TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-11 09:53:32 +03:00
Code Issues Projects Releases Wiki Activity
d5f68dbbc5
Ghost/core/server/models/settings.js

338 lines
12 KiB
JavaScript
Raw Normal View History

Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
const Promise = require('bluebird');
const _ = require('lodash');
const uuid = require('uuid');
const crypto = require('crypto');
const keypair = require('keypair');
Updated Settings.populateDefaults() to account for available columns refs https://github.com/TryGhost/Ghost/issues/10318 `Settings.populateDefaults()` is run before migrations during Ghost's startup. This can cause problems when new settings table columns are added (and populated in `default-settings.json`) because `populateDefaults()` was using the model layer which assumes that those columns are available, resulting in `ER_BAD_FIELD_ERROR: Unknown column` type errors. - query the database for the available `settings` table columns - switch to using raw knex queries without Bookshelf for insertions so that we're in control of the columns that are added - use `_.pick` to skip any properties in `default-settings.json` that do not match to an available column - those columns will be added and populated by later migrations - moving away from using the model to insert settings has the side-effect of not emitting `settings.added/edited` and `settings.x.added/edited` events, this should be fine because `populateDefaults()` is called before anything else is set up and listening - added a call to `populateDefaults()` in our knex-migrator "before migration" hook so that we have consistent db state across both startup initialised migrations and manually triggered knex migrations
2020-06-25 16:22:15 +03:00
const ObjectID = require('bson-objectid');
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
const ghostBookshelf = require('./base');
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope
2020-05-22 21:22:20 +03:00
const {i18n} = require('../lib/common');
const errors = require('@tryghost/errors');
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
const validation = require('../data/validation');
const settingsCache = require('../services/settings/cache');
const internalContext = {context: {internal: true}};
let Settings;
let defaultSettings;
Restructure default-settings.json and add validations to important settings.
2013-09-02 05:49:08 +04:00
Improved dynamic default options performance (#10816) closes #10789 * Updated keypair generation to use a memoised fn This allows us to embed the members dynamic defaults in the object at definition, and will allow us to only create the keypair when we need it, in future. * Added getDefaultValue fn to default setting obj This will allow us to generate the default values when they're needed rather than at boot time. * Ensured dynamic defaults only generated when used This replaces all the dynamic default values with functions to return the values, and then calls (if required) that function inside the getDefaultValue method of the setting object.
2019-07-05 10:30:29 +03:00
const doBlock = fn => fn();
const getMembersKey = doBlock(() => {
let UNO_KEYPAIRINO;
return function getMembersKey(type) {
if (!UNO_KEYPAIRINO) {
UNO_KEYPAIRINO = keypair({bits: 1024});
}
return UNO_KEYPAIRINO[type];
};
});
Implemented externally verifiable identity tokens no-issue This adds two new endpoints, one at /ghost/.well-known/jwks.json for exposing a public key, and one on the canary api /identities, which allows the Owner user to fetch a JWT. This token can then be used by external services to verify the domain * Added ghost_{public,private}_key settings This key can be used for generating tokens for communicating with external services on behalf of Ghost * Added .well-known directory to /ghost/.well-known We add a jwks.json file to the .well-known directory which exposes a public JWK which can be used to verify the signatures of JWT's created by Ghost This is added to the /ghost/ path so that it can live on the admin domain, rather than the frontend. This is because most of its uses/functions will be in relation to the admin domain. * Improved settings model tests This removes hardcoded positions in favour of testing that a particular event wasn't emitted which is less brittle and more precise about what's being tested * Fixed parent app unit tests for well-known This updates the parent app unit tests to check that the well-known route is mounted. We all change proxyquire to use `noCallThru` which ensures that the ubderlying modules are not required. This stops the initialisation logic in ./well-known erroring in tests https://github.com/thlorenz/proxyquire/issues/215 * Moved jwt signature to a separate 'token' propery This structure corresponds to other resources and allows to exptend with additional properties in future if needed
2020-01-20 14:45:58 +03:00
const getGhostKey = doBlock(() => {
let UNO_KEYPAIRINO;
return function getGhostKey(type) {
if (!UNO_KEYPAIRINO) {
UNO_KEYPAIRINO = keypair({bits: 1024});
}
return UNO_KEYPAIRINO[type];
};
});
Restructure default-settings.json and add validations to important settings.
2013-09-02 05:49:08 +04:00
// For neatness, the defaults file is split into categories.
// It's much easier for us to work with it as a single level
// instead of iterating those categories every time
function parseDefaultSettings() {
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
const defaultSettingsInCategories = require('../data/schema/').defaultSettings;
const defaultSettingsFlattened = {};
const dynamicDefault = {
db_hash: () => uuid.v4(),
public_hash: () => crypto.randomBytes(15).toString('hex'),
// @TODO: session_secret would ideally be named "admin_session_secret"
session_secret: () => crypto.randomBytes(32).toString('hex'),
theme_session_secret: () => crypto.randomBytes(32).toString('hex'),
members_public_key: () => getMembersKey('public'),
members_private_key: () => getMembersKey('private'),
members_email_auth_secret: () => crypto.randomBytes(64).toString('hex'),
ghost_public_key: () => getGhostKey('public'),
ghost_private_key: () => getGhostKey('private')
};
Restructure default-settings.json and add validations to important settings.
2013-09-02 05:49:08 +04:00
Misc cleanup: moving files & naming functions
2015-06-14 18:58:49 +03:00
_.each(defaultSettingsInCategories, function each(settings, categoryName) {
Updated default settings and schema with updated types refs https://github.com/TryGhost/Ghost/issues/10318 - Updates default settings to contain correct type and validation for each setting - Updates `populateDefaults` to correctly insert type value for new settings - Updates settings schema to allow only select types - `array`, `number`, `boolean`, `string` - `object` is a temporary type allowed till we get rid of all JSON object settings
2020-06-30 15:02:43 +03:00
_.each(settings, function eachSetting(setting, settingName) {
Added migration to add settings.{group,flags} columns (#11951) refs https://github.com/TryGhost/Ghost/issues/10318 - `group` - to replace the `type` column, provides a more descriptive name for the columns use - for existing sites it will be populated by migrating data from the `type` column in a later migration - for new sites a minimal update has been added to `parseDefaultSettings()` to populate the `group` field when settings are created during startup - fixes the NOT NULL constraint on `settings.group` - `flags` - signifies special handling that is different to other settings in a group - eg, `PUBLIC,RO` would indicate that the setting is available via unauthenticated endpoints and is read-only
2020-06-24 13:58:15 +03:00
setting.group = categoryName;
Restructure default-settings.json and add validations to important settings.
