Commit Graph

76 Commits

Author SHA1 Message Date
naz
38b7f8e311
Fixed "no-shadow" linting error in server/data modules (#12288)
refs 143921948d

- Continuation of changes started in referenced commit
2020-10-20 11:56:46 +13:00
Kevin Ansfield
e5a92be932 Fixed typo in snippets permission fixtures
refs https://github.com/TryGhost/Ghost/pull/12283

- `delete` -> `destroy` for action type
2020-10-16 17:46:31 +01:00
Kevin Ansfield
15afed4b81
Added snippets permissions migration and fixtures (#12283)
no issue

- all staff users can browse/read snippets so they're usable in the editor for everyone
- only administrators, editors, and admin integrations are able to create/edit/delete snippets
2020-10-16 12:53:09 +01:00
Rishabh Garg
2bac2c67cc
Granted Admin users ability to impersonate member (#12132)
refs #12126

- Adds migration to add impersonation permission to administrators
- Adds default permission fixture to allow administrators to read member impersonation urls
- Allows administrators to create member impersonation magic links
2020-08-18 14:17:56 +05:30
Daniel Lockyer
5b471e1bbe Extracted promise libs and history into @tryghost/promise
- deleted files under `core/server/lib/promise` and related test files
- added `@tryghost/promise` as a dependency
- fixed all local requires to point to the new package
2020-08-11 18:44:21 +01:00
Hannah Wolfe
8c8af3b4ac Fixed additional bracket in fixture code example
closes #11908

- The post publishing-options shows a snippet of JSON-LD in a code block, that had an extra comma and curly bracket
2020-07-06 19:49:10 +01:00
Fabien O'Carroll
5b058d6d5b Added permission for auth:members_stripe_connect
no-issue

This permission is used to ensure that only the Owner can
authenticate/authorize the members_stripe_connect integration.
2020-06-02 15:28:42 +02:00
Vikas Potluri
00c324fa4e
Moved core/server/lib/common/logging to core/shared/logging (#11857)
- Represents that logging is shared across all parts of Ghost at present
  * moved core/server/lib/common/logging to core/shared/logging
  * updated logging path for generic imports
  * updated migration and schema imports of logging
  * updated tests and index logging import
  * 🔥 removed logging from common module
  * fixed tests
2020-05-28 19:30:23 +01:00
Vikas Potluri
4ac88dce10
Refactored common lib import to use destructuring (#11835)
* refactored `core/frontend/apps` to destructure common imports
* refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports
* refactored `core/frontend/services/settings` to destructure common imports
* refactored remaining `core/frontend/services` to destructure common imports
* refactored `core/server/adapters` to destructure common imports
* refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports
* refactored `core/server/data/importer` to destructure common imports
* refactored `core/server/models/{base, plugins, relations}` to destructure common imports
* refactored remaining `core/server/models` to destructure common imports
* refactored `core/server/api/canary/utils/serializers/output` to destructure common imports
* refactored remaining `core/server/api/canary/utils` to destructure common imports
* refactored remaining `core/server/api/canary` to destructure common imports
* refactored `core/server/api/shared` to destructure common imports
* refactored `core/server/api/v2/utils` to destructure common imports
* refactored remaining `core/server/api/v2` to destructure common imports
* refactored `core/frontend/meta` to destructure common imports
* fixed some tests referencing `common.errors` instead of `@tryghost/errors`
   - Not all of them need to be updated; only updating the ones that are
causing failures
* fixed errors import being shadowed by local scope
2020-05-22 19:22:20 +01:00
Hannah Wolfe
22e13acd65 Updated var declarations to const/let and no lists
- All var declarations are now const or let as per ES6
- All comma-separated lists / chained declarations are now one declaration per line
- This is for clarity/readability but also made running the var-to-const/let switch smoother
- ESLint rules updated to match

How this was done:

- npm install -g jscodeshift
- git clone https://github.com/cpojer/js-codemod.git
- git clone git@github.com:TryGhost/Ghost.git shallow-ghost
- cd shallow-ghost
- jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2
- jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2
- yarn
- yarn test
- yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode
- grunt test-regression
- sorted!
2020-04-29 16:51:13 +01:00
Fabien O'Carroll
d246a4761e Implemented externally verifiable identity tokens
no-issue

This adds two new endpoints, one at /ghost/.well-known/jwks.json for exposing
a public key, and one on the canary api /identities, which allows the
Owner user to fetch a JWT.

