Commit Graph

53 Commits

Author SHA1 Message Date
Sebastian Gierlinger
ded6aa6ac0 Transfer ownership end point
closes #3426
- added transfer ownership endpoint
- added owner to roles.permissible
- manually removed owner from roles.browse
- removed hard coded author role
- fixed tests that were passing due to hard coded author role
- added testUtils.setup(‚roles‘)
2014-07-30 17:40:30 +02:00
Hannah Wolfe
de3d836116 Uncommenting fixed tests 2014-07-30 13:51:32 +01:00
Jacob Gable
0b34ad84cb Fix lazy loading of settings
Closes #3281

- Add the missing return to populateDefault
- Wrap defaultSetting in [] when passing to readSettingsResult
- Populate default value of dbHash in parseDefaultSettings
- Modify migrations.init to only load databaseVersion for export_spec test
- Fix spacing in test util file and null reference error in test
- Uncomment user tests (but add .skip) and remove settings from testUtils.setup()
2014-07-29 10:43:38 -05:00
Maurice Williams
e15fb9ed57 Error when inviting users
fixes #3433
- passing only the role ID when creating a user
- uncommenting test cases
2014-07-29 00:06:40 -04:00
Hannah Wolfe
987e9277dc User edit, add & destroy perms restricted by role
closes #3096, closes #3378, refs #3100

- user.permissible updated to reflect proper permissions
- small amount of API refactoring to handle extra cases
- extensive integration testing
2014-07-28 08:32:04 +01:00
Hannah Wolfe
7714dc6ab1 Adding role API tests & fixing browse
refs #3083, refs #3196
2014-07-28 07:22:06 +01:00
Hannah Wolfe
337713ce63 Refactor fixture use in tests
no issue

- Refactor all integration tests to specify and load ONLY the fixtures
  they require to run, rather than initialising the whole kit-and-kaboodle
  for every single test which takes FOREVER.
- Refactor the route tests to share a doAuth function, and also specify
  additional fixtures required
- Move import and export unit tests, which are actually integration tests
  (they touch the DB)
- Comment out most of the permissions unit tests for now as they need more
  stubs/mocks so as to not touch the DB

Still todo:

- prevent default DB initialisation in route tests, and specify all
  fixtures requires as per the integration tests
- fix up the unit/permissions_spec
2014-07-23 05:04:50 +01:00
Harry Wolff
be37070fb6 This aims to speed up both the ghost application and tests by
migration from usage of config() to just an object of config.

no relevant issue

- Change 'loadConfig' task to 'ensureConfig' to more accurately reflect
what it is actually doing.  Its sole purpose is to make sure a `config.js`
 file exists, and as such the name now reflects that purpose.

- Update config/index.js to export the ghostConfig object directly
so that it can be accessed from other modules

- Update all references of config(). to config.
This was a blind global find all and replace, treat it as such.

- Fixes to tests to support new config access method

- Allow each test to still work when invoked invidually
2014-07-22 22:37:44 -04:00
Sebastian Gierlinger
28b03ec87e Add edit roles
refs #3087
- added ability to edit user/roles relation
- user is not allowed assign roles to himself
- only one role per user is supported atm
- added tests
2014-07-21 22:50:43 +02:00
Maurice Williams
a8ca517c54 Pagination for Users Management screen
closes #3222
- implementing server-side pagination for /users API
- passing /users?limit=none will return all users
- passing /users?status=invited will filter base on user status
- creating 3 mixins (route, controller and view) to keep pagination logic DRY
- updating route, controller and view for Posts to use new mixing
- implementing infinite scrolling for Users Management screen (using new mixins)
- Users Management screen displays all invited users, but paginates active users
2014-07-21 14:03:26 -04:00
Hannah Wolfe
cf9839c71d Integration tests use consistent teardown methods 2014-07-21 13:25:51 +01:00
Hannah Wolfe
43b91f281d Merge pull request #3322 from jaswilli/check-setup
Check setup status when making API responses
2014-07-19 00:36:12 +01:00
Jason Williams
7d3139d093 Check setup status when making API responses
Closes #3303, Closes #3299
- Check whether or not setup has been completed when deciding
  how to respond to certain API requests.
- Add tests.
2014-07-18 22:28:28 +00:00
Hannah Wolfe
6e48275160 Extending context concept to models
fixes #3275, fixes #3290, ref #3086, ref #3084

