Commit Graph

434 Commits

Author SHA1 Message Date
Sebastian Gierlinger
28871d3f4d Merge pull request #5978 from ErisDS/filter-param
Add the filter parameter
2015-10-22 16:42:13 +02:00
Sebastian Gierlinger
f48dfb09cf Public API
refs #4180
closes #4181
- added client and user authentication
- added authenticatePublic/authenticatePrivate as workaround for
missing permissions
- added domain validation
- added CORS header for valid clients
- merged authenticate.js and client-auth.js into auth.js
- removed middleware/api-error-handlers.js
- removed authentication middleware
- added and updated tests
2015-10-22 15:28:47 +02:00
Hannah Wolfe
b5cebb9ec6 Add filter parameter using GQL
refs #5604, refs #5463

- deps: ghost-gql@0.0.2
- adds code to wire up the filtering to a paginated query
- updated pagination plugin count query to use 'distinct' so it's more robust
- rename paginationUtils.query to addLimitAndOffset to be more explicit and make the code clearer
- add a new 'advanced browsing spec' set of tests for tracking these features as they are built out
2015-10-22 11:29:05 +01:00
cobbspur
372907890f Remove invalid fields prior to fetch
closes #5601

- Remove invalid fields prior to fetch
- Adds initial tests for fields
2015-10-21 18:20:09 +01:00
vdemedes
20fec74c73 Refactor require-tree and split it into models
closes #5492
- remove core/server/require-tree.js and split it into modules
- add read-directory module to recursively read directories
- add validate-themes module to scan themes and return errors/warnings
- add parse-package-json module to parse json and validate requirements
- rewrite core/server/models/index.js to manually require models
2015-10-12 17:48:37 +02:00
Oliver Schneider
13adaec6e7 fix for page deletion not updating sitemap-page.xml
closes #5913

Sitemap deletion is based on the page.unpublished event. The previous
logic was always sending post.unpublished instead. If page or post
event is triggered is based on the ‘page’ attribute of the model. When
the destroyed handler all attributes are already cleared from the model
which makes this logic always fall back to post.

The fix is to move to the destroying event which still has all the
model values in place.
2015-10-12 09:26:26 +02:00
Hannah Wolfe
0764c775a7 Revert to using findAll for internal tools
refs #5909, #4577

- removes accidental '.only' which was hiding issues with the findAll changes
- deleteAllContent and importer still need to use a hard 'findAll' as findPage({limit: 'all'}) doesn't have the same behaviour
2015-10-10 17:07:10 +01:00
Delgermurun
a501711e71 Remove findAll from models that has findPage
closes #4577
- removed findAll from Post and User
- refactored deleteAllContent and data importer
2015-10-02 18:01:35 +08:00
Hannah Wolfe
0462607296 Don't allow published_by override
- published_by should be set by business logic, rather than by users

Credits: An anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure program
2015-09-25 17:44:49 +01:00
cobbspur
c0b5de6e81 Fix handling of slugs on import
closes Issue #5812

- pass importing property through to utils
- fix safeString method for imports
2015-09-23 17:41:44 +01:00
Hannah Wolfe
a3f107da8e Maintain tag order for posts
refs #5727, #5602

- Add new 'order' column to posts_tags table
- Migrate all existing posts_tags to have a correct value for 'order'
- Rewrite updateTags to not remove all tags, and to correctly maintain order
- Add transaction support for tag operations
- Many tests
2015-09-02 16:39:34 +01:00
Hannah Wolfe
6926e20478 Fix upgrade path from really old versions
closes #5692, refs felixrieseberg/Ghost-Azure#1

- fix broken promise code
- fix incorrect handling of hash in user.add which causes 'Error: Invalid salt version 2' if owner user fixture is not present
2015-09-02 16:39:13 +01:00
Hannah Wolfe
114696f7e2 Change type for private blog settings
refs #5614 and #5503

- update private blog type, including update to settings.edit
- switch order of populate settings & update fixtures + populate all settings

Private blog settings should not be returned by public endpoints
therefore they need a type which is not `blog` or `theme`.
`core` doesn't suit either, as those settings don't usually have UI
To resolve this, I created a new type `private` which can be used
for any setting which has a UI but should not be public data
2015-09-02 13:39:23 +01:00
Sebastian Gierlinger
52e35a282b Add table columns for OAuth
closes #4174
- added trusted domains
- removed unique constraint from secret
2015-09-02 13:39:22 +01:00
Hannah Wolfe
e9a96816ac Adding 'fields' param for browse requests
refs #5601, #5463, #5343

