Commit Graph

478 Commits

Author SHA1 Message Date
Hannah Wolfe
b8a3415726 Remove featured, tag, author & role API params
refs #5943

- removed featured, tag and author parameters from posts API
   - featured was only used in tests
- removed role filter from users API
   - role was only used in tests
- fixed up the tests, skipping those that don't quite work yet
2015-10-27 10:53:51 +00:00
Delgermurun
146bb01657 db api endpoint validation error refactor
No issue
- Raised ValidationError instead of PermissionError on db api validation
- Added & modified integration tests
2015-10-25 09:20:13 +08:00
Hannah Wolfe
0be56fb5f0 Merge pull request #5983 from vdemedes/pipeline-themes
Refactor themes endpoint with pipeline utility
2015-10-23 12:37:56 +01:00
Hannah Wolfe
afbcecc3f6 Merge pull request #5848 from sebgie/public-api-1
Public API
2015-10-22 20:39:41 +01:00
cobbspur
7a996ecbe7 Simplify fields and includes prior to fetch
No Issue

- allows comma separated include and field parameters to also have a space
- allows capitals in include and field parameters
2015-10-22 15:39:54 +01:00
Sebastian Gierlinger
f48dfb09cf Public API
refs #4180
closes #4181
- added client and user authentication
- added authenticatePublic/authenticatePrivate as workaround for
missing permissions
- added domain validation
- added CORS header for valid clients
- merged authenticate.js and client-auth.js into auth.js
- removed middleware/api-error-handlers.js
- removed authentication middleware
- added and updated tests
2015-10-22 15:28:47 +02:00
Hannah Wolfe
b5cebb9ec6 Add filter parameter using GQL
refs #5604, refs #5463

- deps: ghost-gql@0.0.2
- adds code to wire up the filtering to a paginated query
- updated pagination plugin count query to use 'distinct' so it's more robust
- rename paginationUtils.query to addLimitAndOffset to be more explicit and make the code clearer
- add a new 'advanced browsing spec' set of tests for tracking these features as they are built out
2015-10-22 11:29:05 +01:00
vdemedes
2cd7f2daca Refactor themes endpoint with pipeline
refs #5508

- use pipeline utility in themes controller
2015-10-22 12:17:16 +02:00
Delgermurun
b37c0f2e91 Apply pipeline to db api endpoint
refs #5508
- adds pipeline to export, import and delete all methods
2015-10-21 09:33:31 +08:00
Kevin Ansfield
ff73f1af92 deps: grunt-jscs@2.1.0
no issue
- update grunt-jscs dependency
- fix deprecated `validateJSDoc` configuration
- fix numerous linting errors, including:
  - use of future-reserved `public` and `private` variable names
  - use of `[]` instead of dot-notation (especially `express['static']` and `cacheRules['x']`)
  - extra spaces in `const { run } = Ember` style constructs

One issue that did become apparent is that there are conflicting rules that prevent the use of object function shorthand such that both of these:

```
{ myFunc() {} }
{ myFunc () {} }
```

are called out due to either the missing or the extra space before the `(`
2015-10-12 19:21:16 +01:00
Hannah Wolfe
545bea0eaf Return a single 422 error for invalid values
refs #5808

- Fix the API to return a single 422 error when an invalid value is passed
- Only affects Browse, and not Read at present due to differences in how they are handled
- Frontend was changed to always 404 in #5851
- Adds tests to ensure all cases are covered
2015-09-25 10:30:49 +01:00
Hannah Wolfe
00656a729b Don't alter password from User.edit endpoint
- password changes should only be possible from the password change endpoint

Credits: An anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure program
2015-09-23 23:07:49 +01:00
Hannah Wolfe
95623e60ae Add underscores to general validation
fixes #5816

- general slugs and other fields should permit underscores as well as dashes
2015-09-17 12:24:11 +01:00
Sebastian Gierlinger
f22796ff7d Add dynamic client_id/client_secret
no issue
- added ghost-admin client_id to admin
- added ghost-admin client_secret to admin
- added client.read() api endpoint
- added random generation of client_secret to migration
- removed addClientSecret method
- updated tests
2015-09-02 16:39:34 +01:00
Austin Burdine
6c5fea40ca Remove auto-inclusion of jQuery via ghost_foot
closes #5298
- remove all harcoded instances of jQuery throughout the front-end of the blog
- add migration function to add cdn link to ghost_foot code injection when migrating up from version 003
- migration version bump
2015-09-02 13:39:22 +01:00
Hannah Wolfe
e9a96816ac Adding 'fields' param for browse requests
refs #5601, #5463, #5343

- adds rudimentary support for a 'fields' parameter on browse requests
2015-08-28 19:08:22 +01:00
Hannah Wolfe
2c29ae1ad2 Don't return from sending welcome mail
closes #5675

- welcome mail is non-critical, invalid mail setups shouldn't interfere with setting up a blog
2015-08-25 09:08:11 +01:00
Sebastian Gierlinger
a82e9aa3c5 Mail consolidation
refs #5489
- move mail.js -> mail/index.js
- move email-templates -> mail/templates
2015-08-20 11:36:14 +02:00
Hannah Wolfe
16407b41ee Merge pull request #5655 from sebgie/extract-permissions
Refactor handlePermissions
2015-08-11 19:32:20 +01:00
Sebastian Gierlinger
44622d943d Refactor handlePermissions
no issue
- extract handlePermissions to utils
- added NoPermissionError when canThis() rejects
- omitted users.js because it uses special permission handling
2015-08-11 16:03:57 +02:00
Sebastian Gierlinger
9376bdf699 Merge pull request #5646 from ErisDS/issue-5150-nextprev
Next/Prev Post helpers include author & tags
2015-08-11 15:46:23 +02:00
Hannah Wolfe
a00eace849 Next/Prev Post helpers include author & tags
closes #5150

- Post API understands next.author, next.tags, previous.author and previous.tags
- Post Read request filters out those properties and does the right thing with them
- Prev/Next post helpers send extra include properties
- Tests updated
2015-08-10 08:58:25 +01:00
Austin Burdine
392cb0038c apply pipeline to notifications endpoint
refs #5508
- adds pipeline to the add and destroy methods of the notifications api
2015-08-09 22:42:10 -06:00
Hannah Wolfe
524b247c58 Add public API permission handling
refs #4004, #5614

- added new public permission handling functions to permissions
- added a new util to handle either public permissions or normal permissions
- updated posts, tags and users endpoints to use the new util
- added test coverage for the new code
2015-08-03 19:30:17 +01:00
Kevin Ansfield
7ac6ebb920 Refactor notifications service & components
issue #5409

- change persistent/passive notification status to alert/notification
- replace showSuccess/Info/Warn/Error with showNotification/showAlert
- fix and clean up notification/alert components
2015-07-28 12:26:11 +01:00
Hannah Wolfe
ab2049e35c Merge pull request #5580 from halfdan/update-deps
Update lodash and cheerio
2015-07-22 21:35:02 +01:00
Fabian Becker
2878b5ae00 Update lodash and cheerio
- update lodash to 3.1.0
- cheerio update uses new css-select, css-what packages (others were deprecated)

refs #5578
2015-07-21 19:59:49 +02:00
Jason Williams
c3951c4fd7 Merge pull request #5570 from ErisDS/issue-5564
Fix regressions with password reset
2015-07-21 10:14:56 -05:00
Hannah Wolfe
4ba77e0da4 Fix regressions with password reset
fixes #5564

- adds missing part of `/setup/` url in authentication middleware
- ensures data is passed through from API to model in correct (new) format for password reset
- re-adds missing/incorrectly commented out auth tests, and verifies that reset as far as token validation
2015-07-21 08:47:26 +01:00
Hannah Wolfe
e044136503 API Option Handling
refs #2758

