fixes https://github.com/TryGhost/Product/issues/3738https://www.notion.so/ghost/Member-Session-Invalidation-13254316f2244c34bcbc65c101eb5cc4
- Adds the transient_id column to the members table. This defaults to
email, to keep it backwards compatible (not logging out all existing
sessions)
- Instead of using the email in the cookies, we now use the transient_id
- Updating the transient_id means invalidating all sessions of a member
- Adds an endpoint to the admin api to log out a member from all devices
- Added the `all` body property to the DELETE session endpoint in the
members API. Setting it to true will sign a member out from all devices.
- Adds a UI button in Admin to sign a member out from all devices
- Portal 'sign out of all devices' will not be added for now
Related changes (added because these areas were affected by the code
changes):
- Adds a serializer to member events / activity feed endpoints - all
member fields were returned here, so the transient_id would also be
returned - which is not needed and bloats the API response size
(`transient_id` is not a secret because the cookies are signed)
- Removed `loadMemberSession` from public settings browse (not used
anymore + bad pattern)
Performance tests on site with 50.000 members (on Macbook M1 Pro):
- Migrate: 6s (adding column 4s, setting to email is 1s, dropping
nullable: 1s)
- Rollback: 2s
fixes https://github.com/TryGhost/Team/issues/2404
This change introduces a new 'post' query parameter to the members and member routes.
Previously, the members route would check if the previous route was the analytics page, and then show the breadcrumbs to go back to the analytics page. But when navigating to the members page from the menu, we don't want to show the breadcrumbs. To accomplish this, the routes that point to the members page from the analytics page now specifically pass on the post id in the query parameters. The query parameter is then passed on from the members page to the member page.
`directlyFromAnalytics` is still used in the member route, to know wheter we came from the members page or from the analytics page (changes the breadcrumbs). This doesn't need to go via a query parameter (figured that would make the url too long/complex).
The resetController method is now implemented and resets the filter and/or fromAnalytics post id if required (when going from members to member, we don't want to reset it because the we would lose the filter going back).
closes https://github.com/TryGhost/Team/issues/2275
When deleting a member, after confirming deletion another "unsaved changes" modal popped up. From that point, if you clicked to stay you remained on the member screen with stale data (the member was still deleted) resulting in further errors when any attempt to make changes was made.
- prevented the unsaved changes check running for a deleted member because it would always return `true` in that case
- ensured the data setup for the unsaved changes check still occurs when a member is accessed directly via the URL
- previously it was skipped because the data setup only occurred inside `fetchMemberTask` but that isn't called when the route already loaded the model via it's `model()` hook
No issue
- Changed the Member details page to be more scalable and flexible, depending on whether creators are using subscriptions, emails, and stats.
* Hidden email stats on member detail page when subscriptions are off
* Hid subscription box on member details page when Stripe is not connected
* Updated copy and layout of member details page
* Updated old activity feed styles on member page
* Fixed padding issue for empty activity feed
* Fixed current and new activity feed
* Added Last seen to member details page behind feature flag
* Updated lint todo file
* Fixed spacing issue in member details
no issue
- This will help with the octane migration and you can still run the lint rules even when they are todos. (Checkout the docs at 158b119667/docs/todos.md) The good news is any new code will be checked against the recommended config.
- I fixed all the auto fixable things we could get in this PR as well
closes https://github.com/TryGhost/Team/issues/1039
- we had duplicate components for members setting form, `gh-members-settings-form` and `gh-members-settings-form-cp`, with the `-cp` version added as part of original tiers changes
- since are only using the "-cp" version now, the old form is now removed and cp version renamed to the original naming
closes https://github.com/TryGhost/Team/issues/977
A new label input dropdown was added behind filtering labs flag along with new filtering UI on members list screen, which includes member editing directly via the dropdown. This adds the same editing function to the members detail screen too behind the flag
issue https://github.com/TryGhost/Team/issues/857
- The goal is to avoid testing for the owner role only is cases where we should be testing for the owner or admin role
- `isOwner` => `isOwnerOnly`
- `isAdmin` => `isAdminOnly`
- `isOwnerOrAdmin` => `isAdmin` (concerns now both Owner and Admins)
no refs
With custom products, we added a new modal to add a complimentary price to a member. Since we want to handle the comp prices implicitly with new changes, this change updates the comp subscription assignment to a member directly without opening a modal, by using the old `comped` flag in API. The `comped` flag takes care of creating the right complimentary subscription for member.
