Commit Graph

327 Commits

Author SHA1 Message Date
Jacob Gable
0dc6dc29a7 Add apps permissable checks in posts and users
Closes #2738

- Re-introduce the TargetModel.permissable interface check in the
regular permission flow path
- Pass loadedPermissions, hasUserPermission and hasAppPermission to
permissable interface to reduce logic necessary
- Refactor recursive call to pass original arguments but with actual
model
- Refactor canThis(this.user) use in api/posts.js to just canThis(this)
2014-05-14 09:22:25 -05:00
Jason Williams
954cb1a59e updateTags refactor
closes #2720
-refactor Models.Posts.updateTags method to reduce complexity
2014-05-12 21:03:26 +00:00
Sebastian Gierlinger
fd0f5a5028 Add distinct error classes
closes #2690
- added new error classes
- moved errorhandling.js to /errors/index.js
- changed API errors to use new classes
- updated tests
2014-05-09 12:11:29 +02:00
David Arvelo
87cda81c84 Sanitize models' attributes/options before passing to bookshelf/knex
closes #2653
- enforce strict whitelists for model methods
- create a class method that reports a model method's valid options
- create a class method that filters a model's valid attributes from data
- create a class method that filters valid options from a model method's options hash
2014-05-06 23:02:49 -04:00
Hannah Wolfe
31fc84cefb Consistency in model method naming
- The API has the BREAD naming for methods
- The model now has findAll, findOne, findPage (where needed), edit, add and destroy, meaning it is similar but with a bit more flexibility
- browse, read, update, create, and delete, which were effectively just aliases, have all been removed.
- added jsDoc for the model methods
2014-05-06 00:36:42 +01:00
Sebastian Gierlinger
e1bbc60467 Additional objects
closes #2620
- moved aspect -> filters
- updated tests
- fixed inconsistency in pagination object
2014-04-27 19:34:44 +02:00
Sebastian Gierlinger
1e62400465 Add include parameter for posts API
closes #2609
- added include parameter to api.posts.*
- changed toJSON to omit objects that are not included
- added include parameter to admin
- added include parameter to frontend.js
- updated tests
- removed duplicate code from posts model

**Known Issue:** It is not possible to attach a tag using an ID.
2014-04-27 18:58:34 +02:00
Jacob Gable
a9cc252b45 Invalidate cache header only for published posts
Closes #1563

- Add new updatedAttributes() functionality to base models
- Update Post.edit(...) to pass along _updatedAttributes values
- Update Post.delete to set statusChanged to true
- Add checking for statusChanged to cacheInvalidationHeader()
- Update route tests that check for cache invalidation header
2014-04-23 09:28:45 -05:00
Alan Richards
686aec7ab5 Post API response to use author not author_id
Closes #2608
- added toJSON method override for post model
- in the event no expanded author relation is present the id will be used
- removed author_id from expected response JSON for posts.
- updated integration tests to check for existence or not of author and author_id
2014-04-22 02:13:33 -07:00
Hannah Wolfe
3eb284e4b5 Update & grunt-groc and fix docs errors
issue #2622

