Enabled collections permissions in controller

refs https://github.com/TryGhost/Team/issues/3220 - With permissions in place in the database, they can be enabled on controller level.
2024-11-24 06:35:49 +03:00 · 2023-06-07 19:35:28 +07:00 · 2023-06-07 19:35:28 +07:00 · f7e2f82089
commit f7e2f82089
parent 05bb82cf1a
1 changed files with 11 additions and 16 deletions
--- a/ghost/core/core/server/api/endpoints/collections.js
+++ b/ghost/core/core/server/api/endpoints/collections.js
@ -19,8 +19,7 @@ module.exports = {
            'page',
            'filter'
        ],
-        // @NOTE: should have permissions when moving out of Alpha
-        permissions: false,
+        permissions: true,
        query(frame) {
            return collectionsService.api.getAll(frame.options);
        }
@ -33,8 +32,7 @@ module.exports = {
        data: [
            'id'
        ],
-        // @NOTE: should have permissions when moving out of Alpha
-        permissions: false,
+        permissions: true,
        async query(frame) {
            const model = await collectionsService.api.getById(frame.data.id);

@ -53,8 +51,7 @@ module.exports = {
        headers: {
            cacheInvalidate: true
        },
-        // @NOTE: should have permissions when moving out of Alpha
-        permissions: false,
+        permissions: true,
        async query(frame) {
            return await collectionsService.api.createCollection(frame.data.collections[0]);
        }
@ -74,8 +71,7 @@ module.exports = {
                }
            }
        },
-        // @NOTE: should have permissions when moving out of Alpha
-        permissions: false,
+        permissions: true,
        async query(frame) {
            const model = await collectionsService.api.edit(Object.assign(frame.data.collections[0], {
                id: frame.options.id
@ -101,7 +97,6 @@ module.exports = {
    },

    addPost: {
-        docName: 'collection_posts',
        statusCode: 200,
        headers: {
            cacheInvalidate: false
@ -124,8 +119,9 @@ module.exports = {
                }
            }
        },
-        // @NOTE: should have permissions when moving out of Alpha
-        permissions: false,
+        permissions: {
+            method: 'edit'
+        },
        async query(frame) {
            const collectionPost = await collectionsService.api.addPostToCollection(frame.options.id, {
                id: frame.data.posts[0].id
@ -156,15 +152,13 @@ module.exports = {
                }
            }
        },
-        // @NOTE: should have permissions when moving out of Alpha
-        permissions: false,
+        permissions: true,
        async query(frame) {
            return await collectionsService.api.destroy(frame.options.id);
        }
    },

    destroyPost: {
-        docName: 'collection_posts',
        statusCode: 200,
        headers: {
            cacheInvalidate: true
@ -183,8 +177,9 @@ module.exports = {
                }
            }
        },
-        // @NOTE: should have permissions when moving out of Alpha
-        permissions: false,
+        permissions: {
+            method: 'edit'
+        },
        async query(frame) {
            const collection = await collectionsService.api.removePostFromCollection(frame.options.id, frame.options.post_id);