TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-01 13:54:35 +03:00
Code Issues Projects Releases Wiki Activity
61e94a6e8b
Ghost/core/server/api/posts.js
Sebastian Gierlinger 61e94a6e8b Use current user in models 
closes #2058
- fixed apiContext as suggested in the issue
- added user to options object for models
- added api.users.register() for public registration
- changed models to use options.user for created_by, updated_by,
author_id and published_by
- added override to session model to avoid created_by and updated_by
values
- added user (id: 1) to tests
- added user (id: 1) for registration
- added user (id: 1) for import, fixtures and default settings
- added user (id: 1) for user update
- added user (id: 1) for settings update (dbHash, installedApps, update
check)
- updated bookshelf to version 0.6.8
2014-04-16 18:20:09 +02:00

118 lines
4.5 KiB
JavaScript
Raw Blame History

var when = require('when'),
_ = require('lodash'),
dataProvider = require('../models'),
canThis = require('../permissions').canThis,
filteredUserAttributes = require('./users').filteredAttributes,
posts;
function checkPostData(postData) {
if (_.isEmpty(postData) || _.isEmpty(postData.posts) || _.isEmpty(postData.posts[0])) {
return when.reject({code: 400, message: 'No root key (\'posts\') provided.'});
}
return when.resolve(postData);
}
// ## Posts
posts = {
// #### Browse
// **takes:** filter / pagination parameters
browse: function browse(options) {
options = options || {};
// **returns:** a promise for a page of posts in a json object
return dataProvider.Post.findPage(options).then(function (result) {
var i = 0,
omitted = result;
for (i = 0; i < omitted.posts.length; i = i + 1) {
omitted.posts[i].author = _.omit(omitted.posts[i].author, filteredUserAttributes);
}
return omitted;
});
},
// #### Read
// **takes:** an identifier (id or slug?)
read: function read(args) {
// **returns:** a promise for a single post in a json object
return dataProvider.Post.findOne(args).then(function (result) {
var omitted;
if (result) {
omitted = result.toJSON();
omitted.author = _.omit(omitted.author, filteredUserAttributes);
return { posts: [ omitted ]};
}
return when.reject({code: 404, message: 'Post not found'});
});
},
generateSlug: function getSlug(args) {
return dataProvider.Base.Model.generateSlug(dataProvider.Post, args.title, {status: 'all'}).then(function (slug) {
if (slug) {
return slug;
}
return when.reject({code: 500, message: 'Could not generate slug'});
});
},
// #### Edit
// **takes:** a json object with all the properties which should be updated
edit: function edit(postData) {
// **returns:** a promise for the resulting post in a json object
var self = this;
return canThis(self.user).edit.post(postData.id).then(function () {
return checkPostData(postData).then(function (checkedPostData) {
return dataProvider.Post.edit(checkedPostData.posts[0], {user: self.user})
}).then(function (result) {
if (result) {
var omitted = result.toJSON();
omitted.author = _.omit(omitted.author, filteredUserAttributes);
return { posts: [ omitted ]};
}
return when.reject({code: 404, message: 'Post not found'});
});
}, function () {
return when.reject({code: 403, message: 'You do not have permission to edit this post.'});
});
},
// #### Add
// **takes:** a json object representing a post,
add: function add(postData) {
var self = this;
// **returns:** a promise for the resulting post in a json object
return canThis(this.user).create.post().then(function () {
return checkPostData(postData).then(function (checkedPostData) {
return dataProvider.Post.add(checkedPostData.posts[0], {user: self.user});
}).then(function (result) {
var omitted = result.toJSON();
omitted.author = _.omit(omitted.author, filteredUserAttributes);
return { posts: [ omitted ]};
});
}, function () {
return when.reject({code: 403, message: 'You do not have permission to add posts.'});
});
},
// #### Destroy
// **takes:** an identifier (id or slug?)
destroy: function destroy(args) {
// **returns:** a promise for a json response with the id of the deleted post
return canThis(this.user).remove.post(args.id).then(function () {
return posts.read({id : args.id, status: 'all'}).then(function (result) {
return dataProvider.Post.destroy(args.id).then(function () {
var deletedObj = result;
return deletedObj;
});
});
}, function () {
return when.reject({code: 403, message: 'You do not have permission to remove posts.'});
});
}
};
module.exports = posts;
Reference in New Issue View Git Blame Copy Permalink