closes#2264
- added permissions check to db, users and posts
- added register method to users
- added doesUserExist method to users
- added user from session to internal calls
- changed permissible to overwrite canThis
- removed action map and action type from permissable method
closes#2058
- fixed apiContext as suggested in the issue
- added user to options object for models
- added api.users.register() for public registration
- changed models to use options.user for created_by, updated_by,
author_id and published_by
- added override to session model to avoid created_by and updated_by
values
- added user (id: 1) to tests
- added user (id: 1) for registration
- added user (id: 1) for import, fixtures and default settings
- added user (id: 1) for user update
- added user (id: 1) for settings update (dbHash, installedApps, update
check)
- updated bookshelf to version 0.6.8
- Handle passing undefined user to canThis
- Add existence check to parseContext if statement
- Add unit test that passes undefined to canThis
- Allow internal canThis() checks
- Allow passing 'internal' or { internal: true } as context
- Do not lookup user permissions unless context.user found
- If context.internal, resolve immediately
- Add unit tests for passing 'internal' and { internal: true }
Progress on #2095
- Add new AppPermissions class with read() method
- has default permissions to read and browse posts
- uses default permissions if no package.json
- uses default permissions if no ghost object in package.json
- errors when reading malformed package.json
- uses ghost.permissions if found in package.json
closes#2138
- Adds new models for AppField and AppSetting
- Removed permitted attributes from App model (handled by base)
- Added reference from Post to AppFields
- Added fixture data to DataGenerator
- Added integration tests for Apps, AppSettings, AppFields
- Added import for Apps
- Added app_fields to default fixtures
- Pass permissions loading to buildObjectTypeHandlers to eliminate
shared state
- Load both app and user permissions to check
- Check app permissions if present
- Create apps table and App model
- Move effectiveUserPermissions to permissions/effective
- Change permissable interface to take context; user and app.
- Add unit tests for app canThis checks and effective permissions
closes#2580
- added new format to post API methods
- added post object parsing and wrapping to admin
- removed unused ‚user‘ object from API response
- updated tests
issue #2273
- test draft/page/published label
- test green add new post button
- test status and author in preview header
- test edit post button
- test delete modal
close#2443
- Refactor API tests from `/core/test/functional/api` to
`/core/test/functional/routes/api`, using supertest instead of request
- Remove `core/test/functional/api` folder
closes#2563
- build path relative to imagesPath (which contains the custom content path)
instead of appRoot
- added test for custom content path
- added logic to tests for Windows url building to handle cases where Windows
functionality is being tested on a unix operating system
closes#2442, issue #2182
- Server start refactored - messaging is just messaging, deferred resolves the httpserver so that the connection can be closed
- Updated travis config to set node env
- Updated example config to be less travis-specific
- Route tests updated to use this new functionality
- Grunt test-routes simplified
If no .bowerrc file is found in the current folder it seems to lookup if one exists in parent folders. Thus, we need to use .bowerrc in order to avoid problems.
Closes#2513
- Checks for property `error.hbs` on active theme
- Added unit test to ensure `error` view is rendered when activeTheme has
a custom error template.
- Removed unused variable, `userErrorTemplatePath` from errorHandler
- Refactored errorHandler.`updateActiveTheme` to take one argument, the new active theme, and to then check if the active theme has an error.hbs
- Changed errorHandler unit test to use rewire for mocking config.
