Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00
Code Issues Activity

Merge pull request #3221 from sebgie/issue#3197

Browse source 
Add role to user object
This commit is contained in:
Hannah Wolfe 2014-07-08 17:18:22 +01:00
commit 09e03f4d78
8 changed files with 156 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
core/server/api/users.js
View file

@ -13,8 +13,17 @@ var when = require('when'),
docName = 'users', docName = 'users',
ONE_DAY = 60 * 60 * 24 * 1000, ONE_DAY = 60 * 60 * 24 * 1000,
// TODO: implement created_by, updated_by
allowedIncludes = ['permissions', 'roles', 'roles.permissions'],
users; users;
// ## Helpers
function prepareInclude(include) {
include = _.intersection(include.split(','), allowedIncludes);
return include;
}
/** /**
* ## Posts API Methods * ## Posts API Methods
@ -32,6 +41,9 @@ users = {
browse: function browse(options) { browse: function browse(options) {
options = options || {}; options = options || {};
return canThis(options.context).browse.user().then(function () { return canThis(options.context).browse.user().then(function () {
if (options.include) {
options.include = prepareInclude(options.include);
}
return dataProvider.User.findAll(options).then(function (result) { return dataProvider.User.findAll(options).then(function (result) {
return { users: result.toJSON() }; return { users: result.toJSON() };
}); });
@ -51,6 +63,10 @@ users = {
options = _.omit(options, attrs); options = _.omit(options, attrs);
if (options.include) {
options.include = prepareInclude(options.include);
}
if (data.id === 'me' && options.context && options.context.user) { if (data.id === 'me' && options.context && options.context.user) {
data.id = options.context.user; data.id = options.context.user;
} }
@ -78,6 +94,10 @@ users = {
return canThis(options.context).edit.user(options.id).then(function () { return canThis(options.context).edit.user(options.id).then(function () {
return utils.checkObject(object, docName).then(function (checkedUserData) { return utils.checkObject(object, docName).then(function (checkedUserData) {
if (options.include) {
options.include = prepareInclude(options.include);
}
return dataProvider.User.edit(checkedUserData.users[0], options); return dataProvider.User.edit(checkedUserData.users[0], options);
}).then(function (result) { }).then(function (result) {
if (result) { if (result) {
@ -103,6 +123,10 @@ users = {
return canThis(options.context).add.user().then(function () { return canThis(options.context).add.user().then(function () {
return utils.checkObject(object, docName).then(function (checkedUserData) { return utils.checkObject(object, docName).then(function (checkedUserData) {
// if the user is created by users.register(), use id: 1 as the creator for now // if the user is created by users.register(), use id: 1 as the creator for now
if (options.include) {
options.include = prepareInclude(options.include);
}
if (options.context.internal) { if (options.context.internal) {
options.context.user = 1; options.context.user = 1;
} }
@ -145,6 +169,10 @@ users = {
return canThis(options.context).add.user().then(function () { return canThis(options.context).add.user().then(function () {
return utils.checkObject(object, docName).then(function (checkedUserData) { return utils.checkObject(object, docName).then(function (checkedUserData) {
if (options.include) {
options.include = prepareInclude(options.include);
}
newUser = checkedUserData.users[0]; newUser = checkedUserData.users[0];
if (newUser.email) { if (newUser.email) {

12
core/server/models/base.js
View file

@ -120,6 +120,7 @@ ghostBookshelf.Model = ghostBookshelf.Model.extend({
toJSON: function (options) { toJSON: function (options) {
var attrs = _.extend({}, this.attributes), var attrs = _.extend({}, this.attributes),
self = this; self = this;
options = options || {};
if (options && options.shallow) { if (options && options.shallow) {
return attrs; return attrs;
@ -129,12 +130,17 @@ ghostBookshelf.Model = ghostBookshelf.Model.extend({
return attrs.id; return attrs.id;
} }
if (options && options.include) {
this.include = _.union(this.include, options.include);
}
_.each(this.relations, function (relation, key) { _.each(this.relations, function (relation, key) {
if (key.substring(0, 7) !== '_pivot_') { if (key.substring(0, 7) !== '_pivot_') {
// if include is set, expand to full object // if include is set, expand to full object
// toMany relationships are included with ids if not expanded // 'toMany' relationships are included with ids if not expanded
if (_.contains(self.include, key)) { var fullKey = _.isEmpty(options.name) ? key : options.name + '.' + key;
attrs[key] = relation.toJSON(); if (_.contains(self.include, fullKey)) {
attrs[key] = relation.toJSON({name: fullKey, include: self.include});
} else if (relation.hasOwnProperty('length')) { } else if (relation.hasOwnProperty('length')) {
attrs[key] = relation.toJSON({idOnly: true}); attrs[key] = relation.toJSON({idOnly: true});
} }

