Commit Graph

989 Commits

Author SHA1 Message Date
Simon Backx
935ac43584
Added recommendations CRUD api (#17845)
fixes https://github.com/TryGhost/Product/issues/3784

- Includes migrations for new permissions needed for the new endpoints
2023-08-29 15:06:57 +00:00
Fabien 'egg' O'Carroll
44ae0dcbe1
Added rudimentary tests for Collections DB queries (#17820)
refs https://github.com/TryGhost/Arch/issues/73

This is just an initial stab at making sure we don't introduce extra DB
queries related to collections without being aware of it.
2023-08-24 13:08:36 +00:00
Naz
46f8c15448 Fixed flaky test behavior for bulk actions
refs https://ghost.slack.com/archives/C02G9E68C/p1692816097875899

- With introduction of extra e2e test coverage for Collections some tests started to fail at random. The root issue here was the transaction processing collections was started before the original bulk action (bulk edit, bulk publish/unpublish, etc.) was fully committed. The full transaction commit happens with the bulkAction method return inside of `if (!options.transacting) {` block.
2023-08-24 16:06:41 +08:00
Naz
437a080580 Added test coverage for collection update on tag removal
refs https://github.com/TryGhost/Arch/issues/77

- We were missing e2e test coverage for when the tag used in collection filters was removed. This changeset improves the situation.
2023-08-23 20:44:08 +08:00
Naz
acccc16614 Added collections update after bulk adding tags
refs https://github.com/TryGhost/Arch/issues/77

- During initial development we have missed to support collections update when tags are added to posts in bulk. It's especially valid usecase since we can define automatic collection with a filter containing not yet existing tags.
2023-08-23 17:12:08 +08:00
Fabien "egg" O'Carroll
62d5ca558d Validated filters for collections
refs https://github.com/TryGhost/Arch/issues/47

This ensures that we only have collections which have a valid filter in terms of
  - Valid NQL string
  - Uses only properties which are valid to filter on
  - Only has an empty filter in the case of the "latest" collection
2023-08-23 15:49:06 +07:00
Ghost CI
cebe8d7db6 Merged v5.59.4 into main 2023-08-22 11:46:13 +00:00
Simon Backx
a011151e24
🐛 Fixed handling multiple Stripe subscriptions for same member (#17773)
fixes https://github.com/TryGhost/Product/issues/3752

- Added some extra tests for edge cases
- Updated handling of multiple subscriptions so they are handled better
- Canceling a subscription when the member still has other subscriptions will now get handled correctly where the status and products of the member stay intact
2023-08-22 13:27:21 +02:00
Naz
df3aaed3c8 Added test coverage for collection updates
refs https://github.com/TryGhost/Arch/issues/77

- The test covers collection updates on post resource add/edit/delete operations
2023-08-22 17:16:35 +08:00
Naz
e638d72e70 Refactored collections e2e Admin API test suite
refs https://github.com/TryGhost/Arch/issues/71

- With describe/it block levels mixed on the top level of the test suite the order fo test execution was scattered around. Having "describe" groups for each of the BREAD methods makes things more organized and readable.
2023-08-22 17:16:35 +08:00
Fabien "egg" O'Carroll
a343f39559 Handled sort_order updates for Collections
refs https://github.com/TryGhost/Arch/issues/73

With the latest version of bookshelf-relations we're able to define a model
specific hook which allows us to ignore sort_order updates on automatic
collections, which don't require their order to be persisted.
2023-08-21 12:16:32 +01:00
Simon Backx
b587429008
🐛 Fixed importing offers when importing members from Stripe (#17739)
fixes https://github.com/TryGhost/Product/issues/3728

- When importing members from Stripe with an existing offer, that didn't
exist in Ghost, the offer never got linked with the imported
subscription because of a missing return statement.
- Fixes importing offers with duplicate names
- Added E2E tests for creating members from a Stripe Customer ID
2023-08-16 13:25:57 +00:00
Naz
49a4a60d82 Fixed posts Content API test run in isolation
closes https://github.com/TryGhost/Arch/issues/76

- The posts test suite was failing when run in isolation. This was due to "collections" labs flag not being turned on, the events were not going through to collections service correctly
2023-08-16 16:07:01 +08:00
Simon Backx
13b732f905
Added Playwright tests for donations (#17699)
fixes https://github.com/TryGhost/Product/issues/3723