In case a member already has a comped subscription, we hide the option to add another subscription.
closes https://github.com/TryGhost/Team/issues/672
Custom products and prices were behind dev experiment flag as it was under active development over last couple of releases. Now that its coming out of development, this removes the dev flag for custom products changes.
Prepring for custom products we'll change the overall layout of member forms. This commit has a component that's loaded when dev flag is on for the new layout with mocked product data.
* Fixed issues for member details mobile view
No-ref
- Changed order to display feed at the bottom
- Displayed heading and value vertically between 1400px and 1160px
- Displayed "Complementary plan" copy and switch vertically between 1400px and 1160px
- Added margin below "Continue subscription" button
- Prevented date in feed to wrap
* fixed tests
Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
closes https://github.com/TryGhost/Ghost/issues/12461
Design changes:
- added activity feed to member details page
- rearranged Stripe info to display on the right
- added toggle buttons for Stripe subscription and customer info
- added box to display activity feed for received and opened emails
Functionality changes:
- added `queryRecord()` to member adapter so `queryRecord('member', {id: x})` will hit `/members/:id/?query` instead of `/members/?id=x&query`
- updated member route to query member with `?include=email_recipients`
- added `EmailRecipient` model for access to event timestamps and email relationship setup
- added `<GhMemberActivityFeed>` component that accepts an `EmailRecipient` array and converts that into an activity list
- added support for `@model=emailInstance` to the email preview modal
- fixed a timing issue with email preview that could result in it showing blank content until the mobile/desktop toggle is used
- fixed sometimes blank member location
Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
refs https://github.com/TryGhost/Ghost/issues/12461
- Added "Emails received", "Emails opened", and "Avg. open rate" to member details
- Adjusted visual display of avatar, name and email. Made email a mailto link
- Rearranged Name and Email fields to reduce height
- Changed height of the notes textarea
Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
no issue
- ran [`ember-native-class-codemod`](https://github.com/ember-codemods/ember-native-class-codemod) on members-related files
- updated files to remove need for `@classic` decorator where possible
- switched to tracked properties
- removed usage of `this.get/set/toggleProperty` etc
- swapped usage of `{{action 'foo'}}` for `{{this.foo}}`
no issue
- fixed `<GhTaskButton>` not resetting after an externally triggered task run such as when pressing Cmd+S
- cleaned up manual timeouts/resets where button reset is now fully handled by `<GhTaskButton>` (these were causing 2.5s waits each time a save occurred in acceptance tests)
- where manual timeouts were required, reduce testing time from >2.5s to 50ms
* Updated save buttons to reset state
no issue
Currently the save buttons across Admin don't auto-reset to idle state after success/failure on run which can give false impression once user changes any value. This PR auto-resets the button to idle state after a fixed timeout if no subsequent action is performed as a short term UX improvement.
* Fixed success check for auto reset
* Updated timeout value
* Added explicit save button reset for pages
* Updated save buttons to reset via shortcut
Auto-reset for save buttons wasn't working if not done through manual click on task button previously, this handles by splitting the original save task in controller to handle shortcut saves.
* Updated reset check for only successful tasks
* Added save reset to code-injection and design settings
Co-authored-by: Peter Zimon <peter.zimon@gmail.com>
no issue
refs TryGhost/Ghost#11538
* Added members label handling v1
* Added members label dropdown in list screen
* Updated selected labels and member list UI refactor
* Added v1 label add/delete modal
* Added add label modal v1
* Fixed disabled check for new label save
* First stab at member filters layout
* Updated member detail screen design
* Member detail refinements
* Added basic editing for member labels
* Fixed label deletion from members list
* Updated filtered list header
* Refinements for dropdown and empty filter state
* Refined label modal
* Updated member labels fetch logic
* Added custom dropdown component for labels
* Refined style for dropdown
* Refined dropdown button
* Restructure and refine members dropdown styles
* Added selected indication to dropdown
* Fixed dropdown footer style
* Removed member label placeholder
* Removed add label from member list actions
* New label refinements
* Added confirmation modal for label delete
* Added duplicate validation check for labels
* Updated validation check with slug
* Updated copy
* Updated actions dropdown copy
* Fixed visual glitch of dropdown on FF
* Hide scrollbar for labels dropdown
Co-authored-by: Peter Zimon <peter.zimon@gmail.com>
no issue
We were in a part-way state where some touched files had been (sometimes partially) migrated to explicit `this`. The codemod that was available has now fixed the formatting issues it had so it was a good time to run it.
