From ce06ad412a6352e5f64517325e18ff814c5a7c3b Mon Sep 17 00:00:00 2001 From: Hannah Wolfe Date: Tue, 15 Jul 2014 22:43:22 +0100 Subject: [PATCH] Adding and renaming permissions refs #3283, refs #2739, refs #3096 - Renames permissions which didn't follow bread - Adds permissions for notifications, mail and tags Still todo: - wire up the new permissions where they are needed - add permissions for roles --- core/server/api/authentication.js | 2 +- core/server/api/posts.js | 4 +- core/server/api/users.js | 2 +- .../fixtures/permissions/permissions.json | 170 ++++++++++++------ core/server/models/settings.js | 2 + core/test/unit/permissions_spec.js | 6 +- core/test/utils/index.js | 29 ++- 7 files changed, 140 insertions(+), 75 deletions(-) diff --git a/core/server/api/authentication.js b/core/server/api/authentication.js index 180f8dcac2..e73576b1cd 100644 --- a/core/server/api/authentication.js +++ b/core/server/api/authentication.js @@ -166,7 +166,7 @@ authentication = { userSettings.push({key: 'description', value: 'Thoughts, stories and ideas by ' + setupUser.name}); } setupUser = user.toJSON(); - return settings.edit({settings: userSettings}, {context: {user: 1}}); + return settings.edit({settings: userSettings}, {context: {user: setupUser.id}}); }).then(function () { var message = { to: setupUser.email, diff --git a/core/server/api/posts.js b/core/server/api/posts.js index 8682c214ce..f6cfcdb814 100644 --- a/core/server/api/posts.js +++ b/core/server/api/posts.js @@ -141,7 +141,7 @@ posts = { add: function add(object, options) { options = options || {}; - return canThis(options.context).create.post().then(function () { + return canThis(options.context).add.post().then(function () { return utils.checkObject(object, docName).then(function (checkedPostData) { if (options.include) { options.include = prepareInclude(options.include); @@ -172,7 +172,7 @@ posts = { * @return {Promise(Post)} Deleted Post */ destroy: function destroy(options) { - return canThis(options.context).remove.post(options.id).then(function () { + return canThis(options.context).destroy.post(options.id).then(function () { var readOptions = _.extend({}, options, {status: 'all'}); return posts.read(readOptions).then(function (result) { return dataProvider.Post.destroy(options).then(function () { diff --git a/core/server/api/users.js b/core/server/api/users.js index e7a94b94be..1efd770857 100644 --- a/core/server/api/users.js +++ b/core/server/api/users.js @@ -116,7 +116,7 @@ users = { * @returns {Promise(User)} */ destroy: function destroy(options) { - return canThis(options.context).remove.user(options.id).then(function () { + return canThis(options.context).destroy.user(options.id).then(function () { return users.read(options).then(function (result) { return dataProvider.User.destroy(options).then(function () { return result; diff --git a/core/server/data/fixtures/permissions/permissions.json b/core/server/data/fixtures/permissions/permissions.json index 470a34e345..686f1d73e1 100644 --- a/core/server/data/fixtures/permissions/permissions.json +++ b/core/server/data/fixtures/permissions/permissions.json @@ -1,29 +1,5 @@ { "permissions": { - "post": [ - { - "name": "Edit posts", - "action_type": "edit" - }, - { - "name": "Remove posts", - "action_type": "remove" - }, - { - "name": "Create posts", - "action_type": "create" - } - ], - "slug": [ - { - "name": "Generate post slug", - "action_type": "generate" - }, - { - "name": "Generate tag slug", - "action_type": "generate" - } - ], "db": [ { "name": "Export database", @@ -38,6 +14,100 @@ "action_type": "deleteAllContent" } ], + "mail": [ + { + "name": "Send mail", + "action_type": "send" + } + ], + "notification": [ + { + "name": "Browse notifications", + "action_type": "browse" + }, + { + "name": "Add notifications", + "action_type": "add" + }, + { + "name": "Delete notifications", + "action_type": "destroy" + } + ], + "post": [ + { + "name": "Browse posts", + "action_type": "browse" + }, + { + "name": "Read posts", + "action_type": "read" + }, + { + "name": "Edit posts", + "action_type": "edit" + }, + { + "name": "Add posts", + "action_type": "add" + }, + { + "name": "Delete posts", + "action_type": "destroy" + } + ], + "setting": [ + { + "name": "Browse settings", + "action_type": "browse" + }, + { + "name": "Read settings", + "action_type": "read" + }, + { + "name": "Edit