mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-20 22:42:53 -05:00
04f0b9fc3f
ref https://linear.app/ghost/issue/PLG-296/ When logged in as an Admin, comments-ui switches comment reads from the Members API over to the Admin API so that hidden comments can be displayed to allow moderation activities. However, the Admin API not using member authentication and CORS preventing the front-end members auth cookie being passed over to the Admin API domain meant that the logged-in member's likes were missing when fetching via the Admin API as there is no available reference to the logged in member. This change works around the problem by introducing an `impersonate_member_uuid` param to the comments read/browse endpoints of the Admin API. When passed, the provided uuid is used to simulate that member being logged in so that likes are correctly shown. - Introduced `impersonation_member_id` parameter to resolve issues with admin API not returning correct "liked" status for comments when an admin is logged in. - Updated API endpoints in `comment-replies.js` and `comments.js` to handle `impersonation_member_id`. - Adjusted `CommentsController` to validate and process the `impersonation_member_id` parameter before passing it to database queries. - Enhanced test coverage to ensure proper handling of the new parameter and accurate "liked" status behavior. |
||
---|---|---|
.. | ||
e2e | ||
utils |