Commit Graph

73 Commits

Author SHA1 Message Date
Waleed Ali
7009d416cb Improve settings error handling
closes #3450
- Added no-permission error handling for settings edit API.
- In Authentication API integration test, updated the initOwnerUser
  function to insert the roles and user_roles for the owner user so the
  owner can edit settings after adding the no-permission error handling. I
  also added the mail send permission to the test since it's used after
  the user edits the settings.
2014-08-06 09:11:50 +01:00
Fabian Becker
a2d5105bcc Changing User.read API to default to active users.
refs #3542
- Properly handle forgotten screen (ember)
- Change Users API to only return active users on read
- Adjust tests
2014-08-06 00:30:48 +02:00
Hannah Wolfe
756368721e Update importer for MU
closes #3285

- remove apps stuff for now
- if there is a single user, behave the same as before, overriding
  non-critical properties of the single owner user
- if there are multiple users, import them like normal resource
2014-07-31 23:14:57 +01:00
Hannah Wolfe
6413337c2f Merge pull request #3425 from jgable/fixImporter
Make importer more robust for tags
2014-07-31 20:52:51 +01:00
Jacob Gable
69b871a754 Make importer more robust for tags
Closes #3242

- Add checks for valid fields in tags and posts
- Add unit test with empty tag export data file
- Add unit test with empty post export data file
2014-07-30 22:33:45 -05:00
Gabor Javorszky
8487dada0b Implement user and related content deletion
Closes #3100

* Introduces `destroyByAuhor`, given a context and an id, it will check if context has permission to delete the user by the id, and then deletes all the content where `author_id` is id, and then deletes the user
* Does multiple checks to make sure user exists
* Added a fixture `posts:mu` that creates 4 users belonging to 4 roles, 50 posts that have authors evenly distributed, 5 tags and all 50 have one tag attached to it, evenly distributed.

Caveats / questions

* Started testing
2014-07-31 03:48:59 +01:00
Hannah Wolfe
5dc457b417 Merge pull request #3443 from halfdan/30850-users-api
Users API advanced browsing
2014-07-30 22:47:55 +01:00
Fabian Becker
d4fdb07d9c Users API advanced browsing
closes #3085
- active and invited include multiple statuses when fetching
- adjusted data generator
2014-07-30 16:59:27 +00:00
Sebastian Gierlinger
ded6aa6ac0 Transfer ownership end point
closes #3426
- added transfer ownership endpoint
- added owner to roles.permissible
- manually removed owner from roles.browse
- removed hard coded author role
- fixed tests that were passing due to hard coded author role
- added testUtils.setup(‚roles‘)
2014-07-30 17:40:30 +02:00
Jacob Gable
0b34ad84cb Fix lazy loading of settings
Closes #3281

- Add the missing return to populateDefault
- Wrap defaultSetting in [] when passing to readSettingsResult
- Populate default value of dbHash in parseDefaultSettings
- Modify migrations.init to only load databaseVersion for export_spec test
- Fix spacing in test util file and null reference error in test
- Uncomment user tests (but add .skip) and remove settings from testUtils.setup()
2014-07-29 10:43:38 -05:00
Hannah Wolfe
0ffc5e6d47 Improve importer error messaging
closes #3274

- Ensure that validation errors are always handled by moving them into the
  importer
- Ensure that db errors are handled consistently across sqlite and mysql
- Change the errors to be output in a table, with a short failure notification
- Add tests for 003 importing bad files
2014-07-29 12:02:18 +01:00
Hannah Wolfe
49660ff703 Test for invite users error
refs #3433
2014-07-29 10:19:02 +01:00
Sebastian Gierlinger
e1c0c5ce98 Change refresh token expiry
no issue
- acquiring a new access token using a refresh token sets the
expiration time of the refresh token to now + 24 hrs.
- moved all occurrences of ONE_HOUR, ONE_DAY and ONE_YEAR to
`core/server/utils`
2014-07-28 15:19:49 +02:00
Hannah Wolfe
987e9277dc User edit, add & destroy perms restricted by role
closes #3096, closes #3378, refs #3100

