TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-20 09:22:49 +03:00
Code Issues Projects Releases Wiki Activity
b61fb2a867
Ghost/test/regression/api/v2/admin/settings_spec.js

716 lines
29 KiB
JavaScript
Raw Normal View History

Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests
2019-02-04 17:16:24 +03:00
const should = require('should');
const supertest = require('supertest');
Moved config from server to shared (#11850) * moved `server/config` to `shared/config` * updated config import paths in server to use shared * updated config import paths in frontend to use shared * updated config import paths in test to use shared * updated config import paths in root to use shared * trigger regression tests * of course the rebase broke tests
2020-05-27 20:47:53 +03:00
const config = require('../../../../../core/shared/config');
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests
2019-02-04 17:16:24 +03:00
const testUtils = require('../../../../utils');
const localUtils = require('./utils');
const ghost = testUtils.startGhost;
Renamed settings keys active_timezone to timezone refs https://github.com/TryGhost/Ghost/issues/10318 refs https://github.com/TryGhost/Ghost/commit/2614565d5abf1982b61c7ef6e9360f2b9ddb0574 - Renames to match referenced migration renames - Fixed API responses so they are consistent with newly renamed fields - Not returning lang and timezone keys from settings in API v2 ther rest should be returned in API v3/canary
2020-06-22 14:21:00 +03:00
// NOTE: in future iterations these fields should be fetched from a central module.
// Have put a list as is here for the lack of better place for it.
Updated settings API v2 tests to also check for correct types refs https://github.com/TryGhost/Ghost/issues/10318 - Added additional check for correct "type" fields in settings responses - The list is based on pre-migration response from API v2, so makes it very clear there is no breaking change after the migration
2020-06-25 08:13:24 +03:00
const defaultSettingsKeyTypes = [
Cleaned up members & stripe settings (#11957) * Updated members default settings ref #10318 This pulls out the members_subscription_settings & stripe_connect_intgration settings into separate keys * Updated usage of members_from_address * Updated stripe_connect usage * Updated members config to use new settings * Updated members middleware to use isStripeConnected * Updated members service to reload correctly We reload the members-api instance when the related settings change, so this makes sure we're listening to the correct settings changes * Updated ghost_head helper to use new settings * Updated theme middleware to use new settings * Renamed members_allow_signup -> members_allow_free_signup * Fixed tests after settings refactor * Removed from direct key settings key * Fixed regression tests for settings api
2020-06-29 17:22:42 +03:00
{key: 'title', type: 'blog'},
{key: 'description', type: 'blog'},
{key: 'logo', type: 'blog'},
{key: 'cover_image', type: 'blog'},
{key: 'icon', type: 'blog'},
{key: 'codeinjection_head', type: 'blog'},
{key: 'codeinjection_foot', type: 'blog'},
{key: 'facebook', type: 'blog'},
{key: 'twitter', type: 'blog'},
{key: 'navigation', type: 'blog'},
{key: 'secondary_navigation', type: 'blog'},
{key: 'meta_title', type: 'blog'},
{key: 'meta_description', type: 'blog'},
{key: 'og_image', type: 'blog'},
{key: 'og_title', type: 'blog'},
{key: 'og_description', type: 'blog'},
{key: 'twitter_image', type: 'blog'},
{key: 'twitter_title', type: 'blog'},
{key: 'twitter_description', type: 'blog'},
{key: 'active_theme', type: 'theme'},
{key: 'is_private', type: 'private'},
{key: 'password', type: 'private'},
{key: 'public_hash', type: 'private'},
{key: 'default_content_visibility', type: 'members'},
{key: 'members_allow_free_signup', type: 'members'},
{key: 'members_from_address', type: 'members'},
Added migrations for support and reply email address setting (#12163) no issue - Added default settings for the two new setting fields - `members_support_address` and `members_reply_address` - Added migrations for setting group for new email settings - Migration sets current from address as new support address default - Added migration to set new support address same as from address - Updated tests for new settings - `members_support_address` - How members can reach for help with their account, public setting - `members_reply_address` - Where you receive responses to newsletters
2020-08-27 17:57:50 +03:00
{key: 'members_support_address', type: 'members'},
{key: 'members_reply_address', type: 'members'},