- add a set of default options to utils
- update validation function to only pass through permitted options
- pass permitted options into validate where necessary
- setup basic validation for each known option, and generic validation for the remainder
- change slug to treat 'name' as data, rather than an option
2015-07-14 18:20:27 +01:00
Hannah Wolfe
843dd31b74 Merge pull request #5523 from Remchi/change-reset-password-refactor
Refactor changePassword and resetPassword
2015-07-11 11:31:50 +01:00
Austin Burdine
a16be11038 re-added revoke method to authentication api
closes #5530
- adds revoke api method back into code base
2015-07-07 17:39:43 -04:00
Rem Zolotykh
9323abbb44 Refactor changePassword and resetPassword
issue #5500
- make `changePassword` and `resetPassword` methods on `user` model
  consistent: use `object` and `options` arguments instead of multiple
  different arguments
- change User API `changePassword` method to use these new arguments
2015-07-07 22:03:17 +02:00
Fabian Becker
7f5250af0e Pipeline roles and slugs API
refs #5508
2015-07-02 16:38:31 +02:00
Hannah Wolfe
b8415e8b90 Merge pull request #5349 from acburdine/onboarding-api
Add PUT route to authentication setup
2015-06-30 12:03:21 +01:00
Austin Burdine
a2a0ba9023 adds put route to authentication setup
closes #5342
- adds put version of authentication/setup that allows for updating of owner/settings values
- doesn't send welcome email
- adds tests for new put route
2015-06-29 13:16:10 -04:00
Hannah Wolfe
51ac3f6532 Refactor to using pipeline for the API
refs #2758

- Post, Tag & User API methods are refactored to use pipeline
- Each functional code block is a named task function
- Each function takes options, manipulates it, and returns options back
- Tasks like permissions can reject if they don't pass, causing the pipeline to fail
- Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint
- Tasks like the data call can be extremely complex if needs be (like for some user endpoints)
- Option validation is mostly factored out to utils
- Option conversion is factored out to utils
- API utils have 100% test coverage
- Minor updates to inline docs, more to do here
2015-06-28 22:52:31 +01:00
Hannah Wolfe
f6322da4c9 Use extends correctly & consistently
- extends clobbers the first argument you pass to it, so that should not be a variable that is used elsewhere, if you're also assigning the value, as it will have unintended side effects.
2015-06-25 19:56:27 +01:00
Hannah Wolfe
7705e30995 Use 'author' for relation instead of 'author_id'
- this clears a todo in the codebase & gets rid of a few lines of unnecessary code
2015-06-24 10:00:24 +01:00
Hannah Wolfe
254e0f0597 Improve API error handling
close #2757, refs #5286

- moves error formatting from api/index into errors lib
- moves error handling from api/index into its own middleware
- adds extra middleware for method not allowed which captures all unsupported routes
2015-06-15 10:08:30 +01:00
Joe Wegner
75faf0109d invite users after signing up during setup
closes #5338
- moves skip link to below the submit button
- makes the submit button better represent form status
- posts notifications based on success/failure of notifications
- goes to the invite page after user creation
- actually sends invites!

functional tests passing for onboarding invitations

cleanup for linitng

remove unreachable return

access the notifications service better

use link-to instead of an anchor with an action

failed user creations get caught, and bubble as errors

a slew of other cleanup stuff via jason
2015-06-09 11:50:24 -07:00
Hannah Wolfe
7eacd2876d Ensure middleware functions are named
refs #5091

- adds names to all middleware functions, for debugging purposes
2015-06-02 14:49:18 +01:00
Austin Burdine
e69c8c89ac remove settings email
closes #5299
- removes settings/general email field from both client and server side
- fixes tests to reflect removal of email
2015-05-22 15:23:31 -06:00
Tushar Bhushan
3fca65a3c5 Fixed the invite user email to include the email address of the user who invited you
closes #5283
- due to the changes with the api call in pr #5159 the email address wasn't showing up
- modified the api call to fetch user data to pass the context object to the toJSON object
2015-05-20 15:49:35 -07:00
Hannah Wolfe
023755c566 Cache invalidate for previews
no issue

- draft updates now need to affect the preview route
2015-05-19 18:32:00 +01:00
Adrian Estrada
107c9602c1 API: Adding featured filter option to posts.browse
Closes #5152
- Adds `featured` filter option to posts.browse method modifying the model to take it too
2015-05-13 16:18:50 -05:00
Austin Burdine
bd2b206e4b finish up password protection
closes #5073
- takes password protection out of labs and moves it to general settings
- adds random-words generator to randomly generate passwords
2015-05-12 12:02:18 -06:00
Jason Williams
263bbd5092 Fix up filtering implementation 2015-05-10 20:48:32 -05:00
Austin Burdine
2865662ee5 added password protection
closes #4993
- brings password protection to the frontend of blogs
- adds testing for password protection
- upgrades bcrypt-js to 2.1.0
2015-04-30 23:44:43 -05:00
Matt Enlow
433956c102 Add post preview via uuid (/p/:uuid)
Refs #5097

- All drafts will show a preview link (this needs real css)
- Published posts will redirect
- prev/next post helpers only activate on published posts
- Powered by ~10 pints between the two of us (@ErisDS, @novaugust)
2015-04-30 11:57:37 +01:00
Sebastian Gierlinger
fdcb67d3cc Rename error.type to error.errorType
closes #5178
- renamed error.type to error.errorType
2015-04-22 22:29:45 +02:00
Hannah Wolfe
e26e83d40a Refactor to remove author.email from API
refs #2330

- Pass through `options` to all toJSON calls on posts, tags, and users
- Use options.context.user to determine whether it's OK to return user.email
- Remove author.email handling code from frontend.js
2015-04-17 22:27:04 +01:00
Hannah Wolfe
1b585f213c Cache invalidation can no longer be so clever
no issue

With the introduction of the prev/next helpers (and soon, get helper) we can no longer make any assumptions
about exactly which pages need to be cleared from the cache when a post is published/unpublished.
2015-04-14 16:34:34 +01:00
Hannah Wolfe
0b1497a75b No more feature flag for Code Injection
closes #1993

- remove the feature/config flag that means code injection has to be enabled
2015-04-09 17:52:41 +01:00
Katie Fenn
980b0a8610 Refactoring hard-coded frontend route keywords
closes #4519

- Added configurable route keywords
- Replaced instances of hard-coded keywords with config
- Added keywords to frontend tests stub config
2015-03-23 15:00:02 +00:00
Hannah Wolfe
cde1842750 Check ids match on edit
no issue

- It should not be possible to provide a different ID in the object being edited to that provided in the URL
- We now send the id to check object to ensure there is a match

Credits: Matteo Beccaro
2015-02-28 16:25:37 +00:00
Hannah Wolfe
2450f18170 Make the {{navigation}} helper global
refs #4535

- Rather than storing navigation data as a top level key, store it as @blog.navigation
- Reference the global data from the helper
2015-02-28 12:53:00 +00:00
Hannah Wolfe
70a200d53f Remove navigation config flag
ref #4535

- don't need this any more :)
2015-02-25 15:15:55 +00:00
Hannah Wolfe
4eee52d142 Add cache invalidation header when updating tags
no issue
2015-01-27 23:44:31 +00:00
Jason Williams
0fc152b2ad Fix up users API so admin role can edit owner
No Issue.
- Make sure that a user with the Admin role can edit the Owner.
- Add test for behavior.
2015-01-20 21:34:24 +00:00
Jason Williams
1c07273f5a Update grunt-jscs dependency
No Issue
- grunt-jscs@1.2.0
- Clean up some instances of multiple spaces.
- Remove jscs:disable for regexes now that jscs better supports them.
2015-01-16 18:06:20 +00:00
Sebastian Gierlinger
023a37b074 Merge pull request #4772 from ekulabuhov/4262_NextPrevPostWIP
[API] Retrieve next and previous post
2015-01-14 10:32:07 +01:00
Eugene Kulabuhov
0e2709c42f [API] Retrieve next and previous post
closes #4262
- implementation based on #1545
- added integration test. Modified mocked posts because code requires published_at timestamps to be different.
- fixed 2 broken tests that depended on mocked posts to have "new Date()" as their timestamps
- added checks to only query db if next/previous post requested
2015-01-13 12:49:16 +00:00
Paul Adam Davis
6cc5a58b68 Navigation UI Ember Integration
Closes #4537

- Adds Navigation to the Settings menu
- Adds a `navigationUI` config flag (redirects if not an editor or author)
2015-01-11 20:04:01 +00:00
Hannah Wolfe
1f22d8c28c Move tag management from behind config/labs flags
issue #4248

- tag management is ready for release, this takes the training wheels off :)
- remove config flag
- remove labs checkbox and related code
2015-01-06 18:56:42 +00:00
Jason Williams
f6736049c3 Fix up HTTP API handler
No Issue
- Add Location header for tags.
- Ensure Location header has trailing slash.
- Remove unnecessary promises/async.
2014-12-28 05:27:29 +00:00
Jason Williams
591fa349aa Finish up post count support in tags API
Refs #4521
- Handle 'include' query param in tags API.
- Add post_count support when fetching a tag with findOne.
- Remove post_count from options.include after processing.
- Extra database query no longer used to fetch post_count.
2014-12-19 21:46:34 +00:00
Hannah Wolfe
20710b9eba Refactor importer with tests
refs #4605

