Closes#2061
- Lazy load the defaultSettings value in Settings model
- Populate individual defaults before read/edit
- Populate all defaults before first browse call
- Remove populateDefaults calls from init code
closes#2354
refs #1641
- added addUnique()
- added dropUnique()
- added addColumn() -> needed for #2330
- dropColumn() is missing due to lack of knex support
- further cleanup of the migrations module
Closes#2927
-refactor exporter to export tables that exist in the
database instead of keying off of schema.js
-move some shared database utility functions into their
own module
no related issue
- Updates package.json packages, adding express middleware packages
that have been broken into their own modules
- Updates controllers/frontend.js to use the new Layer object that Express 4.0
has. Requires some monkey-patching as the Layer object isn't explicitly
surfaced, however it should be safe to do.
- Moved the setup of routes into middleware/index.js because they need to
be added as a middleware function before the 404 and 500 handlers. This is
no longer possible with the old app.use(app.router) as that has been removed.
- Cleaned up middleware/index.js to make it compatible with Express 4.0.
- Simplified the way themes are activated and enabled when they are activated.
The new handling is simpler, yet should still cover all the use cases that
previously existed.
- The entire flow of activating a theme through middleware should be a little
more centralized, letting it be easier to read and maintain.
- Moved every routes/*.js file to use an individual express.Router() instance.
Fixes#2836.
* Mailer now only handles sending email and initializing settings. Instead of adding new notifications there, it just sets flags on its own object.
* Mailer now checks for the presence of "to". If there is none, it fails. You should really pass a full mail object complete with "to", "subject" and "html", otherwise it's partial content.
* Therefore Mail API doesn't check for the existence of the "to", and doesn't get the email from settings and substitute that
* index.js now has a method that adds the notifications. I figured adding those THERE is probably better than individually in every module. It is, as the comments say, can be made extensible
No issue
-remove any existing listeners on the SIGINT event during
the ghost bootstrap process. handles an issue during testing
where node was warning about too many listeners.
Closes#2849
-wire up delete post action in ember admin
-refactor ember modal dialog
-override RESTAdapter.deleteRecord to workaround Ember expecting
an empty response body on DELETEs
Closes#2866
-update slug API to handle users and apps in addition to
posts and tags
-update existing tests
-add new functional tests for slug endpoint on http api
Closes#847
- Added logic to export database to the `core\server\data\` folder prior
to beginning a migration.
- Factored out versioning logic from migration to prevent circular
references
Ref #2699
- Introduce ember data dependency
- Add loadInitializers and refactor most initializers into one combined
- Add Post ember data model
- Refactor generateSlug to use title of post and ghostPaths
- Refactor post controller to not reference model.property everywhere
- Use RESTAdapter for posts, users and tags
- Setup author and tag relations in Post model
- Fix broken API calls by adding CSRF header
- Add initiaizer for csrf value
- Use actual User model for current user initializer
- Add action for setting featured post, test with actual api call
- Fix the sending of UUID's up to the server
- Refactor current-user to use ember-data store
- If a user is preloaded in the application, use pushPayload to put it
in the store
- Do a lookup on the store to get an actual User model for injection
- Fix posts/post controllerName in route/new.js
- Alter signup process to push user into ember data store
Closes#2601
- Removed slug generation from the post API
- Added new, self-contained slug API
- Fixed slug permissions in the fixtures files
- Added a HTTP route for the new API method
- Added integrational tests
Closes#2798
-fetch full model for active post in Backbone content preview view
-remove unnecessary type check in Models.Post.saving
-add functional tests for all post settings menu actions in editor screen
-add functional tests for all post actions in content preview
screen for posts with and without tags
Closes#2410
- Add signup action that posts to signup endpoint
- Fix nav bar showing on signup page
- Fix image link when a user hasn't set their image yet
- Redirect to the ember/signin page if requesting an ember page
Ran into this will calling the helper from a theme, tried to get the absolute url, but just providing {{url absolute}} wasn't enough. After explicitly adding `=true` it worked.