42
core/server/models/user.js
View file

@ -39,7 +39,7 @@ User = ghostBookshelf.Model.extend({
tableName: 'users', tableName: 'users',
saving: function (newPage, attr, options) { saving: function (newPage, attr, options) {
/*jshint unused:false*/ /*jshint unused:false*/
var self = this; var self = this;
// disabling sanitization until we can implement a better version // disabling sanitization until we can implement a better version
@ -94,8 +94,9 @@ User = ghostBookshelf.Model.extend({
// these are the only options that can be passed to Bookshelf / Knex. // these are the only options that can be passed to Bookshelf / Knex.
validOptions = { validOptions = {
findOne: ['withRelated'], findOne: ['withRelated'],
findAll: ['withRelated'],
add: ['user'], add: ['user'],
edit: ['user'] edit: ['user', 'withRelated']
}; };
if (validOptions[methodName]) { if (validOptions[methodName]) {
@ -105,6 +106,42 @@ User = ghostBookshelf.Model.extend({
return options; return options;
}, },
/**
* ### Find All
*
* @param options
* @returns {*}
*/
findAll: function (options) {
options = options || {};
options.withRelated = _.union([ 'roles' ], options.include);
return ghostBookshelf.Model.findAll.call(this, options);
},
/**
* ### Find One
* @extends ghostBookshelf.Model.findOne to include roles
* **See:** [ghostBookshelf.Model.findOne](base.js.html#Find%20One)
*/
findOne: function (data, options) {
options = options || {};
options.withRelated = _.union([ 'roles' ], options.include);
return ghostBookshelf.Model.findOne.call(this, data, options);
},
/**
* ### Edit
* @extends ghostBookshelf.Model.edit to handle returning the full object
* **See:** [ghostBookshelf.Model.edit](base.js.html#edit)
*/
edit: function (data, options) {
options = options || {};
options.withRelated = _.union([ 'roles' ], options.include);
return ghostBookshelf.Model.edit.call(this, data, options);
},
/** /**
* ## Add * ## Add
* Naive user add * Naive user add
@ -121,6 +158,7 @@ User = ghostBookshelf.Model.extend({
userData = this.filterData(data); userData = this.filterData(data);
options = this.filterOptions(options, 'add'); options = this.filterOptions(options, 'add');
options.withRelated = _.union([ 'roles' ], options.include);
/** /**
* This only allows one user to be added to the database, otherwise fails. * This only allows one user to be added to the database, otherwise fails.

2
core/server/permissions/effective.js
View file

@ -6,7 +6,7 @@ var _ = require('lodash'),
var effective = { var effective = {
user: function (id) { user: function (id) {
return User.findOne({id: id}, { withRelated: ['permissions', 'roles.permissions'] }) return User.findOne({id: id}, { include: ['permissions', 'roles.permissions'] })
.then(function (foundUser) { .then(function (foundUser) {
var seenPerms = {}, var seenPerms = {},
rolePerms = _.map(foundUser.related('roles').models, function (role) { rolePerms = _.map(foundUser.related('roles').models, function (role) {

