no issue
- Using members.js naming for the file was a bad choice and lead to some false signals when doing a cleanup. `post-gating` is more explicit and to the point of what the module is responsible for
no issue
- the members output serializer was passing model objects through on `frame.response` but the webhooks serializer doesn't know how to deal with those
- adjusting the output serializer to use a mapper as per the other serializers means that POJOs are being passed through which allows the webhook serializer to correctly pick out the changed attributes
refs https://github.com/TryGhost/Ghost/issues/11298
The members export admin API by default paginates the result and only returns upto 15 members. This allows passing `limit` param to the API and allows passing `limit=all` to fetch all members in result.
no-issue
We have to wrap this in a check to make sure that `page` property is
only returned if either:
A) No `fields` param is passed (send back all fields)
B) `fields` param is passed AND it includes the `page` field
- outputting so much information makes debug less useful
- node debugger should be used for tracing values through the system,
debug() is for more generally following logic and timing
- removed debugs that output large objects
- added consistent debugs for api methods
- a couple of other tweaks for easier understanding of what's happening on a request
refs https://github.com/TryGhost/Ghost/pull/11152
- Added subscribers table drop migration
- Removed subscribers from schema
- Removed subscribers controllers/routes/regression tests
- Removed subscriber related API code
- Removed subscribers from internal apps
- Removed subscriber importer
- Removed subscriber model
- Removed subscriber related permissions
- Removed webhook code related to subscribers
- When upgrading to v3 it is on the site admin to migrate all zapps or any other webhook clients to use members
- Removed subscriber-specific translation
- Removed subscriber lab flag
no issue
- Added test cases to check edit permission on settings endpoints
- Added test to demonstrate owner-only being able to toggle members flag
- Permission check when editing settings `lab.members`
- Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure.
- Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame"
- Cleaned up test after moving default_content_visibility to it's own property
no issue
- Limited posts visibility field permissions to Editor-Up + Admin Integrations
- We don't want contributors or other roles lower than Editor to be able to modify content gating attribute
refs https://github.com/TryGhost/Ghost/issues/10477
The unsaved changes modal is displaying even when the post has been saved if images have been uploaded because the server is transforming absolute image urls to relative during input of the `mobiledoc` field but not transforming them back to absolute during output. The editor then thinks it's out of sync and shows the warning when trying to leave.
- `@tryghost/url-utils` has been updated with new methods for transforming URLs in mobiledoc content
- moves absolute->relative transformation from the API input serializers into the Post model
- transforms URLs in more fields for a more comprehensive transformation and fewer issues when re-configuring a site's domain
- previously there could be problems with internal links between posts not being transformed so you could change the url config to newdomain.com but links in post content would still be pointing to olddomain.com
- updates the API post output serializers to transform all modified fields
- drops the `?absolute_urls=true` param switch from the `canary` API post output serializer so that all URLs are output as absolute
- we're transforming more urls to relative when saving so this is necessary to ensure the unsaved changes modal is not triggered
- the query param isn't documented and will disappear in v3
no issue
- Improved error handling for member creation. We should be returning 422s instead of 500 when possible
- Wrapped `members.add` method with Bluebird promise. Wrapping is needed to be able to use `.reflect()` in CSV export method
- Added proper members CSV fixture
no issue
- Added Regression full test coverage for members Admin API
- Added `POST /members` endpoint
- Added members schema definition + validation
- Added ability to pass through send_email/emal_type options to members API
no issue
- Removed uses of `visibility` column in frontend url service configs
- The value of `visibility` is always set to 'public' in posts at the moment and doesn't serve any specific purpose when used with these filters.
- Allowed new visibility attributes in post model
- `posts.visibility` column is being repurposed for the needs of member content gating
- Added test for visibility editing in Admin API
- Corrected test schema checks for Admin API post/page responses
no issue
- updates usage of `htmlRelativeToAbsolute` to avoid unnecessary duplication of "home" url fetching (the UrlUtils instance already has that information)
* Updated scheduler to use v2 API by default
* Updated scheduling for post/page resource types
* Extended base method to take options param with token and jwt options
* Updated token expiration to 6 hours after publish/blog start time to allow retries
no issue
- Removed ghost_head/ghost_foot propeties from Content API `GET /setting` response
- Removed ghost_head/ghost_foot from the output in Admin API
- Added validation when requesting ghost_head/ghost_food fields
- Updated deprecation comments
refs https://github.com/TryGhost/Ghost/issues/10922
- adds migrations to...
1. add `post.type` column
2. populate `post.type` column based on `post.page` value
3. drop `post.page` column
- updates all code paths to work with `post.type` in place of `post.page`
- adds `nql-map-key-values` transformer for mapping `page`->`type` in `filter` params when using the v2 API
- modifies importer to handle `post.page`->`post.type` transformation when importing older export files
NOTE: The post metadata table split is purely an internal optimization for v3 and doesn't require or expect any external actions including related API usage in v3
We keep running into issues adding new fields to the post table because there are too many fields making the post table "too wide". We have also hit MySQL limitations in how many bytes can be in a row (64kb) with post table.
In v3, we decided to split the 8 post fields (meta, twitter and og) used for meta data into a posts_meta table as these 8 fields are all "problem" `varchar` fields and make sense logically grouped together. The API layer is unaffected by the split as input/output serializers ensure the data flow works the same way as it was in v2. Only thing to note is json export in v3 will have slightly different structure with posts meta fields as separate.
- Creates new post_meta schema/table with 8 fields (2 meta_* , 3 twitter_* and 3 og_*)
- Update relations between post and post_meta table
- Update input/output serializers to keep existing API behavior
- Avoids new entry in post_meta table for post where all meta fields are null
- Keeps the current fields API param behavior
- Handles migration of existing posts to new table structure
- Updates importer/exporter to work seamlessly with table changes
no issue
- Removed redundant model code in users
- Removed v0.1 specific attribute removal on model layer for post
- Removed property deletions comments handled in serialization layer
- Removed unused token.added listener. users.last_seen is populated on middleware layer when a new access token is created
- Removed unneeded test for setting last_seen in users
no issue
- v0.1 is ☠️ so the access/refresh token based auth is no longer used
- removed all code related to the `accesstokens` and `refreshtokens` tables
- removed all `passport` related dependencies as it's no longer used
no issue
- Removed v0.1 controllers
- Removed 0.1 API unit tests
- Removed 0.1 API app and mount point
- Removed leftover use of v0.1 in entry-lookup test suite
- Removed frontend client API enpoints and related code (middleware)
- Fixed prev/next test suites to use v2 API
- Set default API version to explicit v2 in UrlUtils
- Removed v0.1 API regex from public files middleware
no issue
- Session controllers were using API v1 http method which bypassed "frame" introduced with API v2.
- Changes here are just a long-awaited cleanup to allow completely remove v0.1 code
no issue
- Drops `ghost_auth_access_token` and `ghost_auth_id` fields since not used anymore
- Adds migration for dropping these columns from users table
- Drops Auth strategy - `ghostStrategy` - since its not used anymore
