Commit Graph

746 Commits

Author SHA1 Message Date
Jason Williams
954cb1a59e updateTags refactor
closes #2720
-refactor Models.Posts.updateTags method to reduce complexity
2014-05-12 21:03:26 +00:00
Hannah Wolfe
25ec0f3f75 Merge pull request #2719 from appleYaks/import-backward-compatible
Make DB Import backwards compatible
2014-05-11 16:17:17 +01:00
Sebastian Gierlinger
fd0f5a5028 Add distinct error classes
closes #2690
- added new error classes
- moved errorhandling.js to /errors/index.js
- changed API errors to use new classes
- updated tests
2014-05-09 12:11:29 +02:00
David Arvelo
eb18991ddb Make DB Import backwards compatible
closes #2716
- Continues to parse and allow import with the old format
- Detects the presence of the new JSON-API format and allows import
2014-05-08 20:29:45 -04:00
Hannah Wolfe
d4a6eb26a4 Merge pull request #2713 from jaswilli/startup-issues
Don't xmlrpc ping for the default Welcome to Ghost post
2014-05-08 12:24:39 +01:00
Hannah Wolfe
1c3ba536c9 Merge pull request #2706 from appleYaks/db-api-update
DB API returns JSON-API compatible objects. Export triggers 'Save As' di...
2014-05-08 11:28:02 +01:00
Jason Williams
e078cc4085 Don't xmlrpc ping for the default Welcome to Ghost post
closes #2712
-prevents xmlrpc.ping from being run before Ghost is in a valid
state
-fix a call to Object.hasOwnProperty in permissions.hasActionsMap
2014-05-08 03:50:19 +00:00
Jason Williams
027169a1d1 Fix unhandled rejected promises when using admin
closes #2707
- adjust call to api.settings.edit now that canThis is in use
2014-05-08 00:10:14 +00:00
David Arvelo
2d783ac3d4 DB API returns JSON-API compatible objects. Export triggers 'Save As' dialog.
closes #2647
- GET method returns { db: [exportedData] }
- POST, DELETE methods return { db: [] }
- 'delete all content' test updated
- Attach 'Content-Disposition' header on DB export for 'Save As' browser dialog
- Add DB API functional test for Export
2014-05-07 19:05:09 -04:00
Hannah Wolfe
d1f57a2569 Merge branch 'ember'
Conflicts:
	Gruntfile.js
	core/client/models/post.js
	core/client/models/settings.js
	core/client/models/user.js
	core/client/router.js
	package.json
2014-05-07 22:28:29 +01:00
Hannah Wolfe
ede0a937a6 Merge pull request #2701 from jgable/settingsACL2
ACL and strict rules for Settings API
2014-05-07 20:23:30 +01:00
Hannah Wolfe
e23f5c027b Merge pull request #2702 from jgable/userCanThis
Update users api canThis context
2014-05-07 17:42:44 +01:00
Jacob Gable
298077582b ACL and strict rules for Settings API
Ref #2061