This also fixes usage of localhost instead of 127.0.0.1 as a test URL
for playwright. This caused issues for cookies because the member
impersonation navigated to 127.0.0.1 instead of localhost, meaning that
the next page.goto call would go to localhost and lose the cookies.
2023-08-15 15:20:18 +02:00
Simon Backx
690fbf3f73
🔒 Fixed arbitrary file read via symlinks in content import
refs https://github.com/TryGhost/Product/issues/3726
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg

- credits to https://github.com/ixSly
2023-08-15 13:01:11 +02:00
Kevin Ansfield
1ebdac3997
🐛 Fixed missing @page object in themes when rendering custom routed page (#17693)
closes https://github.com/TryGhost/Ghost/issues/17681

- updated `prepareContextResource()` to make sure `show_title_and_feature_image` is always removed from pages
- updated `formatResponse.entries()` to apply the same `@page` local behaviour when it's passed a `data.page` object to account for custom routed pages
2023-08-11 14:50:01 +01:00
Simon Backx
e14df6479b
Added E2E tests for donations API (#17694)
fixes https://github.com/TryGhost/Product/issues/3722
2023-08-11 14:25:53 +02:00
Naz
92fb2a54ae Fixed non-deretministic post ordering in content gating test suite
refs https://github.com/TryGhost/Ghost/pull/17609

- The tests for content gating started to fail with introduction of the index on `published_at` data in for `posts` table. The reason for the failure was identical `published_at` date set during the fixture insertion, making the returned results change order non-deterministically. The problem is mostly in how the test is set up as it's quite unrealistic to have multiple posts in the system inserted at the same time down to millisecond. Maybe... by some coincidence, but thats not a problem we should care too much about imo.
2023-08-11 17:31:13 +08:00
Naz
d068409fac Added index on posts table for published_at column
refs https://github.com/TryGhost/Arch/issues/18

- The prev/next helpers are slow and are causing major performance issues. The helpers are using `posts.published_at` for comparisons extensively, which causes a full table scan - bad for query performance.
- We use published_at in other queries too (like default order for queries fetching all posts), so there  might be a slight performance boost across the system with this new index.
2023-08-11 17:31:13 +08:00
Sag
4ace11a441
Added logic to load Portal when Tips & Donations are enabled (#17659)
closes https://github.com/TryGhost/Product/issues/3661

- until now, Portal was not loaded if members were disabled. With the
introduction of Tips & Donations, signed-off readers can also make
payments, using the Portal link /#/portal/support.
- now, Portal is loaded when Tips & Donations are enabled, even if
Memberships are disabled
- depending on the member signup access, the top bar / trigger button
Portal buttons are hidden as before (signup/subscribe hidden if access is set to none, subscribe hidden if
access is set to invite-only)
- for any other signup / signin Portal links (e.g., added by the theme,
or added via a Post/Page), a new popup informs the reader when
Memberships are disabled: "Memberships unavailable, contact the site
owner for access".
2023-08-10 15:45:02 +02:00
Steve Larson
8273671425
Updated bookmark card renderer (#17662)
refs https://github.com/TryGhost/Product/issues/3609
-reverted css changes
-reverted mobiledoc renderer
-made lexical renderer consistent with mobiledoc
-css classes were inverted for theme backwards compatibility
2023-08-10 13:41:59 +00:00
Chris Raible
9ea4fbd7a7
Added feature to convert and open mobiledoc posts in the lexical editor (#17453)
refs TryGhost/Product#3638

- Added `convert_to_lexical` flag to the posts/pages edit endpoint
- Added 'convertToLexical' feature flag so we can enable/disable this
feature independently from the main lexical beta flag
- Modified admin posts/pages list to point to the lexical editor for
_all_ posts, regardless of mobiledoc vs lexical (if the flag is on)
- Added call to edit endpoint with `convert_to_lexical` in the lexical
editor admin route if the page/post is currently in mobiledoc and the
flag is enabled
2023-08-08 15:44:54 -07:00
Simon Backx
4c8179312d
🎨 Added support for relative links in emails (#17630)
fixes https://github.com/TryGhost/Product/issues/3687

After this change, relative URLs in emails will be replaced with
absolute URLs using the post URL. Making relative Portal URLs possible
etc.

Updates the test data generator to fix invalid URL encoding (somehow a
backslash + escaped double quote was added when it wasn't required).
2023-08-08 13:22:56 +02:00
Simon Backx
66675a1383
Added donation notifications column (#17607)
fixes https://github.com/TryGhost/Product/issues/3691

When a site receives a donation, we'll send an email to all
administrator. They can disable this in their profile settings. This
migration adds the required column to make this possible. It defaults to
true.

