From aa5c0cc620efd9f2a7e2b02d7486cd9b4a444b39 Mon Sep 17 00:00:00 2001 From: Fabian Becker Date: Fri, 18 Oct 2013 17:18:49 +0000 Subject: [PATCH] Unpublished Post should not be accessible fixes #1162 --- core/client/router.js | 2 +- core/server/controllers/frontend.js | 2 +- core/server/models/base.js | 5 +++-- core/server/models/post.js | 13 +++++++++++-- core/test/unit/model_posts_spec.js | 3 ++- core/test/unit/model_tags_spec.js | 16 ++++++++-------- 6 files changed, 26 insertions(+), 15 deletions(-) diff --git a/core/client/router.js b/core/client/router.js index 0db5937052..b6e0fce352 100644 --- a/core/client/router.js +++ b/core/client/router.js @@ -58,7 +58,7 @@ post.urlRoot = Ghost.settings.apiRoot + '/posts'; if (id) { post.id = id; - post.fetch().then(function () { + post.fetch({ data: {status: 'all'}}).then(function () { Ghost.currentView = new Ghost.Views.Editor({ el: '#main', model: post }); }); } else { diff --git a/core/server/controllers/frontend.js b/core/server/controllers/frontend.js index 38bf0e9edb..c285c9c629 100644 --- a/core/server/controllers/frontend.js +++ b/core/server/controllers/frontend.js @@ -151,4 +151,4 @@ frontendControllers = { }; -module.exports = frontendControllers; \ No newline at end of file +module.exports = frontendControllers; diff --git a/core/server/models/base.js b/core/server/models/base.js index 65db8cae4b..30c25baafc 100644 --- a/core/server/models/base.js +++ b/core/server/models/base.js @@ -85,12 +85,13 @@ GhostBookshelf.Model = GhostBookshelf.Model.extend({ // #### generateSlug // Create a string act as the permalink for an object. - generateSlug: function (Model, base) { + generateSlug: function (Model, base, readOptions) { var slug, slugTryCount = 1, // Look for a post with a matching slug, append an incrementing number if so checkIfSlugExists = function (slugToFind) { - return Model.read({slug: slugToFind}).then(function (found) { + readOptions = _.extend(readOptions || {}, { slug: slugToFind }); + return Model.read(readOptions).then(function (found) { var trimSpace; if (!found) { diff --git a/core/server/models/post.js b/core/server/models/post.js index 111c32fff9..a4ac3ec4e6 100644 --- a/core/server/models/post.js +++ b/core/server/models/post.js @@ -65,7 +65,7 @@ Post = GhostBookshelf.Model.extend({ if (this.hasChanged('slug')) { // Pass the new slug through the generator to strip illegal characters, detect duplicates - return this.generateSlug(Post, this.get('slug')) + return this.generateSlug(Post, this.get('slug'), { status: 'all' }) .then(function (slug) { self.set({slug: slug}); }); @@ -84,7 +84,7 @@ Post = GhostBookshelf.Model.extend({ if (!this.get('slug')) { // Generating a slug requires a db call to look for conflicting slugs - return this.generateSlug(Post, this.get('title')) + return this.generateSlug(Post, this.get('title'), { status: 'all' }) .then(function (slug) { self.set({slug: slug}); }); @@ -181,6 +181,15 @@ Post = GhostBookshelf.Model.extend({ // Extends base model findOne to eager-fetch author and user relationships. findOne: function (args, options) { options = options || {}; + + args = _.extend({ + status: 'published' + }, args || {}); + + if (args.status === 'all') { + delete args.status; + } + options.withRelated = [ 'author', 'user', 'tags' ]; return GhostBookshelf.Model.findOne.call(this, args, options); }, diff --git a/core/test/unit/model_posts_spec.js b/core/test/unit/model_posts_spec.js index 5652fe0bcb..d17278eed4 100644 --- a/core/test/unit/model_posts_spec.js +++ b/core/test/unit/model_posts_spec.js @@ -266,7 +266,8 @@ describe('Post Model', function () { updatedSecondPost.get('slug').should.not.equal(firstPost.slug); return