- adds rudimentary support for a 'fields' parameter on browse requests
2015-08-28 19:08:22 +01:00
Hannah Wolfe
16407b41ee Merge pull request #5655 from sebgie/extract-permissions
Refactor handlePermissions
2015-08-11 19:32:20 +01:00
Sebastian Gierlinger
44622d943d Refactor handlePermissions
no issue
- extract handlePermissions to utils
- added NoPermissionError when canThis() rejects
- omitted users.js because it uses special permission handling
2015-08-11 16:03:57 +02:00
Sebastian Gierlinger
9376bdf699 Merge pull request #5646 from ErisDS/issue-5150-nextprev
Next/Prev Post helpers include author & tags
2015-08-11 15:46:23 +02:00
Hannah Wolfe
026e3de597 Merge pull request #5640 from cobbspur/errors
Fix server errors for signin
2015-08-10 13:20:53 +01:00
cobbspur
69d020ce44 Fix signin errors
refs #5635

- fixes format for server errors
- changes signin-api validation errors to be text rather than alerts
2015-08-10 12:26:45 +01:00
Hannah Wolfe
a00eace849 Next/Prev Post helpers include author & tags
closes #5150

- Post API understands next.author, next.tags, previous.author and previous.tags
- Post Read request filters out those properties and does the right thing with them
- Prev/Next post helpers send extra include properties
- Tests updated
2015-08-10 08:58:25 +01:00
Hannah Wolfe
8d89c3e5ab Fix pagination for tags with post_count
closes #5551

- adds new test fixture generator and tests for tag pagination
- changes how post_count is added to use a select subquery rather than a join
2015-08-09 18:59:58 +01:00
cobbspur
870d6af066 Fix API query for featured posts
No Issue

- fixes bug where featured: false was not being built into query
- adds tests
2015-07-29 02:42:08 +01:00
Hannah Wolfe
a0ee69d365 Merge pull request #5591 from halfdan/fix/5573
Do not serialize toJSON to get published_at
2015-07-21 16:54:24 +01:00
Fabian Becker
ed0854d770 Do not serialize toJSON to get published_at 2015-07-21 00:38:55 +02:00
Fabian Becker
4500b14989 Use previousAttributes when model is destroyed
fixes #5589
2015-07-20 14:41:40 +02:00
Hannah Wolfe
76ebdfd4f9 Merge pull request #5539 from jomahoney/owner-perm
Changed admin permissions so Owner role only editable by itself
2015-07-11 11:33:17 +01:00
John O'Mahoney
bce5483ef3 Changed admin permissions so Owner role only editable by itself
closes #5521
- Added test for admin rejection of owner edit
- Added specific permissions so admins can edit Admin, Editor and Author
  roles
2015-07-10 20:46:00 +01:00
Rem Zolotykh
9323abbb44 Refactor changePassword and resetPassword
issue #5500
- make `changePassword` and `resetPassword` methods on `user` model
  consistent: use `object` and `options` arguments instead of multiple
  different arguments
- change User API `changePassword` method to use these new arguments
2015-07-07 22:03:17 +02:00
Sebastian Gierlinger
64e20735a3 Merge pull request #5491 from ErisDS/issue-5490-no-post-url
Add event handling to pagination plugin
2015-06-29 11:44:22 +02:00
Hannah Wolfe
4772e38521 Add event handling to pagination plugin
closes #5490

- use same event handling pattern as fetchAll
- add support for `fetching:collection` to post model
- add tests to check that url is fetched via findAll and findPage
2015-06-26 22:56:03 +01:00
Hannah Wolfe
f6322da4c9 Use extends correctly & consistently
- extends clobbers the first argument you pass to it, so that should not be a variable that is used elsewhere, if you're also assigning the value, as it will have unintended side effects.
2015-06-25 19:56:27 +01:00
Hannah Wolfe
b3f4beade8 Merge pull request #5471 from kowsheek/5370-settings-model-events
Add events to settings model
2015-06-25 11:08:51 +01:00
Hannah Wolfe
7705e30995 Use 'author' for relation instead of 'author_id'
- this clears a todo in the codebase & gets rid of a few lines of unnecessary code
2015-06-24 10:00:24 +01:00
Kowsheek Mahmood
68d1feb8c5 Add events to settings model
closes #5370
- Add settings key in the event emission
- Update settings spec to test for events emitted with settings key
2015-06-23 14:33:08 +06:00
Hannah Wolfe
7761873db7 Abstract findPage & add pagination Bookshelf plugin
closes #2896

- move default options / custom code into model functions
- move most of the filtering logic into base/utils.filtering (to be relocated)
- move the remainder of findPage back into base/index.js and remove from posts/users&tags
- move pagination-specific logic to a separate 'plugin' file
- pagination provides new fetchPage function, similar to fetchAll but handling pagination
- findPage model method uses fetchPage
- plugin is fully unit-tested and documented
2015-06-22 10:20:47 +01:00
Sebastian Gierlinger
f79a4f336b Merge pull request #5432 from ErisDS/api-pagination2
Refactor pagination count query
2015-06-17 15:35:18 +02:00
Kowsheek Mahmood
33e241ab4e Add events to settings model
issue #5370
- Add emit method to settings model
- Update settings spec to test for events emitted
- Fix formatting on tags spec
2015-06-16 23:57:52 +06:00
Hannah Wolfe
4cd2865021 Refactor pagination count query
refs #2896

