Commit Graph

175 Commits

Author SHA1 Message Date
Katharina Irrgang
2d19ae2c6c 🔥 😎 remove old migrations (#7887)
refs #7489

- remove old migration code
- this logic was sourced out to knex-migrator
2017-01-25 13:47:49 +00:00
Marc Bachmann
353330bb8a chore(package): update uuid to version 3.0.0 (#7742) 2017-01-04 17:10:29 +01:00
Katharina Irrgang
7eb316b786 replace auto increment id's by object id (#7495)
* 🛠  bookshelf tarball, bson-objectid

* 🎨  schema changes

- change increment type to string
- add a default fallback for string length 191 (to avoid adding this logic to every single column which uses an ID)
- remove uuid, because ID now represents a global resource identifier
- keep uuid for post, because we are using this as preview id
- keep uuid for clients for now - we are using this param for Ghost-Auth

*   base model: generate ObjectId on creating event

- each new resource get's a auto generate ObjectId
- this logic won't work for attached models, this commit comes later

* 🎨  centralised attach method

When attaching models there are two things important two know

1. To be able to attach an ObjectId, we need to register the `onCreating` event the fetched model!This is caused by the Bookshelf design in general. On this target model we are attaching the new model.
2. We need to manually fetch the target model, because Bookshelf has a weird behaviour (which is known as a bug, see see https://github.com/tgriesser/bookshelf/issues/629). The most important property when attaching a model is `parentFk`, which is the foreign key. This can be null when fetching the model with the option `withRelated`. To ensure quality and consistency, the custom attach wrapper always fetches the target model manual. By fetching the target model (again) is a little performance decrease, but it also has advantages: we can register the event, and directly unregister the event again. So very clean code.

Important: please only use the custom attach wrapper in the future.

* 🎨  token model had overriden the onCreating function because of the created_at field

- we need to ensure that the base onCreating hook get's triggered for ALL models
- if not, they don't get an ObjectId assigned
- in this case: be smart and check if the target model has a created_at field

* 🎨  we don't have a uuid field anymore, remove the usages

- no default uuid creation in models
- i am pretty sure we have some more definitions in our tests (for example in the export json files), but that is too much work to delete them all

* 🎨  do not parse ID to Number

- we had various occurances of parsing all ID's to numbers
- we don't need this behaviour anymore
- ID is string
- i will adapt the ID validation in the next commit

* 🎨  change ID regex for validation

- we only allow: ID as ObjectId, ID as 1 and ID as me
- we need to keep ID 1, because our whole software relies on ID 1 (permissions etc)

* 🎨  owner fixture

- roles: [4] does not work anymore
- 4 means -> static id 4
- this worked in an auto increment system (not even in a system with distributed writes)
- with ObjectId we generate each ID automatically (for static and dynamic resources)
- it is possible to define all id's for static resources still, but that means we need to know which ID is already used and for consistency we have to define ObjectId's for these static resources
- so no static id's anymore, except of: id 1 for owner and id 0 for external usage (because this is required from our permission system)
- NOTE: please read through the comment in the user model


* 🎨  tests: DataGenerator and test utils

First of all: we need to ensure using ObjectId's in the tests. When don't, we can't ensure that ObjectId's work properly.
This commit brings lot's of dynamic into all the static defined id's.
In one of the next commits, i will adapt all the tests.

* 🚨  remove counter in Notification API

- no need to add a counter
- we simply generate ObjectId's (they are auto incremental as well)
- our id validator does only allow ObjectId as id,1 and me

* 🎨  extend contextUser in Base Model

- remove isNumber check, because id's are no longer numbers, except of id 0/1
- use existing isExternalUser
- support id 0/1 as string or number

*   Ghost Owner has id 1

- ensure we define this id in the fixtures.json
- doesn't matter if number or string

* 🎨  functional tests adaptions

- use dynamic id's

* 🎨  fix unit tests

* 🎨  integration tests adaptions

* 🎨  change importer utils

- all our export examples (test/fixtures/exports) contain id's as numbers
- fact: but we ignore them anyway when inserting into the database, see https://github.com/TryGhost/Ghost/blob/master/core/server/data/import/utils.js#L249
- in 0e6ed957cd (diff-70f514a06347c048648be464819503c4L67) i removed parsing id's to integers
- i realised that this ^ check just existed, because the userIdToMap was an object key and object keys are always strings!
- i think this logic is a little bit complicated, but i don't want to refactor this now
- this commit ensures when trying to find the user, the id comparison works again
- i've added more documentation to understand this logic ;)
- plus i renamed an attribute to improve readability

