mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-03 00:15:11 +03:00
fe48f7ed80
no issue - pattern of downloading a file by creating an iframe and setting the `src` attribute was repeated throughout the codebase and was using a mix of native and jQuery patterns - added a `utils` service for housing one-off utility methods like this to avoid repetition and mixed patterns becoming more widespread (we want to get rid of jQuery usage)
498 lines
18 KiB
JavaScript
498 lines
18 KiB
JavaScript
import Controller from '@ember/controller';
|
|
import boundOneWay from 'ghost-admin/utils/bound-one-way';
|
|
import copyTextToClipboard from 'ghost-admin/utils/copy-text-to-clipboard';
|
|
import isNumber from 'ghost-admin/utils/isNumber';
|
|
import validator from 'validator';
|
|
import windowProxy from 'ghost-admin/utils/window-proxy';
|
|
import {alias, and, not, or, readOnly} from '@ember/object/computed';
|
|
import {computed} from '@ember/object';
|
|
import {isArray as isEmberArray} from '@ember/array';
|
|
import {run} from '@ember/runloop';
|
|
import {inject as service} from '@ember/service';
|
|
import {task, taskGroup, timeout} from 'ember-concurrency';
|
|
|
|
export default Controller.extend({
|
|
ajax: service(),
|
|
config: service(),
|
|
dropdown: service(),
|
|
ghostPaths: service(),
|
|
limit: service(),
|
|
notifications: service(),
|
|
session: service(),
|
|
slugGenerator: service(),
|
|
utils: service(),
|
|
|
|
personalToken: null,
|
|
limitErrorMessage: null,
|
|
personalTokenRegenerated: false,
|
|
leaveSettingsTransition: null,
|
|
dirtyAttributes: false,
|
|
showDeleteUserModal: false,
|
|
showSuspendUserModal: false,
|
|
showTransferOwnerModal: false,
|
|
showUploadCoverModal: false,
|
|
showUploadImageModal: false,
|
|
showRegenerateTokenModal: false,
|
|
showRoleSelectionModal: false,
|
|
_scratchFacebook: null,
|
|
_scratchTwitter: null,
|
|
|
|
saveHandlers: taskGroup().enqueue(),
|
|
|
|
user: alias('model'),
|
|
currentUser: alias('session.user'),
|
|
|
|
email: readOnly('user.email'),
|
|
slugValue: boundOneWay('user.slug'),
|
|
|
|
canChangeEmail: not('isAdminUserOnOwnerProfile'),
|
|
canChangePassword: not('isAdminUserOnOwnerProfile'),
|
|
canMakeOwner: and('currentUser.isOwnerOnly', 'isNotOwnProfile', 'user.isAdminOnly', 'isNotSuspended'),
|
|
isAdminUserOnOwnerProfile: and('currentUser.isAdminOnly', 'user.isOwnerOnly'),
|
|
isNotOwnersProfile: not('user.isOwnerOnly'),
|
|
isNotSuspended: not('user.isSuspended'),
|
|
rolesDropdownIsVisible: and('currentUser.isAdmin', 'isNotOwnProfile', 'isNotOwnersProfile'),
|
|
userActionsAreVisible: or('deleteUserActionIsVisible', 'canMakeOwner'),
|
|
|
|
isNotOwnProfile: not('isOwnProfile'),
|
|
isOwnProfile: computed('user.id', 'currentUser.id', function () {
|
|
return this.get('user.id') === this.get('currentUser.id');
|
|
}),
|
|
|
|
deleteUserActionIsVisible: computed('currentUser.{isAdmin,isEditor}', 'user.{isOwnerOnly,isAuthorOrContributor}', 'isOwnProfile', function () {
|
|
// users can't delete themselves
|
|
if (this.isOwnProfile) {
|
|
return false;
|
|
}
|
|
|
|
if (
|
|
// owners/admins can delete any non-owner user
|
|
