Added mentions permissions (#16200)

closes https://github.com/TryGhost/Team/issues/2420

- Added user roles and permissions for the mentions admin API.
- We only have a `browse` function for our current use case, accessible
by `administrator` and `admin integration`.

ghost/core/core/server/api/endpoints/mentions.js

@@ -11,7 +11,7 @@ module.exports = {
             'page',
             'debug'
         ],
-        permissions: false,
+        permissions: true,
         query(frame) {
             return mentions.controller.browse(frame);
         }

ghost/core/core/server/data/migrations/versions/5.34/2023-01-30-07-27-add-mentions-permission.js

@@ -0,0 +1,10 @@
+const {addPermissionWithRoles} = require('../../utils');
+
+module.exports = addPermissionWithRoles({
+    name: 'Browse mentions',
+    action: 'browse',
+    object: 'mention'
+}, [
+    'Administrator',
+    'Admin Integration'
+]);

ghost/core/core/server/data/schema/fixtures/fixtures.json

@@ -633,6 +633,11 @@
                     "name": "Edit links",
                     "action_type": "edit",
                     "object_type": "link"
+                },
+                {
+                    "name": "Browse mentions",
+                    "action_type": "browse",
+                    "object_type": "mention"
                 }
             ]
         },
@@ -763,7 +768,8 @@
                     "newsletter": "all",
                     "explore": "read",
                     "comment": "all",
-                    "link": "all"
+                    "link": "all",
+                    "mention": "browse"
                 },
                 "DB Backup Integration": {
                     "db": "all"
@@ -798,7 +804,8 @@
                     "newsletter": ["browse", "read", "add", "edit"],
                     "explore": "read",
                     "comment": "all",
-                    "link": "all"
+                    "link": "all",
+                    "mention": "browse"
                 },
                 "Editor": {
                     "notification": "all",

ghost/core/test/integration/migrations/migration.test.js

@@ -45,7 +45,7 @@ describe('Database Migration (special functions)', function () {
             const permissions = this.obj;
 
             // If you have to change this number, please add the relevant `havePermission` checks below
-            permissions.length.should.eql(109);
+            permissions.length.should.eql(110);
 
             permissions.should.havePermission('Export database', ['Administrator', 'DB Backup Integration']);
             permissions.should.havePermission('Import database', ['Administrator', 'DB Backup Integration']);
@@ -181,6 +181,7 @@ describe('Database Migration (special functions)', function () {
             permissions.should.havePermission('Unlike comments', ['Administrator', 'Admin Integration']);
             permissions.should.havePermission('Report comments', ['Administrator', 'Admin Integration']);
             permissions.should.havePermission('Browse links', ['Administrator', 'Admin Integration']);
+            permissions.should.havePermission('Browse mentions', ['Administrator', 'Admin Integration']);
         });
 
         describe('Populate', function () {
@@ -198,10 +199,7 @@ describe('Database Migration (special functions)', function () {
                     roles: Models.Role.findAll(),
                     permissions: Models.Permission.findAll({withRelated: ['roles']})
                 };
-
                 return Promise.props(props).then(function (result) {
-                    should.exist(result);
-
                     // Post
                     should.exist(result.posts);
                     result.posts.length.should.eql(7);

ghost/core/test/unit/server/data/schema/fixtures/fixture-manager.test.js

@@ -198,7 +198,7 @@ describe('Migration Fixture Utils', function () {
             const rolesAllStub = sinon.stub(models.Role, 'findAll').returns(Promise.resolve(dataMethodStub));
 
             fixtureManager.addFixturesForRelation(fixtures.relations[0]).then(function (result) {
-                const FIXTURE_COUNT = 96;
+                const FIXTURE_COUNT = 98;
                 should.exist(result);
                 result.should.be.an.Object();
                 result.should.have.property('expected', FIXTURE_COUNT);

ghost/core/test/unit/server/data/schema/integrity.test.js

@@ -36,7 +36,7 @@ const validateRouteSettings = require('../../../../../core/server/services/route
 describe('DB version integrity', function () {
     // Only these variables should need updating
     const currentSchemaHash = '8eab51dd80562c92215283df89b0200b';
-    const currentFixturesHash = 'f0ccdb0c7eccbc3311e38b5d145ed1db';
+    const currentFixturesHash = 'd99d3c2891e79b8662ed6a312490d2fd';
     const currentSettingsHash = 'b0c8359b7482e39112e7c5739d43f11b';
     const currentRoutesHash = '3d180d52c663d173a6be791ef411ed01';
 

ghost/core/test/utils/fixtures/fixtures.json

@@ -633,6 +633,11 @@
                     "name": "Edit links",
                     "action_type": "edit",
                     "object_type": "link"
+                },
+                {
+                    "name": "Browse mentions",
+                    "action_type": "browse",
+                    "object_type": "mention"
                 }
             ]
         },
@@ -939,7 +944,8 @@
                     "newsletter": "all",
                     "explore": "read",
                     "comment": "all",
-                    "link": "all"
+                    "link": "all",
+                    "mention": "browse"
                 },
                 "DB Backup Integration": {
                     "db": "all"
@@ -974,7 +980,8 @@
                     "newsletter": ["browse", "read", "add", "edit"],
                     "explore": "read",
                     "comment": "all",
-                    "link": "all"
+                    "link": "all",
+                    "mention": "browse"
                 },
                 "Editor": {
                     "notification": "all",