56
core/test/functional/routes/api/users_test.js
View file

@ -68,7 +68,7 @@ describe('User API', function () {
testUtils.API.checkResponse(jsonResponse, 'users'); testUtils.API.checkResponse(jsonResponse, 'users');
jsonResponse.users.should.have.length(1); jsonResponse.users.should.have.length(1);
testUtils.API.checkResponse(jsonResponse.users[0], 'user'); testUtils.API.checkResponse(jsonResponse.users[0], 'user', ['roles']);
testUtils.API.isISO8601(jsonResponse.users[0].last_login).should.be.true; testUtils.API.isISO8601(jsonResponse.users[0].last_login).should.be.true;
testUtils.API.isISO8601(jsonResponse.users[0].created_at).should.be.true; testUtils.API.isISO8601(jsonResponse.users[0].created_at).should.be.true;
@ -94,7 +94,7 @@ describe('User API', function () {
testUtils.API.checkResponse(jsonResponse, 'users'); testUtils.API.checkResponse(jsonResponse, 'users');
jsonResponse.users.should.have.length(1); jsonResponse.users.should.have.length(1);
testUtils.API.checkResponse(jsonResponse.users[0], 'user'); testUtils.API.checkResponse(jsonResponse.users[0], 'user', ['roles']);
done(); done();
}); });
}); });
@ -115,7 +115,53 @@ describe('User API', function () {
testUtils.API.checkResponse(jsonResponse, 'users'); testUtils.API.checkResponse(jsonResponse, 'users');
jsonResponse.users.should.have.length(1); jsonResponse.users.should.have.length(1);
testUtils.API.checkResponse(jsonResponse.users[0], 'user'); testUtils.API.checkResponse(jsonResponse.users[0], 'user', ['roles']);
done();
});
});
it('can retrieve a user with role', function (done) {
request.get(testUtils.API.getApiQuery('users/me/?include=roles'))
.set('Authorization', 'Bearer ' + accesstoken)
.expect('Content-Type', /json/)
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
should.not.exist(res.headers['x-cache-invalidate']);
var jsonResponse = res.body;
jsonResponse.users.should.exist;
testUtils.API.checkResponse(jsonResponse, 'users');
jsonResponse.users.should.have.length(1);
testUtils.API.checkResponse(jsonResponse.users[0], 'user', ['roles']);
testUtils.API.checkResponse(jsonResponse.users[0].roles[0], 'role');
done();
});
});
it('can retrieve a user with role and permissions', function (done) {
request.get(testUtils.API.getApiQuery('users/me/?include=roles,roles.permissions'))
.set('Authorization', 'Bearer ' + accesstoken)
.expect('Content-Type', /json/)
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
should.not.exist(res.headers['x-cache-invalidate']);
var jsonResponse = res.body;
jsonResponse.users.should.exist;
testUtils.API.checkResponse(jsonResponse, 'users');
jsonResponse.users.should.have.length(1);
testUtils.API.checkResponse(jsonResponse.users[0], 'user', ['roles']);
testUtils.API.checkResponse(jsonResponse.users[0].roles[0], 'role', ['permissions']);
testUtils.API.checkResponse(jsonResponse.users[0].roles[0].permissions[0], 'permission');
done(); done();
}); });
}); });
@ -152,7 +198,7 @@ describe('User API', function () {
changedValue = 'joe-bloggs.ghost.org', changedValue = 'joe-bloggs.ghost.org',
dataToSend; dataToSend;
jsonResponse.users[0].should.exist; jsonResponse.users[0].should.exist;
testUtils.API.checkResponse(jsonResponse.users[0], 'user'); testUtils.API.checkResponse(jsonResponse.users[0], 'user', ['roles']);
dataToSend = { users: [{website: changedValue}]}; dataToSend = { users: [{website: changedValue}]};
@ -171,7 +217,7 @@ describe('User API', function () {
putBody.users[0].should.exist; putBody.users[0].should.exist;
putBody.users[0].website.should.eql(changedValue); putBody.users[0].website.should.eql(changedValue);
putBody.users[0].email.should.eql(jsonResponse.users[0].email); putBody.users[0].email.should.eql(jsonResponse.users[0].email);
testUtils.API.checkResponse(putBody.users[0], 'user'); testUtils.API.checkResponse(putBody.users[0], 'user', ['roles']);
done(); done();
}); });
}); });