* 🎨  Data-Generator: add more defaults to createUser

- if i use the function DataGenerator.forKnex.createUser i would like to get a full set of defaults

* 🎨  test utils: change/extend function set for functional tests

- functional tests work a bit different
- they boot Ghost and seed the database
- some functional tests have mis-used the test setup
- the test setup needs two sections: integration/unit and functional tests
- any functional test is allowed to either add more data or change data in the existing Ghost db
- but what it should not do is: add test fixtures like roles or users from our DataGenerator and cross fingers it will work
- this commit adds a clean method for functional tests to add extra users

* 🎨  functional tests adaptions

- use last commit to insert users for functional tests clean
- tidy up usage of testUtils.setup or testUtils.doAuth

* 🐛  test utils: reset database before init

- ensure we don't have any left data from other tests in the database when starting ghost

* 🐛  fix test (unrelated to this PR)

- fixes a random failure
- return statement was missing

* 🎨  make changes for invites
2016-11-17 09:09:11 +00:00
Katharina Irrgang
8cd5d9f6fe 🎨 register events in base model (#7560)
refs #7432

- all models implemented it's own initialize fn to register events
- we can register all events in the base model
- important: we only listen on the event, if the model has defined a hook for it
- this is just a small clean up PR
- register more bookshelf events
2016-10-14 13:37:01 +01:00
Ryan McCarvill
ff9e6b5393 Upgraded editor (#7516)
refs #7429

Finally it's starting to feel like a real editor, although there will be another version bump over the weekend which improves the toolbar behaviour and usability, and enables image uploading.

- Added the start of a new toolbar, what we're (well I am) calling the Owesome bar, not to be confused with the Firefox Awesome bar. It's a cultural thing. (google "O for awesome").
- The idea of dragging and dropping cards has been removed for now, although the code will still be in there as we will support dragging cards around fairly shortly. When apps are included a better card interface will be required for a larger amount of app created content cards (Oh yeah!)
- Ghost Server now pulls in it's configuration from Ghost-Editor, this allows Ghost-Editor to a) keep cards up to date, and b) define what happens if a card is missing.
- The whole cards in admin written in ember and cards in server written in javascript thing is still very much a work in progress, it's kind of messy as we find the optimum solution (which isn't the current sollution).

So yeah, this is a WIP not the final styling, not the final interactions, not the final anything... :)

Adds a new mobile doc editor which has:
- A new toolbar
- Basic image uploading capability
2016-10-10 07:09:32 +01:00
Katharina Irrgang
d81bc91bd2 Error creation (#7477)
refs #7116, refs #2001

- Changes the way Ghost errors are implemented to benefit from proper inheritance
- Moves all error definitions into a single file
- Changes the error constructor to take an options object, rather than needing the arguments to be passed in the correct order.
- Provides a wrapper so that any errors that haven't already been converted to GhostErrors get converted before they are displayed.

Summary of changes:

* 🐛  set NODE_ENV in config handler
*   add GhostError implementation (core/server/errors.js)
  - register all errors in one file
  - inheritance from GhostError
  - option pattern
* 🔥  remove all error files
*   wrap all errors into GhostError in case of HTTP
* 🎨  adaptions
  - option pattern for errors
  - use GhostError when needed
* 🎨  revert debug deletion and add TODO for error id's
2016-10-06 13:27:35 +01:00
Katharina Irrgang
1882278b5b 🎨 configurable logging with bunyan (#7431)
- 🛠  add bunyan and prettyjson, remove morgan

-   add logging module
  - GhostLogger class that handles setup of bunyan
  - PrettyStream for stdout

-   config for logging
  - @TODO: testing level fatal?

-   log each request via GhostLogger (express middleware)
  - @TODO: add errors to output

- 🔥  remove errors.updateActiveTheme
  - we can read the value from config

- 🔥  remove 15 helper functions in core/server/errors/index.js
  - all these functions get replaced by modules:
    1. logging
    2. error middleware handling for html/json
    3. error creation (which will be part of PR #7477)

-   add express error handler for html/json
  - one true error handler for express responses
  - contains still some TODO's, but they are not high priority for first implementation/integration
  - this middleware only takes responsibility of either rendering html responses or return json error responses

- 🎨  use new express error handler in middleware/index
  - 404 and 500 handling

- 🎨  return error instead of error message in permissions/index.js
  - the rule for error handling should be: if you call a unit, this unit should return a custom Ghost error

- 🎨  wrap serve static module
  - rule: if you call a module/unit, you should always wrap this error
  - it's always the same rule
  - so the caller never has to worry about what comes back
  - it's always a clear error instance
  - in this case: we return our notfounderror if serve static does not find the resource
  - this avoid having checks everywhere

