Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-27 22:49:56 -05:00
Code Issues Activity
ghost/core/server/api/users.js

358 lines
13 KiB
JavaScript
Raw Normal View History

Full pass at inline API Docs closes #2622, ref #2125
2014-06-03 14:05:25 +01:00
// # Users API
// RESTful API for the User resource
Replace the when promise library with bluebird. Closes #968
2014-08-17 06:17:23 +00:00
var Promise = require('bluebird'),
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData
2014-05-08 13:41:19 +01:00
_ = require('lodash'),
dataProvider = require('../models'),
canThis = require('../permissions').canThis,
errors = require('../errors'),
utils = require('./utils'),
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
pipeline = require('../utils/pipeline'),
Harvest server side strings closes #5617 - Replace all hard-coded server-side strings with i18n translations
2015-11-12 13:29:45 +01:00
i18n = require('../i18n'),
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData
2014-05-08 13:41:19 +01:00
docName = 'users',
closes #3197 - added role to user obj (only returned from the user endpoint) - added `/users/?include=roles` and `/users/?include=roles,roles.permissions` query parameters - added and updated tests
2014-07-08 18:00:59 +02:00
// TODO: implement created_by, updated_by
Rename post_count to count.posts refs #6009 - This is a straight rename, no functionality is added - The dot syntax requires pre/post processing to convert the name - This PR also includes several updates to the tests, as they weren't being run as part of Travis!
2015-11-20 12:04:49 +00:00
allowedIncludes = ['count.posts', 'permissions', 'roles', 'roles.permissions'],
🎨 Separate invites from user refs #7420 - remove invite logic from user - add invite model and adapt affected logic for inviting team members
2016-09-21 16:48:14 +02:00
users;
User edit & add endpoints cleanup - edit and add endpoints don't assume role - edit and add endpoints cope with no role, role objects, and strings - resend user invite was failing at one point due to no role being sent, but this shouldn't be required - other random api cleanup
2014-07-31 01:15:34 +01:00
Full pass at inline API Docs closes #2622, ref #2125
2014-06-03 14:05:25 +01:00
/**
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
* ### Users API Methods
Full pass at inline API Docs closes #2622, ref #2125
2014-06-03 14:05:25 +01:00
*
* **See:** [API Methods](index.js.html#api%20methods)
*/
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
users = {
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData
2014-05-08 13:41:19 +01:00
/**
* ## Browse
* Fetch all users
Full pass at inline API Docs closes #2622, ref #2125
2014-06-03 14:05:25 +01:00
* @param {{context}} options (optional)
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
* @returns {Promise<Users>} Users Collection
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData
2014-05-08 13:41:19 +01:00
*/
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
browse: function browse(options) {
Remove featured, tag, author & role API params refs #5943 - removed featured, tag and author parameters from posts API - featured was only used in tests - removed role filter from users API - role was only used in tests - fixed up the tests, skipping those that don't quite work yet
2015-10-24 21:39:47 +01:00
var extraOptions = ['status'],
API Option Handling refs #2758 - add a set of default options to utils - update validation function to only pass through permitted options - pass permitted options into validate where necessary - setup basic validation for each known option, and generic validation for the remainder - change slug to treat 'name' as data, rather than an option
2015-07-01 19:17:56 +01:00
permittedOptions = utils.browseDefaultOptions.concat(extraOptions),
tasks;
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
/**
* ### Model Query
* Make the call to the Model layer
* @param {Object} options
* @returns {Object} options
*/
function doQuery(options) {
Pagination for Users Management screen closes #3222 - implementing server-side pagination for /users API - passing /users?limit=none will return all users - passing /users?status=invited will filter base on user status - creating 3 mixins (route, controller and view) to keep pagination logic DRY - updating route, controller and view for Posts to use new mixing - implementing infinite scrolling for Users Management screen (using new mixins) - Users Management screen displays all invited users, but paginates active users
2014-07-20 12:42:03 -04:00
return dataProvider.User.findPage(options);
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
}
// Push all of our tasks into a `tasks` array in the correct order
API Option Handling refs #2758 - add a set of default options to utils - update validation function to only pass through permitted options - pass permitted options into validate where necessary - setup basic validation for each known option, and generic validation for the remainder - change slug to treat 'name' as data, rather than an option
2015-07-01 19:17:56 +01:00
tasks = [
utils.validate(docName, {opts: permittedOptions}),