- remove duplicate query-building code
- use the same approach for creating the count query from the main query
- restructure the code to match more closely across the 3 findPage functions (prep for further refactoring)
2015-06-15 19:24:47 +01:00
Hannah Wolfe
16f98ee80b Move pagination formatting into a util
refs #2896

- moves repeated code out of models
- creates a new file for unit-testable code (this should be moved in future)
- adds a default for `page` as that seems sensible
- adds 100% test coverage for the new file
2015-06-15 16:46:42 +01:00
Hannah Wolfe
177cdf1eb1 Misc cleanup: moving files & naming functions 2015-06-15 09:43:19 +01:00
Hannah Wolfe
5e0cc1ae10 Merge pull request #4783 from claydiffrient/master
Makes most special characters be replaced with a dash
2015-06-04 11:54:23 +01:00
Hannah Wolfe
3ccf549ea7 Merge pull request #5260 from cobbspur/owner
Prevent multiple owner creation via importer
2015-05-21 16:03:31 +01:00
cobbspur
261a862da1 Prevent multiple owner creation via importer
closes #4778

 - If import contains an owner that does not match original owner they are downgraded to admin
 - Change error message for locked users to more generic message to account for imported users
 - Adds duplicated user test
 - Process Roles and maps import roles to db roles
 - reduces export files in test fixtures

temp commit
2015-05-15 10:12:30 +01:00
Clay Diffrient
673293575a Makes most special characters be replaced with a dash
closes #4782
- Still achieves the same goal of stripping out reserved characters
- Changes from removal to replacement
- This helps word separators from being removed
- Apostrophes (') are unaffected
2015-05-14 13:00:43 -06:00
Adrian Estrada
107c9602c1 API: Adding featured filter option to posts.browse
Closes #5152
- Adds `featured` filter option to posts.browse method modifying the model to take it too
2015-05-13 16:18:50 -05:00
Jason Williams
dae66d00be Upgrade grunt-jscs to fix whitespace linting.
No issue.
- grunt-jscs@1.8.0
- Fix formatting
2015-04-30 16:14:19 -05:00
Hannah Wolfe
32125c2f46 Filter options passed to toJSON
fixes #5177

- we now pass API/model options directly to toJSON, which is unsafe as these options haven't always been filtered before they are passed.
- this fix adds a filter so that toJSON only uses the options it needs
- additionally, rename the 'name' option to something more specific to prevent clashes
2015-04-22 20:20:27 +01:00
Hannah Wolfe
e26e83d40a Refactor to remove author.email from API
refs #2330

- Pass through `options` to all toJSON calls on posts, tags, and users
- Use options.context.user to determine whether it's OK to return user.email
- Remove author.email handling code from frontend.js
2015-04-17 22:27:04 +01:00
Hannah Wolfe
196bbfce18 Refactor sitemaps to use centralised events
fixes #5104, refs #4348, #2263

- Create a centralised event module
- Hook it up for posts, pages, tags and users
- Use it in sitemaps instead of direct method calls
- Use it for xmlrpc calls
- Check events are fired in model tests
- Update sitemap tests to work with new code
- Fix a bug where invited users were appearing in sitemaps
- Move sitemaps and xmlrpc into a directory together
2015-04-05 19:32:18 +01:00
baogechen
351298b83b Add parent call in user.format to fix dateTime
closes #5066

- fix a problem that user model will fail to save if mysql has option of
STRICT_TRANS_TABLES
- add a parent call in user.format override function, which should fix
dateTime format before user saved.
2015-04-03 20:04:19 +01:00
Hannah Wolfe
1db59e12ee Move showdown extensions to ghost-showdown
no issue

- We already maintain our own fork of showdown, this moves our custom extensions to our fork
- Code duplication is removed
- Tests are also moved to the other repo
2015-03-17 20:18:08 +00:00
Matt Enlow
e3fc748e92 Merge pull request #4986 from ErisDS/notification-fix
More serverside notificaiton HTML fixes
2015-03-03 14:13:04 -07:00
Hannah Wolfe
b7a80eb5fd Users should get 5 password attempts
closes #4987
2015-03-03 20:23:04 +00:00
Hannah Wolfe
884d766afe More serverside notificaiton HTML fixes
refs #4964, #4969
2015-03-03 19:57:27 +00:00
Hannah Wolfe
0e80d77100 Only import can override published_by
no issue

