refs #4004, #5614
- added new public permission handling functions to permissions
- added a new util to handle either public permissions or normal permissions
- updated posts, tags and users endpoints to use the new util
- added test coverage for the new code
issue #5409
`notifications.showErrors` was historically used to display multiple error notifications whether from validation errors or responses form the API. This usage needs to be reviewed as inline validations should handle the validation side and we should be displaying alerts for actual errors.
Eventually `notifications.showErrors` should be left unused and therefore removed.
issue #5409
- change persistent/passive notification status to alert/notification
- replace showSuccess/Info/Warn/Error with showNotification/showAlert
- fix and clean up notification/alert components
* ref #5345 and #3801
* creating helper methods for dealing with i18n initialization, polyfill and string+compilation
* initial structure for server-side JSON language file
related issue #5412
- code-injection route was overriding `beforeModel` without calling `super` which meant the redirect handling added in `AuthenticatedRoute` was being skipped
closes#5567
- Fixed an issue with protocol relative URLs in the RSS feed
- Such URLs should be kept as-is and not prefixed with baseUrl
- Added corresponding test to cover this case
closes#5317
- Adds back button to steps 2 and 3
- Prevents user navigating from step 1 to step 3 unless blog has been created
- Prevents user navigating from step 2 to step 3 unless blog has been created
fixes#5564
- adds missing part of `/setup/` url in authentication middleware
- ensures data is passed through from API to model in correct (new) format for password reset
- re-adds missing/incorrectly commented out auth tests, and verifies that reset as far as token validation
refs #5503
- updates package.json to using 2.0.2 version of top-gh-conribs
- updates gruntfile, using moment to calculate time period to observe
- new version of top-gh-contribs is not related to top 100 contributors therefore returns more users
- observed timepsan is reverted to 90 days now that top-gh-contribs fetches enough contributors
refs #2757
- As per this convo: https://ghost.slack.com/archives/ghost/p1436895553007431 the 405 handling in Ghost is acting
as a catch all, rather than only returning when the wrong HTTP method is used for a valid resource.
- Implementing proper 405 with express is a challenge, and therefore we defer doing this work until it is needed