- Move as much code as possible out of the DB API
- Split the importer into 2 concepts, code which handles different
  filetypes and code which takes the content of files and imports it into
  Ghost in some way
- Split the import process into 4 steps, load the file into a useful
  format, preprocess the data, do the import, generate a report
- Reporting is currently a no-op
- Adds a basic level of testing
2014-12-17 18:22:39 +00:00
Hannah Wolfe
a0db21d3ec Merge pull request #4629 from cobbspur/postpreview
Add view post link on published and updated posts
2014-12-15 13:28:47 +00:00
cobbspur
53d12a9659 Add view post link on published and updated posts
closes #1756

- adds a post url link to 'post updated' and 'post published' in editor
- adds join function in ghost paths
- adds a '/' detection to makeRoute method
- adds test for join function
2014-12-15 12:18:47 +00:00
Hannah Wolfe
35ee121761 Merge pull request #4628 from sebgie/issue#4624
Password change MU
2014-12-12 10:07:34 +00:00
Sebastian Gierlinger
40c78493a3 Password change MU
closes #4624
- added user_id to password reset request
- hide old password field
- updated changePassword method to check permissions
- updated changePassword method to work without oldPassword
- fixed bug for errors shown as [Object object]
2014-12-11 21:23:07 +01:00
Sebastian Gierlinger
f531ef19f8 Merge pull request #4626 from ErisDS/issue-4607
Add support for zip import
2014-12-11 20:52:04 +01:00
Hannah Wolfe
6ff51ad44e Add support for zip import
fixes #4607

- moves file checks from db and upload API endpoints to api utils
- adds code to accept and then extract a zip and pull out a JSON file
- zip handling requires a lot of dependencies - this needs a good refactor
2014-12-10 20:21:06 +00:00
cobbspur
cd5d87ddf2 Return computed url with post object
closes #4445

- post model gets permalink format
- post model queries urlPathForPost to return computed url
- url helper modified to use post url
- urlForPost method abolished and replaced where necessary
- updated tests
2014-12-10 17:23:02 +00:00
Sebastian Gierlinger
32959b2269 Merge pull request #4578 from ErisDS/pr-3489
Code Injection PR 3489 rebased and updated
2014-12-04 15:16:37 +01:00
Hannah Wolfe
904918d5cc Code Injection - adds perms, shortcuts, icon, flag
refs #1993

- adds ctrl/cmd+s for save
- adds config flag
- adds icon on settings page, puts items in the right order
- sorts out permissions for all settings pages with consistent configuration
2014-12-04 13:34:44 +00:00
Sebastian Gierlinger
319887c77b Merge pull request #4573 from ErisDS/limit-all-sitemaps
Add limit=all consistently to users, posts & tags
2014-12-04 09:45:33 +01:00
Hannah Wolfe
9b146e59bb Add limit=all consistently to users, posts & tags
refs #623, #4348

- this fixes sitemaps to list all posts, pages, tags and users
- makes the API behave consistently across all paginated resources
2014-12-03 18:46:26 +00:00
Sebastian Gierlinger
9b8141bb08 Merge pull request #4530 from ErisDS/issue-4498
API - no more m-2-m relation ids by default
2014-12-02 20:49:47 +01:00
Hannah Wolfe
4cb909542a API - no more m-2-m relation ids by default
closes #4498

- remove toJSON code which returns only IDs from objects
- don't auto-include tags & fields in post responses
- don't auto-include roles in user responses
- fix #allthethings that made assumptions about the auto-includes, or otherwise were only working because of the auto-include
2014-12-02 19:24:44 +00:00
Hannah Wolfe
c06e649ab1 Merge pull request #4554 from sebgie/issue#3872
URL safe base64 encoding
2014-12-01 16:56:14 +00:00
Sebastian Gierlinger
9ddabffa10 URL safe base64 encoding
closes #3872
- updated base64 escaping to respect + and \
- updated base64 escaping to remove = during transport
- updated tests
2014-12-01 16:59:49 +01:00
Hannah Wolfe
aa44743c67 Merge pull request #4531 from Gargol/issue-4485
Cleans up HTML data attributes on body in default.hbs
2014-12-01 10:54:19 +00:00
Jacob Gable
2cfa18475a Generate sitemap files
Closes #623

- Add basic init and eventing scaffold
- Add sitemap-index.xml generation
- Broke out generators to individual files, added request handler
- Add page, author and tag xml files; add index mapping
- Add SiteMapManager unit tests
- Add Generators tests
- Cache invalidation headers for sitemap-*.xml
- Redirect sitemap.xml to index and rename to sitemap-index
- Handle page convert and publish/draft changes
- Add very basic functional test for route existence
- Add cache headers to sitemap routes
2014-11-30 10:49:45 -08:00
Nazar Gargol
df5a598718 Cleans up HTML data attributes on body in default.hbs
closes #4485

- removes data attributes used on body in default.hbs
- introduces new way to generate configuration through meta tags
- config initializer consumes configurations from the meta tags using parser
- moves blog_title helper/value to be a property in a configuration api
2014-11-29 17:09:43 +01:00
Jason Williams
1d562c8914 Add Ghost version to config object.
No Issue
- Use Ghost version value that is already loaded instead of
  reading package.json from the filesystem and parsing it on
  every call into the configuration API.
2014-11-28 18:08:50 +00:00
Hannah Wolfe
af7bbb83e4 Merge pull request #4091 from hswolff/remove-a-cd
Removes objectTypeModelMap to reduce circular dependency.
2014-11-24 11:59:07 +00:00
Jason Williams
b31fec6e2f Fix updateConfigTheme method.
No Issue
- Fix exception being thrown when updateConfigTheme called before
  settingsCache fully populated.
- Remove unnecessary check in a conditional in the migration command
  builder.
2014-11-20 14:54:37 +00:00
Sebastian Gierlinger
819a978192 Merge pull request #4406 from RaoHai/tag-endpoints
full BREAD Tag endpoints and Tag api tests
2014-11-13 19:25:36 +01:00
Jason Williams
a2e670cb0b Merge pull request #4320 from felixrieseberg/iss4235
Work with case-sensitive email addresses
2014-11-12 19:35:38 -06:00
Felix Rieseberg
af1d2201b0 Work with case-sensitive email addresses
Closes #4235
2014-11-12 17:18:53 -08:00
surgesoft
d9643ed2f4 full BREAD Tag endpoints and Tag api tests
close #4263
- implemented full BREAD Tag API
- deleting a tag will also detach its relations to posts
- tests of Tag API
2014-11-13 00:44:36 +08:00
cobbspur
69d4852a6d Create Tags Management Stubs for Ember
closes #4260

- Adds "tags" route inside of the settings routes.
- Adds this route to router.js
- Links the route from the settings.hbs template
- Adds demo tags html in tag.hbs template
- Adds flag for tagsUI
2014-11-04 15:50:41 +00:00
Harry Wolff
6cbcfac72b Removes objectTypeModelMap to reduce circular dependency.
refs #2455

- also note areas where we still have lazy loading of modules.
- moves one lazy loading to non-lazy require.
2014-10-27 20:48:22 -04:00
Felix Rieseberg
7bb38f8c7b Accept Invitation: Generate Slug from Name
No issue, but ref #4211
2014-10-13 08:35:08 -04:00
Hannah Wolfe
4e58198381 Merge pull request #4188 from halfdan/1891-move
Abstract the allowed file types out of API
2014-09-29 21:31:22 +01:00
Fabian Becker
72b0a48483 Fix DB API
no ref
- Use correct error type
2014-09-28 19:38:41 +00:00
Fabian Becker
55293d0d1e Abstract the allowed file types out of API
closes #1891
- Moves contentType and extension check to config
2014-09-26 13:31:23 +00:00
Jason Williams
63546be1eb Prevent transition to signup on invalid invitation
Refs #3876
- Prevent signup page from flashing when an invalid invitation
  token is used.
- Clear sensitive information from signup controller.
- Make isInvitation API behavior consistent with other auth
  related APIs.
2014-09-19 04:52:45 +00:00
Felix Rieseberg
b1c1b03015 Redirect user if signup invitation isn't valid
Closes #3565
- Added server API isInvitation (analog to isSetup), checking if an
invitation exists for a given email address.
- If the invitation is no longer valid (or didn’t exist in the first
place), the user is redirected and an error notification is shown.
2014-09-18 19:11:40 -06:00
Harry Wolff
469aaa398c Add jscs task to grunt file and clean up files to adhere to jscs rules.
resolves #1920

- updates all files to conform to style settings.
2014-09-17 21:44:29 -04:00
Hannah Wolfe
b7fdf7d872 Merge pull request #3947 from hswolff/goodbye-config-theme
Removes config.theme and restructures how theme variables are cached
2014-09-15 21:30:44 +01:00
Harry Wolff
66845def85 Moves storage module to use prototypes for inheritance and structure.
addresses #2852

- Moves storage modules to use prototypes and to create prototypes
that inherit from the base storage ctor.