Add public API permission handling refs #4004, #5614 - added new public permission handling functions to permissions - added a new util to handle either public permissions or normal permissions - updated posts, tags and users endpoints to use the new util - added test coverage for the new code
2015-06-27 19:09:25 +01:00
utils.handlePublicPermissions(docName, 'browse'),
API Option Handling refs #2758 - add a set of default options to utils - update validation function to only pass through permitted options - pass permitted options into validate where necessary - setup basic validation for each known option, and generic validation for the remainder - change slug to treat 'name' as data, rather than an option
2015-07-01 19:17:56 +01:00
utils.convertOptions(allowedIncludes),
doQuery
];
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
// Pipeline calls each task passing the result of one to be the arguments for the next
return pipeline(tasks, options);
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
},
Full pass at inline API Docs closes #2622, ref #2125
2014-06-03 14:05:25 +01:00
/**
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
* ## Read
Full pass at inline API Docs closes #2622, ref #2125
2014-06-03 14:05:25 +01:00
* @param {{id, context}} options
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
* @returns {Promise<Users>} User
Full pass at inline API Docs closes #2622, ref #2125
2014-06-03 14:05:25 +01:00
*/
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData
2014-05-08 13:41:19 +01:00
read: function read(options) {
API Option Handling refs #2758 - add a set of default options to utils - update validation function to only pass through permitted options - pass permitted options into validate where necessary - setup basic validation for each known option, and generic validation for the remainder - change slug to treat 'name' as data, rather than an option
2015-07-01 19:17:56 +01:00
var attrs = ['id', 'slug', 'status', 'email', 'role'],
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
tasks;
Add public API permission handling refs #4004, #5614 - added new public permission handling functions to permissions - added a new util to handle either public permissions or normal permissions - updated posts, tags and users endpoints to use the new util - added test coverage for the new code
2015-06-27 19:09:25 +01:00
// Special handling for id = 'me'
if (options.id === 'me' && options.context && options.context.user) {
options.id = options.context.user;
closes #3197 - added role to user obj (only returned from the user endpoint) - added `/users/?include=roles` and `/users/?include=roles,roles.permissions` query parameters - added and updated tests
2014-07-08 18:00:59 +02:00
}
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
/**
* ### Model Query
* Make the call to the Model layer
* @param {Object} options
* @returns {Object} options
*/
function doQuery(options) {
return dataProvider.User.findOne(options.data, _.omit(options, ['data']));
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
}
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
// Push all of our tasks into a `tasks` array in the correct order
API Option Handling refs #2758 - add a set of default options to utils - update validation function to only pass through permitted options - pass permitted options into validate where necessary - setup basic validation for each known option, and generic validation for the remainder - change slug to treat 'name' as data, rather than an option
2015-07-01 19:17:56 +01:00
tasks = [
utils.validate(docName, {attrs: attrs}),
Add public API permission handling refs #4004, #5614 - added new public permission handling functions to permissions - added a new util to handle either public permissions or normal permissions - updated posts, tags and users endpoints to use the new util - added test coverage for the new code
2015-06-27 19:09:25 +01:00
utils.handlePublicPermissions(docName, 'read'),
API Option Handling refs #2758 - add a set of default options to utils - update validation function to only pass through permitted options - pass permitted options into validate where necessary - setup basic validation for each known option, and generic validation for the remainder - change slug to treat 'name' as data, rather than an option
2015-07-01 19:17:56 +01:00
utils.convertOptions(allowedIncludes),
doQuery
];
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
// Pipeline calls each task passing the result of one to be the arguments for the next
return pipeline(tasks, options).then(function formatResponse(result) {
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
if (result) {
Refactor to remove author.email from API refs #2330 - Pass through `options` to all toJSON calls on posts, tags, and users - Use options.context.user to determine whether it's OK to return user.email - Remove author.email handling code from frontend.js
2015-04-17 22:27:04 +01:00
return {users: [result.toJSON(options)]};
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
}
Harvest server side strings closes #5617 - Replace all hard-coded server-side strings with i18n translations
2015-11-12 13:29:45 +01:00