- Updated grunt-groc to 0.4.5
- Fixed the few places which made the docs fail to generate
- There is still a mix of styles
2014-04-21 19:04:20 +01:00
Sebastian Gierlinger
32ea948675 Post response move pagination -> meta
closes #2604
- moved ‚pagination‘ to ‚meta‘ property
- added response test for pagination property
- changed ‚next‘ and ‚prev‘ to be set to null and exist on every
response
- removed unnecessary call to API for RSS author
2014-04-19 17:03:20 +02:00
Sebastian Gierlinger
e47e9c62d0 Add permissions to API
closes #2264
- added permissions check to db, users and posts
- added register method to users
- added doesUserExist method to users
- added user from session to internal calls
- changed permissible to overwrite canThis
- removed action map and action type from permissable method
2014-04-16 18:22:22 +02:00
Sebastian Gierlinger
61e94a6e8b Use current user in models
closes #2058
- fixed apiContext as suggested in the issue
- added user to options object for models
- added api.users.register() for public registration
- changed models to use options.user for created_by, updated_by,
author_id and published_by
- added override to session model to avoid created_by and updated_by
values
- added user (id: 1) to tests
- added user (id: 1) for registration
- added user (id: 1) for import, fixtures and default settings
- added user (id: 1) for user update
- added user (id: 1) for settings update (dbHash, installedApps, update
check)
- updated bookshelf to version 0.6.8
2014-04-16 18:20:09 +02:00
Fabian Becker
41cef386bc Implements Models & Data API for Apps
closes #2138
- Adds new models for AppField and AppSetting
- Removed permitted attributes from App model (handled by base)
- Added reference from Post to AppFields
- Added fixture data to DataGenerator
- Added integration tests for Apps, AppSettings, AppFields
- Added import for Apps
- Added app_fields to default fixtures
2014-04-16 18:14:56 +02:00
Jacob Gable
9369dd3bf7 Add app permission checking to canThis
- Pass permissions loading to buildObjectTypeHandlers to eliminate
shared state
- Load both app and user permissions to check
- Check app permissions if present
- Create apps table and App model
- Move effectiveUserPermissions to permissions/effective
- Change permissable interface to take context; user and app.
- Add unit tests for app canThis checks and effective permissions
2014-04-16 18:06:39 +02:00
Sebastian Gierlinger
9321289c1d Move post API to primary document format
closes #2580
- added new format to post API methods
- added post object parsing and wrapping to admin
- removed unused ‚user‘ object from API response
- updated tests
2014-04-16 12:09:03 +02:00
Sebastian Gierlinger
a3aba2d504 Deduplicate upper-/lowercase tags for posts
server side check for #2478
- added check for duplicate tags in post model
2014-03-24 19:08:06 +01:00
Hannah Wolfe
2f159cb7df Merge pull request #2435 from halfdan/2148-rpc
Add XML-RPC ping
2014-03-20 19:14:23 +00:00
Fabian Becker
9e7469e3ea Add XML-RPC ping
closes #2148
- Added core/server/xmlrpc.js
- Hook into post::saved to ping when a published post gets saved
- Added node package to hook into http requests
2014-03-20 17:53:32 +00:00
Hannah Wolfe
c02fd70c63 Improving the showdown extensions
fixes #2381

- renamed the ghost extensions
- added new html tests
2014-03-20 17:08:13 +00:00
Hannah Wolfe
d8f724d94d Removing typography extension
issue #2312

- The typography extension is still interfering in HTML blocks, reference style links and other bits and pieces it probably shouldn't be :(
- We'll add it back when it's ready.
2014-03-20 13:22:28 +00:00
Fabian Becker
cd74b0e232 Switch to bower for client assets.
fixes #2272
- Remove libraries from shared/vendor
- Remove libraries from client/assets/vendor
- Add bower to package.json and postinstall
- Add bower.json with dependencies
- Add scripts from bower_components to concat/uglify
- Fix tests
- Serve jquery from /ghost/built/theme/
2014-03-04 20:09:26 +00:00
Fabian Becker
1a9e91f120 Replace JSLint with JSHint.
closes #2277
- Added ES6 linting to core/client/
- Fix typeof array comparison
2014-03-04 15:47:39 +00:00
Hannah Wolfe
708ba6f8b0 Merge pull request #2220 from sebgie/issue#1401
Add validation from schema.js
2014-02-28 23:04:04 +00:00
Andy
b49f10c33d Add support for typographically-correct punctuation
Closes #1795
- Added typography.js Showdown extension
- Updated RSS test to support new typographic quotes
2014-02-28 09:44:08 +00:00
Sebastian Gierlinger
b1c35a9b6c Fix importer adds the same tags to every post
fixes #2234
- updateTags used tags that were overwritten by an async operation
2014-02-21 22:54:56 +01:00
Sebastian Gierlinger
ac7f4f05c4 Add validation from schema.js
closes #1401
- added data/validation/index.js
- added generic validation for length
- added generic validation for nullable
- added validations object to schema.js for custom validation
- removed pyramid of doom from api/db.js
2014-02-19 18:32:23 +01:00
Sebastian Gierlinger
ea6c601b01 Improvements for models
#closes #1655
- removed models as parameter for bookshelf-session
- changed to read permittedAttributes from schema.js
- changed updateTags to be executed at saved event
- added validate to execute after saving event
- added test for published_at = null (see #2015)
- fixed typo in general.hbs
2014-02-19 14:57:26 +01:00
Harry Wolff
9ab4b7d4d5 Adds tag pages
fixes #2111