- Makes storage/base conform to an all Promise interface.
2014-09-12 21:41:29 -04:00
Fabian Becker
c684ee5b38 Delete revoked tokens
closes #3758
- new API method to delete access and refresh token
- use new ember-simple-auth config to revoke tokens on logout
- new method to delete tokens by .. token
2014-09-10 20:19:52 +02:00
Hannah Wolfe
2aff9ed8eb Force apps flag to be boolean in config API
ref #3969

- it shouldn't be possible to set keys via this flag
2014-09-09 08:40:38 +01:00
Harry Wolff
2bb1b14ebd Removes config.theme and restructures how theme variables are cached
resolves #1789

- removes config/theme.js
- moves caching of theme variables to api/settings.js which is where the
rest of the settings cache occurs.  this removes the requirement of having
to push changes to cache, now it simply occurs alongside when settings
are changed.
- updates relevant tests.
2014-09-02 23:15:15 -04:00
Fabian Becker
c0adf5894f Remove permissions from configuration API
closes #3909
- Remove permissions from configuration API
- Remove permission setup from integration test
- Remove permissions from permissions.json
2014-09-02 15:48:32 +00:00
Fabian Becker
688b3914e4 Implements new Configuration API
closes #3619
- adds new permissions for configuration API
- adds integration tests
- adds configuration API for reading allowed values
2014-08-31 20:54:17 +00:00
Hannah Wolfe
74c6a341be Delete tokens before deleting a user
fixes #3750

- Updated tests to create tokens for one user. This caused the tests to
  fail for MySQL exposing the bug.
- Delete user's tokens along with posts
2014-08-23 20:13:17 +01:00
Jason Williams
07ad400ee0 Replace the when promise library with bluebird.
Closes #968
2014-08-23 17:15:40 +00:00
Harry Wolff
5ff2a31ce1 Move Models module to have an init method that sets up all models
resolves #2170

- creates a models.init() function that requires all other model files
and caches them.  This is opposed to the previous functionality where
when you require('./models') it would immediately require all other models.
Now it's done when you want.

- Updates all tests to reflect the new structure of the model module
2014-08-18 15:54:10 -04:00
Felix Rieseberg
47ba9a7385 Ensure Owner's role isn't downgraded
closes #3765
- Simple API check to ensure that the owner isn’t downgraded to a
different role (analog to the ’can’t change your own role’ check)
- Test added to ensure Owner can't be downgraded to a lower role
2014-08-15 17:44:30 -04:00
Jason Williams
8fb3cddcf6 Update express and body-parser dependencies.
No Issue
- Upgrade to versions of these packages that use qs >= 1.0.0.
2014-08-11 05:20:31 +00:00
Hannah Wolfe
988ca127b6 Updating docs links to point to support.ghost.org 2014-08-10 23:17:40 +01:00
Sebastian Gierlinger
85a1902294 Merge pull request #3735 from ErisDS/cache-invalidation
Adding author pages to cache invalidation
2014-08-10 22:01:19 +02:00
Hannah Wolfe
d556f4723e Adding author pages to cache invalidation 2014-08-10 19:32:46 +01:00
Hannah Wolfe
32d72d5daa Expose blog URL to client app
fixes #3724

 - provide config.url to the ember client app via a data attribute
 - create server and client side helpers to output the URL
 - wire up the client side helper
 - add a class for testing, and add tests for both the server and client side
2014-08-10 18:49:37 +01:00
Gabor Javorszky
508f669a49 Sends test email to the person who clicked on the button
Closes #3649

* Small refactor of the api route for email test. We no longer need to look up the email in the settings
* Added a user model lookup based on context to the test email method.
2014-08-08 18:41:14 +01:00
David Balderston
99e77cab3c Removed Username From Initial Blog Description
closes #3631
- Removed the 'by + setupUser.name' from authentication.js
- Removed the 'by Test User' from feed_test.js
- Added a '.' to the end of each per issue comment example
2014-08-08 08:04:46 -07:00
Fabian Becker
9915fb1268 Fix revoke user invite and user.destroy
fixes #3630
- Extend user adapter in ember to load users with status: all
- Fix user.destroy by loading all users with status: all
2014-08-06 16:48:18 +00:00
Waleed Ali
7009d416cb Improve settings error handling
closes #3450
- Added no-permission error handling for settings edit API.
- In Authentication API integration test, updated the initOwnerUser
  function to insert the roles and user_roles for the owner user so the
  owner can edit settings after adding the no-permission error handling. I
  also added the mail send permission to the test since it's used after
  the user edits the settings.
2014-08-06 09:11:50 +01:00
Hannah Wolfe
9fb34d6b27 Merge pull request #3550 from halfdan/3542-forgotten-user
Properly show message when resetting password.
2014-08-06 02:18:30 +01:00
Fabian Becker
a2d5105bcc Changing User.read API to default to active users.
refs #3542
- Properly handle forgotten screen (ember)
- Change Users API to only return active users on read
- Adjust tests
2014-08-06 00:30:48 +02:00
Sebastian Gierlinger
766e6ff944 Add owner role to setup user
closes #3518
- added owner role to user that is added if no user is available
2014-08-05 13:48:10 +02:00
Felix Rieseberg
abf251212c Descriptive error if user by mail not found.
closes #3537
- Replaced generic NotFound error with descriptive NotFoundError.
2014-08-01 18:13:33 -07:00
Hannah Wolfe
194d45fac6 Merge pull request #3480 from jaswilli/issue-3466
Update user roles in store after owner transfer
2014-07-31 15:39:48 +01:00
Jason Williams
baf9138b27 Update user roles in store after owner transfer
Closes #3466
- Transferring the owner role is now done via a separate
  endpoint and not through Ember-Data.  As a result the
  user role data needs to be updated manually.
- Updated the owner endpoint to return a response body
  containing the updated user objects.
- Updated tests.
2014-07-31 13:41:10 +00:00
Hannah Wolfe
eecbdc1693 User edit & add endpoints cleanup
- edit and add endpoints don't assume role
- edit and add endpoints cope with no role, role objects, and strings
- resend user invite was failing at one point due to no role being sent, but this shouldn't be required
- other random api cleanup
2014-07-31 12:37:48 +01:00
Gabor Javorszky
8487dada0b Implement user and related content deletion
Closes #3100

* Introduces `destroyByAuhor`, given a context and an id, it will check if context has permission to delete the user by the id, and then deletes all the content where `author_id` is id, and then deletes the user
* Does multiple checks to make sure user exists
* Added a fixture `posts:mu` that creates 4 users belonging to 4 roles, 50 posts that have authors evenly distributed, 5 tags and all 50 have one tag attached to it, evenly distributed.

