refs #5943, #5091
- split out channel config
- use config.theme instead of api calls to grab title & desc
- wrap rss call in a function which sets channel config for RSS feeds
- change rss `getData` function to use the new multiple-query-handling fetchData functionality
- make sure channelConfig is set in all tests
refs #5923
- add read-themes module to get a list of themes
- replace readDirectory() usage with readThemes(), where only themes are needed
- test read-themes
- test read-directory
- test validate-themes
- test parse-package-json
- add tempfile testing utility to generate temporary paths
closes#5492
- remove core/server/require-tree.js and split it into modules
- add read-directory module to recursively read directories
- add validate-themes module to scan themes and return errors/warnings
- add parse-package-json module to parse json and validate requirements
- rewrite core/server/models/index.js to manually require models
refs #5909, #4577
- removes accidental '.only' which was hiding issues with the findAll changes
- deleteAllContent and importer still need to use a hard 'findAll' as findPage({limit: 'all'}) doesn't have the same behaviour
closes#5872
- added random secret for new databases
- added temporary fix for existing databases
- secret is still static (`not_available`) during tests
- fixed fork mechanism to keep active environment (never change
NODE_ENV!!!)
refs #5808
- Fix the API to return a single 422 error when an invalid value is passed
- Only affects Browse, and not Read at present due to differences in how they are handled
- Frontend was changed to always 404 in #5851
- Adds tests to ensure all cases are covered
refs #5727, #5602
- Add new 'order' column to posts_tags table
- Migrate all existing posts_tags to have a correct value for 'order'
- Rewrite updateTags to not remove all tags, and to correctly maintain order
- Add transaction support for tag operations
- Many tests
no issue
- added ghost-admin client_id to admin
- added ghost-admin client_secret to admin
- added client.read() api endpoint
- added random generation of client_secret to migration
- removed addClientSecret method
- updated tests
closes#5692, refs felixrieseberg/Ghost-Azure#1
- fix broken promise code
- fix incorrect handling of hash in user.add which causes 'Error: Invalid salt version 2' if owner user fixture is not present
refs #5685, #5709
- cycle through all tags, removing leading commas and trim spaces
- if the string is empty, change to 'tag' - the slug base for this model
- if there is a change, save it
refs #5614 and #5503
- update private blog type, including update to settings.edit
- switch order of populate settings & update fixtures + populate all settings
Private blog settings should not be returned by public endpoints
therefore they need a type which is not `blog` or `theme`.
`core` doesn't suit either, as those settings don't usually have UI
To resolve this, I created a new type `private` which can be used
for any setting which has a UI but should not be public data
closes#5298
- remove all harcoded instances of jQuery throughout the front-end of the blog
- add migration function to add cdn link to ghost_foot code injection when migrating up from version 003
- migration version bump
closes#4174
- Added columns to client table in schema.js
- Bumped database version in default-settings.json
- Updated tests to support new schema version
closes#5685
- Adds client and server-side validation for tag names starting with commas
- Trim tag names before adding in PSM (tag attributes are already trimmed before saving in TSM)
closes#5567
- Fixed an issue with protocol relative URLs in the RSS feed
- Such URLs should be kept as-is and not prefixed with baseUrl
- Added corresponding test to cover this case
refs #2758
- add a set of default options to utils
- update validation function to only pass through permitted options
- pass permitted options into validate where necessary
- setup basic validation for each known option, and generic validation for the remainder
- change slug to treat 'name' as data, rather than an option
refs #1833
- move RSS tests to be in rss_spec.js
- improve RSS test coverage
- fix a bug with RSS title generation for tag RSS feeds
- replace custom code in processUrls with urlJoin
no issue
- I noticed this in CodeClimate, it was reporting errors for this file because of a dodgy char.
- Removed it and named the functions whilst I was in there :)
refs #5344
- As a result of #5344, context are pretty broken.
