mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-11-29 07:09:48 +03:00
5bf3fe9cb8
closes https://github.com/TryGhost/Team/issues/2190 - added a guard around the tier fetches in `membersUtils` service so the fetch doesn't occur unless we have a logged in user and they aren't a contributor - extracted the `withPermissionsCheck` mirage util function and added role checks around the mocked tiers endpoints - added an acceptance test that loads the content screen and creates a draft post as a contributor to help catch regressions
52 lines
1.4 KiB
JavaScript
52 lines
1.4 KiB
JavaScript
import {paginatedResponse, withPermissionsCheck} from '../utils';
|
|
|
|
const ALLOWED_WRITE_ROLES = [
|
|
'Owner',
|
|
'Administrator'
|
|
];
|
|
const ALLOWED_READ_ROLES = [
|
|
'Owner',
|
|
'Administrator',
|
|
'Editor',
|
|
'Author'
|
|
];
|
|
|
|
export default function mockTiers(server) {
|
|
// CREATE
|
|
server.post('/tiers/', withPermissionsCheck(ALLOWED_WRITE_ROLES, function ({tiers}) {
|
|
const attrs = this.normalizedRequestAttrs();
|
|
return tiers.create(attrs);
|
|
}));
|
|
|
|
// READ
|
|
server.get('/tiers/', withPermissionsCheck(ALLOWED_READ_ROLES, paginatedResponse('tiers')));
|
|
|
|
server.get('/tiers/:id/', withPermissionsCheck(ALLOWED_READ_ROLES, function ({tiers}, {params}) {
|
|
let {id} = params;
|
|
let tier = tiers.find(id);
|
|
|
|
return tier || new Response(404, {}, {
|
|
errors: [{
|
|
type: 'NotFoundError',
|
|
message: 'Tier not found.'
|
|
}]
|
|
});
|
|
}));
|
|
|
|
// UPDATE
|
|
server.put('/tiers/:id/', withPermissionsCheck(ALLOWED_WRITE_ROLES, function ({tiers}, {params}) {
|
|
const attrs = this.normalizedRequestAttrs();
|
|
const tier = tiers.find(params.id);
|
|
|
|
tier.update(attrs);
|
|
|
|
return tier.save();
|
|
}));
|
|
|
|
// DELETE
|
|
server.del('/tiers/:id/', withPermissionsCheck(ALLOWED_WRITE_ROLES, function (schema, request) {
|
|
const id = request.params.id;
|
|
schema.tiers.find(id).destroy();
|
|
}));
|
|
}
|