return Promise.reject(new errors.NotFoundError(i18n.t('errors.api.users.userNotFound')));
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
});
},
Full pass at inline API Docs closes #2622, ref #2125
2014-06-03 14:05:25 +01:00
/**
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
* ## Edit
Full pass at inline API Docs closes #2622, ref #2125
2014-06-03 14:05:25 +01:00
* @param {User} object the user details to edit
* @param {{id, context}} options
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
* @returns {Promise<User>}
Full pass at inline API Docs closes #2622, ref #2125
2014-06-03 14:05:25 +01:00
*/
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData
2014-05-08 13:41:19 +01:00
edit: function edit(object, options) {
API Option Handling refs #2758 - add a set of default options to utils - update validation function to only pass through permitted options - pass permitted options into validate where necessary - setup basic validation for each known option, and generic validation for the remainder - change slug to treat 'name' as data, rather than an option
2015-07-01 19:17:56 +01:00
var extraOptions = ['editRoles'],
permittedOptions = extraOptions.concat(utils.idDefaultOptions),
tasks;
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData
2014-05-08 13:41:19 +01:00
API Option Handling refs #2758 - add a set of default options to utils - update validation function to only pass through permitted options - pass permitted options into validate where necessary - setup basic validation for each known option, and generic validation for the remainder - change slug to treat 'name' as data, rather than an option
2015-07-01 19:17:56 +01:00
if (object.users && object.users[0] && object.users[0].roles && object.users[0].roles[0]) {
options.editRoles = true;
User edit, add & destroy perms restricted by role closes #3096, closes #3378, refs #3100 - user.permissible updated to reflect proper permissions - small amount of API refactoring to handle extra cases - extensive integration testing
2014-07-24 10:46:05 +01:00
}
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData
2014-05-08 13:41:19 +01:00
Don't alter password from User.edit endpoint - password changes should only be possible from the password change endpoint Credits: An anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure program
2015-09-23 19:44:38 +01:00
// The password should never be set via this endpoint, if it is passed, ignore it
if (object.users && object.users[0] && object.users[0].password) {
delete object.users[0].password;
}
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
/**
* ### Handle Permissions
* We need to be an authorised user to perform this action
* Edit user allows the related role object to be updated as well, with some rules:
* - No change permitted to the role of the owner
* - no change permitted to the role of the context user (user making the request)
* @param {Object} options
* @returns {Object} options
*/
function handlePermissions(options) {
if (options.id === 'me' && options.context && options.context.user) {
options.id = options.context.user;
}
closes #3197 - added role to user obj (only returned from the user endpoint) - added `/users/?include=roles` and `/users/?include=roles,roles.permissions` query parameters - added and updated tests
2014-07-08 18:00:59 +02:00
User edit, add & destroy perms restricted by role closes #3096, closes #3378, refs #3100 - user.permissible updated to reflect proper permissions - small amount of API refactoring to handle extra cases - extensive integration testing
2014-07-24 10:46:05 +01:00
return canThis(options.context).edit.user(options.id).then(function () {
Fix up users API so admin role can edit owner No Issue. - Make sure that a user with the Admin role can edit the Owner. - Add test for behavior.
2015-01-20 19:21:50 +00:00
// if roles aren't in the payload, proceed with the edit
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
if (!(options.data.users[0].roles && options.data.users[0].roles[0])) {
return options;
Fix up users API so admin role can edit owner No Issue. - Make sure that a user with the Admin role can edit the Owner. - Add test for behavior.
2015-01-20 19:21:50 +00:00
}
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
// @TODO move role permissions out of here
var role = options.data.users[0].roles[0],
Fix up users API so admin role can edit owner No Issue. - Make sure that a user with the Admin role can edit the Owner. - Add test for behavior.
2015-01-20 19:21:50 +00:00
roleId = parseInt(role.id || role, 10),
editedUserId = parseInt(options.id, 10);
return dataProvider.User.findOne(
{id: options.context.user, status: 'all'}, {include: ['roles']}
).then(function (contextUser) {
Refactor to remove author.email from API refs #2330 - Pass through `options` to all toJSON calls on posts, tags, and users - Use options.context.user to determine whether it's OK to return user.email - Remove author.email handling code from frontend.js
2015-04-17 22:27:04 +01:00
var contextRoleId = contextUser.related('roles').toJSON(options)[0].id;
Fix up users API so admin role can edit owner No Issue. - Make sure that a user with the Admin role can edit the Owner. - Add test for behavior.
