mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-02-10 23:36:14 -05:00
Added permissions for actions including migration
refs #10431 - migration script to add permissions for actions - restricted to owner & admin & integration role for now - we will add permissions for other rules too, but we need add more granular restrictions - e.g. contributors can only read actions for posts which he created
This commit is contained in:
kirrg001
Katharina Irrgang
parent
c127b406fc
commit
fde31b31ba
5 changed files with 69 additions and 11 deletions
|
|
@ -0,0 +1,47 @@
|
||||||
|
const _ = require('lodash');
|
||||||
|
const utils = require('../../../schema/fixtures/utils');
|
||||||
|
const permissions = require('../../../../services/permissions');
|
||||||
|
const common = require('../../../../lib/common');
|
||||||
|
const resource = 'action';
|
||||||
|
const _private = {};
|
||||||
|
|
||||||
|
_private.getPermissions = function getPermissions() {
|
||||||
|
return utils.findModelFixtures('Permission', {object_type: resource});
|
||||||
|
};
|
||||||
|
|
||||||
|
_private.getRelations = function getRelations() {
|
||||||
|
return utils.findPermissionRelationsForObject(resource);
|
||||||
|
};
|
||||||
|
|
||||||
|
_private.printResult = function printResult(result, message) {
|
||||||
|
if (result.done === result.expected) {
|
||||||
|
common.logging.info(message);
|
||||||
|
} else {
|
||||||
|
common.logging.warn('(' + result.done + '/' + result.expected + ') ' + message);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
module.exports.config = {
|
||||||
|
transaction: true
|
||||||
|
};
|
||||||
|
|
||||||
|
module.exports.up = function addRedirectsPermissions(options) {
|
||||||
|
const modelToAdd = _private.getPermissions();
|
||||||
|
const relationToAdd = _private.getRelations();
|
||||||
|
const localOptions = _.merge({
|
||||||
|
context: {
|
||||||
|
internal: true,
|
||||||
|
migrating: true
|
||||||
|
}
|
||||||
|
}, options);
|
||||||
|
|
||||||
|
return utils.addFixturesForModel(modelToAdd, localOptions)
|
||||||
|
.then(function (result) {
|
||||||
|
_private.printResult(result, 'Adding permissions fixtures for ' + resource + 's');
|
||||||
|
return utils.addFixturesForRelation(relationToAdd, localOptions);
|
||||||
|
})
|
||||||
|
.then(function (result) {
|
||||||
|
_private.printResult(result, 'Adding permissions_roles fixtures for ' + resource + 's');
|
||||||
|
return permissions.init(localOptions);
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
@ -391,6 +391,11 @@
|
||||||
"name": "Delete API keys",
|
"name": "Delete API keys",
|
||||||
"action_type": "destroy",
|
"action_type": "destroy",
|
||||||
"object_type": "api_key"
|
"object_type": "api_key"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "Browse Actions",
|
||||||
|
"action_type": "browse",
|
||||||
|
"object_type": "action"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|
@ -559,7 +564,8 @@
|
||||||
"redirect": "all",
|
"redirect": "all",
|
||||||
"webhook": "all",
|
"webhook": "all",
|
||||||
"integration": "all",
|
"integration": "all",
|
||||||
"api_key": "all"
|
"api_key": "all",
|
||||||
|
"action": "all"
|
||||||
},
|
},
|
||||||
"Admin Integration": {
|
"Admin Integration": {
|
||||||
"mail": "all",
|
"mail": "all",
|
||||||
|
|
@ -575,7 +581,8 @@
|
||||||
"subscriber": "all",
|
"subscriber": "all",
|
||||||
"invite": "all",
|
"invite": "all",
|
||||||
"redirect": "all",
|
"redirect": "all",
|
||||||
"webhook": "all"
|
"webhook": "all",
|
||||||
|
"action": "all"
|
||||||
},
|
},
|
||||||
"Editor": {
|
"Editor": {
|
||||||
"post": "all",
|
"post": "all",
|
||||||
|
|
|
||||||
|
|
@ -194,6 +194,10 @@ describe('Database Migration (special functions)', function () {
|
||||||