This token can then be used by external services to verify the domain

* Added ghost_{public,private}_key settings

    This key can be used for generating tokens for communicating with
    external services on behalf of Ghost

* Added .well-known directory to /ghost/.well-known

    We add a jwks.json file to the .well-known directory which exposes a
    public JWK which can be used to verify the signatures of JWT's created
    by Ghost

    This is added to the /ghost/ path so that it can live on the admin
    domain, rather than the frontend. This is because most of its
    uses/functions will be in relation to the admin domain.

* Improved settings model tests

    This removes hardcoded positions in favour of testing that a particular
    event wasn't emitted which is less brittle and more precise about what's
    being tested

* Fixed parent app unit tests for well-known

    This updates the parent app unit tests to check that the well-known
    route is mounted. We all change proxyquire to use `noCallThru` which
    ensures that the ubderlying modules are not required. This stops the
    initialisation logic in ./well-known erroring in tests

https://github.com/thlorenz/proxyquire/issues/215

* Moved jwt signature to a separate 'token' propery

    This structure corresponds to other resources and allows to exptend with
    additional properties in future if needed
2020-03-16 13:22:04 +01:00
Naz
b0ff1e7cac
Added member login resource to Admin API (#11607)
no issue

- Adds 'GET /members/:id/signin_urls' endpoint to Admin API allowing to fetch login URL for member. This URL allows to log in as a member which is useful in situations when you need to impersonate a member (for example to debug some issue they are having)
- Added member_signin_urls permission with migrations. Only the "Owner" user can read "signin_urls" resource. Admin and other users will be denied access
2020-02-27 11:48:02 +08:00
Rish
7f337743e9 Fixed tests
no issue
2020-02-14 15:44:47 +05:30
Rishabh Garg
001db05075
Added labels for Members (#11538)
no issue

* Updated sendEmailWithMagicLink syntax

* Updated label name selection from theme

* Updated migration version for labels

* Added labels to export/import of members

* Added member labels sanitization for case-insensitive duplicates

* Fixed tests

* Fixed label serialization bug on import

* Bumped @tryghost/members-api to 0.15.0

* Fixed lint

* Cleanup
2020-02-14 15:03:10 +05:30
Nazar Gargol
f5bcf77a16 Fixed typo in the post fixture
closes https://github.com/TryGhost/Ghost/issues/11520
refs

- The typo was introduced in https://github.com/TryGhost/Ghost/pull/11247
2020-01-17 13:00:38 +07:00
Kevin Ansfield
6a057fad99
Added /emails/:id/retry/ endpoint for retrying failed emails (#11410)
We want to allow admin users to trigger a retry of failed emails without having to go through the unpublish/republish dance.

- fixed resource identifier in email permissions migration so email permissions are added correctly
- added new email permissions migration so that beta releases can be upgraded without rollback (will be a no-op for any non-beta upgrades)
- added `/emails/:id/retry/` canary Admin API endpoint
  - follows same URL pattern as theme activation
  - only triggers mega service retry endpoint if the email has a `'failed'` status
2019-11-22 14:20:32 +00:00
Nazar Gargol
6bc8a1bb18 Added email resource permission 2019-11-06 15:56:56 +07:00
Rish
b3aba084ee Fixed fixture for send test email 2019-11-06 15:21:46 +07:00
Nazar Gargol
60fd91b839 Added preview permissions 2019-11-05 12:15:50 +07:00
Naz Gargol
f1fa74b5c4
💄Updated fixtures for Ghost v3 content + assets (#11247)
no issue 

- Updated post images and content
- Updated default blog cover asset
- Updated default Ghost user avatar
2019-10-17 10:49:30 +02:00
John O'Nolan
055f129059 Correct Twitter username 2019-10-16 14:22:42 +07:00
Naz Gargol
0225936292
Removed subscribers from the codebase (#11153)
refs https://github.com/TryGhost/Ghost/pull/11152