Ref #2413
- Remove fixture and use actual API
- Store and send down actual logged in user data
- Refactor isLoggedIn to use computed property on application
- After signin, update user data in dependency container
- Add CSRF to all routes and controllers via initializer
- Update authenticated route to check for user.isLoggedIn
- Add notifications for signin error
- Add notifications.showAPIError helper
- Add plumbing for refreshless signup to doSignUp in admin controller
closes#2610, refs #2697
- cleanup API index.js, and add docs
- all API methods take consistent arguments: object & options
- browse, read, destroy take options, edit and add take object and options
- the context is passed as part of options, meaning no more .call
everywhere
- destroy expects an object, rather than an id all the way down to the model layer
- route params such as :id, :slug, and :key are passed as an option & used
to perform reads, updates and deletes where possible - settings / themes
may need work here still
- HTTP posts api can find a post by slug
- Add API utils for checkData
Closes#2738
- Re-introduce the TargetModel.permissable interface check in the
regular permission flow path
- Pass loadedPermissions, hasUserPermission and hasAppPermission to
permissable interface to reduce logic necessary
- Refactor recursive call to pass original arguments but with actual
model
- Refactor canThis(this.user) use in api/posts.js to just canThis(this)
Fixes#2650
* rerouted all mail sending to api/mail
* changed request and response formats to json/api-like structure
* tested with forgotten password and new blog email
closes#2647
- GET method returns { db: [exportedData] }
- POST, DELETE methods return { db: [] }
- 'delete all content' test updated
- Attach 'Content-Disposition' header on DB export for 'Save As' browser dialog
- Add DB API functional test for Export
Ref #2061
- Add canThis permission checks to settings api calls
- Add strict rules about accessing core settings without internal: true
- Omit core settings in browse() call unless internal: true
- Update unit tests to call api.settings with contexts
- Add a couple unit tests for new scenarios
- Update all api.settings calls in the app to call with internal context
- Re-arrange permissions.init in server startup so config.theme.update
can access settings without permissions error
closes#2653
- enforce strict whitelists for model methods
- create a class method that reports a model method's valid options
- create a class method that filters a model's valid attributes from data
- create a class method that filters valid options from a model method's options hash
refs #2606
- Use new API format when updating settings from the client side
- Add additional test to test new API format
- Adjust functional tests to work with the new format
- The API has the BREAD naming for methods
- The model now has findAll, findOne, findPage (where needed), edit, add and destroy, meaning it is similar but with a bit more flexibility
- browse, read, update, create, and delete, which were effectively just aliases, have all been removed.
- added jsDoc for the model methods
closes#2637
- Add new get API route for all notifications
- Wrap API responses to comply with JSON-API
- Add new tests / adjust fixtures
- Adjust all occurences of passive notifications
closes#2643
- added error type
- added error property for validations
- wrapped errors in an array
- returns multiple errors for validation
- updated tests and admin
closes#2635
- add new logic to the api request handler to set a location header
when new objects are created
- added an api context to config.urlFor() to return the root url
- added functional tests for the affected routes
closes#2593
- added new format to user API methods
- changed all places where the user api was used
- updated tests and added more coverage
- little bit of cleanup in utils/api
Closes#2606
- Refactor settings api responses to { settings: [ ] } format
- Update all code using api.settings to handle new response format
- Update test stubs to return new format
- Update client site settings model to parse new format into one object of key/value pairs
- Refactor to include all setting values
- Remove unused settingsCollection method
- Update settingsCache to store all attributes
- Update settingsResult to send all attributes
- Remove unnecessary when() wraps
- Reject if editing a setting that doesn't exist
- Reject earlier if setting key is empty
- Update tests with new error messages
- Use setting.add instead of edit that was incorrectly adding
- Update importer to properly import activePlugins and installedPlugins
- Update expected setting result fields
- Fix a weird situation where hasOwnProperty didn't exist 🤷
closes#2628
- added /view/ route to the editor. if /view/ is appended to
the url of a post being edited a redirect to the frontend
will occur
- updated controller to check for /view/ and built the
correct url for the post
- added test for the new route
closes#1838
- adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect
- adding `urlSSL` option to specify SSL variant of `url`
- using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified
- dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data)