34
core/test/integration/api/api_users_spec.js
View file

@ -41,7 +41,7 @@ describe('Users API', function () {
testUtils.API.checkResponse(results, 'users'); testUtils.API.checkResponse(results, 'users');
should.exist(results.users); should.exist(results.users);
results.users.should.have.length(1); results.users.should.have.length(1);
testUtils.API.checkResponse(results.users[0], 'user'); testUtils.API.checkResponse(results.users[0], 'user', ['roles']);
results.users[0].name.should.equal('Hello World'); results.users[0].name.should.equal('Hello World');
done(); done();
}).catch(done); }).catch(done);
@ -83,9 +83,9 @@ describe('Users API', function () {
testUtils.API.checkResponse(results, 'users'); testUtils.API.checkResponse(results, 'users');
should.exist(results.users); should.exist(results.users);
results.users.should.have.length(3); results.users.should.have.length(3);
testUtils.API.checkResponse(results.users[0], 'user'); testUtils.API.checkResponse(results.users[0], 'user', ['roles']);
testUtils.API.checkResponse(results.users[1], 'user'); testUtils.API.checkResponse(results.users[1], 'user', ['roles']);
testUtils.API.checkResponse(results.users[2], 'user'); testUtils.API.checkResponse(results.users[2], 'user', ['roles']);
done(); done();
}).catch(done); }).catch(done);
@ -97,9 +97,9 @@ describe('Users API', function () {
testUtils.API.checkResponse(results, 'users'); testUtils.API.checkResponse(results, 'users');
should.exist(results.users); should.exist(results.users);
results.users.should.have.length(3); results.users.should.have.length(3);
testUtils.API.checkResponse(results.users[0], 'user'); testUtils.API.checkResponse(results.users[0], 'user', ['roles']);
testUtils.API.checkResponse(results.users[1], 'user'); testUtils.API.checkResponse(results.users[1], 'user', ['roles']);
testUtils.API.checkResponse(results.users[2], 'user'); testUtils.API.checkResponse(results.users[2], 'user', ['roles']);
done(); done();
}).catch(done); }).catch(done);
}); });
@ -110,9 +110,9 @@ describe('Users API', function () {
testUtils.API.checkResponse(results, 'users'); testUtils.API.checkResponse(results, 'users');
should.exist(results.users); should.exist(results.users);
results.users.should.have.length(3); results.users.should.have.length(3);
testUtils.API.checkResponse(results.users[0], 'user'); testUtils.API.checkResponse(results.users[0], 'user', ['roles']);
testUtils.API.checkResponse(results.users[1], 'user'); testUtils.API.checkResponse(results.users[1], 'user', ['roles']);
testUtils.API.checkResponse(results.users[2], 'user'); testUtils.API.checkResponse(results.users[2], 'user', ['roles']);
done(); done();
}).catch(done); }).catch(done);
}); });
@ -130,7 +130,7 @@ describe('Users API', function () {
should.exist(results); should.exist(results);
testUtils.API.checkResponse(results, 'users'); testUtils.API.checkResponse(results, 'users');
results.users[0].id.should.eql(1); results.users[0].id.should.eql(1);
testUtils.API.checkResponse(results.users[0], 'user'); testUtils.API.checkResponse(results.users[0], 'user', ['roles']);
results.users[0].created_at.should.be.a.Date; results.users[0].created_at.should.be.a.Date;
@ -143,7 +143,7 @@ describe('Users API', function () {
should.exist(results); should.exist(results);
testUtils.API.checkResponse(results, 'users'); testUtils.API.checkResponse(results, 'users');
results.users[0].id.should.eql(1); results.users[0].id.should.eql(1);
testUtils.API.checkResponse(results.users[0], 'user'); testUtils.API.checkResponse(results.users[0], 'user', ['roles']);
done(); done();
}).catch(done); }).catch(done);
}); });
@ -153,7 +153,7 @@ describe('Users API', function () {
should.exist(results); should.exist(results);
testUtils.API.checkResponse(results, 'users'); testUtils.API.checkResponse(results, 'users');
results.users[0].id.should.eql(1); results.users[0].id.should.eql(1);
testUtils.API.checkResponse(results.users[0], 'user'); testUtils.API.checkResponse(results.users[0], 'user', ['roles']);
done(); done();
}).catch(done); }).catch(done);
}); });
@ -163,7 +163,7 @@ describe('Users API', function () {
should.exist(results); should.exist(results);
testUtils.API.checkResponse(results, 'users'); testUtils.API.checkResponse(results, 'users');
results.users[0].id.should.eql(1); results.users[0].id.should.eql(1);
testUtils.API.checkResponse(results.users[0], 'user'); testUtils.API.checkResponse(results.users[0], 'user', ['roles']);
done(); done();
}).catch(done); }).catch(done);
}); });
@ -173,7 +173,7 @@ describe('Users API', function () {
should.exist(response); should.exist(response);
testUtils.API.checkResponse(response, 'users'); testUtils.API.checkResponse(response, 'users');
response.users.should.have.length(1); response.users.should.have.length(1);
testUtils.API.checkResponse(response.users[0], 'user'); testUtils.API.checkResponse(response.users[0], 'user', ['roles']);
response.users[0].name.should.equal('Joe Blogger'); response.users[0].name.should.equal('Joe Blogger');
response.users[0].updated_at.should.be.a.Date; response.users[0].updated_at.should.be.a.Date;
done(); done();
@ -185,7 +185,7 @@ describe('Users API', function () {
should.exist(response); should.exist(response);
testUtils.API.checkResponse(response, 'users'); testUtils.API.checkResponse(response, 'users');
response.users.should.have.length(1); response.users.should.have.length(1);
testUtils.API.checkResponse(response.users[0], 'user'); testUtils.API.checkResponse(response.users[0], 'user', ['roles']);
response.users[0].name.should.eql('Joe Blogger'); response.users[0].name.should.eql('Joe Blogger');
done(); done();
@ -205,7 +205,7 @@ describe('Users API', function () {
should.exist(response); should.exist(response);
testUtils.API.checkResponse(response, 'users'); testUtils.API.checkResponse(response, 'users');
response.users.should.have.length(1); response.users.should.have.length(1);
testUtils.API.checkResponse(response.users[0], 'user'); testUtils.API.checkResponse(response.users[0], 'user', ['roles']);
response.users[0].name.should.eql('Timothy Bogendath'); response.users[0].name.should.eql('Timothy Bogendath');
done(); done();
}).catch(done); }).catch(done);

