mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-06 22:40:14 -05:00
322664a145
refs https://github.com/TryGhost/Team/issues/581 refs https://github.com/TryGhost/Team/issues/582 When publishing a post via the API it was possible to send it using `?email_recipient_filter=all/free/paid` which allowed you to send to members only based on their payment status which is quite limiting for some sites. This PR updates the `?email_recipient_filter` query param to support Ghost's `?filter` param syntax which enables more specific recipient lists, eg: `?email_recipient_filter=status:free` = free members only `?email_recipient_filter=status:paid` = paid members only `?email_recipient_filter=label:vip` = members that have the `vip` label attached `?email_recipient_filter=status:paid,label:vip` = paid members and members that have the `vip` label attached The older `free/paid` values are still supported by the API for backwards compatibility. - updates `Post` and `Email` models to transform legacy `free` and `paid` values to their NQL equivalents on read/write - lets us not worry about supporting legacy values elsewhere in the code - cleanup migration to transform all rows slated for 5.0 - removes schema and API `isIn` validations for recipient filters so allow free-form filters - updates posts API input serializers to transform `free` and `paid` values in the `?email_recipient_filter` param to their NQL equivalents for backwards compatibility - updates Post API controllers `edit` methods to run a query using the supplied filter to verify that it's valid - updates `mega` service to use the filter directly when selecting recipients
268 lines
8.5 KiB
JavaScript
268 lines
8.5 KiB
JavaScript
const models = require('../../models');
|
|
const i18n = require('../../../shared/i18n');
|
|
const errors = require('@tryghost/errors');
|
|
const urlUtils = require('../../../shared/url-utils');
|
|
const {mega} = require('../../services/mega');
|
|
const {BadRequestError} = require('@tryghost/errors');
|
|
const allowedIncludes = ['tags', 'authors', 'authors.roles', 'email'];
|
|
const unsafeAttrs = ['status', 'authors', 'visibility'];
|
|
|
|
module.exports = {
|
|
docName: 'posts',
|
|
browse: {
|
|
options: [
|
|
'include',
|
|
'filter',
|
|
'fields',
|
|
'formats',
|
|
'limit',
|
|
'order',
|
|
'page',
|
|
'debug',
|
|
'absolute_urls'
|
|
],
|
|
validation: {
|
|
options: {
|
|
include: {
|
|
values: allowedIncludes
|
|
},
|
|
formats: {
|
|
values: models.Post.allowedFormats
|
|
}
|
|
}
|
|
},
|
|
permissions: {
|
|
unsafeAttrs: unsafeAttrs
|
|
},
|
|
query(frame) {
|
|
return models.Post.findPage(frame.options);
|
|
}
|
|
},
|
|
|
|
read: {
|
|
options: [
|
|
'include',
|
|
'fields',
|
|
'formats',
|
|
'debug',
|
|
'absolute_urls',
|
|
// NOTE: only for internal context
|
|
'forUpdate',
|
|
'transacting'
|
|
],
|
|
data: [
|
|
'id',
|
|
'slug',
|
|
'uuid'
|
|
],
|
|
validation: {
|
|
options: {
|
|
include: {
|
|
values: allowedIncludes
|
|
},
|
|
formats: {
|
|
values: models.Post.allowedFormats
|
|
}
|
|
}
|
|
},
|
|
permissions: {
|
|
unsafeAttrs: unsafeAttrs
|
|
},
|
|
query(frame) {
|
|
return models.Post.findOne(frame.data, frame.options)
|
|
.then((model) => {
|
|
if (!model) {
|
|
throw new errors.NotFoundError({
|
|
message: i18n.t('errors.api.posts.postNotFound')
|
|
});
|
|
}
|
|
|
|
return model;
|
|
});
|
|
}
|
|
},
|
|
|
|
add: {
|
|
statusCode: 201,
|
|
headers: {},
|
|
options: [
|
|
'include',
|
|
'formats',
|
|
'source'
|
|
],
|
|
validation: {
|
|
options: {
|
|
include: {
|
|
values: allowedIncludes
|
|
},
|
|
source: {
|
|
values: ['html']
|
|
}
|
|
}
|
|
},
|
|
permissions: {
|
|
unsafeAttrs: unsafeAttrs
|
|
},
|
|
query(frame) {
|
|
return models.Post.add(frame.data.posts[0], frame.options)
|
|
.then((model) => {
|
|
if (model.get('status') !== 'published') {
|
|
this.headers.cacheInvalidate = false;
|
|
} else {
|
|
this.headers.cacheInvalidate = true;
|
|
}
|
|
|
|
return model;
|
|
});
|
|
}
|
|
},
|
|
|
|
edit: {
|
|
headers: {},
|
|
options: [
|
|
'include',
|
|
'id',
|
|
'formats',
|
|
'source',
|
|
'email_recipient_filter',
|
|
'send_email_when_published',
|
|
'force_rerender',
|
|
// NOTE: only for internal context
|
|
'forUpdate',
|
|
'transacting'
|
|
],
|
|
validation: {
|
|
options: {
|
|
include: {
|
|
values: allowedIncludes
|
|
},
|
|
id: {
|
|
required: true
|
|
},
|
|
source: {
|
|
values: ['html']
|
|
},
|
|
send_email_when_published: {
|
|
values: [true, false]
|
|
}
|
|
}
|
|
},
|
|
permissions: {
|
|
unsafeAttrs: unsafeAttrs
|
|
},
|
|
async query(frame) {
|
|
let model;
|
|
if (!frame.options.email_recipient_filter && frame.options.send_email_when_published) {
|
|
await models.Base.transaction(async (transacting) => {
|
|
const options = {
|
|
...frame.options,
|
|
transacting
|
|
};
|
|
|
|
/**
|
|
* 1. We need to edit the post first in order to know what the visibility is.
