Ghost/core/server/models/invite.js
Vikas Potluri 4ac88dce10
Refactored common lib import to use destructuring (#11835)
* refactored `core/frontend/apps` to destructure common imports
* refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports
* refactored `core/frontend/services/settings` to destructure common imports
* refactored remaining `core/frontend/services` to destructure common imports
* refactored `core/server/adapters` to destructure common imports
* refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports
* refactored `core/server/data/importer` to destructure common imports
* refactored `core/server/models/{base, plugins, relations}` to destructure common imports
* refactored remaining `core/server/models` to destructure common imports
* refactored `core/server/api/canary/utils/serializers/output` to destructure common imports
* refactored remaining `core/server/api/canary/utils` to destructure common imports
* refactored remaining `core/server/api/canary` to destructure common imports
* refactored `core/server/api/shared` to destructure common imports
* refactored `core/server/api/v2/utils` to destructure common imports
* refactored remaining `core/server/api/v2` to destructure common imports
* refactored `core/frontend/meta` to destructure common imports
* fixed some tests referencing `common.errors` instead of `@tryghost/errors`
   - Not all of them need to be updated; only updating the ones that are
causing failures
* fixed errors import being shadowed by local scope
2020-05-22 19:22:20 +01:00

109 lines
3.7 KiB
JavaScript

const Promise = require('bluebird');
const _ = require('lodash');
const {i18n} = require('../lib/common');
const errors = require('@tryghost/errors');
const constants = require('../lib/constants');
const security = require('../lib/security');
const settingsCache = require('../services/settings/cache');
const ghostBookshelf = require('./base');
let Invite;
let Invites;
Invite = ghostBookshelf.Model.extend({
tableName: 'invites',
toJSON: function (unfilteredOptions) {
const options = Invite.filterOptions(unfilteredOptions, 'toJSON');
const attrs = ghostBookshelf.Model.prototype.toJSON.call(this, options);
delete attrs.token;
return attrs;
}
}, {
orderDefaultOptions: function orderDefaultOptions() {
return {};
},
add: function add(data, unfilteredOptions) {
const options = Invite.filterOptions(unfilteredOptions, 'add');
data = data || {};
if (!options.context || !options.context.internal) {
data.status = 'pending';
}
data.expires = Date.now() + constants.ONE_WEEK_MS;
data.token = security.tokens.generateFromEmail({
email: data.email,
expires: data.expires,
secret: settingsCache.get('db_hash')
});
return ghostBookshelf.Model.add.call(this, data, options);
},
permissible(inviteModel, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasApiKeyPermission) {
const isAdd = (action === 'add');
if (!isAdd) {
if (hasUserPermission && hasApiKeyPermission) {
return Promise.resolve();
}
return Promise.reject(new errors.NoPermissionError({
message: i18n.t('errors.models.invite.notEnoughPermission')
}));
}
// CASE: make sure user is allowed to add a user with this role
return ghostBookshelf.model('Role')
.findOne({id: unsafeAttrs.role_id})
.then((roleToInvite) => {
if (!roleToInvite) {
return Promise.reject(new errors.NotFoundError({
message: i18n.t('errors.api.invites.roleNotFound')
}));
}
if (roleToInvite.get('name') === 'Owner') {
return Promise.reject(new errors.NoPermissionError({
message: i18n.t('errors.api.invites.notAllowedToInviteOwner')
}));
}
let allowed = [];
if (_.some(loadedPermissions.user.roles, {name: 'Owner'}) ||
_.some(loadedPermissions.user.roles, {name: 'Administrator'})) {
allowed = ['Administrator', 'Editor', 'Author', 'Contributor'];
} else if (_.some(loadedPermissions.user.roles, {name: 'Editor'})) {
allowed = ['Author', 'Contributor'];
}
if (allowed.indexOf(roleToInvite.get('name')) === -1) {
throw new errors.NoPermissionError({
message: i18n.t('errors.api.invites.notAllowedToInvite')
});
}
if (hasUserPermission && hasApiKeyPermission) {
return Promise.resolve();
}
return Promise.reject(new errors.NoPermissionError({
message: i18n.t('errors.models.invite.notEnoughPermission')
}));
});
}
});
Invites = ghostBookshelf.Collection.extend({
model: Invite
});
module.exports = {
Invite: ghostBookshelf.model('Invite', Invite),
Invites: ghostBookshelf.collection('Invites', Invites)
};