2013-09-02 05:49:08 +04:00
setting.key = settingName;
Improved dynamic default options performance (#10816) closes #10789 * Updated keypair generation to use a memoised fn This allows us to embed the members dynamic defaults in the object at definition, and will allow us to only create the keypair when we need it, in future. * Added getDefaultValue fn to default setting obj This will allow us to generate the default values when they're needed rather than at boot time. * Ensured dynamic defaults only generated when used This replaces all the dynamic default values with functions to return the values, and then calls (if required) that function inside the getDefaultValue method of the setting object.
2019-07-05 10:30:29 +03:00
setting.getDefaultValue = function getDefaultValue() {
const getDynamicDefault = dynamicDefault[setting.key];
if (getDynamicDefault) {
return getDynamicDefault();
} else {
return setting.defaultValue;
}
};
Fix lazy loading of settings Closes #3281 - Add the missing return to populateDefault - Wrap defaultSetting in [] when passing to readSettingsResult - Populate default value of dbHash in parseDefaultSettings - Modify migrations.init to only load databaseVersion for export_spec test - Fix spacing in test util file and null reference error in test - Uncomment user tests (but add .skip) and remove settings from testUtils.setup()
2014-07-28 01:04:58 +04:00
Restructure default-settings.json and add validations to important settings.
2013-09-02 05:49:08 +04:00
defaultSettingsFlattened[settingName] = setting;
});
});
return defaultSettingsFlattened;
}
Lazy load default settings Closes #2061 - Lazy load the defaultSettings value in Settings model - Populate individual defaults before read/edit - Populate all defaults before first browse call - Remove populateDefaults calls from init code
2014-06-17 19:36:47 +04:00
function getDefaultSettings() {
if (!defaultSettings) {
defaultSettings = parseDefaultSettings();
}
return defaultSettings;
}
Changes to Settings Model - add email default setting to fixture - make settings a single model - create UNIQUE index on setting keys
2013-06-08 09:03:55 +04:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
// Each setting is saved as a separate row in the database,
// but the overlying API treats them as a single key:value mapping
Updating to bookshelf 0.5.7 & knex 0.4.11
2013-09-23 02:20:08 +04:00
Settings = ghostBookshelf.Model.extend({
Agressive stripping of the model attributes - fixes #517 - prevents this from occuring again in future with other relations - validation function & stripping done for all models - casper test for flow, plus validation & logged out tests
2013-08-25 14:49:31 +04:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
tableName: 'settings',
Agressive stripping of the model attributes - fixes #517 - prevents this from occuring again in future with other relations - validation function & stripping done for all models - casper test for flow, plus validation & logged out tests
2013-08-25 14:49:31 +04:00
Misc cleanup: moving files & naming functions
2015-06-14 18:58:49 +03:00
defaults: function defaults() {
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
return {
Updating settings types - issue #573, issue #632
2013-09-14 22:04:41 +04:00
type: 'core'
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
};
Agressive stripping of the model attributes - fixes #517 - prevents this from occuring again in future with other relations - validation function & stripping done for all models - casper test for flow, plus validation & logged out tests
2013-08-25 14:49:31 +04:00
},
🎨 do not run model listeners on import (#8720) no issue - if you upload a huge import file, parallel operations can throw errors e.g. lock wait exceeds - this can happen if multiple transactions run in parallel - there is no need to run: 1. the removal of active tokens on import, because imported users have no active session 2. rescheduling logic on timezone, because importing scheduled posts works out of the box via the model layer (if a published date is detected and it's in the future, the post get's scheduled)
2017-07-21 11:58:58 +03:00
emitChange: function emitChange(event, options) {
Fixed model events and transactions (#9524) no issue - if multiple queries run in a transaction, the model events are triggered before the txn finished - if the txn rolls back, the events are anyway emitted - the events are triggered too early - solution: - `emitChange` needs to detect that a transaction is happening - it listens on a txn event to determine if events should be triggered
2018-04-06 19:19:45 +03:00
const eventToTrigger = 'settings' + '.' + event;
ghostBookshelf.Model.prototype.emitChange.bind(this)(this, eventToTrigger, options);
Add events to settings model issue #5370 - Add emit method to settings model - Update settings spec to test for events emitted - Fix formatting on tags spec
2015-06-15 11:36:01 +03:00
},
Fixed model events and transactions (#9524) no issue - if multiple queries run in a transaction, the model events are triggered before the txn finished - if the txn rolls back, the events are anyway emitted - the events are triggered too early - solution: - `emitChange` needs to detect that a transaction is happening - it listens on a txn event to determine if events should be triggered
2018-04-06 19:19:45 +03:00
onDestroyed: function onDestroyed(model, options) {
Ensured consistency for event handlers in the model layer no issue - the event chain works like this: - if a model registers an event, it get's triggered, because it's stronger than the base model - but you have to call the base model to agree on a contract, because base model implements generic logic in event handlers - this was inconsistently used
2019-02-07 12:59:37 +03:00
ghostBookshelf.Model.prototype.onDestroyed.apply(this, arguments);
Fixed model events and transactions (#9524) no issue - if multiple queries run in a transaction, the model events are triggered before the txn finished - if the txn rolls back, the events are anyway emitted - the events are triggered too early - solution: - `emitChange` needs to detect that a transaction is happening - it listens on a txn event to determine if events should be triggered
2018-04-06 19:19:45 +03:00
model.emitChange('deleted', options);
model.emitChange(model._previousAttributes.key + '.' + 'deleted', options);
🎨 register events in base model (#7560) refs #7432 - all models implemented it's own initialize fn to register events - we can register all events in the base model - important: we only listen on the event, if the model has defined a hook for it - this is just a small clean up PR - register more bookshelf events
2016-10-14 15:37:01 +03:00
},
Add events to settings model issue #5370 - Add emit method to settings model - Update settings spec to test for events emitted - Fix formatting on tags spec
2015-06-15 11:36:01 +03:00
🎨 do not run model listeners on import (#8720) no issue - if you upload a huge import file, parallel operations can throw errors e.g. lock wait exceeds - this can happen if multiple transactions run in parallel - there is no need to run: 1. the removal of active tokens on import, because imported users have no active session 2. rescheduling logic on timezone, because importing scheduled posts works out of the box via the model layer (if a published date is detected and it's in the future, the post get's scheduled)
2017-07-21 11:58:58 +03:00
onCreated: function onCreated(model, response, options) {
Ensured consistency for event handlers in the model layer no issue - the event chain works like this: - if a model registers an event, it get's triggered, because it's stronger than the base model - but you have to call the base model to agree on a contract, because base model implements generic logic in event handlers - this was inconsistently used
2019-02-07 12:59:37 +03:00
ghostBookshelf.Model.prototype.onCreated.apply(this, arguments);