2015-01-20 19:21:50 +00:00
if (roleId !== contextRoleId && editedUserId === contextUser.id) {
Harvest server side strings closes #5617 - Replace all hard-coded server-side strings with i18n translations
2015-11-12 13:29:45 +01:00
return Promise.reject(new errors.NoPermissionError(i18n.t('errors.api.users.cannotChangeOwnRole')));
Fix up users API so admin role can edit owner No Issue. - Make sure that a user with the Admin role can edit the Owner. - Add test for behavior.
2015-01-20 19:21:50 +00:00
}
return dataProvider.User.findOne({role: 'Owner'}).then(function (owner) {
if (contextUser.id !== owner.id) {
if (editedUserId === owner.id) {
if (owner.related('roles').at(0).id !== roleId) {
Harvest server side strings closes #5617 - Replace all hard-coded server-side strings with i18n translations
2015-11-12 13:29:45 +01:00
return Promise.reject(new errors.NoPermissionError(i18n.t('errors.api.users.cannotChangeOwnersRole')));
Ensure Owner's role isn't downgraded closes #3765 - Simple API check to ensure that the owner isn’t downgraded to a different role (analog to the ’can’t change your own role’ check) - Test added to ensure Owner can't be downgraded to a lower role
2014-08-13 12:12:50 -07:00
}
Fix up users API so admin role can edit owner No Issue. - Make sure that a user with the Admin role can edit the Owner. - Add test for behavior.
2015-01-20 19:21:50 +00:00
} else if (roleId !== contextRoleId) {
return canThis(options.context).assign.role(role).then(function () {
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
return options;
Fix up users API so admin role can edit owner No Issue. - Make sure that a user with the Admin role can edit the Owner. - Add test for behavior.
2015-01-20 19:21:50 +00:00
});
}
User edit & add endpoints cleanup - edit and add endpoints don't assume role - edit and add endpoints cope with no role, role objects, and strings - resend user invite was failing at one point due to no role being sent, but this shouldn't be required - other random api cleanup
2014-07-31 01:15:34 +01:00
}
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
return options;
User edit, add & destroy perms restricted by role closes #3096, closes #3378, refs #3100 - user.permissible updated to reflect proper permissions - small amount of API refactoring to handle extra cases - extensive integration testing
2014-07-24 10:46:05 +01:00
});
Fix up users API so admin role can edit owner No Issue. - Make sure that a user with the Admin role can edit the Owner. - Add test for behavior.
2015-01-20 19:21:50 +00:00
});
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
}).catch(function handleError(error) {
Harvest server side strings closes #5617 - Replace all hard-coded server-side strings with i18n translations
2015-11-12 13:29:45 +01:00
return errors.formatAndRejectAPIError(error, i18n.t('errors.api.users.noPermissionToEditUser'));
User API changes closes #2822 - added destroy user method - added remove user permission - added API end point for get reset token - added API end point for reset password - added API end point for change password
2014-06-20 11:15:01 +02:00
});
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
}
/**
* ### Model Query
* Make the call to the Model layer
* @param {Object} options
* @returns {Object} options
*/
function doQuery(options) {
return dataProvider.User.edit(options.data.users[0], _.omit(options, ['data']));
}
// Push all of our tasks into a `tasks` array in the correct order
API Option Handling refs #2758 - add a set of default options to utils - update validation function to only pass through permitted options - pass permitted options into validate where necessary - setup basic validation for each known option, and generic validation for the remainder - change slug to treat 'name' as data, rather than an option
2015-07-01 19:17:56 +01:00
tasks = [
utils.validate(docName, {opts: permittedOptions}),
handlePermissions,
utils.convertOptions(allowedIncludes),
doQuery
];
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
return pipeline(tasks, object, options).then(function formatResponse(result) {
if (result) {
return {users: [result.toJSON(options)]};
}
Harvest server side strings closes #5617 - Replace all hard-coded server-side strings with i18n translations
2015-11-12 13:29:45 +01:00
return Promise.reject(new errors.NotFoundError(i18n.t('errors.api.users.userNotFound')));
User API changes closes #2822 - added destroy user method - added remove user permission - added API end point for get reset token - added API end point for reset password - added API end point for change password
2014-06-20 11:15:01 +02:00
});
},
Use current user in models closes #2058 - fixed apiContext as suggested in the issue - added user to options object for models - added api.users.register() for public registration - changed models to use options.user for created_by, updated_by, author_id and published_by - added override to session model to avoid created_by and updated_by values - added user (id: 1) to tests - added user (id: 1) for registration - added user (id: 1) for import, fixtures and default settings - added user (id: 1) for user update - added user (id: 1) for settings update (dbHash, installedApps, update check) - updated bookshelf to version 0.6.8
2014-04-03 15:03:09 +02:00
User edit, add & destroy perms restricted by role closes #3096, closes #3378, refs #3100 - user.permissible updated to reflect proper permissions - small amount of API refactoring to handle extra cases - extensive integration testing
2014-07-24 10:46:05 +01:00
/**
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
* ## Destroy
User edit, add & destroy perms restricted by role closes #3096, closes #3378, refs #3100 - user.permissible updated to reflect proper permissions - small amount of API refactoring to handle extra cases - extensive integration testing
2014-07-24 10:46:05 +01:00
* @param {{id, context}} options
Return http status 204 on deletes Closes #2871 - Refactor api http handlers. - Update tests. - Remove special handling of responses in ember adapter.
