Commit Graph

16275 Commits

Author SHA1 Message Date
Matt Hanley
1fabd76391 Added newsletter permissions for Editors and Authors
refs https://github.com/TryGhost/Team/issues/1618

- Editors and Authors require read access to newsletters as part of the publish + send workflow
2022-05-12 14:46:55 +01:00
Matt Hanley
78d1132b13
Updated theme card asset default setting (#14789)
refs https://github.com/TryGhost/Team/issues/1611

- For Ghost 5.0 card assets will be included by default, including bookmark and gallery cards
2022-05-12 14:44:31 +01:00
Rishabh Garg
725c2673ea
Added offer read endpoint to content API (#14794)
refs TryGhost/Team#1599

- allows offer details to be fetched via content API directly
2022-05-12 18:16:10 +05:30
Simon Backx
3214186f98
Improved newsletter limit checking (#14780)
refs https://github.com/TryGhost/Team/issues/1583

- Check limits when unarchiving newsletters
- Added tests for more scenarios
- When editing/adding newsletters, the limit check happens in the same transaction.
- `limit-service` was bumped to add transactions support
- Added transaction support for edit in newsletter service
2022-05-12 14:28:45 +02:00
Matt Hanley
3398e0d07d Added test for Author user publishing a post and sending a newsletter 2022-05-12 12:45:42 +01:00
Naz
9236b8a397 Relaxed validation rules + removed unknown properties
refs https://github.com/TryGhost/Toolbox/issues/314

- The API principle guiding this change is the Robustness Principle: "be conservative in what you send, be liberal in what you accept". The API will start accepting any additional properties that are not explicitly defined in the schema for the resource and will be trimming any rogue properties that are sent in the payload
2022-05-12 18:06:38 +08:00
Matt Hanley
371f9996f5
Fixed filter mapping from subscribed to newsletters for bulk operations (#14787)
closes https://github.com/TryGhost/Team/issues/1606

- Fixed filter mapping from subscribed to newsletters for bulk operations
- Updated members-api package
2022-05-12 10:54:20 +01:00
Naz
d3f432f745 🔥 Removed versioning from json schema validation
refs https://github.com/TryGhost/Toolbox/issues/314

- With versioned API concept being dropped there's no need to rely on a specific version in validations either!
2022-05-12 16:08:23 +08:00
Naz
7252f03824 Improved assertions
refs https://github.com/TryGhost/Toolbox/issues/283
2022-05-12 13:54:21 +08:00
Naz
a1e1feb125 Added 'Content-Version' header to outgoing webhook requests
refs https://github.com/TryGhost/Toolbox/issues/283

- The header is needed to signal to the webhook subscribers the content version they are being served. This should imrove API version compatibility and allow for the client to handle incoming data better
2022-05-12 13:54:21 +08:00
Naz
2a3be178ab Refactored trigger test to us assert instead of should
refs https://github.com/TryGhost/Toolbox/issues/283

- Should assertion library is outdated and it's preferred to use native assert to make assertions
2022-05-12 13:54:21 +08:00
Naz
21c2c5579b Refactored webhook triggering to be asyc
refs https://github.com/TryGhost/Toolbox/issues/283

- In tests we need assurance that the triggering of webhooks has been finished before making assertions. Doing this was impossible with a previous fire-and-forget style of the request call.
- The change also adds an optional "request" parameter to be able to override the request library used internally - this is purely for testing purposes.
2022-05-12 13:54:21 +08:00
Naz
67dca08df8 Refactored trigger module to be testable
refs https://github.com/TryGhost/Toolbox/issues/283

- Current trigger module handling webhook paypload delivery isn't testable! It sucks to add features to it without assurance things still work
- Apart from expanding the test suite this changeset also needs live testing - setting up webhooks etc.
2022-05-12 13:54:21 +08:00
Naz
586af2500c Fixed tests
refs f10f224668
2022-05-12 13:54:21 +08:00
Matt Hanley
2c770c4455 Added Admin integration permissions for retrieving and managing newsletters
refs https://github.com/TryGhost/Toolbox/issues/238#issuecomment-1124024042