PostModel.read({ - id: updatedSecondPost.id + id: updatedSecondPost.id, + status: 'all' }); }).then(function (foundPost) { diff --git a/core/test/unit/model_tags_spec.js b/core/test/unit/model_tags_spec.js index 7dfaa93489..f7dc83f1be 100644 --- a/core/test/unit/model_tags_spec.js +++ b/core/test/unit/model_tags_spec.js @@ -50,7 +50,7 @@ describe('Tag Model', function () { createdPostID = createdPost.id; return createdPost.tags().attach(createdTag); }).then(function () { - return PostModel.read({id: createdPostID}, { withRelated: ['tags']}); + return PostModel.read({id: createdPostID, status: 'all'}, { withRelated: ['tags']}); }).then(function (postWithTag) { postWithTag.related('tags').length.should.equal(1); done(); @@ -78,11 +78,11 @@ describe('Tag Model', function () { createdTagID = createdTag.id; return createdPost.tags().attach(createdTag); }).then(function () { - return PostModel.read({id: createdPostID}, { withRelated: ['tags']}); + return PostModel.read({id: createdPostID, status: 'all'}, { withRelated: ['tags']}); }).then(function (postWithTag) { return postWithTag.tags().detach(createdTagID); }).then(function () { - return PostModel.read({id: createdPostID}, { withRelated: ['tags']}); + return PostModel.read({id: createdPostID, status: 'all'}, { withRelated: ['tags']}); }).then(function (postWithoutTag) { postWithoutTag.related('tags').should.be.empty; done(); @@ -115,7 +115,7 @@ describe('Tag Model', function () { return postModel; }); }).then(function (postModel) { - return PostModel.read({id: postModel.id}, { withRelated: ['tags']}); + return PostModel.read({id: postModel.id, status: 'all'}, { withRelated: ['tags']}); }); } @@ -151,7 +151,7 @@ describe('Tag Model', function () { tagData.splice(1, 1); return postModel.set('tags', tagData).save(); }).then(function (postModel) { - return PostModel.read({id: postModel.id}, { withRelated: ['tags']}); + return PostModel.read({id: postModel.id, status: 'all'}, { withRelated: ['tags']}); }).then(function (reloadedPost) { var tagNames = reloadedPost.related('tags').models.map(function (t) { return t.attributes.name; }); tagNames.sort().should.eql(['tag1', 'tag3']); @@ -175,7 +175,7 @@ describe('Tag Model', function () { tagData.push({id: 3, name: 'tag3'}); return postModel.set('tags', tagData).save(); }).then(function () { - return PostModel.read({id: postModel.id}, { withRelated: ['tags']}); + return PostModel.read({id: postModel.id, status: 'all'}, { withRelated: ['tags']}); }).then(function (reloadedPost) { var tagModels = reloadedPost.related('tags').models, tagNames = tagModels.map(function (t) { return t.attributes.name; }); @@ -197,7 +197,7 @@ describe('Tag Model', function () { tagData.push({id: null, name: 'tag3'}); return postModel.set('tags', tagData).save(); }).then(function (postModel) { - return PostModel.read({id: postModel.id}, { withRelated: ['tags']}); + return PostModel.read({id: postModel.id, status: 'all'}, { withRelated: ['tags']}); }).then(function (reloadedPost) { var tagNames = reloadedPost.related('tags').models.map(function (t) { return t.attributes.name; }); tagNames.sort().should.eql(['tag1', 'tag2', 'tag3']); @@ -211,7 +211,7 @@ describe('Tag Model', function () { var newPost = _.extend(testUtils.DataGenerator.forModel.posts[0], {tags: [{name: 'test_tag_1'}]}) PostModel.add(newPost).then(function (createdPost) { - return PostModel.read({id: createdPost.id}, { withRelated: ['tags']}); + return PostModel.read({id: createdPost.id, status: 'all'}, { withRelated: ['tags']}); }).then(function (postWithTag) { postWithTag.related('tags').length.should.equal(1); done();