Ghost/core/server/apps
Jacob Gable 298077582b ACL and strict rules for Settings API
Ref #2061

- Add canThis permission checks to settings api calls
- Add strict rules about accessing core settings without internal: true
- Omit core settings in browse() call unless internal: true
- Update unit tests to call api.settings with contexts
- Add a couple unit tests for new scenarios
- Update all api.settings calls in the app to call with internal context
- Re-arrange permissions.init in server startup so config.theme.update
can access settings without permissions error
2014-05-07 10:56:03 -05:00
..
dependencies.js Install App Dependencies 2014-02-08 16:58:13 -06:00
index.js ACL and strict rules for Settings API 2014-05-07 10:56:03 -05:00
loader.js AppProxy with permissions checks and app context 2014-04-26 10:38:23 -05:00
permissions.js App Permissions from package.json 2014-04-16 18:14:56 +02:00
proxy.js AppProxy with permissions checks and app context 2014-04-26 10:38:23 -05:00
sandbox.js Replace JSLint with JSHint. 2014-03-04 15:47:39 +00:00