- Ensure that we use the current logged in user and not just user 1 when
- removing hard coded user: 1 except where absolutely necessary
- passing context, rather than user to models
- base model has a new function to determine what id to use for created_by etc
2014-07-18 15:32:56 +01:00
Hannah Wolfe
cfaa6f058a Wire permmissions for notifications, mail and tags
closes #2739

- wraps the api endpoints for mail, notifications, and tags in a canThis
  check
- add internal context to internal calls
- updates tests
2014-07-17 16:44:09 +01:00
Sebastian Gierlinger
2957b0175e Move image upload to API
closes #3252
- added `/ghost/api/v0.1/uploads/` endpoint
- removed upload method from `controller/admin.js`
- moved removal of temporary files from storage to endpoint (needed to
account for failed uploads)
- changed and moved tests
- Oversight: I think that we use `.otherwise()` and `.catch()` a bit
too extensive and mask the real error objects. We probably need an
error handling strategy at some point in the future.
2014-07-15 12:40:14 +02:00
Sebastian Gierlinger
8c2258dc4c Move setup to API
closes #3136
- moved setup to authentication API
- added `POST /ghost/api/v0.1/authentication/setup` to execute the
setup process
- added `GET /ghost/api/v0.1/authentication/setup` to check if blog is
already set up (needed for #3145)
- removed unused methods from api/users.js
2014-07-11 14:17:09 +02:00
Jason Williams
4ef4d0f97a Fix handling of async db calls in fixtures
Closes #3167
- Change fixture loading methods to keep track of promises
  returned from async database calls so that aggregators function
  correctly.
2014-07-11 02:39:06 +00:00
Jason Williams
fddf2ee42f Fix active theme selector. Add validation to API.
Closes #3226
- Remove dependent property from the computed content property
  that is used to build the active theme selector.
- Add validation to the Settings model so that it rejects
  attempts to set an activeTheme that is not installed.
2014-07-09 22:14:33 +00:00
Sebastian Gierlinger
035fb04d34 closes #3197
- added role to user obj (only returned from the user endpoint)
- added `/users/?include=roles` and
`/users/?include=roles,roles.permissions` query parameters
- added and updated tests
2014-07-08 18:00:59 +02:00
Jason Williams
05d199f9b4 Check datatype for date format conversion
Closes #3199
-If datatype is dateTime convert to javascript Date object when
 retrieved from the database.
-Add tests to make sure models and internal API are using Date
 objects for dateTime fields.
-Add tests to make sure the HTTP API is returning ISO 8601
 date strings for dateTime fields.
2014-07-05 19:15:32 +00:00
Kevin Ansfield
7e2e8b3376 Persistent notifications
closes #3057
- add Notification model
- update injected Notifications object to handle persistent notifications
- load server notifications on setup if logged in otherwise on successful sign-in
- changed all existing notifications.closeAll calls to closePassive
- fixed dismissable/dismissible spelling in server API & tests
- add notifications.closeNotification method so DELETE calls can be made for server-originating notifications
2014-07-01 11:36:21 +02:00
Fabian Becker
2bff35bcc2 Complete moveover to new Notification API format
fixes #2775
- Fix all occurences of notifications.add to use proper API format
2014-06-16 08:07:29 +00:00
Jason Williams
bb4a0a3540 Update slug API to work with additional types
Closes #2866
-update slug API to handle users and apps in addition to
 posts and tags
-update existing tests
-add new functional tests for slug endpoint on http api
2014-06-04 05:54:03 +00:00
Jason Williams
a3c2fe5496 Fix up unit tests. Check config url with isURL.
No issue
-validate url in config.js using validator.isURL
-fix up async flow in bootstrap unit tests
-make sure done handler is called on async tests
2014-05-29 21:06:40 +00:00
lennerd
bebafdc9a9 Refactore slug API for generating tag and post slugs.
Closes #2601
- Removed slug generation from the post API
- Added new, self-contained slug API
- Fixed slug permissions in the fixtures files
- Added a HTTP route for the new API method
- Added integrational tests
2014-05-26 10:07:05 +02:00
Hannah Wolfe
c02ebb0dcf Refactor API arguments
closes #2610, refs #2697

