Commit Graph

104 Commits

Author SHA1 Message Date
Georg Grauberger
36d9ae36ae
Added secret handling for webhooks (#13980)
closes: https://github.com/TryGhost/Team/issues/1203
refs: https://github.com/TryGhost/Ghost/issues/9942

- Ensures that the webhook secret is validated and saved in Ghost admin
- Then makes use of this value by optionally adding an X-Ghost-Signature header that effectively signs the webhooks
- This allows for verifying the source of a webhook coming from Ghost is truly Ghost.
- Uses the same pattern as GitHub uses: https://docs.github.com/en/developers/webhooks-and-events/webhooks/securing-your-webhooks

Co-authored-by: Hannah Wolfe <github.erisds@gmail.com>
2022-08-23 16:34:32 +01:00
Djordje Vlaisavljevic
824d03c803 Updated error message
refs https://github.com/TryGhost/Team/issues/1811
2022-08-17 21:27:02 +02:00
Rishabh
728b2d36e1 Updated trial duration validation for new offers
refs https://github.com/TryGhost/Team/issues/1726

- handles negative trial duration to show inline errors in offer creation UI
2022-08-11 12:03:38 +05:30
Rishabh
b8acc9ef19 Wired trial offer UI to data
refs https://github.com/TryGhost/Team/issues/1726

- wires creating new trial offers in the Admin UI
2022-08-11 12:03:38 +05:30
Kevin Ansfield
90a080e0b8 Update dependency eslint-plugin-ghost to v2.14.0 (#2441)
no issue

- bumped dependency
- fixed all new lint failures
- removed deprecated `ember-cli-eslint`
  - it was tying us to an old version of `eslint` resulting in missing rule definition errors when linting was run as part of `yarn dev` and `ember test`
  - we run linting separately in CI so we don't need linting to run _again_ on each of our ember test runs
2022-08-03 12:21:16 +01:00
Kevin Ansfield
7a5f15414b Fixed scheduled publishedAt validation being triggered unexpectedly
no issue

Problem:
- the server stores time with second-level precision but we send milliseconds
- when scheduling a post we were storing the selected publish-at time in the PublishOptions instance with non-zero milliseconds as the initial date was based on now+5mins
- when we were saving after the initial schedule that millisecond-containing time was still being used resulting in a perceived time difference in our client-side and server-side validations indicating that the published_at value should be updated, but when that time was <2 mins in the future the published_at change validation was triggered resulting in errors

Solution:
- ensure we only set times on PublishOptions with 0 milliseconds
- update client-side validations so we only trigger published_at validation when it's dirty

Also fixed:
- client-side validation errors were not shown on the confirm step due to a missing `.args`
2022-05-19 23:11:01 +01:00
Hannah Wolfe
385240e03d Refactored to use individual slack settings (#2384)
refs: TryGhost/Team#1625

- we want to remove backwards compatibility code for slack being a single setting

Co-authored-by: Rishabh <zrishabhgarg@gmail.com>
2022-05-16 11:38:32 +01:00
Hannah Wolfe
affe6743e5 Renamed products to tiers (#2372)
refs: https://github.com/TryGhost/Team/issues/1145

- this should allow us to remove the /products endpoint in v5

It avoids:

- `kg-product-card`, that really is meant to say product
- `product-cadence` on offers

Co-authored-by: Rishabh <zrishabhgarg@gmail.com>
2022-05-11 22:41:54 +05:30
Kevin Ansfield
d10da5a02b Updated newsletter management for switch to nullable sender_name
refs https://github.com/TryGhost/Team/issues/1513

- `sender_name` is now nullable with a fallback to the site title
- updated new-newsletter route
  - removed default setting of site title in `senderName` of the new newsletter instance
  - removed extra checks when showing unsaved changes modal as we no longer need to compare the `senderName` attribute against the site title
- updated newsletter preview so the sender name falls back to the site title
- updated sender name input placeholder to show the site title
- removed not-empty validation
- fixed the switch to "multiple newsletter" state in the background of the new-newsletter modal
  - problem was `displayingDefault` getter was looking at all active newsletters rather than just the filtered ones so it was counting the new-but-unsaved newsletter even though it wasn't displayed in the list
  - fixes layout glitch when the new-newsletter modal animates out after cancelling creation
2022-04-15 09:43:22 +01:00
Rishabh Garg
0bfc402090 Added newsletter management for member (#2336)
refs https://github.com/TryGhost/Team/issues/1492

Allows site owners to manage member's newsletter preference directly in Admin.

