mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-20 22:42:53 -05:00
c36e749820
refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member |
||
|---|---|---|
| .. | ||
| canary | ||
| shared | ||
| v2 | ||
| v3 | ||
| index.js | ||
| README.md | ||
API Versioning
Ghost supports multiple API versions. Each version lives in a separate folder e.g. api/v2, api/v3, api/canary etc. Next to the API folders there is a shared folder, which contains shared code, which all API versions use.
Stages
Each request goes through the following stages:
- input validation
- input serialisation
- permissions
- query
- output serialisation
The framework we are building pipes a request through these stages in respect of the API controller configuration.
Frame
Is a class, which holds all the information for request processing. We pass this instance by reference. Each function can modify the original instance. No need to return the class instance.
Structure
{
original: Object,
options: Object,
data: Object,
user: Object,
file: Object,
files: Array
}
Example
{
original: {
include: 'tags'
},
options: {
withRelated: ['tags']
},
data: {
posts: []
}
}
API Controller
A controller is no longer just a function, it's a set of configurations.
Structure
edit: function || object
edit: {
headers: object,
options: Array,
data: Array,
validation: object | function,
permissions: boolean | object | function,
query: function
}
Examples
edit: {
headers: {
cacheInvalidate: true
},
// Allowed url/query params
options: ['include']
// Url/query param validation configuration
validation: {
options: {
include: {
required: true,
values: ['tags']
}
}
},
permissions: true,
// Returns a model response!
query(frame) {
return models.Post.edit(frame.data, frame.options);
}
}
read: {
// Allowed url/query params, which will be remembered inside `frame.data`
// This is helpful for READ requests e.g. `model.findOne(frame.data, frame.options)`.
// Our model layer requires sending the where clauses as first parameter.
data: ['slug']
validation: {
data: {
slug: {
values: ['eins']
}
}
},
permissions: true,
query(frame) {
return models.Post.findOne(frame.data, frame.options);
}
}
edit: {
validation() {
// custom validation, skip framework
},
permissions: {
unsafeAttrs: ['author']
},
query(frame) {
return models.Post.edit(frame.data, frame.options);
}
}