- Admin integrations require access to managing newsletters to prevent a regression in Zapier capability
2022-05-11 18:34:33 +01:00
Rishabh Garg
3836030950
Allowed tiers include and data for member endpoints (#14790)
refs https://github.com/TryGhost/Team/issues/1145

- allows members endpoint to accept `?include=tiers`
- allows members endpoint to return `tiers` data
2022-05-11 22:26:03 +05:30
Hannah Wolfe
409dc3b534
Added frontend key to ghost_head for portal (#14782)
refs: https://github.com/TryGhost/Team/issues/1599
refs: f3d5d9cf6b

- this commit adds the concept of a frontend data service, intended for passing data to the frontend from the server in a clean way. This is the start of a new & improved pattern, to hopefully reduce coupling
- the newly added internal frontend key is then exposed through this pattern so that the frontend can make use of it
- the first use case is so that portal can use it to talk to the content API instead of having weird endpoints for portal
- this key will also be used by other internal scripts in future, it's public and therefore safe to expose, but it's meant for internal use only and therefore is not exposed in a generic way e.g. as a helper
2022-05-11 17:34:31 +01:00
Rishabh
2e8c66d93c Cleaned enforced filter logic for newsletters model
- removes ambiguity from the logic
2022-05-11 21:39:33 +05:30
Rishabh Garg
9f85f7a4fe
Added newsletters endpoint to Content API (#14778)
refs https://github.com/TryGhost/Team/issues/1599

- allows active newsletters data to be fetched via content API
2022-05-11 21:36:43 +05:30
Simon Backx
837e11b4d8
Fixed email preview using wrong newsletter (#14756)
refs https://github.com/TryGhost/Team/issues/1603

When previewing a scheduled/published post via Post editor menu > E-mail newsletter > Preview in browser. The e-mail template from the default newsletter was used instead of the newsletter that was selected when scheduling the post.
2022-05-11 17:52:24 +02:00
Simon Backx
23c88d250e
Readded notEnoughPermission message in post model (#14759)
no issue

The message was removed somewhere, but the git history looks to be modified so I couldn't find the reference to when and why it was removed (the message seems to be added and removed in the same commit).

Added in: e849167472
No reference to where it was removed. But after the same commit above, it wasn't present any longer.
2022-05-11 17:52:06 +02:00
Hannah Wolfe
196b8ad0da
Removed active_timezone, default_locale & locale compat (#14788)
- These settings no longer exist, having been renamed to timezone and lang
- As of 5.0 we no longer need any kind of backwards compatibility outside of the importer
- We making breaking changes and cleaning up as many old code paths as possible 
- We have not really exposed the admin Settings API, meaning backwards compatibility was more for internal use
- We will be changing lang back to locale, but that's a separate issue and won't need backwards compatibility
2022-05-11 16:22:25 +01:00
Matt Hanley
ae45579903 Promoted feature flags for v5 features to GA 2022-05-11 15:55:15 +01:00
Hannah Wolfe
b29852b012
🔥 Removed support for http/https mixed mode (#14783)
closes: https://github.com/TryGhost/Toolbox/issues/324
refs: https://github.com/TryGhost/Ghost/issues/14446

- Currently, if url is configured to http but a request is marked secure, Ghost will handle upgrading all internal URLs to https so that there are no mixed content warnings
- From 5.0 that feature is going away, in favour of strictly honouring the configured URL
- Ghost will serve URLs exactly as configured and won't upgrade http to https anymore
- This use case was common when Ghost was first built, but in 2022 the web is mostly https.
- The code needed to support the feature creates a lot of additional complexity & maintenance overhead, so removing this gives us space to do more cool and useful stuff in 2022
2022-05-11 14:53:23 +01:00
Daniel Lockyer
84a10daebf
🏗 Dropped webhooks.status column (#14713)
refs https://github.com/TryGhost/Toolbox/issues/309