Caveats / questions

* Started testing
2014-07-31 03:48:59 +01:00
Hannah Wolfe
80cbef8cdb Merge pull request #3461 from halfdan/unhandled-rejection
Fix unhandled exception
2014-07-30 22:31:19 +01:00
Fabian Becker
29ad30bec8 Fix unhandled exception
no ref
- return result of mail.send
2014-07-30 18:45:00 +00:00
Sebastian Gierlinger
ded6aa6ac0 Transfer ownership end point
closes #3426
- added transfer ownership endpoint
- added owner to roles.permissible
- manually removed owner from roles.browse
- removed hard coded author role
- fixed tests that were passing due to hard coded author role
- added testUtils.setup(‚roles‘)
2014-07-30 17:40:30 +02:00
Hannah Wolfe
ecc8c96c03 Merge pull request #3444 from sebgie/fix-invitations
Fix Invitations
2014-07-30 13:40:23 +01:00
Jacob Gable
0b34ad84cb Fix lazy loading of settings
Closes #3281

- Add the missing return to populateDefault
- Wrap defaultSetting in [] when passing to readSettingsResult
- Populate default value of dbHash in parseDefaultSettings
- Modify migrations.init to only load databaseVersion for export_spec test
- Fix spacing in test util file and null reference error in test
- Uncomment user tests (but add .skip) and remove settings from testUtils.setup()
2014-07-29 10:43:38 -05:00
Sebastian Gierlinger
83e1ffca1d Fix Invitations
no issue
- added `invited-pending` when resending invitation
- promise chain was missing a return statement
- email error was masked and front end showed success notification
2014-07-29 15:35:48 +02:00
Hannah Wolfe
0ffc5e6d47 Improve importer error messaging
closes #3274

- Ensure that validation errors are always handled by moving them into the
  importer
- Ensure that db errors are handled consistently across sqlite and mysql
- Change the errors to be output in a table, with a short failure notification
- Add tests for 003 importing bad files
2014-07-29 12:02:18 +01:00
Maurice Williams
e30e29bf5d Implementing HTML emails
closes #3082
- no more in-line HTML strings
- adding files for "welcome", "reset password", and "invite user" emails
- added mail.generateContent() to create HTML and plain-text email content
- refactored methods that trigger emails to send both HTML and plain-text emails
2014-07-29 00:55:14 -04:00
Sebastian Gierlinger
e1c0c5ce98 Change refresh token expiry
no issue
- acquiring a new access token using a refresh token sets the
expiration time of the refresh token to now + 24 hrs.
- moved all occurrences of ONE_HOUR, ONE_DAY and ONE_YEAR to
`core/server/utils`
2014-07-28 15:19:49 +02:00
Hannah Wolfe
987e9277dc User edit, add & destroy perms restricted by role
closes #3096, closes #3378, refs #3100

- user.permissible updated to reflect proper permissions
- small amount of API refactoring to handle extra cases
- extensive integration testing
2014-07-28 08:32:04 +01:00
Hannah Wolfe
e7dc51dc66 Improving error handling 2014-07-28 06:30:01 +01:00
Jason Williams
8a2d50b871 Improve handling of users and roles in admin
Closes #3083 Refs #3229
- Populates the dropdown list in the invite user menu with the
  list of roles a user is permitted to create.
- Users API now checks the invite user request for allowed roles.
- Change API response from 200 to 201 on successful invitation.
- Change API response from 500 to 201 when the user was created but
  the email was not sent.  The client will show a warning notification
  when it sees 'invite-pending' as the new user's status.
- Add support for "?status=all" to the /users endpoint.
- Refactor the route and controller for the /settings/users page so
  that there's only one network API call to load users instead of two.
2014-07-24 14:20:47 +00:00
Sebastian Gierlinger
1eff3d9471 Fix importer bug for IE
closes #3339
- removed check for mime type
2014-07-23 16:53:03 +02:00
Harry Wolff
be37070fb6 This aims to speed up both the ghost application and tests by
migration from usage of config() to just an object of config.

no relevant issue

- Change 'loadConfig' task to 'ensureConfig' to more accurately reflect
what it is actually doing.  Its sole purpose is to make sure a `config.js`
 file exists, and as such the name now reflects that purpose.

- Update config/index.js to export the ghostConfig object directly
so that it can be accessed from other modules

- Update all references of config(). to config.
This was a blind global find all and replace, treat it as such.

- Fixes to tests to support new config access method

- Allow each test to still work when invoked invidually
2014-07-22 22:37:44 -04:00
Sebastian Gierlinger
28b03ec87e Add edit roles
refs #3087
- added ability to edit user/roles relation
- user is not allowed assign roles to himself
- only one role per user is supported atm
- added tests
2014-07-21 22:50:43 +02:00
Hannah Wolfe
90880469f6 Merge pull request #3337 from morficus/issue-3222
Pagination on the Users Management screen
2014-07-21 20:34:53 +01:00
Hannah Wolfe
0e168574f0 Merge pull request #3311 from javorszky/iss3196
Added /roles/ API endpoint
2014-07-21 20:34:29 +01:00
Maurice Williams
a8ca517c54 Pagination for Users Management screen
closes #3222
- implementing server-side pagination for /users API
- passing /users?limit=none will return all users
- passing /users?status=invited will filter base on user status
- creating 3 mixins (route, controller and view) to keep pagination logic DRY
- updating route, controller and view for Posts to use new mixing
- implementing infinite scrolling for Users Management screen (using new mixins)
- Users Management screen displays all invited users, but paginates active users
2014-07-21 14:03:26 -04:00
Gabor Javorszky
80f9023020 Added /roles/ API endpoint
Closes #3196

* adds `/roles/` endpoint
* is given the current user as context
* wraps everything in a canthis.browse.role
* gets all the available roles (should "Owner" be filtered out?)
* optional parameter: `permission=assign`. Gets all roles authenticated user could assign
* if we're not signed in, gives a "please sign in" (standard) error
* if we're signed in, but user is not in the context, gives a "there was no user in the context" error
* if the user is an "Author", gives a "there are no available roles to assign" error
* implemented hacky filter because when.js produces heisenbugs past 3.2.3 (when.filter not available)
* added extra fixtures to `permissions.json`. Might need a migration.

Caveats:

* there are no tests
* for some reason the setup functional test was failing for me locally
2014-07-21 15:02:25 +01:00
Sebastian Gierlinger
772d81849e Fix file validation for importer
refs #3339
- wrong call to file validation
- refs the issue because I get application/json on OSX? Is this
something Windows specific?
2014-07-20 23:07:17 +02:00
Hannah Wolfe
c2f0fd54da Merge pull request #3326 from ErisDS/issue-3309
Adding helper for invite status
2014-07-20 19:11:05 +01:00
Hannah Wolfe
27f980bd42 Removing console.log 2014-07-20 13:35:39 +01:00
Hannah Wolfe
ab90c40e4e Adding helper for invite status
closes #3309, refs #3229

- adds different message depending on status
- doesn't delete the new user if the problem was an email error
- filters the 2 lists based on all statuses
2014-07-20 09:23:57 +01:00
Hannah Wolfe
82742fc233 Export 003
closes #3284

- ensure token tables aren't exported
- cleanup filename
- failed export throws internal server error
2014-07-19 22:38:21 +01:00
Hannah Wolfe
43b91f281d Merge pull request #3322 from jaswilli/check-setup
Check setup status when making API responses
2014-07-19 00:36:12 +01:00
Hannah Wolfe
67de186893 Merge pull request #3319 from ErisDS/issue-3275
Extending context concept to models
2014-07-19 00:13:19 +01:00
Jason Williams
7d3139d093 Check setup status when making API responses
Closes #3303, Closes #3299
- Check whether or not setup has been completed when deciding
  how to respond to certain API requests.
- Add tests.
2014-07-18 22:28:28 +00:00
Hannah Wolfe
6e48275160 Extending context concept to models
fixes #3275, fixes #3290, ref #3086, ref #3084

- Ensure that we use the current logged in user and not just user 1 when
- removing hard coded user: 1 except where absolutely necessary
- passing context, rather than user to models
- base model has a new function to determine what id to use for created_by etc
2014-07-18 15:32:56 +01:00
Sebastian Gierlinger
62c1ce128e Fix editing author
no issue
- author_id is converted to author for API responses but was never
converted back for requests
2014-07-18 10:48:48 +02:00
Hannah Wolfe
487844122d Merge pull request #3312 from ErisDS/issue-2739-2
Wire permmissions for notifications, mail and tags
2014-07-17 18:04:38 +01:00
Hannah Wolfe
cfaa6f058a Wire permmissions for notifications, mail and tags
closes #2739

- wraps the api endpoints for mail, notifications, and tags in a canThis
  check
- add internal context to internal calls
- updates tests
2014-07-17 16:44:09 +01:00
Hannah Wolfe
efa7665124 Merge pull request #3310 from sebgie/issue#3128-2
Fix tests failing because of spam protection
2014-07-17 16:41:31 +01:00
Sebastian Gierlinger
ab456638c1 Fix tests failing because of spam protection
closes #3128 (now really)
- added express variable disableLoginLimiter
- added disableLoginLimiter to all tests that use Ghost as module and
do authentication
- fixed isSetup not working for status other than active
- removed ‚Ensure a User is Registered‘ test as this is covered by the
new setup test
2014-07-17 14:22:32 +02:00
Hannah Wolfe
ce06ad412a Adding and renaming permissions
refs #3283, refs #2739, refs #3096

- Renames permissions which didn't follow bread
- Adds permissions for notifications, mail and tags

Still todo:

- wire up the new permissions where they are needed
- add permissions for roles
2014-07-17 12:32:25 +01:00
Hannah Wolfe
34a0c42834 Merge pull request #3276 from sebgie/issue#3252
Move image upload to API
2014-07-15 18:09:32 +01:00
Sebastian Gierlinger
2957b0175e Move image upload to API
closes #3252
- added `/ghost/api/v0.1/uploads/` endpoint
- removed upload method from `controller/admin.js`
- moved removal of temporary files from storage to endpoint (needed to
account for failed uploads)
- changed and moved tests
- Oversight: I think that we use `.otherwise()` and `.catch()` a bit
too extensive and mask the real error objects. We probably need an
error handling strategy at some point in the future.
2014-07-15 12:40:14 +02:00
Harry Wolff
4f727ed068 Settings: Admin User Tab
closes #2422

- updated to use new change password method
- have all save settings use notifications
- create assetUrl helper for creating asset paths with subdir's properly
 prefixed
- move all url based helpers onto a url object in ghost-paths
2014-07-14 08:52:06 -04:00
Sebastian Gierlinger
db5e02da2b Add status invited-pending for users
no issue
- added status invited-pending for invited users where sending the
invitation email failed
- removed console.log() from authentication.js
2014-07-14 11:13:23 +02:00
Sebastian Gierlinger
8c2258dc4c Move setup to API
closes #3136
- moved setup to authentication API
- added `POST /ghost/api/v0.1/authentication/setup` to execute the
setup process
- added `GET /ghost/api/v0.1/authentication/setup` to check if blog is
already set up (needed for #3145)
- removed unused methods from api/users.js
2014-07-11 14:17:09 +02:00
Sebastian Gierlinger
215badc663 Setup hijacks owner user
closes #3074
- user generated by fixture is hijacked
- user is updated with name, email, password, slug and status
- creates new user if db is migrated but no user exists
- previously removed tests are back
2014-07-10 19:29:51 +02:00
Sebastian Gierlinger
5e4fae6f11 Add owner fixture
closes #3073
- added fixture for owner role
- added fixture for initial user (new db)
- added conversion administrator -> owner (existing db)
- changed tests to take over owner user
- removed some functional tests until /setup works with owner user
2014-07-10 12:00:51 +02:00
Hannah Wolfe
a593cbfb53 Move post slug endpoint & add endpoints for users
closes #3187

- move slug endpoint to post/slug/:slug
- create similar  slug and email endpoint for users
- add/update tests
2014-07-09 16:55:34 +01:00
Sebastian Gierlinger
035fb04d34 closes #3197
- added role to user obj (only returned from the user endpoint)
- added `/users/?include=roles` and
`/users/?include=roles,roles.permissions` query parameters
- added and updated tests
2014-07-08 18:00:59 +02:00
Hannah Wolfe
8b2edf7e56 Merge pull request #3192 from sebgie/issue#3081
Allow user to accept invitation
2014-07-04 23:18:47 +01:00
Sebastian Gierlinger
84cfd529ed Allow user to accept invitation
closes #3081
- added route `/ghost/api/v0.1/authentication/invitation`
- added accept invitation
- added signup with token
- removed check() from users api
- fixed promise in resetPassword()
2014-07-03 17:06:07 +02:00
Jason Williams
13229fb6a4 Fix server-side validation
Closes #3122
-Fix validation so that all values are validated instead
 of just values that evaluate to true.
-Ensure validation methods consistently return promises
 and switch error handling from try/catch to promise.catch
 to get rid of unhandled rejection warnings.
-Add 0 and 1 to list of acceptable values in boolean validation.
2014-07-03 14:57:57 +00:00
Sebastian Gierlinger
79a80b67ac Invite user API
closes #3080
- added users.invite() to add user from email with random password
- added `GET /ghost/api/v0.1/users/` to invite users and resend
invitations
- removed one user limit
- added global utils for uid generation
- changed some „“ to ‚‘
2014-07-02 16:22:18 +02:00
Kevin Ansfield
7e2e8b3376 Persistent notifications
closes #3057
- add Notification model
- update injected Notifications object to handle persistent notifications
- load server notifications on setup if logged in otherwise on successful sign-in
- changed all existing notifications.closeAll calls to closePassive
- fixed dismissable/dismissible spelling in server API & tests
- add notifications.closeNotification method so DELETE calls can be made for server-originating notifications
2014-07-01 11:36:21 +02:00
Hannah Wolfe
f70f99b5cf Replace the old admin with the ember admin
closes #3056

- Remove clientold
- Remove clientold tests
- Cleanup old admin helpers
- Remove old routes from admin and controllers from admin controller
- Comment out / remove old and broken tests
- Cleanup Gruntfile.js, bower.js, package.json etc

Still TODO:

- cleanup / add removed tests
- do we still need countable?
2014-07-01 08:33:17 +01:00
Hannah Wolfe
3a329d2198 Merge pull request #3150 from javorszky/iss2843
Made ember version of reset password work
2014-06-30 16:18:20 +01:00
Gabor Javorszky
ad2bfb511f Made ember version of reset password work
Closes #2843

* Implemnted the ember validator correctly for both reset request and actual reset (with the token)
* added reset validator
* changed the request route addresses to be `/authentication/passwordreset`
* changed the format of data to be `{ thing: [ {data } ] }`

Missing:
* notifications
* tests for these use cases
2014-06-30 14:37:49 +01:00
Sebastian Gierlinger
c8e8da4780 oAuth
closes #2759
closes #3027

- added oauth2orize library for server side oAuth handling
- added ember-simple-auth library for admin oAuth handling
- added tables for client, accesstoken and refreshtoken
- implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant
- updated api tests with oAuth
- removed session, authentication is now token based

Known issues:
- Restore spam prevention #3128
- Signin after Signup #3125
- Signin validation #3125

**Attention**
- oldClient doesn't work with this PR anymore, session authentication
was
removed
2014-06-30 14:58:10 +02:00
Jason Williams
2356692fe3 Fix mail test send endpoint
Closes #3071
-Refactor api.mail.sendTest to take a "to:" parameter.
-Inject recipient address into the mail api's sendTest method
 from the route handler.
2014-06-26 22:00:31 +00:00
Jason Williams
39c0f219e6 Finish Debug screen for Ember admin
Closes #2847
2014-06-25 04:36:17 +00:00
Sebastian Gierlinger
1db0431e4d User API changes
closes #2822
- added destroy user method
- added remove user permission
- added API end point for get reset token
- added API end point for reset password
- added API end point for change password
2014-06-20 11:15:01 +02:00
Sebastian Gierlinger
a3665cd917 Merge pull request #2980 from jgable/lazyLoadDefaultSettings
Lazy load default settings
2014-06-17 21:52:34 +02:00
Hannah Wolfe
42a5f29263 Merge pull request #2969 from jaswilli/when
Update when.js dependency to version 3.2.3
2014-06-17 20:17:17 +01:00
Jacob Gable
d37be6f098 Lazy load default settings
Closes #2061

- Lazy load the defaultSettings value in Settings model
- Populate individual defaults before read/edit
- Populate all defaults before first browse call
- Remove populateDefaults calls from init code
2014-06-17 10:36:47 -05:00
Fabian Becker
2bff35bcc2 Complete moveover to new Notification API format
fixes #2775
- Fix all occurences of notifications.add to use proper API format
2014-06-16 08:07:29 +00:00
Jason Williams
9a9593536d Update when.js dependency to version 3.2.3 2014-06-16 04:11:22 +00:00
Hannah Wolfe
5190f1f0e4 Merge pull request #2876 from halfdan/2833-rasperize-cache
Cache invalidation for post update
2014-06-05 13:44:22 +01:00
Hannah Wolfe
42af74b073 Merge pull request #2877 from jaswilli/2866-slugs
Update slug API to work with additional types
2014-06-05 13:43:46 +01:00
Fabian Becker
340192c5da Cache invalidation for post update
closes #2833
- Handle status change of post
2014-06-04 18:11:28 +00:00
Jason Williams
39967b02da Enable post deletion from Ember admin
Closes #2849
-wire up delete post action in ember admin
-refactor ember modal dialog
-override RESTAdapter.deleteRecord to workaround Ember expecting
 an empty response body on DELETEs
2014-06-04 13:19:57 +00:00
Jason Williams
bb4a0a3540 Update slug API to work with additional types
Closes #2866
-update slug API to handle users and apps in addition to
 posts and tags
-update existing tests
-add new functional tests for slug endpoint on http api
2014-06-04 05:54:03 +00:00
Hannah Wolfe
57a5b6a188 Full pass at inline API Docs
closes #2622, ref #2125
2014-06-03 14:05:25 +01:00
Hannah Wolfe
4b6f8ce06d Mail API fixes
- The mail API endpoints weren't quite working correctly. Now working but still need love
2014-06-03 12:31:14 +01:00
lennerd
bebafdc9a9 Refactore slug API for generating tag and post slugs.
Closes #2601
- Removed slug generation from the post API
- Added new, self-contained slug API
- Fixed slug permissions in the fixtures files
- Added a HTTP route for the new API method
- Added integrational tests
2014-05-26 10:07:05 +02:00
Sebastian Gierlinger
217e3ed7ad Improve status codes
closes #2187
- added UnsupportedMediaTypeError (code: 415)
- added status code 201 if a new object was created
- Updated tests
2014-05-24 08:05:12 +02:00
Hannah Wolfe
c02ebb0dcf Refactor API arguments
closes #2610, refs #2697

