Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-10 23:36:14 -05:00
Code Issues Activity
ghost/core/server/api/v2
History
Naz Gargol 786eaac57e
Added permission restrictions to editing members flag (#11217) 
no issue

- Added test cases to check edit permission on settings endpoints
- Added test to demonstrate owner-only being able to toggle members flag
- Permission check when editing settings `lab.members`
- Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure.
- Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame"
- Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 10:26:54 +02:00
..
utils 🐛 Fixed "unsaved changes" modal displaying when post has been saved 2019-10-07 22:59:19 +01:00
actions.js
authentication.js Switched to use v2 http module instead of ovelooked v1 2019-08-01 13:06:15 +02:00
authors-public.js Renamed authors ctrl to authors-public 2019-02-26 08:33:10 +01:00
config.js
db.js Created DB Backup integration (#10974) 2019-08-02 17:28:02 +08:00
images.js
index.js Migrated schedules controller to v2 2019-08-07 14:51:36 +02:00
integrations.js
invites.js Migrated to use url-utils from Ghost-SDK (#10787) 2019-06-18 15:13:55 +02:00
mail.js Updated links to docs (#10941) 2019-07-22 18:17:50 +08:00
members.js Added members CSV export to Admin API (#11198) 2019-10-03 20:36:22 +02:00
notifications.js 🎨 Made notifications dismissible per user 2019-04-19 09:43:14 +02:00
oembed.js Refactored oembed controller data validation 2019-08-01 17:13:12 +05:30
pages-public.js
pages.js Permission restrictions for post.visibility modifications (#11213) 2019-10-08 15:44:27 +02:00
posts-public.js
posts.js Permission restrictions for post.visibility modifications (#11213) 2019-10-08 15:44:27 +02:00
preview.js
redirects.js Extracted frontend code from redirects API controllers (#10798) 2019-06-21 16:50:16 +02:00
roles.js
schedules.js Migrated schedules controller to v2 2019-08-07 14:51:36 +02:00
session.js
settings-public.js 🎨 Added url value to the Content API /settings/ endpoint (#10946) 2019-07-24 11:12:07 +01:00
settings.js Added permission restrictions to editing members flag (#11217) 2019-10-09 10:26:54 +02:00
site.js Migrated to use url-utils from Ghost-SDK (#10787) 2019-06-18 15:13:55 +02:00
slack.js
slugs.js
subscribers.js
tags-public.js
tags.js
themes.js 🐛 Fixed cache invalidation header on theme override 2019-07-17 18:41:25 +05:30
users.js Fixed ability for the owner to change password of other users 2019-07-22 19:00:21 +02:00
webhooks.js