Closes#2738
- Re-introduce the TargetModel.permissable interface check in the
regular permission flow path
- Pass loadedPermissions, hasUserPermission and hasAppPermission to
permissable interface to reduce logic necessary
- Refactor recursive call to pass original arguments but with actual
model
- Refactor canThis(this.user) use in api/posts.js to just canThis(this)
Fixes#2650
* rerouted all mail sending to api/mail
* changed request and response formats to json/api-like structure
* tested with forgotten password and new blog email
closes#2647
- GET method returns { db: [exportedData] }
- POST, DELETE methods return { db: [] }
- 'delete all content' test updated
- Attach 'Content-Disposition' header on DB export for 'Save As' browser dialog
- Add DB API functional test for Export
- Settings fixture that doesn't seem to work
- SettingsGeneralRoute with model function calling api
- SettingsGeneralModel with save method stubbed
- SettingsGeneralController with actions for save, uploadLogo and uploadCover
- Let ApplicationRoute handleValidationErrors
- Fix actions hash in controller and use bind-attr
- Refactor to use single SettingsModel
- Implement description word count
- Fix broken ajax reference by actually importing ajax method
- Refactor to use count-words helper
- Refactor isDatedPermalinks into controller
- Refactor the isDatedPermalinks to use a custom setter
- Remove isDatedPermalinks code from the model
issue #2418
- create ghost-popover component and template
- use it for the navigation popover
- still needs to handle global click event on the document
to close the popover
Ref #2061
- Add canThis permission checks to settings api calls
- Add strict rules about accessing core settings without internal: true
- Omit core settings in browse() call unless internal: true
- Update unit tests to call api.settings with contexts
- Add a couple unit tests for new scenarios
- Update all api.settings calls in the app to call with internal context
- Re-arrange permissions.init in server startup so config.theme.update
can access settings without permissions error
closes#2653
- enforce strict whitelists for model methods
- create a class method that reports a model method's valid options
- create a class method that filters a model's valid attributes from data
- create a class method that filters valid options from a model method's options hash
refs #2606
- Use new API format when updating settings from the client side
- Add additional test to test new API format
- Adjust functional tests to work with the new format
- The API has the BREAD naming for methods
- The model now has findAll, findOne, findPage (where needed), edit, add and destroy, meaning it is similar but with a bit more flexibility
- browse, read, update, create, and delete, which were effectively just aliases, have all been removed.
- added jsDoc for the model methods
closes#2637
- Add new get API route for all notifications
- Wrap API responses to comply with JSON-API
- Add new tests / adjust fixtures
- Adjust all occurences of passive notifications
closes#2643
- added error type
- added error property for validations
- wrapped errors in an array
- returns multiple errors for validation
- updated tests and admin
closes#2635
- add new logic to the api request handler to set a location header
when new objects are created
- added an api context to config.urlFor() to return the root url
- added functional tests for the affected routes
refs #2622, refs #1340
- added documentation to grunt tasks which will replace the wiki page, including reordering the tasks to make the documentation easier to read
- removed grunt changelog which is no longer used
- merged jshint:shared into jshint:server
- cleanup of quote marks, formatting, line lengths etc
- also fixed the incorrect version number for grunt-docker
- added route tests to coverage
closes#2593
- added new format to user API methods
- changed all places where the user api was used
- updated tests and added more coverage
- little bit of cleanup in utils/api