- cleanup API index.js, and add docs
- all API methods take consistent arguments: object & options
- browse, read, destroy take options, edit and add take object and options
- the context is passed as part of options, meaning no more .call
  everywhere
- destroy expects an object, rather than an id all the way down to the model layer
- route params such as :id, :slug, and :key are passed as an option & used
  to perform reads, updates and deletes where possible - settings / themes
  may need work here still
- HTTP posts api can find a post by slug
- Add API utils for checkData
2014-05-15 10:41:05 +01:00
Hannah Wolfe
f1a3f1a7a5 Merge pull request #2753 from jgable/fixPermissable
Add apps permissable checks in posts and users
2014-05-14 22:10:44 +01:00
Hannah Wolfe
4c0010db45 Merge pull request #2673 from halfdan/2592-tags-api
Implements new Themes JSON API
2014-05-14 16:31:36 +01:00
Jacob Gable
0dc6dc29a7 Add apps permissable checks in posts and users
Closes #2738

- Re-introduce the TargetModel.permissable interface check in the
regular permission flow path
- Pass loadedPermissions, hasUserPermission and hasAppPermission to
permissable interface to reduce logic necessary
- Refactor recursive call to pass original arguments but with actual
model
- Refactor canThis(this.user) use in api/posts.js to just canThis(this)
2014-05-14 09:22:25 -05:00
Fabian Becker
628654961a Implements new Themes JSON API
closes #2592
- Add themes browse/read endpoint
- Add new permissions for themes (only admin by default)
- Add integration tests
2014-05-14 11:23:42 +02:00
Gabor Javorszky
24190a186e Move mail api to json/api format
Fixes #2650
* rerouted all mail sending to api/mail
* changed request and response formats to json/api-like structure
* tested with forgotten password and new blog email
2014-05-13 17:34:37 +01:00
Jason Williams
414890f263 Ensure settings values are strings before saving
closes #2736
-reintroduces JSON.stringify for non-string values in
 api.settings.edit
-added a regression test
2014-05-13 05:36:18 +00:00
Hannah Wolfe
25ec0f3f75 Merge pull request #2719 from appleYaks/import-backward-compatible
Make DB Import backwards compatible
2014-05-11 16:17:17 +01:00
Sebastian Gierlinger
fd0f5a5028 Add distinct error classes
closes #2690
- added new error classes
- moved errorhandling.js to /errors/index.js
- changed API errors to use new classes
- updated tests
2014-05-09 12:11:29 +02:00
David Arvelo
eb18991ddb Make DB Import backwards compatible
closes #2716
- Continues to parse and allow import with the old format
- Detects the presence of the new JSON-API format and allows import
2014-05-08 20:29:45 -04:00
David Arvelo
2d783ac3d4 DB API returns JSON-API compatible objects. Export triggers 'Save As' dialog.
closes #2647
- GET method returns { db: [exportedData] }
- POST, DELETE methods return { db: [] }
- 'delete all content' test updated
- Attach 'Content-Disposition' header on DB export for 'Save As' browser dialog
- Add DB API functional test for Export
2014-05-07 19:05:09 -04:00
Hannah Wolfe
ede0a937a6 Merge pull request #2701 from jgable/settingsACL2
ACL and strict rules for Settings API
2014-05-07 20:23:30 +01:00
Hannah Wolfe
e23f5c027b Merge pull request #2702 from jgable/userCanThis
Update users api canThis context
2014-05-07 17:42:44 +01:00
Jacob Gable
298077582b ACL and strict rules for Settings API
Ref #2061

- Add canThis permission checks to settings api calls
- Add strict rules about accessing core settings without internal: true
- Omit core settings in browse() call unless internal: true
- Update unit tests to call api.settings with contexts
- Add a couple unit tests for new scenarios
- Update all api.settings calls in the app to call with internal context
- Re-arrange permissions.init in server startup so config.theme.update
can access settings without permissions error
2014-05-07 10:56:03 -05:00
Jacob Gable
9c9cfe763a Update users api canThis context
- Update api.users methods to pass the whole context to canThis instead
of just this.user
2014-05-06 20:11:15 -05:00
Fabian Becker
2795e723e1 Move to new API format for Settings.
refs #2606
- Use new API format when updating settings from the client side
- Add additional test to test new API format
- Adjust functional tests to work with the new format
2014-05-06 19:02:55 +00:00
Sebastian Gierlinger
b98709b3ce Refactor omit of password
- remove password in toJSON() instead of filtering every occurrence of
user
- changed faulty error type ‚NotFound‘ to ‚NoPermission‘
2014-05-06 12:14:58 +02:00
Hannah Wolfe
31fc84cefb Consistency in model method naming
- The API has the BREAD naming for methods
- The model now has findAll, findOne, findPage (where needed), edit, add and destroy, meaning it is similar but with a bit more flexibility
- browse, read, update, create, and delete, which were effectively just aliases, have all been removed.
- added jsDoc for the model methods
2014-05-06 00:36:42 +01:00
Fabian Becker
2a803aecdd Proper endpoints for persistent notifications
closes #2637
- Add new get API route for all notifications
- Wrap API responses to comply with JSON-API
- Add new tests / adjust fixtures
- Adjust all occurences of passive notifications
2014-05-06 00:05:14 +02:00
Sebastian Gierlinger
39e654e9c3 Change error message response
closes #2643
- added error type
- added error property for validations
- wrapped errors in an array
- returns multiple errors for validation
- updated tests and admin
2014-05-05 15:51:21 +02:00
Jason Williams
d0931aa455 Add location header to response when new object is created
closes #2635
- add new logic to the api request handler to set a location header
  when new objects are created
- added an api context to config.urlFor() to return the root url
- added functional tests for the affected routes
2014-05-04 14:52:01 +00:00
lennerd
66a046b00b Return new tags when posts are created via API
closes #2680
- added include options when adding a post
- added functional and integrational tests
2014-05-03 19:24:11 +02:00
Hannah Wolfe
f2071eedb2 Move user API to primary document format
closes #2593

- added new format to user API methods
- changed all places where the user api was used
- updated tests and added more coverage
- little bit of cleanup in utils/api
2014-05-02 20:50:44 +01:00
Jacob Gable
7e9880ce8d Settings API Primary Document refactor
Closes #2606

- Refactor settings api responses to { settings: [ ] } format
- Update all code using api.settings to handle new response format
- Update test stubs to return new format
- Update client site settings model to parse new format into one object of key/value pairs
- Refactor to include all setting values
- Remove unused settingsCollection method
- Update settingsCache to store all attributes
- Update settingsResult to send all attributes
- Remove unnecessary when() wraps
- Reject if editing a setting that doesn't exist
- Reject earlier if setting key is empty
- Update tests with new error messages
- Use setting.add instead of edit that was incorrectly adding
- Update importer to properly import activePlugins and installedPlugins
- Update expected setting result fields
- Fix a weird situation where hasOwnProperty didn't exist 🤷
2014-04-30 23:15:27 -05:00
Sebastian Gierlinger
1e62400465 Add include parameter for posts API
closes #2609
- added include parameter to api.posts.*
- changed toJSON to omit objects that are not included
- added include parameter to admin
- added include parameter to frontend.js
- updated tests
- removed duplicate code from posts model

**Known Issue:** It is not possible to attach a tag using an ID.
2014-04-27 18:58:34 +02:00
Jacob Gable
a9cc252b45 Invalidate cache header only for published posts
Closes #1563