Cleaned up members & stripe settings (#11957) * Updated members default settings ref #10318 This pulls out the members_subscription_settings & stripe_connect_intgration settings into separate keys * Updated usage of members_from_address * Updated stripe_connect usage * Updated members config to use new settings * Updated members middleware to use isStripeConnected * Updated members service to reload correctly We reload the members-api instance when the related settings change, so this makes sure we're listening to the correct settings changes * Updated ghost_head helper to use new settings * Updated theme middleware to use new settings * Renamed members_allow_signup -> members_allow_free_signup * Fixed tests after settings refactor * Removed from direct key settings key * Fixed regression tests for settings api
2020-06-29 17:22:42 +03:00
{key: 'stripe_product_name', type: 'members'},
{key: 'stripe_plans', type: 'members'},
{key: 'stripe_secret_key', type: 'members'},
{key: 'stripe_publishable_key', type: 'members'},
{key: 'stripe_connect_secret_key', type: 'members'},
{key: 'stripe_connect_publishable_key', type: 'members'},
{key: 'stripe_connect_account_id', type: 'members'},
{key: 'stripe_connect_display_name', type: 'members'},
{key: 'stripe_connect_livemode', type: 'members'},
{key: 'portal_name', type: 'portal'},
{key: 'portal_button', type: 'portal'},
{key: 'portal_plans', type: 'portal'},
Added new settings for portal button customization no issue - Adds new portal settings - `portal_button_style`, `portal_button_icon` and `portal_button_signup_text` - New settings allows customization of portal button - Updates tests to include new settings
2020-07-07 11:02:47 +03:00
{key: 'portal_button_style', type: 'portal'},
{key: 'portal_button_icon', type: 'portal'},
{key: 'portal_button_signup_text', type: 'portal'},
Added mailgun_{domain,api_key,base_url} settings (#11992) refs #10318 - Adds new default settings - Adds migration for populating settings with bulk_email_settings data - Fixes regression tests
2020-07-03 12:00:20 +03:00
{key: 'mailgun_api_key', type: 'bulk_email'},
{key: 'mailgun_domain', type: 'bulk_email'},
{key: 'mailgun_base_url', type: 'bulk_email'},
Cleaned up members & stripe settings (#11957) * Updated members default settings ref #10318 This pulls out the members_subscription_settings & stripe_connect_intgration settings into separate keys * Updated usage of members_from_address * Updated stripe_connect usage * Updated members config to use new settings * Updated members middleware to use isStripeConnected * Updated members service to reload correctly We reload the members-api instance when the related settings change, so this makes sure we're listening to the correct settings changes * Updated ghost_head helper to use new settings * Updated theme middleware to use new settings * Renamed members_allow_signup -> members_allow_free_signup * Fixed tests after settings refactor * Removed from direct key settings key * Fixed regression tests for settings api
2020-06-29 17:22:42 +03:00
{key: 'amp', type: 'blog'},
Added amp_gtag_id setting migration & default refs #11980 This lays the ground for the rest of the work surrounding Google Analytics in AMP.
2020-07-10 16:19:45 +03:00
{key: 'amp_gtag_id', type: 'blog'},
Cleaned up members & stripe settings (#11957) * Updated members default settings ref #10318 This pulls out the members_subscription_settings & stripe_connect_intgration settings into separate keys * Updated usage of members_from_address * Updated stripe_connect usage * Updated members config to use new settings * Updated members middleware to use isStripeConnected * Updated members service to reload correctly We reload the members-api instance when the related settings change, so this makes sure we're listening to the correct settings changes * Updated ghost_head helper to use new settings * Updated theme middleware to use new settings * Renamed members_allow_signup -> members_allow_free_signup * Fixed tests after settings refactor * Removed from direct key settings key * Fixed regression tests for settings api
2020-06-29 17:22:42 +03:00
{key: 'labs', type: 'blog'},
{key: 'slack', type: 'blog'},
{key: 'unsplash', type: 'blog'},
{key: 'shared_views', type: 'blog'},
{key: 'ghost_head', type: 'blog'},
{key: 'ghost_foot', type: 'blog'},
{key: 'active_timezone', type: 'blog'},
{key: 'default_locale', type: 'blog'}
Renamed settings keys active_timezone to timezone refs https://github.com/TryGhost/Ghost/issues/10318 refs https://github.com/TryGhost/Ghost/commit/2614565d5abf1982b61c7ef6e9360f2b9ddb0574 - Renames to match referenced migration renames - Fixed API responses so they are consistent with newly renamed fields - Not returning lang and timezone keys from settings in API v2 ther rest should be returned in API v3/canary
2020-06-22 14:21:00 +03:00
];
Fixed regression tests
2019-10-09 20:37:44 +03:00
describe('Settings API (v2)', function () {
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests
2019-02-04 17:16:24 +03:00
let ghostServer;
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
let request;
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests
2019-02-04 17:16:24 +03:00
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
