closes#3401
- modifying slug-generator to be more generic
- adding slugging capabilities for /settings/users/:slug
- modified posts to use the updated slug-generator
closes#3400
- The user view has been extended to have properties indicating whether
the user has rights to make the displayed user an owner or delete
him/her
- Handlebar conditionals decide whether or not to display the cog
* Ensures that posts listing only shows posts that the current user
authored, if they only have the Author role.
* Do not transition into the posts.post route if the current user is
not the author (but has the Author role). This is needed because
the API server will always return the post (regardless of the current
user).
Closes#3015
- Added stepThroughPosts method to PostsRouter, takes a integer, goes that far, wraps around the array.
- PostsPostRoute notifies the PostsController of which model it currently has, to help stepThroughPosts know who's selected
Closes#3402, Closes#3428
-------------------
### Components
- Added GhostSelectComponent to handle async select creation (h/t @rwjblue)
- Added GhostRolesSelector (extends GhostSelect) for displaying user role options
- Created StoreInjector for surgically inserting the store into things that normally wouldn't have them.
### Users Settings
- InviteNewUserModal now uses GhostRolesSelector & defaults to Author
- The role dropdown for user settings has permissions set per 3402
### User Model
- Added `role` property as an interface to getting and setting `roles`
- Refactored anything that set `roles` to set `role`
- isAdmin, isAuthor, isOwner and isEditor are all keyed off of `role` now
### Tests
- Added functional tests for Settings.Users
- updated settings.users and settings.users.user screens
- fix spacing on screens
### Server Fixtures
- Fixed owner fixture's roles
When a using the forgottenRoute if you enter an incorrectly formatted
email address you would see the error message 'Invalid Email', however
if you entered an email address that was correctly formatted but missing
the error message would be 'Invalid email address'.
This fixes the discrepancy.
closes#3426
- added transfer ownership endpoint
- added owner to roles.permissible
- manually removed owner from roles.browse
- removed hard coded author role
- fixed tests that were passing due to hard coded author role
- added testUtils.setup(‚roles‘)
Closes#3291
- Adds redirects based on roles as defined in the case
- Adds new mixin `CurrentUserSettings`
- For authors, all settings pages redirect to `users/self`
- For editors, all settings pages other than specific users redirect to `users`. Any user that is not self or an author redirects to `users`
- New _shame.scss to hold styles/components which need to be refactored or removed
- layout.scss and floatingheader.scss merged into global.scss/shame.scss
No Issue
- Move authentication related handlers to the Application route.
- Switch Sign Out from a button to a link. Use the signout route
to handle invalidating the session and redirecting instead of
an action from a button.
- Clear error messages on signin page when pressing log in button.
- Errors are now always shown on sign in screen and a success
notification is shown after sign out.
- Update functional tests.
no issue
- added `invited-pending` when resending invitation
- promise chain was missing a return statement
- email error was masked and front end showed success notification
closes#3274
- Ensure that validation errors are always handled by moving them into the
importer
- Ensure that db errors are handled consistently across sqlite and mysql
- Change the errors to be output in a table, with a short failure notification
- Add tests for 003 importing bad files
closes#3177
- uses an iFrame to initiate the download to hide the access token
The access token is now hidden in the admin logic. If we would like to
completely hide the token it is possible to remove the access token and
use signed requests instead, but I think the effort isn’t worth the
benefit in this case.
Closes#3399
- Provide our own authenticate action handler which does not
clear the password input.
- Use the Signin route's deactivate hook to clear the password
property on the controller after the user has transitioned
away from the signin page.
No issue
- Created NewUserValidator class to DRY up validation of a models name, email, and password
- Changed SignUpValidator to be an instance of NewUserValidator
- Changed SetUpValidator to extend NewUserValidator
closes#3392
- removing data-binding attribute for "name" input box on signup screen
- removing data-binding attribute for "password" input box on signup screen
- making "email" the first input box and "name" the 2nd
- removing "autofocus" attribute for "email" input box on signup screen
Closes#3083 Refs #3229
- Populates the dropdown list in the invite user menu with the
list of roles a user is permitted to create.
- Users API now checks the invite user request for allowed roles.
- Change API response from 200 to 201 on successful invitation.
- Change API response from 500 to 201 when the user was created but
the email was not sent. The client will show a warning notification
when it sees 'invite-pending' as the new user's status.
- Add support for "?status=all" to the /users endpoint.
- Refactor the route and controller for the /settings/users page so
that there's only one network API call to load users instead of two.
closes#3352
- adding a ```type``` attribute to buttons inside form in the settings section
- scanning the rest of the project to find any other buttons w/a missing attribute
Closes#3161
- Add a config.js file for the client which is used to configure
Ember.Application during runtime. The correct version of config.js
is copied into place by grunt via the copy:(dev|prod) task from
either config-dev.js or config-prod.js.