- using `urlSSL` in a "reset password" email, if specified
- adding unit tests to test `forceAdminSSL` and `urlSSL` options
- created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
closes#2609
- added include parameter to api.posts.*
- changed toJSON to omit objects that are not included
- added include parameter to admin
- added include parameter to frontend.js
- updated tests
- removed duplicate code from posts model
**Known Issue:** It is not possible to attach a tag using an ID.
Ref #2059
- Refactor appProxy into class that is instantiated per App
- Check for permissions before doing proxied filter/helper calls
- Add all currently existing api methods, let api check for permissions
- Basic unit tests for filter and helper register/deregister
- Adjusted proxy api method existence unit tests
Closes#1563
- Add new updatedAttributes() functionality to base models
- Update Post.edit(...) to pass along _updatedAttributes values
- Update Post.delete to set statusChanged to true
- Add checking for statusChanged to cacheInvalidationHeader()
- Update route tests that check for cache invalidation header
When setting the Content-Type header for the RSS feeds, the character
set is omitted. However, when running the feed through the
[Feed Validator](http://feedvalidator.org), it became apparent that
there was a problem as the encoding defaults to US-ASCII. See
[RFC 3023](http://www.ietf.org/rfc/rfc3023.txt) for further information
on the default XML charset over HTTP.
I have added a test and simple update to the 'Content-Type' header.
Closes#2608
- added toJSON method override for post model
- in the event no expanded author relation is present the id will be used
- removed author_id from expected response JSON for posts.
- updated integration tests to check for existence or not of author and author_id
Closes#2605
- Change tags browse() response to { tags: [...] }
- Update client side collection to use nested tags document
- Update test references to use response.tags
Closes#2619
- If edit parameter is 'edit' redirect to editor.
- If edit parameter is anything other then undefined redirect to 404.
- Create edit post tests.
- Test redirect without trailing slash.
- Test redirect to editor.
- Test redirect to 404.
closes#2604
- moved ‚pagination‘ to ‚meta‘ property
- added response test for pagination property
- changed ‚next‘ and ‚prev‘ to be set to null and exist on every
response
- removed unnecessary call to API for RSS author
closes#2264
- added permissions check to db, users and posts
- added register method to users
- added doesUserExist method to users
- added user from session to internal calls
- changed permissible to overwrite canThis
- removed action map and action type from permissable method
closes#2058
- fixed apiContext as suggested in the issue
- added user to options object for models
- added api.users.register() for public registration
- changed models to use options.user for created_by, updated_by,
author_id and published_by
- added override to session model to avoid created_by and updated_by
values
- added user (id: 1) to tests
- added user (id: 1) for registration
- added user (id: 1) for import, fixtures and default settings
- added user (id: 1) for user update
- added user (id: 1) for settings update (dbHash, installedApps, update
check)
- updated bookshelf to version 0.6.8
- Handle passing undefined user to canThis
- Add existence check to parseContext if statement
- Add unit test that passes undefined to canThis
- Allow internal canThis() checks
- Allow passing 'internal' or { internal: true } as context
- Do not lookup user permissions unless context.user found
- If context.internal, resolve immediately
- Add unit tests for passing 'internal' and { internal: true }
Progress on #2095
- Add new AppPermissions class with read() method
- has default permissions to read and browse posts
- uses default permissions if no package.json
- uses default permissions if no ghost object in package.json
- errors when reading malformed package.json
- uses ghost.permissions if found in package.json
closes#2138
- Adds new models for AppField and AppSetting
- Removed permitted attributes from App model (handled by base)
- Added reference from Post to AppFields
- Added fixture data to DataGenerator
- Added integration tests for Apps, AppSettings, AppFields
- Added import for Apps
- Added app_fields to default fixtures
- Pass permissions loading to buildObjectTypeHandlers to eliminate
shared state
- Load both app and user permissions to check
- Check app permissions if present
- Create apps table and App model
- Move effectiveUserPermissions to permissions/effective
- Change permissable interface to take context; user and app.