describe('As Owner', function () {
before(function () {
return ghost()
.then(function (_ghostServer) {
ghostServer = _ghostServer;
request = supertest.agent(config.get('url'));
})
.then(function () {
return localUtils.doAuth(request);
});
});
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests
2019-02-04 17:16:24 +03:00
Added settings `?type` parameter to API regression tests refs https://github.com/TryGhost/Ghost/issues/10318 - At the moment there were no test checking correct behavior of `?type` parameter. Given ongoing settings refactoring work expanded tests with some essential coverage - Moved one of the test cases to be consistent with order in other suites
2020-06-24 11:01:28 +03:00
it('Can request all settings', function () {
return request.get(localUtils.API.getApiQuery(`settings/`))
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
Added settings `?type` parameter to API regression tests refs https://github.com/TryGhost/Ghost/issues/10318 - At the moment there were no test checking correct behavior of `?type` parameter. Given ongoing settings refactoring work expanded tests with some essential coverage - Moved one of the test cases to be consistent with order in other suites
2020-06-24 11:01:28 +03:00
.expect(200)
.then((res) => {
should.not.exist(res.headers['x-cache-invalidate']);
const jsonResponse = res.body;
should.exist(jsonResponse.settings);
should.exist(jsonResponse.meta);
jsonResponse.settings.should.be.an.Object();
const settings = jsonResponse.settings;
Cleaned up members & stripe settings (#11957) * Updated members default settings ref #10318 This pulls out the members_subscription_settings & stripe_connect_intgration settings into separate keys * Updated usage of members_from_address * Updated stripe_connect usage * Updated members config to use new settings * Updated members middleware to use isStripeConnected * Updated members service to reload correctly We reload the members-api instance when the related settings change, so this makes sure we're listening to the correct settings changes * Updated ghost_head helper to use new settings * Updated theme middleware to use new settings * Renamed members_allow_signup -> members_allow_free_signup * Fixed tests after settings refactor * Removed from direct key settings key * Fixed regression tests for settings api
2020-06-29 17:22:42 +03:00
should.equal(settings.length, defaultSettingsKeyTypes.length);
for (const defaultSetting of defaultSettingsKeyTypes) {
should.exist(settings.find((setting) => {
return setting.key === defaultSetting.key && setting.type === defaultSetting.type;
}));
}
Added settings `?type` parameter to API regression tests refs https://github.com/TryGhost/Ghost/issues/10318 - At the moment there were no test checking correct behavior of `?type` parameter. Given ongoing settings refactoring work expanded tests with some essential coverage - Moved one of the test cases to be consistent with order in other suites
2020-06-24 11:01:28 +03:00
localUtils.API.checkResponse(jsonResponse, 'settings');
});
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
});
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests
2019-02-04 17:16:24 +03:00
Added settings `?type` parameter to API regression tests refs https://github.com/TryGhost/Ghost/issues/10318 - At the moment there were no test checking correct behavior of `?type` parameter. Given ongoing settings refactoring work expanded tests with some essential coverage - Moved one of the test cases to be consistent with order in other suites
2020-06-24 11:01:28 +03:00
it('Can request settings by type', function () {
return request.get(localUtils.API.getApiQuery(`settings/?type=theme`))
Renamed settings keys active_timezone to timezone refs https://github.com/TryGhost/Ghost/issues/10318 refs https://github.com/TryGhost/Ghost/commit/2614565d5abf1982b61c7ef6e9360f2b9ddb0574 - Renames to match referenced migration renames - Fixed API responses so they are consistent with newly renamed fields - Not returning lang and timezone keys from settings in API v2 ther rest should be returned in API v3/canary
2020-06-22 14:21:00 +03:00
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.then((res) => {
should.not.exist(res.headers['x-cache-invalidate']);
const jsonResponse = res.body;
should.exist(jsonResponse.settings);
should.exist(jsonResponse.meta);
jsonResponse.settings.should.be.an.Object();
const settings = jsonResponse.settings;
Added settings `?type` parameter to API regression tests refs https://github.com/TryGhost/Ghost/issues/10318 - At the moment there were no test checking correct behavior of `?type` parameter. Given ongoing settings refactoring work expanded tests with some essential coverage - Moved one of the test cases to be consistent with order in other suites
2020-06-24 11:01:28 +03:00
Object.keys(settings).length.should.equal(1);
settings[0].key.should.equal('active_theme');
