Commit Graph

1025 Commits

Author SHA1 Message Date
Hannah Wolfe
68610d579f Merge pull request #3496 from jaswilli/refresh
Remove unnecessary hard refresh on signout.
2014-08-01 00:04:39 +01:00
Sebastian Gierlinger
9e40da5366 Update spam prevention
closes #3468
- added rate limit to deny more than 5 attempt every hour
- updated spam prevention to be configurable
- added config values spamTimeout, ratePeriod, rateAttempts
- added ratePeriod:1 to config.example.js to prevent functional tests
from hitting the rate limit
- commented spam test, I’ll fix it tomorrow
2014-08-01 00:58:32 +02:00
Jason Williams
b1c75ce324 Remove unnecessary hard refresh on signout.
Refs #3488
- Hard refresh handled by ember-simple-auth.
2014-07-31 22:41:35 +00:00
Hannah Wolfe
be922d5d06 Merge pull request #3488 from manuelmitasch/fix-session-invalidation
The page refresh when oauth token has expired was broken.
2014-07-31 23:28:58 +01:00
Hannah Wolfe
cda6f8f188 Merge pull request #3487 from JohnONolan/notification-copy
Shorter notifications
2014-07-31 22:53:20 +01:00
Hannah Wolfe
558dbe58f9 Merge pull request #3493 from rwjblue/fix-posts-post-author-list
Show posts authored by current user.
2014-07-31 22:41:11 +01:00
Hannah Wolfe
f5f4a4e152 Merge pull request #3490 from jaswilli/psm
Fix for missing author when switching posts
2014-07-31 22:38:09 +01:00
Robert Jackson
369eaa454e Show posts authored by current user.
The current logic allows showing of all EXCEPT the current users posts
(when the current user is an author).

This fixes that.
2014-07-31 17:23:08 -04:00
Jason Williams
27e14b7ad9 Fix for missing author when switching posts
No Issue
- Fixes the case where the authors dropdown in the
  post settings menu has no author selected after
  switching between posts.
2014-07-31 20:19:52 +00:00
Manuel Mitasch
e34ecada69 The page refresh when oauth token has expired was broken.
Ember simple-auth action "sessionInvalidationSucceeded" was overriden to display a meaningless message.
2014-07-31 21:49:29 +02:00
Hannah Wolfe
31d2ed150f Changing second half of script placeholders 2014-07-31 19:05:56 +01:00
Hannah Wolfe
8acd3a5060 Updating HTML for script placeholders 2014-07-31 17:42:43 +01:00
John O'Nolan
601ad25716 Shorter notifications
Basic notifications are unnecessarily verbose and, in some instances, even cause line-wrapping to occur. This change shortens them to short, concsise statements to indicate what action has taken place.
2014-07-31 19:19:47 +03:00
Hannah Wolfe
c5d046d452 Merge pull request #3476 from rwjblue/moar-shortcuts
Enable uppercase, lowercase, titlecase shortcuts.
2014-07-31 16:50:11 +01:00
Robert Jackson
585348c4c0 Cleanup CodeMirror shortcuts.
* Add titleize utility function.
  * Capitalizes first word.
  * Capitalizes all words not contained in simple article/conjunction
    list.
* Enable shortcuts for `uppercase`, `lowercase`, and `titlecase`.
* Fix header shortcuts
  * Ensure that header shortcuts do not duplicate text.
  * Make headers idempotent (pressing `ctrl+alt+1` then
    `ctrl+alt+2` does not make `# # # blah`.
2014-07-31 10:53:13 -04:00
Hannah Wolfe
34dbc13893 Merge pull request #3477 from halfdan/duplicate-notification
Avoids duplicate notification / transition
2014-07-31 15:47:19 +01:00
Hannah Wolfe
cfcc30b65e Merge pull request #3480 from jaswilli/issue-3466
Update user roles in store after owner transfer
2014-07-31 15:39:48 +01:00
Hannah Wolfe
7d631453bd Merge pull request #3472 from morficus/issue-3401
custom slugging capabilities for individual user pages
2014-07-31 15:36:11 +01:00
Hannah Wolfe
203c90123e Merge pull request #3471 from novaugust/editor-shortcuts
Keyboard shortcuts for Mac vs All
2014-07-31 15:34:14 +01:00
Matt Enlow
c93b7631d6 Keyboard shortcuts for Mac vs All
Closes #3029, Ref #3469
- Editor shortcuts are now built in a separate file, which uses `ctrlOrCmd` to correctly set OS specific shortcuts.
- Removed `newLine` and `selectWord` shortcuts
2014-07-31 08:00:52 -06:00
Jason Williams
038632e9a6 Update user roles in store after owner transfer
Closes #3466
- Transferring the owner role is now done via a separate
  endpoint and not through Ember-Data.  As a result the
  user role data needs to be updated manually.
- Updated the owner endpoint to return a response body
  containing the updated user objects.
- Updated tests.
2014-07-31 13:41:10 +00:00
Sebastian Gierlinger
027daaf89d Merge pull request #3462 from ErisDS/issue-3446
Post list: authors only see their own posts
2014-07-31 15:03:15 +02:00
Fabian Becker
1fffc74247 Avoids duplicate notification / transition
no ref
- Let application.js handle transition after setup
- Remove duplicate loading of server notifications
2014-07-31 14:22:37 +02:00
Maurice Williams
e6115c4126 custom slugging capabilities for individual user pages
closes #3401
- modifying slug-generator to be more generic
- adding slugging capabilities for /settings/users/:slug
- modified posts to use the updated slug-generator
2014-07-31 08:14:22 -04:00
Robert Jackson
774d027ffb Redirect to the first available post for current user. 2014-07-31 12:44:22 +01:00
Hannah Wolfe
74549ddc59 Completed post & user list filer by role
closes #3446, closes #3086