- Add unit tests for app canThis checks and effective permissions
closes#2580
- added new format to post API methods
- added post object parsing and wrapping to admin
- removed unused ‚user‘ object from API response
- updated tests
closes#2550
- Added new API module named 'mail'
- Added routes for the mail endpoint
- Added 'send a test email' button to the debug settigns page
- Added handler to this button which sends and AJAX request to the mail API endpoint
closes#2563
- build path relative to imagesPath (which contains the custom content path)
instead of appRoot
- added test for custom content path
- added logic to tests for Windows url building to handle cases where Windows
functionality is being tested on a unix operating system
closes#2442, issue #2182
- Server start refactored - messaging is just messaging, deferred resolves the httpserver so that the connection can be closed
- Updated travis config to set node env
- Updated example config to be less travis-specific
- Route tests updated to use this new functionality
- Grunt test-routes simplified
Closes#2513
- Checks for property `error.hbs` on active theme
- Added unit test to ensure `error` view is rendered when activeTheme has
a custom error template.
- Removed unused variable, `userErrorTemplatePath` from errorHandler
- Refactored errorHandler.`updateActiveTheme` to take one argument, the new active theme, and to then check if the active theme has an error.hbs
- Changed errorHandler unit test to use rewire for mocking config.
closes#2261
- reserved 'feed' in the list of reserved keywords for slugs
- added a 301 redirect from /feed/ to /rss/
- added a route test, and realised that standard express redirects don't get the right headers
- fixed the headers across all 301 redirects & added tests for the admin redirects
- removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/
fixes#2480
- when the santisation of a slug results in an empty string, we use a basename instead.
- this was 'post' and is now the table name for the model, minus the trailing 's'
- this isn't massively robust but works as a temporary fix
closes#2148
- Added core/server/xmlrpc.js
- Hook into post::saved to ping when a published post gets saved
- Added node package to hook into http requests
issue #2312
- The typography extension is still interfering in HTML blocks, reference style links and other bits and pieces it probably shouldn't be :(
- We'll add it back when it's ready.
fixes#2385
- stolen the CM shim from js-bin
- if we're on a touchscreen device, don't use CM
- if we're on a touchscreen device, show a coming soon message for uploads
fixes#2075
- Updates knex to latest version
- Fixes expected value in page test
- Change fixture insertion to be sequential
- Add orderBy to insertMorePostsTags fixture helper
no issue
- this ports over screens from old admin to
allow people to begin working on aspects of the screen
- All logged out screens have been imported: Signup, Signin,
Forgotten password, reset password
- Those screens are now ready for behavior to be ported over
- This also updates templates to be more in line with how they were
in the old admin
- Littered through the code are @TODO comments of functionality that is
missing and will need to be resolved before this is production ready
- Also scaffolds out the settings screen and every tab
Closes#2276
- Adds the images to `core/client/assets/img`
- Adds css with ember hacks to `core/client/assets/css`
- Configures middleware to provide assets as static files at url `/ghost/ember`
- Adds ember option to assets helper
- Modifies default-ember.hbs to use ember option on asset helper
- Remove inline style definition in editor.hbs
- Modifies .gitignore to include ember-hacks.css (in ignored `core/client/assets/css` folder)
closes#2260
- added routes for /tag/:slug/rss and /tag/:slug/rss/:page
- added support for tag in the rss controller
- added route tests for each extra case
- fixing a tiny typo in some test descriptions
hooking into when ghost has finished loading
addresses item 9 in #2078
and makes progress on #2182
- has files that startup ghost return a promise
that is resolved once ghost has finished loading
- moves getSocket into config file
- removes models.reset() as it's not used anywhere
- update functions in server startup
- remove unused version hash variable
issue #2305
- changed validation for 'page' to expect '0' or '1', rather than 'true' or
'false'
- Added a 'can change a post to static page' test
- Added a 'can change a static page to a post' test
Closes#1379
- Convert to new api usage for both server-side and client-side
- Provide way require a negative response for boolean methods in
default-settings.json
- Add field validation functional tests
- Settings (General)
- Title length validation
- Description length validation
- postsPerPage, numeric, min, max
- Settings (User)
- Bio Length validation
- Location length validation
- Url validation
- Login
- Email validation
- Editor
- Title required validation
fixes#2272
- Remove libraries from shared/vendor
- Remove libraries from client/assets/vendor
- Add bower to package.json and postinstall
- Add bower.json with dependencies
- Add scripts from bower_components to concat/uglify
- Fix tests
- Serve jquery from /ghost/built/theme/
closes#2328
- added check for tag in coreHelpers.meta_title and use if set
- added test for correct title on tag pages
Rewritting to tag - blogtitle based on comments from PR
first 10 % of #2124
- added initial version of JSON API tests
- renamed error.errorCode to error.code
- renamed tags.all to tags.browse for consistency
- Pass in messages to each method so they are not shared
- Export each method for calling individually
- Update reference to default export of require-tree
- Add default values for messages if not passed in
Closes#2083
* Added hbs template for apps listing
* Added settings to read the activeApps
* Added viewcontrol to activate / deactivate apps
* Added API handler to store activeApps (by `name` in the `package.json` file)
* On button click it turns the button into "Working" and changes class to `button` (grey one)
* On success, rerenders the pane, adds success notification about apps being saved
* On error, rerenders the pane, adds error notification with error message
Missing:
* tests: couldn't figure out how to add mock apps with mock package.json data
* actually registering, etc, re #2140
* icon from the sidebar
no issue
There seemed to be no convention or order to the functions in the admin controller, so I have:
- organised them
- reordered them
- added a small doc-block
- reordered some routes
- updated tests accordingly
This change is needed because the previous default of the user's email
address is too often mismatched against the site domain, triggering spam filters.