settings[0].value.should.equal('casper');
settings[0].type.should.equal('theme');
localUtils.API.checkResponse(jsonResponse, 'settings');
});
});
Updated settings API v2 tests to also check for correct types refs https://github.com/TryGhost/Ghost/issues/10318 - Added additional check for correct "type" fields in settings responses - The list is based on pre-migration response from API v2, so makes it very clear there is no breaking change after the migration
2020-06-25 08:13:24 +03:00
xit('Can not request settings by group, returns all settings instead', function () {
Added naive settings type options parameter support to settings API v2 refs TryGhost/Ghost#10318 refs 8fc526ff6 - This is symetric change to one done for v3 API (commited as 8fc526ff6) - Added 'core' filtering for v2 API controller
2020-06-25 07:32:16 +03:00
return request.get(localUtils.API.getApiQuery(`settings/?group=theme`))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.then((res) => {
should.not.exist(res.headers['x-cache-invalidate']);
const jsonResponse = res.body;
should.exist(jsonResponse.settings);
should.exist(jsonResponse.meta);
jsonResponse.settings.should.be.an.Object();
const settings = jsonResponse.settings;
Object.keys(settings).length.should.equal(39);
Updated settings API v2 tests to also check for correct types refs https://github.com/TryGhost/Ghost/issues/10318 - Added additional check for correct "type" fields in settings responses - The list is based on pre-migration response from API v2, so makes it very clear there is no breaking change after the migration
2020-06-25 08:13:24 +03:00
settings.map(s => s.key).should.deepEqual(defaultSettingsKeyTypes);
Added naive settings type options parameter support to settings API v2 refs TryGhost/Ghost#10318 refs 8fc526ff6 - This is symetric change to one done for v3 API (commited as 8fc526ff6) - Added 'core' filtering for v2 API controller
2020-06-25 07:32:16 +03:00
localUtils.API.checkResponse(jsonResponse, 'settings');
});
});
it('Can request settings by type and ignores group ', function () {
return request.get(localUtils.API.getApiQuery(`settings/?group=theme&type=private`))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.then((res) => {
should.not.exist(res.headers['x-cache-invalidate']);
const jsonResponse = res.body;
should.exist(jsonResponse.settings);
should.exist(jsonResponse.meta);
jsonResponse.settings.should.be.an.Object();
const settings = jsonResponse.settings;
Object.keys(settings).length.should.equal(3);
settings[0].key.should.equal('is_private');
settings[0].value.should.equal(false);
settings[0].type.should.equal('private');
testUtils.API.checkResponseValue(jsonResponse.settings[0], ['id', 'key', 'value', 'type', 'flags', 'created_at', 'updated_at']);
localUtils.API.checkResponse(jsonResponse, 'settings');
});
});
Added settings `?type` parameter to API regression tests refs https://github.com/TryGhost/Ghost/issues/10318 - At the moment there were no test checking correct behavior of `?type` parameter. Given ongoing settings refactoring work expanded tests with some essential coverage - Moved one of the test cases to be consistent with order in other suites
2020-06-24 11:01:28 +03:00
it('Requesting core settings type returns no results', function () {
return request.get(localUtils.API.getApiQuery(`settings/?type=core`))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.then((res) => {
should.not.exist(res.headers['x-cache-invalidate']);
const jsonResponse = res.body;
should.exist(jsonResponse.settings);
should.exist(jsonResponse.meta);
jsonResponse.settings.should.be.an.Object();
const settings = jsonResponse.settings;
Object.keys(settings).length.should.equal(0);
Renamed settings keys active_timezone to timezone refs https://github.com/TryGhost/Ghost/issues/10318 refs https://github.com/TryGhost/Ghost/commit/2614565d5abf1982b61c7ef6e9360f2b9ddb0574 - Renames to match referenced migration renames - Fixed API responses so they are consistent with newly renamed fields - Not returning lang and timezone keys from settings in API v2 ther rest should be returned in API v3/canary
2020-06-22 14:21:00 +03:00
localUtils.API.checkResponse(jsonResponse, 'settings');
});
});
Added settings `?type` parameter to API regression tests refs https://github.com/TryGhost/Ghost/issues/10318 - At the moment there were no test checking correct behavior of `?type` parameter. Given ongoing settings refactoring work expanded tests with some essential coverage - Moved one of the test cases to be consistent with order in other suites
2020-06-24 11:01:28 +03:00
it('Can\'t read core setting', function () {
return request
.get(localUtils.API.getApiQuery('settings/db_hash/'))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(403);
});
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
it('Can\'t read permalinks', function (done) {
request.get(localUtils.API.getApiQuery('settings/permalinks/'))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(404)
