Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Code Issues Activity

Adding and renaming permissions

Browse source 
refs #3283, refs #2739, refs #3096

- Renames permissions which didn't follow bread
- Adds permissions for notifications, mail and tags

Still todo:

- wire up the new permissions where they are needed
- add permissions for roles
This commit is contained in:
Hannah Wolfe 2014-07-15 22:43:22 +01:00
parent d77f61b556
commit ce06ad412a
7 changed files with 140 additions and 75 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
core/server/api/authentication.js
View file

@ -166,7 +166,7 @@ authentication = {
userSettings.push({key: 'description', value: 'Thoughts, stories and ideas by ' + setupUser.name});
}
setupUser = user.toJSON();
return settings.edit({settings: userSettings}, {context: {user: 1}});
return settings.edit({settings: userSettings}, {context: {user: setupUser.id}});
}).then(function () {
var message = {
to: setupUser.email,

4
core/server/api/posts.js
View file

@ -141,7 +141,7 @@ posts = {
add: function add(object, options) {
options = options || {};
return canThis(options.context).create.post().then(function () {
return canThis(options.context).add.post().then(function () {
return utils.checkObject(object, docName).then(function (checkedPostData) {
if (options.include) {
options.include = prepareInclude(options.include);
@ -172,7 +172,7 @@ posts = {
* @return {Promise(Post)} Deleted Post
*/
destroy: function destroy(options) {
return canThis(options.context).remove.post(options.id).then(function () {
return canThis(options.context).destroy.post(options.id).then(function () {
var readOptions = _.extend({}, options, {status: 'all'});
return posts.read(readOptions).then(function (result) {
return dataProvider.Post.destroy(options).then(function () {

2
core/server/api/users.js
View file

@ -116,7 +116,7 @@ users = {
* @returns {Promise(User)}
*/
destroy: function destroy(options) {
return canThis(options.context).remove.user(options.id).then(function () {
return canThis(options.context).destroy.user(options.id).then(function () {
return users.read(options).then(function (result) {
return dataProvider.User.destroy(options).then(function () {
return result;

170
core/server/data/fixtures/permissions/permissions.json
View file

@ -1,29 +1,5 @@
{
"permissions": {
"post": [
{
"name": "Edit posts",
"action_type": "edit"
},
{
"name": "Remove posts",
"action_type": "remove"
},
{
"name": "Create posts",
"action_type": "create"
}
],
"slug": [
{
"name": "Generate post slug",
"action_type": "generate"
},
{
"name": "Generate tag slug",
"action_type": "generate"
}
],
"db": [
{
"name": "Export database",
@ -38,6 +14,100 @@
"action_type": "deleteAllContent"
}
],
"mail": [
{
"name": "Send mail",
"action_type": "send"
}
],
"notification": [
{
"name": "Browse notifications",
"action_type": "browse"
},
{
"name": "Add notifications",
"action_type": "add"
},
{
"name": "Delete notifications",
"action_type": "destroy"
}
],
"post": [
{
"name": "Browse posts",
"action_type": "browse"
},
{
"name": "Read posts",
"action_type": "read"
},
{
"name": "Edit posts",
"action_type": "edit"
},
{
"name": "Add posts",
"action_type": "add"
},
{
"name": "Delete posts",
"action_type": "destroy"
}
],
"setting": [
{
"name": "Browse settings",
"action_type": "browse"
},
{
"name": "Read settings",
"action_type": "read"
},
{
"name": "Edit settings",
"action_type": "edit"
}
],
"slug": [
{
"name": "Generate slugs",
"action_type": "generate"
}
],
"tag": [
{
"name": "Browse tags",
"action_type": "browse"
},
{
"name": "Read tags",
"action_type": "read"
},
{
"name": "Edit tags",
"action_type": "edit"
},
{
"name": "Add tags",
"action_type": "add"
},
{
"name": "Delete tags",
"action_type": "destroy"
}
],
"theme": [
{
"name": "Browse themes",
"action_type": "browse"
},
{
"name": "Edit themes",
"action_type": "edit"
}
],
"user": [
{
"name": "Browse users",
@ -56,55 +126,37 @@
"action_type": "add"
},
{
"name": "Remove users",
"action_type": "remove"
}
],
"setting": [
{
"name": "Browse settings",
"action_type": "browse"
},
{
"name": "Read settings",
"action_type": "read"
},
{
"name": "Edit settings",
"action_type": "edit"
}
],
"theme": [
{
"name": "Browse themes",
"action_type": "browse"
},
{
"name": "Edit themes",
"action_type": "edit"
"name": "Delete users",
"action_type": "destroy"
}
]
},
"permissions_roles": {
"Administrator": {
"post": "all",
"slug": "all",
"db": "all",
"user": "all",
"mail": "all",
"notification": "all",
"post": "all",
"setting": "all",
"theme": "all"
"slug": "all",
"tag": "all",
"theme": "all",
"user": "all"
},
"Editor": {
"post": "all",
"setting": ["browse", "read"],
"slug": "all",
"user": "all",
"setting": ["browse", "read"]
"tag": "all",
"user": "all"
},
"Author": {
"post": ["add"],
"post": ["browse", "read", "add"],
"setting": ["browse", "read"],
"slug": "all",
"user": ["browse", "read"],
"setting": ["browse", "read"]
"tag": ["browse", "read", "add"],
"user": ["browse", "read"]
}
}
}