2
core/test/unit/permissions_spec.js
View file

@ -142,7 +142,7 @@ describe('Permissions', function () {
return testUser.permissions().attach(testPermission); return testUser.permissions().attach(testPermission);
}); });
}).then(function () { }).then(function () {
return UserProvider.findOne({id: 1}, { withRelated: ['permissions']}); return UserProvider.findOne({id: 1}, { include: ['permissions']});
}).then(function (updatedUser) { }).then(function (updatedUser) {
should.exist(updatedUser); should.exist(updatedUser);

12
core/test/utils/api.js
View file

@ -22,7 +22,10 @@ var url = require('url'),
notification: ['type', 'message', 'status', 'id', 'dismissible', 'location'], notification: ['type', 'message', 'status', 'id', 'dismissible', 'location'],
slugs: ['slugs'], slugs: ['slugs'],
slug: ['slug'], slug: ['slug'],
accesstoken: ['access_token', 'refresh_token', 'expires_in', 'token_type'] accesstoken: ['access_token', 'refresh_token', 'expires_in', 'token_type'],
role: ['id', 'uuid', 'name', 'description', 'created_at', 'created_by', 'updated_at', 'updated_by'],
permission: ['id', 'uuid', 'name', 'object_type', 'action_type', 'object_id', 'created_at', 'created_by',
'updated_at', 'updated_by']
}; };
function getApiQuery(route) { function getApiQuery(route) {
@ -52,8 +55,11 @@ function checkResponseValue(jsonResponse, properties) {
} }
} }
function checkResponse(jsonResponse, objectType) { function checkResponse(jsonResponse, objectType, additionalProperties) {
checkResponseValue(jsonResponse, expectedProperties[objectType]); var checkProperties = expectedProperties[objectType];
checkProperties = additionalProperties ? checkProperties.concat(additionalProperties) : checkProperties;
checkResponseValue(jsonResponse, checkProperties);
} }
function isISO8601(date) { function isISO8601(date) {