From 1a9705b8247a9b98f11a991974deb8a644f28a92 Mon Sep 17 00:00:00 2001
From: Rishabh <zrishabhgarg@gmail.com>
Date: Tue, 2 Nov 2021 13:36:15 +0530
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Fixed=20error=20in=20setting=20p?=
 =?UTF-8?q?age=20access=20to=20tiers?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

closes https://github.com/TryGhost/Ghost/issues/13704
closes https://github.com/TryGhost/Team/issues/1186

- updates page serializer to handle new `visibility_filter` property for filtering access on specific tier
- this change was already added for `posts` but was missed on `pages`, so parsing filter on `visibility` filter was failing
---
 .../canary/utils/serializers/input/pages.js   |  8 +++++
 test/e2e-api/admin/pages.test.js              | 32 +++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/core/server/api/canary/utils/serializers/input/pages.js b/core/server/api/canary/utils/serializers/input/pages.js
index 7f48a459b3..ff6ec8ec14 100644
--- a/core/server/api/canary/utils/serializers/input/pages.js
+++ b/core/server/api/canary/utils/serializers/input/pages.js
@@ -102,6 +102,13 @@ const forceStatusFilter = (frame) => {
     }
 };
 
+const transformPageVisibilityFilters = (frame) => {
+    if (frame.data.pages[0].visibility === 'filter' && frame.data.pages[0].visibility_filter) {
+        frame.data.pages[0].visibility = frame.data.pages[0].visibility_filter;
+    }
+    delete frame.data.pages[0].visibility_filter;
+};
+
 module.exports = {
     browse(apiConfig, frame) {
         debug('browse');
@@ -180,6 +187,7 @@ module.exports = {
             });
         }
 
+        transformPageVisibilityFilters(frame);
         handlePostsMeta(frame);
         defaultFormat(frame);
         defaultRelations(frame);
diff --git a/test/e2e-api/admin/pages.test.js b/test/e2e-api/admin/pages.test.js
index abc6e83fd1..aefdb83706 100644
--- a/test/e2e-api/admin/pages.test.js
+++ b/test/e2e-api/admin/pages.test.js
@@ -105,6 +105,38 @@ describe('Pages API', function () {
         model.get('type').should.eql('page');
     });
 
+    it('Can update a page with restricted access to specific tier', async function () {
+        const page = {
+            title: 'updated page',
+            page: false
+        };
+
+        const res = await request
+            .get(localUtils.API.getApiQuery(`pages/${testUtils.DataGenerator.Content.posts[5].id}/`))
+            .set('Origin', config.get('url'))
+            .expect(200);
+
+        page.updated_at = res.body.pages[0].updated_at;
+        page.visibility = 'filter';
+        page.visibility_filter = 'product:default-product';
+
+        const res2 = await request.put(localUtils.API.getApiQuery('pages/' + testUtils.DataGenerator.Content.posts[5].id))
+            .set('Origin', config.get('url'))
+            .send({pages: [page]})
+            .expect('Content-Type', /json/)
+            .expect('Cache-Control', testUtils.cacheRules.private)
+            .expect(200);
+
+        should.exist(res2.headers['x-cache-invalidate']);
+        localUtils.API.checkResponse(res2.body.pages[0], 'page', ['visibility_filter']);
+
+        const model = await models.Post.findOne({
+            id: res2.body.pages[0].id
+        }, testUtils.context.internal);
+
+        model.get('type').should.eql('page');
+    });
+
     it('Cannot get page via posts endpoint', async function () {
         await request.get(localUtils.API.getApiQuery(`posts/${testUtils.DataGenerator.Content.posts[5].id}/`))
             .set('Origin', config.get('url'))