- This PR removes all dependence on req.route.path, and uses res.locals.relativeUrl
- res.locals.relativeUrl is used for many things and is dependable
refs #5091
- This is step one of several steps towards ending up with dynamic routes for channels
- Refactoring this way makes the similarities between all the routes clearer to see
closes#4778
- If import contains an owner that does not match original owner they are downgraded to admin
- Change error message for locked users to more generic message to account for imported users
- Adds duplicated user test
- Process Roles and maps import roles to db roles
- reduces export files in test fixtures
temp commit
refs #2330
- Pass through `options` to all toJSON calls on posts, tags, and users
- Use options.context.user to determine whether it's OK to return user.email
- Remove author.email handling code from frontend.js
refs #5091, refs #2263
- Move rss handling out of the frontend controller and into its own module
- Separate the code into logical blocks
- Wrap the generation code in a in-memory cache to prevent it being regenerated on every request
fixes#5104, refs #4348, #2263
- Create a centralised event module
- Hook it up for posts, pages, tags and users
- Use it in sitemaps instead of direct method calls
- Use it for xmlrpc calls
- Check events are fired in model tests
- Update sitemap tests to work with new code
- Fix a bug where invited users were appearing in sitemaps
- Move sitemaps and xmlrpc into a directory together
Closes#4540
- Implements drag & drop to reorder navigation items
- Adds a `sort` property to navigation items
- Adds a tiny library to enable touch events for drag & drop. It hooks onto jQuery UI.
- Sort nav items before being saved
- Adds `settings-view-navigation` to route for body class
needed for #4852
Before this, calling `{{url}}` with a nav context from #4541 would
output `/`. This adds a check in `urlFor` that looks for keys in a
nav context object, namely `slug`, `current`, `label`, & `url`.
This change allows for a url to pass through if used in a nav context.
* adds `schema.isNav()`
* adds tests to `url_spec.js`
* handles absolute urls correctly even if `absolute=true`
Closes#4792
- Made priority be 0.8 (as it currently is) for standard posts
- Made featured posts have a priority of 0.9
- Split the current test into two to check both above scenarios
closes#4691
- adds a file handler for markdown file (.md and .markdown)
- handles titles and featured images
- gets status, date, and slug from the filename
- has a test suite
ref #4608, #4609, #4690
- fix errors with cleaning up files
- improve handling of base directories, and introduce a simple valid format for zips (must contain importable files or folders, and may contain up to one base directory)
- vastly improve test coverage
closes#4608, #4609
- image handler loads in any image files & figures out where they'll get stored
- image importer has a preprocessor which replaces image paths in
pertinent spots of post, tag and user models
- image importer stores images, keeping the path where it makes sense
- basic test for the preprocessor
refs #4605, #4479
- Removes versioning from the importer
- Fixes an issue with SQLITE errors not being thrown properly for posts
- Ensures that posts have a created_at date
- Makes sure that the API wrapper is properly handled
refs #4605
- Move as much code as possible out of the DB API
- Split the importer into 2 concepts, code which handles different
filetypes and code which takes the content of files and imports it into
Ghost in some way
- Split the import process into 4 steps, load the file into a useful
format, preprocess the data, do the import, generate a report
- Reporting is currently a no-op
- Adds a basic level of testing
Closes#4611
Refactored generateXmlFromNodes to pull the urlElements itself from
sorted values in the lookup
Added some checks to existing unit tests to validate ordering.
fixes#4555
- There's no easy way to declare an XSL with the node xml module, so I
needed to move the declarations to both be strings
- Ideally the code to serve the XSL would also be inside the sitemap
module, but I think we need to refactor a bit to get there easily
- Added the XSL from #4559, with minor amends to make the tables and urls
display correctly
closes#4498
- remove toJSON code which returns only IDs from objects
- don't auto-include tags & fields in post responses
- don't auto-include roles in user responses
- fix #allthethings that made assumptions about the auto-includes, or otherwise were only working because of the auto-include
Closes#623
- Add basic init and eventing scaffold
- Add sitemap-index.xml generation
- Broke out generators to individual files, added request handler
- Add page, author and tag xml files; add index mapping
- Add SiteMapManager unit tests
- Add Generators tests
- Cache invalidation headers for sitemap-*.xml
- Redirect sitemap.xml to index and rename to sitemap-index
- Handle page convert and publish/draft changes
- Add very basic functional test for route existence
- Add cache headers to sitemap routes
No Issue
- Fix exception being thrown when updateConfigTheme called before
settingsCache fully populated.