- Added subscribers table drop migration
- Removed subscribers from schema
- Removed subscribers controllers/routes/regression tests
- Removed subscriber related API code
- Removed subscribers from internal apps
- Removed subscriber importer
- Removed subscriber model
- Removed subscriber related permissions
- Removed webhook code related to subscribers
- When upgrading to v3 it is on the site admin to migrate all zapps or any other webhook clients to use members
- Removed subscriber-specific translation
- Removed subscriber lab flag
2019-10-09 11:47:04 +02:00
Kevin Ansfield
e57e19ec31
🏗 Migrated posts.page column to posts.type (#11111)
refs https://github.com/TryGhost/Ghost/issues/10922

- adds migrations to...
  1. add `post.type` column
  2. populate `post.type` column based on `post.page` value
  3. drop `post.page` column
- updates all code paths to work with `post.type` in place of `post.page`
- adds `nql-map-key-values` transformer for mapping `page`->`type` in `filter` params when using the v2 API
- modifies importer to handle `post.page`->`post.type` transformation when importing older export files
2019-09-16 11:51:54 +01:00
Kevin Ansfield
33fe21f888 Removed all clients and client_trusted_domains related code
no issue

- v0.1 is ☠️ so there's no longer any use of client auth
- removes all code related to `clients` and `client_trusted_domains`
- noops the "add backup client" migration in 1.7 because the referenced fixture no longer exists causing migrations and consequently all regression tests to fail
2019-09-12 15:09:49 +01:00
Kevin Ansfield
80fbfd7a85 Revert post.page->post.type handling
no issue
- the column addition/removal can be too slow for large sites
- will be added back in 3.0

---

Revert "Fixed canary api for page/type column"
This reverts commit a5a7e7e919.

Revert "Updated frontend canary url config for page/type"
This reverts commit 19100ec5e6.

Revert "Updated canary api to handle type column correctly (#11006)"
This reverts commit c3e8ba0523.

Revert "Ensured `page` filter works in routes.yaml"
This reverts commit 9037c19e50.

Revert "Replaced usage of mongo util with nql-map-key-values"
This reverts commit 8c5f1d0ef0.

Revert "Added shared nql-map-key-values module"
This reverts commit ef4fd4b8ef.

Revert "Ensured page prop is present on content api response"
This reverts commit cfa0a0862b.

Revert "Fixed failing regression tests"
This reverts commit 9c2bb3811f.

Revert "Updated xmlrpc and slack service to use type column"
This reverts commit 44a02c7d36.

Revert "Updated v0.1 posts api to work with type column"
This reverts commit 2c81d7c914.

Revert "Removed updates to v0.1 specific code"
This reverts commit 08d83c1f53.

Revert "Added missing context from ValidationError"
This reverts commit cd45ab4f54.

Revert "Renamed page->type in the page&posts serializers"
This reverts commit df99e724e3.

Revert "Added mongo helper to input serializers"
This reverts commit fb8eadb4a8.

Revert "Passed mongoTransformer through to NQL"
This reverts commit 0ae3f0fdfc.

Revert "Permitted mongoTransformer option for read methods"
This reverts commit a89376bf26.

Revert "Updated the count plugin to reference the type column"
This reverts commit a52f15d3d3.

Revert "Updated hashes for db integrity check"
This reverts commit bb6b337be3.

Revert "Remove page column and remaining references"
This reverts commit 9d7190d692.

Revert "Added type column to data generator"
This reverts commit e59806cb45.

Revert "Removed references to page column in rss tests"
This reverts commit 04d0f855de.

Revert "Removed page column references in validation tests"
This reverts commit f0afbc5cc0.

Revert "Updated the post model to use the `type` column"
This reverts commit 1189bc823a.

Revert "Updated url service to use type column"
This reverts commit 61612ba8fd.

Revert "Updated the v2 api to deal with type column"
This reverts commit 57afb2de2b.

Revert "Added type property to post model defaults"
This reverts commit dc3345b1c5.

Revert "Added type property to the default post fixtures"
This reverts commit 82d8c38033.