- published_by should be set to the current user, unless we are in import mode

Credits: Matteo Beccaro
2015-02-28 16:27:30 +00:00
Jason Williams
7578d674ae Fixup finding user by role name
No Issue.
- Build up query object to lookup a user by the name of a role.  Return
  user with "roles" objects included.
- Add test for findOne by role.
2015-01-20 18:31:17 +00:00
Jason Williams
aee472eb65 Check all users when generating slug
No Issue
- Set 'status: all` when calling generateSlug from the user model
  so that all user slugs are checked for duplicates instead of
  only active users.
2015-01-16 06:56:53 +00:00
Sebastian Gierlinger
023a37b074 Merge pull request #4772 from ekulabuhov/4262_NextPrevPostWIP
[API] Retrieve next and previous post
2015-01-14 10:32:07 +01:00
Eugene Kulabuhov
0e2709c42f [API] Retrieve next and previous post
closes #4262
- implementation based on #1545
- added integration test. Modified mocked posts because code requires published_at timestamps to be different.
- fixed 2 broken tests that depended on mocked posts to have "new Date()" as their timestamps
- added checks to only query db if next/previous post requested
2015-01-13 12:49:16 +00:00
Jeremiah Hoyet
bbe3ceb025 Fixed issue where Gravatars with rating higher than G would cause a 404 error.
closes #4770
- Check for Gravatar now allows the highest rating for images
- Defaults to silhouette in the event a user deletes their Gravatar
- Allows highest rating for Gravatars (x), since Ghost should have no opinion on image ratings.
2015-01-08 19:34:28 -05:00
Jason Williams
633cf1385a Run tag add operations in sequence
Closes #4697
- Run tag add operations in sequence instead of in parallel
  since generateSlug will hand out duplicate slugs until one of
  them is committed to the database.
- Add test.
- Misc cleanup of method parameter names and jshint hints.
2014-12-22 00:41:10 +00:00
Jason Williams
591fa349aa Finish up post count support in tags API
Refs #4521
- Handle 'include' query param in tags API.
- Add post_count support when fetching a tag with findOne.
- Remove post_count from options.include after processing.
- Extra database query no longer used to fetch post_count.
2014-12-19 21:46:34 +00:00
Hannah Wolfe
6af0b83b7c Merge pull request #4670 from jaswilli/model-opt
Optimize model class methods
2014-12-19 21:19:01 +00:00
Hannah Wolfe
e6227e7a24 Merge pull request #4674 from delgermurun/post-sort
Add 'id' to post sort fields. So there is no longer equally sorted posts.
2014-12-19 21:05:45 +00:00
Jason Williams
5c6d45f258 Optimize model class methods
No Issue
- Reorder promise chains to defer database queries until they
  are needed.
- Execute database queries that are not dependent on each other in
  parallel instead of sequentially.
- Reduce the number of variables used to hold state across multiple
  promise blocks.
- Do not go async unless necessary.
2014-12-19 00:54:22 +00:00
Eugene Kulabuhov
539accf69f [API] Return post count for each tag
closes #4521
- if '?include=post_count' present, query db for tag/post_count information
  and append it to returned JSON
- fixed linter errors
- added integration test
- parsing to int as knex (or PostGres driver) is returning bigint as strings
- iterating through a smaller collection to avoid exception
2014-12-18 23:54:18 +00:00
Delgermurun
afdb3a948d Add 'id' to post sort fields. So there is no longer equally sorted posts.
closes #4648
- Add id to order by fields on posts API
- Order by id on posts controller
2014-12-18 11:34:26 +08:00
Sebastian Gierlinger
40c78493a3 Password change MU
closes #4624
- added user_id to password reset request
- hide old password field
- updated changePassword method to check permissions
- updated changePassword method to work without oldPassword
- fixed bug for errors shown as [Object object]
2014-12-11 21:23:07 +01:00
cobbspur
cd5d87ddf2 Return computed url with post object
closes #4445

- post model gets permalink format
- post model queries urlPathForPost to return computed url
- url helper modified to use post url
- urlForPost method abolished and replaced where necessary
- updated tests
2014-12-10 17:23:02 +00:00
Sebastian Gierlinger
0b2541b19f Merge pull request #4575 from ErisDS/highlight
Adds markdown highlight support
2014-12-04 15:00:01 +01:00
Hannah Wolfe
9783f16e76 Adds markdown highlight support
closes #4574

- adds highlight showdown extension with tests
2014-12-04 13:37:29 +00:00
Sebastian Gierlinger
319887c77b Merge pull request #4573 from ErisDS/limit-all-sitemaps
Add limit=all consistently to users, posts & tags
2014-12-04 09:45:33 +01:00
Hannah Wolfe
9b146e59bb Add limit=all consistently to users, posts & tags
refs #623, #4348

- this fixes sitemaps to list all posts, pages, tags and users
- makes the API behave consistently across all paginated resources
2014-12-03 18:46:26 +00:00
Hannah Wolfe
13757041d9 Merge pull request #4270 from mispy/footnotes2
Footnotes extension for Showdown
2014-12-03 13:38:47 +00:00
Sebastian Gierlinger
9b8141bb08 Merge pull request #4530 from ErisDS/issue-4498
API - no more m-2-m relation ids by default
2014-12-02 20:49:47 +01:00
Hannah Wolfe
4cb909542a API - no more m-2-m relation ids by default
closes #4498

