closes#3765
- Simple API check to ensure that the owner isn’t downgraded to a
different role (analog to the ’can’t change your own role’ check)
- Test added to ensure Owner can't be downgraded to a lower role
Refs #3667, Refs #3776
- If saving a post fails, revert its status back to the
pre-save value.
- Added tests to check post status after failed save attempt
on both new and existing posts.
closes#3667
- If the ‘save’ function on a new post fails, the local Ember model
still beliefs that the status is ‘published’, resulting in wrong
buttons. A simple catch fixes that.
Amends #3736, references #3623
With `button.ghost-logo`, there's no `href`, so cannot be opened in a new window. This changes it back to an anchor and appends the blog URL to a href attribute. Win!
Bumps Ghost-UI version to 0.8.13 bring in related CSS changes.
Closes#3623
- Move hamburger logic to action with terrible name, "toggleSidebarOrGoHome"
- Move ".js-close-sidebar" events to a document.on(event, *selector*, f) to make sure they attach even when the js-close-sidebars aren't on page (ie, hidenav)
fixes#3724
- provide config.url to the ember client app via a data attribute
- create server and client side helpers to output the URL
- wire up the client side helper
- add a class for testing, and add tests for both the server and client side
fixes#3716
- change the importer to not override any user details
- only set published_by if it is not already set
- import users before anything else
- process the import and map user ids to existing users
- test fix - owner should have owner role
- test fix - catch invalid success in importer
closes#3631
- Removed the 'by + setupUser.name' from authentication.js
- Removed the 'by Test User' from feed_test.js
- Added a '.' to the end of each per issue comment example
closes#3450
- Added no-permission error handling for settings edit API.
- In Authentication API integration test, updated the initOwnerUser
function to insert the roles and user_roles for the owner user so the
owner can edit settings after adding the no-permission error handling. I
also added the mail send permission to the test since it's used after
the user edits the settings.
Refs #3473
- Some tests are checking to make sure errors by using a
catch handler on the test. When assertions fail done()
is never called and results in a mocha timeout, which makes
it harder to see the cause of the failure.
closes#3544
- limit forgotten password requests to five requests per IP per hour
for different email addresses
- limit forgotten password requests to five requests per email address
- limit signin requests to ten failed requests per IP per hour
- removed special treatment for tests
Refs #3473
- Change tests to not assume that all inserted fixture data
will end up with the same millisecond-precision time for
results sorting. If a test is set up to check the contents
of a specific fixture extract it explictly from the results.
closes#3468
- added rate limit to deny more than 5 attempt every hour
- updated spam prevention to be configurable
- added config values spamTimeout, ratePeriod, rateAttempts
- added ratePeriod:1 to config.example.js to prevent functional tests
from hitting the rate limit
- commented spam test, I’ll fix it tomorrow
closes#3285
- remove apps stuff for now
- if there is a single user, behave the same as before, overriding
non-critical properties of the single owner user
- if there are multiple users, import them like normal resource
Basic notifications are unnecessarily verbose and, in some instances, even cause line-wrapping to occur. This change shortens them to short, concsise statements to indicate what action has taken place.
Closes#3466
- Transferring the owner role is now done via a separate
endpoint and not through Ember-Data. As a result the
user role data needs to be updated manually.
- Updated the owner endpoint to return a response body
containing the updated user objects.
- Updated tests.
- edit and add endpoints don't assume role
- edit and add endpoints cope with no role, role objects, and strings
- resend user invite was failing at one point due to no role being sent, but this shouldn't be required
- other random api cleanup