Revert "Added type column to posts table"
This reverts commit 9b85fc6a69.
2019-08-19 12:02:14 +01:00
Fabien O'Carroll
9d7190d692 Remove page column and remaining references
refs #10922
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
82d8c38033 Added type property to the default post fixtures
refs #10922
2019-08-09 14:39:01 +08:00
Nazar Gargol
6779732cd0 Fixed regression tests for v2/admin/db
no-issue
2019-08-09 10:57:49 +08:00
Nazar Gargol
532fdb0806 Added migrations for scheduler integration, permission and role
refs #10060

- Modification of https://github.com/TryGhost/Ghost/pull/10974/files
- Added publish permission migrations for all roles having "post": "all" permission
2019-08-07 14:56:51 +02:00
Nazar Gargol
00f95e7328 Migrated schedules controller to v2
closes #10060

- Implemented scheduling for posts and pages
- Added cache invalidation when scheduling
- Refactored admin token eneration function to accept existing key as parameter in tests
- Added Ghost Scheduler Integration fixture
- Added fixture for permissions for post publish action
- Migrated getScheduled method to v2
- Did not add support for 'from' and 'to' parameters as they were not used by DefaultScheduler
- This method needs rethinking in a long run as it's an ugly hack and should rather become proper endpoint that returns JSON data instead of models
- Removed unused auth middleware from v2 routes
- Added internal scheduler role
- Implemetnted transactions in v2 frame
- This takes into account scenario mentioned in c93f03b87e
- Specifically:
>if two queries happening in a transaction we have to signalise
  knex/mysql that we select for an update
  otherwise the following case happens:
  you fetch posts for an update
  a user requests comes in and updates the post (e.g. sets title to "X")
  you update the fetched posts, title would get overriden to the old one
2019-08-07 14:51:36 +02:00
Fabien O'Carroll
910e15e643 Added backupContent permission fixture
no-issue

This permission was overlooked during the creation of the ghost-backup
integration.
2019-08-07 17:57:26 +08:00
Fabien O'Carroll
21427ad73f
Created DB Backup integration (#10974)
* Simplified db controller permissions options

The existing objects were confusing because they did the same thing as
setting permissions to true, but gave the impressions that something
special was happening/required.

* Added DB Backup Integration Role

This will allow us to assign certain api_keys this role, in order to
automate db backups

* Allowed admin api_keys to have configurable roles

This will allow keys for the admin api to do customised things such as db export

* Added ghost-backup integration to fixtures

* Added migrations for DB Backup Integration and role
2019-08-02 17:28:02 +08:00
Aileen Nowak
d11fd4210b Updated docs api links to be version-less 2019-07-25 15:17:23 +08:00
Aileen Nowak
496f873ac4
Updated links to docs (#10941)
no issue
2019-07-22 18:17:50 +08:00
Aileen Nowak
d086841f36
Updated link to Marketplace (#10754)
no issue

- Marketplace moved to https://ghost.org/marketplace
2019-05-22 16:55:28 +08:00
Fabien O'Carroll
0a67a25dbc Fixed member permission/role relations in fixtures
no-issue

The previous relations were setup to match against "members", which is
plural, but the object_type on the permission is "member". This was
causing the permissions to not be added as a relation to the role.
2019-05-02 17:31:38 +02:00
Nazar Gargol
809e610842 Added notification access persmission for users of Editor role
closes #9546

- Updated permissions  fixture for Editor role
- Added migration for permissions for Editor users
- Updated tests
2019-04-18 13:02:23 +02:00
Rish
d62feca270 Added members permission migrations
no issue

- Added new fixtures for member permissions for Admin
2019-02-26 15:43:36 +07:00
Kevin Ansfield
8e9ade6357
Added migration to insert builtin Zapier integration (#10500)
no issue

A new Zapier app will be released that uses the v2 Admin API which means it will require an ApiKey that is linked to an Integration.