(this.currentUser.get('isAdmin') && !this.user.isOwnerOnly) ||
|
|
// editors can delete any author or contributor
|
|
(this.currentUser.get('isEditor') && this.user.isAuthorOrContributor)
|
|
) {
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}),
|
|
|
|
coverTitle: computed('user.name', function () {
|
|
return `${this.get('user.name')}'s Cover Image`;
|
|
}),
|
|
|
|
roles: computed(function () {
|
|
return this.store.query('role', {permissions: 'assign'});
|
|
}),
|
|
|
|
actions: {
|
|
toggleRoleSelectionModal(event) {
|
|
event?.preventDefault?.();
|
|
this.toggleProperty('showRoleSelectionModal');
|
|
},
|
|
|
|
changeRole(newRole) {
|
|
this.user.set('role', newRole);
|
|
this.set('dirtyAttributes', true);
|
|
},
|
|
|
|
toggleDeleteUserModal() {
|
|
if (this.deleteUserActionIsVisible) {
|
|
this.toggleProperty('showDeleteUserModal');
|
|
}
|
|
},
|
|
|
|
suspendUser() {
|
|
this.user.set('status', 'inactive');
|
|
return this.save.perform();
|
|
},
|
|
|
|
toggleSuspendUserModal() {
|
|
if (this.deleteUserActionIsVisible) {
|
|
this.toggleProperty('showSuspendUserModal');
|
|
}
|
|
},
|
|
|
|
unsuspendUser() {
|
|
this.user.set('status', 'active');
|
|
return this.save.perform();
|
|
},
|
|
|
|
toggleUnsuspendUserModal() {
|
|
if (this.deleteUserActionIsVisible) {
|
|
if (this.user.role.name !== 'Contributor'
|
|
&& this.limit.limiter
|
|
&& this.limit.limiter.isLimited('staff')
|
|
) {
|
|
this.limit.limiter.errorIfWouldGoOverLimit('staff')
|
|
.then(() => {
|
|
this.toggleProperty('showUnsuspendUserModal');
|
|
})
|
|
.catch((error) => {
|
|
if (error.errorType === 'HostLimitError') {
|
|
this.limitErrorMessage = error.message;
|
|
this.toggleProperty('showUnsuspendUserModal');
|
|
} else {
|
|
this.notifications.showAPIError(error, {key: 'staff.limit'});
|
|
}
|
|
});
|
|
} else {
|
|
this.toggleProperty('showUnsuspendUserModal');
|
|
}
|
|
}
|
|
},
|
|
|
|
validateFacebookUrl() {
|
|
let newUrl = this._scratchFacebook;
|
|
let oldUrl = this.get('user.facebook');
|
|
let errMessage = '';
|
|
|
|
// reset errors and validation
|
|
this.get('user.errors').remove('facebook');
|
|
this.get('user.hasValidated').removeObject('facebook');
|
|
|
|
if (newUrl === '') {
|
|
// Clear out the Facebook url
|
|
this.set('user.facebook', '');
|
|
return;
|
|
}
|
|
|
|
// _scratchFacebook will be null unless the user has input something
|
|
if (!newUrl) {
|
|
newUrl = oldUrl;
|
|
}
|
|
|
|
try {
|
|
// strip any facebook URLs out
|
|
newUrl = newUrl.replace(/(https?:\/\/)?(www\.)?facebook\.com/i, '');
|
|
|
|
// don't allow any non-facebook urls
|
|
if (newUrl.match(/^(http|\/\/)/i)) {
|
|
throw 'invalid url';
|
|
}
|
|
|
|
// strip leading / if we have one then concat to full facebook URL
|
|
newUrl = newUrl.replace(/^\//, '');
|
|
newUrl = `https://www.facebook.com/${newUrl}`;
|
|
|
|
// don't allow URL if it's not valid
|
|
if (!validator.isURL(newUrl)) {
|
|
throw 'invalid url';
|
|
}
|
|
|
|
this.set('user.facebook', '');
|
|
run.schedule('afterRender', this, function () {
|
|
this.set('user.facebook', newUrl);
|
|
});
|
|
} catch (e) {
|
|
if (e === 'invalid url') {
|
|
errMessage = 'The URL must be in a format like '