.end(function (err, res) {
if (err) {
return done(err);
}
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests
2019-02-04 17:16:24 +03:00
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
done();
Renamed settings keys active_timezone to timezone refs https://github.com/TryGhost/Ghost/issues/10318 refs https://github.com/TryGhost/Ghost/commit/2614565d5abf1982b61c7ef6e9360f2b9ddb0574 - Renames to match referenced migration renames - Fixed API responses so they are consistent with newly renamed fields - Not returning lang and timezone keys from settings in API v2 ther rest should be returned in API v3/canary
2020-06-22 14:21:00 +03:00
});
});
it('Can read default_locale deprecated in v3', function (done) {
request.get(localUtils.API.getApiQuery('settings/default_locale/'))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
should.not.exist(res.headers['x-cache-invalidate']);
const jsonResponse = res.body;
should.exist(jsonResponse);
should.exist(jsonResponse.settings);
jsonResponse.settings.length.should.eql(1);
Added naive settings type options parameter support to settings API v2 refs TryGhost/Ghost#10318 refs 8fc526ff6 - This is symetric change to one done for v3 API (commited as 8fc526ff6) - Added 'core' filtering for v2 API controller
2020-06-25 07:32:16 +03:00
testUtils.API.checkResponseValue(jsonResponse.settings[0], ['id', 'key', 'value', 'type', 'flags', 'created_at', 'updated_at']);
Renamed settings keys active_timezone to timezone refs https://github.com/TryGhost/Ghost/issues/10318 refs https://github.com/TryGhost/Ghost/commit/2614565d5abf1982b61c7ef6e9360f2b9ddb0574 - Renames to match referenced migration renames - Fixed API responses so they are consistent with newly renamed fields - Not returning lang and timezone keys from settings in API v2 ther rest should be returned in API v3/canary
2020-06-22 14:21:00 +03:00
jsonResponse.settings[0].key.should.eql('default_locale');
done();
});
});
it('Can read active_timezone deprecated in v3', function (done) {
request.get(localUtils.API.getApiQuery('settings/active_timezone/'))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
should.not.exist(res.headers['x-cache-invalidate']);
const jsonResponse = res.body;
should.exist(jsonResponse);
should.exist(jsonResponse.settings);
jsonResponse.settings.length.should.eql(1);
Added naive settings type options parameter support to settings API v2 refs TryGhost/Ghost#10318 refs 8fc526ff6 - This is symetric change to one done for v3 API (commited as 8fc526ff6) - Added 'core' filtering for v2 API controller
2020-06-25 07:32:16 +03:00
testUtils.API.checkResponseValue(jsonResponse.settings[0], ['id', 'key', 'value', 'type', 'flags', 'created_at', 'updated_at']);
Renamed settings keys active_timezone to timezone refs https://github.com/TryGhost/Ghost/issues/10318 refs https://github.com/TryGhost/Ghost/commit/2614565d5abf1982b61c7ef6e9360f2b9ddb0574 - Renames to match referenced migration renames - Fixed API responses so they are consistent with newly renamed fields - Not returning lang and timezone keys from settings in API v2 ther rest should be returned in API v3/canary
2020-06-22 14:21:00 +03:00
jsonResponse.settings[0].key.should.eql('active_timezone');
done();
});
});
it('Can read ghost_head deprecated in v3', function (done) {
request.get(localUtils.API.getApiQuery('settings/ghost_head/'))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
should.not.exist(res.headers['x-cache-invalidate']);
const jsonResponse = res.body;
should.exist(jsonResponse);
should.exist(jsonResponse.settings);
jsonResponse.settings.length.should.eql(1);
Added naive settings type options parameter support to settings API v2 refs TryGhost/Ghost#10318 refs 8fc526ff6 - This is symetric change to one done for v3 API (commited as 8fc526ff6) - Added 'core' filtering for v2 API controller
2020-06-25 07:32:16 +03:00
testUtils.API.checkResponseValue(jsonResponse.settings[0], ['id', 'key', 'value', 'type', 'flags', 'created_at', 'updated_at']);
Renamed settings keys active_timezone to timezone refs https://github.com/TryGhost/Ghost/issues/10318 refs https://github.com/TryGhost/Ghost/commit/2614565d5abf1982b61c7ef6e9360f2b9ddb0574 - Renames to match referenced migration renames - Fixed API responses so they are consistent with newly renamed fields - Not returning lang and timezone keys from settings in API v2 ther rest should be returned in API v3/canary
2020-06-22 14:21:00 +03:00
jsonResponse.settings[0].key.should.eql('ghost_head');
done();
});
});
it('Can read codeinjection_foot renamed in v3', function (done) {
request.get(localUtils.API.getApiQuery('settings/codeinjection_foot/'))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
should.not.exist(res.headers['x-cache-invalidate']);
const jsonResponse = res.body;
should.exist(jsonResponse);
should.exist(jsonResponse.settings);
jsonResponse.settings.length.should.eql(1);
