Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00
Code Issues Activity

Added snippets permissions migration and fixtures (#12283)

Browse source 
no issue

- all staff users can browse/read snippets so they're usable in the editor for everyone
- only administrators, editors, and admin integrations are able to create/edit/delete snippets
This commit is contained in:
Kevin Ansfield 2020-10-16 12:53:09 +01:00 committed by GitHub
parent 74269070dd
commit 15afed4b81
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 118 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
core/server/data/migrations/versions/3.36/02-add-snippets-permissions.js Normal file
View file

@ -0,0 +1,56 @@
const {
combineTransactionalMigrations,
addPermissionWithRoles
} = require('../../utils');
module.exports = combineTransactionalMigrations(
addPermissionWithRoles({
name: 'Browse snippets',
action: 'browse',
object: 'snippet'
}, [
'Administrator',
'Admin Integration',
'Editor',
'Author',
'Contributor'
]),
addPermissionWithRoles({
name: 'Read snippets',
action: 'read',
object: 'snippet'
}, [
'Administrator',
'Admin Integration',
'Editor',
'Author',
'Contributor'
]),
addPermissionWithRoles({
name: 'Edit snippets',
action: 'edit',
object: 'snippet'
}, [
'Administrator',
'Admin Integration',
'Editor'
]),
addPermissionWithRoles({
name: 'Add snippets',
action: 'add',
object: 'snippet'
}, [
'Administrator',
'Admin Integration',
'Editor'
]),
addPermissionWithRoles({
name: 'Delete snippets',
action: 'destroy',
object: 'snippet'
}, [
'Administrator',
'Admin Integration',
'Editor'
])
);

40
core/server/data/schema/fixtures/fixtures.json
View file

@ -427,6 +427,31 @@
"name": "Auth Stripe Connect for Members", "name": "Auth Stripe Connect for Members",
"action_type": "auth", "action_type": "auth",
"object_type": "members_stripe_connect" "object_type": "members_stripe_connect"
},
{
"name": "Browse snippets",
"action_type": "browse",
"object_type": "snippet"
},
{
"name": "Read snippets",
"action_type": "read",
"object_type": "snippet"
},
{
"name": "Edit snippets",
"action_type": "edit",
"object_type": "snippet"
},
{
"name": "Add snippets",
"action_type": "add",
"object_type": "snippet"
},
{
"name": "Delete snippets",
"action_type": "delete",
"object_type": "snippet"
} }
] ]
}, },
@ -625,7 +650,8 @@
"label": "all", "label": "all",
"email_preview": "all", "email_preview": "all",
"email": "all", "email": "all",
"member_signin_url": "read" "member_signin_url": "read",
"snippet": "all"
}, },
"DB Backup Integration": { "DB Backup Integration": {
"db": "all" "db": "all"
@ -650,7 +676,8 @@
"member": "all", "member": "all",
"label": "all", "label": "all",
"email_preview": "all", "email_preview": "all",
"email": "all" "email": "all",
"snippet": "all"
}, },
"Editor": { "Editor": {
"notification": "all", "notification": "all",
@ -663,7 +690,8 @@
"invite": "all", "invite": "all",
"theme": ["browse"], "theme": ["browse"],
"email_preview": "all", "email_preview": "all",
"email": "all" "email": "all",
"snippet": "all"
}, },
"Author": { "Author": {
"post": ["browse", "read", "add"], "post": ["browse", "read", "add"],
@ -674,7 +702,8 @@
"role": ["browse"], "role": ["browse"],
"theme": ["browse"], "theme": ["browse"],
"email_preview": "read", "email_preview": "read",
"email": "read" "email": "read",
"snippet": ["browse", "read"]
}, },
"Contributor": { "Contributor": {
"post": ["browse", "read", "add"], "post": ["browse", "read", "add"],
@ -685,7 +714,8 @@
"role": ["browse"], "role": ["browse"],
"theme": ["browse"], "theme": ["browse"],
"email_preview": "read", "email_preview": "read",
"email": "read" "email": "read",
"snippet": ["browse", "read"]
} }
} }
}, },