- modified Post model to support a tag query
  param that will filter the desired post collection
  to only include posts that contain the requested tag

- in the updated Post model it includes the Tag model
  under a nested object called 'aspects'

- added tests for updated Post model, updating
  test utils to add more posts_tags relations

- adds two new routes to frontend,
  one for initial tag page,
  another to page that tag page

- for tag pages the array of posts
  is exposed to the view similarly
  to the homepeage

- on the tag view page the information
  for the tag is also accessible
  for further theme usage

- the tag view page supports a hierarchy of
  views, it'll first attempt to use a tag.hbs
  file if it exists, otherwise fall back
  to the default index.hbs file

- modified pageUrl and pagination helper
  to have it be compatible with tag paging

- added unit tests for frontend controller

- added unit tests for handlebar helper modifications

- add functional tests for new tag routes
2014-02-18 15:10:02 -05:00
John-David Dalton
6eab7b3f92 Replace underscore with lodash. 2014-02-06 14:08:34 +00:00
Hannah Wolfe
7049d0f338 Improvement for published posts with no published_at
issue #2015

- this is another little workaround / improvement to try to reduce the number of people who end up with a published post with no published_at set
- I assume we need to complete #1655 to fix this properly
2014-01-26 12:05:27 +00:00
Zach Schneider
fa7bd62857 Fixed issue with adding multiple new tags to a post
Fixes #1907

Refactored `updateTags` to correct a loop issue where the `insert`
method was mistakingly being passed rather than `update`, triggering a
duplicate PK SQL error.
2014-01-13 09:29:40 -05:00
Harry Wolff
a1f64d2f1f Extending halfdan’s work for UX settings improvements
#1351

- prevent a new post (not saved on server) from
updating its slug/date to the server

- fix jshint

- add back creation of a posts slug upon a post creation

- update for rebasing

- hide ability to ‘delete this post’ from post settings
menu when a post hasn’t yet been saved to the server
2014-01-06 21:33:24 -05:00
Fabian Becker
11c8d234f7 New Post UX behaviour.
refs #1351
- Make generateSlug a static method on base model
- Change client behaviour (unfinished)
- Add new getSlug API method
2014-01-06 21:05:17 -05:00
Hannah Wolfe
3f9b0fa618 Disable xss santization
issue #1378
fixes #1328

- xss santization does some odd things. This isn't needed until we have multi-user support, and we are investigating better solutions.
2014-01-06 20:17:20 +00:00
Harry Walter
7b390e73e6 Correctly order posts in admin and frontend
issue #1303
2013-12-24 11:18:32 +00:00
Hannah Wolfe
78737b35ff API refactor / cleanup
closes #1303

- removed where and orderBy from being passed from the API through to bookshelf, and ultimately knex
- ordering is now consistent across both front and backend, which fixes #1303
- validated / cleaned up all the API parameters
- added API tests for the status and staticPages parameters
2013-12-20 13:07:01 +00:00
Harry Wolff
89154ad997 Restore support for using ghost as a npm module fixes #1326 2013-11-27 17:39:14 +00:00
Tim Griesser
726014f59a bumping to knex 0.5 and bookshelf 0.6.1 2013-11-26 23:10:31 +00:00
Sebastian Gierlinger
77ed7f8ac6 Add transactions for import
closes #837
- added transaction handling for import
- added transactions to model functions
- added simple tests for failing imports
2013-11-20 21:36:02 +01:00
Sebastian Gierlinger
bb17e1c0e9 Add API tests
closes #1189
- added tests
- added request module
- added status codes to API calls
- fixed return values of API calls
- fixed that drafts caused an error when being deleted
- fixed X-Invalidate-Cache headers
- moved testUtils.js to utils/index.js
2013-11-03 18:13:19 +01:00
Fabian Becker
798e5b1a4e Allow user to mark a post as static page
- Increased post-settings width to properly display "Static Page"
- Changed templates to display "Static Page" if set
- Added unit test for body_class helper