- remove toJSON code which returns only IDs from objects
- don't auto-include tags & fields in post responses
- don't auto-include roles in user responses
- fix #allthethings that made assumptions about the auto-includes, or otherwise were only working because of the auto-include
2014-12-02 19:24:44 +00:00
Hannah Wolfe
c06e649ab1 Merge pull request #4554 from sebgie/issue#3872
URL safe base64 encoding
2014-12-01 16:56:14 +00:00
Sebastian Gierlinger
9ddabffa10 URL safe base64 encoding
closes #3872
- updated base64 escaping to respect + and \
- updated base64 escaping to remove = during transport
- updated tests
2014-12-01 16:59:49 +01:00
Jacob Gable
2cfa18475a Generate sitemap files
Closes #623

- Add basic init and eventing scaffold
- Add sitemap-index.xml generation
- Broke out generators to individual files, added request handler
- Add page, author and tag xml files; add index mapping
- Add SiteMapManager unit tests
- Add Generators tests
- Cache invalidation headers for sitemap-*.xml
- Redirect sitemap.xml to index and rename to sitemap-index
- Handle page convert and publish/draft changes
- Add very basic functional test for route existence
- Add cache headers to sitemap routes
2014-11-30 10:49:45 -08:00
sanddudu
904727a927 Fix gravatarLookup method
Closes #4511
- Add missing "return"
- Fix error handling
2014-11-25 21:30:53 +08:00
Hugo Jobling
11a0f01e25 Make tokens URL safe
Base64 encoding causes some issues when the token is URL encoded
as the = symbol is not a valid URL character. We replace any =
symbols with a - as this is valid in a URL, but is guaranteed
not to appear in a base64 string. This fix ensures that Ghost
password resets work with mail providers such as Mailgun that
add their own tracking redirects

closes #3872 (for real this time)
2014-11-20 11:38:43 +00:00
Hannah Wolfe
1079ef8aeb Merge pull request #4466 from VictorVation/url-validation
Improve validation for user.website
2014-11-17 15:43:25 +00:00
Jason Williams
da095ba551 Merge pull request #4436 from mattiascibien/issue-4232
Do not eagerly fetch relations in when finding all posts
2014-11-17 09:36:42 -06:00
Victor Szeto
2e8e2ce367 Improve validation for user.website
closes #4444
- validate URL without protocol in server and client
- when saving url, add `http://` if the url doesn't have a protocol
2014-11-17 00:40:43 -05:00
Jason Williams
15fe121490 Fix gravatar request url.
Refs #4367
- 'http:' was accidentally left out when passing the gravatar
  URL into request, and request requires the full scheme to be present.
2014-11-16 04:33:33 +00:00
Hannah Wolfe
d3f70e3b24 Update showdown to showdown-ghost 0.3.4
closes #2675

- update showdown to the newly published showdown-ghost module which has a fix for the lack of language support in codeblocks
2014-11-15 16:37:35 +00:00
Sebastian Gierlinger
819a978192 Merge pull request #4406 from RaoHai/tag-endpoints
full BREAD Tag endpoints and Tag api tests
2014-11-13 19:25:36 +01:00
Mattias Cibien
8997cd0ffc Do not eagerly fetch relations in when finding all posts
fixes #4232
- do not fetch tags and fields relations in post.findAll()
2014-11-13 11:01:28 +01:00
Jason Williams
a2e670cb0b Merge pull request #4320 from felixrieseberg/iss4235
Work with case-sensitive email addresses
2014-11-12 19:35:38 -06:00
Felix Rieseberg
af1d2201b0 Work with case-sensitive email addresses
Closes #4235
2014-11-12 17:18:53 -08:00
surgesoft
d9643ed2f4 full BREAD Tag endpoints and Tag api tests
close #4263
- implemented full BREAD Tag API
- deleting a tag will also detach its relations to posts
- tests of Tag API
2014-11-13 00:44:36 +08:00
Jaiden Mispy
31eea94b18 Add footnotes extension to showdown
refs 1318
- based on Markdown Extra https://michelf.ca/projects/php-markdown/extra/
- allows [^n] for automatic numbering based on sequence
2014-11-11 19:24:04 +11:00
Jason Williams
8249d88cdd Timeout after two seconds on gravatar lookup.
Refs #4277
- Switch from the built-in http module to request and set
  a timeout of 2 seconds on gravatar lookup requests.
- Move request package from devDependencies to dependencies.
2014-10-30 20:01:11 +00:00
Hannah Wolfe
d44a97405b Merge pull request #4220 from felixrieseberg/iss4211
Shorter user slugs (if possible)
2014-10-16 21:23:50 +03:00
Jason Williams
696fbaaee4 Follow symlinks when resolving theme paths.
Closes #4225
- If a theme is symlinked in the themes directory, follow
  the symlink so that the theme object is populated correctly.
- Only do the fallback loading of theme data in the validations
  module if it doesn't exist in config.
2014-10-02 13:37:18 +00:00
Felix Rieseberg
0025f3d6de Shorter user slugs (if possible)
Closes #4211
2014-10-01 23:27:21 +02:00
Fabian Becker
2c3abeee03 Naming cleanup
closes #4069
- Rename everything from camelCase to lowercase + dashes
- Remove usage of `server`, `app` and `instance`
2014-09-20 21:09:16 +02:00
Fabian Becker
c9b0df752f Cleanup reserved words in generateSlug
closes #1889
- Adds a new filter for slugs
- Move slugs to config.slugs
2014-09-18 13:56:51 +02:00
Harry Wolff
469aaa398c Add jscs task to grunt file and clean up files to adhere to jscs rules.
resolves #1920

