Commit Graph

3125 Commits

Author SHA1 Message Date
Hannah Wolfe
64766de8d6 Merge pull request #3422 from sebgie/issue#3177
Hide Access Token
2014-07-28 09:18:42 +01:00
Hannah Wolfe
129fa4cb8c Merge pull request #3405 from sebgie/issue#3387
Add XSS prevention
2014-07-28 09:17:41 +01:00
Hannah Wolfe
987e9277dc User edit, add & destroy perms restricted by role
closes #3096, closes #3378, refs #3100

- user.permissible updated to reflect proper permissions
- small amount of API refactoring to handle extra cases
- extensive integration testing
2014-07-28 08:32:04 +01:00
Hannah Wolfe
7714dc6ab1 Adding role API tests & fixing browse
refs #3083, refs #3196
2014-07-28 07:22:06 +01:00
Hannah Wolfe
e7dc51dc66 Improving error handling 2014-07-28 06:30:01 +01:00
Hannah Wolfe
4e3b21b7da Permissions Improvements
refs #3083, #3096

In order to implement advanced permissions based on roles for specific
actions, we need to know
what role the current context user has and also what action we are
granting permissions for:
- Permissible gets passed the action type
- Effective permissions keeps the user role and eventually passes it to
  permissible
- Fixed spelling
- Still needs tests
2014-07-28 06:29:59 +01:00
Jason Williams
d59edf1806 Add a mixin for saving a subset of a model.
Closes #3403
- Add SelectiveSaveMixin so that a DS.Model can save one or more
  properties at a time while preserving other outstanding changes.
2014-07-27 21:04:35 +00:00
Sebastian Gierlinger
d895238571 Add XSS prevention
closes #3387
- added placeholder for <script> and <iframe>
- added google-caja sanitizer
- changed title in posts overview to ‚double-stash‘
2014-07-27 23:03:01 +02:00
Sebastian Gierlinger
f0d38aa66d Hide Access Token
closes #3177
- uses an iFrame to initiate the download to hide the access token

