closes#3222
- implementing server-side pagination for /users API
- passing /users?limit=none will return all users
- passing /users?status=invited will filter base on user status
- creating 3 mixins (route, controller and view) to keep pagination logic DRY
- updating route, controller and view for Posts to use new mixing
- implementing infinite scrolling for Users Management screen (using new mixins)
- Users Management screen displays all invited users, but paginates active users
closes#3128 (now really)
- added express variable disableLoginLimiter
- added disableLoginLimiter to all tests that use Ghost as module and
do authentication
- fixed isSetup not working for status other than active
- removed ‚Ensure a User is Registered‘ test as this is covered by the
new setup test
Closes#3271
- Change validations on both server and client to allow the
Website field to be empty or a valid URL.
- Add new schema validation helper isEmptyOrURL.
- Remove duplicate call to UserValidator in the save action
of the SettingsUser controller.
- User.last_login and User.created_at are already Moment objects
so Moment#fromNow can be called on them directly.
closes#3073
- added fixture for owner role
- added fixture for initial user (new db)
- added conversion administrator -> owner (existing db)
- changed tests to take over owner user
- removed some functional tests until /setup works with owner user
- added role to user obj (only returned from the user endpoint)
- added `/users/?include=roles` and
`/users/?include=roles,roles.permissions` query parameters
- added and updated tests
Closes#3199
-If datatype is dateTime convert to javascript Date object when
retrieved from the database.
-Add tests to make sure models and internal API are using Date
objects for dateTime fields.
-Add tests to make sure the HTTP API is returning ISO 8601
date strings for dateTime fields.
closes#3056
- Remove clientold
- Remove clientold tests
- Cleanup old admin helpers
- Remove old routes from admin and controllers from admin controller
- Comment out / remove old and broken tests
- Cleanup Gruntfile.js, bower.js, package.json etc
Still TODO:
- cleanup / add removed tests
- do we still need countable?
closes#2759closes#3027
- added oauth2orize library for server side oAuth handling
- added ember-simple-auth library for admin oAuth handling
- added tables for client, accesstoken and refreshtoken
- implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant
- updated api tests with oAuth
- removed session, authentication is now token based
Known issues:
- Restore spam prevention #3128
- Signin after Signup #3125
- Signin validation #3125
**Attention**
- oldClient doesn't work with this PR anymore, session authentication
was
removed
Closes#2866
-update slug API to handle users and apps in addition to
posts and tags
-update existing tests
-add new functional tests for slug endpoint on http api
closes#2610, refs #2697
- cleanup API index.js, and add docs
- all API methods take consistent arguments: object & options
- browse, read, destroy take options, edit and add take object and options
- the context is passed as part of options, meaning no more .call
everywhere
- destroy expects an object, rather than an id all the way down to the model layer
- route params such as :id, :slug, and :key are passed as an option & used
to perform reads, updates and deletes where possible - settings / themes
may need work here still
- HTTP posts api can find a post by slug
- Add API utils for checkData
closes#2647
- GET method returns { db: [exportedData] }
- POST, DELETE methods return { db: [] }
- 'delete all content' test updated
- Attach 'Content-Disposition' header on DB export for 'Save As' browser dialog
- Add DB API functional test for Export
Ref #2061
- Add canThis permission checks to settings api calls
- Add strict rules about accessing core settings without internal: true
- Omit core settings in browse() call unless internal: true
- Update unit tests to call api.settings with contexts
- Add a couple unit tests for new scenarios
- Update all api.settings calls in the app to call with internal context
- Re-arrange permissions.init in server startup so config.theme.update
can access settings without permissions error
refs #2606
- Use new API format when updating settings from the client side
- Add additional test to test new API format
- Adjust functional tests to work with the new format
closes#2637
- Add new get API route for all notifications
- Wrap API responses to comply with JSON-API
- Add new tests / adjust fixtures
- Adjust all occurences of passive notifications
closes#2643
- added error type
- added error property for validations
- wrapped errors in an array
