mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-20 09:22:49 +03:00
c646e78fff
no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
67 lines
2.1 KiB
JavaScript
67 lines
2.1 KiB
JavaScript
import AuthenticatedRoute from 'ghost-admin/routes/authenticated';
|
|
import {pluralize} from 'ember-inflector';
|
|
|
|
export default AuthenticatedRoute.extend({
|
|
beforeModel(transition) {
|
|
this._super(...arguments);
|
|
|
|
// if the transition is not new->edit, reset the post on the controller
|
|
// so that the editor view is cleared before showing the loading state
|
|
if (transition.urlMethod !== 'replace') {
|
|
let editor = this.controllerFor('editor');
|
|
editor.set('post', null);
|
|
editor.reset();
|
|
}
|
|
},
|
|
|
|
model(params, transition) {
|
|
// eslint-disable-next-line camelcase
|
|
let {type: modelName, post_id} = params;
|
|
|
|
if (!['post', 'page'].includes(modelName)) {
|
|
let path = transition.intent.url.replace(/^\//, '');
|
|
return this.replaceWith('error404', {path, status: 404});
|
|
}
|
|
|
|
let query = {
|
|
id: post_id
|
|
};
|
|
|
|
return this.store.query(modelName, query)
|
|
.then(records => records.get('firstObject'));
|
|
},
|
|
|
|
// the API will return a post even if the logged in user doesn't have
|
|
// permission to edit it (all posts are public) so we need to do our
|
|
// own permissions check and redirect if necessary
|
|
afterModel(post) {
|
|
this._super(...arguments);
|
|
|
|
const user = this.session.user;
|
|
const returnRoute = pluralize(post.constructor.modelName);
|
|
|
|
if (user.isAuthorOrContributor && !post.isAuthoredByUser(user)) {
|
|
return this.replaceWith(returnRoute);
|
|
}
|
|
|
|
// If the post is not a draft and user is contributor, redirect to index
|
|
if (user.isContributor && !post.isDraft) {
|
|
return this.replaceWith(returnRoute);
|
|
}
|
|
},
|
|
|
|
serialize(model) {
|
|
return {
|
|
type: model.constructor.modelName,
|
|
post_id: model.id
|
|
};
|
|
},
|
|
|
|
// there's no specific controller for this route, instead all editor
|
|
// handling is done on the editor route/controler
|
|
setupController(controller, post) {
|
|
let editor = this.controllerFor('editor');
|
|
editor.setPost(post);
|
|
}
|
|
});
|