The access token is now hidden in the admin logic. If we would like to
completely hide the token it is possible to remove the access token and
use signed requests instead, but I think the effort isn’t worth the
benefit in this case.
2014-07-27 22:57:57 +02:00
Hannah Wolfe
6628127297 Merge pull request #3413 from halfdan/3407-meta-title
Correct meta_title for author pages.
2014-07-27 19:58:50 +01:00
Hannah Wolfe
77ae8394e0 Merge pull request #3393 from joeldrapper/sort-roles-dropdown
Fixed role sort order in the invite a new user drop down list
2014-07-27 19:39:06 +01:00
Hannah Wolfe
8c017de4d3 Merge pull request #3412 from novaugust/credentials-validation-convergance
Create new user validator to DRY up validators
2014-07-27 19:38:24 +01:00
Hannah Wolfe
f372ecddf0 Merge pull request #3411 from novaugust/signup-password
Rebind password to password input on signup page
2014-07-27 19:36:54 +01:00
Hannah Wolfe
c34b8fc6ff Merge pull request #3408 from jaswilli/issue-3399
Do not clear password until after leaving signin
2014-07-27 19:30:37 +01:00
Jason Williams
9dfef70d25 Do not clear password until after leaving signin
Closes #3399
- Provide our own authenticate action handler which does not
  clear the password input.
- Use the Signin route's deactivate hook to clear the password
  property on the controller after the user has transitioned
  away from the signin page.
2014-07-26 19:06:58 +00:00
Hannah Wolfe
1cff73f36c Merge pull request #3406 from simplabs/update-ember-simple-auth
Updated Ember Simple Auth to latest version
2014-07-26 17:24:18 +01:00
Fabian Becker
1cd2fa59bd Correct meta_title for author pages.
closes #3407
- Output correct meta_title for author pages
- Add test for meta_title for tag and author pages
2014-07-25 19:48:49 +00:00
Matt Enlow
0d7033f662 Create new user validator to DRY up validators
No issue
- Created NewUserValidator class to DRY up validation of a models name, email, and password
- Changed SignUpValidator to be an instance of NewUserValidator
- Changed SetUpValidator to extend NewUserValidator
2014-07-25 13:20:40 -06:00
Matt Enlow
698f5f6f6e Rebind name and password to inputs on signup page
Closes #3410, Ref #3392
- Removed setting name from user email address per issue #3392
2014-07-25 13:04:33 -06:00
Marco Otte-Witte
6406acef5c updated Ember Simple Auth to latest version 2014-07-25 16:04:19 +02:00
Hannah Wolfe
d2d25faa5c Merge pull request #3397 from morficus/issue-3392
Removing "full name" auto-popualtion during signup
2014-07-25 09:54:51 +01:00
joeldrapper
25b20bb2fe Roles drop down sorted by ID
closes #3391
- Changed sort order to ID instead of name
2014-07-25 09:41:12 +01:00
Hannah Wolfe
ce483a916a Merge pull request #3398 from morficus/issue-3396
Fixing resend user invitation
2014-07-25 08:53:13 +01:00
Hannah Wolfe
d1b84f0f7f Merge pull request #3394 from IanMitchell/settings-user-button
Hides <Users button for authors
2014-07-25 08:51:45 +01:00
Hannah Wolfe
85f3c192dd Merge pull request #3386 from felixrieseberg/iss3374
Signin: Proper notification if user not found
2014-07-25 08:48:49 +01:00
Hannah Wolfe
cc67f295ef Merge pull request #3385 from felixrieseberg/iss3375
Signin error notifications kept from stacking
2014-07-25 08:48:08 +01:00
Maurice Williams
a3da09b50f Removing "full name" auto-popualtion during signup
closes #3392
- removing data-binding attribute for "name" input box on signup screen
- removing data-binding attribute for "password" input box on signup screen
- making "email" the first input box and "name" the 2nd
- removing "autofocus" attribute for "email" input box on signup screen
2014-07-24 22:49:57 -04:00
Maurice Williams
69642e8e53 Fixing resend user invitation
closes #3396
- passing role when resending a users invitation
2014-07-24 22:42:55 -04:00
Ian Mitchell
ff3e68ec36 Hides <Users button for authors
closes #3295
- The <Users button visibility is now restricted by user role
2014-07-24 18:54:02 -07:00
Hannah Wolfe
a9a5acf2f2 Merge pull request #3377 from PaulAdamDavis/signout-button
Change signout link to button
2014-07-24 17:52:09 +01:00
Hannah Wolfe
81cd617741 Merge pull request #3376 from felixrieseberg/iss3292
Redirect authors and editors away from debug page
2014-07-24 17:51:16 +01:00
Hannah Wolfe
1d926787b3 Merge pull request #3368 from felixrieseberg/master
Show errors on reset page (Closes #3330)
2014-07-24 17:49:56 +01:00
Hannah Wolfe
6d7563986b Merge pull request #3354 from JohnONolan/ppp 2014-07-24 17:44:43 +01:00
John O'Nolan
b6b32ab570 Five posts per page 2014-07-24 17:43:48 +01:00
Felix Rieseberg
0b39df777b Signin: Proper notification if user not found
closes #3374
- If user object is returned but undefined, we'll display a
human-readable
error notification (user model)
- If user object is returned, but the user is inactive or invited (but
not
activated), we'll display a human-readable error notification
2014-07-24 11:34:52 -04:00
Hannah Wolfe
719d90da46 Merge pull request #3388 from jaswilli/issue-3083
Improve handling of users and roles in admin
2014-07-24 16:16:16 +01:00
Felix Rieseberg
61cf8690dd Signin error notifications kept from stacking
closes #3375
- Prior to showing error notifications, the signin route now calls
  closePassive().
2014-07-24 11:16:00 -04:00
Jason Williams
8a2d50b871 Improve handling of users and roles in admin
Closes #3083 Refs #3229
- Populates the dropdown list in the invite user menu with the
  list of roles a user is permitted to create.
- Users API now checks the invite user request for allowed roles.
- Change API response from 200 to 201 on successful invitation.
- Change API response from 500 to 201 when the user was created but
  the email was not sent.  The client will show a warning notification
  when it sees 'invite-pending' as the new user's status.
- Add support for "?status=all" to the /users endpoint.
- Refactor the route and controller for the /settings/users page so
  that there's only one network API call to load users instead of two.
2014-07-24 14:20:47 +00:00
Felix Rieseberg
80f71e31fd Show error notifications on "reset password" page
closes #3330
- Caught errors are displayed using notifications util
2014-07-24 08:45:42 -04:00
Hannah Wolfe
a7415d38c0 Merge pull request #3380 from sebgie/issue#3373
Fix incorrect error
2014-07-24 12:19:20 +01:00
Hannah Wolfe
96cbd1738d Merge pull request #3362 from sebgie/issue#3087-2
Transfer Ownership
2014-07-24 12:19:08 +01:00
Hannah Wolfe
2b8594e375 Merge pull request #3359 from morficus/issue-3352
Preventing rouge modals from popping up when hitting enter-key in settings section
2014-07-24 12:15:26 +01:00
Hannah Wolfe
8a3f57e528 Merge pull request #3381 from SiR-DanieL/patch-1
Wrong Facebook page URL
2014-07-24 10:28:22 +01:00
Nicola Mustone
adecd28465 Wrong Facebook page URL 2014-07-24 11:23:59 +02:00
Sebastian Gierlinger
fa054a8eba Fix incorrect error
closes #3373
- added check if role is already assigned
- added check for unknown fields to fixDates/fixBools
- permissions are not implemented yet, so everyone is able to edit
owner ;-)
2014-07-24 10:17:10 +02:00
Maurice Williams
835bf0bd07 Preventing rogue modals from popping up when hitting the enter-key
closes #3352
- adding a ```type``` attribute to buttons inside form in the settings section
- scanning the rest of the project to find any other buttons w/a missing attribute
2014-07-23 22:58:50 -04:00
Felix Rieseberg
dbcb827772 Redirect authors and editors away from debug page
A signed in user with role author or editor will be redirected back to
/ghost.

closes #3292
2014-07-23 17:25:13 -04:00
Paul Adam Davis
93051fcbdb Change signout link to button
References https://github.com/TryGhost/Ghost-UI/issues/65

- Swap signout link from an `<a>` tag to `<button>`
- Changed tests to match new element
2014-07-23 22:12:45 +01:00
Hannah Wolfe
4968336b0f Merge pull request #3372 from sebgie/issue#3339-2
Fix importer bug on Windows
2014-07-23 16:53:15 +01:00
Sebastian Gierlinger
1eff3d9471 Fix importer bug for IE
closes #3339
- removed check for mime type
2014-07-23 16:53:03 +02:00