- Serve minified and production versions of libraries where applicable
including handlebars-runtime and ember-prod.
- Bundle third party libraries into vendor.min.js.
- Bundle Ghost's Ember app and templates into ghost.min.js
- Remove all fixture data and code from the client.
Closes#3357
- API method User#edit now handles User objects that have either
an array of Role ids or objects.
- Fixed error handler notification on upload modal controller.
No Issue
- Loading posts from the API should not be necessary in PostsIndexRoute
because its parent resource (PostsRoute) pre-loads the store.
Changing the store.find to store.all gets rid of a duplicate
network request to load all posts.
closes#3222
- implementing server-side pagination for /users API
- passing /users?limit=none will return all users
- passing /users?status=invited will filter base on user status
- creating 3 mixins (route, controller and view) to keep pagination logic DRY
- updating route, controller and view for Posts to use new mixing
- implementing infinite scrolling for Users Management screen (using new mixins)
- Users Management screen displays all invited users, but paginates active users
Closes#3325
- Add Roles model and add hasMany roles to User model.
- Add EmbeddedRelationAdapter that will automatically include
hasMany relations in calls to the API.
- UserAdapter and PostAdapter now extend EmbeddedRelationAdapter
and all explicit includes from store.find() have been removed.
No issue
- Removed tabs from tag.js (why didn't jshint catch this?)
- Removed superfluous `activate` in SettingsIndexRoute
- updated `UserModel` and `TagModel` to have `created_by, updated_by` be references to `user` objects.
- updated `UserModel` to use `moment-date` instead of `date`
closes#3309, refs #3229
- adds different message depending on status
- doesn't delete the new user if the problem was an email error
- filters the 2 lists based on all statuses
Ref #3084
This PR does NOT hide the dropdown as required to close 3084.
- `EditorNewRoute` creates post with the author set to the current user
- added `authors` ArrayPromiseProxy (whoa, what?) to PSM
- added `changeAuthor` function that sets author and saves model when the user selects a new author
No Issue
- Do not run generateSlugPlaceholder if save has been initiated
and the title has already been set on the post. At that stage
a slug has already been generated and another API call is not
necessary.
Refs #3160
- gh-notifications component now takes an optional notify
parameter. If present it will be invoked as an action
when a notification is added or removed.
- Add a data-notification-count attribute to the main container
that tracks the number of "top" notification messages that
are currently being shown.
Closes#3279
- Switch from this.session.get('user') to this.store.find('user') and
some further limiting until a custom user adapter is created
- Switch the deactivate logic to rollback the used model
- Pass the user as the model in the link-to in user list template
Reverting the placeholder that was introduced in #2734 to fix#1623. We should handle this intelligently by automatically interpretting the input and using validation if we can't. The user should not have to know or care about what http is.
Regardless off any of the above, we should not be introducing user-facing text like this without proper consideration. A placeholder of "http://ghost.org" is far more confusing than no placeholder at all. It also looks like a cheap promotional tactic on our part.
Closes#3145
- Prevent navigation to the setup screen if Ghost setup
has previously been completed.
- Fix templates that were incorrectly using foreach instead of each.
- Add validation for minimum password length.
- Fix up functional tests and split out tests for setup to a separate
instance of casper because setup requires a new database.
- Add a cleanDatabase task to grunt which resets the database to
new.
This is for both the global styling and the alternate version in the PSM for the author dropdown.
- `<select>` elements are note more accessible, with :focus support
- They no longer need a data-attr to show the currently selected item
NOTE: Does not work in Firefox. Yet.
Refs #3161
- Move two inline template snippets from the post tags input
component into the .hbs template file so they can be
pre-compiled. Needed when shipping only the handlebars runtime
in production mode.
Closes#3105, Closes#3175
- Removed notification on successful post's `page` status change
- Removed notification on successful post `featured` status change
- Added `closePassive()` notifications on error in the post-settings-menu
- Persistent notifications will close whether their `DELETE` request was
successful or not.
#### Misc
- Added `name` attribute to `post-setting-menu.hbs` inputs to facilitate testing
- Removed `return <Promise>` from action in `PostSettingsMenuController`. Actions should only return `true`
- Toggling `post.featured` won't fire NProgress.
closes#3252
- added `/ghost/api/v0.1/uploads/` endpoint
- removed upload method from `controller/admin.js`
- moved removal of temporary files from storage to endpoint (needed to
account for failed uploads)
- changed and moved tests
- Oversight: I think that we use `.otherwise()` and `.catch()` a bit
too extensive and mask the real error objects. We probably need an
error handling strategy at some point in the future.