- user.permissible updated to reflect proper permissions
- small amount of API refactoring to handle extra cases
- extensive integration testing
2014-07-28 08:32:04 +01:00
Hannah Wolfe
7714dc6ab1 Adding role API tests & fixing browse
refs #3083, refs #3196
2014-07-28 07:22:06 +01:00
Hannah Wolfe
e7dc51dc66 Improving error handling 2014-07-28 06:30:01 +01:00
Hannah Wolfe
337713ce63 Refactor fixture use in tests
no issue

- Refactor all integration tests to specify and load ONLY the fixtures
  they require to run, rather than initialising the whole kit-and-kaboodle
  for every single test which takes FOREVER.
- Refactor the route tests to share a doAuth function, and also specify
  additional fixtures required
- Move import and export unit tests, which are actually integration tests
  (they touch the DB)
- Comment out most of the permissions unit tests for now as they need more
  stubs/mocks so as to not touch the DB

Still todo:

- prevent default DB initialisation in route tests, and specify all
  fixtures requires as per the integration tests
- fix up the unit/permissions_spec
2014-07-23 05:04:50 +01:00
Harry Wolff
be37070fb6 This aims to speed up both the ghost application and tests by
migration from usage of config() to just an object of config.

no relevant issue

- Change 'loadConfig' task to 'ensureConfig' to more accurately reflect
what it is actually doing.  Its sole purpose is to make sure a `config.js`
 file exists, and as such the name now reflects that purpose.

- Update config/index.js to export the ghostConfig object directly
so that it can be accessed from other modules

- Update all references of config(). to config.
This was a blind global find all and replace, treat it as such.

- Fixes to tests to support new config access method

- Allow each test to still work when invoked invidually
2014-07-22 22:37:44 -04:00
Sebastian Gierlinger
28b03ec87e Add edit roles
refs #3087
- added ability to edit user/roles relation
- user is not allowed assign roles to himself
- only one role per user is supported atm
- added tests
2014-07-21 22:50:43 +02:00
Maurice Williams
a8ca517c54 Pagination for Users Management screen
closes #3222
- implementing server-side pagination for /users API
- passing /users?limit=none will return all users
- passing /users?status=invited will filter base on user status
- creating 3 mixins (route, controller and view) to keep pagination logic DRY
- updating route, controller and view for Posts to use new mixing
- implementing infinite scrolling for Users Management screen (using new mixins)
- Users Management screen displays all invited users, but paginates active users
2014-07-21 14:03:26 -04:00
Hannah Wolfe
cf9839c71d Integration tests use consistent teardown methods 2014-07-21 13:25:51 +01:00
Hannah Wolfe
8fc1b03ea7 Wrap up schema amends for 003
closes #2600

- adds 2 new columns to tags, for the soon-to-land tag management UI
- fixes validation for the active bool in app_fields
- adds missing return to addColumn command
- cleanup in addTableColumn util
2014-07-18 19:33:36 +01:00
Fabian Becker
5cd5f8cca9 Schema changes for Apps
refs #2465
- Add active field to app_fields
- Adjust data generator for app fields
2014-07-18 12:39:14 +00:00
Hannah Wolfe
ce06ad412a Adding and renaming permissions
refs #3283, refs #2739, refs #3096

- Renames permissions which didn't follow bread
- Adds permissions for notifications, mail and tags

Still todo:

- wire up the new permissions where they are needed
- add permissions for roles
2014-07-17 12:32:25 +01:00
Harry Wolff
25076ab087 Fix slowdown of tests by reverting back to using knex in test/utils 2014-07-10 08:05:03 -04:00
Harry Wolff
cddd23f926 Only reference model properties through the models module.
This frees us up to enforce one single point of access, thus paving
the way towards allowing us to initialize the models at are request,
and not when it's require().