- Authors can only ever get to their own posts
- Editors only ever see authors in the user list
2014-07-31 11:23:37 +01:00
Hannah Wolfe
54ffe55a93 Merge pull request #3474 from felixrieseberg/iss3400
User Settings: Display cog based on rights
2014-07-31 09:30:13 +01:00
Felix Rieseberg
43fe63d956 User Settings: Display cog based on rights
closes #3400
- The user view has been extended to have properties indicating whether
the user has rights to make the displayed user an owner or delete
him/her
- Handlebar conditionals decide whether or not to display the cog
2014-07-31 01:03:03 -07:00
Robert Jackson
68fe9fabef Limit Posts for Authors.
* Ensures that posts listing only shows posts that the current user
  authored, if they only have the Author role.
* Do not transition into the posts.post route if the current user is
  not the author (but has the Author role). This is needed because
  the API server will always return the post (regardless of the current
  user).
2014-07-31 09:02:49 +01:00
Hannah Wolfe
92ccdf7024 Post list: authors see their own posts
issue #3446
2014-07-31 09:02:48 +01:00
Hannah Wolfe
3ec5a5e978 Merge pull request #3467 from rwjblue/update-validation-to-match-server-error
Update validation to match server error.
2014-07-31 07:46:57 +01:00
Matt Enlow
e3a5608108 Add keyboard navigation of posts
Closes #3015
- Added stepThroughPosts method to PostsRouter, takes a integer, goes that far, wraps around the array.
- PostsPostRoute notifies the PostsController of which model it currently has, to help stepThroughPosts know who's selected
2014-07-30 22:23:02 -06:00
Hannah Wolfe
ed788ef723 Merge pull request #3436 from novaugust/user-role-dropdown
User role dropdown
2014-07-31 02:06:34 +01:00
Matt Enlow
975f925561 Add User Role Dropdown
Closes #3402, Closes #3428

-------------------

 ### Components
- Added GhostSelectComponent to handle async select creation (h/t @rwjblue)
- Added GhostRolesSelector (extends GhostSelect) for displaying user role options
- Created StoreInjector for surgically inserting the store into things that normally wouldn't have them.