Closes#3254, closes#3138, closes#3245
### Settings Routing and View refactoring
- Refactored `SettingsView` to handle transitions between mobile and desktop layouts
- `SettingsRoute` will only transition to `settings.general` if the screen is large enough to show both the menu and the content
- Added `SettingsIndexView` to handle showing the settings menu on mobile screens
- Added `SettingsContentBaseView` to be inherited by any settings view that is not index.
- Updated Settings templates appropriately to work with new views
- Removed extraneous `active` class from `settings-content`
- Changed settings menu to use `gh-activating-list-item`
- Retooled settings tests
### Mobile Utils
- Renamed file to `mobile.js`, since it's inside of `utils/`
- Added `mobileQuery` MediaQueryList to help detect layout changes
- Removed unused `hasTouchScreen`, `device.js` should be used instead.
- Removed unused `smallScreen` function
- Moved FastClickInit to codemirror-mobile
Closes#3271
- Change validations on both server and client to allow the
Website field to be empty or a valid URL.
- Add new schema validation helper isEmptyOrURL.
- Remove duplicate call to UserValidator in the save action
of the SettingsUser controller.
- User.last_login and User.created_at are already Moment objects
so Moment#fromNow can be called on them directly.
closes#2422
- updated to use new change password method
- have all save settings use notifications
- create assetUrl helper for creating asset paths with subdir's properly
prefixed
- move all url based helpers onto a url object in ghost-paths
Closes#3037
- Created `NProgressSaveMixin`, which extends the `save` method of a model
to fire NProgress.
- Extended `UserModel`, `PostModel`, and `SettingModel` with the new
mixin.
- NProgress can be disabled by passing an options hash to the save function with the `{disableNProgress:true}`
- Now that the ValidationEngine isn't the only thing playing with options inside of `model#save`, refactored it to pass the options down the super chain.
Closes#3246
- Add a UserValidator to the validation engine that runs a set
of validations based on the user status.
- Added validations for invited users and active users.
Issue #3160
- Use notifications API to display available update notification.
- Remove update_notification handlebars helper as now both the
check for an available update and the notification handling
is run from the server's admin controller index method.
- Bind the notification's location property to a css class
for styling.
- Refactor Ember notifications to better handle notification
objects. Move responsibility for css class generation onto
the notification component.
- Refactor gh-notifications component to take a location argument
that's used to assign a css class and filter notifications.
closes#3136
- moved setup to authentication API
- added `POST /ghost/api/v0.1/authentication/setup` to execute the
setup process
- added `GET /ghost/api/v0.1/authentication/setup` to check if blog is
already set up (needed for #3145)
- removed unused methods from api/users.js
Closes#3226
- Remove dependent property from the computed content property
that is used to build the active theme selector.
- Add validation to the Settings model so that it rejects
attempts to set an activeTheme that is not installed.
fixes#3214
- new ```resendInvite``` method on the User model encapsulates all logic
- only sending users email address when re-inviting, since the user already exists on the back-end
- ```revoke``` calls DELETE on /ghost/api/v0.1/users/:user_id
Closes#3110
- Created `ApplicationView`
- Added `js-close-sidebar` classes to navbar navigation links
- Clicking on a navigation link in the sidebar will close it
Closes#3079
- new controller and template for invite-new-user-modal
- actually triggers email invite via POST /ghost/api/v0.1/users/
- setting default language value (on the client) when creating a user
- only available role is "Author" - pending 3196
- updates to UsersIndexController to allow dynamic property calculation and template rending
Fixes#3078
- new "users" resource, with matching controller and template
- fetching real data from /ghost/api/v0.1/users/
- updated "user" route to accept a :slug as a URL parameter
- updated labels everywhere (from "user" to "users")
- updated "profile" link to header to point to proper "users/:slug" route
- updated core/client/.jshintrc to recognize moment as a valid global function
- adjusted DOM selector used in Casper to properly identify the new screen
- adding "slug" as a new property of the user data used during the Casper functional tests
Closes#2868
- Uses jQuery's `.fadeOut` whenever a popover is closed.
- Reordered `gh-popover`'s code into something a bit more logical and, if
I may, pretty
- Renamed `open` property into `isOpen`. `isOpen` should only be
manipulated via `close()` and `open()`
- Added `closing` property to help track state in the case of rapid clicks
on a popover's button, allowing us to abort
` Added `open()` function
Closes#3122
-Fix validation so that all values are validated instead
of just values that evaluate to true.
-Ensure validation methods consistently return promises
and switch error handling from try/catch to promise.catch
to get rid of unhandled rejection warnings.
-Add 0 and 1 to list of acceptable values in boolean validation.
