Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Code Issues Activity

Respected hasUserPermissions & hasAppPermissions in invite model

Browse source 
no issue

- the permission service expects from the permissible function to respect the input values
  - hasUserPermissions
  - hasAppPermissions
This commit is contained in:
kirrg001 2018-10-16 18:00:05 +02:00
parent 14a1bdbcf6
commit 15a8951bc7
3 changed files with 39 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
core/server/models/invite.js
View file

@ -46,11 +46,17 @@ Invite = ghostBookshelf.Model.extend({
return ghostBookshelf.Model.add.call(this, data, options);
},
permissible(inviteModel, action, context, unsafeAttrs, loadedPermissions /*hasUserPermission, hasAppPermission, result*/) {
permissible(inviteModel, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasAppPermission /*result*/) {
const isAdd = (action === 'add');
if (!isAdd) {
return Promise.resolve();
if (hasUserPermission && hasAppPermission) {
return Promise.resolve();
}
return Promise.reject(new common.errors.NoPermissionError({
message: common.i18n.t('errors.models.invite.notEnoughPermission')
}));
}
// CASE: make sure user is allowed to add a user with this role
@ -83,6 +89,14 @@ Invite = ghostBookshelf.Model.extend({
message: common.i18n.t('errors.api.invites.notAllowedToInvite')
});
}
if (hasUserPermission && hasAppPermission) {
return Promise.resolve();
}
return Promise.reject(new common.errors.NoPermissionError({
message: common.i18n.t('errors.models.invite.notEnoughPermission')
}));
});
}
});

3
core/server/translations/en.json
View file

@ -215,6 +215,9 @@
"subscriber": {
"notEnoughPermission": "You do not have permission to perform this action"
},
"invite": {
"notEnoughPermission": "You do not have permission to perform this action"
},
"post": {
"postNotFound": "Post not found.",
"untitled": "(Untitled)",

40
core/test/unit/models/invite_spec.js
View file

@ -124,28 +124,28 @@ describe('Unit: models/invite', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Administrator');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions);
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
});
it('invite editor', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Editor');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions);
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
});
it('invite author', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Author');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions);
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
});
it('invite contributor', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Contributor');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions);
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
});
});
@ -158,28 +158,28 @@ describe('Unit: models/invite', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Administrator');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions);
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
});
it('invite editor', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Editor');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions);
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
});
it('invite author', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Author');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions);
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
});
it('invite contributor', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Contributor');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions);
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
});
});
@ -192,7 +192,7 @@ describe('Unit: models/invite', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Administrator');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions)
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true)
.then(Promise.reject)
.catch((err) => {
(err instanceof common.errors.NoPermissionError).should.eql(true);
@ -203,7 +203,7 @@ describe('Unit: models/invite', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Editor');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions)
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true)
.then(Promise.reject)
.catch((err) => {
(err instanceof common.errors.NoPermissionError).should.eql(true);
@ -214,14 +214,14 @@ describe('Unit: models/invite', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Author');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions);
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
});
it('invite contributor', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Contributor');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions);
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
});
});
@ -234,7 +234,7 @@ describe('Unit: models/invite', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Administrator');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions)
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false)
.then(Promise.reject)
.catch((err) => {
(err instanceof common.errors.NoPermissionError).should.eql(true);
@ -245,7 +245,7 @@ describe('Unit: models/invite', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Editor');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions)
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false)
.then(Promise.reject)
.catch((err) => {
(err instanceof common.errors.NoPermissionError).should.eql(true);
@ -256,7 +256,7 @@ describe('Unit: models/invite', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Author');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions)
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false)
.then(Promise.reject)
.catch((err) => {
(err instanceof common.errors.NoPermissionError).should.eql(true);
@ -267,7 +267,7 @@ describe('Unit: models/invite', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Contributor');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions)
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false)
.then(Promise.reject)
.catch((err) => {
(err instanceof common.errors.NoPermissionError).should.eql(true);
@ -284,7 +284,7 @@ describe('Unit: models/invite', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Administrator');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions)
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false)
.then(Promise.reject)
.catch((err) => {
(err instanceof common.errors.NoPermissionError).should.eql(true);
@ -295,7 +295,7 @@ describe('Unit: models/invite', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Editor');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions)
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false)
.then(Promise.reject)
.catch((err) => {
(err instanceof common.errors.NoPermissionError).should.eql(true);
@ -306,7 +306,7 @@ describe('Unit: models/invite', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Author');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions)
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false)
.then(Promise.reject)
.catch((err) => {
(err instanceof common.errors.NoPermissionError).should.eql(true);
@ -317,7 +317,7 @@ describe('Unit: models/invite', function () {
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
roleModel.get.withArgs('name').returns('Contributor');
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions)
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false)
.then(Promise.reject)
.catch((err) => {
(err instanceof common.errors.NoPermissionError).should.eql(true);