Fixed model events and transactions (#9524) no issue - if multiple queries run in a transaction, the model events are triggered before the txn finished - if the txn rolls back, the events are anyway emitted - the events are triggered too early - solution: - `emitChange` needs to detect that a transaction is happening - it listens on a txn event to determine if events should be triggered
2018-04-06 19:19:45 +03:00
model.emitChange('added', options);
🎨 do not run model listeners on import (#8720) no issue - if you upload a huge import file, parallel operations can throw errors e.g. lock wait exceeds - this can happen if multiple transactions run in parallel - there is no need to run: 1. the removal of active tokens on import, because imported users have no active session 2. rescheduling logic on timezone, because importing scheduled posts works out of the box via the model layer (if a published date is detected and it's in the future, the post get's scheduled)
2017-07-21 11:58:58 +03:00
model.emitChange(model.attributes.key + '.' + 'added', options);
🎨 register events in base model (#7560) refs #7432 - all models implemented it's own initialize fn to register events - we can register all events in the base model - important: we only listen on the event, if the model has defined a hook for it - this is just a small clean up PR - register more bookshelf events
2016-10-14 15:37:01 +03:00
},
🎨 do not run model listeners on import (#8720) no issue - if you upload a huge import file, parallel operations can throw errors e.g. lock wait exceeds - this can happen if multiple transactions run in parallel - there is no need to run: 1. the removal of active tokens on import, because imported users have no active session 2. rescheduling logic on timezone, because importing scheduled posts works out of the box via the model layer (if a published date is detected and it's in the future, the post get's scheduled)
2017-07-21 11:58:58 +03:00
onUpdated: function onUpdated(model, response, options) {
Ensured consistency for event handlers in the model layer no issue - the event chain works like this: - if a model registers an event, it get's triggered, because it's stronger than the base model - but you have to call the base model to agree on a contract, because base model implements generic logic in event handlers - this was inconsistently used
2019-02-07 12:59:37 +03:00
ghostBookshelf.Model.prototype.onUpdated.apply(this, arguments);
Fixed model events and transactions (#9524) no issue - if multiple queries run in a transaction, the model events are triggered before the txn finished - if the txn rolls back, the events are anyway emitted - the events are triggered too early - solution: - `emitChange` needs to detect that a transaction is happening - it listens on a txn event to determine if events should be triggered
2018-04-06 19:19:45 +03:00
model.emitChange('edited', options);
🎨 do not run model listeners on import (#8720) no issue - if you upload a huge import file, parallel operations can throw errors e.g. lock wait exceeds - this can happen if multiple transactions run in parallel - there is no need to run: 1. the removal of active tokens on import, because imported users have no active session 2. rescheduling logic on timezone, because importing scheduled posts works out of the box via the model layer (if a published date is detected and it's in the future, the post get's scheduled)
2017-07-21 11:58:58 +03:00
model.emitChange(model.attributes.key + '.' + 'edited', options);
Add events to settings model issue #5370 - Add emit method to settings model - Update settings spec to test for events emitted - Fix formatting on tags spec
2015-06-15 11:36:01 +03:00
},
🎨 register events in base model (#7560) refs #7432 - all models implemented it's own initialize fn to register events - we can register all events in the base model - important: we only listen on the event, if the model has defined a hook for it - this is just a small clean up PR - register more bookshelf events
2016-10-14 15:37:01 +03:00
onValidate: function onValidate() {
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
const self = this;
Fix active theme selector. Add validation to API. Closes #3226 - Remove dependent property from the computed content property that is used to build the active theme selector. - Add validation to the Settings model so that it rejects attempts to set an activeTheme that is not installed.
2014-07-10 02:11:04 +04:00
Improved validation layer (#9427) refs https://github.com/TryGhost/Ghost/issues/3658 - the `validateSchema` helper was a bit broken - if you add a user without email, you will receive a database error - but the validation error should catch that email is passed with null - it was broken, because: - A: it called `toJSON` -> this can remove properties from the output (e.g. password) - B: we only validated fields, which were part of the JSON data (model.hasOwnProperty) - we now differentiate between schema validation for update and insert - fixed one broken import test - if you import a post without a status, it should not error - it falls back to the default value - removed user model `onValidate` - the user model added a custom implementation of `onValidate`, because of a bug which we experienced (see https://github.com/TryGhost/Ghost/issues/3638) - with the refactoring this is no longer required - we only validate fields which have changed when updating resources - also, removed extra safe catch when logging in (no longer needed - unit tested) - add lot's of unit tests to proof the code change - always call the base class, except you have a good reason
2018-02-16 02:49:15 +03:00
return ghostBookshelf.Model.prototype.onValidate.apply(this, arguments)
.then(function then() {
return validation.validateSettings(getDefaultSettings(), self);
});
🐛 Fixed private blogging getting enabled when saving any setting (#10576) no issue - Reported here: https://forum.ghost.org/t/in-version-2-16-3-found-bug/6065/3 --- Admin Client sends false or true booleans for `is_private` key. The settings table has two columns "key" and "value". And "value" is always type TEXT. If you pass value=false, the db will transform this value into "0". `settingsCache.get('is_private')` is then always true, even though the value is meant to be false. We should add a migration in v3 and normalize all setting values to ensure consistent database values. Furthermore, we should improve the handling around settings values in general. For now, we protect parsing values from DB, which we anyway need to transform the values into the correct data type, because we always save strings. This will protect values being stored as "false" or "1" or whatever.
2019-03-06 14:56:26 +03:00
},
Added db formatter for settings model refs #10582 - ensure we won't forward booleans to database - type TEXT will transform booleans to "0"/"1!
2019-03-07 14:17:21 +03:00
format() {
const attrs = ghostBookshelf.Model.prototype.format.apply(this, arguments);
Updated serializers/model layer validation using settings type refs https://github.com/TryGhost/Ghost/issues/10318 - Updates `boolean` serialization in v2/canary serializers to apply only for `boolean` type settings - Updates `boolean` transformation in model layer `format`/`parse` to check on `boolean` type setting - Removes error thrown on Read-only setting for settings edit endpoint - Updates v2/canary input serializers to remove any Read-only settings (using RO flag) to avoid edits - Added type/group mappings in the importer when pre-migration settings table import data is present - Updates tests
2020-06-30 15:04:56 +03:00
const settingType = attrs.type;
if (settingType === 'boolean') {
// CASE: Ensure we won't forward strings, otherwise model events or model interactions can fail
if (attrs.value === '0' || attrs.value === '1') {
attrs.value = !!+attrs.value;
}
// CASE: Ensure we won't forward strings, otherwise model events or model interactions can fail
if (attrs.value === 'false' || attrs.value === 'true') {
attrs.value = JSON.parse(attrs.value);
}
if (_.isBoolean(attrs.value)) {
attrs.value = attrs.value.toString();
}
Added db formatter for settings model refs #10582 - ensure we won't forward booleans to database - type TEXT will transform booleans to "0"/"1!