- returns multiple errors for validation
- updated tests and admin
closes#2635
- add new logic to the api request handler to set a location header
when new objects are created
- added an api context to config.urlFor() to return the root url
- added functional tests for the affected routes
closes#2593
- added new format to user API methods
- changed all places where the user api was used
- updated tests and added more coverage
- little bit of cleanup in utils/api
Closes#2606
- Refactor settings api responses to { settings: [ ] } format
- Update all code using api.settings to handle new response format
- Update test stubs to return new format
- Update client site settings model to parse new format into one object of key/value pairs
- Refactor to include all setting values
- Remove unused settingsCollection method
- Update settingsCache to store all attributes
- Update settingsResult to send all attributes
- Remove unnecessary when() wraps
- Reject if editing a setting that doesn't exist
- Reject earlier if setting key is empty
- Update tests with new error messages
- Use setting.add instead of edit that was incorrectly adding
- Update importer to properly import activePlugins and installedPlugins
- Update expected setting result fields
- Fix a weird situation where hasOwnProperty didn't exist 🤷
closes#2628
- added /view/ route to the editor. if /view/ is appended to
the url of a post being edited a redirect to the frontend
will occur
- updated controller to check for /view/ and built the
correct url for the post
- added test for the new route
refs #2660
- removed timeout from routes tests (since Ghost is used as module it
is restarted before logging in)
- Casper.js does only one login and the existing waits are executed
after testing login limiters
- gain: 8 sec :-/
closes#1838
- adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect
- adding `urlSSL` option to specify SSL variant of `url`
- using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified
- dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data)
- using `urlSSL` in a "reset password" email, if specified
- adding unit tests to test `forceAdminSSL` and `urlSSL` options
- created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
closes#2609
- added include parameter to api.posts.*
- changed toJSON to omit objects that are not included
- added include parameter to admin
- added include parameter to frontend.js
- updated tests
- removed duplicate code from posts model
**Known Issue:** It is not possible to attach a tag using an ID.
Closes#1563
- Add new updatedAttributes() functionality to base models
- Update Post.edit(...) to pass along _updatedAttributes values
- Update Post.delete to set statusChanged to true
- Add checking for statusChanged to cacheInvalidationHeader()
- Update route tests that check for cache invalidation header
Closes#2605
- Change tags browse() response to { tags: [...] }
- Update client side collection to use nested tags document
- Update test references to use response.tags
Closes#2619
- If edit parameter is 'edit' redirect to editor.
- If edit parameter is anything other then undefined redirect to 404.
- Create edit post tests.
- Test redirect without trailing slash.
- Test redirect to editor.
- Test redirect to 404.
closes#2604
- moved ‚pagination‘ to ‚meta‘ property
- added response test for pagination property
- changed ‚next‘ and ‚prev‘ to be set to null and exist on every
response
- removed unnecessary call to API for RSS author
closes#2580
- added new format to post API methods
- added post object parsing and wrapping to admin
- removed unused ‚user‘ object from API response
- updated tests
close#2443
- Refactor API tests from `/core/test/functional/api` to
`/core/test/functional/routes/api`, using supertest instead of request
- Remove `core/test/functional/api` folder
closes#2442, issue #2182
- Server start refactored - messaging is just messaging, deferred resolves the httpserver so that the connection can be closed
- Updated travis config to set node env
- Updated example config to be less travis-specific
- Route tests updated to use this new functionality
- Grunt test-routes simplified
closes#2261
- reserved 'feed' in the list of reserved keywords for slugs
- added a 301 redirect from /feed/ to /rss/
- added a route test, and realised that standard express redirects don't get the right headers
- fixed the headers across all 301 redirects & added tests for the admin redirects
- removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/
closes#2260
- added routes for /tag/:slug/rss and /tag/:slug/rss/:page
- added support for tag in the rss controller
- added route tests for each extra case
- fixing a tiny typo in some test descriptions
