Migrated roles controller to API v2

refs #9866

- Added new controller to v2 API
- Added roles tests to v2 API

core/server/api/v2/index.js

@@ -13,5 +13,9 @@ module.exports = {
 
     get pages() {
         return shared.pipeline(require('./pages'), localUtils);
+    },
+
+    get roles() {
+        return shared.pipeline(require('./roles'), localUtils);
     }
 };

core/server/api/v2/roles.js

@@ -0,0 +1,19 @@
+const models = require('../../models');
+
+module.exports = {
+    docName: 'roles',
+    browse: {
+        options: [
+            'permissions'
+        ],
+        validation: {
+            options: {
+                permissions: ['assign']
+            }
+        },
+        permissions: true,
+        query(frame) {
+            return models.Role.findAll(frame.options);
+        }
+    }
+};

core/server/api/v2/utils/serializers/output/index.js

@@ -1,5 +1,9 @@
 module.exports = {
     get pages() {
         return require('./pages');
+    },
+
+    get roles() {
+        return require('./roles');
     }
 };

core/server/api/v2/utils/serializers/output/roles.js

@@ -0,0 +1,28 @@
+const debug = require('ghost-ignition').debug('api:v2:utils:serializers:output:roles');
+const canThis = require('../../../../../services/permissions').canThis;
+
+module.exports = {
+    browse(models, apiConfig, frame) {
+        debug('browse');
+
+        const roles = models.toJSON(frame.options);
+
+        if (frame.options.permissions !== 'assign') {
+            return frame.response = {
+                roles: roles
+            };
+        } else {
+            return Promise.filter(roles.map((role) => {
+                return canThis(frame.options.context).assign.role(role)
+                    .return(role)
+                    .catch(() => {});
+            }), (value) => {
+                return value && (value.name !== 'Owner');
+            }).then((roles) => {
+                return frame.response = {
+                    roles: roles
+                };
+            });
+        }
+    }
+};

core/server/web/api/v2/admin/routes.js

@@ -91,7 +91,7 @@ module.exports = function apiRoutes() {
     router.del('/subscribers/email/:email', shared.middlewares.labs.subscribers, mw.authAdminAPI, api.http(api.subscribers.destroy));
 
     // ## Roles
-    router.get('/roles/', mw.authAdminAPI, api.http(api.roles.browse));
+    router.get('/roles/', mw.authAdminAPI, apiv2.http(apiv2.roles.browse));
 
     // ## Clients
     router.get('/clients/slug/:slug', api.http(api.clients.read));

core/test/functional/api/v2/admin/roles_spec.js

@@ -0,0 +1,80 @@
+const should = require('should');
+const supertest = require('supertest');
+const config = require('../../../../../../core/server/config');
+const testUtils = require('../../../../utils');
+const localUtils = require('./utils');
+
+const ghost = testUtils.startGhost;
+
+describe('Roles API', function () {
+    let request;
+
+    before(function () {
+        return ghost()
+            .then(() => {
+                request = supertest.agent(config.get('url'));
+            })
+            .then(() => {
+                return localUtils.doAuth(request, 'posts');
+            });
+    });
+
+    describe('browse', function () {
+        it('default', function (done) {
+            request.get(localUtils.API.getApiQuery('roles/'))
+                .set('Origin', config.get('url'))
+                .expect('Content-Type', /json/)
+                .expect('Cache-Control', testUtils.cacheRules.private)
+                .expect(200)
+                .end(function (err, res) {
+                    if (err) {
+                        return done(err);
+                    }
+
+                    should.not.exist(res.headers['x-cache-invalidate']);
+                    const response = res.body;
+                    should.exist(response);
+                    should.exist(response.roles);
+                    testUtils.API.checkResponse(response, 'roles');
+                    response.roles.should.have.length(6);
+                    testUtils.API.checkResponse(response.roles[0], 'role');
+                    testUtils.API.checkResponse(response.roles[1], 'role');
+                    testUtils.API.checkResponse(response.roles[2], 'role');
+                    testUtils.API.checkResponse(response.roles[3], 'role');
+                    testUtils.API.checkResponse(response.roles[4], 'role');
+                    testUtils.API.checkResponse(response.roles[5], 'role');
+
+                    done();
+                });
+        });
+
+        it('permissions=assign', function (done) {
+            request.get(localUtils.API.getApiQuery('roles/?permissions=assign'))
+                .set('Origin', config.get('url'))
+                .expect('Content-Type', /json/)
+                .expect('Cache-Control', testUtils.cacheRules.private)
+                .expect(200)
+                .end(function (err, res) {
+                    if (err) {
+                        return done(err);
+                    }
+
+                    should.not.exist(res.headers['x-cache-invalidate']);
+                    const response = res.body;
+                    should.exist(response.roles);
+                    testUtils.API.checkResponse(response, 'roles');
+                    response.roles.should.have.length(4);
+                    testUtils.API.checkResponse(response.roles[0], 'role');
+                    testUtils.API.checkResponse(response.roles[1], 'role');
+                    testUtils.API.checkResponse(response.roles[2], 'role');
+                    testUtils.API.checkResponse(response.roles[3], 'role');
+                    response.roles[0].name.should.equal('Administrator');
+                    response.roles[1].name.should.equal('Editor');
+                    response.roles[2].name.should.equal('Author');
+                    response.roles[3].name.should.equal('Contributor');
+
+                    done();
+                });
+        });
+    });
+});