2019-03-07 14:17:21 +03:00
}
return attrs;
},
🐛 Fixed private blogging getting enabled when saving any setting (#10576) no issue - Reported here: https://forum.ghost.org/t/in-version-2-16-3-found-bug/6065/3 --- Admin Client sends false or true booleans for `is_private` key. The settings table has two columns "key" and "value". And "value" is always type TEXT. If you pass value=false, the db will transform this value into "0". `settingsCache.get('is_private')` is then always true, even though the value is meant to be false. We should add a migration in v3 and normalize all setting values to ensure consistent database values. Furthermore, we should improve the handling around settings values in general. For now, we protect parsing values from DB, which we anyway need to transform the values into the correct data type, because we always save strings. This will protect values being stored as "false" or "1" or whatever.
2019-03-06 14:56:26 +03:00
parse() {
const attrs = ghostBookshelf.Model.prototype.parse.apply(this, arguments);
Updated serializers/model layer validation using settings type refs https://github.com/TryGhost/Ghost/issues/10318 - Updates `boolean` serialization in v2/canary serializers to apply only for `boolean` type settings - Updates `boolean` transformation in model layer `format`/`parse` to check on `boolean` type setting - Removes error thrown on Read-only setting for settings edit endpoint - Updates v2/canary input serializers to remove any Read-only settings (using RO flag) to avoid edits - Added type/group mappings in the importer when pre-migration settings table import data is present - Updates tests
2020-06-30 15:04:56 +03:00
// transform "0" to false for boolean type
const settingType = attrs.type;
if (settingType === 'boolean' && (attrs.value === '0' || attrs.value === '1')) {
🐛 Fixed private blogging getting enabled when saving any setting (#10576) no issue - Reported here: https://forum.ghost.org/t/in-version-2-16-3-found-bug/6065/3 --- Admin Client sends false or true booleans for `is_private` key. The settings table has two columns "key" and "value". And "value" is always type TEXT. If you pass value=false, the db will transform this value into "0". `settingsCache.get('is_private')` is then always true, even though the value is meant to be false. We should add a migration in v3 and normalize all setting values to ensure consistent database values. Furthermore, we should improve the handling around settings values in general. For now, we protect parsing values from DB, which we anyway need to transform the values into the correct data type, because we always save strings. This will protect values being stored as "false" or "1" or whatever.
2019-03-06 14:56:26 +03:00
attrs.value = !!+attrs.value;
}
Updated serializers/model layer validation using settings type refs https://github.com/TryGhost/Ghost/issues/10318 - Updates `boolean` serialization in v2/canary serializers to apply only for `boolean` type settings - Updates `boolean` transformation in model layer `format`/`parse` to check on `boolean` type setting - Removes error thrown on Read-only setting for settings edit endpoint - Updates v2/canary input serializers to remove any Read-only settings (using RO flag) to avoid edits - Added type/group mappings in the importer when pre-migration settings table import data is present - Updates tests
2020-06-30 15:04:56 +03:00
// transform "false" to false for boolean type
if (settingType === 'boolean' && (attrs.value === 'false' || attrs.value === 'true')) {
🐛 Fixed private blogging getting enabled when saving any setting (#10576) no issue - Reported here: https://forum.ghost.org/t/in-version-2-16-3-found-bug/6065/3 --- Admin Client sends false or true booleans for `is_private` key. The settings table has two columns "key" and "value". And "value" is always type TEXT. If you pass value=false, the db will transform this value into "0". `settingsCache.get('is_private')` is then always true, even though the value is meant to be false. We should add a migration in v3 and normalize all setting values to ensure consistent database values. Furthermore, we should improve the handling around settings values in general. For now, we protect parsing values from DB, which we anyway need to transform the values into the correct data type, because we always save strings. This will protect values being stored as "false" or "1" or whatever.
2019-03-06 14:56:26 +03:00
attrs.value = JSON.parse(attrs.value);
}
return attrs;
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
}
}, {
Revert "Revert "Force UTC at process level""
2016-06-03 11:06:18 +03:00
findOne: function (data, options) {
if (_.isEmpty(data)) {
options = data;
}
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
// Allow for just passing the key instead of attributes
Revert "Revert "Force UTC at process level""
2016-06-03 11:06:18 +03:00
if (!_.isObject(data)) {
data = {key: data};
adding uuid's for the posts, users, settings
2013-06-15 18:10:30 +04:00
}
Revert "Revert "Force UTC at process level""
2016-06-03 11:06:18 +03:00
return Promise.resolve(ghostBookshelf.Model.findOne.call(this, data, options));
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
Changes to Settings Model - add email default setting to fixture - make settings a single model - create UNIQUE index on setting keys
2013-06-08 09:03:55 +04:00
Sorted out the mixed usages of `include` and `withRelated` (#9425) no issue - this commit cleans up the usages of `include` and `withRelated`. ### API layer (`include`) - as request parameter e.g. `?include=roles,tags` - as theme API parameter e.g. `{{get .... include="author"}}` - as internal API access e.g. `api.posts.browse({include: 'author,tags'})` - the `include` notation is more readable than `withRelated` - and it allows us to use a different easier format (comma separated list) - the API utility transforms these more readable properties into model style (or into Ghost style) ### Model access (`withRelated`) - e.g. `models.Post.findPage({withRelated: ['tags']})` - driven by bookshelf --- Commits explained. * Reorder the usage of `convertOptions` - 1. validation - 2. options convertion - 3. permissions - the reason is simple, the permission layer access the model layer - we have to prepare the options before talking to the model layer - added `convertOptions` where it was missed (not required, but for consistency reasons) * Use `withRelated` when accessing the model layer and use `include` when accessing the API layer * Change `convertOptions` API utiliy - API Usage - ghost.api(..., {include: 'tags,authors'}) - `include` should only be used when calling the API (either via request or via manual usage) - `include` is only for readability and easier format - Ghost (Model Layer Usage) - models.Post.findOne(..., {withRelated: ['tags', 'authors']}) - should only use `withRelated` - model layer cannot read 'tags,authors` - model layer has no idea what `include` means, speaks a different language - `withRelated` is bookshelf - internal usage * include-count plugin: use `withRelated` instead of `include` - imagine you outsource this plugin to git and publish it to npm - `include` is an unknown option in bookshelf * Updated `permittedOptions` in base model - `include` is no longer a known option * Remove all occurances of `include` in the model layer * Extend `filterOptions` base function - this function should be called as first action - we clone the unfiltered options - check if you are using `include` (this is a protection which could help us in the beginning) - check for permitted and (later on default `withRelated`) options - the usage is coming in next commit * Ensure we call `filterOptions` as first action - use `ghostBookshelf.Model.filterOptions` as first action - consistent naming pattern for incoming options: `unfilteredOptions` - re-added allowed options for `toJSON` - one unsolved architecture problem: - if you override a function e.g. `edit` - then you should call `filterOptions` as first action - the base implementation of e.g. `edit` will call it again - future improvement * Removed `findOne` from Invite model - no longer needed, the base implementation is the same
