refs https://github.com/TryGhost/Team/issues/1664
We want to have the ability for the frontend to be aware of and make use of
sessions with the admin. Because these run on different domains we need to
update the cookie attributes to be more lax in terms of cross domain usage.
refs https://github.com/TryGhost/Team/issues/1664
- `last_commented_at` - to be used for filtering members list in Admin
- `bio` - short field used to show a "title" or similar context alongside name when commenting
- `enable_comment_notifications` - setting for turning on/off email notification of comment replies
refs https://github.com/TryGhost/Team/issues/1664
- new table to handle moderation reports on comments. This is not a join table, so it is comment_reports, rather than comments_reports
refs https://github.com/TryGhost/Team/issues/1664
Field notes:
- `parent_id` - used for nested comments but will be limited to 1 level in app-level validation
- `member_id` - when a member is deleted for now the member id is kept but in the future may be removed, hence `nullable: true`
- `status` - "hidden" status will be used when a staff user hides a comment, "deleted" is used when a comment author deletes
- `html` - will store pre-sanitised html
- `edited_at` - used to show an "X edited at Y" note when displaying comments, separate to `updated_at` because changing the status would also change `updated_at` but shouldn't show the "edited at" UI
refs https://github.com/TryGhost/Team/issues/1665
- sodo search script only needs the admin url for fetching data from content api
- removes site url and updates the main url to use admin domain
* 🐛 Fixed API excerpt field issue
ref https://github.com/TryGhost/Ghost/issues/10396
This fix now allows the API user to add field `excerpt` without the need for `plaintext` as format.
Also added new tests for these functions.
* Added new logic that takes `custom_excerpt` into account if all posts gets queried.
* Removed limits in excerpt & plaintext post.
* Updated snapshot.
refs https://github.com/TryGhost/Team/issues/1665
- The search script should be uniquiely identifiable in DOM. Previously element for portal scipt element and search element both had `data-ghost` attributes` for identification. Having `data-sodo-search` makes naming unique
no issue
- The sodoSearch needs to be injected into rendered HTML the same way portal scripts are.
- The feature is behind a `sodoSearch` alpha flag, so the scripts are injected conditionally
refs https://github.com/TryGhost/Team/issues/1664
- added `comments:url` config for a similar setup to Portal
- added `{{comments}}` helper that's behind the `comments` labs flag
- currently outputs a `<script>` tag that points to the comments script with API location+key data attributes
- now we only have one API version, it doesn't make sense to keep
"canary" around
- renaming it to `endpoints/` makes more sense for this
- this commit renames the `core/server/api/canary/` folder to
`core/server/api/endpoints/`
- it also fixes the naming in test titles and the various other places
we relied on this
refs d63e9256ea
- Following the ref'd commit, when migrating a site the default and free tiers would be skipped because they exist by default in the new site
- As the product is skipped, we don't have the ID available in the imported data to map the stripe_product to
- If the stripe_product isn't mapped, imported members won't be mapped to the correct tier
- This commit adds a lookup for the product by name and slug to restore the correct stripe_product mapping
Co-authored-by: Simon Backx <simon@ghost.org>
closes https://github.com/TryGhost/Team/issues/1655
refs https://github.com/TryGhost/Ghost/commit/4bc14d2c4
- The API should always accept the input it returns. In this case it did not accept the input when it contained an unchanged roles property
- The problem here came from the referenced commit where we can now end up in the situation when the `roleToAssign` is just empty. It was an optimization to prevent a need to do ANY DB operation when none was needed.
no issue
If you try to publish a draft email only post by setting the status to sent, you won't receive an error but the email won't get sent. This is because we don't support this behaviour. This is very counter-intuitive when writing the documentation, so I've patched this behaviour and added some more tests.
- When setting the status to `sent` for not email only posts, the post status will be set to `published` without warning
- Also published_by was not set correctly in the past. This is also fixed and has new tests.
closes https://github.com/TryGhost/Toolbox/issues/351
- When an invalid value was passed in `roles` parameter when editing a user it resulted in incorrect database state (all roles appeared to be unassigned from the user).
- The fix includes ability to set user role by an allowed name, one of: 'Administrator', 'Editor', 'Author', 'Contributor'.
- Also added a validation in case a non-ObjectID value is passed in roles to the users edit method.
refs: https://github.com/TryGhost/Ghost/issues/5998#issuecomment-928981043
- Starting to see more people using long form content and otherwise exceeding the 1mb internal limit
- Setting it to 50mb matches Ghost-CLI's max body for nginx
- It might be ideal at some point to make this configurable, but I think increasing the limit solves the problem very simply for the foreseeable future
closes https://github.com/TryGhost/Team/issues/1626
- getLazyRelation is a safer shorthand for `model.related('relationName').fetch()`
- prevents doing a `fetch` operation on a relation that is already loaded, which can cause issues when `formatOnWrite` has a custom implementation
- uses the already loaded relation if it exists, or loads the relation
- doesn't reload if already loaded
- reload is forceable using the forceRefresh option
fixes https://github.com/TryGhost/Toolbox/issues/284
- this section of code rewrites `/tmp` in the SQlite filename to the
temp dir
- the fix was only intended for Windows environments, because they
typically don't have a `/tmp` dir
- this commit adds a `process.platform` check for Windows
- it also moves the code into the DB connection file instead of the
config lib
fixes https://github.com/TryGhost/Team/issues/1652
fixes https://github.com/TryGhost/Ghost/issues/13319
**Image formatting**
Added support for changing the format of images via the `handle-image-sizes` middleware (e.g. format SVG to png, jpeg, webp)
This change was required:
- Not all browsers support SVG favicons, so we need to convert them to PNGs
- We can't fit image resizing and formatting in the `serve-favicon` middleware: we need to store the resized image to avoid resizing on every request. This system was already present in the `handle-image-sizes` middleware.
To format an uploaded image:
- Original URL: https://localhost/blog/content/images/2022/05/giphy.gif
- To resize: https://localhost/blog/content/images/size/w256h256/2022/05/giphy.gif (already supported)
- To resize and format to webp: https://localhost/blog/content/images/size/w256h256/format/webp/2022/05/giphy.gif
- Animations are preserved when converting Gifs to Webp and in reverse, and also when only resizing (https://github.com/TryGhost/Ghost/issues/13319)
**Favicons**
- Custom favicons are no longer served via `/favicon.png` or `/favicon.ico` (only for default favicon), but use their full path
- Added support for uploading more image extensions in Ghost as a favicon: .jpg, .jpeg, .gif, .webp and .svg are now supported (already supported .png and .ico).
- File extensions other than jpg/jpeg, png, or ico will always get transformed to the image/png format to guarantee browser support (webp and svg images are not yet supported as favicons by all browsers).
For all image formats, other than .ico files:
- Allowed to upload images larger than 1000px in width and height, they will get cropped to 256x256px.
- Allowed uploading favicons that are not square. They will get cropped automatically.
- Allowed to upload larger files, up to 20MB (will get served at a lower file size after being resized)
For .svg files:
- The minimum size of 60x60px is no longer required.
For .ico files:
- The file size limit is increased to 200kb (coming from 100kb)
closes: https://github.com/TryGhost/Ghost/issues/10042
closes: https://github.com/TryGhost/Ghost/issues/14206
- the fact that pages are exposed as .page in dynamic routing has never played nicely
- this fix changes nothing in the tests - which shows this was never a covered case
- ideally I should add some tests, but for now this tiny change should prevent a lot of dynamic routing pain
- note, it doesn't remove .page, it just adds .post, so both work