- also adds `visibility` property for newsletter model
- updates members test model to include `visibility`
2022-04-14 20:10:04 +05:30
Kevin Ansfield
4565882941 Updated newsletter model and form for latest schema
refs https://github.com/TryGhost/Team/issues/1500

- `senderEmail` is now nullable with a fallback to `noreply@{site domain}`
- `senderName` is not nullable and has no fallback
  - updated preview and input placeholder to match real-world behaviour
  - inserted site title as the default value when creating a new newsletter to avoid friction with the sender name needing to be filled in when saving
- switched `senderReplyTo` input field to a select with "newsletter" and "support" options
  - added basic `<Inputs::Select>` component as `<OneWaySelect>` had re-rendering issues causing loss of selected value when the label of the newsletter email changed to reflect a custom newsletter email value
2022-04-12 14:01:41 +01:00
Kevin Ansfield
6e0be9e175 Wired up newsletter management with real newsletter model and API
refs https://github.com/TryGhost/Team/issues/1441

- switched "leave settings" confirmation modal on members email settings screen over to modern modal pattern
- removed unused `showEmailDesignSettings` property and `closeEmailDesignSettings()` action on `<Settings::MembersEmailLabs>` component
  - the used property and action live on the controller, looks like it was a copy/paste hangover when functionality was moved to a component
- added newsletter model
  - includes design-related attributes which are not yet supported by the API but are due to be added
  - includes `default` attribute but there is no setting for it, due to be removed from the API but it's needed for save not to error for now
  - set up basic mirage model and endpoints
  - added validation for main settings to match API validation
- added `EditNewsletter` modal
  - separate tabs for general newsletter settings and design-related settings
  - used for both creating and editing newsletters
- added `/settings/members-email/newsletters/new` and `/settings/members-email/newsletters/:id` routes
  - both display the `EditNewsletter` modal on top of the members-email settings screen with the appropriate newsletter model
- updated `<Settings::MembersEmailLabs::NewsletterManagement>` component to work with real newsletter model instances and the new add/edit routes
- removed now-unused `newsletter` service that was providing mocked data for earlier design iteration
2022-04-04 19:30:52 +01:00
Sanne de Vries
59fb35592d Updated error copy on setup page 2022-03-08 20:23:55 +00:00
Rishabh Garg
7c5b14d050 Updated specific tier visibility handling for posts/pages (#2233)
refs TryGhost/Team#1071

Specific tier visibility for a post was previously stored in `visibility` column directly, which had a limitation of 50 charts. Going forward, for the specific tiers visibility of post/page, we use `tiers` array in API that contains list of tiers with access for post. This change -

- replaces `filter` type to `tiers` for visibility
- adds new visibility filter segment component in post settings menu which stores array of tiers instead of nql string for visibility
- updates serializer and model for post/page
- updates tests
2022-02-01 12:24:06 +05:30
Rishabh
7cd09eee96 Updated name validation for offer to restrict to 40 chars
refs https://github.com/TryGhost/Team/issues/1236

Stripe allows coupon names to be only upto 40 chars long, while Ghost allowed them to be 191 chars. This change updates the admin validation to restrict name to 40 chars to match Stripe limit
2021-11-24 18:18:22 +05:30
Rishabh
1fa408c48d Removed mandatory requirement from display title for offer
refs https://github.com/TryGhost/Team/issues/1163
2021-10-22 17:32:24 +05:30
Rishabh
457bd19446 Updated copy of offer validation error messags
no refs
2021-10-22 15:49:11 +05:30
Rishabh
eddeb07a52 Added error handling and validation for offer
closes https://github.com/TryGhost/Team/issues/1159

- validates offer fields before save client-side
2021-10-19 13:05:18 +05:30
Rishabh
31e4b77525 Added initial wiring for offer screens
refs https://github.com/TryGhost/Team/issues/1084
refs https://github.com/TryGhost/Team/issues/1085

- adds model/validator/config and router for offers
- updates template for offer list and detail with dynamic values
- updated route handling for offer list and creation
- wires offer data from API to list and detail pages
2021-10-06 20:01:25 +05:30
Peter Zimon
8cce7989f2 Updated tier modal copy 2021-09-01 10:14:56 +02:00
Peter Zimon
a6ba245bcd Updated copy for tiers
- Updated copy of multiple products to "Tiers"
2021-07-19 12:39:59 +02:00
Peter Zimon
7778d3c470 Refined visibility dropdown in post settings 2021-07-06 14:51:36 +02:00
Peter Zimon
830d24cb20 Refined post visibility settings
- added placeholder text to product/tier dropdown
- applied visual refinements