- 🎨  replace usages of errors/index.js functions and adapt tests
  - use logging.error, logging.warn
  - make tests green
  - remove some usages of logging and throwing api errors -> because when a request is involved, logging happens automatically

- 🐛  return errorDetails to Ghost-Admin
  - errorDetails is used for Theme error handling

- 🎨  use 500er error for theme is missing error in theme-handler

- 🎨  extend file rotation to 1w
2016-10-04 16:33:43 +01:00
Ryan McCarvill
be666b1b1a Update Ghost Editor to 0.0.8 #7429 (#7474)
This release includes:

    Ghost Editor, this is required to get access to the built in cards

Ghost Editor includes:

    Responsive toolbars 🔨 🔧
    Both Ember and Plain javascript cards 🎴
    An embeded HTML card ✍️

This is still an early release, but things are moving in the right direction. :)

We're still defining the spec for the UI, so expect drastic changes over the next couple of weeks.

This is going to be a great writing experience and we can't wait to show what we have planned.
2016-10-03 15:42:34 +01:00
Ryan McCarvill
7edc518d5a [WIP] Mobile-Doc based renderer (#7437)
Refs #7429

Added mobile-doc renderer

------------

- Added generic mobiledoc-renderer
- Kept the existing showdown editor for legacy mode.
2016-09-26 15:23:49 +02:00
kirrg001
0ae0a0b490 🎨 change how we get and set config
refs #6982
- a replace for all config usages
- always use config.get or config.set
- this a pure replacement, no logic has changed

[ci skip]
2016-09-20 15:59:34 +01:00
Katharina Irrgang
c8119eee1f 🎨 source out url utils from ConfigManager (#7347)
refs #6982
2016-09-20 15:59:34 +01:00
Katharina Irrgang
9349e99e54 🐛 fix delete by author as transaction (#7145)
closes #7137

Deleting the content from the database runs in a transaction. see
https://github.com/TryGhost/Ghost/blob/master/core/server/api/users.js#L390

`destroyByAuthor` is one of the operations we trigger to delete all the conent, see https://github.com/TryGhost/Ghost/blob/master/core/server/models/post.js#L647

The post model has a specific hook for deleting content to delete the relations as well, see https://github.com/TryGhost/Ghost/blob/master/core/server/models/post.js#L122

This hook is part of the transaction. But the `options` are ignored. `(model/*, attr, options*/)` 
We use the `options` to forward the transaction reference, which we need to pass into the bookshelf queries. So `return model.load('tags').call('related', 'tags').call('detach')` does not forward the transaction and that's why it stucks when deleting the content.
2016-09-19 14:45:36 +01:00
Vijay Kandy
ffd3ec563a fix: "url" field is undefined when restricting returned fields (#7089)
closes #6625

- "url" and "author" fields depend on {id, published_at, slug, author_id} to construct post url.
- implemented a generic solution by defining defaultColumnsToFetch() in
  base class for models.
- findPage() calls defaultColumnsToFetch() before loading models
- results are transformed by filtering out additional properties to return just the requested fields
- Added a test case to check for url and author fields
- Renamed allColumns as requestedColumns and used _.map instead of Promise.map
2016-07-18 22:21:47 +02:00
Katharina Irrgang
416c215018 change default order of posts (#7096)
closes #6932
- new default order of posts: scheduled, draft, published
- invent orderDefaultRaw fn for each model
- each model is able to create a default raw order query
- separate count and fetch query for fetchPage, because the count query where group/order statements attached
2016-07-15 11:04:10 +01:00
kirrg001
f8ba12481d fix: prev next posts
closes #7015
2016-06-20 15:44:02 +02:00
“kirrg001”
1421c92ba5 post-scheduling
refs #6413
- PUT endpoint to publish a post/page for the scheduler
- fn endpoint to get all scheduled posts (with from/to query params) for the scheduler
- hardcoded permission handling for scheduler client
- fix event bug: unscheduled
- basic structure for scheduling
- post scheduling basics
- offer easy option to change adapter
- integrate the default scheduler adapter
- update scheduled posts when blog TZ changes
- safety check before scheduler can publish a post (not allowed to publish in the future or past)
- add force flag to allow publishing in the past
- invalidate cache header for /schedules/posts/:id
2016-06-14 10:52:13 +02:00
Austin Burdine
44537bd15f deps: lodash@4.13.1
closes #6911
- update lodash to v4
- remove lodash.tostring override
- remove lodash from greenkeeper ignore
2016-06-11 13:13:55 -06:00
Hannah Wolfe
80a79172c4 Revert "Revert "Force UTC at process level"" 2016-06-03 09:06:18 +01:00
Hannah Wolfe
b2051dacf7 Fix post model deletes tags when editing post only
fixes #6919, refs #6917