 ### Users Settings
- InviteNewUserModal now uses GhostRolesSelector & defaults to Author
- The role dropdown for user settings has permissions set per 3402

 ### User Model
- Added `role` property as an interface to getting and setting `roles`
- Refactored anything that set `roles` to set `role`
- isAdmin, isAuthor, isOwner and isEditor are all keyed off of `role` now

 ### Tests
- Added functional tests for Settings.Users
- updated settings.users and settings.users.user screens
- fix spacing on screens

 ### Server Fixtures
- Fixed owner fixture's roles
2014-07-30 17:59:14 -06:00
Robert Jackson
d86711e09d Update validation to match server error.
When a using the forgottenRoute if you enter an incorrectly formatted
email address you would see the error message 'Invalid Email', however
if you entered an email address that was correctly formatted but missing
the error message would be 'Invalid email address'.

This fixes the discrepancy.
2014-07-30 19:07:42 -04:00
Robert Jackson
356f9525d8 Redirect to error404 when user not found.
Closes #3459.
2014-07-30 17:43:45 -04:00
Hannah Wolfe
820459e625 Merge pull request #3463 from rwjblue/hard-refresh
Perform a hard refresh upon signout.
2014-07-30 22:28:27 +01:00
Hannah Wolfe
3b81cca49c Merge pull request #3457 from sebgie/issue#3426
Transfer ownership end point
2014-07-30 22:26:42 +01:00
Hannah Wolfe
ee2d10d7c3 Merge pull request #3456 from PaulAdamDavis/prevent-auth-autocomplete
Disable autocomplete for setup & signup screens
2014-07-30 22:22:40 +01:00
Hannah Wolfe
7efee359e6 Merge pull request #3454 from halfdan/signout-email
Properly remove email notification on signout.
2014-07-30 22:21:41 +01:00
Hannah Wolfe
a8a1901a8b Merge pull request #3453 from PaulAdamDavis/3271-prevent-website-autofill
Disable user settings autocomplete in Chrome
2014-07-30 22:14:32 +01:00
Hannah Wolfe
cf048b72b2 Merge pull request #3449 from felixrieseberg/iss3383
Stop validation error notification stack
2014-07-30 22:04:31 +01:00
Robert Jackson
7abbcf18e4 Perform a hard refresh upon signout.
Closes #3458.
2014-07-30 14:22:28 -04:00
Sebastian Gierlinger
a18b58a2f6 Transfer ownership end point
closes #3426
- added transfer ownership endpoint
- added owner to roles.permissible
- manually removed owner from roles.browse
- removed hard coded author role
- fixed tests that were passing due to hard coded author role
- added testUtils.setup(‚roles‘)
2014-07-30 17:40:30 +02:00
Felix Rieseberg
7cf0a25381 Stop validation error notification stack
closes #3383
- Calls closePassive() if a new validation error is thrown to display
only the latest validation error
2014-07-30 08:07:34 -07:00
Paul Adam Davis
665b25e424 Disable autocomplete for setup & signup screens
No issue

- Adds 2 hidden inputs at the top start of the form that trick chrome into filling those, leaving out the rest.
2014-07-30 16:04:03 +01:00
Paul Adam Davis
46d85359f1 Disable user settings autocomplete in Chrome
Closes #3271