fixes #969
2013-10-28 22:01:03 +00:00
Hannah Wolfe
5c33a707e9 Merge pull request #1164 from halfdan/1162-unpublished-posts
Unpublished Post should not be accessible
2013-10-25 13:18:39 -07:00
Fabian Becker
aa5c0cc620 Unpublished Post should not be accessible
fixes #1162
2013-10-24 21:29:10 +00:00
Hannah Wolfe
4480d3bd02 Merge pull request #1088 from jacobian/postgres-fix
Fix #896 - work around errors in pagination under Postgresql.
2013-10-22 07:08:15 -07:00
Tim Griesser
13639ad8d1 Updating to bookshelf 0.5.7 & knex 0.4.11 2013-10-17 18:23:36 +01:00
Jacob Kaplan-Moss
2acb546028 Fix #896 - work around errors in pagination under Postgresql. 2013-10-15 11:09:08 -05:00
Hannah Wolfe
95f9fce3be Swapping escape to sanitze
issue #938

- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
2013-10-09 19:13:16 +01:00
Tim Griesser
c9235ccb0b Escaping several fields to prevent XSS
issue #938
- escapes post's title field
- escapes settings title, description, email
- escapes user's name field
- includes test for post title
2013-10-09 19:13:13 +01:00
Hannah Wolfe
d544b4aebb Custom destroy method for posts
issue #858

- correctly handles detaching tags before deleting the post
2013-09-27 11:56:20 +01:00
Hannah Wolfe
e6b779330f Correctly test for an empty Tag array
issue #858

- fixes syntax errors in mysql
2013-09-27 11:55:02 +01:00
John O'Nolan
d1957958e3 Cleanup indentation and quotes
Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-26 15:06:31 +01:00
Hannah Wolfe
83e655701c Post settings menu tweaks
closes #782, #783

- delete button hidden until ID
- publish date works before publish
2013-09-17 11:51:24 +01:00
William Dibbern
4b8806ec1d Infinite Scroll Pagination for content screen
Fixes #258

- Modified post collection to have default values for paging.
- Added scroll handler to content view to check for more posts and load
as appropriate.
- Sanitized result from server-side post paging, ensure page # is
returned as an integer.
- Added a functional test stub.
2013-09-15 18:34:23 -05:00
Hannah Wolfe
d587a845d4 Set migrations to use new 000 schema
issue #632

- removed old schemas
- updated base model to reflect all of the consistent behaviours and properties across the models
- updated all models to match the new schema

TODO

- no fixtures are currently loaded except settings
- need to rename properties across the codebase
2013-09-14 20:01:46 +01:00
Hannah Wolfe
70824a247f Merge branch 'migrations-003' into new-version
Conflicts:
	.gitignore
	config.example.js
	core/server/models/post.js
	package.json
2013-09-14 19:15:04 +01:00
Hannah Wolfe
486b2406b1 Merge pull request #722 from ericterpstra/370-post-settings-permalink
Added post-settings menu with edit permalink field
2013-09-13 14:31:49 -07:00
Hannah Wolfe
420986de62 Updating tag saving logic to never save duplicates 2013-09-13 21:38:53 +01:00
ericterpstra
e2bc5257a6 Added post-settings menu with edit permalink field
closes #370
- Added new Backbone view for post settings menu
- Moved sass styles to global.scss for post settings menu items
- Added field to change post slug (permalink) using existing slug
  validation
2013-09-13 12:36:38 -05:00
Adam Howard
f6b86a98ff Fix bug preventing tags from being saved when a Post is created.
Fixes #658
2013-09-13 14:30:22 +01:00
Hannah Wolfe
5bae29a0db Merge branch 'master' into migrations-003
Conflicts:
	core/server/data/migration/index.js
	core/server/models/post.js
2013-09-05 12:40:43 +01:00
Hannah Wolfe
7570599252 Merge pull request #564 from skattyadz/tags-squashed
Add post tagging functionality
2013-09-01 17:50:21 -07:00
Adam Howard
d90df55b75 Add post tagging functionality
closes #367
closes #368

