Ghost/ghost/admin/app/routes/settings.js

17 lines
399 B
JavaScript
Raw Normal View History

import AuthenticatedRoute from 'ghost-admin/routes/authenticated';
Refactored away CurrentUserSettings mixin (#2200) no issue Mixins are deprecated in Ember so we want to remove their usage. The `CurrentUserSettings` mixin was used in Route files to provide `transitionAuthor()` (that also transitions contributors) and `transitionEditor()` methods so the the consuming route could use them to prevent access to authors/editors. In practice the only reason this was used was to prevent access to admin-only routes. - added an `AdminRoute` class that inherits from our `AuthenticatedRoute` class - when any route inherits from this class it will only allow access to admins and owners, any other user will be redirected to the home screen (dashboard or site depending on permissions) - updated all of our admin-only routes to use the new `AdminRoute` - allowed for removal of `CurrentUserSettings` mixin usage - allowed for `beforeModel()` hooks to be removed from consuming routes in many cases - some admin-only routes were extending/inheriting directly from Ember's `Route` based on the assumption that the router hierarchy would have a parent route perform the redirect. Those have also been switched to `AdminRoute` for consistency and to prevent accidentally making them available if the router hierarchy changes - `/#/settings` does not use the `AdminRoute` so that it can redirect to the current user's setting page for non-admin users - removed `CurrentUserSettings` mixin file - cleaned up unnecessary computed property and function used for redirect-when-disabled in the Zapier route
2022-01-17 13:05:27 +03:00
import {inject as service} from '@ember/service';
export default AuthenticatedRoute.extend({
session: service(),
beforeModel() {
this._super(...arguments);
Refactored away CurrentUserSettings mixin (#2200) no issue Mixins are deprecated in Ember so we want to remove their usage. The `CurrentUserSettings` mixin was used in Route files to provide `transitionAuthor()` (that also transitions contributors) and `transitionEditor()` methods so the the consuming route could use them to prevent access to authors/editors. In practice the only reason this was used was to prevent access to admin-only routes. - added an `AdminRoute` class that inherits from our `AuthenticatedRoute` class - when any route inherits from this class it will only allow access to admins and owners, any other user will be redirected to the home screen (dashboard or site depending on permissions) - updated all of our admin-only routes to use the new `AdminRoute` - allowed for removal of `CurrentUserSettings` mixin usage - allowed for `beforeModel()` hooks to be removed from consuming routes in many cases - some admin-only routes were extending/inheriting directly from Ember's `Route` based on the assumption that the router hierarchy would have a parent route perform the redirect. Those have also been switched to `AdminRoute` for consistency and to prevent accidentally making them available if the router hierarchy changes - `/#/settings` does not use the `AdminRoute` so that it can redirect to the current user's setting page for non-admin users - removed `CurrentUserSettings` mixin file - cleaned up unnecessary computed property and function used for redirect-when-disabled in the Zapier route
2022-01-17 13:05:27 +03:00
const user = this.session.user;
if (!user.isAdmin) {
return this.transitionTo('settings.staff.user', user);
}
2021-03-05 09:58:01 +03:00
}
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
});