- Adds 2 hidden inputs at the top start of the form that trick chrome into filling those, leaving out the rest.
2014-07-30 14:34:02 +01:00
Fabian Becker
a22f1d0d7a Properly remove email notification on signout.
no ref
- Calls notifications.clear() on signout
2014-07-30 13:32:19 +00:00
Hannah Wolfe
11c0fe7a0f Merge pull request #3416 from alarobric/case_3291
Settings screens redirect for certain roles
2014-07-30 14:17:19 +01:00
Hannah Wolfe
949252f5ed Merge pull request #3447 from jaswilli/auth
Fixup signin and signout
2014-07-30 14:13:02 +01:00
Alan Richards
4d074c3e55 Settings screens redirect for certain roles
Closes #3291
- Adds redirects based on roles as defined in the case
- Adds new mixin `CurrentUserSettings`
- For authors, all settings pages redirect to `users/self`
- For editors, all settings pages other than specific users redirect to `users`. Any user that is not self or an author redirects to `users`
2014-07-30 00:57:16 -07:00
Jason Williams
d19c3ae9d1 Fixup signin and signout
No Issue
- Move authentication related handlers to the Application route.
- Switch Sign Out from a button to a link.  Use the signout route
  to handle invalidating the session and redirecting instead of
  an action from a button.
- Clear error messages on signin page when pressing log in button.
- Errors are now always shown on sign in screen and a success
  notification is shown after sign out.
- Update functional tests.
2014-07-29 20:58:43 +00:00
Sebastian Gierlinger
bb5ca7c272 Fix Invitations
no issue
- added `invited-pending` when resending invitation
- promise chain was missing a return statement
- email error was masked and front end showed success notification
2014-07-29 15:35:48 +02:00
Hannah Wolfe
05afe8afb2 Improve importer error messaging
closes #3274

- Ensure that validation errors are always handled by moving them into the
  importer
- Ensure that db errors are handled consistently across sqlite and mysql
- Change the errors to be output in a table, with a short failure notification
- Add tests for 003 importing bad files
2014-07-29 12:02:18 +01:00
Hannah Wolfe
b6d7afe9ad Merge pull request #3440 from sebgie/notification-reset-invite
Reset/Signin while signed in
2014-07-29 11:52:40 +01:00
Maurice Williams
3397790204 Removing "author" role-label
closes #3427
- adding conditional statement to now display users with role "author"
2014-07-29 01:50:34 -04:00
Jason Williams
d75483e4a8 Preserve order of tags as entered by the user.
Closes #3133
- Implement an ordered set for the tags property of the tag
  input controller.  Set order is by order added to the post.
2014-07-29 02:16:21 +00:00
Sebastian Gierlinger
fe9692e824 Reset/Signin while signed in
no issue
- added redirect and notification to reset route
- added notification to signup route
2014-07-28 18:00:08 +02:00
Hannah Wolfe
6c76b080bb Merge pull request #3423 from jaswilli/issue-3403
Add a mixin for saving a subset of a model.
2014-07-28 09:49:19 +01:00
Hannah Wolfe
13f34fd992 Merge pull request #3422 from sebgie/issue#3177
Hide Access Token
2014-07-28 09:18:42 +01:00
Jason Williams
039f5fd693 Add a mixin for saving a subset of a model.
Closes #3403
- Add SelectiveSaveMixin so that a DS.Model can save one or more
  properties at a time while preserving other outstanding changes.
2014-07-27 21:04:35 +00:00
Sebastian Gierlinger
d40f545106 Add XSS prevention
closes #3387
- added placeholder for <script> and <iframe>
- added google-caja sanitizer
- changed title in posts overview to ‚double-stash‘
2014-07-27 23:03:01 +02:00
Sebastian Gierlinger
4376fcb784 Hide Access Token
closes #3177
- uses an iFrame to initiate the download to hide the access token