Note: alpha feature
2021-07-06 14:46:33 +02:00
Rishabh
6feb14b839 Handled visibility filter for posts
refs https://github.com/TryGhost/Team/issues/849

Multiple products alpha feature brings back segmented post access using products. The new visibility filter based on segments is returned in a separate `visibility_filter` property on post/page API
2021-07-05 17:14:26 +05:30
Rishabh
3c5e334041 Added ability to set post access to segments
refs https://github.com/TryGhost/Team/issues/801

- This reverts commit de560733c5
- brings back members segment select component to post access, which allows setting access to specific labels/products
- only works behind the alpha feature flag - `multipleProducts`
2021-06-28 17:46:24 +05:30
Peter Zimon
0acf9b1d9b Refined benefits 2021-06-28 12:39:31 +02:00
Rishabh Garg
46b311b561 Wired benefits section to API (#2023)
refs https://github.com/TryGhost/Team/issues/792

- updates product benefit to use `name` instead of `label` attribute for benefit text
- updates model/serializer/validator to correctly handle benefit attributes
- added `+` button for adding new labels as the enter behavior is closing the popup(needs fix)
2021-06-28 15:19:54 +05:30
Rishabh
dc6b2884f1 Added model and validator for product's benefit item
refs https://github.com/TryGhost/Team/issues/792

- updates product model to read product's list of benefits
- adds transformer to return emberArray with list of product benefits
- adds new model for each product benefit
- adds validator for new product benefit
2021-06-21 14:05:01 +05:30
Kevin Ansfield
ceb16b5e9f Added first version of feature image with caption inside editor (#1999)
refs https://github.com/TryGhost/Team/issues/771

- updated `<GhImageUploaderWithPreview>` to take an `@includeMetadata` argument that shows a basic html supporting caption field underneath (ready for toggle between caption/alt but not fully implemented)
- added feature image alt/caption properties to post model
- updated UI behind "featureImageMeta" labs flag
  - added the feature image uploader to the top of `<GhKoenigEditor>` for display above the editor title
  - removed feature image uploader from post settings menu
- added labs flag checkbox
2021-06-10 20:42:32 +01:00
Kevin Ansfield
de560733c5 🎨 Reverted ability to set post access level to labels
refs https://github.com/TryGhost/Team/issues/581

Setting post visibility to a label results in undesirable and confusing behaviour with no good way to manage access long-term. Coupled with products being limited to a single product for now we're reverting the UI back to the "Public", "Members", and "Paid" options.
2021-05-14 16:01:14 +01:00
Kevin Ansfield
3e4b9a6865 🎨 Updated post settings menu visibility option to support member segments
https://github.com/TryGhost/Team/issues/581

The API now supports `posts.visibility` being an NQL string as well as the special-case `'members'` and  `'paid'` values so the post settings menu visibility select needs to be updated to reflect that.

- swapped visibility dropdown for two radio buttons, "Public" and "Members-only" which uses the `<GhMembersSegmentSelect>` component
- updated post model to use a `visibility-string` transform
  - converts `members` and `paid` to/from the NQL equivalent for correct display in the segment select
- updated post model with two additional properties `isPublic` and `visibilitySegment`
  - `isPublic` helps with the radio button display
  - `visibilitySegment` allows fallback to the default content visibility setting when set to public
- added validation for `post.visibility` so we can show an error and skip saving when members-only is selected and the segment select is cleared
- deleted the now-unused `<GhPsmVisibilityInput>` component
2021-05-10 20:34:23 +01:00
Rishabh
42463e4fdd Added error handling for product details page
refs https://github.com/TryGhost/Team/issues/678

Product name is a mandatory field for a custom product, this change adds error handling on save and custom error message if product is attempted to save without name.
2021-05-10 19:18:30 +05:30
Rishabh Garg
2555b70456 Wired new Products settings UI to API data (#1930)
refs TryGhost/Team#627

This updates the new Products settings screens to use real data from API for existing Custom Products and Prices to populate them on UI and allow site owners to edit them.

