Merge pull request #6042 from sebgie/disable-pages

Disallow staticPages from public API
2025-01-06 22:40:14 -05:00 · 2015-11-04 10:51:30 +00:00 · 2015-11-04 10:51:30 +00:00 · eb3cce0235
commit eb3cce0235
parent 63d353d86f ddf9874fa1
2 changed files with 34 additions and 2 deletions
--- a/core/server/api/posts.js
+++ b/core/server/api/posts.js
@ -36,10 +36,17 @@ posts = {
     * @returns {Promise<Posts>} Posts Collection with Meta
     */
    browse: function browse(options) {
-        var extraOptions = ['status', 'staticPages'],
-            permittedOptions = utils.browseDefaultOptions.concat(extraOptions),
+        var extraOptions = ['status'],
+            permittedOptions,
            tasks;

+        // Workaround to remove static pages from results
+        // TODO: rework after https://github.com/TryGhost/Ghost/issues/5151
+        if (options && options.context && (options.context.user || options.context.internal)) {
+            extraOptions.push('staticPages');
+        }
+        permittedOptions = utils.browseDefaultOptions.concat(extraOptions);
+
        /**
         * ### Model Query
         *  Make the call to the Model layer
--- a/core/test/functional/routes/api/public_api_spec.js
+++ b/core/test/functional/routes/api/public_api_spec.js
@ -70,6 +70,31 @@ describe('Public API', function () {
            });
    });

+    it('browse posts, ignores staticPages', function (done) {
+        request.get(testUtils.API.getApiQuery('posts/?client_id=ghost-admin&client_secret=not_available&staticPages=true'))
+            .set('Origin', testUtils.API.getURL())
+            .expect('Content-Type', /json/)
+            .expect('Cache-Control', testUtils.cacheRules.private)
+            .expect(200)
+            .end(function (err, res) {
+                console.log(res.body);
+                if (err) {
+                    return done(err);
+                }
+
+                should.not.exist(res.headers['x-cache-invalidate']);
+                var jsonResponse = res.body;
+                jsonResponse.posts.should.exist;
+                testUtils.API.checkResponse(jsonResponse, 'posts');
+                jsonResponse.posts.should.have.length(5);
+                testUtils.API.checkResponse(jsonResponse.posts[0], 'post');
+                testUtils.API.checkResponse(jsonResponse.meta.pagination, 'pagination');
+                _.isBoolean(jsonResponse.posts[0].featured).should.eql(true);
+                _.isBoolean(jsonResponse.posts[0].page).should.eql(true);
+                done();
+            });
+    });
+
    it('browse tags without limit defaults to 15', function (done) {
        request.get(testUtils.API.getApiQuery('tags/?client_id=ghost-admin&client_secret=not_available'))
            .set('Origin', testUtils.API.getURL())