20
test/regression/migrations/migration_spec.js
View file

@ -201,12 +201,30 @@ describe('Database Migration (special functions)', function () {
permissions[65].should.be.AssignedToRoles(['Administrator', 'Editor', 'Author', 'Contributor', 'Admin Integration']); permissions[65].should.be.AssignedToRoles(['Administrator', 'Editor', 'Author', 'Contributor', 'Admin Integration']);
permissions[66].name.should.eql('Retry emails'); permissions[66].name.should.eql('Retry emails');
permissions[66].should.be.AssignedToRoles(['Administrator', 'Editor', 'Admin Integration']); permissions[66].should.be.AssignedToRoles(['Administrator', 'Editor', 'Admin Integration']);
// Labels
permissions[67].name.should.eql('Browse labels'); permissions[67].name.should.eql('Browse labels');
permissions[68].name.should.eql('Read labels'); permissions[68].name.should.eql('Read labels');
permissions[69].name.should.eql('Edit labels'); permissions[69].name.should.eql('Edit labels');
permissions[70].name.should.eql('Add labels'); permissions[70].name.should.eql('Add labels');
permissions[71].name.should.eql('Delete labels'); permissions[71].name.should.eql('Delete labels');
// Member auth
permissions[72].name.should.eql('Read member signin urls'); permissions[72].name.should.eql('Read member signin urls');
permissions[73].name.should.eql('Read identities');
permissions[74].name.should.eql('Auth Stripe Connect for Members');
// Snippets
permissions[75].name.should.eql('Browse snippets');
permissions[75].should.be.AssignedToRoles(['Administrator', 'Editor', 'Author', 'Contributor', 'Admin Integration']);
permissions[76].name.should.eql('Read snippets');
permissions[76].should.be.AssignedToRoles(['Administrator', 'Editor', 'Author', 'Contributor', 'Admin Integration']);
permissions[77].name.should.eql('Edit snippets');
permissions[77].should.be.AssignedToRoles(['Administrator', 'Editor', 'Admin Integration']);
permissions[78].name.should.eql('Add snippets');
permissions[78].should.be.AssignedToRoles(['Administrator', 'Editor', 'Admin Integration']);
permissions[79].name.should.eql('Delete snippets');
permissions[79].should.be.AssignedToRoles(['Administrator', 'Editor', 'Admin Integration']);
}); });
describe('Populate', function () { describe('Populate', function () {
@ -264,7 +282,7 @@ describe('Database Migration (special functions)', function () {
result.roles.at(7).get('name').should.eql('Scheduler Integration'); result.roles.at(7).get('name').should.eql('Scheduler Integration');
// Permissions // Permissions
result.permissions.length.should.eql(75); result.permissions.length.should.eql(80);
result.permissions.toJSON().should.be.CompletePermissions(); result.permissions.toJSON().should.be.CompletePermissions();
}); });
}); });

14
test/unit/data/schema/fixtures/utils_spec.js
View file

@ -152,19 +152,19 @@ describe('Migration Fixture Utils', function () {
fixtureUtils.addFixturesForRelation(fixtures.relations[0]).then(function (result) { fixtureUtils.addFixturesForRelation(fixtures.relations[0]).then(function (result) {
should.exist(result); should.exist(result);
result.should.be.an.Object(); result.should.be.an.Object();
result.should.have.property('expected', 69); result.should.have.property('expected', 74);
result.should.have.property('done', 69); result.should.have.property('done', 74);
// Permissions & Roles // Permissions & Roles
permsAllStub.calledOnce.should.be.true(); permsAllStub.calledOnce.should.be.true();
rolesAllStub.calledOnce.should.be.true(); rolesAllStub.calledOnce.should.be.true();
dataMethodStub.filter.callCount.should.eql(69); dataMethodStub.filter.callCount.should.eql(74);
dataMethodStub.find.callCount.should.eql(7); dataMethodStub.find.callCount.should.eql(7);
baseUtilAttachStub.callCount.should.eql(69); baseUtilAttachStub.callCount.should.eql(74);
fromItem.related.callCount.should.eql(69); fromItem.related.callCount.should.eql(74);
fromItem.findWhere.callCount.should.eql(69); fromItem.findWhere.callCount.should.eql(74);
toItem[0].get.callCount.should.eql(138); toItem[0].get.callCount.should.eql(148);
done(); done();
}).catch(done); }).catch(done);

2
test/unit/data/schema/integrity_spec.js
View file

@ -33,7 +33,7 @@ const defaultSettings = require('../../../../core/server/data/schema/default-set
describe('DB version integrity', function () { describe('DB version integrity', function () {
// Only these variables should need updating // Only these variables should need updating
const currentSchemaHash = 'c4de64f1c1114eb8b05c7473e3adc29e'; const currentSchemaHash = 'c4de64f1c1114eb8b05c7473e3adc29e';
const currentFixturesHash = '29148c40dfaf4f828c5fca95666f6545'; const currentFixturesHash = '3f99425b6349553ee246b14f3b24c9f8';
const currentSettingsHash = 'c8daa2c9632bb75f9d60655de09ae3bd'; const currentSettingsHash = 'c8daa2c9632bb75f9d60655de09ae3bd';
const currentRoutesHash = '3d180d52c663d173a6be791ef411ed01'; const currentRoutesHash = '3d180d52c663d173a6be791ef411ed01';