- this column is not used and I was going to add `validation` to it but
  it's better to clean it up and re-add the column if we need it again
2022-05-11 14:11:47 +01:00
Rishabh
7ab00c8eda Updated admin api schema for tiers
- added `id` and `description` to tiers schema
- added `tiers` column to members schema
2022-05-11 16:14:10 +05:30
Hannah Wolfe
412d290a30
Refactored async helpers to use async/await (#14781)
- async/await makes the code easier to read
- also means we can get rid of usages of Promise, and some unnecessary usages of Bluebird
- this refactor is done for the 4 async helpers and the code that wraps async helpers so the whole pipeline is async/await and more understandable
2022-05-11 09:51:38 +01:00
Naz
961e300e77 Fixed tests
refs f10f224668
2022-05-11 16:18:12 +08:00
Naz
f10f224668 Improved version mismatch notification email copy
refs https://github.com/TryGhost/Toolbox/issues/292

- Copy improvements were done base on feedback. Makes the information in the email more concise and removes unecessary/unsecure bits like query strings.
2022-05-11 10:53:42 +08:00
Hannah Wolfe
c5ba27e2b5
Added initial concept of calculated settings (#14766)
refs: https://github.com/TryGhost/Team/issues/626

- calculated settings are simplified settings (booleans) that are based on other settings or data
- they make it easier for us to determine what state features are in elsewhere in ghost e.g. admin and themes
- this duplicates some of the members config concepts in the settings service
2022-05-10 21:49:38 +01:00
Hannah Wolfe
54b4a3c351
Renamed settings index.js to settings-service.js
- in line with our policy of not keeping logic in index.js files
- Note: callign all services service.js is no more helpful :D
2022-05-10 20:55:31 +01:00
Aileen Nowak
56a1143e53 Fixed incorrect usage of limit config causing Ghost not to boot
no issue

- When applying an incorrect limits config, or missing expected values, Ghost would not boot as the errors would interrupt this process, which should not happen
- This commit catches the error thrown by the limit-service on boot sequence and transforms it into a warning if it's an `IncorectUsageError`. Other errors are handled as before
- Added a test for the limit-service service
2022-05-10 15:47:45 -04:00
Hannah Wolfe
ddb718f0bb
Fixed settingsCache returning falsy as null
refs: e68cb8b314

- a couple of months ago when improving the test coverage here I found some weird behaviour with falsey values
- turned out it didn't matter at the time because we didn't have any settings that are false
- with the introduction of calculated settings we will have: https://github.com/TryGhost/Ghost/pull/14766
- whilst building that, I found settings that should be returned as false were being returned as null
- fixing it in a separate commit to keep the work clean
2022-05-10 20:37:03 +01:00
Hannah Wolfe
bb1a5707d8
Updated eslint ecma version to 2020
- It's time, we want to be able to use more modern features, and now we're on node 14 min this makes sense
- @TODO: do this in eslint-plugin-ghost and add new rules to guard the new features
2022-05-10 20:20:02 +01:00
Daniel Lockyer
1c7d4e49c5
Disabled model auto-refresh when processing email batches
- by default, the model will auto-refresh when you save
- in MySQL, which doesn't support RETURNING, this is implemented by
  doing a SELECT after your actual query
- `email_recipients` is a huge table and `processed_at` is not an
  indexed column, so the query times can become realllyyyyyyy big
- given we don't even need the result of the model save, we can just
  disable fetching all the affected records again
- Bookshelf gives us this ability in the form of `autoRefresh: false`
2022-05-10 18:11:15 +01:00
Daniel Lockyer
bb9a797283 Regenerated HTML for posts containing a product or video card
refs https://github.com/TryGhost/Toolbox/issues/309
refs https://github.com/TryGhost/Ghost/issues/14344

- this migration will regenerate the HTML for posts that contain a
  product or video card as we experiencing a bug in the card generation
- this migration is mostly ripped from c0d82122b0/core/server/data/migrations/versions/4.0/23-regenerate-posts-html.js
2022-05-10 18:05:27 +01:00
Daniel Lockyer
ada0e7975b fixup! Added validation to posts status column 2022-05-10 18:05:18 +01:00
Daniel Lockyer
66652b6ea9 Added validation to posts status column
refs https://github.com/TryGhost/Toolbox/issues/309

