mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-21 09:52:06 +03:00
c6a95c6478
no issue - this commit cleans up the usages of `include` and `withRelated`. ### API layer (`include`) - as request parameter e.g. `?include=roles,tags` - as theme API parameter e.g. `{{get .... include="author"}}` - as internal API access e.g. `api.posts.browse({include: 'author,tags'})` - the `include` notation is more readable than `withRelated` - and it allows us to use a different easier format (comma separated list) - the API utility transforms these more readable properties into model style (or into Ghost style) ### Model access (`withRelated`) - e.g. `models.Post.findPage({withRelated: ['tags']})` - driven by bookshelf --- Commits explained. * Reorder the usage of `convertOptions` - 1. validation - 2. options convertion - 3. permissions - the reason is simple, the permission layer access the model layer - we have to prepare the options before talking to the model layer - added `convertOptions` where it was missed (not required, but for consistency reasons) * Use `withRelated` when accessing the model layer and use `include` when accessing the API layer * Change `convertOptions` API utiliy - API Usage - ghost.api(..., {include: 'tags,authors'}) - `include` should only be used when calling the API (either via request or via manual usage) - `include` is only for readability and easier format - Ghost (Model Layer Usage) - models.Post.findOne(..., {withRelated: ['tags', 'authors']}) - should only use `withRelated` - model layer cannot read 'tags,authors` - model layer has no idea what `include` means, speaks a different language - `withRelated` is bookshelf - internal usage * include-count plugin: use `withRelated` instead of `include` - imagine you outsource this plugin to git and publish it to npm - `include` is an unknown option in bookshelf * Updated `permittedOptions` in base model - `include` is no longer a known option * Remove all occurances of `include` in the model layer * Extend `filterOptions` base function - this function should be called as first action - we clone the unfiltered options - check if you are using `include` (this is a protection which could help us in the beginning) - check for permitted and (later on default `withRelated`) options - the usage is coming in next commit * Ensure we call `filterOptions` as first action - use `ghostBookshelf.Model.filterOptions` as first action - consistent naming pattern for incoming options: `unfilteredOptions` - re-added allowed options for `toJSON` - one unsolved architecture problem: - if you override a function e.g. `edit` - then you should call `filterOptions` as first action - the base implementation of e.g. `edit` will call it again - future improvement * Removed `findOne` from Invite model - no longer needed, the base implementation is the same
80 lines
2.4 KiB
JavaScript
80 lines
2.4 KiB
JavaScript
// # Roles API
|
|
// RESTful API for the Role resource
|
|
var Promise = require('bluebird'),
|
|
pipeline = require('../lib/promise/pipeline'),
|
|
localUtils = require('./utils'),
|
|
canThis = require('../services/permissions').canThis,
|
|
models = require('../models'),
|
|
docName = 'roles',
|
|
|
|
roles;
|
|
|
|
/**
|
|
* ## Roles API Methods
|
|
*
|
|
* **See:** [API Methods](constants.js.html#api%20methods)
|
|
*/
|
|
roles = {
|
|
/**
|
|
* ### Browse
|
|
* Find all roles
|
|
*
|
|
* If a 'permissions' property is passed in the options object then
|
|
* the results will be filtered based on whether or not the context user has the given
|
|
* permission on a role.
|
|
*
|
|
*
|
|
* @public
|
|
* @param {{context, permissions}} options (optional)
|
|
* @returns {Promise(Roles)} Roles Collection
|
|
*/
|
|
browse: function browse(options) {
|
|
var permittedOptions = ['permissions'],
|
|
tasks;
|
|
|
|
/**
|
|
* ### Model Query
|
|
* Make the call to the Model layer
|
|
* @param {Object} options
|
|
* @returns {Object} options
|
|
*/
|
|
function modelQuery(options) {
|
|
return models.Role.findAll(options)
|
|
.then(function onModelResponse(models) {
|
|
var roles = models.map(function (role) {
|
|
return role.toJSON();
|
|
});
|
|
|
|
if (options.permissions !== 'assign') {
|
|
return {roles: roles};
|
|
}
|
|
|
|
return Promise.filter(roles.map(function (role) {
|
|
return canThis(options.context).assign.role(role)
|
|
.return(role)
|
|
.catch(function () {});
|
|
}), function (value) {
|
|
return value && value.name !== 'Owner';
|
|
}).then(function (roles) {
|
|
return {
|
|
roles: roles
|
|
};
|
|
});
|
|
});
|
|
}
|
|
|
|
// Push all of our tasks into a `tasks` array in the correct order
|
|
tasks = [
|
|
localUtils.validate(docName, {opts: permittedOptions}),
|
|
localUtils.convertOptions(),
|
|
localUtils.handlePermissions(docName, 'browse'),
|
|
modelQuery
|
|
];
|
|
|
|
// Pipeline calls each task passing the result of one to be the arguments for the next
|
|
return pipeline(tasks, options);
|
|
}
|
|
};
|
|
|
|
module.exports = roles;
|