2
core/server/models/settings.js
View file

@ -135,6 +135,7 @@ Settings = ghostBookshelf.Model.extend({
},
populateDefault: function (key) {
if (!getDefaultSettings()[key]) {
return when.reject(new errors.NotFoundError('Unable to find default setting: ' + key));
}
@ -142,6 +143,7 @@ Settings = ghostBookshelf.Model.extend({
// TOOD: databaseVersion and currentVersion special cases?
this.findOne({ key: key }).then(function (foundSetting) {
if (foundSetting) {
return foundSetting;
}

6
core/test/unit/permissions_spec.js
View file

@ -43,8 +43,8 @@ describe('Permissions', function () {
{ act: 'add', obj: 'post' },
{ act: 'add', obj: 'user' },
{ act: 'add', obj: 'page' },
{ act: 'remove', obj: 'post' },
{ act: 'remove', obj: 'user' }
{ act: 'destroy', obj: 'post' },
{ act: 'destroy', obj: 'user' }
],
currTestPermId = 1,
@ -397,7 +397,7 @@ describe('Permissions', function () {
done();
})
.catch(function () {
done(new Error('Allowed an edit of post 1'));
done(new Error('Did not allow an edit of post 1'));
});
});

29
core/test/utils/index.js
View file

@ -5,7 +5,7 @@ var knex = require('../../server/models/base').knex,
_ = require('lodash'),
fs = require('fs-extra'),
path = require('path'),
migration = require("../../server/data/migration/"),
migration = require('../../server/data/migration/'),
DataGenerator = require('./fixtures/data-generator'),
API = require('./api'),
fork = require('./fork');
@ -126,14 +126,25 @@ function insertDefaultApp() {
apps.push(DataGenerator.forKnex.createApp(DataGenerator.Content.apps[0]));
return knex('apps')
.insert(apps)
.then(function () {
return knex('permissions_apps')
.insert({
app_id: 1,
permission_id: 1
});
return knex('permissions')
.select('id')
.where('object_type', 'post')
.andWhere('action_type', 'edit')
.then(function (result) {
var permission_id = result[0].id;
if (permission_id) {
return knex('apps')
.insert(apps)
.then(function () {
return knex('permissions_apps')
.insert({
app_id: 1,
permission_id: permission_id
});
});
}
throw new Error('Permissions not created');
});
}