- Remove unnecessary check in a conditional in the migration command
builder.
Issue #806
- Modify sanitize to check for duplicate posts and tags
- Update posts_tags when referencing removed duplicate tags
- Return both data and problems from importData
- Add tests for duplicate posts and tags with fixtures
Closes#4225
- If a theme is symlinked in the themes directory, follow
the symlink so that the theme object is populated correctly.
- Only do the fallback loading of theme data in the validations
module if it doesn't exist in config.
Closes#1977, Refs #3473
- Ensure that import operations are run in sequence.
Previously the operations were started in order but subsequent
ops were allowed to begin before the previous finished, which would
result in out-of-order execution.
- Fix bug in attach() where a model property was being passed in
instead of a transaction object. If the call was made when a
transaction was in process, it could cause bookshelf/knex to
hang and never finish the transaction.
Closes#3844
- Before importing, all data is checked for incorrect UUIDs. If check
fails, data is sanitized and outfitted with correct UUIDS.
- Scaffolding allows for easy implementation of additional
sanitization, should that be required in the future.
- Test included, old tests updated.
fixes#3716
- change the importer to not override any user details
- only set published_by if it is not already set
- import users before anything else
- process the import and map user ids to existing users
- test fix - owner should have owner role
- test fix - catch invalid success in importer
closes#3285
- remove apps stuff for now
- if there is a single user, behave the same as before, overriding
non-critical properties of the single owner user
- if there are multiple users, import them like normal resource
No Issue
- The method that generates a filename for the export during
a migration returns a promise, not the filename directly,
so the export file was being named [object Object].
Closes#3242
- Add checks for valid fields in tags and posts
- Add unit test with empty tag export data file
- Add unit test with empty post export data file
closes#3426
- added transfer ownership endpoint
- added owner to roles.permissible
- manually removed owner from roles.browse
- removed hard coded author role
- fixed tests that were passing due to hard coded author role
- added testUtils.setup(‚roles‘)
Closes#3281
- Add the missing return to populateDefault
- Wrap defaultSetting in [] when passing to readSettingsResult
- Populate default value of dbHash in parseDefaultSettings
- Modify migrations.init to only load databaseVersion for export_spec test
- Fix spacing in test util file and null reference error in test
- Uncomment user tests (but add .skip) and remove settings from testUtils.setup()
closes#3274
- Ensure that validation errors are always handled by moving them into the
importer
- Ensure that db errors are handled consistently across sqlite and mysql
- Change the errors to be output in a table, with a short failure notification
- Add tests for 003 importing bad files
no issue
- Refactor all integration tests to specify and load ONLY the fixtures
they require to run, rather than initialising the whole kit-and-kaboodle
for every single test which takes FOREVER.
- Refactor the route tests to share a doAuth function, and also specify
additional fixtures required
- Move import and export unit tests, which are actually integration tests
(they touch the DB)
- Comment out most of the permissions unit tests for now as they need more
stubs/mocks so as to not touch the DB
Still todo:
- prevent default DB initialisation in route tests, and specify all
fixtures requires as per the integration tests
- fix up the unit/permissions_spec
migration from usage of config() to just an object of config.
no relevant issue
- Change 'loadConfig' task to 'ensureConfig' to more accurately reflect
what it is actually doing. Its sole purpose is to make sure a `config.js`
file exists, and as such the name now reflects that purpose.
- Update config/index.js to export the ghostConfig object directly
so that it can be accessed from other modules
- Update all references of config(). to config.
This was a blind global find all and replace, treat it as such.
- Fixes to tests to support new config access method
- Allow each test to still work when invoked invidually
Closes#3196
* adds `/roles/` endpoint
* is given the current user as context
* wraps everything in a canthis.browse.role
* gets all the available roles (should "Owner" be filtered out?)