- cleanup API index.js, and add docs
- all API methods take consistent arguments: object & options
- browse, read, destroy take options, edit and add take object and options
- the context is passed as part of options, meaning no more .call
  everywhere
- destroy expects an object, rather than an id all the way down to the model layer
- route params such as :id, :slug, and :key are passed as an option & used
  to perform reads, updates and deletes where possible - settings / themes
  may need work here still
- HTTP posts api can find a post by slug
- Add API utils for checkData
2014-05-15 10:41:05 +01:00
Hannah Wolfe
4c0010db45 Merge pull request #2673 from halfdan/2592-tags-api
Implements new Themes JSON API
2014-05-14 16:31:36 +01:00
Fabian Becker
628654961a Implements new Themes JSON API
closes #2592
- Add themes browse/read endpoint
- Add new permissions for themes (only admin by default)
- Add integration tests
2014-05-14 11:23:42 +02:00
Gabor Javorszky
24190a186e Move mail api to json/api format
Fixes #2650
* rerouted all mail sending to api/mail
* changed request and response formats to json/api-like structure
* tested with forgotten password and new blog email
2014-05-13 17:34:37 +01:00
Jason Williams
414890f263 Ensure settings values are strings before saving
closes #2736
-reintroduces JSON.stringify for non-string values in
 api.settings.edit
-added a regression test
2014-05-13 05:36:18 +00:00
Sebastian Gierlinger
fd0f5a5028 Add distinct error classes
closes #2690
- added new error classes
- moved errorhandling.js to /errors/index.js
- changed API errors to use new classes
- updated tests
2014-05-09 12:11:29 +02:00
David Arvelo
2d783ac3d4 DB API returns JSON-API compatible objects. Export triggers 'Save As' dialog.
closes #2647
- GET method returns { db: [exportedData] }
- POST, DELETE methods return { db: [] }
- 'delete all content' test updated
- Attach 'Content-Disposition' header on DB export for 'Save As' browser dialog
- Add DB API functional test for Export
2014-05-07 19:05:09 -04:00
Jacob Gable
298077582b ACL and strict rules for Settings API
Ref #2061

- Add canThis permission checks to settings api calls
- Add strict rules about accessing core settings without internal: true
- Omit core settings in browse() call unless internal: true
- Update unit tests to call api.settings with contexts
- Add a couple unit tests for new scenarios
- Update all api.settings calls in the app to call with internal context
- Re-arrange permissions.init in server startup so config.theme.update
can access settings without permissions error
2014-05-07 10:56:03 -05:00
Fabian Becker
2795e723e1 Move to new API format for Settings.
refs #2606
- Use new API format when updating settings from the client side
- Add additional test to test new API format
- Adjust functional tests to work with the new format
2014-05-06 19:02:55 +00:00
Hannah Wolfe
31fc84cefb Consistency in model method naming
- The API has the BREAD naming for methods
- The model now has findAll, findOne, findPage (where needed), edit, add and destroy, meaning it is similar but with a bit more flexibility
- browse, read, update, create, and delete, which were effectively just aliases, have all been removed.
- added jsDoc for the model methods
2014-05-06 00:36:42 +01:00
Fabian Becker
2a803aecdd Proper endpoints for persistent notifications
closes #2637
- Add new get API route for all notifications
- Wrap API responses to comply with JSON-API
- Add new tests / adjust fixtures
- Adjust all occurences of passive notifications
2014-05-06 00:05:14 +02:00
cobbspur
b201b06e56 updated error handling on all mocha tests
- switch to using catch
- added error handling where missing
2014-05-05 21:58:58 +01:00
Sebastian Gierlinger
39e654e9c3 Change error message response
closes #2643
- added error type
- added error property for validations
- wrapped errors in an array
- returns multiple errors for validation
- updated tests and admin
2014-05-05 15:51:21 +02:00
lennerd
66a046b00b Return new tags when posts are created via API
closes #2680
- added include options when adding a post
- added functional and integrational tests
2014-05-03 19:24:11 +02:00
Hannah Wolfe
f2071eedb2 Move user API to primary document format
closes #2593