Added naive settings type options parameter support to settings API v2 refs TryGhost/Ghost#10318 refs 8fc526ff6 - This is symetric change to one done for v3 API (commited as 8fc526ff6) - Added 'core' filtering for v2 API controller
2020-06-25 07:32:16 +03:00
testUtils.API.checkResponseValue(jsonResponse.settings[0], ['id', 'key', 'value', 'type', 'flags', 'created_at', 'updated_at']);
Renamed settings keys active_timezone to timezone refs https://github.com/TryGhost/Ghost/issues/10318 refs https://github.com/TryGhost/Ghost/commit/2614565d5abf1982b61c7ef6e9360f2b9ddb0574 - Renames to match referenced migration renames - Fixed API responses so they are consistent with newly renamed fields - Not returning lang and timezone keys from settings in API v2 ther rest should be returned in API v3/canary
2020-06-22 14:21:00 +03:00
jsonResponse.settings[0].key.should.eql('codeinjection_foot');
done();
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
});
});
it('can\'t read non existent setting', function (done) {
request.get(localUtils.API.getApiQuery('settings/testsetting/'))
.set('Origin', config.get('url'))
.set('Accept', 'application/json')
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(404)
.end(function (err, res) {
if (err) {
return done(err);
}
should.not.exist(res.headers['x-cache-invalidate']);
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
const jsonResponse = res.body;
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
should.exist(jsonResponse);
should.exist(jsonResponse.errors);
testUtils.API.checkResponseValue(jsonResponse.errors[0], [
'message',
'context',
'type',
'details',
'property',
'help',
'code',
'id'
]);
done();
});
});
it('can toggle member setting', function (done) {
request.get(localUtils.API.getApiQuery('settings/'))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.end(function (err, res) {
if (err) {
return done(err);
}
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
const jsonResponse = res.body;
const changedValue = [];
const settingToChange = {
settings: [
{
key: 'labs',
value: '{"subscribers":false,"members":false}'
}
]
};
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
should.exist(jsonResponse);
should.exist(jsonResponse.settings);
request.put(localUtils.API.getApiQuery('settings/'))
.set('Origin', config.get('url'))
.send(settingToChange)
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
const putBody = res.body;
res.headers['x-cache-invalidate'].should.eql('/*');
should.exist(putBody);
putBody.settings[0].key.should.eql('labs');
putBody.settings[0].value.should.eql(JSON.stringify({subscribers: false, members: false}));
done();
});
});
});
it('can\'t edit permalinks', function (done) {
const settingToChange = {
settings: [{key: 'permalinks', value: '/:primary_author/:slug/'}]
};
request.put(localUtils.API.getApiQuery('settings/'))
.set('Origin', config.get('url'))
.send(settingToChange)
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(404)
.end(function (err, res) {
if (err) {
return done(err);
}
done();
});
});
it('can\'t edit non existent setting', function (done) {
request.get(localUtils.API.getApiQuery('settings/'))
.set('Origin', config.get('url'))
.set('Accept', 'application/json')
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.end(function (err, res) {
if (err) {
return done(err);
}
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
let jsonResponse = res.body;
const newValue = 'new value';
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
should.exist(jsonResponse);
should.exist(jsonResponse.settings);
jsonResponse.settings = [{key: 'testvalue', value: newValue}];
request.put(localUtils.API.getApiQuery('settings/'))
.set('Origin', config.get('url'))
.send(jsonResponse)
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(404)
.end(function (err, res) {
if (err) {
return done(err);
}
jsonResponse = res.body;
should.not.exist(res.headers['x-cache-invalidate']);
should.exist(jsonResponse.errors);
testUtils.API.checkResponseValue(jsonResponse.errors[0], [
'message',
'context',
'type',
'details',
'property',
'help',
'code',
'id'
]);
done();
});
});
});
it('Will transform "1"', function (done) {
request.get(localUtils.API.getApiQuery('settings/'))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.end(function (err, res) {
if (err) {
return done(err);
}
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
const jsonResponse = res.body;
const settingToChange = {
settings: [
{
key: 'is_private',
value: '1'
}
]
};
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
should.exist(jsonResponse);
should.exist(jsonResponse.settings);
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests
2019-02-04 17:16:24 +03:00
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
request.put(localUtils.API.getApiQuery('settings/'))
.set('Origin', config.get('url'))
.send(settingToChange)
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