Link to tech spec:
https://www.notion.so/ghost/Tech-Spec-5cd6929f7960462ebcbf198176e0d899?pvs=4#156834b0231d4968a203d797c6817d21
2023-08-07 15:31:36 +02:00
Chris Raible
a4c04da443
Updated Posts Content API snapshots (#17600)
no issue

- Snapshot tests were incorrect but we weren't catching it because CI
was retrying them and yielding false passes
- This fix just fixes the broken tests, which will allow us to fix the
issue with CI yielding false passing results
2023-08-04 22:31:54 +00:00
Sag
81c3555106
Added logic for currency and suggested amount for Tips & Donations (#17599)
closes https://github.com/TryGhost/Product/issues/3666

- added computed setting "donations_enabled"
- added logic to persist "donations_suggested_amount" and "donations_currency"
- used  "donations_suggested_amount" and "donations_currency" when initiating a new Stripe Checkout for donations
- added copy functionality to "your link" in Tips & Donations settings
2023-08-04 18:17:35 +00:00
Sag
19bdb0efef
Added migrations for Tips & Donations' settings (#17576)
closes https://github.com/TryGhost/Product/issues/3668

- Tips and Donations feature offers two settings: "donations_currency", and "donations_suggested_amount"
    - "donation_currency": the currency to be used for the donation. Defaults to "USD", not nullable.
    - "donation_suggested_amount": an anchor price for the donation. Defaults to 0, not nullable.
- Both settings belong to a new group "donations"

Tech Spec: https://www.notion.so/ghost/Tech-Spec-5cd6929f7960462ebcbf198176e0d899?pvs=4#6e8b34c45f0c4c78b48c9e7725a307c8
2023-08-03 22:13:47 +02:00
John O'Nolan
265e62229f
2023 2023-08-03 20:40:44 +01:00
Ghost CI
e2a6d8b987 Merged v5.57.2 into main 2023-08-02 15:12:37 +00:00
Steve Larson
6936007052
🐛 Updated gscan error handling for page errors (#17575)
refs https://github.com/TryGhost/Product/issues/3676

- add filter for sidebar display of theme errors (angry red box)
- filter specific to each page feature, will need to add each one by this approach
2023-08-02 09:56:40 -05:00
Fabien "egg" O'Carroll
2cd50d47af 🐛 Fixed superfluous DB queries on Collection save
We have a global hook for the bookshelf-relations plugin which updates the
sort_order for pivot tables when saving the parent model. This hook requires
that we fetch each row in the pivot table related to the model and then run an
update on each one. Since we have a "latest" Collection this means at least N
update queries where N is the number of Posts for a site. For large sites this
was crippling the database. We only need the sort_order to be updated for
Collections with a type of "manual". We currently don't have a way to disable
the update based on model attributes, so instead we have disabled the update for
all Collections - this is okay because 1. Collections is not released and 2. we
don't have full support for manual Collections yet anyway.
2023-08-02 15:19:47 +01:00
Naz
7464dbc1af Added e2e test coverage for bulk collection edits
refs https://github.com/TryGhost/Arch/issues/16

- Makes sure post bulk actions also update collection posts
2023-08-01 15:11:00 +08:00
Naz
8635f4efeb Added collections handling for PostsBulkFeaturedEvent/PostsBulkUnfeaturedEvent
refs https://github.com/TryGhost/Arch/issues/16

- When posts produce PostsBulkFeaturedEvent/PostsBulkUnfeaturedEvent the collections having a featured filter should update the posts belonging to them.
2023-08-01 15:11:00 +08:00
Steve Larson
5fe72462bc
Enabled page features (#17544)
no refs
-moved hide page title and feature image to GA
-updated gscan
2023-07-31 14:22:19 -05:00
Simon Backx
841e52ccfe
Added donations API (#17495)
refs https://github.com/TryGhost/Product/issues/3648

- Refactored Members API RouterController.createCheckoutSession: Split the method into smaller parts so we can reuse individual parts for the upcoming donation checkout session.
- Wired up donation checkout creation
- Added donation events
2023-07-31 16:00:52 +00:00
Simon Backx
18cf5dd582
Added migrations for donations API (#17536)
fixes https://github.com/TryGhost/Product/issues/3655

- This adds a new table for storing donation events in the database.
- Makes it possible to store stripe_products without associating it with
a tier/Ghost product (required for one time purchases).
- Updates the schema for stripe_prices to allow enum value of
`donation`, which is required to query specifically on the prices used
for donations (existing one_time is not enough).