- added new format to user API methods
- changed all places where the user api was used
- updated tests and added more coverage
- little bit of cleanup in utils/api
2014-05-02 20:50:44 +01:00
Jacob Gable
7e9880ce8d Settings API Primary Document refactor
Closes #2606

- Refactor settings api responses to { settings: [ ] } format
- Update all code using api.settings to handle new response format
- Update test stubs to return new format
- Update client site settings model to parse new format into one object of key/value pairs
- Refactor to include all setting values
- Remove unused settingsCollection method
- Update settingsCache to store all attributes
- Update settingsResult to send all attributes
- Remove unnecessary when() wraps
- Reject if editing a setting that doesn't exist
- Reject earlier if setting key is empty
- Update tests with new error messages
- Use setting.add instead of edit that was incorrectly adding
- Update importer to properly import activePlugins and installedPlugins
- Update expected setting result fields
- Fix a weird situation where hasOwnProperty didn't exist 🤷
2014-04-30 23:15:27 -05:00
Sebastian Gierlinger
1e62400465 Add include parameter for posts API
closes #2609
- added include parameter to api.posts.*
- changed toJSON to omit objects that are not included
- added include parameter to admin
- added include parameter to frontend.js
- updated tests
- removed duplicate code from posts model

**Known Issue:** It is not possible to attach a tag using an ID.
2014-04-27 18:58:34 +02:00
Jacob Gable
cf7c8aab3b Tag API: Primary Document Format
Closes #2605

- Change tags browse() response to { tags: [...] }
- Update client side collection to use nested tags document
- Update test references to use response.tags
2014-04-20 19:48:59 -05:00
Sebastian Gierlinger
da3630071a Added and fixed permission tests
- fixed test for db functions
- added tests for different users
2014-04-16 18:22:22 +02:00
Sebastian Gierlinger
e47e9c62d0 Add permissions to API
closes #2264
- added permissions check to db, users and posts
- added register method to users
- added doesUserExist method to users
- added user from session to internal calls
- changed permissible to overwrite canThis
- removed action map and action type from permissable method
2014-04-16 18:22:22 +02:00
Sebastian Gierlinger
9321289c1d Move post API to primary document format
closes #2580
- added new format to post API methods
- added post object parsing and wrapping to admin
- removed unused ‚user‘ object from API response
- updated tests
2014-04-16 12:09:03 +02:00
Sebastian Gierlinger
b83fc25613 Fix delete button
closes #2492
- added when.all() to wait until all posts are deleted before deleting
tags
- added a test
2014-03-24 14:49:23 +01:00
Sebastian Gierlinger
7155d95f9d Add JSON API tests & cleanup
first 10 % of #2124
- added initial version of JSON API tests
- renamed error.errorCode to error.code
- renamed tags.all to tags.browse for consistency
2014-02-28 22:26:03 +00:00
Sebastian Gierlinger
3f2258e95b Replace cookieSession with session
- changed cookieSession to session
- added session.regenerate for login and logout
- added bookshelf session store
- added session table to database
- added import for databaseVersion 001
- added grunt task test-api
- cleanup of gruntfile to start express when needed only
- moved api tests to functional tests
2013-11-24 15:29:36 +01:00