https://github.com/ember-codemods/ember-no-implicit-this-codemod
- part of the migration path for https://github.com/emberjs/rfcs/pull/308
- starts to make template resolution rules more explicit
- `<MyComponent />` - always a component
- `{{my-component}}` - component or helper (components _must_ have a `-`. This style of component will go away once fully migrated to angle bracket components)
- `{{value}}` - a helper or local template variable
- `{{this.value}}` - reference to a property on the backing context (either a controller or a component JS file)
no issue
- the member count is automatically calculated via the length of the live members array so there's no need to manually decrement it - if we do manually decrement then the count is off by one because the auto calculation runs to get the new value before the manual decrement
no issue
- keep a scratch model on the tag/member controllers rather than inside of the form components
- allows the controller's `save` task to transfer scratch values to real values before saving
- means that pressing Cmd+S whilst a field is still focused will save the expected value rather than the old value avoiding unsaved changes modals when trying to leave the screen when you think you've already saved
- fixed route and url not changing after saving a new member
- fixed error when clicking delete tag button
- cleaned up unused `showDeleteTagModal` actions
no issue
The tag and member screens share the same underlying UI/UX patterns but were using different code patterns. This brings both in line so that we have consistent code patterns that can be re-used for other screens.
- fixed cleanup of new tags by adding the `deactivate` hook to the `tag` route
- updated `member` and `member.new` route/controller setup to match tag route/controller setup
- added `save` action to member controller so that Ctrl/Cmd+S works on member screen
- updated tag route/controller to utilise the same instant display w/background refresh when accessing the tag details screen
- completed transition of non-component tag/members templates over to angle bracket component syntax
no issue
- When an email has a valid gravatar handle it displays an image instead of initials for the member
- Introduces new {{gravatar}} helper which accepts an email as parameter and size/d as named parameters. The output is a URL to gravatar image
- Refactored usage of "splattribute" to explicit property. There was a need to duplicate class property usage in the component and doing that through splatttibute feature is unsafe as pointed ou here - https://github.com/TryGhost/Ghost-Admin/pull/1417#discussion_r351837584
no issue
- We have a need to create a member manually, this changeset solves this problem.
- Added new member button to the member's screen
- Needed to be able to perform add member action
- Fixed inconsistent `createAt` naming. All models use consistent `createdAtUTC`, fixed it up so that members model follows the same pattern. If we want to change this pattern should probably happen for all models at once
- Fixed member avatar when creating a new member. If the values are completely empty the screen ends up being filled with empty space. Added some dummy initials which are recalculated once the member enters the name or an email
- Refactored DS naming for consistency. Nowhere else in the codebase 'DS' name is ever used, made this consistent
- Added missing validations in members form
- Simplified if conditions in the member list template. When using the if/esle statements unnecessary new-line symbols were inserted which made it hard to test. Also by using computed property view is much cleaner
- Updated member's model default value for `subscribed` to "true". It is turned on by default in the model layer on the backend (ref: https://github.com/TryGhost/Ghost/blob/3.1.0/core/server/data/schema/schema.js#L330), this behavior is intended and should be the same on the frontend
no issue
- `{{gh-task-button}}` was used inside a form but didn't have a `type="button"` property which meant the browser was treating it as a submit button and triggering the save action and related animation before the field's focus-out was called resulting in a save request before the scratch value is transferred to the model
- removed the submit action from the `<form>` element to prevent any other accidental triggers before scratch values have been transferred into real model values
