fixes#3716
- change the importer to not override any user details
- only set published_by if it is not already set
- import users before anything else
- process the import and map user ids to existing users
- test fix - owner should have owner role
- test fix - catch invalid success in importer
Closes#3100
* Introduces `destroyByAuhor`, given a context and an id, it will check if context has permission to delete the user by the id, and then deletes all the content where `author_id` is id, and then deletes the user
* Does multiple checks to make sure user exists
* Added a fixture `posts:mu` that creates 4 users belonging to 4 roles, 50 posts that have authors evenly distributed, 5 tags and all 50 have one tag attached to it, evenly distributed.
Caveats / questions
* Started testing
refs #3083, #3096
In order to implement advanced permissions based on roles for specific
actions, we need to know
what role the current context user has and also what action we are
granting permissions for:
- Permissible gets passed the action type
- Effective permissions keeps the user role and eventually passes it to
permissible
- Fixed spelling
- Still needs tests
fixes#3275, fixes#3290, ref #3086, ref #3084
- Ensure that we use the current logged in user and not just user 1 when
- removing hard coded user: 1 except where absolutely necessary
- passing context, rather than user to models
- base model has a new function to determine what id to use for created_by etc
Refs #2170
This removes the circular dependency problem from our models thanks to
https://github.com/tgriesser/bookshelf/issues/181
- add the registry plugin
- switch all models and collections to be registered
- switch relationships to be defined using a string, which calls from the registry
Closes#2798
-fetch full model for active post in Backbone content preview view
-remove unnecessary type check in Models.Post.saving
-add functional tests for all post settings menu actions in editor screen
-add functional tests for all post actions in content preview
screen for posts with and without tags
closes#2610, refs #2697
- cleanup API index.js, and add docs
- all API methods take consistent arguments: object & options
- browse, read, destroy take options, edit and add take object and options
- the context is passed as part of options, meaning no more .call
everywhere
- destroy expects an object, rather than an id all the way down to the model layer
- route params such as :id, :slug, and :key are passed as an option & used
to perform reads, updates and deletes where possible - settings / themes
may need work here still
- HTTP posts api can find a post by slug
- Add API utils for checkData
Closes#2738
- Re-introduce the TargetModel.permissable interface check in the
regular permission flow path
- Pass loadedPermissions, hasUserPermission and hasAppPermission to
permissable interface to reduce logic necessary
- Refactor recursive call to pass original arguments but with actual
model
- Refactor canThis(this.user) use in api/posts.js to just canThis(this)
closes#2653
- enforce strict whitelists for model methods
- create a class method that reports a model method's valid options
- create a class method that filters a model's valid attributes from data
- create a class method that filters valid options from a model method's options hash
- The API has the BREAD naming for methods
- The model now has findAll, findOne, findPage (where needed), edit, add and destroy, meaning it is similar but with a bit more flexibility
- browse, read, update, create, and delete, which were effectively just aliases, have all been removed.
- added jsDoc for the model methods
closes#2609
- added include parameter to api.posts.*
- changed toJSON to omit objects that are not included
- added include parameter to admin
- added include parameter to frontend.js
- updated tests
- removed duplicate code from posts model
**Known Issue:** It is not possible to attach a tag using an ID.
Closes#1563
- Add new updatedAttributes() functionality to base models
- Update Post.edit(...) to pass along _updatedAttributes values
- Update Post.delete to set statusChanged to true
- Add checking for statusChanged to cacheInvalidationHeader()
- Update route tests that check for cache invalidation header
Closes#2608
- added toJSON method override for post model
- in the event no expanded author relation is present the id will be used
- removed author_id from expected response JSON for posts.