Fixes#2145
- added `fromAddress()` to GhostMailer to handle this logic
- added unit tests to `mail_spec.js`
fixes#1969
- creates new ./server/helpers/tempalte.js method
which returns the correct view to use when rendering
- updates fronted controller to check if a custom page template
exists and if so then uses that to render the static page
- adds additional class name to body_class helper when
a custom page template is being rendered
- adds tests to address all new features
adds support for outputting error message during a failed JSON.parse
This will help people identify the problem with their JSON source
and hopefully be able to aid them in resolving said issue.
#closes #1655
- removed models as parameter for bookshelf-session
- changed to read permittedAttributes from schema.js
- changed updateTags to be executed at saved event
- added validate to execute after saving event
- added test for published_at = null (see #2015)
- fixed typo in general.hbs
fixes#2111
- modified Post model to support a tag query
param that will filter the desired post collection
to only include posts that contain the requested tag
- in the updated Post model it includes the Tag model
under a nested object called 'aspects'
- added tests for updated Post model, updating
test utils to add more posts_tags relations
- adds two new routes to frontend,
one for initial tag page,
another to page that tag page
- for tag pages the array of posts
is exposed to the view similarly
to the homepeage
- on the tag view page the information
for the tag is also accessible
for further theme usage
- the tag view page supports a hierarchy of
views, it'll first attempt to use a tag.hbs
file if it exists, otherwise fall back
to the default index.hbs file
- modified pageUrl and pagination helper
to have it be compatible with tag paging
- added unit tests for frontend controller
- added unit tests for handlebar helper modifications
- add functional tests for new tag routes
closes#2171
- added authentication middleware
- removed authentication from routes
- moved authentication before CSRF validation
- moved caching rules before authentication
- changed/added test
Closes#2081
* Amended require-tree to populate availableThemes and availablePlugins to use full file names (`basename.ext`) as keys instead of just basename. This way `image.jpg`, `image.png`, `image.gif` won't overwrite the `image` key.
* Amended require-tree to allow package.json file parsing to return the contents of the file as json on the `package.json` key.
* settings api populates theme data `package` if it exists. Otherwise it assigns `false` to it
* `general.hbs` (salute) was reworked to if there is the package key on the theme is not false, it will use the `name` and `version` keys of that. You can break it by not having a `name` or `version` in the package.json file.
* Added error and warning messages for package.json file parse errors and misses
fixes#2112
refs #1833
- modified config.urlFor to handle tag pages
- modified {{#tags}} handlebars helper to autolink to
tag pages. Additional autolink="false" parameter can
be used to deactivate autolinking
- modified url handlebars helper to handle tags
- added isTag function to schema
- added unit test for additional urlFor functionality
- added unit test for {{#tags}} helper modifications
- added unit test for url handlebards helper
fixes#2057
- uses express’ Route object to create RegExp’s
that we use to check the incoming path
- refactored structure of fronted controller single
tests to be easier to read
- amend regex to incorporate new allowed permalink
structure