settings", + "action_type": "edit" + } + ], + "slug": [ + { + "name": "Generate slugs", + "action_type": "generate" + } + ], + "tag": [ + { + "name": "Browse tags", + "action_type": "browse" + }, + { + "name": "Read tags", + "action_type": "read" + }, + { + "name": "Edit tags", + "action_type": "edit" + }, + { + "name": "Add tags", + "action_type": "add" + }, + { + "name": "Delete tags", + "action_type": "destroy" + } + ], + "theme": [ + { + "name": "Browse themes", + "action_type": "browse" + }, + { + "name": "Edit themes", + "action_type": "edit" + } + ], "user": [ { "name": "Browse users", @@ -56,55 +126,37 @@ "action_type": "add" }, { - "name": "Remove users", - "action_type": "remove" - } - ], - "setting": [ - { - "name": "Browse settings", - "action_type": "browse" - }, - { - "name": "Read settings", - "action_type": "read" - }, - { - "name": "Edit settings", - "action_type": "edit" - } - ], - "theme": [ - { - "name": "Browse themes", - "action_type": "browse" - }, - { - "name": "Edit themes", - "action_type": "edit" + "name": "Delete users", + "action_type": "destroy" } ] }, "permissions_roles": { "Administrator": { - "post": "all", - "slug": "all", "db": "all", - "user": "all", + "mail": "all", + "notification": "all", + "post": "all", "setting": "all", - "theme": "all" + "slug": "all", + "tag": "all", + "theme": "all", + "user": "all" }, "Editor": { "post": "all", + "setting": ["browse", "read"], "slug": "all", - "user": "all", - "setting": ["browse", "read"] + "tag": "all", + "user": "all" + }, "Author": { - "post": ["add"], + "post": ["browse", "read", "add"], + "setting": ["browse", "read"], "slug": "all", - "user": ["browse", "read"], - "setting": ["browse", "read"] + "tag": ["browse", "read", "add"], + "user": ["browse", "read"] } } } \ No newline at end of file diff --git a/core/server/models/settings.js b/core/server/models/settings.js index 0a19fdde36..3941eb4d3d 100644 --- a/core/server/models/settings.js +++ b/core/server/models/settings.js @@ -135,6 +135,7 @@ Settings = ghostBookshelf.Model.extend({ }, populateDefault: function (key) { + if (!getDefaultSettings()[key]) { return when.reject(new errors.NotFoundError('Unable to find default setting: ' + key)); } @@ -142,6 +143,7 @@ Settings = ghostBookshelf.Model.extend({ // TOOD: databaseVersion and currentVersion special cases? this.findOne({ key: key }).then(function (foundSetting) { + if (foundSetting) { return foundSetting; } diff --git a/core/test/unit/permissions_spec.js b/core/test/unit/permissions_spec.js index d1b0cf7ac1..a769e06558 100644 --- a/core/test/unit/permissions_spec.js +++ b/core/test/unit/permissions_spec.js @@ -43,8 +43,8 @@ describe('Permissions', function () { { act: 'add', obj: 'post' }, { act: 'add', obj: 'user' }, { act: 'add', obj: 'page' }, - { act: 'remove', obj: 'post' }, - { act: 'remove', obj: 'user' } + { act: 'destroy', obj: 'post' }, + { act: 'destroy', obj: 'user' } ], currTestPermId = 1, @@ -397,7 +397,7 @@ describe('Permissions', function () { done(); }) .catch(function () { - done(new Error('Allowed an edit of post 1')); + done(new Error('Did not allow an edit of post 1')); }); }); diff --git a/core/test/utils/index.js b/core/test/utils/index.js index be27ebd23f..d05ab311b9 100644 --- a/core/test/utils/index.js +++ b/core/test/utils/index.js @@ -5,7 +5,7 @@ var knex = require('../../server/models/base').knex, _ = require('lodash'), fs = require('fs-extra'), path = require('path'), - migration = require("../../server/data/migration/"), + migration = require('../../server/data/migration/'), DataGenerator = require('./fixtures/data-generator'), API = require('./api'), fork = require('./fork'); @@ -126,14 +126,25 @@ function insertDefaultApp() { apps.push(DataGenerator.forKnex.createApp(DataGenerator.Content.apps[0])); - return knex('apps') - .insert(apps) - .then(function () { - return knex('permissions_apps') - .insert({ - app_id: 1, - permission_id: 1 - }); + return knex('permissions') + .select('id') + .where('object_type', 'post') + .andWhere('action_type', 'edit') + .then(function (result) { + var permission_id = result[0].id; + if (permission_id) { + return knex('apps') + .insert(apps) + .then(function () { + return knex('permissions_apps') + .insert({ + app_id: 1, + permission_id: permission_id + }); + }); + } + + throw new Error('Permissions not created'); }); }