- Add canThis permission checks to settings api calls
- Add strict rules about accessing core settings without internal: true
- Omit core settings in browse() call unless internal: true
- Update unit tests to call api.settings with contexts
- Add a couple unit tests for new scenarios
- Update all api.settings calls in the app to call with internal context
- Re-arrange permissions.init in server startup so config.theme.update
can access settings without permissions error
2014-05-07 10:56:03 -05:00
Hannah Wolfe
1fb958834c Merge pull request #2679 from appleYaks/sanitize-model-options
Sanitize models' attributes/options before passing to bookshelf/knex
2014-05-07 16:49:42 +01:00
David Arvelo
87cda81c84 Sanitize models' attributes/options before passing to bookshelf/knex
closes #2653
- enforce strict whitelists for model methods
- create a class method that reports a model method's valid options
- create a class method that filters a model's valid attributes from data
- create a class method that filters valid options from a model method's options hash
2014-05-06 23:02:49 -04:00
Jacob Gable
9c9cfe763a Update users api canThis context
- Update api.users methods to pass the whole context to canThis instead
of just this.user
2014-05-06 20:11:15 -05:00
Fabian Becker
2795e723e1 Move to new API format for Settings.
refs #2606
- Use new API format when updating settings from the client side
- Add additional test to test new API format
- Adjust functional tests to work with the new format
2014-05-06 19:02:55 +00:00
Sebastian Gierlinger
b98709b3ce Refactor omit of password
- remove password in toJSON() instead of filtering every occurrence of
user
- changed faulty error type ‚NotFound‘ to ‚NoPermission‘
2014-05-06 12:14:58 +02:00
Hannah Wolfe
8a4e0e27f2 Merge pull request #2687 from shindakun/expressgzip
Add gzip compression, can be enabled/disabled in config.js
2014-05-06 08:24:54 +01:00
Steve
c7459b1d9f Add gzip compression, can be disabled in config.js
Closes #1305
- added compression module
- added new server config variable: compress
- gzip enabled by default
2014-05-05 18:29:13 -07:00
Hannah Wolfe
31fc84cefb Consistency in model method naming
- The API has the BREAD naming for methods
- The model now has findAll, findOne, findPage (where needed), edit, add and destroy, meaning it is similar but with a bit more flexibility
- browse, read, update, create, and delete, which were effectively just aliases, have all been removed.
- added jsDoc for the model methods
2014-05-06 00:36:42 +01:00
Fabian Becker
2a803aecdd Proper endpoints for persistent notifications
closes #2637
- Add new get API route for all notifications
- Wrap API responses to comply with JSON-API
- Add new tests / adjust fixtures
- Adjust all occurences of passive notifications
2014-05-06 00:05:14 +02:00
Sebastian Gierlinger
39e654e9c3 Change error message response
closes #2643
- added error type
- added error property for validations
- wrapped errors in an array
- returns multiple errors for validation
- updated tests and admin
2014-05-05 15:51:21 +02:00
Jason Williams
d0931aa455 Add location header to response when new object is created
closes #2635
- add new logic to the api request handler to set a location header
  when new objects are created
- added an api context to config.urlFor() to return the root url
- added functional tests for the affected routes
2014-05-04 14:52:01 +00:00
Jason Williams
4d41e12c02 Adjust update check to handle changes in API calls
closes #2681
- fixed api calls and response parsing
- added a test to for update check
- adjusted gruntfile.js to run new update check integration test
2014-05-04 01:36:00 +00:00
lennerd
66a046b00b Return new tags when posts are created via API
closes #2680
- added include options when adding a post
- added functional and integrational tests
2014-05-03 19:24:11 +02:00
Hannah Wolfe
f2071eedb2 Move user API to primary document format
closes #2593

- added new format to user API methods
- changed all places where the user api was used
- updated tests and added more coverage
- little bit of cleanup in utils/api
2014-05-02 20:50:44 +01:00
Hannah Wolfe
ebdbf8a7aa Merge pull request #2661 from jgable/settingsPrimaryDocument
Settings API Primary Document refactor
2014-05-02 15:55:31 +01:00
Jacob Gable
7e9880ce8d Settings API Primary Document refactor
Closes #2606

- Refactor settings api responses to { settings: [ ] } format
- Update all code using api.settings to handle new response format
- Update test stubs to return new format
- Update client site settings model to parse new format into one object of key/value pairs
- Refactor to include all setting values
- Remove unused settingsCollection method
- Update settingsCache to store all attributes
- Update settingsResult to send all attributes
- Remove unnecessary when() wraps
- Reject if editing a setting that doesn't exist
- Reject earlier if setting key is empty
- Update tests with new error messages
- Use setting.add instead of edit that was incorrectly adding
- Update importer to properly import activePlugins and installedPlugins
- Update expected setting result fields
- Fix a weird situation where hasOwnProperty didn't exist 🤷
2014-04-30 23:15:27 -05:00
Jason Williams
4b46d85c26 Redirect from admin editor to frontend post view
closes #2628
- added /view/ route to the editor. if /view/ is appended to
  the url of a post being edited a redirect to the frontend
  will occur
- updated controller to check for /view/ and built the
  correct url for the post
- added test for the new route
2014-05-01 01:50:24 +00:00
Hannah Wolfe
bb75a1f96c Converting aspect -> filters for tag pages
fixes the build