- adds a `type` column to the `integrations` table with the following types allowed:
  - `custom` (default) used by custom integrations added by users
  - `builtin` used by built-in integrations that have their own UI and won't show up in the "Custom Integrations" list
  - `internal` used by "internal" integrations such as the scheduler
- adds a `zapier` "builtin" integration to the fixtures
2019-02-15 14:48:21 +00:00
kirrg001
fde31b31ba Added permissions for actions including migration
refs #10431

- migration script to add permissions for actions
- restricted to owner & admin & integration role for now
- we will add permissions for other rules too, but we need add more granular restrictions
  - e.g. contributors can only read actions for posts which he created
2019-02-06 18:59:09 +01:00
Hannah Wolfe
909f9012ed
Updated docs links to best equivalents (#10386)
* Updated docs links to best equivalents
   - Our documentation has been overhauled, this updates the all the old links sprinkled through Ghost
* Update integrity hash
2019-01-17 06:57:37 +00:00
John O'Nolan
9f7295853f Changed casper.ghost.org to static.ghost.org references (#10109)
no issue

Assets moved from gh-pages to https://github.com/tryghost/static and hostname changed, redirects already in place. Can be tested on https://demo.ghost.io (image should all work fine, try visiting one directly to verify redirect works)
2018-11-07 15:50:38 +01:00
Kevin Ansfield
71f0c08a34
Added edit webhook route to v2 Admin API (#10033)
no issue
- webhooks UI requires the ability to edit webhooks
- added `edit` permission for `webhook`
- added `edit` method to v2 webhook controller
- added `PUT /webhooks/:id` route to v2 Admin API routes
2018-10-19 18:35:55 +01:00
Kevin Ansfield
1db3aefb9b
Set up schema and models for API Key authentication (#9904)
refs https://github.com/TryGhost/Ghost/issues/9865
- schema migrations
  - adds `integrations` and `api_keys` tables
  - inserts `integration` and `api_key` permissions and Administrator role relationships
  - inserts `Admin Integration` role and permissions
- adds `Integration` model
- adds `ApiKey` model
  - creates default secret if not given
  - hardcodes associated role based on key type
    - `admin` = `Admin API Client`
    - `content` = no role
- updates `Role` model to use `bookshelf-relations` for auto cleanup of permission relationships on destroy
2018-10-02 17:46:38 +01:00
kirrg001
fd8502448a Updated fixture post content
no issue

- Organising your content

From: Here, the theme would assign the post publicly displayed tags of Blog - but it would also keep a private record of the post being tagged with #video.
To: Here, the theme would assign the post publicly displayed tags of News - but it would also keep a private record of the post being tagged with #video.
2018-08-16 12:13:24 +02:00
Katharina Irrgang
220d0456b4 🎨 Changed fixture data and default settings (#9778)
closes #9774, refs #9742

- added new fixture posts for Ghost 2.0
- added migration file to remove old fixture posts
  - only remove them if they are owned by the Ghost author and if they are tagged with getting-started
  - added new fixture posts if you had all (!) old fixture posts
  - ensure on rollback we remove the new fixture posts again
- updated default settings
2018-08-16 12:13:24 +02:00
Katharina Irrgang
1caa941d20 🔥 Removed demo post (#9769)
refs #9742

- removed demo post fixture for fresh blogs
- added migration to remove the demo post from the database
- on rollback: bring back demo post
2018-08-16 12:13:24 +02:00
kirrg001
d518f23b48 Updated docs links
refs #9742

- rebase against master updated some docs links again
- go over code base again and double check that all docs links are correct
- 2.0 will become the latest version on our readme pages
2018-08-16 12:13:24 +02:00
Katharina Irrgang
76b9a49eb8
🎨 Added Koenig Demo Post (#9747)
no issue

- add a new migration for 1.25 to insert the draft demo post for existing blogs
- ensure new blogs get the draft demo post as well
- tested on sqlite3 + mysql
- added handling if Ghost Author user doesn't exist anymore (fallback to owner user)
2018-07-24 14:37:17 +02:00
kirrg001
132df78940 Updated docs links
refs #9742

- Ghost 2.0 is coming
- all doc links in 1.0 must use concrete links e.g. docs.ghost.org/v1 or themes.ghost.org/v1.23.0/
- if we release Ghost 2.0, docs.ghost.org will show 2.0 docs
2018-07-20 23:49:16 +02:00