- List all Products of site and allow editing Product name
- List all Prices for a product and allow editing individual Price names
- Add new Prices on a Product
2021-04-26 23:52:04 +05:30
Kevin Ansfield
95aa341468 Added max length validation to snippet's name field 2020-10-16 19:22:09 +01:00
Kevin Ansfield
7e169a2a86 Renamed snippet.title to snippet.name for consistency
no issue

- all of our models which allow users to name something use `name` as the field descriptor rather than `title` so `snippet.title` was renamed for consistency
- also fixes typo in the plus-menu component that stopped clicking on snippets from working
2020-10-16 10:15:07 +01:00
Kevin Ansfield
b590ce1b95 Implemented first iteration of content snippets
closes https://github.com/TryGhost/Team/issues/411

- adds "Create snippet" icon to the editor toolbar
- uses the same link input component design for specifying snippet titles
- snippets are loaded in the background when the editor is accessed
- snippets are listed at the bottom of the card menus of the + and / menus
- clicking a snippet inserts the snippet's contents in place of the current blank section
2020-10-15 18:03:35 +01:00
Kevin Ansfield
59a15a0895 Fixed incorrect validation when member's name is too long
no issue

- the email length validation was conditional on `member.name` rather than `member.email` so if the name was too long both name and email were marked as invalid
2020-05-11 11:40:38 +01:00
Rishabh Garg
d115204d9f Added labels for Members (#1477)
no issue

refs TryGhost/Ghost#11538

* Added members label handling v1

* Added members label dropdown in list screen

* Updated selected labels and member list UI refactor

* Added v1 label add/delete modal

* Added add label modal v1

* Fixed disabled check for new label save

* First stab at member filters layout

* Updated member detail screen design

* Member detail refinements

* Added basic editing for member labels

* Fixed label deletion from members list

* Updated filtered list header

* Refinements for dropdown and empty filter state

* Refined label modal

* Updated member labels fetch logic

* Added custom dropdown component for labels

* Refined style for dropdown

* Refined dropdown button

* Restructure and refine members dropdown styles

* Added selected indication to dropdown

* Fixed dropdown footer style

* Removed member label placeholder

* Removed add label from member list actions

* New label refinements

* Added confirmation modal for label delete

* Added duplicate validation check for labels

* Updated validation check with slug

* Updated copy

* Updated actions dropdown copy

* Fixed visual glitch of dropdown on FF

* Hide scrollbar for labels dropdown

Co-authored-by: Peter Zimon <peter.zimon@gmail.com>
2020-02-14 15:04:01 +05:30
Kevin Ansfield
2a77c0fe51 Added default and custom post views (filters) to the admin sidebar (#1474)
no issue

- list custom post views in collapsable sidebar navigation
  - default views: Draft, Scheduled, Published (except for contributors)
  - record expanded/collapsed state of the navigation menus in user settings via new `navigation` service
- adds `customViews` service that manages custom views
  - provides list of default views
  - gives access to "active" custom view based on current route and query params
  - manages loading/saving of custom views to user settings
- show "Add view" button in the content filter when the posts list has been filtered
- show "Edit view" button in the content filter when the posts list filter matches a saved view

Co-authored-by: Peter Zimon <peter.zimon@gmail.com>
2020-01-30 15:35:36 +00:00
Naz Gargol
c41c184762 Added member "add" screen (#1411)
no issue

- We have a need to create a member manually, this changeset solves this problem.
- Added new member button to the member's screen
- Needed to be able to perform add member action
- Fixed inconsistent `createAt` naming. All models use consistent `createdAtUTC`, fixed it up so that members model follows the same pattern. If we want to change this pattern should probably happen for all models at once
- Fixed member avatar when creating a new member. If the values are completely empty the screen ends up being filled with empty space. Added some dummy initials which are recalculated once the member enters the name or an email
- Refactored DS naming for consistency. Nowhere else in the codebase 'DS' name is ever used, made this consistent
- Added missing validations in members form
- Simplified if conditions in the member list template. When using the if/esle statements unnecessary new-line symbols were inserted which made it hard to test. Also by using computed property view is much cleaner
- Updated member's model default value for `subscribed` to "true". It is turned on by default in the model layer  on the backend (ref: https://github.com/TryGhost/Ghost/blob/3.1.0/core/server/data/schema/schema.js#L330), this behavior is intended and should be the same on the frontend
2019-11-28 18:30:21 +07:00
Rishabh Garg
7866546fab Added email settings to post settings menu (#1398)
no issue
2019-11-04 13:15:13 +07:00
Kevin Ansfield
8ba1c8fb79 Added ability to override the canonical URL of posts/pages
closes https://github.com/TryGhost/Ghost/issues/10593
- adds a "Canonical URL" field to the Meta Data section of the Post Settings Menu
- adds validation for canonical url being a valid absolute or relative URL
2019-03-12 10:40:07 +00:00
Kevin Ansfield
352c4af1d7 Refactored usage of .get('property') with es5 getters
no issue
- ran [es5-getter-ember-codemod](https://github.com/rondale-sc/es5-getter-ember-codemod)
- [es5 getters RFC](https://github.com/emberjs/rfcs/blob/master/text/0281-es5-getters.md)
- updates the majority of `object.get('property')` with `object.property` with exceptions:
  - `.get('nested.property')` - it's not possible to determine if this is relying on "safe" path chaining for when `nested` doesn't exist
  - `.get('config.x')` and `.get('settings.x')` - both our `config` and `settings` services are proxy objects which do not support es5 getters
- this PR is not exhaustive, there are still a number of places where `.get('service.foo')` and similar could be replaced but it gets us a long way there in a quick and automated fashion
2019-03-06 13:54:14 +00:00
Kevin Ansfield
042aecb7f6 Switch from embor-browserify to ember-auto-import
no issue
- minor reduction in build size. Before/after:
  - `vendor.min.js 3.32 MB (710.66 KB gzipped)`
  - `vendor.min.js 3.29 MB (706 KB gzipped)`
2019-01-22 13:09:38 +00:00
Kevin Ansfield
1946c7f3fa 🐛 Fixed ability to submit invite form with a missing role (#1080)
refs https://github.com/TryGhost/Ghost/issues/10071
- moved roles fetch request into an ember-concurrency task
- use the task's derived state to disable the submit button whilst fetching
- added role presence check to the invite user validator and updated template to display the error
2018-12-10 14:26:05 +00:00
Kevin Ansfield
5047b9f3d7 Added initial custom integrations UI (#1051)
refs https://github.com/TryGhost/Ghost/issues/9865, https://github.com/TryGhost/Ghost/issues/9942

