From f7e2f8208969312e13a8486e149c568551344e2c Mon Sep 17 00:00:00 2001 From: Naz Date: Wed, 7 Jun 2023 19:35:28 +0700 Subject: [PATCH] Enabled collections permissions in controller refs https://github.com/TryGhost/Team/issues/3220 - With permissions in place in the database, they can be enabled on controller level. --- .../core/server/api/endpoints/collections.js | 27 ++++++++----------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/ghost/core/core/server/api/endpoints/collections.js b/ghost/core/core/server/api/endpoints/collections.js index 3e239807ee..6ddb1c8ae1 100644 --- a/ghost/core/core/server/api/endpoints/collections.js +++ b/ghost/core/core/server/api/endpoints/collections.js @@ -19,8 +19,7 @@ module.exports = { 'page', 'filter' ], - // @NOTE: should have permissions when moving out of Alpha - permissions: false, + permissions: true, query(frame) { return collectionsService.api.getAll(frame.options); } @@ -33,8 +32,7 @@ module.exports = { data: [ 'id' ], - // @NOTE: should have permissions when moving out of Alpha - permissions: false, + permissions: true, async query(frame) { const model = await collectionsService.api.getById(frame.data.id); @@ -53,8 +51,7 @@ module.exports = { headers: { cacheInvalidate: true }, - // @NOTE: should have permissions when moving out of Alpha - permissions: false, + permissions: true, async query(frame) { return await collectionsService.api.createCollection(frame.data.collections[0]); } @@ -74,8 +71,7 @@ module.exports = { } } }, - // @NOTE: should have permissions when moving out of Alpha - permissions: false, + permissions: true, async query(frame) { const model = await collectionsService.api.edit(Object.assign(frame.data.collections[0], { id: frame.options.id @@ -101,7 +97,6 @@ module.exports = { }, addPost: { - docName: 'collection_posts', statusCode: 200, headers: { cacheInvalidate: false @@ -124,8 +119,9 @@ module.exports = { } } }, - // @NOTE: should have permissions when moving out of Alpha - permissions: false, + permissions: { + method: 'edit' + }, async query(frame) { const collectionPost = await collectionsService.api.addPostToCollection(frame.options.id, { id: frame.data.posts[0].id @@ -156,15 +152,13 @@ module.exports = { } } }, - // @NOTE: should have permissions when moving out of Alpha - permissions: false, + permissions: true, async query(frame) { return await collectionsService.api.destroy(frame.options.id); } }, destroyPost: { - docName: 'collection_posts', statusCode: 200, headers: { cacheInvalidate: true @@ -183,8 +177,9 @@ module.exports = { } } }, - // @NOTE: should have permissions when moving out of Alpha - permissions: false, + permissions: { + method: 'edit' + }, async query(frame) { const collection = await collectionsService.api.removePostFromCollection(frame.options.id, frame.options.post_id);