Closes#3158, Closes#3143, Closes#3134
- Added `model.rollback()` when PSM fails to save.
- Added `showErrors` and `showSuccess` helper functions to PSM to abstract
closing and showing of notifications.
- Added `togglePage` action to indirect the setting of `page`.
- Removed `isStaticPage` property in favor of `togglePage` action
- moved `updateSlug` error catching to outer promise (slugGenerator promise)
- modifying the `page` and `published_at` properties will no longer cause a new post to save
- Close passive notifications on published date parse fail
- Removed promise creation in catch statements
- Changed tests to click on label, rather than the input for
.post-setting-static-page.
closes#3162
- removes injection of user object in application route's beforeModel
- removes injection/cleanup of user object in signedIn/signedOut actions
- removes loading of user and passing to signedIn action in signup/setup controllers
- adds 'user' property to session object
- updates header nav to reference session.user
- sets model of settings/user route to session.user and forces reload
- on leaving settings/user, rollback any unsaved changes
Closes#3169
-Replace javascript methods that are not available on all
supported browsers with lodash methods.
-Add returns to transitionTo calls in cases where the model
hook should stop executing immediately.
No issue
-Call notifications.closePassive after the resolution of the
promise that generates the notifications. Otherwise multiple
promises can stack up after notifications have been cleared,
which results in a bunch of stacked notifications.
-Remove some unnecessary propagation of rejected promises from
action handlers that can result in unhandled reject errors.
Previously, hovering the markdown help button when the editor is on mobile tab mode, it disappeared as it was the same colour as the background. It's now the same colour as the inactive tab text.
closes#3057
- add Notification model
- update injected Notifications object to handle persistent notifications
- load server notifications on setup if logged in otherwise on successful sign-in
- changed all existing notifications.closeAll calls to closePassive
- fixed dismissable/dismissible spelling in server API & tests
- add notifications.closeNotification method so DELETE calls can be made for server-originating notifications
closes#3056
- Remove clientold
- Remove clientold tests
- Cleanup old admin helpers
- Remove old routes from admin and controllers from admin controller
- Comment out / remove old and broken tests
- Cleanup Gruntfile.js, bower.js, package.json etc
Still TODO:
- cleanup / add removed tests
- do we still need countable?
closes#3153
- this is all about the validation engine
- add a option, `opts.model`, to use a passed-in model directly if needed
- handle validators that return an array of strings, array of objects, or both
- ajax util returns either an array of errors or a single concat'd string
- remove formatErrors function from the mixin and make it private
- allow validation options to be passed into `.save()` since ember-data doesn't take params on `.save()` anyway
- streamline control flow
Closes#2843
* Implemnted the ember validator correctly for both reset request and actual reset (with the token)
* added reset validator
* changed the request route addresses to be `/authentication/passwordreset`
* changed the format of data to be `{ thing: [ {data } ] }`
Missing:
* notifications
* tests for these use cases
closes#2759closes#3027
- added oauth2orize library for server side oAuth handling
- added ember-simple-auth library for admin oAuth handling
- added tables for client, accesstoken and refreshtoken
- implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant
- updated api tests with oAuth
- removed session, authentication is now token based
Known issues:
- Restore spam prevention #3128
- Signin after Signup #3125
- Signin validation #3125
**Attention**
- oldClient doesn't work with this PR anymore, session authentication
was
removed
- PostsController orderBy function sorts posts with isNew to the top, otherwise their undefined dates fail to compare
- also catch when `updated_at` is undefined, happens when model is being written with results from the server
- catch objects of type Error in validation engine, helps catching client errors
- join server errors with BR tag in ajax util
- add `emberBuild` task to `grunt test-functional`
- add a test helper, `thenTransitionAndWaitForScreenLoad`, to test transitioning to major parts of the app
- add a test that transitions from Content to the Editor, and back to Content
closes#3131
- create a hook in the editor controller that fires on a model's save events
- use this hook to perform all the things that need to happen on save, regardless of where the save originated
- remove logic from instances of model.save() that now belongs in the modelSaved hook
- detach the model event listeners on willTransition in the editor routes
closes#2998
- update PostSerializer to use DS.EmbeddedRecordsMixin
- create PostAdapter to include include=tags in query params for POST and PUT
- set include=tags for various GET post requests
- change PostModel to have { embedded: always } instead of { async: true }
- update Ember-Data to beta8 from beta7
- make call to get tags from model in editor.edit route synchronous since the tags now exist in the store
- change casper test to wait for call to posts api with `?include=tags`
fixes#3072
- Change router to handle /ember/setup/
- Adjust doSignup to also handle setup
- Adjust tests and add new where necessary
- Add setup controller, setup validation, setup route
- Adjust casper emberSetup to handle new setup