closes#2653
- enforce strict whitelists for model methods
- create a class method that reports a model method's valid options
- create a class method that filters a model's valid attributes from data
- create a class method that filters valid options from a model method's options hash
refs #2606
- Use new API format when updating settings from the client side
- Add additional test to test new API format
- Adjust functional tests to work with the new format
- The API has the BREAD naming for methods
- The model now has findAll, findOne, findPage (where needed), edit, add and destroy, meaning it is similar but with a bit more flexibility
- browse, read, update, create, and delete, which were effectively just aliases, have all been removed.
- added jsDoc for the model methods
closes#2637
- Add new get API route for all notifications
- Wrap API responses to comply with JSON-API
- Add new tests / adjust fixtures
- Adjust all occurences of passive notifications
- We no longer need grunt-groc as we are going to use docker instead
- Compile docker to 'docs'
- Docker has a nice option for only building updated files
- Added a few files we didn't need dockering to exclude list
closes#2643
- added error type
- added error property for validations
- wrapped errors in an array
- returns multiple errors for validation
- updated tests and admin
closes#2635
- add new logic to the api request handler to set a location header
when new objects are created
- added an api context to config.urlFor() to return the root url
- added functional tests for the affected routes
refs #2622, refs #1340
- added documentation to grunt tasks which will replace the wiki page, including reordering the tasks to make the documentation easier to read
- removed grunt changelog which is no longer used
- merged jshint:shared into jshint:server
- cleanup of quote marks, formatting, line lengths etc
- also fixed the incorrect version number for grunt-docker
- added route tests to coverage
closes#2593
- added new format to user API methods
- changed all places where the user api was used
- updated tests and added more coverage
- little bit of cleanup in utils/api
Closes#2606
- Refactor settings api responses to { settings: [ ] } format
- Update all code using api.settings to handle new response format
- Update test stubs to return new format
- Update client site settings model to parse new format into one object of key/value pairs
- Refactor to include all setting values
- Remove unused settingsCollection method
- Update settingsCache to store all attributes
- Update settingsResult to send all attributes
- Remove unnecessary when() wraps
- Reject if editing a setting that doesn't exist
- Reject earlier if setting key is empty
- Update tests with new error messages
- Use setting.add instead of edit that was incorrectly adding
- Update importer to properly import activePlugins and installedPlugins
- Update expected setting result fields
- Fix a weird situation where hasOwnProperty didn't exist 🤷
closes#2628
- added /view/ route to the editor. if /view/ is appended to
the url of a post being edited a redirect to the frontend
will occur
- updated controller to check for /view/ and built the
correct url for the post
- added test for the new route
closes#2658
- adds the `clean:tmp` task to the list of ember watch tasks
- adds the `clean:tmp` task to the emberBuild task
This ensures pruned ember modules are cleared out automagically.
refs #2660
- removed timeout from routes tests (since Ghost is used as module it
is restarted before logging in)
- Casper.js does only one login and the existing waits are executed
after testing login limiters
- gain: 8 sec :-/
closes#1838
- adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect
- adding `urlSSL` option to specify SSL variant of `url`
- using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified
- dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data)
- using `urlSSL` in a "reset password" email, if specified
- adding unit tests to test `forceAdminSSL` and `urlSSL` options
- created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
closes#2609
- added include parameter to api.posts.*
- changed toJSON to omit objects that are not included
- added include parameter to admin
- added include parameter to frontend.js
- updated tests
- removed duplicate code from posts model
**Known Issue:** It is not possible to attach a tag using an ID.
Ref #2059
- Refactor appProxy into class that is instantiated per App
- Check for permissions before doing proxied filter/helper calls
- Add all currently existing api methods, let api check for permissions
- Basic unit tests for filter and helper register/deregister
- Adjusted proxy api method existence unit tests
