mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-08 04:03:12 +03:00
c646e78fff
no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
73 lines
2.3 KiB
JavaScript
73 lines
2.3 KiB
JavaScript
/* eslint-disable camelcase */
|
|
import AuthenticatedRoute from 'ghost-admin/routes/authenticated';
|
|
import CurrentUserSettings from 'ghost-admin/mixins/current-user-settings';
|
|
|
|
export default AuthenticatedRoute.extend(CurrentUserSettings, {
|
|
model(params) {
|
|
return this.store.queryRecord('user', {slug: params.user_slug, include: 'count.posts'});
|
|
},
|
|
|
|
afterModel(user) {
|
|
this._super(...arguments);
|
|
|
|
const currentUser = this.session.user;
|
|
|
|
let isOwnProfile = user.get('id') === currentUser.get('id');
|
|
let isAuthorOrContributor = currentUser.get('isAuthorOrContributor');
|
|
let isEditor = currentUser.get('isEditor');
|
|
|
|
if (isAuthorOrContributor && !isOwnProfile) {
|
|
this.transitionTo('staff.user', currentUser);
|
|
} else if (isEditor && !isOwnProfile && !user.get('isAuthorOrContributor')) {
|
|
this.transitionTo('staff');
|
|
}
|
|
|
|
if (isOwnProfile) {
|
|
this.store.queryRecord('api-key', {id: 'me'}).then((apiKey) => {
|
|
this.controller.set('personalToken', apiKey.id + ':' + apiKey.secret);
|
|
this.controller.set('personalTokenRegenerated', false);
|
|
});
|
|
}
|
|
},
|
|
|
|
serialize(model) {
|
|
return {user_slug: model.get('slug')};
|
|
},
|
|
|
|
actions: {
|
|
didTransition() {
|
|
this.modelFor('staff.user').get('errors').clear();
|
|
},
|
|
|
|
save() {
|
|
this.get('controller.save').perform();
|
|
},
|
|
|
|
willTransition(transition) {
|
|
let controller = this.controller;
|
|
let user = controller.user;
|
|
let dirtyAttributes = controller.dirtyAttributes;
|
|
let modelIsDirty = user.get('hasDirtyAttributes');
|
|
|
|
// always reset the password properties on the user model when leaving
|
|
if (user) {
|
|
user.set('password', '');
|
|
user.set('newPassword', '');
|
|
user.set('ne2Password', '');
|
|
}
|
|
|
|
if (modelIsDirty || dirtyAttributes) {
|
|
transition.abort();
|
|
controller.send('toggleLeaveSettingsModal', transition);
|
|
return;
|
|
}
|
|
}
|
|
},
|
|
|
|
buildRouteInfoMetadata() {
|
|
return {
|
|
titleToken: 'Staff - User'
|
|
};
|
|
}
|
|
});
|