|
|
+ 'https://www.facebook.com/yourPage';
|
|
this.get('user.errors').add('facebook', errMessage);
|
|
return;
|
|
}
|
|
|
|
throw e;
|
|
} finally {
|
|
this.get('user.hasValidated').pushObject('facebook');
|
|
}
|
|
},
|
|
|
|
validateTwitterUrl() {
|
|
let newUrl = this._scratchTwitter;
|
|
let oldUrl = this.get('user.twitter');
|
|
let errMessage = '';
|
|
|
|
// reset errors and validation
|
|
this.get('user.errors').remove('twitter');
|
|
this.get('user.hasValidated').removeObject('twitter');
|
|
|
|
if (newUrl === '') {
|
|
// Clear out the Twitter url
|
|
this.set('user.twitter', '');
|
|
return;
|
|
}
|
|
|
|
// _scratchTwitter will be null unless the user has input something
|
|
if (!newUrl) {
|
|
newUrl = oldUrl;
|
|
}
|
|
|
|
if (newUrl.match(/(?:twitter\.com\/)(\S+)/) || newUrl.match(/([a-z\d.]+)/i)) {
|
|
let username = [];
|
|
|
|
if (newUrl.match(/(?:twitter\.com\/)(\S+)/)) {
|
|
[, username] = newUrl.match(/(?:twitter\.com\/)(\S+)/);
|
|
} else {
|
|
[username] = newUrl.match(/([^/]+)\/?$/mi);
|
|
}
|
|
|
|
// check if username starts with http or www and show error if so
|
|
if (username.match(/^(http|www)|(\/)/) || !username.match(/^[a-z\d._]{1,15}$/mi)) {
|
|
errMessage = !username.match(/^[a-z\d._]{1,15}$/mi) ? 'Your Username is not a valid Twitter Username' : 'The URL must be in a format like https://twitter.com/yourUsername';
|
|
|
|
this.get('user.errors').add('twitter', errMessage);
|
|
this.get('user.hasValidated').pushObject('twitter');
|
|
return;
|
|
}
|
|
|
|
newUrl = `https://twitter.com/${username}`;
|
|
|
|
this.get('user.hasValidated').pushObject('twitter');
|
|
|
|
this.set('user.twitter', '');
|
|
run.schedule('afterRender', this, function () {
|
|
this.set('user.twitter', newUrl);
|
|
});
|
|
} else {
|
|
errMessage = 'The URL must be in a format like '
|
|
+ 'https://twitter.com/yourUsername';
|
|
this.get('user.errors').add('twitter', errMessage);
|
|
this.get('user.hasValidated').pushObject('twitter');
|
|
return;
|
|
}
|
|
},
|
|
|
|
transferOwnership() {
|
|
let user = this.user;
|
|
let url = this.get('ghostPaths.url').api('users', 'owner');
|
|
|
|
this.dropdown.closeDropdowns();
|
|
|
|
return this.ajax.put(url, {
|
|
data: {
|
|
owner: [{
|
|
id: user.get('id')
|
|
}]
|
|
}
|
|
}).then((response) => {
|
|
// manually update the roles for the users that just changed roles
|
|
// because store.pushPayload is not working with embedded relations
|
|
if (response && isEmberArray(response.users)) {
|
|
response.users.forEach((userJSON) => {
|
|
let updatedUser = this.store.peekRecord('user', userJSON.id);
|
|
let role = this.store.peekRecord('role', userJSON.roles[0].id);
|
|
|
|
updatedUser.set('role', role);
|
|
});
|
|
}
|
|
|
|
this.notifications.showAlert(`Ownership successfully transferred to ${user.get('name')}`, {type: 'success', key: 'owner.transfer.success'});
|
|
}).catch((error) => {
|
|
this.notifications.showAPIError(error, {key: 'owner.transfer'});
|
|
});
|
|
},
|
|
|
|
toggleLeaveSettingsModal(transition) {
|
|
let leaveTransition = this.leaveSettingsTransition;
|
|
|
|
if (!transition && this.showLeaveSettingsModal) {
|
|