2018-02-15 12:53:53 +03:00
edit: function (data, unfilteredOptions) {
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
const options = this.filterOptions(unfilteredOptions, 'edit');
const self = this;
Use current user in models closes #2058 - fixed apiContext as suggested in the issue - added user to options object for models - added api.users.register() for public registration - changed models to use options.user for created_by, updated_by, author_id and published_by - added override to session model to avoid created_by and updated_by values - added user (id: 1) to tests - added user (id: 1) for registration - added user (id: 1) for import, fixtures and default settings - added user (id: 1) for user update - added user (id: 1) for settings update (dbHash, installedApps, update check) - updated bookshelf to version 0.6.8
2014-04-03 17:03:09 +04:00
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData
2014-05-08 16:41:19 +04:00
if (!Array.isArray(data)) {
data = [data];
Changes to Settings Model - add email default setting to fixture - make settings a single model - create UNIQUE index on setting keys
2013-06-08 09:03:55 +04:00
}
Use current user in models closes #2058 - fixed apiContext as suggested in the issue - added user to options object for models - added api.users.register() for public registration - changed models to use options.user for created_by, updated_by, author_id and published_by - added override to session model to avoid created_by and updated_by values - added user (id: 1) to tests - added user (id: 1) for registration - added user (id: 1) for import, fixtures and default settings - added user (id: 1) for user update - added user (id: 1) for settings update (dbHash, installedApps, update check) - updated bookshelf to version 0.6.8
2014-04-03 17:03:09 +04:00
Replace the when promise library with bluebird. Closes #968
2014-08-17 10:17:23 +04:00
return Promise.map(data, function (item) {
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
// Accept an array of models as input
Import lib/common only refs #9178 - avoid importing 4 modules (logging, errors, events and i18n) - simply require common in each file
2017-12-12 00:47:46 +03:00
if (item.toJSON) {
item = item.toJSON();
}
Settings API Primary Document refactor Closes #2606 - Refactor settings api responses to { settings: [ ] } format - Update all code using api.settings to handle new response format - Update test stubs to return new format - Update client site settings model to parse new format into one object of key/value pairs - Refactor to include all setting values - Remove unused settingsCollection method - Update settingsCache to store all attributes - Update settingsResult to send all attributes - Remove unnecessary when() wraps - Reject if editing a setting that doesn't exist - Reject earlier if setting key is empty - Update tests with new error messages - Use setting.add instead of edit that was incorrectly adding - Update importer to properly import activePlugins and installedPlugins - Update expected setting result fields - Fix a weird situation where hasOwnProperty didn't exist :shrug:
2014-04-28 03:28:50 +04:00
if (!(_.isString(item.key) && item.key.length > 0)) {
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope
2020-05-22 21:22:20 +03:00
return Promise.reject(new errors.ValidationError({message: i18n.t('errors.models.settings.valueCannotBeBlank')}));
Settings API Primary Document refactor Closes #2606 - Refactor settings api responses to { settings: [ ] } format - Update all code using api.settings to handle new response format - Update test stubs to return new format - Update client site settings model to parse new format into one object of key/value pairs - Refactor to include all setting values - Remove unused settingsCollection method - Update settingsCache to store all attributes - Update settingsResult to send all attributes - Remove unnecessary when() wraps - Reject if editing a setting that doesn't exist - Reject earlier if setting key is empty - Update tests with new error messages - Use setting.add instead of edit that was incorrectly adding - Update importer to properly import activePlugins and installedPlugins - Update expected setting result fields - Fix a weird situation where hasOwnProperty didn't exist :shrug:
2014-04-28 03:28:50 +04:00
}
Sanitize models' attributes/options before passing to bookshelf/knex closes #2653 - enforce strict whitelists for model methods - create a class method that reports a model method's valid options - create a class method that filters a model's valid attributes from data - create a class method that filters valid options from a model method's options hash
2014-05-06 05:45:08 +04:00
item = self.filterData(item);
Misc cleanup: moving files & naming functions
2015-06-14 18:58:49 +03:00
return Settings.forge({key: item.key}).fetch(options).then(function then(setting) {
Proper settings infrastructure, allowing new features without compromising old data. On server load, check for settings which have not been set, and apply a default value to the settings table from a JSON file.
2013-09-02 05:49:08 +04:00
if (setting) {
Revert "Revert "Force UTC at process level""
2016-06-03 11:06:18 +03:00
// it's allowed to edit all attributes in case of importing/migrating
if (options.importing) {
Refactored to save settings only if value changes (#9194) refs #9192 - Each setting is saved individually - Update this to only happen on import, or when a value changes - Reduces the amount of work Ghost does on every setting change
2017-10-31 18:47:30 +03:00
return setting.save(item, options);
} else {
// If we have a value, set it.
Update Test & linting packages (major) (#10858) no issue - Updated Test & linting packages - Updated use of hasOwnProperty - Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins) - Removed already defined built-in global variable Intl - Applied `--fix` with lint command on `core/test` folder - The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes) - Removed redundant global variable declarations to pass linting
2019-07-05 14:40:43 +03:00
if (Object.prototype.hasOwnProperty.call(item, 'value')) {
Refactored to save settings only if value changes (#9194) refs #9192 - Each setting is saved individually - Update this to only happen on import, or when a value changes - Reduces the amount of work Ghost does on every setting change
2017-10-31 18:47:30 +03:00
setting.set('value', item.value);
}
// Internal context can overwrite type (for fixture migrations)
Update Test & linting packages (major) (#10858) no issue - Updated Test & linting packages - Updated use of hasOwnProperty - Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins) - Removed already defined built-in global variable Intl - Applied `--fix` with lint command on `core/test` folder - The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes) - Removed redundant global variable declarations to pass linting
2019-07-05 14:40:43 +03:00
if (options.context && options.context.internal && Object.prototype.hasOwnProperty.call(item, 'type')) {
Refactored to save settings only if value changes (#9194) refs #9192 - Each setting is saved individually - Update this to only happen on import, or when a value changes - Reduces the amount of work Ghost does on every setting change
2017-10-31 18:47:30 +03:00
setting.set('type', item.type);
}
// If anything has changed, save the updated model
if (setting.hasChanged()) {
return setting.save(null, options);
}
return setting;
Revert "Revert "Force UTC at process level""
2016-06-03 11:06:18 +03:00
}
Proper settings infrastructure, allowing new features without compromising old data. On server load, check for settings which have not been set, and apply a default value to the settings table from a JSON file.