addresses #2170
2014-07-10 08:04:32 -04:00
Sebastian Gierlinger
5e4fae6f11 Add owner fixture
closes #3073
- added fixture for owner role
- added fixture for initial user (new db)
- added conversion administrator -> owner (existing db)
- changed tests to take over owner user
- removed some functional tests until /setup works with owner user
2014-07-10 12:00:51 +02:00
Sebastian Gierlinger
035fb04d34 closes #3197
- added role to user obj (only returned from the user endpoint)
- added `/users/?include=roles` and
`/users/?include=roles,roles.permissions` query parameters
- added and updated tests
2014-07-08 18:00:59 +02:00
Jason Williams
05d199f9b4 Check datatype for date format conversion
Closes #3199
-If datatype is dateTime convert to javascript Date object when
 retrieved from the database.
-Add tests to make sure models and internal API are using Date
 objects for dateTime fields.
-Add tests to make sure the HTTP API is returning ISO 8601
 date strings for dateTime fields.
2014-07-05 19:15:32 +00:00
Kevin Ansfield
7e2e8b3376 Persistent notifications
closes #3057
- add Notification model
- update injected Notifications object to handle persistent notifications
- load server notifications on setup if logged in otherwise on successful sign-in
- changed all existing notifications.closeAll calls to closePassive
- fixed dismissable/dismissible spelling in server API & tests
- add notifications.closeNotification method so DELETE calls can be made for server-originating notifications
2014-07-01 11:36:21 +02:00
Sebastian Gierlinger
c8e8da4780 oAuth
closes #2759
closes #3027

- added oauth2orize library for server side oAuth handling
- added ember-simple-auth library for admin oAuth handling
- added tables for client, accesstoken and refreshtoken
- implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant
- updated api tests with oAuth
- removed session, authentication is now token based

Known issues:
- Restore spam prevention #3128
- Signin after Signup #3125
- Signin validation #3125

**Attention**
- oldClient doesn't work with this PR anymore, session authentication
was
removed
2014-06-30 14:58:10 +02:00
Jason Williams
9a9593536d Update when.js dependency to version 3.2.3 2014-06-16 04:11:22 +00:00
lennerd
bebafdc9a9 Refactore slug API for generating tag and post slugs.
Closes #2601
- Removed slug generation from the post API
- Added new, self-contained slug API
- Fixed slug permissions in the fixtures files
- Added a HTTP route for the new API method
- Added integrational tests
2014-05-26 10:07:05 +02:00
Hannah Wolfe
c02ebb0dcf Refactor API arguments
closes #2610, refs #2697

- cleanup API index.js, and add docs
- all API methods take consistent arguments: object & options
- browse, read, destroy take options, edit and add take object and options
- the context is passed as part of options, meaning no more .call
  everywhere
- destroy expects an object, rather than an id all the way down to the model layer
- route params such as :id, :slug, and :key are passed as an option & used
  to perform reads, updates and deletes where possible - settings / themes
  may need work here still
- HTTP posts api can find a post by slug
- Add API utils for checkData
2014-05-15 10:41:05 +01:00
Fabian Becker
628654961a Implements new Themes JSON API
closes #2592
- Add themes browse/read endpoint
- Add new permissions for themes (only admin by default)
- Add integration tests
2014-05-14 11:23:42 +02:00
Fabian Becker
2a803aecdd Proper endpoints for persistent notifications
closes #2637
- Add new get API route for all notifications
- Wrap API responses to comply with JSON-API
- Add new tests / adjust fixtures
- Adjust all occurences of passive notifications
2014-05-06 00:05:14 +02:00
Hannah Wolfe
f2071eedb2 Move user API to primary document format
closes #2593

- added new format to user API methods
- changed all places where the user api was used
- updated tests and added more coverage
- little bit of cleanup in utils/api
2014-05-02 20:50:44 +01:00
Jacob Gable
7e9880ce8d Settings API Primary Document refactor
Closes #2606