- updates all files to conform to style settings.
2014-09-17 21:44:29 -04:00
Jason Williams
d93bf82795 Merge pull request #4005 from ErisDS/dbhash-first-run
Fixes the first run messages
2014-09-15 08:28:06 -05:00
Hannah Wolfe
b890f31d98 Fixes the first run messages
no issue

- Whilst testing the mail PR #3915 I noticed the first run messages aren't
  appearing because the dbHash is getting pre-populated, but there doesn't
  appear to be a reason why this is necessary
2014-09-15 09:49:25 +01:00
Hannah Wolfe
5faeb2996b Merge pull request #3874 from morficus/issue-3241
adding config flags to control all items mentioned in PRIVACY.md
2014-09-13 17:23:56 +01:00
Maurice Williams
3583515e44 adding config flags to control all items mentioned in PRIVACY.md
closes #3241
- in config.js, the `privacy` attribute holds all privacy-related flags
- `privacy.userTinfoil: true` disables everything (equivalent to setting all flags to false)
- added helper function to core/server/config/index.js to checking privacy flags
- added helper function to core/server/config/index.js to show warning about deprecated items
2014-09-13 12:04:01 -04:00
Fabian Becker
c684ee5b38 Delete revoked tokens
closes #3758
- new API method to delete access and refresh token
- use new ember-simple-auth config to revoke tokens on logout
- new method to delete tokens by .. token
2014-09-10 20:19:52 +02:00
Jason Williams
35e2387541 Run import run operations in order.
Closes #1977, Refs #3473
- Ensure that import operations are run in sequence.
  Previously the operations were started in order but subsequent
  ops were allowed to begin before the previous finished, which would
  result in out-of-order execution.
- Fix bug in attach() where a model property was being passed in
  instead of a transaction object.  If the call was made when a
  transaction was in process, it could cause bookshelf/knex to
  hang and never finish the transaction.
2014-08-28 00:21:13 +00:00
Hannah Wolfe
74c6a341be Delete tokens before deleting a user
fixes #3750

- Updated tests to create tokens for one user. This caused the tests to
  fail for MySQL exposing the bug.
- Delete user's tokens along with posts
2014-08-23 20:13:17 +01:00
Jason Williams
07ad400ee0 Replace the when promise library with bluebird.
Closes #968
2014-08-23 17:15:40 +00:00
Harry Wolff
5ff2a31ce1 Move Models module to have an init method that sets up all models
resolves #2170

- creates a models.init() function that requires all other model files
and caches them.  This is opposed to the previous functionality where
when you require('./models') it would immediately require all other models.
Now it's done when you want.

- Updates all tests to reflect the new structure of the model module
2014-08-18 15:54:10 -04:00
Hannah Wolfe
5381db37cd Fix for bug where owner user has name owner
no issue

- in the case that the role is not being assigned, the code assumes it doesn't get a role..
2014-08-11 10:51:14 +01:00
Hannah Wolfe
2d2e61676d MU Importer - Assign objects correctly
fixes #3716

- change the importer to not override any user details
- only set published_by if it is not already set
- import users before anything else
- process the import and map user ids to existing users
- test fix - owner should have owner role
- test fix - catch invalid success in importer
2014-08-10 14:49:23 +01:00
Hannah Wolfe
8d46705dbb Disable user validation and errors on login
fixes #3658

- Catch any errors from user.save() events during login
- Prevent validation from happening at all when only updating status/last_login
- Fixes a problem I introduced with errors which are arrays in logError
2014-08-08 13:12:17 +01:00
Fabian Becker
9915fb1268 Fix revoke user invite and user.destroy
fixes #3630
- Extend user adapter in ember to load users with status: all
- Fix user.destroy by loading all users with status: all
2014-08-06 16:48:18 +00:00
Fabian Becker
a2d5105bcc Changing User.read API to default to active users.
refs #3542
- Properly handle forgotten screen (ember)
- Change Users API to only return active users on read
- Adjust tests
2014-08-06 00:30:48 +02:00
Felix Rieseberg
abf251212c Descriptive error if user by mail not found.
closes #3537
- Replaced generic NotFound error with descriptive NotFoundError.
2014-08-01 18:13:33 -07:00
Jason Williams
938b183707 Sanity check page parameter used in findPage
Closes #3510
- Make sure the page parameter is does not overflow the
  integer data type.
- Added tests.
2014-08-01 14:32:38 +00:00
Hannah Wolfe
756368721e Update importer for MU
closes #3285