- resolves the problem by guarding for `tags` being undefined or null
   - If it is undefined, we don't do any tag processing
   - If it is null, we don't do any tag processing
   - To delete all tags, you would provide `tags: []`
- adds tests at both the model (using withRelated) and API (using includes) layers
- moves the tests for the post updateTags functionality from the tag model spec to the post model spec & cleans up a bit
2016-06-02 22:52:34 +01:00
Hannah Wolfe
78e693f469 Revert "Force UTC at process level" 2016-06-02 14:38:02 +01:00
kirrg001
ec176c243a Force UTC at process level
issues #6406 #6399
- all dates are stored as UTC with this commit
- use moment.tz.setDefault('UTC')
- add migration file to recalculate local datetimes to UTC
- store all dates in same format into our three supported databases
- add option to remeber migrations inside settings (core)
- support DST offset for migration
- ensure we force UTC in test env
- run whole migration as transaction
- extend: Settings.findOne function
2016-06-02 13:23:09 +02:00
Katharina Irrgang
f644d99460 add small permission improvements
no issue
- do not check client type in auth middleware
- offer filtering for findAll function in base
- add isInternalContext to base model
2016-05-08 14:22:55 +02:00
Joerg Henning
0f3cb44227 deps: validator@5.1.0
closes #6462

- monkey-patch validator.extends() since it was dropped by validator @5.0.0
- coerce input to string prior to validation (custom toString func)
- need to handle boolean validation based on column type not isIn()
- use `lodash.tostring` to convert input values to strings
2016-04-19 09:39:12 +08:00
Katharina Irrgang
d24466a284 add events for post scheduling
refs #6413
- accept scheduled status
- add a lot of tests for all kinds of edge cases
- compare dates without ms because mysql does not store ms
2016-04-18 16:44:41 +02:00
Joerg Henning
4a3d8c7ae8 Remove sanitize() from model/base because clean code 2016-04-03 08:17:17 +08:00
Hannah Wolfe
48b846b13d Merge pull request #6631 from dbalders/draft-slug
Update Post Slug while Draft on Title Changes
2016-03-29 15:35:08 +01:00
David Balderston
81c215dbe5 Update Post Slug while Draft on Title Changes
Closes #5062

* As long as the post has never been published, update the slug to
match the new title if the title is changed
2016-03-23 10:20:22 -07:00
Jason Williams
136bdbd9ff Return http status 204 on deletes
Closes #2871
- Refactor api http handlers.
- Update tests.
- Remove special handling of responses in ember adapter.
2016-03-22 11:42:48 -05:00
Jason Williams
9fe573a0c5 Refactor content deletion
- Simplify the `init` method in `models/index.js` so that it no longer
  returns a promise. Easier to use.
- Eliminates the `deleteAllContent` method from `models/index.js` as it
  can all be handled at the API layer in a single spot.
- Optimize `destroyAllContent` in `api/db.js`. Eliminates
  double-fetching every post from the database and converting it to
  JSON. Also only fetches ids from the database instead of the entire
  model.
- Eliminates the custom static method `destroy` in the Post model in
  favor of handling detaching tag relations in a single place (the
  `destroying` event). This also eliminates a big source of unneeded
  database round trips--needing to get post ids to feed into
  `Post.destroy()` which then re-fetches the post again.
2016-03-22 10:10:09 -05:00
rfpe
7abcc43907 Harvest server side strings
closes #5617
- Replace all hard-coded server-side strings with i18n translations
2015-12-19 12:12:16 +01:00
Hannah Wolfe
e84b7f3217 Cache permalinks & postsPerPage on config.theme
no issue

- Cache the permalinks & postsPerPage settings on the config.theme object
- Use the config.theme cache to reference these items throughout the frontend of a blog
- Removes the need for workarounds and extra code to handle async fetches
- Makes these values accessible to all themes, which is very useful now we have the API stuff
2015-12-15 08:16:53 +00:00
Hannah Wolfe
6a0f1cf231 Filter plugin with enforce/default logic
refs #5614, #5943

- adds a new 'filter' bookshelf plugin which extends the model
- the filter plugin provides handling for merging/combining various filters (enforced, defaults and custom/user-provided)
- the filter plugin also handles the calls to gql
- post processing is also moved to the plugin, to be further refactored/removed in future
- adds tests showing how filter could be abused prior to this commit
2015-11-17 10:39:44 +00:00
Hannah Wolfe
4dac01cbf9 Refactor old processOptions/where to use GQL JSON
refs #5943