this.set('leaveSettingsTransition', null);
|
|
this.set('showLeaveSettingsModal', false);
|
|
return;
|
|
}
|
|
|
|
if (!leaveTransition || transition.targetName === leaveTransition.targetName) {
|
|
this.set('leaveSettingsTransition', transition);
|
|
|
|
// if a save is running, wait for it to finish then transition
|
|
if (this.get('saveHandlers.isRunning')) {
|
|
return this.get('saveHandlers.last').then(() => {
|
|
transition.retry();
|
|
});
|
|
}
|
|
|
|
// we genuinely have unsaved data, show the modal
|
|
this.set('showLeaveSettingsModal', true);
|
|
}
|
|
},
|
|
|
|
leaveSettings() {
|
|
let transition = this.leaveSettingsTransition;
|
|
let user = this.user;
|
|
|
|
if (!transition) {
|
|
this.notifications.showAlert('Sorry, there was an error in the application. Please let the Ghost team know what happened.', {type: 'error'});
|
|
return;
|
|
}
|
|
|
|
// roll back changes on user props
|
|
user.rollbackAttributes();
|
|
// roll back the slugValue property
|
|
if (this.dirtyAttributes) {
|
|
this.set('slugValue', user.get('slug'));
|
|
this.set('dirtyAttributes', false);
|
|
}
|
|
|
|
return transition.retry();
|
|
},
|
|
|
|
toggleTransferOwnerModal() {
|
|
if (this.canMakeOwner) {
|
|
this.toggleProperty('showTransferOwnerModal');
|
|
}
|
|
},
|
|
|
|
toggleUploadCoverModal() {
|
|
this.toggleProperty('showUploadCoverModal');
|
|
},
|
|
|
|
toggleUploadImageModal() {
|
|
this.toggleProperty('showUploadImageModal');
|
|
},
|
|
|
|
// TODO: remove those mutation actions once we have better
|
|
// inline validations that auto-clear errors on input
|
|
updatePassword(password) {
|
|
this.set('user.password', password);
|
|
this.get('user.hasValidated').removeObject('password');
|
|
this.get('user.errors').remove('password');
|
|
},
|
|
|
|
updateNewPassword(password) {
|
|
this.set('user.newPassword', password);
|
|
this.get('user.hasValidated').removeObject('newPassword');
|
|
this.get('user.errors').remove('newPassword');
|
|
},
|
|
|
|
updateNe2Password(password) {
|
|
this.set('user.ne2Password', password);
|
|
this.get('user.hasValidated').removeObject('ne2Password');
|
|
this.get('user.errors').remove('ne2Password');
|
|
},
|
|
|
|
confirmRegenerateTokenModal() {
|
|
this.set('showRegenerateTokenModal', true);
|
|
},
|
|
|
|
cancelRegenerateTokenModal() {
|
|
this.set('showRegenerateTokenModal', false);
|
|
},
|
|
|
|
regenerateToken() {
|
|
let url = this.get('ghostPaths.url').api('users', 'me', 'token');
|
|
|
|
return this.ajax.put(url, {data: {}}).then(({apiKey}) => {
|
|
this.set('personalToken', apiKey.id + ':' + apiKey.secret);
|
|
this.set('personalTokenRegenerated', true);
|
|
}).catch((error) => {
|
|
this.notifications.showAPIError(error, {key: 'token.regenerate'});
|
|
});
|
|
}
|
|
},
|
|
|
|
_exportDb(filename) {
|
|
this.utils.downloadFile(`${this.ghostPaths.url.api('db')}?filename=${filename}`);
|
|
},
|
|
|
|
deleteUser: task(function *() {
|
|
try {
|
|
const result = yield this.user.destroyRecord();
|
|
|
|
if (result._meta && result._meta.filename) {
|
|
this._exportDb(result._meta.filename);
|
|
// give the iframe some time to trigger the download before
|
|