2016-03-20 12:26:42 -05:00
* @returns {Promise}
User edit, add & destroy perms restricted by role closes #3096, closes #3378, refs #3100 - user.permissible updated to reflect proper permissions - small amount of API refactoring to handle extra cases - extensive integration testing
2014-07-24 10:46:05 +01:00
*/
destroy: function destroy(options) {
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
var tasks;
/**
* ### Handle Permissions
* We need to be an authorised user to perform this action
* @param {Object} options
* @returns {Object} options
*/
function handlePermissions(options) {
return canThis(options.context).destroy.user(options.id).then(function permissionGranted() {
options.status = 'all';
return options;
}).catch(function handleError(error) {
Harvest server side strings closes #5617 - Replace all hard-coded server-side strings with i18n translations
2015-11-12 13:29:45 +01:00
return errors.formatAndRejectAPIError(error, i18n.t('errors.api.users.noPermissionToDestroyUser'));
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
});
}
/**
Return http status 204 on deletes Closes #2871 - Refactor api http handlers. - Update tests. - Remove special handling of responses in ember adapter.
2016-03-20 12:26:42 -05:00
* ### Delete User
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
* Make the call to the Model layer
* @param {Object} options
*/
Return http status 204 on deletes Closes #2871 - Refactor api http handlers. - Update tests. - Remove special handling of responses in ember adapter.
2016-03-20 12:26:42 -05:00
function deleteUser(options) {
return dataProvider.Base.transaction(function (t) {
options.transacting = t;
return Promise.all([
dataProvider.Accesstoken.destroyByUser(options),
dataProvider.Refreshtoken.destroyByUser(options),
dataProvider.Post.destroyByAuthor(options)
]).then(function () {
return dataProvider.User.destroy(options);
}).return(null);
}).catch(function (error) {
Public API refs #4180 closes #4181 - added client and user authentication - added authenticatePublic/authenticatePrivate as workaround for missing permissions - added domain validation - added CORS header for valid clients - merged authenticate.js and client-auth.js into auth.js - removed middleware/api-error-handlers.js - removed authentication middleware - added and updated tests
2015-10-22 15:28:47 +02:00
return errors.formatAndRejectAPIError(error);
User edit, add & destroy perms restricted by role closes #3096, closes #3378, refs #3100 - user.permissible updated to reflect proper permissions - small amount of API refactoring to handle extra cases - extensive integration testing
2014-07-24 10:46:05 +01:00
});
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
}
// Push all of our tasks into a `tasks` array in the correct order
API Option Handling refs #2758 - add a set of default options to utils - update validation function to only pass through permitted options - pass permitted options into validate where necessary - setup basic validation for each known option, and generic validation for the remainder - change slug to treat 'name' as data, rather than an option
2015-07-01 19:17:56 +01:00
tasks = [
utils.validate(docName, {opts: utils.idDefaultOptions}),
handlePermissions,
utils.convertOptions(allowedIncludes),
Return http status 204 on deletes Closes #2871 - Refactor api http handlers. - Update tests. - Remove special handling of responses in ember adapter.
