Commit Graph

8703 Commits

Author SHA1 Message Date
Naz Gargol
5cc441e720
🐛 Fixed contributors being able to delete draft posts as co-author (#10239)
closes #10238

- The user of contributor role should not be allowed editing a post while not being a primary author
2018-12-04 13:31:02 +01:00
Rishabh Garg
bf295a96a8
Added configuration controller to v2 API (#10056)
refs #10060
2018-12-04 09:27:36 +05:30
Rish
033ddf1b43 🐛 Fixed site changed webhook not triggered for scheduled posts
closes #10226

- Middleware emits site-changed event used to trigger webhook, was configured to v2 admin api only.
- Change allows all versions of api to emit event in case of cache invalidation
2018-12-04 09:39:41 +07:00
Sumedh Nimkarde
8b816af1c2 🐛 Fixed invalid imported subscribers count (#10229)
closes #9987

- Fixed the count of invalid records when importing single column csv of subscribers
2018-12-03 20:45:55 +01:00
Katharina Irrgang
fc21b25895
🐛Fixed auto redirect for extra data queries on post and page resources (#9828)
closes #9791

- we only made use of the redirect middleware, who detects if a redirect should happen, for taxonomies (tags, authors)
- `data: page.team` will now redirect too
- `data: post.team` will now redirect too
- you can disable the redirect using the long form
2018-12-03 20:31:48 +01:00
cotko
65a66ac007 Included relations if static resource is post | page (#10148)
refs #10082

- this is a requirement if a static route represents a single resource

e.g. `data: page.team`

- the page resource will no longer live on it's original static url
- instead, it now lives somewhere else
- that means the whole site needs to act the same than the original static url
  - the resource does not contain any relations
  - we don't forward the correct context (page, post, user?)
- we override the `include` property for now
  - need to wait for more use cases or bug reports for this controller
- more changes will follow asap
2018-12-03 19:26:21 +01:00
Fabien O'Carroll
ed77192457 Renamed API -> Api for v2 auth logic (#10142)
closes #10120
2018-12-03 18:08:57 +01:00
Dilan Guneratne
6bc658be9b 🐛Removed user reference warning from importer report if post is a draft (#10169)
refs #9584

- The Importer checks if a user reference is null. But if the post is a draft and published_by is null, we should ignore the user reference detection.
- This change will avoid showing an incorrect user reference warning in the importer report for draft posts.
2018-12-03 17:48:03 +01:00
Kacper Duras
7c1840f025 🐛 Fixed edit permission of the common article by multiple authors (#10214)
closes #10212
2018-12-03 17:44:23 +01:00
John O'Nolan
7aa8251b80 Updated npm keywords (#10217)
no issue
2018-12-03 12:04:05 +01:00
Rish
3017959b2f Version bump to 2.6.2 2018-11-27 18:33:56 +05:30
Rish
909972092f Updated Ghost-Admin to 2.6.2 2018-11-27 18:33:56 +05:30
anaplian
c539d39875 🐛 Fixed missing 404 for unknown API routes (#10070)
closes #10020

* Append trailing slash to version path
2018-11-26 16:35:38 +07:00
Katharina Irrgang
e48c28b98f 🐛 Protected Ghost blog against invalid uploaded routes.yaml (#10100)
* 🐛  Protected Ghost blog against invalid uploaded routes.yaml

no issue

- e.g. you upload `filter:tag=this is a wrong filter value`
- ask the url service if it has finished it's work to ensure the upload was successful
- wait 5 seconds till Ghost will bring back the last uploaded valid version

* fixed test
2018-11-26 16:28:22 +07:00
Nazar Gargol
ec0a58b6f7 Version bump to 2.6.1 2018-11-20 18:21:48 +01:00
Nazar Gargol
1424179345 Updated Ghost-Admin to 2.6.1 2018-11-20 18:21:48 +01:00
Rishabh Garg
e2e5353ea9
Updated error message log and lastTriggeredError for webhook requests (#10147)
closes #10145