// it's removed from the dom when transitioning
|
|
yield timeout(300);
|
|
}
|
|
|
|
this.notifications.closeAlerts('user.delete');
|
|
this.store.unloadAll('post');
|
|
this.transitionToRoute('staff');
|
|
} catch (error) {
|
|
this.notifications.showAlert('The user could not be deleted. Please try again.', {type: 'error', key: 'user.delete.failed'});
|
|
throw error;
|
|
}
|
|
}),
|
|
|
|
updateSlug: task(function* (newSlug) {
|
|
let slug = this.get('user.slug');
|
|
|
|
newSlug = newSlug || slug;
|
|
newSlug = newSlug.trim();
|
|
|
|
// Ignore unchanged slugs or candidate slugs that are empty
|
|
if (!newSlug || slug === newSlug) {
|
|
this.set('slugValue', slug);
|
|
|
|
return true;
|
|
}
|
|
|
|
let serverSlug = yield this.slugGenerator.generateSlug('user', newSlug);
|
|
|
|
// If after getting the sanitized and unique slug back from the API
|
|
// we end up with a slug that matches the existing slug, abort the change
|
|
if (serverSlug === slug) {
|
|
return true;
|
|
}
|
|
|
|
// Because the server transforms the candidate slug by stripping
|
|
// certain characters and appending a number onto the end of slugs
|
|
// to enforce uniqueness, there are cases where we can get back a
|
|
// candidate slug that is a duplicate of the original except for
|
|
// the trailing incrementor (e.g., this-is-a-slug and this-is-a-slug-2)
|
|
|
|
// get the last token out of the slug candidate and see if it's a number
|
|
let slugTokens = serverSlug.split('-');
|
|
let check = Number(slugTokens.pop());
|
|
|
|
// if the candidate slug is the same as the existing slug except
|
|
// for the incrementor then the existing slug should be used
|
|
if (isNumber(check) && check > 0) {
|
|
if (slug === slugTokens.join('-') && serverSlug !== newSlug) {
|
|
this.set('slugValue', slug);
|
|
|
|
return true;
|
|
}
|
|
}
|
|
|
|
this.set('slugValue', serverSlug);
|
|
this.set('dirtyAttributes', true);
|
|
|
|
return true;
|
|
}).group('saveHandlers'),
|
|
|
|
save: task(function* () {
|
|
let user = this.user;
|
|
let slugValue = this.slugValue;
|
|
let slugChanged;
|
|
|
|
if (user.get('slug') !== slugValue) {
|
|
slugChanged = true;
|
|
user.set('slug', slugValue);
|
|
}
|
|
|
|
try {
|
|
user = yield user.save({format: false});
|
|
|
|
// If the user's slug has changed, change the URL and replace
|
|
// the history so refresh and back button still work
|
|
if (slugChanged) {
|
|
let currentPath = window.location.hash;
|
|
|
|
let newPath = currentPath.split('/');
|
|
newPath[newPath.length - 1] = user.get('slug');
|
|
newPath = newPath.join('/');
|
|
|
|
windowProxy.replaceState({path: newPath}, '', newPath);
|
|
}
|
|
|
|
this.set('dirtyAttributes', false);
|
|
this.notifications.closeAlerts('user.update');
|
|
|
|
return user;
|
|
} catch (error) {
|
|
// validation engine returns undefined so we have to check
|
|
// before treating the failure as an API error
|
|
if (error) {
|
|
this.notifications.showAPIError(error, {key: 'user.update'});
|
|
}
|
|
}
|
|
}).group('saveHandlers'),
|
|
|
|
copyContentKey: task(function* () {
|
|
copyTextToClipboard(this.personalToken);
|
|
yield timeout(this.isTesting ? 50 : 3000);
|
|
})
|
|
});
|