- Refactor settings api responses to { settings: [ ] } format
- Update all code using api.settings to handle new response format
- Update test stubs to return new format
- Update client site settings model to parse new format into one object of key/value pairs
- Refactor to include all setting values
- Remove unused settingsCollection method
- Update settingsCache to store all attributes
- Update settingsResult to send all attributes
- Remove unnecessary when() wraps
- Reject if editing a setting that doesn't exist
- Reject earlier if setting key is empty
- Update tests with new error messages
- Use setting.add instead of edit that was incorrectly adding
- Update importer to properly import activePlugins and installedPlugins
- Update expected setting result fields
- Fix a weird situation where hasOwnProperty didn't exist 🤷
2014-04-30 23:15:27 -05:00
Lev Gimelfarb
a013840503 Support for urlSSL config option and forceAdminSSL 403 response
closes #1838
- adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect
- adding `urlSSL` option to specify SSL variant of `url`
- using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified
- dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data)
- using `urlSSL` in a "reset password" email, if specified
- adding unit tests to test `forceAdminSSL` and `urlSSL` options
- created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
2014-04-27 17:01:49 -04:00
Hannah Wolfe
9bf02c9e8c Merge pull request #2641 from alarobric/feature/2607TagParentRelation
Tag API response to use parent rather than parent_id
2014-04-23 12:47:37 +01:00
Alan Richards
5877e7d211 Tag API response to use parent rather than parent_id
Closes #2607
- added toJSON method to tag model
- parent_id attribute is replaced by parent
- integration tests will expect parent as an attribute
2014-04-22 23:46:53 -07:00
Alan Richards
686aec7ab5 Post API response to use author not author_id
Closes #2608
- added toJSON method override for post model
- in the event no expanded author relation is present the id will be used
- removed author_id from expected response JSON for posts.
- updated integration tests to check for existence or not of author and author_id
2014-04-22 02:13:33 -07:00
Sebastian Gierlinger
32ea948675 Post response move pagination -> meta
closes #2604
- moved ‚pagination‘ to ‚meta‘ property
- added response test for pagination property
- changed ‚next‘ and ‚prev‘ to be set to null and exist on every
response
- removed unnecessary call to API for RSS author
2014-04-19 17:03:20 +02:00
Sebastian Gierlinger
da3630071a Added and fixed permission tests
- fixed test for db functions
- added tests for different users
2014-04-16 18:22:22 +02:00
Sebastian Gierlinger
e47e9c62d0 Add permissions to API
closes #2264
- added permissions check to db, users and posts
- added register method to users
- added doesUserExist method to users
- added user from session to internal calls
- changed permissible to overwrite canThis
- removed action map and action type from permissable method
2014-04-16 18:22:22 +02:00
Fabian Becker
b8e8f63e44 Adds additional fields to apps schema.
fixes #2356
- Adds slug, version and status fields to apps schema
- Added fields to data generator
2014-04-16 18:16:10 +02:00
Fabian Becker
41cef386bc Implements Models & Data API for Apps
closes #2138
- Adds new models for AppField and AppSetting
- Removed permitted attributes from App model (handled by base)
- Added reference from Post to AppFields
- Added fixture data to DataGenerator
- Added integration tests for Apps, AppSettings, AppFields
- Added import for Apps
- Added app_fields to default fixtures
2014-04-16 18:14:56 +02:00
Jacob Gable
9369dd3bf7 Add app permission checking to canThis
- Pass permissions loading to buildObjectTypeHandlers to eliminate
shared state
- Load both app and user permissions to check
- Check app permissions if present
- Create apps table and App model
- Move effectiveUserPermissions to permissions/effective
- Change permissable interface to take context; user and app.
- Add unit tests for app canThis checks and effective permissions
2014-04-16 18:06:39 +02:00
Sebastian Gierlinger
9321289c1d Move post API to primary document format
closes #2580
- added new format to post API methods
- added post object parsing and wrapping to admin
- removed unused ‚user‘ object from API response
- updated tests
2014-04-16 12:09:03 +02:00
surgesoft
e89e38dd4b Refactor the API route tests to use supertest
close #2443
- Refactor API tests from `/core/test/functional/api` to
  `/core/test/functional/routes/api`, using supertest instead of request
- Remove `core/test/functional/api` folder
2014-04-07 15:40:20 +01:00