Database changes are discussed in the Tech Spec:
https://www.notion.so/ghost/Tech-Spec-5cd6929f7960462ebcbf198176e0d899?pvs=4#1f18cc5a38294f61a091e5be63fe1059
2023-07-31 17:29:36 +02:00
Steve Larson
e45b947d61
Updated gscan (#17521)
no refs
- add check for unknown global use in themes
- removed `@page` check until ready for release
2023-07-27 15:43:22 +00:00
Ronald Langeveld
0029c444ad
Added test email rate limiting (#17505)
refs https://github.com/TryGhost/Product/issues/3651

- This is a security fix that addresses an issue causing malicious users
to abuse the test / preview email API endpoint.
- We have multiple procedures in place now to limit such users.
- First, we now only allow one email address to be passed into the
`sendTestEmail` method. This method only have one purpose, which is to
compliment the test email functionality within the Editor in Admin and
therefore have no reason to send to more than one email address at a
time.
- We then add an additional rate limiter to prevent a user from making
multiple requests, eg via a script.
- The new imposed limit is 10 test emails per hour.
2023-07-27 08:46:50 +02:00
Steve Larson
b77521ece9
Updated gscan (#17509)
no refs
2023-07-26 15:58:22 +00:00
Steve Larson
005e80b466
Updated gscan (#17507)
no refs
2023-07-26 13:06:23 +00:00
Naz
48ccea818a Fixed unpublished collection posts filtering
closes https://github.com/TryGhost/Arch/issues/58

- Following assumptions were broken:
- Posts Admin API should include posts of all statuses when filtering by collection
-  Posts Content API should not include any unpublished posts
- Updated the "status" filter which fixes the problem. We still disallow any custom filters to be applied on top of collections filter.
2023-07-26 16:45:57 +08:00
Fabien "egg" O'Carroll
3d0825ea2f Supported ?include=count.posts for Collections API
Unfortuantely our framework is bookshelf centric so we have to refer to the
`withRelated` property rather than a more generic `include` property.

The collection entity already contains the list of post ids, so we can just
return the length of that array.
2023-07-25 16:56:22 +02:00
Fabien "egg" O'Carroll
431f0ed842 Fixed the "Can add a Collection" test
The test was addign an extra collection, but not cleaning it up - which makes it
hard to reason about other tests, especially when running them in isolation and
the state is different. This just cleans up the test and updates the browse test
to match the right snapshot.
2023-07-25 16:56:22 +02:00
Fabien "egg" O'Carroll
517c406e17 Added Collections Content API
The only usecases we need to support at the moment are reading individual
collections by ID and by Slug. We can extend this API as we get more usescases
in future.
2023-07-25 16:14:02 +02:00
Fabien 'egg' O'Carroll
63ab254e33
Removed posts from Collections API
The correct mechanism for fetching posts from a collection is via the Posts API.
This removes all functionality of getting posts from the Collections API.

Co-authored-by: Naz <hi@nazavo.com>
2023-07-25 13:19:19 +00:00
Naz
694ab1d32d Added support for expansions in collection filters
refs https://github.com/TryGhost/Arch/issues/46

- Similarly to post filters, collection filters now support both 'tag' and 'tags' nql filter keys when defining a filter for related tag slugs. For example, both `tag:avocado` and `tags:avocado` would both be valid collection filters that would filter by the same 'slug' property of the tags assigned to a post.
- Along with these changes had to rework the tags property of the collection posts to match the shape used in post resources. Moved from:
`tags: ['bacon', 'broc']`
to
`tags:[{slug: 'bacon'}, {slug: 'broc'}]`
2023-07-25 19:01:56 +08:00
Naz
c4351456c6 Made tag snapshots more accurate in collections test suite
refs https://github.com/TryGhost/Arch/issues/46

- Allows to actually verify in the snapshot itself if the tag filter is working correctly or not.
2023-07-25 19:01:56 +08:00
Aileen Booker
eb303ec221 Fixed Segment event named wrong 2023-07-24 15:49:33 +01:00
Michael Barrett
184c6ae951
Retain newsletter subscriptions on suppression (#17373)
refs https://github.com/TryGhost/Product/issues/2610
2023-07-24 10:47:57 +01:00
Naz
baf0f4b692 Added /collections/slug/:slug Admin API endpoint
closes https://github.com/TryGhost/Arch/issues/45

- This endpoint is here to keep the convention of being able to fetch the resource by it's slug through a `GET /{resource_name}/slug/:slug`. It has identical output as the `GET /collections/:id` endpoint
- The alternative would be having an alias and try fetching by :id and then by slug if the result for id was null, but that would be a completely new pattern we have not used anywhere else yet.
2023-07-24 14:27:17 +08:00