known option
* Remove all occurances of `include` in the model layer
* Extend `filterOptions` base function
- this function should be called as first action
- we clone the unfiltered options
- check if you are using `include` (this is a protection which could help us in the beginning)
- check for permitted and (later on default `withRelated`) options
- the usage is coming in next commit
* Ensure we call `filterOptions` as first action
- use `ghostBookshelf.Model.filterOptions` as first action
- consistent naming pattern for incoming options: `unfilteredOptions`
- re-added allowed options for `toJSON`
- one unsolved architecture problem:
- if you override a function e.g. `edit`
- then you should call `filterOptions` as first action
- the base implementation of e.g. `edit` will call it again
- future improvement
* Removed `findOne` from Invite model
- no longer needed, the base implementation is the same
2018-02-15 12:53:53 +03:00
|
|
|
return Subscribers.forge().fetch(options).then(function then(subscribers) {
|
2016-05-08 17:49:12 +03:00
|
|
|
var subscriberWithEmail = subscribers.find(function findSubscriber(subscriber) {
|
|
|
|
return subscriber.get('email').toLowerCase() === email.toLowerCase();
|
|
|
|
});
|
|
|
|
|
|
|
|
if (subscriberWithEmail) {
|
|
|
|
return subscriberWithEmail;
|
|
|
|
}
|
2016-05-11 19:48:59 +03:00
|
|
|
}).catch(function (error) {
|
|
|
|
if (error.message === 'NotFound' || error.message === 'EmptyResponse') {
|
|
|
|
return Promise.resolve();
|
|
|
|
}
|
|
|
|
|
|
|
|
return Promise.reject(error);
|
2016-05-08 17:49:12 +03:00
|
|
|
});
|
2016-04-29 13:58:40 +03:00
|
|
|
}
|
2016-04-14 23:44:05 +03:00
|
|
|
});
|
|
|
|
|
|
|
|
Subscribers = ghostBookshelf.Collection.extend({
|
|
|
|
model: Subscriber
|
|
|
|
});
|
|
|
|
|
|
|
|
module.exports = {
|
|
|
|
Subscriber: ghostBookshelf.model('Subscriber', Subscriber),
|
|
|
|
Subscribers: ghostBookshelf.collection('Subscriber', Subscribers)
|
|
|
|
};
|