|
|
* 2. We can only pass the email_recipient_filter when we change the status.
|
|
*
|
|
* So, we first edit the post as requested, with all information except the status,
|
|
* from there we can determine what the email_recipient_filter should be and then finish
|
|
* the edit, with the status and the email_recipient_filter option.
|
|
*/
|
|
const status = frame.data.posts[0].status;
|
|
delete frame.data.posts[0].status;
|
|
const interimModel = await models.Post.edit(frame.data.posts[0], options);
|
|
frame.data.posts[0].status = status;
|
|
|
|
options.email_recipient_filter = interimModel.get('visibility') === 'paid' ? 'paid' : 'all';
|
|
|
|
model = await models.Post.edit(frame.data.posts[0], options);
|
|
});
|
|
} else {
|
|
model = await models.Post.edit(frame.data.posts[0], frame.options);
|
|
}
|
|
|
|
/**Handle newsletter email */
|
|
const emailRecipientFilter = model.get('email_recipient_filter');
|
|
if (emailRecipientFilter !== 'none') {
|
|
if (emailRecipientFilter !== 'all') {
|
|
// check filter is valid
|
|
try {
|
|
await models.Member.findPage({filter: `subscribed:true+${emailRecipientFilter}`, limit: 1});
|
|
} catch (err) {
|
|
return Promise.reject(new BadRequestError({
|
|
message: i18n.t('errors.api.posts.invalidEmailRecipientFilter'),
|
|
context: err.message
|
|
}));
|
|
}
|
|
}
|
|
|
|
const postPublished = model.wasChanged() && (model.get('status') === 'published') && (model.previous('status') !== 'published');
|
|
if (postPublished) {
|
|
let postEmail = model.relations.email;
|
|
|
|
if (!postEmail) {
|
|
const email = await mega.addEmail(model, Object.assign({}, frame.options, {apiVersion: 'v3'}));
|
|
model.set('email', email);
|
|
} else if (postEmail && postEmail.get('status') === 'failed') {
|
|
const email = await mega.retryFailedEmail(postEmail);
|
|
model.set('email', email);
|
|
}
|
|
}
|
|
}
|
|
|
|
/**Handle cache invalidation */
|
|
if (
|
|
model.get('status') === 'published' && model.wasChanged() ||
|
|
model.get('status') === 'draft' && model.previous('status') === 'published'
|
|
) {
|
|
this.headers.cacheInvalidate = true;
|
|
} else if (
|
|
model.get('status') === 'draft' && model.previous('status') !== 'published' ||
|
|
model.get('status') === 'scheduled' && model.wasChanged()
|
|
) {
|
|
this.headers.cacheInvalidate = {
|
|
value: urlUtils.urlFor({
|
|
relativeUrl: urlUtils.urlJoin('/p', model.get('uuid'), '/')
|
|
})
|
|
};
|
|
} else {
|
|
this.headers.cacheInvalidate = false;
|
|
}
|
|
return model;
|
|
}
|
|
},
|
|
|
|
destroy: {
|
|
statusCode: 204,
|
|
headers: {
|
|
cacheInvalidate: true
|
|
},
|
|
options: [
|
|
'include',
|
|
'id'
|
|
],
|
|
validation: {
|
|
options: {
|
|
include: {
|
|
values: allowedIncludes
|
|
},
|
|
id: {
|
|
required: true
|
|
}
|
|
}
|
|
},
|
|
permissions: {
|
|
unsafeAttrs: unsafeAttrs
|
|
},
|
|
query(frame) {
|
|
frame.options.require = true;
|
|
|
|
return models.Post.destroy(frame.options)
|
|
.then(() => null)
|
|
.catch(models.Post.NotFoundError, () => {
|
|
return Promise.reject(new errors.NotFoundError({
|
|
message: i18n.t('errors.api.posts.postNotFound')
|
|
}));
|
|
});
|
|
}
|
|
}
|
|
};
|