2013-09-02 05:49:08 +04:00
}
Use current user in models closes #2058 - fixed apiContext as suggested in the issue - added user to options object for models - added api.users.register() for public registration - changed models to use options.user for created_by, updated_by, author_id and published_by - added override to session model to avoid created_by and updated_by values - added user (id: 1) to tests - added user (id: 1) for registration - added user (id: 1) for import, fixtures and default settings - added user (id: 1) for user update - added user (id: 1) for settings update (dbHash, installedApps, update check) - updated bookshelf to version 0.6.8
2014-04-03 17:03:09 +04:00
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope
2020-05-22 21:22:20 +03:00
return Promise.reject(new errors.NotFoundError({message: i18n.t('errors.models.settings.unableToFindSetting', {key: item.key})}));
🎨 configurable logging with bunyan (#7431) - 🛠 add bunyan and prettyjson, remove morgan - ✨ add logging module - GhostLogger class that handles setup of bunyan - PrettyStream for stdout - ✨ config for logging - @TODO: testing level fatal? - ✨ log each request via GhostLogger (express middleware) - @TODO: add errors to output - 🔥 remove errors.updateActiveTheme - we can read the value from config - 🔥 remove 15 helper functions in core/server/errors/index.js - all these functions get replaced by modules: 1. logging 2. error middleware handling for html/json 3. error creation (which will be part of PR #7477) - ✨ add express error handler for html/json - one true error handler for express responses - contains still some TODO's, but they are not high priority for first implementation/integration - this middleware only takes responsibility of either rendering html responses or return json error responses - 🎨 use new express error handler in middleware/index - 404 and 500 handling - 🎨 return error instead of error message in permissions/index.js - the rule for error handling should be: if you call a unit, this unit should return a custom Ghost error - 🎨 wrap serve static module - rule: if you call a module/unit, you should always wrap this error - it's always the same rule - so the caller never has to worry about what comes back - it's always a clear error instance - in this case: we return our notfounderror if serve static does not find the resource - this avoid having checks everywhere - 🎨 replace usages of errors/index.js functions and adapt tests - use logging.error, logging.warn - make tests green - remove some usages of logging and throwing api errors -> because when a request is involved, logging happens automatically - 🐛 return errorDetails to Ghost-Admin - errorDetails is used for Theme error handling - 🎨 use 500er error for theme is missing error in theme-handler - 🎨 extend file rotation to 1w
2016-10-04 18:33:43 +03:00
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
});
Proper settings infrastructure, allowing new features without compromising old data. On server load, check for settings which have not been set, and apply a default value to the settings table from a JSON file.
2013-09-02 05:49:08 +04:00
},
Updated Settings.populateDefaults() to account for available columns refs https://github.com/TryGhost/Ghost/issues/10318 `Settings.populateDefaults()` is run before migrations during Ghost's startup. This can cause problems when new settings table columns are added (and populated in `default-settings.json`) because `populateDefaults()` was using the model layer which assumes that those columns are available, resulting in `ER_BAD_FIELD_ERROR: Unknown column` type errors. - query the database for the available `settings` table columns - switch to using raw knex queries without Bookshelf for insertions so that we're in control of the columns that are added - use `_.pick` to skip any properties in `default-settings.json` that do not match to an available column - those columns will be added and populated by later migrations - moving away from using the model to insert settings has the side-effect of not emitting `settings.added/edited` and `settings.x.added/edited` events, this should be fine because `populateDefaults()` is called before anything else is set up and listening - added a call to `populateDefaults()` in our knex-migrator "before migration" hook so that we have consistent db state across both startup initialised migrations and manually triggered knex migrations
2020-06-25 16:22:15 +03:00
populateDefaults: async function populateDefaults(unfilteredOptions) {
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
const options = this.filterOptions(unfilteredOptions, 'populateDefaults');
const self = this;
🔥 🎨 No more updateSettingsCache (#8090) no issue 🔥 Remove unnecessary cache update 🎨 simplify updateSettingsCache() 🎨 Simplify readSettingsResult - although this is more code, it's now much clearer what happens in the two cases 🎨 Don't use readSettingResult for edit 🎨 Simplify updateSettingsCache further 🔥 Remove now unused readSettingsResult 🎨 Change populateDefault to return all 🎨 Move the findAll call out of updateSettingsCache 🔥 Remove updateSettingsCache!! 🎨 Restructure init & finish up settingsCache - move initialisation into settingsCache.init AT LAST - change settingCache to use cloneDeep, so that the object can't be modified outside of the functions - add lots of docs to settings cache 🎨 Cleanup db api endpoints 🔥 Don't populate settings in migrations
2017-03-03 01:00:01 +03:00
Sorted out the mixed usages of `include` and `withRelated` (#9425) no issue - this commit cleans up the usages of `include` and `withRelated`. ### API layer (`include`) - as request parameter e.g. `?include=roles,tags` - as theme API parameter e.g. `{{get .... include="author"}}` - as internal API access e.g. `api.posts.browse({include: 'author,tags'})` - the `include` notation is more readable than `withRelated` - and it allows us to use a different easier format (comma separated list) - the API utility transforms these more readable properties into model style (or into Ghost style) ### Model access (`withRelated`) - e.g. `models.Post.findPage({withRelated: ['tags']})` - driven by bookshelf --- Commits explained. * Reorder the usage of `convertOptions` - 1. validation - 2. options convertion - 3. permissions - the reason is simple, the permission layer access the model layer - we have to prepare the options before talking to the model layer - added `convertOptions` where it was missed (not required, but for consistency reasons) * Use `withRelated` when accessing the model layer and use `include` when accessing the API layer * Change `convertOptions` API utiliy - API Usage - ghost.api(..., {include: 'tags,authors'}) - `include` should only be used when calling the API (either via request or via manual usage) - `include` is only for readability and easier format - Ghost (Model Layer Usage) - models.Post.findOne(..., {withRelated: ['tags', 'authors']}) - should only use `withRelated` - model layer cannot read 'tags,authors` - model layer has no idea what `include` means, speaks a different language - `withRelated` is bookshelf - internal