The access token is now hidden in the admin logic. If we would like to
completely hide the token it is possible to remove the access token and
use signed requests instead, but I think the effort isn’t worth the
benefit in this case.
2014-07-27 22:57:57 +02:00
Hannah Wolfe
3cb2a03170 Merge pull request #3393 from joeldrapper/sort-roles-dropdown
Fixed role sort order in the invite a new user drop down list
2014-07-27 19:39:06 +01:00
Hannah Wolfe
4191a9c7be Merge pull request #3412 from novaugust/credentials-validation-convergance
Create new user validator to DRY up validators
2014-07-27 19:38:24 +01:00
Hannah Wolfe
4972fe1672 Merge pull request #3411 from novaugust/signup-password
Rebind password to password input on signup page
2014-07-27 19:36:54 +01:00
Jason Williams
371a4a059f Do not clear password until after leaving signin
Closes #3399
- Provide our own authenticate action handler which does not
  clear the password input.
- Use the Signin route's deactivate hook to clear the password
  property on the controller after the user has transitioned
  away from the signin page.
2014-07-26 19:06:58 +00:00
Hannah Wolfe
fb128f6be7 Merge pull request #3406 from simplabs/update-ember-simple-auth
Updated Ember Simple Auth to latest version
2014-07-26 17:24:18 +01:00
Matt Enlow
a22dca8722 Create new user validator to DRY up validators
No issue
- Created NewUserValidator class to DRY up validation of a models name, email, and password
- Changed SignUpValidator to be an instance of NewUserValidator
- Changed SetUpValidator to extend NewUserValidator
2014-07-25 13:20:40 -06:00
Matt Enlow
0d4397ef98 Rebind name and password to inputs on signup page
Closes #3410, Ref #3392
- Removed setting name from user email address per issue #3392
2014-07-25 13:04:33 -06:00
Marco Otte-Witte
7835d824d3 updated Ember Simple Auth to latest version 2014-07-25 16:04:19 +02:00
Hannah Wolfe
4057a2c8d5 Merge pull request #3397 from morficus/issue-3392
Removing "full name" auto-popualtion during signup
2014-07-25 09:54:51 +01:00
joeldrapper
773630f045 Roles drop down sorted by ID
closes #3391
- Changed sort order to ID instead of name
2014-07-25 09:41:12 +01:00
Hannah Wolfe
409b0793cf Merge pull request #3398 from morficus/issue-3396
Fixing resend user invitation
2014-07-25 08:53:13 +01:00
Hannah Wolfe
5a63c1c34d Merge pull request #3394 from IanMitchell/settings-user-button
Hides <Users button for authors
2014-07-25 08:51:45 +01:00
Hannah Wolfe
c057d0b406 Merge pull request #3385 from felixrieseberg/iss3375
Signin error notifications kept from stacking
2014-07-25 08:48:08 +01:00
Maurice Williams
690bd9c551 Removing "full name" auto-popualtion during signup
closes #3392
- removing data-binding attribute for "name" input box on signup screen
- removing data-binding attribute for "password" input box on signup screen
- making "email" the first input box and "name" the 2nd
- removing "autofocus" attribute for "email" input box on signup screen
2014-07-24 22:49:57 -04:00
Maurice Williams
8b747a9593 Fixing resend user invitation
closes #3396
- passing role when resending a users invitation
2014-07-24 22:42:55 -04:00
Ian Mitchell
601692780a Hides <Users button for authors
closes #3295
- The <Users button visibility is now restricted by user role
2014-07-24 18:54:02 -07:00
Hannah Wolfe
1695631f11 Merge pull request #3377 from PaulAdamDavis/signout-button
Change signout link to button
2014-07-24 17:52:09 +01:00
Hannah Wolfe
f3899aaefe Merge pull request #3376 from felixrieseberg/iss3292
Redirect authors and editors away from debug page
2014-07-24 17:51:16 +01:00
Hannah Wolfe
cc30b7b564 Merge pull request #3368 from felixrieseberg/master
Show errors on reset page (Closes #3330)
2014-07-24 17:49:56 +01:00
Felix Rieseberg
8d3a3e711f Signin error notifications kept from stacking
closes #3375
- Prior to showing error notifications, the signin route now calls
  closePassive().
2014-07-24 11:16:00 -04:00
Jason Williams
5e021da86c Improve handling of users and roles in admin
Closes #3083 Refs #3229
- Populates the dropdown list in the invite user menu with the
  list of roles a user is permitted to create.
- Users API now checks the invite user request for allowed roles.
- Change API response from 200 to 201 on successful invitation.
- Change API response from 500 to 201 when the user was created but
  the email was not sent.  The client will show a warning notification
  when it sees 'invite-pending' as the new user's status.
- Add support for "?status=all" to the /users endpoint.
- Refactor the route and controller for the /settings/users page so
  that there's only one network API call to load users instead of two.
2014-07-24 14:20:47 +00:00
Felix Rieseberg
7eb32c86d3 Show error notifications on "reset password" page
closes #3330
- Caught errors are displayed using notifications util
2014-07-24 08:45:42 -04:00
Hannah Wolfe
96a61025ec Merge pull request #3362 from sebgie/issue#3087-2
Transfer Ownership
2014-07-24 12:19:08 +01:00
Maurice Williams
bf95c5b268 Preventing rogue modals from popping up when hitting the enter-key
closes #3352
- adding a ```type``` attribute to buttons inside form in the settings section
- scanning the rest of the project to find any other buttons w/a missing attribute
2014-07-23 22:58:50 -04:00
Felix Rieseberg
ed0ac32ebb Redirect authors and editors away from debug page
A signed in user with role author or editor will be redirected back to
/ghost.