- PR #2238 added an extra reference to aspect which wasn't fixed by #2652, this resolves that
2014-04-28 19:54:16 +01:00
Hannah Wolfe
c347d3fd1c Merge pull request #2652 from sebgie/issue#2620
Additional objects
2014-04-28 16:23:21 +01:00
Hannah Wolfe
3ffa552cfc Merge pull request #2238 from gimelfarb/fix-1838-admin-ssl
Support for urlSSL config option and forceAdminSSL 403 response
2014-04-28 16:20:06 +01:00
Hannah Wolfe
b82ebac44c Merge pull request #2631 from jgable/appProxyContext
AppProxy with permissions checks and app context
2014-04-28 12:17:29 +01:00
Lev Gimelfarb
a013840503 Support for urlSSL config option and forceAdminSSL 403 response
closes #1838
- adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect
- adding `urlSSL` option to specify SSL variant of `url`
- using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified
- dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data)
- using `urlSSL` in a "reset password" email, if specified
- adding unit tests to test `forceAdminSSL` and `urlSSL` options
- created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
2014-04-27 17:01:49 -04:00
Sebastian Gierlinger
e1bbc60467 Additional objects
closes #2620
- moved aspect -> filters
- updated tests
- fixed inconsistency in pagination object
2014-04-27 19:34:44 +02:00
Sebastian Gierlinger
1e62400465 Add include parameter for posts API
closes #2609
- added include parameter to api.posts.*
- changed toJSON to omit objects that are not included
- added include parameter to admin
- added include parameter to frontend.js
- updated tests
- removed duplicate code from posts model

**Known Issue:** It is not possible to attach a tag using an ID.
2014-04-27 18:58:34 +02:00
Jacob Gable
822cb2d9f6 AppProxy with permissions checks and app context
Ref #2059

- Refactor appProxy into class that is instantiated per App
- Check for permissions before doing proxied filter/helper calls
- Add all currently existing api methods, let api check for permissions
- Basic unit tests for filter and helper register/deregister
- Adjusted proxy api method existence unit tests
2014-04-26 10:38:23 -05:00
Sebastian Gierlinger
0bdfadd9d6 Changed boolean handling
closes #2638
- replaced format() with parse() to convert values when fetched
- changed validation from integer to boolean
- added checks to tests
2014-04-25 09:55:53 +02:00
Andrew Schwartzmeyer
31d0014130 Adding public to reserved slugs
See this [tweet](https://twitter.com/TryGhost/status/459069697930330112)

Also see the new [Wiki page](https://github.com/TryGhost/Ghost/wiki/Reserved-Slugs)
2014-04-23 14:21:39 -07:00
Jacob Gable
a9cc252b45 Invalidate cache header only for published posts
Closes #1563

- Add new updatedAttributes() functionality to base models
- Update Post.edit(...) to pass along _updatedAttributes values
- Update Post.delete to set statusChanged to true
- Add checking for statusChanged to cacheInvalidationHeader()
- Update route tests that check for cache invalidation header
2014-04-23 09:28:45 -05:00
Hannah Wolfe
9bf02c9e8c Merge pull request #2641 from alarobric/feature/2607TagParentRelation
Tag API response to use parent rather than parent_id
2014-04-23 12:47:37 +01:00
Hannah Wolfe
149a793e28 Merge pull request #2634 from alarobric/feature/2608AuthorRelation
Post API response to use author not author_id
2014-04-23 12:47:25 +01:00
Paul Connolley
dd4f8a5f6a Ensure that the character set is UTF-8 for RSS feed
When setting the Content-Type header for the RSS feeds, the character
set is omitted. However, when running the feed through the
[Feed Validator](http://feedvalidator.org), it became apparent that
there was a problem as the encoding defaults to US-ASCII. See
[RFC 3023](http://www.ietf.org/rfc/rfc3023.txt) for further information
on the default XML charset over HTTP.

I have added a test and simple update to the 'Content-Type' header.
2014-04-23 10:47:25 +01:00
Alan Richards
5877e7d211 Tag API response to use parent rather than parent_id
Closes #2607
- added toJSON method to tag model
- parent_id attribute is replaced by parent
- integration tests will expect parent as an attribute
2014-04-22 23:46:53 -07:00
Alan Richards
686aec7ab5 Post API response to use author not author_id
Closes #2608
- added toJSON method override for post model
- in the event no expanded author relation is present the id will be used
- removed author_id from expected response JSON for posts.
- updated integration tests to check for existence or not of author and author_id
2014-04-22 02:13:33 -07:00
Hannah Wolfe
3eb284e4b5 Update & grunt-groc and fix docs errors
issue #2622

- Updated grunt-groc to 0.4.5
- Fixed the few places which made the docs fail to generate
- There is still a mix of styles
2014-04-21 19:04:20 +01:00
Hannah Wolfe
16c8080636 Merge branch 'master' into ember
Conflicts:
	core/client/models/post.js
2014-04-21 18:35:38 +01:00
Hannah Wolfe
82897ed949 Merge pull request #2624 from shindakun/editbug2619
Do not redirect to editor if parameter does not equal edit.
2014-04-21 19:05:18 +02:00
Hannah Wolfe
0756b35656 Merge pull request #2551 from szelpe/email-test
[API] Added email sending endpoint to the API.
2014-04-21 18:41:08 +02:00