const putBody = res.body;
res.headers['x-cache-invalidate'].should.eql('/*');
should.exist(putBody);
putBody.settings[0].key.should.eql('is_private');
putBody.settings[0].value.should.eql(true);
localUtils.API.checkResponse(putBody, 'settings');
done();
});
});
});
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests
2019-02-04 17:16:24 +03:00
});
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
describe('As Admin', function () {
before(function () {
return ghost()
.then(function (_ghostServer) {
ghostServer = _ghostServer;
request = supertest.agent(config.get('url'));
})
.then(function () {
// create admin
return testUtils.createUser({
user: testUtils.DataGenerator.forKnex.createUser({email: 'admin+1@ghost.org'}),
role: testUtils.DataGenerator.Content.roles[0].name
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests
2019-02-04 17:16:24 +03:00
});
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
})
.then(function (admin) {
request.user = admin;
// by default we login with the owner
return localUtils.doAuth(request);
});
});
Unskipped fixed test no issue - The test was fixed with 4a10ddc8fa8d9927b539127ed565a8b3f0160bf0
2019-10-10 00:24:40 +03:00
it('cannot toggle member setting', function (done) {
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
const settingToChange = {
settings: [
{
key: 'labs',
value: '{"subscribers":false,"members":true}'
}
]
};
request.put(localUtils.API.getApiQuery('settings/'))
.set('Origin', config.get('url'))
.send(settingToChange)
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(403)
.end(function (err, res) {
if (err) {
return done(err);
}
done();
});
});
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests
2019-02-04 17:16:24 +03:00
});
🐛 Fixed private blogging getting enabled when saving any setting (#10576) no issue - Reported here: https://forum.ghost.org/t/in-version-2-16-3-found-bug/6065/3 --- Admin Client sends false or true booleans for `is_private` key. The settings table has two columns "key" and "value". And "value" is always type TEXT. If you pass value=false, the db will transform this value into "0". `settingsCache.get('is_private')` is then always true, even though the value is meant to be false. We should add a migration in v3 and normalize all setting values to ensure consistent database values. Furthermore, we should improve the handling around settings values in general. For now, we protect parsing values from DB, which we anyway need to transform the values into the correct data type, because we always save strings. This will protect values being stored as "false" or "1" or whatever.
2019-03-06 14:56:26 +03:00
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
describe('As Editor', function () {
let editor;
before(function () {
return ghost()
.then(function (_ghostServer) {
ghostServer = _ghostServer;
request = supertest.agent(config.get('url'));
})
.then(function () {
// create editor
return testUtils.createUser({
user: testUtils.DataGenerator.forKnex.createUser({email: 'test+1@ghost.org'}),
role: testUtils.DataGenerator.Content.roles[1].name
});
})
.then(function (_user1) {
editor = _user1;
request.user = editor;
// by default we login with the owner
return localUtils.doAuth(request);
});
});
it('should not be able to edit settings', function (done) {
request.get(localUtils.API.getApiQuery('settings/'))
.set('Origin', config.get('url'))
.set('Accept', 'application/json')
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.end(function (err, res) {
if (err) {
return done(err);
}
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
let jsonResponse = res.body;
const newValue = 'new value';
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
should.exist(jsonResponse);
should.exist(jsonResponse.settings);
jsonResponse.settings = [{key: 'visibility', value: 'public'}];
request.put(localUtils.API.getApiQuery('settings/'))
.set('Origin', config.get('url'))
.send(jsonResponse)
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(403)
.end(function (err, res) {
if (err) {
return done(err);
🐛 Fixed private blogging getting enabled when saving any setting (#10576) no issue - Reported here: https://forum.ghost.org/t/in-version-2-16-3-found-bug/6065/3 --- Admin Client sends false or true booleans for `is_private` key. The settings table has two columns "key" and "value". And "value" is always type TEXT. If you pass value=false, the db will transform this value into "0". `settingsCache.get('is_private')` is then always true, even though the value is meant to be false. We should add a migration in v3 and normalize all setting values to ensure consistent database values. Furthermore, we should improve the handling around settings values in general. For now, we protect parsing values from DB, which we anyway need to transform the values into the correct data type, because we always save strings. This will protect values being stored as "false" or "1" or whatever.