permissions[62].should.be.AssignedToRoles(['Administrator']);
|
permissions[62].should.be.AssignedToRoles(['Administrator']);
|
||||||
permissions[63].name.should.eql('Delete API keys');
|
permissions[63].name.should.eql('Delete API keys');
|
||||||
permissions[63].should.be.AssignedToRoles(['Administrator']);
|
permissions[63].should.be.AssignedToRoles(['Administrator']);
|
||||||
|
|
||||||
|
// Actions
|
||||||
|
permissions[64].name.should.eql('Browse Actions');
|
||||||
|
permissions[64].should.be.AssignedToRoles(['Administrator', 'Admin Integration']);
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('Populate', function () {
|
describe('Populate', function () {
|
||||||
|
|
@ -258,7 +262,7 @@ describe('Database Migration (special functions)', function () {
|
||||||
result.roles.at(5).get('name').should.eql('Admin Integration');
|
result.roles.at(5).get('name').should.eql('Admin Integration');
|
||||||
|
|
||||||
// Permissions
|
// Permissions
|
||||||
result.permissions.length.should.eql(64);
|
result.permissions.length.should.eql(65);
|
||||||
result.permissions.toJSON().should.be.CompletePermissions();
|
result.permissions.toJSON().should.be.CompletePermissions();
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
|
||||||
|
|
@ -150,19 +150,19 @@ describe('Migration Fixture Utils', function () {
|
||||||
fixtureUtils.addFixturesForRelation(fixtures.relations[0]).then(function (result) {
|
fixtureUtils.addFixturesForRelation(fixtures.relations[0]).then(function (result) {
|
||||||
should.exist(result);
|
should.exist(result);
|
||||||
result.should.be.an.Object();
|
result.should.be.an.Object();
|
||||||
result.should.have.property('expected', 59);
|
result.should.have.property('expected', 61);
|
||||||
result.should.have.property('done', 59);
|
result.should.have.property('done', 61);
|
||||||
|
|
||||||
// Permissions & Roles
|
// Permissions & Roles
|
||||||
permsAllStub.calledOnce.should.be.true();
|
permsAllStub.calledOnce.should.be.true();
|
||||||
rolesAllStub.calledOnce.should.be.true();
|
rolesAllStub.calledOnce.should.be.true();
|
||||||
dataMethodStub.filter.callCount.should.eql(59);
|
dataMethodStub.filter.callCount.should.eql(61);
|
||||||
dataMethodStub.find.callCount.should.eql(5);
|
dataMethodStub.find.callCount.should.eql(5);
|
||||||
baseUtilAttachStub.callCount.should.eql(59);
|
baseUtilAttachStub.callCount.should.eql(61);
|
||||||
|
|
||||||
fromItem.related.callCount.should.eql(59);
|
fromItem.related.callCount.should.eql(61);
|
||||||
fromItem.findWhere.callCount.should.eql(59);
|
fromItem.findWhere.callCount.should.eql(61);
|
||||||
toItem[0].get.callCount.should.eql(118);
|
toItem[0].get.callCount.should.eql(122);
|
||||||
|
|
||||||
done();
|
done();
|
||||||
}).catch(done);
|
}).catch(done);
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ var should = require('should'),
|
||||||
describe('DB version integrity', function () {
|
describe('DB version integrity', function () {
|
||||||
// Only these variables should need updating
|
// Only these variables should need updating
|
||||||
const currentSchemaHash = 'ddca519660d4c9489259557438a41c78';
|
const currentSchemaHash = 'ddca519660d4c9489259557438a41c78';
|
||||||
const currentFixturesHash = 'cc19eac0f38ed778d25c82753f687495';
|
const currentFixturesHash = '6b154399f5582f7744fbfd9c30ec709b';
|
||||||
|
|
||||||
// If this test is failing, then it is likely a change has been made that requires a DB version bump,
|
// If this test is failing, then it is likely a change has been made that requires a DB version bump,
|
||||||
// and the values above will need updating as confirmation
|
// and the values above will need updating as confirmation
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue