Commit Graph

69 Commits

Author SHA1 Message Date
Fabien O'Carroll
a4ff87a774 Added stripe subscriptions & updated customers table
no-issue
2019-10-09 16:24:51 +07:00
Naz Gargol
786eaac57e
Added permission restrictions to editing members flag (#11217)
no issue

- Added test cases to check edit permission on settings endpoints
- Added test to demonstrate owner-only being able to toggle members flag
- Permission check when editing settings `lab.members`
- Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure.
- Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame"
- Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 10:26:54 +02:00
Naz Gargol
80f7e0b19e
Added default_content_visibility flag for content gating (#11163)
no issue

- Added 'labs' flag settings test
- Added test for default_content_visibility flag
- Default post's visibility takes into account values set in default_content_visibility setting
2019-09-26 15:40:24 +02:00
Naz Gargol
ff13821b27
Members post gating options (#11160)
no issue

- Removed uses of `visibility` column in frontend url service configs
- The value of `visibility` is always set to 'public' in posts at the moment and doesn't serve any specific purpose when used with these filters.
- Allowed new visibility attributes in post model
- `posts.visibility` column is being repurposed for the needs of member content gating
- Added test for visibility editing in Admin API
- Corrected test schema checks for Admin API post/page responses
2019-09-26 15:38:35 +02:00
Fabien O'Carroll
6859e9a9a1 Added members-stripe-info table
no-issue

This will be used to store stripe specific information for members

customer_id has a max length of 255 https://stripe.com/docs/upgrades

member_id is not unique as we cannot ensure that a member doesn't have
more than one customer object associated with them. e.g. if they signup
twice, or if they cancel, and signup again, creating a new customer.

We probably won't handle this case to begin with, but we will keep the
data intact.
2019-09-25 10:05:30 +07:00
Kevin Ansfield
d0fa149e0e Updated tests eslint config to use eslint-plugin-ghost@0.5.0
no issue
- bump eslint-plugin-ghost to v0.5.0
- update core/test eslint config to use "ghost:test" in place of custom ruleset
- apply automated eslint fixes
2019-08-19 13:38:35 +01:00
Kevin Ansfield
80fbfd7a85 Revert post.page->post.type handling
no issue
- the column addition/removal can be too slow for large sites
- will be added back in 3.0

---

Revert "Fixed canary api for page/type column"
This reverts commit a5a7e7e919.

Revert "Updated frontend canary url config for page/type"
This reverts commit 19100ec5e6.

Revert "Updated canary api to handle type column correctly (#11006)"
This reverts commit c3e8ba0523.

Revert "Ensured `page` filter works in routes.yaml"
This reverts commit 9037c19e50.

Revert "Replaced usage of mongo util with nql-map-key-values"
This reverts commit 8c5f1d0ef0.

Revert "Added shared nql-map-key-values module"
This reverts commit ef4fd4b8ef.

Revert "Ensured page prop is present on content api response"
This reverts commit cfa0a0862b.

Revert "Fixed failing regression tests"
This reverts commit 9c2bb3811f.

Revert "Updated xmlrpc and slack service to use type column"
This reverts commit 44a02c7d36.

Revert "Updated v0.1 posts api to work with type column"
This reverts commit 2c81d7c914.

Revert "Removed updates to v0.1 specific code"
This reverts commit 08d83c1f53.

Revert "Added missing context from ValidationError"
This reverts commit cd45ab4f54.

Revert "Renamed page->type in the page&posts serializers"
This reverts commit df99e724e3.

Revert "Added mongo helper to input serializers"
This reverts commit fb8eadb4a8.

Revert "Passed mongoTransformer through to NQL"
This reverts commit 0ae3f0fdfc.

Revert "Permitted mongoTransformer option for read methods"
This reverts commit a89376bf26.

Revert "Updated the count plugin to reference the type column"
This reverts commit a52f15d3d3.

Revert "Updated hashes for db integrity check"
This reverts commit bb6b337be3.

Revert "Remove page column and remaining references"
This reverts commit 9d7190d692.

Revert "Added type column to data generator"
This reverts commit e59806cb45.

Revert "Removed references to page column in rss tests"
This reverts commit 04d0f855de.

Revert "Removed page column references in validation tests"
This reverts commit f0afbc5cc0.

Revert "Updated the post model to use the `type` column"
This reverts commit 1189bc823a.

Revert "Updated url service to use type column"
This reverts commit 61612ba8fd.

Revert "Updated the v2 api to deal with type column"
This reverts commit 57afb2de2b.

Revert "Added type property to post model defaults"
This reverts commit dc3345b1c5.

Revert "Added type property to the default post fixtures"
This reverts commit 82d8c38033.

Revert "Added type column to posts table"
This reverts commit 9b85fc6a69.
2019-08-19 12:02:14 +01:00
Kevin Ansfield
ff1ac49b0a
Excluded mobiledoc_revisions table from exports (#10993)
no issue

- the `mobiledoc_revisions` table can grow very large in certain circumstances which can result in Out-Of-Memory errors when performing backups, resulting in failed upgrades
- adds `mobiledoc_revisions` to the exporter excluded tables list as a temporary solution until we have safer export creation and/or improved revision handling
2019-08-12 11:33:16 +01:00
Fabien O'Carroll
1189bc823a Updated the post model to use the type column
refs #10922

This replaces references to the `page` column with the `type` column
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
9b85fc6a69 Added type column to posts table
refs #10922

This column is limited to the two values 'post' and 'page'
2019-08-09 14:39:01 +08:00
Nazar Gargol
00f95e7328 Migrated schedules controller to v2
closes #10060

- Implemented scheduling for posts and pages
- Added cache invalidation when scheduling
- Refactored admin token eneration function to accept existing key as parameter in tests
- Added Ghost Scheduler Integration fixture
- Added fixture for permissions for post publish action
- Migrated getScheduled method to v2
- Did not add support for 'from' and 'to' parameters as they were not used by DefaultScheduler
- This method needs rethinking in a long run as it's an ugly hack and should rather become proper endpoint that returns JSON data instead of models
- Removed unused auth middleware from v2 routes
- Added internal scheduler role
- Implemetnted transactions in v2 frame
- This takes into account scenario mentioned in c93f03b87e
- Specifically:
>if two queries happening in a transaction we have to signalise
  knex/mysql that we select for an update
  otherwise the following case happens:
  you fetch posts for an update
  a user requests comes in and updates the post (e.g. sets title to "X")
  you update the fetched posts, title would get overriden to the old one
2019-08-07 14:51:36 +02:00
Fabien O'Carroll
21427ad73f
Created DB Backup integration (#10974)
* Simplified db controller permissions options

The existing objects were confusing because they did the same thing as
setting permissions to true, but gave the impressions that something
special was happening/required.

* Added DB Backup Integration Role

This will allow us to assign certain api_keys this role, in order to
automate db backups

* Allowed admin api_keys to have configurable roles

This will allow keys for the admin api to do customised things such as db export

* Added ghost-backup integration to fixtures

* Added migrations for DB Backup Integration and role
2019-08-02 17:28:02 +08:00
Kevin Ansfield
1aa7e368a2
🎨 Added url value to the Content API /settings/ endpoint (#10946)
closes https://github.com/TryGhost/Ghost/issues/10945

- adds the `url` property to the returned output manually because it's a config value rather than a settings value
2019-07-24 11:12:07 +01:00
Kevin Ansfield
2b6830b747 Ensured Admin API cannot fetch internal integrations (#10501)
no issue

- Forced a filter on read and browse requests to the integrations endpoint to limit fetches to only "custom" and "builtin" integration types
- Expanded test coverage for "internal" integrations
2019-07-24 11:52:55 +02:00
Nazar Gargol
3c7af7e6f0 Fixed accepnatce test failure
no issue

- Initial commit that broke the build: 20cce5da37
- There is no enforced ordering for integrations and because of combined differences how MySQL/SQLite orders by default in combination with how created_at/updated_at dates are generated for fixtures in tests and for migrations there is no reliable way to check order
2019-07-22 17:12:43 +02:00
Nazar Gargol
20cce5da37 Added test coverage for integrations Admin API endpoint
no issue

- The basic test coverate for 'browse' endpoint for integrations was missing.
- It case is needed to be able to expand it in https://github.com/TryGhost/Ghost/pull/10501
2019-07-22 14:35:19 +02:00
Naz Gargol
c3a80f112a
Exposed site SEO data through Conent API & {{@site.*}} helper (#10925)
refs #10921

- Site SEO data will now be available as part of `GET /settings` response in Content API as well as part of {{@site.*}} helper
2019-07-19 10:40:47 +02:00
Naz Gargol
b89b57b6fb
Added global site SEO fields in Admin API (#10923)
refs #10921

- New SEO related fields will now be available as a part of Admin API /settings endpoint
- The ordering of fields is taken from post's schema
- Extended settings test suite with new SEO fields
- Adjusted settings model unit test
2019-07-18 16:24:34 +02:00
renovate[bot]
db53ac0721 Update Test & linting packages (major) (#10858)
no issue 

- Updated Test & linting packages
- Updated use of hasOwnProperty
- Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins)
- Removed already defined built-in global variable Intl
- Applied `--fix` with lint command on `core/test` folder
- The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes)
- Removed redundant global variable declarations to pass linting
2019-07-05 13:40:43 +02:00
Nazar Gargol
e1dca54bf7 🎨 Made notifications dismissible per user
refs #10656

- To make sure more users see important updates or announcements
notification dismissal now works per user instead of globally
- Expanded acceptance test for notification deletion
- Expanded regression test covering multiuser dismissal of notification
- Added clarifying comment about destroyAll method use in API
2019-04-19 09:43:14 +02:00
Fabien O'Carroll
7461869f13 Updated import to only show warning when apps exist
no-issue

This is so that someone with empty defaults for installed_apps and
active_apps, or someone without the defaults at all, will not see the
warning message when importing.
2019-04-16 11:19:17 +02:00
Fabien O'Carroll
32a4798d76 Added skip of active/installed apps settings during import (#10681)
no issue
- the `{active,installed}_apps` settings related to a very old, minimally implemented, unreleased, and problematic approach to custom apps
- this is the first step towards full removal of the old "apps" concept

Credits: Kacper Szurek
2019-04-15 11:10:10 +01:00
kirrg001
1e6f4ba340 🐛 Fixed Admin API v2 wasn't returning preview url
no issue

- Admin API v2 returned /404/, see comment in code base:

/**
* CASE: admin api should serve preview urls
*
* @NOTE
* The url service has no clue of the draft/scheduled concept. It only generates urls for published resources.
* Adding a hardcoded fallback into the url service feels wrong IMO.
*
* Imagine the site won't be part of core and core does not serve urls anymore.
* Core needs to offer a preview API, which returns draft posts.
* That means the url is no longer /p/:uuid, it's e.g. GET /api/v2/content/preview/:uuid/.
* /p/ is a concept of the site, not of core.
*
* The site is not aware of existing drafts. It won't be able to get the uuid.
*
* Needs further discussion.
*/
2019-03-21 19:08:38 +01:00
Katharina Irrgang
04c60b4ce1
🐛 Fixed private blogging getting enabled when saving any setting (#10576)
no issue

- Reported here: https://forum.ghost.org/t/in-version-2-16-3-found-bug/6065/3

---

Admin Client sends false or true booleans for `is_private` key.

The settings table has two columns "key" and "value". And "value" is always type TEXT.

If you pass value=false, the db will transform this value into "0".
`settingsCache.get('is_private')` is then always true, even though the value is meant to be false.

We should add a migration in v3 and normalize all setting values to ensure consistent database values. Furthermore, we should improve the handling around settings values in general.

For now, we protect parsing values from DB, which we anyway need to transform the values into the correct data type, because we always save strings. This will protect values being stored as "false" or "1" or whatever.
2019-03-06 12:56:26 +01:00
kirrg001
5b73e8238e 🐛 Fixed email address not being returned with admin api key authentication
no issue

- bug in model layer
- we have to drop these context checks when dropping v0.1
2019-03-06 10:48:21 +01:00
kirrg001
97cf337907 🐛 Fixed 404 when trying to update codeinjection_* settings in Admin API v2
refs #10560
2019-03-04 22:59:13 +01:00
kirrg001
449bae9a48 🐛 Fixed missing "value" property for settings Admin API v2
closes #10518

- we had a very generic logic to remove "unwanted" null values
  - copied from v0.1
  - originally added in 7d4107fec4
- this logic transformed: settings = [{key: 'key', value: null}] to [{key: 'key'}], which is wrong
- i've removed this generic logic completely, because i don't know which purpose it serves
- if there a specific case where we want to remove null values, we should either use the JSON schema or use a specific serializer for the target resource
- added tests to proof that settings API behaves as it should
- one test failed because we removed the isNull logic -> if you send published_at = null on a published post
  - the model layer has a piece of logic to force a date if you set published_at to null if the status is published
  - protected
2019-03-04 20:06:53 +01:00
Kevin Ansfield
f846bd8033 Fixed pages acceptance test 2019-03-04 14:53:15 +00:00
Fabien O'Carroll
4e6a6a24ac Updated Admin API key auth to require kid in header (#10538)
* Required kid be a header claim as according to spec

https://tools.ietf.org/html/rfc7515#section-4.1.4 (JWT is an extension of JWS)

* Updated error message for missing kid

* Fixed admin-api key unit tests

* Fixed regression and acceptance tests
2019-02-26 11:03:47 +07:00
kirrg001
d6872de0b2 Added "useGravatar" to config endpoint in Admin API v2
no issue
2019-02-25 15:39:47 +01:00
kirrg001
a1023f0b11 Renamed theme upload file field name
no issue

- consistent with /images/upload/ endpoint
2019-02-25 13:26:03 +01:00
kirrg001
3278e8df22 Returned prefix for site & config response
no issue

- otherwise it's super inconsistent to our other responses
- we always expose the resource type first
2019-02-25 13:24:19 +01:00
kirrg001
bd7da54ce3 Changed config endpoint for Admin API v2
no issue

- re-designed config endpoint
- timezones.json should live in Ghost-SDK long-term
2019-02-25 13:24:19 +01:00
kirrg001
b5155e280e Returned tags & authors by default for Admin API v2
no issue

- tags, authors, authors.roles by default
2019-02-25 13:22:50 +01:00
kirrg001
28a222703b Added computed "excerpt" field to Admin API v2
no issue
2019-02-25 13:22:50 +01:00
kirrg001
e65a82833c Changed default format from html to mobiledoc for Admin API v2
no issue

- Ghost-Admin needs mobiledoc only
- Ghost-Android needs mobiledoc only
- any other client can fetch other formats using the query param
2019-02-25 13:22:50 +01:00
Nazar Gargol
f558b58c89 Combined /images* endpoints into /images/upload
- refs #10438

- /images/upload now accepts all the image uploads and distinguishes their purpuse using new `purpose` form data field
2019-02-25 19:15:16 +07:00
kirrg001
23fed961e5 Removed requirement to provide authors for admin api keys
no issue

- we just fallback to owner user
- reason: consistent with how the importer works, easier to work with the API
2019-02-25 09:16:32 +01:00
kirrg001
0665c72dda Removed primary_tag & primary_author if null from Admin API v2
refs #10438

- "null" means the resource does not exist (it was sett to "null"), which is not true
- we won't serve primary_tag and primary_author by default
- TODO: add the same change to the Content API v2 (raise issue)
2019-02-24 13:31:43 +01:00
Nazar Gargol
9d4b0c09a8 Renamed uploads to images
refs #10438

- As the support of /uploads endpoint has been dropped in Admin API, all related files have to correspond to new naming
2019-02-24 11:18:45 +07:00
Fabien O'Carroll
4a1a245e9b
Updated audience validation for admin api tokens (#10519)
no-issue
2019-02-23 12:51:21 +01:00
Nazar Gargol
55289d04c8 Changed response structure for /images
refs #10438

- To make response structure future proof and conform to the rest of API responses /images* now returns an object with url property instead of plain url string
2019-02-22 18:17:44 +07:00
Nazar Gargol
187636193b Removed /uploads* endpoints
refs #10438
2019-02-22 18:17:44 +07:00
Katharina Irrgang
0a70226128 Separated pages & posts in Admin API v2 (#10494)
refs #10438, refs #10106

* Renamed existing pages ctrl
* Splitted posts & pages for Admin API v2
* Added pages JSON input schema for Admin API v2
* Removed single author for Content & Admin API v2
  - single author is not documented
  - single author usage is deprecated in v0.1
  - single author usage is removed in API v2
* Splitted posts & postsPublic controller for v2
* Removed requirement to send `status=all` from Admin API v2
* Removed `status` option from pages Content API v2
* Removed `status` options from Users Admin API v2
2019-02-22 10:17:14 +07:00
kirrg001
0dd3aad2d0 Required updated_at for Admin API v2 when updating a post/page
refs #10438

- the `updated_at` functions as version control value
- it is required for collision detection
- we might redesign this feature at some point
2019-02-21 08:39:17 +01:00
Katharina Irrgang
40f359a238 🐛 Fixed night mode when using API v2 (#10499)
no issue
2019-02-15 12:15:37 +00:00
Katharina Irrgang
c2b3520652
Removed id restriction for posts relations in Admin API v2 (#10489)
refs #10438

- we now try to match by slug or id or email
- fallback to owner
- you cannot create a user via post endpoint
- Ghost uses the invite flow to add users
- get rid of `id` restriction on API level
2019-02-13 20:38:25 +01:00
Katharina Irrgang
90c421a8a8 Removed client credentials from Admin API v2 (#10485)
refs #10438
- v2 does not use client credentials anymore
- exception: scheduler & backup clients
2019-02-13 13:51:51 +00:00
kirrg001
f8b62a063b Removed more unused fields from Admin API v2 response
refs #10438

- these fields are not used
- no need to expose them in v2
- we will either remove them in the next major or use them for new features (will see)
2019-02-13 11:42:08 +01:00
kirrg001
36547a9c3a Removed ghost_auth_id from Admin API v2 response
refs #10438

- unused field
- no need to expose this field
2019-02-12 23:36:42 +01:00