- remove apps stuff for now
- if there is a single user, behave the same as before, overriding
  non-critical properties of the single owner user
- if there are multiple users, import them like normal resource
2014-07-31 23:14:57 +01:00
Hannah Wolfe
194d45fac6 Merge pull request #3480 from jaswilli/issue-3466
Update user roles in store after owner transfer
2014-07-31 15:39:48 +01:00
Hannah Wolfe
1c3cb1bb6a Merge pull request #3472 from morficus/issue-3401
custom slugging capabilities for individual user pages
2014-07-31 15:36:11 +01:00
Jason Williams
baf9138b27 Update user roles in store after owner transfer
Closes #3466
- Transferring the owner role is now done via a separate
  endpoint and not through Ember-Data.  As a result the
  user role data needs to be updated manually.
- Updated the owner endpoint to return a response body
  containing the updated user objects.
- Updated tests.
2014-07-31 13:41:10 +00:00
Maurice Williams
489cd08d97 custom slugging capabilities for individual user pages
closes #3401
- modifying slug-generator to be more generic
- adding slugging capabilities for /settings/users/:slug
- modified posts to use the updated slug-generator
2014-07-31 08:14:22 -04:00
Hannah Wolfe
eecbdc1693 User edit & add endpoints cleanup
- edit and add endpoints don't assume role
- edit and add endpoints cope with no role, role objects, and strings
- resend user invite was failing at one point due to no role being sent, but this shouldn't be required
- other random api cleanup
2014-07-31 12:37:48 +01:00
Gabor Javorszky
8487dada0b Implement user and related content deletion
Closes #3100

* Introduces `destroyByAuhor`, given a context and an id, it will check if context has permission to delete the user by the id, and then deletes all the content where `author_id` is id, and then deletes the user
* Does multiple checks to make sure user exists
* Added a fixture `posts:mu` that creates 4 users belonging to 4 roles, 50 posts that have authors evenly distributed, 5 tags and all 50 have one tag attached to it, evenly distributed.

Caveats / questions

* Started testing
2014-07-31 03:48:59 +01:00
Hannah Wolfe
5dc457b417 Merge pull request #3443 from halfdan/30850-users-api
Users API advanced browsing
2014-07-30 22:47:55 +01:00
Hannah Wolfe
5d3788ffe6 Merge pull request #3457 from sebgie/issue#3426
Transfer ownership end point
2014-07-30 22:26:42 +01:00
Fabian Becker
d4fdb07d9c Users API advanced browsing
closes #3085
- active and invited include multiple statuses when fetching
- adjusted data generator
2014-07-30 16:59:27 +00:00
Sebastian Gierlinger
ded6aa6ac0 Transfer ownership end point
closes #3426
- added transfer ownership endpoint
- added owner to roles.permissible
- manually removed owner from roles.browse
- removed hard coded author role
- fixed tests that were passing due to hard coded author role
- added testUtils.setup(‚roles‘)
2014-07-30 17:40:30 +02:00
Hannah Wolfe
57a5444335 User API ability to filter users by role
refs #3446

- This only covers the API changes needed for #3446
2014-07-30 15:02:25 +01:00
Jacob Gable
0b34ad84cb Fix lazy loading of settings
Closes #3281

- Add the missing return to populateDefault
- Wrap defaultSetting in [] when passing to readSettingsResult
- Populate default value of dbHash in parseDefaultSettings
- Modify migrations.init to only load databaseVersion for export_spec test
- Fix spacing in test util file and null reference error in test
- Uncomment user tests (but add .skip) and remove settings from testUtils.setup()
2014-07-29 10:43:38 -05:00
Hannah Wolfe
0ffc5e6d47 Improve importer error messaging
closes #3274

- Ensure that validation errors are always handled by moving them into the
  importer
- Ensure that db errors are handled consistently across sqlite and mysql
- Change the errors to be output in a table, with a short failure notification
- Add tests for 003 importing bad files
2014-07-29 12:02:18 +01:00
Maurice Williams
e15fb9ed57 Error when inviting users
fixes #3433
- passing only the role ID when creating a user
- uncommenting test cases
2014-07-29 00:06:40 -04:00
Hannah Wolfe
987e9277dc User edit, add & destroy perms restricted by role
closes #3096, closes #3378, refs #3100

- user.permissible updated to reflect proper permissions
- small amount of API refactoring to handle extra cases
- extensive integration testing
2014-07-28 08:32:04 +01:00
Hannah Wolfe
7714dc6ab1 Adding role API tests & fixing browse
refs #3083, refs #3196
2014-07-28 07:22:06 +01:00
Hannah Wolfe
4e3b21b7da Permissions Improvements
refs #3083, #3096