usage * include-count plugin: use `withRelated` instead of `include` - imagine you outsource this plugin to git and publish it to npm - `include` is an unknown option in bookshelf * Updated `permittedOptions` in base model - `include` is no longer a known option * Remove all occurances of `include` in the model layer * Extend `filterOptions` base function - this function should be called as first action - we clone the unfiltered options - check if you are using `include` (this is a protection which could help us in the beginning) - check for permitted and (later on default `withRelated`) options - the usage is coming in next commit * Ensure we call `filterOptions` as first action - use `ghostBookshelf.Model.filterOptions` as first action - consistent naming pattern for incoming options: `unfilteredOptions` - re-added allowed options for `toJSON` - one unsolved architecture problem: - if you override a function e.g. `edit` - then you should call `filterOptions` as first action - the base implementation of e.g. `edit` will call it again - future improvement * Removed `findOne` from Invite model - no longer needed, the base implementation is the same
2018-02-15 12:53:53 +03:00
if (!options.context) {
options.context = internalContext.context;
}
improvement: migrations (#7000) closes #6972, #6574 - run each database version as top level transaction - run migrations in correct order
2016-07-14 13:59:42 +03:00
Updated Settings.populateDefaults() to account for available columns refs https://github.com/TryGhost/Ghost/issues/10318 `Settings.populateDefaults()` is run before migrations during Ghost's startup. This can cause problems when new settings table columns are added (and populated in `default-settings.json`) because `populateDefaults()` was using the model layer which assumes that those columns are available, resulting in `ER_BAD_FIELD_ERROR: Unknown column` type errors. - query the database for the available `settings` table columns - switch to using raw knex queries without Bookshelf for insertions so that we're in control of the columns that are added - use `_.pick` to skip any properties in `default-settings.json` that do not match to an available column - those columns will be added and populated by later migrations - moving away from using the model to insert settings has the side-effect of not emitting `settings.added/edited` and `settings.x.added/edited` events, this should be fine because `populateDefaults()` is called before anything else is set up and listening - added a call to `populateDefaults()` in our knex-migrator "before migration" hook so that we have consistent db state across both startup initialised migrations and manually triggered knex migrations
2020-06-25 16:22:15 +03:00
// this is required for sqlite to pick up the columns after db init
await ghostBookshelf.knex.destroy();
await ghostBookshelf.knex.initialize();
// fetch available columns to avoid populating columns not yet created by migrations
const columnInfo = await ghostBookshelf.knex.table('settings').columnInfo();
const columns = Object.keys(columnInfo);
// fetch other data that is used when inserting new settings
const date = ghostBookshelf.knex.raw('CURRENT_TIMESTAMP');
let owner;
try {
owner = await ghostBookshelf.model('User').getOwnerUser();
} catch (e) {
// in some tests the owner is deleted and not recreated before setup
if (e.errorType === 'NotFoundError') {
owner = {id: 1};
} else {
throw e;
}
}
🔥 🎨 No more updateSettingsCache (#8090) no issue 🔥 Remove unnecessary cache update 🎨 simplify updateSettingsCache() 🎨 Simplify readSettingsResult - although this is more code, it's now much clearer what happens in the two cases 🎨 Don't use readSettingResult for edit 🎨 Simplify updateSettingsCache further 🔥 Remove now unused readSettingsResult 🎨 Change populateDefault to return all 🎨 Move the findAll call out of updateSettingsCache 🔥 Remove updateSettingsCache!! 🎨 Restructure init & finish up settingsCache - move initialisation into settingsCache.init AT LAST - change settingCache to use cloneDeep, so that the object can't be modified outside of the functions - add lots of docs to settings cache 🎨 Cleanup db api endpoints 🔥 Don't populate settings in migrations
2017-03-03 01:00:01 +03:00
return this
.findAll(options)
.then(function checkAllSettings(allSettings) {
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
const usedKeys = allSettings.models.map(function mapper(setting) {
return setting.get('key');
});
const insertOperations = [];
improvement: migrations (#7000) closes #6972, #6574 - run each database version as top level transaction - run migrations in correct order
2016-07-14 13:59:42 +03:00
🔥 🎨 No more updateSettingsCache (#8090) no issue 🔥 Remove unnecessary cache update 🎨 simplify updateSettingsCache() 🎨 Simplify readSettingsResult - although this is more code, it's now much clearer what happens in the two cases 🎨 Don't use readSettingResult for edit 🎨 Simplify updateSettingsCache further 🔥 Remove now unused readSettingsResult 🎨 Change populateDefault to return all 🎨 Move the findAll call out of updateSettingsCache 🔥 Remove updateSettingsCache!! 🎨 Restructure init & finish up settingsCache - move initialisation into settingsCache.init AT LAST - change settingCache to use cloneDeep, so that the object can't be modified outside of the functions - add lots of docs to settings cache 🎨 Cleanup db api endpoints 🔥 Don't populate settings in migrations
2017-03-03 01:00:01 +03:00
_.each(getDefaultSettings(), function forEachDefault(defaultSetting, defaultSettingKey) {
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
const isMissingFromDB = usedKeys.indexOf(defaultSettingKey) === -1;
🔥 🎨 No more updateSettingsCache (#8090) no issue 🔥 Remove unnecessary cache update 🎨 simplify updateSettingsCache() 🎨 Simplify readSettingsResult - although this is more code, it's now much clearer what happens in the two cases 🎨 Don't use readSettingResult for edit 🎨 Simplify updateSettingsCache further 🔥 Remove now unused readSettingsResult 🎨 Change populateDefault to return all 🎨 Move the findAll call out of updateSettingsCache 🔥 Remove updateSettingsCache!! 🎨 Restructure init & finish up settingsCache - move initialisation into settingsCache.init AT LAST - change settingCache to use cloneDeep, so that the object can't be modified outside of the functions - add lots of docs to settings cache 🎨 Cleanup db api endpoints 🔥 Don't populate settings in migrations
2017-03-03 01:00:01 +03:00
if (isMissingFromDB) {
Improved dynamic default options performance (#10816) closes #10789 * Updated keypair generation to use a memoised fn This allows us to embed the members dynamic defaults in the object at definition, and will allow us to only create the keypair when we need it, in future. * Added getDefaultValue fn to default setting obj This will allow us to generate the default values when they're needed rather than at boot time. * Ensured dynamic defaults only generated when used This replaces all the dynamic default values with functions to return the values, and then calls (if required) that function inside the getDefaultValue method of the setting object.