2016-03-20 12:26:42 -05:00
deleteUser
API Option Handling refs #2758 - add a set of default options to utils - update validation function to only pass through permitted options - pass permitted options into validate where necessary - setup basic validation for each known option, and generic validation for the remainder - change slug to treat 'name' as data, rather than an option
2015-07-01 19:17:56 +01:00
];
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
// Pipeline calls each task passing the result of one to be the arguments for the next
return pipeline(tasks, options);
User edit, add & destroy perms restricted by role closes #3096, closes #3378, refs #3100 - user.permissible updated to reflect proper permissions - small amount of API refactoring to handle extra cases - extensive integration testing
2014-07-24 10:46:05 +01:00
},
User API changes closes #2822 - added destroy user method - added remove user permission - added API end point for get reset token - added API end point for reset password - added API end point for change password
2014-06-20 11:15:01 +02:00
/**
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
* ## Change Password
Move post slug endpoint & add endpoints for users closes #3187 - move slug endpoint to post/slug/:slug - create similar slug and email endpoint for users - add/update tests
2014-07-08 23:28:31 +01:00
* @param {password} object
User API changes closes #2822 - added destroy user method - added remove user permission - added API end point for get reset token - added API end point for reset password - added API end point for change password
2014-06-20 11:15:01 +02:00
* @param {{context}} options
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
* @returns {Promise<password>} success message
User API changes closes #2822 - added destroy user method - added remove user permission - added API end point for get reset token - added API end point for reset password - added API end point for change password
2014-06-20 11:15:01 +02:00
*/
changePassword: function changePassword(object, options) {
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
var tasks;
/**
* ### Handle Permissions
* We need to be an authorised user to perform this action
* @param {Object} options
* @returns {Object} options
*/
function handlePermissions(options) {
Refactor changePassword and resetPassword issue #5500 - make `changePassword` and `resetPassword` methods on `user` model consistent: use `object` and `options` arguments instead of multiple different arguments - change User API `changePassword` method to use these new arguments
2015-07-07 15:32:50 +02:00
return canThis(options.context).edit.user(options.data.password[0].user_id).then(function permissionGranted() {
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
return options;
}).catch(function (error) {
Harvest server side strings closes #5617 - Replace all hard-coded server-side strings with i18n translations
2015-11-12 13:29:45 +01:00
return errors.formatAndRejectAPIError(error, i18n.t('errors.api.users.noPermissionToChangeUsersPwd'));
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
});
}
/**
* ### Model Query
* Make the call to the Model layer
* @param {Object} options
* @returns {Object} options
*/
function doQuery(options) {
return dataProvider.User.changePassword(
Refactor changePassword and resetPassword issue #5500 - make `changePassword` and `resetPassword` methods on `user` model consistent: use `object` and `options` arguments instead of multiple different arguments - change User API `changePassword` method to use these new arguments
2015-07-07 15:32:50 +02:00
options.data.password[0],
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
_.omit(options, ['data'])
);
}
// Push all of our tasks into a `tasks` array in the correct order
API Option Handling refs #2758 - add a set of default options to utils - update validation function to only pass through permitted options - pass permitted options into validate where necessary - setup basic validation for each known option, and generic validation for the remainder - change slug to treat 'name' as data, rather than an option
2015-07-01 19:17:56 +01:00
tasks = [
utils.validate('password'),
handlePermissions,
utils.convertOptions(allowedIncludes),
doQuery
];
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
// Pipeline calls each task passing the result of one to be the arguments for the next
return pipeline(tasks, object, options).then(function formatResponse() {
Harvest server side strings closes #5617 - Replace all hard-coded server-side strings with i18n translations
2015-11-12 13:29:45 +01:00
return Promise.resolve({password: [{message: i18n.t('notices.api.users.pwdChangedSuccessfully')}]});
User API changes closes #2822 - added destroy user method - added remove user permission - added API end point for get reset token - added API end point for reset password - added API end point for change password
2014-06-20 11:15:01 +02:00
});
Transfer ownership end point closes #3426 - added transfer ownership endpoint - added owner to roles.permissible - manually removed owner from roles.browse - removed hard coded author role - fixed tests that were passing due to hard coded author role - added testUtils.setup(‚roles‘)