- `integration`, `api-key`, and `webhook` models and respective mirage mocks
- moves integration routes around to match ember's concept of nested routes (nested routes reflect nested UI not nested URLs)
- adds custom integrations list to integrations screen
- adds custom integration screen
  - allow editing of integration details
  - show list of webhooks
  - webhook creation modal

NB: the `enableDeveloperExperiments` flag needs to be enabled in the `config.development.json` file for the custom integrations UI to be displayed until it's out of development.
2018-10-18 00:18:29 +01:00
Kevin Ansfield
525fb2a720 Fixed submit-on-enter and password manager issues on signup
closes https://github.com/TryGhost/Ghost/issues/9868
- moved submit action to the `<form>` which allowed removal of the per-input enter key handlers
- changed submit button to trigger the form submit
- improved markup for password managers
  - linked labels with inputs
  - changed button to a "submit" type and linked it with the form
  - added hidden email input at the bottom of the form in case password managers do not take disabled inputs into account
2018-09-17 16:03:58 +01:00
Kevin Ansfield
ee36284440 Refactor Password validator into mixin
no issue
- PasswordValidator was only adding a function to the base class but it introduced a confusing inheritance hierarchy that's easier to reason about when it's a mixin instead
- swapped the `this.properties =` and `this._super()` calls in the `init` function of `new-user` so that the default can actually be applied
  - previously the BaseValidator `init` method was doing `this.properties = []` which meant the default fallback in extended classes wouldn't work
2018-09-17 15:52:07 +01:00
Kevin Ansfield
6a3cfc2ca8 Use token input to allow selection of multiple authors in PSM
requires https://github.com/TryGhost/Ghost/pull/9426
- fixed default token component display in {{gh-token-input}}
    - if no `tokenComponent` is passed to `{{gh-token-input}}` then it should default to the ember-drag-drop `draggable-object` component but instead it didn't output anything
    - put `draggable-object` in quotes because `{{component}}` needs a component name rather than an object
    - rename `option` attribute to `content` to match the default `{{draggable-object}}` interface
- add embedded `authors` attr to the Post model
    - ensure authors is populated when starting new post
    - add validation for empty authors list
- swap author dropdown for a token input in PSM
- show all post authors in posts list
- update tests for `authors`
  - always provide through an authors array
  - fix mirage serialisation for paginated responses (embedded records were not being serialised)
- unify tags and author inputs design
  - remove highlight of primary tags
  - highlight internal tags
  - remove unnecessary/redundant title attributes on tags
  - use SVG icon for "remove option" button in token inputs
2018-03-27 18:50:52 +01:00
Kevin Ansfield
7d7686c6b2 Fixed validator error when saving posts with no code injection footer
no issue
- `validator.js` throws an error if it's `length` method is passed a non-string value
- default to passing an empty string if `post.codeInjectionFoot` is falsy (missed in https://github.com/TryGhost/Ghost-Admin/pull/972)
2018-03-20 11:30:22 +00:00