- Add new updatedAttributes() functionality to base models
- Update Post.edit(...) to pass along _updatedAttributes values
- Update Post.delete to set statusChanged to true
- Add checking for statusChanged to cacheInvalidationHeader()
- Update route tests that check for cache invalidation header
2014-04-23 09:28:45 -05:00
Hannah Wolfe
3eb284e4b5 Update & grunt-groc and fix docs errors
issue #2622

- Updated grunt-groc to 0.4.5
- Fixed the few places which made the docs fail to generate
- There is still a mix of styles
2014-04-21 19:04:20 +01:00
Hannah Wolfe
0756b35656 Merge pull request #2551 from szelpe/email-test
[API] Added email sending endpoint to the API.
2014-04-21 18:41:08 +02:00
Jacob Gable
cf7c8aab3b Tag API: Primary Document Format
Closes #2605

- Change tags browse() response to { tags: [...] }
- Update client side collection to use nested tags document
- Update test references to use response.tags
2014-04-20 19:48:59 -05:00
Sebastian Gierlinger
32ea948675 Post response move pagination -> meta
closes #2604
- moved ‚pagination‘ to ‚meta‘ property
- added response test for pagination property
- changed ‚next‘ and ‚prev‘ to be set to null and exist on every
response
- removed unnecessary call to API for RSS author
2014-04-19 17:03:20 +02:00
Sebastian Gierlinger
664b002f43 missing semicolon + console.log 2014-04-16 18:49:07 +02:00
Sebastian Gierlinger
e47e9c62d0 Add permissions to API
closes #2264
- added permissions check to db, users and posts
- added register method to users
- added doesUserExist method to users
- added user from session to internal calls
- changed permissible to overwrite canThis
- removed action map and action type from permissable method
2014-04-16 18:22:22 +02:00
Sebastian Gierlinger
61e94a6e8b Use current user in models
closes #2058
- fixed apiContext as suggested in the issue
- added user to options object for models
- added api.users.register() for public registration
- changed models to use options.user for created_by, updated_by,
author_id and published_by
- added override to session model to avoid created_by and updated_by
values
- added user (id: 1) to tests
- added user (id: 1) for registration
- added user (id: 1) for import, fixtures and default settings
- added user (id: 1) for user update
- added user (id: 1) for settings update (dbHash, installedApps, update
check)
- updated bookshelf to version 0.6.8
2014-04-16 18:20:09 +02:00
Jacob Gable
88d82ff441 canThis() improvements
- Handle passing undefined user to canThis
  - Add existence check to parseContext if statement
  - Add unit test that passes undefined to canThis
- Allow internal canThis() checks
  - Allow passing 'internal' or { internal: true } as context
  - Do not lookup user permissions unless context.user found
  - If context.internal, resolve immediately
  - Add unit tests for passing 'internal' and { internal: true }
2014-04-16 18:17:43 +02:00
Sebastian Gierlinger
9321289c1d Move post API to primary document format
closes #2580
- added new format to post API methods
- added post object parsing and wrapping to admin
- removed unused ‚user‘ object from API response
- updated tests
2014-04-16 12:09:03 +02:00
Peter Szel
2433116cc6 Added email sending endpoint to the API.
closes #2550

- Added new API module named 'mail'
- Added routes for the mail endpoint
- Added 'send a test email' button to the debug settigns page
- Added handler to this button which sends and AJAX request to the mail API endpoint
2014-04-09 23:56:21 +02:00
Hannah Wolfe
7e95b4d291 Merge pull request #2439 from sebgie/move-slug
Rename getSlug to slug
2014-03-28 17:12:55 +00:00
Hannah Wolfe
c6c4d5a8a8 Cache invalidation for tag pages 2014-03-26 12:45:54 +00:00
Fabian Becker
f0c6052c73 Unlink import file when finished
fixes #2493
- Update db import version (in case it doesn't exist)
- Properly unlink file after import or error
2014-03-24 10:51:10 +01:00
Sebastian Gierlinger
22bbf57830 Rename getSlug to slug
another 2 % of #2124
- renamed `/ghost/api/v0.1/posts/getSlug/ to
`/ghost/api/v0.1/posts/slug/`
- renamed method getSlug to generateSlug
2014-03-18 14:00:33 +01:00
Fabian Becker
1a9e91f120 Replace JSLint with JSHint.
closes #2277
- Added ES6 linting to core/client/
- Fix typeof array comparison
2014-03-04 15:47:39 +00:00
Hannah Wolfe
708ba6f8b0 Merge pull request #2220 from sebgie/issue#1401
Add validation from schema.js
2014-02-28 23:04:04 +00:00
Sebastian Gierlinger
7155d95f9d Add JSON API tests & cleanup
first 10 % of #2124
- added initial version of JSON API tests
- renamed error.errorCode to error.code
- renamed tags.all to tags.browse for consistency
2014-02-28 22:26:03 +00:00
Hannah Wolfe
d996ff68e7 Merge pull request #2284 from sebgie/issue#1654
Remove res.redirect from db.exportContent
2014-02-28 21:30:58 +00:00
Gabor Javorszky
667888aeb3 Implements Initial lifecycle and App UI start
Closes #2083

* Added hbs template for apps listing
* Added settings to read the activeApps
* Added viewcontrol to activate / deactivate apps
* Added API handler to store activeApps (by `name` in the `package.json` file)
* On button click it turns the button into "Working" and changes class to `button` (grey one)
* On success, rerenders the pane, adds success notification about apps being saved
* On error, rerenders the pane, adds error notification with error message

Missing:
* tests: couldn't figure out how to add mock apps with mock package.json data
* actually registering, etc, re #2140
* icon from the sidebar
2014-02-28 14:06:36 +00:00
Sebastian Gierlinger
67611045e7 Remove res.redirect from db.exportContent
closes #1654
- added frontend route /ghost/export/
- removed request handling from API
2014-02-27 16:48:38 +01:00
Sebastian Gierlinger
ac7f4f05c4 Add validation from schema.js
closes #1401
- added data/validation/index.js
- added generic validation for length
- added generic validation for nullable
- added validations object to schema.js for custom validation
- removed pyramid of doom from api/db.js
2014-02-19 18:32:23 +01:00
Sam Saccone
d9e7a05fbc Show parse error message during a failed import
adds support for outputting error message during a failed JSON.parse
This will help people identify the problem with their JSON source
and hopefully be able to aid them in resolving said issue.
2014-02-19 11:52:35 -05:00
Gabor Javorszky
212711d896 Added package.js support for themes (and plugins)
Closes #2081
* Amended require-tree to populate availableThemes and availablePlugins to use full file names (`basename.ext`) as keys instead of just basename. This way `image.jpg`, `image.png`, `image.gif` won't overwrite the `image` key.
* Amended require-tree to allow package.json file parsing to return the contents of the file as json on the `package.json` key.
* settings api populates theme data `package` if it exists. Otherwise it assigns `false` to it
* `general.hbs` (salute) was reworked to if there is the package key on the theme is not false, it will use the `name` and `version` keys of that. You can break it by not having a `name` or `version` in the package.json file.
* Added error and warning messages for package.json file parse errors and misses
2014-02-13 23:57:58 +00:00
Harry Wolff
f16dc290b7 Improve bootstrap flow of a Ghost application
addresses #1789, #1364

- Moves ./core/server/loader -> ./core/bootstrap.
The bootstrap file is only accessed once during startup,
and it’s sole job is to ensure a config.js file exists
(creating one if it doesn’t) and then validates
the contents of the config file.

Since this is directly related to the initializing 
the application is is appropriate to have 
it in the ./core folder, named bootstrap as that
is what it does.

This also improves the dependency graph, as now
the bootstrap file require’s the ./core/server/config
module and is responsible for passing in the validated
config file.

Whereas before we had ./core/server/config
require’ing ./core/server/loader and running its
init code and then passing that value back to itself,
the flow is now more straight forward of
./core/bootstrap handling initialization and then
instatiation of config module

- Merges ./core/server/config/paths into 
./core/server/config
This flow was always confusing me to that some config
options were on the config object, and some were on
the paths object.

This change now incorporates all of the variables
previously defined in config/paths directly
into the config module, and in extension,
the config.js file.

This means that you now have the option of deciding
at startup where the content directory for ghost
should reside.

- broke out loader tests in config_spec to bootstrap_spec

- updated all relevant files to now use config().paths

- moved urlFor and urlForPost function into 
 ./server/config/url.js
2014-02-07 17:34:21 -05:00
John-David Dalton
6eab7b3f92 Replace underscore with lodash. 2014-02-06 14:08:34 +00:00