- no longer assume the options in processOptions are set
- set where to a new GQL JSON-like statement object
- rather than setting options, add statements which can be understood by knexify
- pass the statements through knexify to build the query
2015-11-12 17:24:09 +00:00
Hannah Wolfe
b8bab0e74c Removing featured option code
ref #5943

- found some more code that can be removed
2015-11-09 12:15:40 +00:00
vdemedes
6db41584e7 Add order parameter
refs #5602
- add "order" to default browse options
- parse order parameter in Base model
- accept "order" option in Post, User and Tag models
- add tests for posts order
- add tests for tags order
- add tests for users order
2015-10-28 14:14:03 +01:00
Sebastian Gierlinger
9dc4efca13 Merge pull request #6005 from ErisDS/old-filter-clean
Remove featured, tag, author & role API params
2015-10-27 13:05:12 +01:00
vdemedes
0a0aaf01b2 Replace missing title with "(Untitled)" when creating a post
closes #6014
- replace missing title with "(Untitled)" when creating a post
- add a test for creating post without title
2015-10-27 12:15:09 +01:00
Hannah Wolfe
b8a3415726 Remove featured, tag, author & role API params
refs #5943

- removed featured, tag and author parameters from posts API
   - featured was only used in tests
- removed role filter from users API
   - role was only used in tests
- fixed up the tests, skipping those that don't quite work yet
2015-10-27 10:53:51 +00:00
Hannah Wolfe
b5cebb9ec6 Add filter parameter using GQL
refs #5604, refs #5463

- deps: ghost-gql@0.0.2
- adds code to wire up the filtering to a paginated query
- updated pagination plugin count query to use 'distinct' so it's more robust
- rename paginationUtils.query to addLimitAndOffset to be more explicit and make the code clearer
- add a new 'advanced browsing spec' set of tests for tracking these features as they are built out
2015-10-22 11:29:05 +01:00
Oliver Schneider
13adaec6e7 fix for page deletion not updating sitemap-page.xml
closes #5913

Sitemap deletion is based on the page.unpublished event. The previous
logic was always sending post.unpublished instead. If page or post
event is triggered is based on the ‘page’ attribute of the model. When
the destroyed handler all attributes are already cleared from the model
which makes this logic always fall back to post.

The fix is to move to the destroying event which still has all the
model values in place.
2015-10-12 09:26:26 +02:00
Delgermurun
a501711e71 Remove findAll from models that has findPage
closes #4577
- removed findAll from Post and User
- refactored deleteAllContent and data importer
2015-10-02 18:01:35 +08:00
Hannah Wolfe
0462607296 Don't allow published_by override
- published_by should be set by business logic, rather than by users

Credits: An anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure program
2015-09-25 17:44:49 +01:00
cobbspur
c0b5de6e81 Fix handling of slugs on import
closes Issue #5812

- pass importing property through to utils
- fix safeString method for imports
2015-09-23 17:41:44 +01:00
Hannah Wolfe
a3f107da8e Maintain tag order for posts
refs #5727, #5602

- Add new 'order' column to posts_tags table
- Migrate all existing posts_tags to have a correct value for 'order'
- Rewrite updateTags to not remove all tags, and to correctly maintain order
- Add transaction support for tag operations
- Many tests
2015-09-02 16:39:34 +01:00
Hannah Wolfe
e9a96816ac Adding 'fields' param for browse requests
refs #5601, #5463, #5343

- adds rudimentary support for a 'fields' parameter on browse requests
2015-08-28 19:08:22 +01:00
Hannah Wolfe
16407b41ee Merge pull request #5655 from sebgie/extract-permissions
Refactor handlePermissions
2015-08-11 19:32:20 +01:00
Sebastian Gierlinger
44622d943d Refactor handlePermissions
no issue
- extract handlePermissions to utils
- added NoPermissionError when canThis() rejects
- omitted users.js because it uses special permission handling
2015-08-11 16:03:57 +02:00
Hannah Wolfe
a00eace849 Next/Prev Post helpers include author & tags
closes #5150

- Post API understands next.author, next.tags, previous.author and previous.tags
- Post Read request filters out those properties and does the right thing with them
- Prev/Next post helpers send extra include properties
- Tests updated
2015-08-10 08:58:25 +01:00
cobbspur
870d6af066 Fix API query for featured posts
No Issue

- fixes bug where featured: false was not being built into query
- adds tests
2015-07-29 02:42:08 +01:00
Hannah Wolfe
a0ee69d365 Merge pull request #5591 from halfdan/fix/5573
Do not serialize toJSON to get published_at
2015-07-21 16:54:24 +01:00