Ghost/core/server/models/settings.js
Hannah Wolfe b2f1d0559b Themes API activation permissions & validation (#8104)
refs #8093

 Add activate theme permission
- add permission to activate themes
- update tests
- also: update tests for invites
TODO: change how the active theme setting is updated to reduce extra permissions

 Move theme validation to gscan
- add a new gscan validation method and use it for upload
- update activate endpoint to do validation also using gscan
- change to using SettingsModel instead of API so that we don't call validation or permissions on the settings API
- remove validation from the settings model
- remove the old validation function
- add new invalid theme message to translations & remove a bunch of theme validation related unused keys

📖  Planned changes

🚨 Tests for theme activation API endpoint
🐛 Don't allow deleting the active theme

🚫 Prevent activeTheme being set via settings API
- We want to control how this happens in future.
- We still want to store the information in settings, via the model.
- We just don't want to be able to change this info via the settings edit endpoint

🐛  Fix warnings for uploads & add for activations
- warnings for uploads were broken in f8b498d
- fix the response + adds tests to cover that warnings are correctly returned
- add the same response to activations + more tests
- activations now return a single theme object - the theme that was activated + any warnings

🎨 Improve how we generate theme API responses
- remove the requirement to pass in the active theme!
- move this to a specialist function, away from the list

🎨 Do not load gscan on boot
2017-03-13 12:44:44 +01:00

175 lines
5.7 KiB
JavaScript

var Settings,
Promise = require('bluebird'),
_ = require('lodash'),
uuid = require('uuid'),
ghostBookshelf = require('./base'),
errors = require('../errors'),
events = require('../events'),
i18n = require('../i18n'),
validation = require('../data/validation'),
internalContext = {context: {internal: true}},
defaultSettings;
// For neatness, the defaults file is split into categories.
// It's much easier for us to work with it as a single level
// instead of iterating those categories every time
function parseDefaultSettings() {
var defaultSettingsInCategories = require('../data/schema/').defaultSettings,
defaultSettingsFlattened = {},
dynamicDefault = {
dbHash: uuid.v4()
};
_.each(defaultSettingsInCategories, function each(settings, categoryName) {
_.each(settings, function each(setting, settingName) {
setting.type = categoryName;
setting.key = settingName;
if (dynamicDefault[setting.key]) {
setting.defaultValue = dynamicDefault[setting.key];
}
defaultSettingsFlattened[settingName] = setting;
});
});
return defaultSettingsFlattened;
}
function getDefaultSettings() {
if (!defaultSettings) {
defaultSettings = parseDefaultSettings();
}
return defaultSettings;
}
// Each setting is saved as a separate row in the database,
// but the overlying API treats them as a single key:value mapping
Settings = ghostBookshelf.Model.extend({
tableName: 'settings',
defaults: function defaults() {
return {
type: 'core'
};
},
emitChange: function emitChange(event) {
events.emit('settings' + '.' + event, this);
},
onDestroyed: function onDestroyed(model) {
model.emitChange('deleted');
model.emitChange(model.attributes.key + '.' + 'deleted');
},
onCreated: function onCreated(model) {
model.emitChange('added');
model.emitChange(model.attributes.key + '.' + 'added');
},
onUpdated: function onUpdated(model) {
model.emitChange('edited');
model.emitChange(model.attributes.key + '.' + 'edited');
},
onValidate: function onValidate() {
var self = this,
setting = this.toJSON();
return validation.validateSchema(self.tableName, setting).then(function then() {
return validation.validateSettings(getDefaultSettings(), self);
});
}
}, {
findOne: function (data, options) {
if (_.isEmpty(data)) {
options = data;
}
// Allow for just passing the key instead of attributes
if (!_.isObject(data)) {
data = {key: data};
}
return Promise.resolve(ghostBookshelf.Model.findOne.call(this, data, options));
},
edit: function (data, options) {
var self = this;
options = this.filterOptions(options, 'edit');
if (!Array.isArray(data)) {
data = [data];
}
return Promise.map(data, function (item) {
// Accept an array of models as input
if (item.toJSON) { item = item.toJSON(); }
if (!(_.isString(item.key) && item.key.length > 0)) {
return Promise.reject(new errors.ValidationError({message: i18n.t('errors.models.settings.valueCannotBeBlank')}));
}
item = self.filterData(item);
return Settings.forge({key: item.key}).fetch(options).then(function then(setting) {
var saveData = {};
if (setting) {
if (item.hasOwnProperty('value')) {
saveData.value = item.value;
}
// Internal context can overwrite type (for fixture migrations)
if (options.context && options.context.internal && item.hasOwnProperty('type')) {
saveData.type = item.type;
}
// it's allowed to edit all attributes in case of importing/migrating
if (options.importing) {
saveData = item;
}
return setting.save(saveData, options);
}
return Promise.reject(new errors.NotFoundError({message: i18n.t('errors.models.settings.unableToFindSetting', {key: item.key})}));
});
});
},
populateDefaults: function populateDefaults(options) {
var self = this;
options = _.merge({}, options || {}, internalContext);
return this
.findAll(options)
.then(function checkAllSettings(allSettings) {
var usedKeys = allSettings.models.map(function mapper(setting) { return setting.get('key'); }),
insertOperations = [];
_.each(getDefaultSettings(), function forEachDefault(defaultSetting, defaultSettingKey) {
var isMissingFromDB = usedKeys.indexOf(defaultSettingKey) === -1;
if (isMissingFromDB) {
defaultSetting.value = defaultSetting.defaultValue;
insertOperations.push(Settings.forge(defaultSetting).save(null, options));
}
});
if (insertOperations.length > 0) {
return Promise.all(insertOperations).then(function fetchAllToReturn() {
return self.findAll(options);
});
}
return allSettings;
});
}
});
module.exports = {
Settings: ghostBookshelf.model('Settings', Settings)
};