Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-06 22:40:14 -05:00
Code Issues Activity

🎨 Optimise permissble function in user model

Browse source 
no issue

- if you destroy a user with an unknown user id, Ghost would crash
- because `userModel.hasRole` is undefined

- there is actually a bigger underlying architectual problem:
   - the permission check should rely on an existing user
   - so there should be a first api layer, which 1. validates (this code exists) and 2. ensures that requested database id's exist
   - but this requires a bigger refactoring
This commit is contained in:
kirrg001 2017-07-18 16:14:02 +02:00 committed by Kevin Ansfield
parent f6cc48d056
commit 522bd02224
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
core/server/models/user.js
View file

@ -562,6 +562,12 @@ User = ghostBookshelf.Model.extend({
// Get the actual user model
return this.findOne({id: userModelOrId, status: 'all'}, {include: ['roles']}).then(function then(foundUserModel) {
if (!foundUserModel) {
throw new errors.NotFoundError({
message: i18n.t('errors.models.user.userNotFound')
});
}
// Build up the original args but substitute with actual model
var newArgs = [foundUserModel].concat(origArgs);