2014-07-30 17:40:30 +02:00
},
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
Transfer ownership end point closes #3426 - added transfer ownership endpoint - added owner to roles.permissible - manually removed owner from roles.browse - removed hard coded author role - fixed tests that were passing due to hard coded author role - added testUtils.setup(‚roles‘)
2014-07-30 17:40:30 +02:00
/**
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
* ## Transfer Ownership
* @param {owner} object
* @param {Object} options
* @returns {Promise<User>}
Transfer ownership end point closes #3426 - added transfer ownership endpoint - added owner to roles.permissible - manually removed owner from roles.browse - removed hard coded author role - fixed tests that were passing due to hard coded author role - added testUtils.setup(‚roles‘)
2014-07-30 17:40:30 +02:00
*/
transferOwnership: function transferOwnership(object, options) {
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
var tasks;
/**
* ### Handle Permissions
* We need to be an authorised user to perform this action
* @param {Object} options
* @returns {Object} options
*/
function handlePermissions(options) {
return dataProvider.Role.findOne({name: 'Owner'}).then(function (ownerRole) {
return canThis(options.context).assign.role(ownerRole);
}).then(function () {
return options;
}).catch(function (error) {
Public API refs #4180 closes #4181 - added client and user authentication - added authenticatePublic/authenticatePrivate as workaround for missing permissions - added domain validation - added CORS header for valid clients - merged authenticate.js and client-auth.js into auth.js - removed middleware/api-error-handlers.js - removed authentication middleware - added and updated tests
2015-10-22 15:28:47 +02:00
return errors.formatAndRejectAPIError(error);
Transfer ownership end point closes #3426 - added transfer ownership endpoint - added owner to roles.permissible - manually removed owner from roles.browse - removed hard coded author role - fixed tests that were passing due to hard coded author role - added testUtils.setup(‚roles‘)
2014-07-30 17:40:30 +02:00
});
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
}
/**
* ### Model Query
* Make the call to the Model layer
* @param {Object} options
* @returns {Object} options
*/
function doQuery(options) {
return dataProvider.User.transferOwnership(options.data.owner[0], _.omit(options, ['data']));
}
// Push all of our tasks into a `tasks` array in the correct order
API Option Handling refs #2758 - add a set of default options to utils - update validation function to only pass through permitted options - pass permitted options into validate where necessary - setup basic validation for each known option, and generic validation for the remainder - change slug to treat 'name' as data, rather than an option
2015-07-01 19:17:56 +01:00
tasks = [
utils.validate('owner'),
handlePermissions,
utils.convertOptions(allowedIncludes),
doQuery
];
Refactor to using pipeline for the API refs #2758 - Post, Tag & User API methods are refactored to use pipeline - Each functional code block is a named task function - Each function takes options, manipulates it, and returns options back - Tasks like permissions can reject if they don't pass, causing the pipeline to fail - Tasks like validating and converting options might be abstracted out into utils - the same for each endpoint - Tasks like the data call can be extremely complex if needs be (like for some user endpoints) - Option validation is mostly factored out to utils - Option conversion is factored out to utils - API utils have 100% test coverage - Minor updates to inline docs, more to do here
2015-06-22 21:11:35 +01:00
// Pipeline calls each task passing the result of one to be the arguments for the next
return pipeline(tasks, object, options).then(function formatResult(result) {
return Promise.resolve({users: result});
Transfer ownership end point closes #3426 - added transfer ownership endpoint - added owner to roles.permissible - manually removed owner from roles.browse - removed hard coded author role - fixed tests that were passing due to hard coded author role - added testUtils.setup(‚roles‘)
2014-07-30 17:40:30 +02:00
}).catch(function (error) {
Public API refs #4180 closes #4181 - added client and user authentication - added authenticatePublic/authenticatePrivate as workaround for missing permissions - added domain validation - added CORS header for valid clients - merged authenticate.js and client-auth.js into auth.js - removed middleware/api-error-handlers.js - removed authentication middleware - added and updated tests
2015-10-22 15:28:47 +02:00
return errors.formatAndRejectAPIError(error);
Transfer ownership end point closes #3426 - added transfer ownership endpoint - added owner to roles.permissible - manually removed owner from roles.browse - removed hard coded author role - fixed tests that were passing due to hard coded author role - added testUtils.setup(‚roles‘)
2014-07-30 17:40:30 +02:00
});
}
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
};
module.exports = users;
Reference in a new issue Copy permalink