Commit Graph

18 Commits

Author SHA1 Message Date
Harry Wolff
cddd23f926 Only reference model properties through the models module.
This frees us up to enforce one single point of access, thus paving
the way towards allowing us to initialize the models at are request,
and not when it's require().

addresses #2170
2014-07-10 08:04:32 -04:00
Sebastian Gierlinger
5b0b308513 Owner has all user permissions
closes #3075
- added special treatment for role with name ‚Owner‘
2014-07-09 13:34:38 +02:00
Sebastian Gierlinger
035fb04d34 closes #3197
- added role to user obj (only returned from the user endpoint)
- added `/users/?include=roles` and
`/users/?include=roles,roles.permissions` query parameters
- added and updated tests
2014-07-08 18:00:59 +02:00
Hannah Wolfe
c02ebb0dcf Refactor API arguments
closes #2610, refs #2697

- cleanup API index.js, and add docs
- all API methods take consistent arguments: object & options
- browse, read, destroy take options, edit and add take object and options
- the context is passed as part of options, meaning no more .call
  everywhere
- destroy expects an object, rather than an id all the way down to the model layer
- route params such as :id, :slug, and :key are passed as an option & used
  to perform reads, updates and deletes where possible - settings / themes
  may need work here still
- HTTP posts api can find a post by slug
- Add API utils for checkData
2014-05-15 10:41:05 +01:00
Jacob Gable
0dc6dc29a7 Add apps permissable checks in posts and users
Closes #2738

- Re-introduce the TargetModel.permissable interface check in the
regular permission flow path
- Pass loadedPermissions, hasUserPermission and hasAppPermission to
permissable interface to reduce logic necessary
- Refactor recursive call to pass original arguments but with actual
model
- Refactor canThis(this.user) use in api/posts.js to just canThis(this)
2014-05-14 09:22:25 -05:00
Sebastian Gierlinger
fd0f5a5028 Add distinct error classes
closes #2690
- added new error classes
- moved errorhandling.js to /errors/index.js
- changed API errors to use new classes
- updated tests
2014-05-09 12:11:29 +02:00
Jason Williams
e078cc4085 Don't xmlrpc ping for the default Welcome to Ghost post
closes #2712
-prevents xmlrpc.ping from being run before Ghost is in a valid
state
-fix a call to Object.hasOwnProperty in permissions.hasActionsMap
2014-05-08 03:50:19 +00:00
Hannah Wolfe
31fc84cefb Consistency in model method naming
- The API has the BREAD naming for methods
- The model now has findAll, findOne, findPage (where needed), edit, add and destroy, meaning it is similar but with a bit more flexibility
- browse, read, update, create, and delete, which were effectively just aliases, have all been removed.
- added jsDoc for the model methods
2014-05-06 00:36:42 +01:00
Sebastian Gierlinger
e47e9c62d0 Add permissions to API
closes #2264
- added permissions check to db, users and posts
- added register method to users
- added doesUserExist method to users
- added user from session to internal calls
- changed permissible to overwrite canThis
- removed action map and action type from permissable method
2014-04-16 18:22:22 +02:00
Jacob Gable
88d82ff441 canThis() improvements
- Handle passing undefined user to canThis
  - Add existence check to parseContext if statement
  - Add unit test that passes undefined to canThis
- Allow internal canThis() checks
  - Allow passing 'internal' or { internal: true } as context
  - Do not lookup user permissions unless context.user found
  - If context.internal, resolve immediately
  - Add unit tests for passing 'internal' and { internal: true }
2014-04-16 18:17:43 +02:00
Sebastian Gierlinger
c0dc8e95d2 Add new permissions to fixtures
closes #2325
- added new permissions
- added relation to user roles
- added updateFixtures to migrateUp
- removed validation per model to fix tests
2014-04-16 18:16:10 +02:00
Fabian Becker
41cef386bc Implements Models & Data API for Apps
closes #2138
- Adds new models for AppField and AppSetting
- Removed permitted attributes from App model (handled by base)
- Added reference from Post to AppFields
- Added fixture data to DataGenerator
- Added integration tests for Apps, AppSettings, AppFields
- Added import for Apps
- Added app_fields to default fixtures
2014-04-16 18:14:56 +02:00
Jacob Gable
9369dd3bf7 Add app permission checking to canThis
- Pass permissions loading to buildObjectTypeHandlers to eliminate
shared state
- Load both app and user permissions to check
- Check app permissions if present
- Create apps table and App model
- Move effectiveUserPermissions to permissions/effective
- Change permissable interface to take context; user and app.
- Add unit tests for app canThis checks and effective permissions
2014-04-16 18:06:39 +02:00
John-David Dalton
6eab7b3f92 Replace underscore with lodash. 2014-02-06 14:08:34 +00:00
Ben Gladwell
69d3a1460d Remove unparam:true from jslint config in Gruntfile.js
issue #1365
- added /*jslint unparam:true*/ to functions where absolutely necessary
- added /*jslint unparam:true*/ to functions in which keeping parameter
  list added clarity to the underlying api, even when those parameters
  are not currently used
- removed unused parameters in a few places
2013-10-31 14:02:34 -04:00
John O'Nolan
d1957958e3 Cleanup indentation and quotes
Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-26 15:06:31 +01:00
Jacob Gable
bbe5105048 Edit Post Permissions 2013-08-18 12:28:05 -05:00
Hannah Wolfe
30b4eb07f7 App restructure - closes #245
- This is a first pass at getting a more logical structure. The focus is on moving from admin/frontend to client/server.
- The location of the databases is highly important, this isn't expected to change again
In the future
- client/assets should probably become public/
- more stuff should be shared (helpers etc)
- cleanup some confusion around tpl and views
2013-07-11 20:23:34 +01:00