Closes#3402, Closes#3428
-------------------
### Components
- Added GhostSelectComponent to handle async select creation (h/t @rwjblue)
- Added GhostRolesSelector (extends GhostSelect) for displaying user role options
- Created StoreInjector for surgically inserting the store into things that normally wouldn't have them.
### Users Settings
- InviteNewUserModal now uses GhostRolesSelector & defaults to Author
- The role dropdown for user settings has permissions set per 3402
### User Model
- Added `role` property as an interface to getting and setting `roles`
- Refactored anything that set `roles` to set `role`
- isAdmin, isAuthor, isOwner and isEditor are all keyed off of `role` now
### Tests
- Added functional tests for Settings.Users
- updated settings.users and settings.users.user screens
- fix spacing on screens
### Server Fixtures
- Fixed owner fixture's roles
Closes#3083 Refs #3229
- Populates the dropdown list in the invite user menu with the
list of roles a user is permitted to create.
- Users API now checks the invite user request for allowed roles.
- Change API response from 200 to 201 on successful invitation.
- Change API response from 500 to 201 when the user was created but
the email was not sent. The client will show a warning notification
when it sees 'invite-pending' as the new user's status.
- Add support for "?status=all" to the /users endpoint.
- Refactor the route and controller for the /settings/users page so
that there's only one network API call to load users instead of two.
Closes#3325
- Add Roles model and add hasMany roles to User model.
- Add EmbeddedRelationAdapter that will automatically include
hasMany relations in calls to the API.
- UserAdapter and PostAdapter now extend EmbeddedRelationAdapter
and all explicit includes from store.find() have been removed.
No issue
- Removed tabs from tag.js (why didn't jshint catch this?)
- Removed superfluous `activate` in SettingsIndexRoute
- updated `UserModel` and `TagModel` to have `created_by, updated_by` be references to `user` objects.
- updated `UserModel` to use `moment-date` instead of `date`
closes#3309, refs #3229
- adds different message depending on status
- doesn't delete the new user if the problem was an email error
- filters the 2 lists based on all statuses
Closes#3271
- Change validations on both server and client to allow the
Website field to be empty or a valid URL.
- Add new schema validation helper isEmptyOrURL.
- Remove duplicate call to UserValidator in the save action
of the SettingsUser controller.
- User.last_login and User.created_at are already Moment objects
so Moment#fromNow can be called on them directly.
closes#2422
- updated to use new change password method
- have all save settings use notifications
- create assetUrl helper for creating asset paths with subdir's properly
prefixed
- move all url based helpers onto a url object in ghost-paths
Closes#3037
- Created `NProgressSaveMixin`, which extends the `save` method of a model
to fire NProgress.
- Extended `UserModel`, `PostModel`, and `SettingModel` with the new
mixin.
- NProgress can be disabled by passing an options hash to the save function with the `{disableNProgress:true}`
- Now that the ValidationEngine isn't the only thing playing with options inside of `model#save`, refactored it to pass the options down the super chain.
Closes#3246
- Add a UserValidator to the validation engine that runs a set
of validations based on the user status.
- Added validations for invited users and active users.
fixes#3214
- new ```resendInvite``` method on the User model encapsulates all logic
- only sending users email address when re-inviting, since the user already exists on the back-end
- ```revoke``` calls DELETE on /ghost/api/v0.1/users/:user_id
Closes#3079
- new controller and template for invite-new-user-modal
- actually triggers email invite via POST /ghost/api/v0.1/users/
- setting default language value (on the client) when creating a user
- only available role is "Author" - pending 3196
- updates to UsersIndexController to allow dynamic property calculation and template rending
Closes#2843
* Implemnted the ember validator correctly for both reset request and actual reset (with the token)
* added reset validator
* changed the request route addresses to be `/authentication/passwordreset`
* changed the format of data to be `{ thing: [ {data } ] }`
Missing:
* notifications
* tests for these use cases
closes#2759closes#3027
- added oauth2orize library for server side oAuth handling
- added ember-simple-auth library for admin oAuth handling
- added tables for client, accesstoken and refreshtoken
- implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant
- updated api tests with oAuth
- removed session, authentication is now token based
Known issues:
- Restore spam prevention #3128
- Signin after Signup #3125
- Signin validation #3125
**Attention**
- oldClient doesn't work with this PR anymore, session authentication
was
removed
Ref #2699
- Introduce ember data dependency
- Add loadInitializers and refactor most initializers into one combined
- Add Post ember data model
- Refactor generateSlug to use title of post and ghostPaths
- Refactor post controller to not reference model.property everywhere
- Use RESTAdapter for posts, users and tags
- Setup author and tag relations in Post model
- Fix broken API calls by adding CSRF header
- Add initiaizer for csrf value
- Use actual User model for current user initializer
- Add action for setting featured post, test with actual api call
- Fix the sending of UUID's up to the server
- Refactor current-user to use ember-data store
- If a user is preloaded in the application, use pushPayload to put it
in the store
- Do a lookup on the store to get an actual User model for injection
- Fix posts/post controllerName in route/new.js
- Alter signup process to push user into ember data store
Ref #2413
- Remove fixture and use actual API
- Store and send down actual logged in user data
- Refactor isLoggedIn to use computed property on application
- After signin, update user data in dependency container
- Add CSRF to all routes and controllers via initializer
- Update authenticated route to check for user.isLoggedIn
- Add notifications for signin error
- Add notifications.showAPIError helper
- Add plumbing for refreshless signup to doSignUp in admin controller
closes#2593
- added new format to user API methods
- changed all places where the user api was used
- updated tests and added more coverage
- little bit of cleanup in utils/api
closes#2412
- Updated the reset route to accept token parameter and hand it over to the controller.
- Added ResetController which handles the submit action and the button disabled state.
- Added reset action to the user model to handle ajax request.
- Updated reset template.
- Added fixtures to test reset API action.
- Fixed password variable names to camel cased style (e.g. newpassword -> newPassword).
closes#2411
- Added ForgottenController which handles the form submit event
- Modified the forgotten template
- Added Paths utility tool to get the root/subpath
- Added ajax fixture
addresses #2422
- creates settings user controller
- creates user model object
- updates user fixture to be compatible with user model
- updates settings/user template
- add validator to Ember Admin
- use validator to validate user model is valid
- add mock response to /users/me/ path
- creates models/base file for all models to inherit from
- add mock response to /ghost/changepw/ path
Closes#340. Closes#375
* Replaced session with id of current user
* Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy)
* Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't)
* If user has profile picture, that will be used
* If user has name, that will be used
* Password changing doesn't care about your email. Uses cookies. Tasty!
* User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`.
* Added logic to user api to check for `id === 'me'`, and then use the cookie value
* User data saves are now correct
* There is no logout error
closes#276
- settings screen now loads a model when a pane is requested, rather than when the whole screen is requested
- added browse, read and edit methods and routes for users to the API
- added user model & template to client and wired everything up.
- provided default images for cover and profile picture