closes #3292
2014-07-23 17:25:13 -04:00
Paul Adam Davis
acb45cb660 Change signout link to button
References https://github.com/TryGhost/Ghost-UI/issues/65

- Swap signout link from an `<a>` tag to `<button>`
- Changed tests to match new element
2014-07-23 22:12:45 +01:00
Sebastian Gierlinger
56eee1a84c Transfer Ownership
closes #3364 (special thanks to @jaswilli)
closes #3087
- added modal
- added controller
2014-07-23 12:41:31 +02:00
Hannah Wolfe
302b360194 Merge pull request #3367 from jaswilli/issue-3161
Get Ember Admin ready for production
2014-07-23 04:47:19 +01:00
Hannah Wolfe
8845f25e02 Merge pull request #3365 from PaulAdamDavis/user-list-img-bg-swap
Make user list images background-image's
2014-07-23 04:11:14 +01:00
Hannah Wolfe
4eb03af0a3 Merge pull request #3358 from IanMitchell/sidebar-role
Hide Settings Sidebar Based on Role
2014-07-23 03:41:40 +01:00
Jason Williams
ddcb441268 Get Ember Admin ready for production
Closes #3161
- Add a config.js file for the client which is used to configure
  Ember.Application during runtime. The correct version of config.js
  is copied into place by grunt via the copy:(dev|prod) task from
  either config-dev.js or config-prod.js.
- Serve minified and production versions of libraries where applicable
  including handlebars-runtime and ember-prod.
- Bundle third party libraries into vendor.min.js.
- Bundle Ghost's Ember app and templates into ghost.min.js
- Remove all fixture data and code from the client.
2014-07-22 22:33:49 +00:00
Paul Adam Davis
0de40016ab Make user list images background-image's
References https://github.com/TryGhost/Ghost-UI/issues/76

- Swap user avatars in the user list from ing tags to background images
2014-07-22 20:13:30 +01:00
Ian Mitchell
5db86f2356 Hide Settings Sidebar Based on Role
Implements #3294. Currently, we don’t have a permission system on the
client side, so this relies on a hardcoded “author” string.
2014-07-22 08:03:52 -07:00
Jason Williams
6c5d1a6267 Update Users API to handle role objects or ids
Closes #3357
- API method User#edit now handles User objects that have either
  an array of Role ids or objects.
- Fixed error handler notification on upload modal controller.
2014-07-22 05:48:16 +00:00
Hannah Wolfe
1b5a682e13 Merge pull request #3341 from PaulAdamDavis/psm-class-ammend
Correct markup for the PSM author dropdown
2014-07-22 01:12:45 +01:00
Hannah Wolfe
2263d05926 Merge pull request #3356 from IanMitchell/header-role
Hide Settings Tab if Author
2014-07-21 23:48:01 +01:00
Hannah Wolfe
a2ed33ec7e Merge pull request #3347 from jaswilli/posts-content
Only load posts once on navigating to content tab
2014-07-21 23:47:55 +01:00