- this commit adds `isIn` validation to the `status` column on the
  `posts` table, with values pulled from the model: c0d82122b0/core/server/models/post.js (L28)
- this also adds a migration to update any posts with invalid statuses
  to `draft`
2022-05-10 18:05:18 +01:00
Daniel Lockyer
ca82914052 Removed client and subscriber permissions
refs https://github.com/TryGhost/Toolbox/issues/309

- these stopped being added to the DB in v3 but there was never a
  migration to clean up existing permissions and the role link in the DB
- we now have the utils to do this cleanly, so we can drop all the
  permissions in this migration
2022-05-10 18:05:06 +01:00
Daniel Lockyer
5384944fa4
Added log line before updating user statuses
- this makes it obvious where we are in the flow and its clear we're
  inside this migration if we see that log line
2022-05-10 16:46:33 +01:00
Renovate Bot
c0d82122b0 Update dependency grunt to v1.5.3 2022-05-10 14:57:10 +00:00
Hannah Wolfe
b911c66bb6
Fixed legacyApiPathMatch not working with subdirs
- The recently refactored path matching code forgot to take into account that originalUrl can include the subdir
- Added more permutations to tests and ensured that all tests pass
- This means we don't have to worry about what sort of path we pass to the function, it'll figure out the version and api info
2022-05-10 13:57:06 +01:00
Daniel Lockyer
b7b4f8d1d1 Added migration utils for removing a permission
- this will drop the link between a role and a permission, and then
  delete the permission
- required minor refactoring to aid in creating migrations for dropping
  the links and permission
2022-05-10 13:21:26 +01:00
Daniel Lockyer
bf28721844 De-duped MIGRATION_USER constant across migration utils
- we shouldn't declare this in more than one place, even if it is a
  weird concept anyway
2022-05-10 13:05:47 +01:00
Daniel Lockyer
1c440e14b1 Split apart migration utils into separate files
- this should help organize the code a little better and frees us up to
  turn it into a separate package in the future
2022-05-10 13:05:47 +01:00
Daniel Lockyer
892408e1cd Moved migration utils.js to subfolder
- this helps makes way for splitting the file apart to make the utils
  easier to write
2022-05-10 13:05:47 +01:00
Daniel Lockyer
3b860c9b0d Switched use of migration utils to folder
- I'm refactoring the utils to make way for dropping permissions but the
  utils are in a real mess
- to aid my refactoring, I want to make the utils a folder, so the
  migrations that require utils as a file need updating
- this commit does that
2022-05-10 13:05:47 +01:00
Simon Backx
f732b0181d
Fixed last_seen updated for suspended users (#14715)
refs https://github.com/TryGhost/Team/issues/1461

- A suspended user was able to make it through the Express middlewares to the `updateUserLastSeen` middleware, until it was halted when checking the user permissions in the API pipeline. This was only the case for session logins, not for API keys.
- For API keys, the user status is checked:
6dc3f1bf56/core/server/services/auth/api-key/admin.js (L178-L181)
- In the session middleware, the `findUserById` in `getUserForSession` didn't filter on the active status of users:
be4146e324/core/server/services/auth/session/middleware.js (L22-L27)
- This has been fixed now by updating the sessionService's `findUserById` method.
2022-05-10 13:34:12 +02:00
Hannah Wolfe
f3d5d9cf6b Added internal frontend integration
refs: https://github.com/TryGhost/Team/issues/1599

- add an internal integration for Ghost's frontend to talk to the content API
- this is so that portal and future features can access our APIs through the correct mechanism of an API key
2022-05-10 11:43:07 +01:00
Daniel Lockyer
b794c6885e Deleted membersActivity flag
refs https://github.com/TryGhost/Toolbox/issues/325

- this was used for an alpha proof-of-concept for member activity data
  collection but we're rethinking the strategy so this is the easiest
  way to ensure it can't be enabled when the database table has been deleted
2022-05-10 11:19:58 +01:00