closes https://github.com/TryGhost/Team/issues/1885
- adds limit check for members to the `PublishOptions` class when it's constructed to set a `publishDisabledError` property if the limit check fails
- if `publishOptions.publishDisabledCheck` is present, all publish options in the publish flow are disabled, the underlying error message is shown, and the continue button is removed to prevent filling in everything only to find at the end of the process that publishing fails
- added handling for a `HostLimitError` error from the API when confirming publishing so the proper underlying message is displayed instead of the confusing "Host limit error, cannot edit post" error
- this is a backup measure for any instances where you're under the max members limit when starting the publish flow but are over the limit when you reach the end of the publish flow
fixes https://github.com/TryGhost/Team/issues/1966
- Currently you can only do a free self signup when 'free' is enabled in Portal or when Stripe is disabled
- Some themes, such as the Edition theme add a free signup form to the theme. That theme stops working if we don't allow self signup.
- The portal settings shouldn't be used to determine if free signup is allowed or not.
closes https://github.com/TryGhost/Team/issues/1877
- bumped `@tryghost/kg-default-cards` which includes updated "should render" dependencies that adds a fully enabled button to the list of possible requirements for the product card to render. Now any one of the following will render the product card:
- title is present
- description is present
- button url is enabled and button text+url are present
fixes https://github.com/TryGhost/Team/issues/1945
- When deleting a user, a private tag is assigned to their existing posts.
- In that loop, it tries to find the post, but the post model had a default filter to only return published posts.
- An error was thrown because the post model was not fetched.
refs https://github.com/TryGhost/Toolbox/issues/410
- Private cache control was preventing browser or shared caches from storing Content APIs response. The type of data served through the Content API is very much of a "public" nature, so should be cacheable.
- Right now the 'max-age' value of 'cache-control' header is hardcoded to '0', without 'must-revalidate' value, to allow browsers to cache content slightly more aggressively. In the future the 'max-age' value will most-likely become configurable to allow even more aggressive HTTP caching.
refs https://github.com/TryGhost/Toolbox/issues/410
- The 'private' value in 'Cache-Control' response header for all errors made it impossible for shared caches (e.g.: Fastly, Cloudflare) to cache 404 responses efficiently.
- The change substitutes 'max-age=0' which should not effect the browser cache behavior but would allow shared caches to process such requests efficiently.
- A more loose caching logic only applies to 404 responses from GET requests that are not user-specific (non-authenticated, non-cookie containing requests)