2019-07-05 10:30:29 +03:00
defaultSetting.value = defaultSetting.getDefaultValue();
Updated Settings.populateDefaults() to account for available columns refs https://github.com/TryGhost/Ghost/issues/10318 `Settings.populateDefaults()` is run before migrations during Ghost's startup. This can cause problems when new settings table columns are added (and populated in `default-settings.json`) because `populateDefaults()` was using the model layer which assumes that those columns are available, resulting in `ER_BAD_FIELD_ERROR: Unknown column` type errors. - query the database for the available `settings` table columns - switch to using raw knex queries without Bookshelf for insertions so that we're in control of the columns that are added - use `_.pick` to skip any properties in `default-settings.json` that do not match to an available column - those columns will be added and populated by later migrations - moving away from using the model to insert settings has the side-effect of not emitting `settings.added/edited` and `settings.x.added/edited` events, this should be fine because `populateDefaults()` is called before anything else is set up and listening - added a call to `populateDefaults()` in our knex-migrator "before migration" hook so that we have consistent db state across both startup initialised migrations and manually triggered knex migrations
2020-06-25 16:22:15 +03:00
const settingValues = Object.assign({}, defaultSetting, {
id: ObjectID.generate(),
created_at: date,
created_by: owner.id,
updated_at: date,
updated_by: owner.id
});
insertOperations.push(
ghostBookshelf.knex
.table('settings')
.insert(_.pick(settingValues, columns))
);
🔥 🎨 No more updateSettingsCache (#8090) no issue 🔥 Remove unnecessary cache update 🎨 simplify updateSettingsCache() 🎨 Simplify readSettingsResult - although this is more code, it's now much clearer what happens in the two cases 🎨 Don't use readSettingResult for edit 🎨 Simplify updateSettingsCache further 🔥 Remove now unused readSettingsResult 🎨 Change populateDefault to return all 🎨 Move the findAll call out of updateSettingsCache 🔥 Remove updateSettingsCache!! 🎨 Restructure init & finish up settingsCache - move initialisation into settingsCache.init AT LAST - change settingCache to use cloneDeep, so that the object can't be modified outside of the functions - add lots of docs to settings cache 🎨 Cleanup db api endpoints 🔥 Don't populate settings in migrations
2017-03-03 01:00:01 +03:00
}
});
Proper settings infrastructure, allowing new features without compromising old data. On server load, check for settings which have not been set, and apply a default value to the settings table from a JSON file.
2013-09-02 05:49:08 +04:00
🔥 🎨 No more updateSettingsCache (#8090) no issue 🔥 Remove unnecessary cache update 🎨 simplify updateSettingsCache() 🎨 Simplify readSettingsResult - although this is more code, it's now much clearer what happens in the two cases 🎨 Don't use readSettingResult for edit 🎨 Simplify updateSettingsCache further 🔥 Remove now unused readSettingsResult 🎨 Change populateDefault to return all 🎨 Move the findAll call out of updateSettingsCache 🔥 Remove updateSettingsCache!! 🎨 Restructure init & finish up settingsCache - move initialisation into settingsCache.init AT LAST - change settingCache to use cloneDeep, so that the object can't be modified outside of the functions - add lots of docs to settings cache 🎨 Cleanup db api endpoints 🔥 Don't populate settings in migrations
2017-03-03 01:00:01 +03:00
if (insertOperations.length > 0) {
return Promise.all(insertOperations).then(function fetchAllToReturn() {
return self.findAll(options);
});
Proper settings infrastructure, allowing new features without compromising old data. On server load, check for settings which have not been set, and apply a default value to the settings table from a JSON file.
2013-09-02 05:49:08 +04:00
}
🔥 🎨 No more updateSettingsCache (#8090) no issue 🔥 Remove unnecessary cache update 🎨 simplify updateSettingsCache() 🎨 Simplify readSettingsResult - although this is more code, it's now much clearer what happens in the two cases 🎨 Don't use readSettingResult for edit 🎨 Simplify updateSettingsCache further 🔥 Remove now unused readSettingsResult 🎨 Change populateDefault to return all 🎨 Move the findAll call out of updateSettingsCache 🔥 Remove updateSettingsCache!! 🎨 Restructure init & finish up settingsCache - move initialisation into settingsCache.init AT LAST - change settingCache to use cloneDeep, so that the object can't be modified outside of the functions - add lots of docs to settings cache 🎨 Cleanup db api endpoints 🔥 Don't populate settings in migrations
2017-03-03 01:00:01 +03:00
return allSettings;
});
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
},
Remove External Apps - Apps are marked as removed in 3.0, never officially launched and have been deprecated for at least 2 years. - We've slowly removed bits that got in our way or were insecure over time meaning they mostly didn't work - This cleans up the remainder of the logic - The tables should be cleaned up in a future major
2020-03-19 18:23:10 +03:00
permissible: function permissible(modelId, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasApiKeyPermission) {
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
let isEdit = (action === 'edit');
let isOwner;
function isChangingMembers() {
if (unsafeAttrs && unsafeAttrs.key === 'labs') {
let editedValue = JSON.parse(unsafeAttrs.value);
if (editedValue.members !== undefined) {
return editedValue.members !== settingsCache.get('labs').members;
}
}
}
isOwner = loadedPermissions.user && _.some(loadedPermissions.user.roles, {name: 'Owner'});
if (isEdit && isChangingMembers()) {
// Only allow owner to toggle members flag
hasUserPermission = isOwner;
}
Remove External Apps - Apps are marked as removed in 3.0, never officially launched and have been deprecated for at least 2 years. - We've slowly removed bits that got in our way or were insecure over time meaning they mostly didn't work - This cleans up the remainder of the logic - The tables should be cleaned up in a future major
2020-03-19 18:23:10 +03:00
if (hasUserPermission && hasApiKeyPermission) {
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
return Promise.resolve();
}
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope
2020-05-22 21:22:20 +03:00
return Promise.reject(new errors.NoPermissionError({
message: i18n.t('errors.models.post.notEnoughPermission')
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
}));
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
}
});
Changes to Settings Model - add email default setting to fixture - make settings a single model - create UNIQUE index on setting keys
2013-06-08 09:03:55 +04:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
module.exports = {
Use bookshelf's model registry plugin Refs #2170 This removes the circular dependency problem from our models thanks to https://github.com/tgriesser/bookshelf/issues/181 - add the registry plugin - switch all models and collections to be registered - switch relationships to be defined using a string, which calls from the registry
2014-07-13 15:17:18 +04:00
Settings: ghostBookshelf.model('Settings', Settings)
Proper settings infrastructure, allowing new features without compromising old data. On server load, check for settings which have not been set, and apply a default value to the settings table from a JSON file.
2013-09-02 05:49:08 +04:00
};
Reference in New Issue Copy Permalink