2019-03-06 14:56:26 +03:00
}
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
jsonResponse = res.body;
should.not.exist(res.headers['x-cache-invalidate']);
should.exist(jsonResponse.errors);
testUtils.API.checkResponseValue(jsonResponse.errors[0], [
'message',
'context',
'type',
'details',
'property',
'help',
'code',
'id'
]);
done();
});
});
});
});
describe('As Author', function () {
before(function () {
return ghost()
.then(function (_ghostServer) {
ghostServer = _ghostServer;
request = supertest.agent(config.get('url'));
})
.then(function () {
// create author
return testUtils.createUser({
user: testUtils.DataGenerator.forKnex.createUser({email: 'test+2@ghost.org'}),
role: testUtils.DataGenerator.Content.roles[2].name
🐛 Fixed private blogging getting enabled when saving any setting (#10576) no issue - Reported here: https://forum.ghost.org/t/in-version-2-16-3-found-bug/6065/3 --- Admin Client sends false or true booleans for `is_private` key. The settings table has two columns "key" and "value". And "value" is always type TEXT. If you pass value=false, the db will transform this value into "0". `settingsCache.get('is_private')` is then always true, even though the value is meant to be false. We should add a migration in v3 and normalize all setting values to ensure consistent database values. Furthermore, we should improve the handling around settings values in general. For now, we protect parsing values from DB, which we anyway need to transform the values into the correct data type, because we always save strings. This will protect values being stored as "false" or "1" or whatever.
2019-03-06 14:56:26 +03:00
});
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
})
.then(function (author) {
request.user = author;
// by default we login with the owner
return localUtils.doAuth(request);
});
});
it('should not be able to edit settings', function (done) {
request.get(localUtils.API.getApiQuery('settings/'))
.set('Origin', config.get('url'))
.set('Accept', 'application/json')
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.end(function (err, res) {
if (err) {
return done(err);
}
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
let jsonResponse = res.body;
const newValue = 'new value';
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
should.exist(jsonResponse);
should.exist(jsonResponse.settings);
jsonResponse.settings = [{key: 'visibility', value: 'public'}];
request.put(localUtils.API.getApiQuery('settings/'))
.set('Origin', config.get('url'))
.send(jsonResponse)
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(403)
.end(function (err, res) {
if (err) {
return done(err);
}
jsonResponse = res.body;
should.not.exist(res.headers['x-cache-invalidate']);
should.exist(jsonResponse.errors);
testUtils.API.checkResponseValue(jsonResponse.errors[0], [
'message',
'context',
'type',
'details',
'property',
'help',
'code',
'id'
]);
done();
});
});
});
🐛 Fixed private blogging getting enabled when saving any setting (#10576) no issue - Reported here: https://forum.ghost.org/t/in-version-2-16-3-found-bug/6065/3 --- Admin Client sends false or true booleans for `is_private` key. The settings table has two columns "key" and "value". And "value" is always type TEXT. If you pass value=false, the db will transform this value into "0". `settingsCache.get('is_private')` is then always true, even though the value is meant to be false. We should add a migration in v3 and normalize all setting values to ensure consistent database values. Furthermore, we should improve the handling around settings values in general. For now, we protect parsing values from DB, which we anyway need to transform the values into the correct data type, because we always save strings. This will protect values being stored as "false" or "1" or whatever.
2019-03-06 14:56:26 +03:00
});
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests
2019-02-04 17:16:24 +03:00
});
Reference in New Issue Copy Permalink