In order to implement advanced permissions based on roles for specific
actions, we need to know
what role the current context user has and also what action we are
granting permissions for:
- Permissible gets passed the action type
- Effective permissions keeps the user role and eventually passes it to
  permissible
- Fixed spelling
- Still needs tests
2014-07-28 06:29:59 +01:00
Felix Rieseberg
0b39df777b Signin: Proper notification if user not found
closes #3374
- If user object is returned but undefined, we'll display a
human-readable
error notification (user model)
- If user object is returned, but the user is inactive or invited (but
not
activated), we'll display a human-readable error notification
2014-07-24 11:34:52 -04:00
Jason Williams
8a2d50b871 Improve handling of users and roles in admin
Closes #3083 Refs #3229
- Populates the dropdown list in the invite user menu with the
  list of roles a user is permitted to create.
- Users API now checks the invite user request for allowed roles.
- Change API response from 200 to 201 on successful invitation.
- Change API response from 500 to 201 when the user was created but
  the email was not sent.  The client will show a warning notification
  when it sees 'invite-pending' as the new user's status.
- Add support for "?status=all" to the /users endpoint.
- Refactor the route and controller for the /settings/users page so
  that there's only one network API call to load users instead of two.
2014-07-24 14:20:47 +00:00
Sebastian Gierlinger
fa054a8eba Fix incorrect error
closes #3373
- added check if role is already assigned
- added check for unknown fields to fixDates/fixBools
- permissions are not implemented yet, so everyone is able to edit
owner ;-)
2014-07-24 10:17:10 +02:00
Harry Wolff
be37070fb6 This aims to speed up both the ghost application and tests by
migration from usage of config() to just an object of config.

no relevant issue

- Change 'loadConfig' task to 'ensureConfig' to more accurately reflect
what it is actually doing.  Its sole purpose is to make sure a `config.js`
 file exists, and as such the name now reflects that purpose.

- Update config/index.js to export the ghostConfig object directly
so that it can be accessed from other modules

- Update all references of config(). to config.
This was a blind global find all and replace, treat it as such.

- Fixes to tests to support new config access method

- Allow each test to still work when invoked invidually
2014-07-22 22:37:44 -04:00
Jason Williams
739b57e05b Update Users API to handle role objects or ids
Closes #3357
- API method User#edit now handles User objects that have either
  an array of Role ids or objects.
- Fixed error handler notification on upload modal controller.
2014-07-22 05:48:16 +00:00
Hannah Wolfe
dabc780110 Merge pull request #3343 from sebgie/issue#3087
Add edit roles
2014-07-22 01:12:26 +01:00
Sebastian Gierlinger
28b03ec87e Add edit roles
refs #3087
- added ability to edit user/roles relation
- user is not allowed assign roles to himself
- only one role per user is supported atm
- added tests
2014-07-21 22:50:43 +02:00
Hannah Wolfe
c0732292ac Merge pull request #3331 from ErisDS/issue-3076
Author pages
2014-07-21 20:57:06 +01:00
Hannah Wolfe
90880469f6 Merge pull request #3337 from morficus/issue-3222
Pagination on the Users Management screen
2014-07-21 20:34:53 +01:00
Maurice Williams
a8ca517c54 Pagination for Users Management screen
closes #3222
- implementing server-side pagination for /users API
- passing /users?limit=none will return all users
- passing /users?status=invited will filter base on user status
- creating 3 mixins (route, controller and view) to keep pagination logic DRY
- updating route, controller and view for Posts to use new mixing
- implementing infinite scrolling for Users Management screen (using new mixins)
- Users Management screen displays all invited users, but paginates active users
2014-07-21 14:03:26 -04:00
Gabor Javorszky
80f9023020 Added /roles/ API endpoint
Closes #3196

* adds `/roles/` endpoint
* is given the current user as context
* wraps everything in a canthis.browse.role
* gets all the available roles (should "Owner" be filtered out?)
* optional parameter: `permission=assign`. Gets all roles authenticated user could assign
* if we're not signed in, gives a "please sign in" (standard) error
* if we're signed in, but user is not in the context, gives a "there was no user in the context" error
* if the user is an "Author", gives a "there are no available roles to assign" error
* implemented hacky filter because when.js produces heisenbugs past 3.2.3 (when.filter not available)
* added extra fixtures to `permissions.json`. Might need a migration.

Caveats:

* there are no tests
* for some reason the setup functional test was failing for me locally
2014-07-21 15:02:25 +01:00
John O'Nolan
d10771b711 Larger default gravatar images 2014-07-20 18:50:07 +02:00
Hannah Wolfe
2d01e15a18 Author pages
refs #3076

- This is a first draft implementation, just to make it work so that we can get casper working
2014-07-20 17:49:19 +01:00
Hannah Wolfe
5a6af020c5 Model & test cleanup 2014-07-20 09:34:30 +01:00
Hannah Wolfe
82742fc233 Export 003
closes #3284

- ensure token tables aren't exported
- cleanup filename
- failed export throws internal server error
2014-07-19 22:38:21 +01:00
Hannah Wolfe
6e48275160 Extending context concept to models
fixes #3275, fixes #3290, ref #3086, ref #3084

- Ensure that we use the current logged in user and not just user 1 when
- removing hard coded user: 1 except where absolutely necessary
- passing context, rather than user to models
- base model has a new function to determine what id to use for created_by etc
2014-07-18 15:32:56 +01:00