* optional parameter: `permission=assign`. Gets all roles authenticated user could assign
* if we're not signed in, gives a "please sign in" (standard) error
* if we're signed in, but user is not in the context, gives a "there was no user in the context" error
* if the user is an "Author", gives a "there are no available roles to assign" error
* implemented hacky filter because when.js produces heisenbugs past 3.2.3 (when.filter not available)
* added extra fixtures to `permissions.json`. Might need a migration.
Caveats:
* there are no tests
* for some reason the setup functional test was failing for me locally
closes#2600
- adds 2 new columns to tags, for the soon-to-land tag management UI
- fixes validation for the active bool in app_fields
- adds missing return to addColumn command
- cleanup in addTableColumn util
fixes#3275, fixes#3290, ref #3086, ref #3084
- Ensure that we use the current logged in user and not just user 1 when
- removing hard coded user: 1 except where absolutely necessary
- passing context, rather than user to models
- base model has a new function to determine what id to use for created_by etc
refs #3283, refs #2739, refs #3096
- Renames permissions which didn't follow bread
- Adds permissions for notifications, mail and tags
Still todo:
- wire up the new permissions where they are needed
- add permissions for roles
refs #2600
One day in the future it would be nice to have a CLI for Ghost
In the meantime, lets have an easy way to force migrations to run
This is for development, or dead end situations only
It will at least do a DB backup ;)
refs #2600
- fixed issue with defaults not being populated on upgrade
- added logging to all actions in the migration process to help debugging
in future
- did a little bit of refactoring
Closes#3271
- Change validations on both server and client to allow the
Website field to be empty or a valid URL.
- Add new schema validation helper isEmptyOrURL.
- Remove duplicate call to UserValidator in the save action
of the SettingsUser controller.
- User.last_login and User.created_at are already Moment objects
so Moment#fromNow can be called on them directly.
refs #2600, refs #2379
Refactoring fixtures to make permission management a little easier
- Separate fixtures into JSON file and split permissions fixtures from other fixtures
- make fixture migrations more robust by fetching objects, not relying on
ids and checking before adding
- changed owner fixture slightly to remove any confusion between the 'Owner' role and 'Ghost Owner' user.
- moved 003 fixture versions out of config into logic, possibly not a good
idea
- refactored permissions fixtures and added permissions_roles fixtures to
make it easier to read / add
This frees us up to enforce one single point of access, thus paving
the way towards allowing us to initialize the models at are request,
and not when it's require().
addresses #2170
closes#3073
- added fixture for owner role
- added fixture for initial user (new db)
- added conversion administrator -> owner (existing db)
- changed tests to take over owner user
- removed some functional tests until /setup works with owner user
Closes#3226
- Remove dependent property from the computed content property
that is used to build the active theme selector.
- Add validation to the Settings model so that it rejects
attempts to set an activeTheme that is not installed.
Closes#3122
-Fix validation so that all values are validated instead
of just values that evaluate to true.
-Ensure validation methods consistently return promises
and switch error handling from try/catch to promise.catch
to get rid of unhandled rejection warnings.
-Add 0 and 1 to list of acceptable values in boolean validation.
closes#2759closes#3027
- added oauth2orize library for server side oAuth handling
- added ember-simple-auth library for admin oAuth handling
- added tables for client, accesstoken and refreshtoken
- implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant
- updated api tests with oAuth
- removed session, authentication is now token based
Known issues:
- Restore spam prevention #3128
- Signin after Signup #3125
- Signin validation #3125
**Attention**
- oldClient doesn't work with this PR anymore, session authentication
was
removed
closes#2822
- added destroy user method
- added remove user permission
- added API end point for get reset token
- added API end point for reset password
- added API end point for change password
Closes#2061
- Lazy load the defaultSettings value in Settings model
- Populate individual defaults before read/edit
- Populate all defaults before first browse call
- Remove populateDefaults calls from init code