- Updated lastTriggeredError message in case of failure
- Removed GhostError in case of request failure and added proper warning
2018-11-20 12:13:35 +05:30
Fabien O'Carroll
db34297a74
Added string size comment to schema.js (#10179)
no-issue
2018-11-19 17:29:31 +07:00
Katharina Irrgang
090a936e16
Moved raw order for author filtering to correct place (#10166) (#10171)
refs #10105

- ordering !== filtering
2018-11-15 16:17:51 +01:00
Katharina Irrgang
e89a27f3ab
Replaced options.where GQL statements with filter notation (#10160)
refs #10105

- `options.where` is an older deprecated logic
- before the filter language was invented, Ghost generates statements for knex
- if we want to replace GQL with NQL, we can't generate these statements
- they are not understood from NQL, because NQL uses mongo JSON
- go through usages and rewrite the statements
- invent `extraFilters` for now
- we need to keep the support for `status` or `staticPages` for now (API requirement)
- IMO both shortcuts in the extra filters should be removed in the future

This commit is required for https://github.com/TryGhost/Ghost/pull/10159!
2018-11-15 15:53:24 +01:00
Katharina Irrgang
2e81852b22
Moved raw order for tag filtering to correct place (#10166)
refs #10105

- ordering !== filtering
2018-11-15 15:27:31 +01:00
Fabien O'Carroll
95ba6a55ec
Checked options.include when filtering tags (#10163)
no-issue
2018-11-14 17:54:15 +07:00
Rishabh Garg
b2201d4179 Removed formats from private posts in content api (#10154)
closes #10118

All behind a members labs switch for now

* Added filter for member only content

* Updated frame context

* Cleaned up members content check

* Cleanup

* Cleanup

* Ensured members filtering works without include=tags

* Protected against missing query

* Fixed usage of include vs withRelated

* Moved includeTags logic for members behind members flag to use tags

* Cleanup

* Update input serializer dependency

Co-Authored-By: rishabhgrg <zrishabhgarg@gmail.com>

* Added some explanations
2018-11-14 14:32:14 +07:00
Kevin Ansfield
2f4b2151b3 Version bump to 2.6.0 2018-11-13 12:51:06 +00:00
Kevin Ansfield
c8c4842ba8 Updated Ghost-Admin to 2.6.0 2018-11-13 12:51:06 +00:00
Nazar Gargol
28a686a936 🐛 Fixed image optimisation for input image being smaller than optimized one
closes #10144

- When the input image is well optimized and has smaller byte size than the processed one it's still being used
- Bumped sharp version to have access to `size` property
2018-11-13 13:19:31 +01:00
Fabien O'Carroll
8046f4d437
🐛 Fix last seen for users (#10141)
* Added updateLastSeen method to user model

refs #10138

* Refactor codebase to use user.updateLastSeen

refs #10138

This is to ensure all updates go via the same method, meaning any
specific logic can be handled in one place, it also helps with grepping
the codebase to find where this occurs

* Created updateUserLastSeen middleware for v2 admin

refs #10138

This is intended to be used with the v2 admin api and _possibly_ the
content api, to give us an accruate report on thelast time a user access
a ghost instance.

* Wired updateUserLastSeen up to v2 Admin API

closes #10138

* Fixed broken test for v2 admin api

no-issue

This test was broken because it was incorrectly testing for a method to
be called exactly once - this was irrelevant to the functionality being
tested for.

* Updated user check method to set status to active

no-issue

* Debounced the updateUserLastSeen middlware an hour

no-issue

* Resolved some PR comments
2018-11-13 18:27:10 +07:00
kirrg001
fb3c375e74 Bumped knex-migrator to version 3.2.4
refs https://github.com/TryGhost/Ghost/issues/10155
2018-11-13 12:00:40 +01:00
Rishabh Garg
75f243a3a2
Added migration for webhook permissions_roles fixtures (#10153)
closes #10152

- Added new migration for webhook permissions_roles relations
2018-11-13 14:35:37 +05:30
Andrei Korigodski
201a2b8510 Updated README.md: docs links (#10150)
no issue
2018-11-13 08:38:35 +01:00
cotko
002a135962 🐛Fixed order being ignored in routes.yaml file (#10146)
no issue
2018-11-12 20:24:12 +01:00
Sumedh Nimkarde
f3e9218ee3 🎨 Modified slack webhook payload, added info about published post (#9850)
closes #8936