- Adds Tag model with a many-to-many relationship with Post
- Adds Tag API to retrieve all previously used Tags (needed for suggestions)
- Allows setting and retrieval of Tags for a post through the Post's existing API endpoints.
- Hooks up the editor's tag suggestion box to the Ghost install's previously used tags
- Tidies the client code for adding tags, and encapsulates the functionality into a Backbone view
2013-08-30 16:20:22 +01:00
William Dibbern
94f262a697 Strip whitespace on titles
Fixes #469

- Added client-side trimming of title on blur if it is not already
trimmed.
- Added server-side trimming of title on 'saving' event of post model.
2013-08-30 08:04:32 -05:00
Hannah Wolfe
f318d164d4 Adding Github Flavored Markdown support
closes #422, issue #295

- Added GFM mode to codemirror
- Took the github.js extension for Showdown and added all useful behaviour
- Now supports strikethrough, line breaking and
  multiple underscores, and auto linking urls & emails without breaking
  definition urls
- Also added definition url handling in preparation for #295
- Added unit tests for the extentions individually and integrated with
  showdown
2013-08-29 14:32:09 +01:00
Hannah Wolfe
c70dfde7e3 Agressive stripping of the model attributes
- fixes #517
- prevents this from occuring again in future with other relations
- validation function & stripping done for all models
- casper test for flow, plus validation & logged out tests
2013-08-25 18:12:27 +01:00
Hannah Wolfe
41e36cca7e Validation consistency
- introduced validation method in the post and user model
- moved signup validation onto model
- consistent use of validation & error messaging in the admin UI
- helper methods in base view moved to a utils object
2013-08-25 18:10:12 +01:00
Hannah Wolfe
6f05812377 Merge pull request #503 from sebgie/questionmarkbug
Fix for post with '?'
2013-08-24 08:06:51 -07:00
Hannah Wolfe
60c7643a58 Merge pull request #438 from cgiffard/hbs-helper-author
Template Helpers: Added author hbs helper
2013-08-24 07:45:36 -07:00
Sebastian
9ee91b3547 Fix for post with '?'
closes #433
- if slug is empty after trimming use "post" as slug instead
2013-08-23 18:49:45 +02:00
Christopher Giffard
4397bcf86e Template Helpers: Added author hbs helper
Fixes #358

 - Altered post model to enable eager loading of author and
   user relationships
 - Fixed broken base model toJSON method, which prevented
   eager resolution of relationships (thanks @tgriesser)
 - Passes author information to template.
 - Added unit tests for author helper.
 - Added unit tests for findOne and findAll additions to Post Model
   which take into account the eager relationships

 Usage:
 `{{author}}` -- returns the full name of the post author
 `{{author.attribute}}` -- returns property of the current post author
 as described by the user model
2013-08-23 19:13:32 +10:00
Jacob Gable
a1d00b56b2 Trim title and don't allow negative pages
Added a .trim() to the slug generation and redirect to the first page if
the page parameter is parsed as less than 1.
2013-08-19 21:18:39 -05:00
William Dibbern
4f2421fac7 MySQL Support
Closes #364
- Confirmed integration with local mysql installation works.
- Updated fixtures and migration with appropriate schema-conforming
values.
- Updated schema with appropriate defaults and nullable columns.
- Updated fixDates function on model base to appropriately deserialize
values coming from SQLite now that dates are stored as actual DateTime
objects/ISO strings.
- Updated default language to be 'en_US'.
2013-08-19 17:25:02 -05:00
Hannah Wolfe
fd33b276a0 Merge pull request #419 from jgable/postPermissions
Edit Post Permissions
2013-08-18 12:11:55 -07:00
Jacob Gable
53061a4c04 Fix multiple title slug generation
Change slug generation to not append multiple hyphens
2013-08-18 13:23:15 -05:00
Jacob Gable
bbe5105048 Edit Post Permissions 2013-08-18 12:28:05 -05:00
Hannah Wolfe
30b4eb07f7 App restructure - closes #245
- This is a first pass at getting a more logical structure. The focus is on moving from admin/frontend to client/server.
- The location of the databases is highly important, this isn't expected to change again
In the future
- client/assets should probably become public/
- more stuff should be shared (helpers etc)
- cleanup some confusion around tpl and views
2013-07-11 20:23:34 +01:00