- updated integration tests to check for existence or not of author and author_id
closes#2604
- moved ‚pagination‘ to ‚meta‘ property
- added response test for pagination property
- changed ‚next‘ and ‚prev‘ to be set to null and exist on every
response
- removed unnecessary call to API for RSS author
closes#2264
- added permissions check to db, users and posts
- added register method to users
- added doesUserExist method to users
- added user from session to internal calls
- changed permissible to overwrite canThis
- removed action map and action type from permissable method
closes#2058
- fixed apiContext as suggested in the issue
- added user to options object for models
- added api.users.register() for public registration
- changed models to use options.user for created_by, updated_by,
author_id and published_by
- added override to session model to avoid created_by and updated_by
values
- added user (id: 1) to tests
- added user (id: 1) for registration
- added user (id: 1) for import, fixtures and default settings
- added user (id: 1) for user update
- added user (id: 1) for settings update (dbHash, installedApps, update
check)
- updated bookshelf to version 0.6.8
closes#2138
- Adds new models for AppField and AppSetting
- Removed permitted attributes from App model (handled by base)
- Added reference from Post to AppFields
- Added fixture data to DataGenerator
- Added integration tests for Apps, AppSettings, AppFields
- Added import for Apps
- Added app_fields to default fixtures
- Pass permissions loading to buildObjectTypeHandlers to eliminate
shared state
- Load both app and user permissions to check
- Check app permissions if present
- Create apps table and App model
- Move effectiveUserPermissions to permissions/effective
- Change permissable interface to take context; user and app.
- Add unit tests for app canThis checks and effective permissions
closes#2580
- added new format to post API methods
- added post object parsing and wrapping to admin
- removed unused ‚user‘ object from API response
- updated tests
closes#2148
- Added core/server/xmlrpc.js
- Hook into post::saved to ping when a published post gets saved
- Added node package to hook into http requests
issue #2312
- The typography extension is still interfering in HTML blocks, reference style links and other bits and pieces it probably shouldn't be :(
- We'll add it back when it's ready.
fixes#2272
- Remove libraries from shared/vendor
- Remove libraries from client/assets/vendor
- Add bower to package.json and postinstall
- Add bower.json with dependencies
- Add scripts from bower_components to concat/uglify
- Fix tests
- Serve jquery from /ghost/built/theme/
#closes #1655
- removed models as parameter for bookshelf-session
- changed to read permittedAttributes from schema.js
- changed updateTags to be executed at saved event
- added validate to execute after saving event
- added test for published_at = null (see #2015)
- fixed typo in general.hbs
fixes#2111
- modified Post model to support a tag query
param that will filter the desired post collection
to only include posts that contain the requested tag
- in the updated Post model it includes the Tag model
under a nested object called 'aspects'
- added tests for updated Post model, updating
test utils to add more posts_tags relations
- adds two new routes to frontend,
one for initial tag page,
another to page that tag page
- for tag pages the array of posts
is exposed to the view similarly
to the homepeage
- on the tag view page the information
for the tag is also accessible
for further theme usage
- the tag view page supports a hierarchy of
views, it'll first attempt to use a tag.hbs
file if it exists, otherwise fall back
to the default index.hbs file
- modified pageUrl and pagination helper
to have it be compatible with tag paging
- added unit tests for frontend controller
- added unit tests for handlebar helper modifications
- add functional tests for new tag routes
issue #2015
- this is another little workaround / improvement to try to reduce the number of people who end up with a published post with no published_at set
- I assume we need to complete #1655 to fix this properly
Fixes#1907
Refactored `updateTags` to correct a loop issue where the `insert`
method was mistakingly being passed rather than `update`, triggering a
duplicate PK SQL error.
#1351
- prevent a new post (not saved on server) from
updating its slug/date to the server
- fix jshint
- add back creation of a posts slug upon a post creation
- update for rebasing
- hide ability to ‘delete this post’ from post settings
menu when a post hasn’t yet been saved to the server
issue #1378fixes#1328
- xss santization does some odd things. This isn't needed until we have multi-user support, and we are investigating better solutions.
closes#1303
- removed where and orderBy from being passed from the API through to bookshelf, and ultimately knex
- ordering is now consistent across both front and backend, which fixes#1303
- validated / cleaned up all the API parameters
- added API tests for the status and staticPages parameters