- Modified the slack webhook payload to provide more info about a published post
2018-11-12 13:04:50 +01:00
Rishabh Garg
f2b44322a3
Enabled members lab setting for developer experiment flag (#10132)
closes #10114
 
* Members lab enabled to be always true behind developer experiments flag

* Members lab set to true for themes behind developer experiments flag

Note: This change uses hard-coded labs value for members based on enableDeveloperExperiments flag, ideal implementation for later is to pick those value from settings.
2018-11-09 17:12:21 +05:30
Fabien O'Carroll
f660b6a77b
Wired up Members auth to the Content API auth (#10129)
closes #10113
2018-11-08 16:57:42 +07:00
kirrg001
8739749fd0 Updated commit message convention
no issue
2018-11-08 15:09:55 +07:00
Fabien O'Carroll
93781a0e78 🚧 Authorized Content API requests with req.member
closes #10111

The members labs setting is required to be set for req.member to be
considered valid authorization
2018-11-08 13:34:29 +07:00
Fabien O'Carroll
2e922808e8 ♻ Updated naming for Content API specific middleware
no-issue

This is because the Content API will eventually be accessed not just
from Content API keys. The addition of a Content API specific
authorization middleware is because:
1. content api should not authorize based on req.user
2. content api will need separate authorization than admin api
2018-11-08 13:34:29 +07:00
Fabien O'Carroll
7323258415 🚧 Added req.member to the v2 api context object
closes #10112
2018-11-08 13:32:41 +07:00
Fabien O'Carroll
2a6e9aac55 🚧 Created members auth middleware
closes #10110
2018-11-08 13:32:09 +07:00
Fabien O'Carroll
e0f31c67ba Installed jsonwebtoken@8.3.0 2018-11-08 13:32:09 +07:00
kirrg001
26fe808b77 Version bump to 2.5.0 2018-11-07 16:19:44 +01:00
kirrg001
9f165bbef8 Updated Ghost-Admin to 2.5.0 2018-11-07 16:19:44 +01:00
John O'Nolan
9f7295853f Changed casper.ghost.org to static.ghost.org references (#10109)
no issue

Assets moved from gh-pages to https://github.com/tryghost/static and hostname changed, redirects already in place. Can be tested on https://demo.ghost.io (image should all work fine, try visiting one directly to verify redirect works)
2018-11-07 15:50:38 +01:00
Katharina Irrgang
c15a473ac8
📌 Pinned Node v10 to ^10.13.0 (#10125)
no issue

- see/reason https://nodejs.org/en/blog/release/v10.13.0/
- https://github.com/TryGhost/Ghost-CLI/releases/tag/1.9.8
2018-11-07 15:43:01 +01:00
Katharina Irrgang
ff6bf5f318 Renamed /users to /authors for Content API V2 (#10096)
refs #10061

- Made /authors endpoint available in Content API V2
2018-11-07 15:29:37 +01:00
Rishabh Garg
3b8621e19c Added slack controller to v2 API (#10086)
refs #10060

- Added slack controller to v2 admin API
- Added new API test for slack API controller
2018-11-06 23:20:43 +01:00
Naz Gargol
ec03b3cfc5
Content API v2 date formatting (#10095)
closes #10065 

- Added UTC offset to dates returned by Content API
- Added test checking new format is compatible with Admin API
- Refactored output serializer mapping logic
2018-11-06 16:12:12 +01:00
Rishabh Garg
7b38986316 Removed mobiledoc format from Content API V2 response (#10098)
closes #10097

- removed formats `mobiledoc` option directly in post input serializer for v2 Content API
2018-11-06 14:39:16 +01:00
kirrg001
46c806358b Extended resource lookup in {{get}} helper
refs #10061

- prep task to add authors for content API
2018-11-06 14:08:13 +01:00
Rishabh Garg
3345618731
Added helper to check for content API (#10104)
no issue

* Added helper to check if API called is content API
2018-11-06 17:36:22 +05:30