Skip to content

Commit

Permalink
Adding and renaming permissions
Browse files Browse the repository at this point in the history 
refs TryGhost#3283, refs TryGhost#2739, refs TryGhost#3096

- Renames permissions which didn't follow bread
- Adds permissions for notifications, mail and tags

Still todo:

- wire up the new permissions where they are needed
- add permissions for roles
  • Loading branch information
@ErisDS
ErisDS committed Jul 17, 2014
1 parent d77f61b commit ce06ad4
Show file tree
Hide file tree
Showing 7 changed files with 118 additions and 53 deletions.
2 changes: 1 addition & 1 deletion core/server/api/authentication.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ authentication = {
userSettings.push({key: 'description', value: 'Thoughts, stories and ideas by ' + setupUser.name});
}
setupUser = user.toJSON();
return settings.edit({settings: userSettings}, {context: {user: 1}});
return settings.edit({settings: userSettings}, {context: {user: setupUser.id}});
}).then(function () {
var message = {
to: setupUser.email,
Expand Down
4 changes: 2 additions & 2 deletions core/server/api/posts.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ posts = {
add: function add(object, options) {
options = options || {};

return canThis(options.context).create.post().then(function () {
return canThis(options.context).add.post().then(function () {
return utils.checkObject(object, docName).then(function (checkedPostData) {
if (options.include) {
options.include = prepareInclude(options.include);
Expand Down Expand Up @@ -172,7 +172,7 @@ posts = {
* @return {Promise(Post)} Deleted Post
*/
destroy: function destroy(options) {
return canThis(options.context).remove.post(options.id).then(function () {
return canThis(options.context).destroy.post(options.id).then(function () {
var readOptions = _.extend({}, options, {status: 'all'});
return posts.read(readOptions).then(function (result) {
return dataProvider.Post.destroy(options).then(function () {
Expand Down
2 changes: 1 addition & 1 deletion core/server/api/users.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ users = {
* @returns {Promise(User)}
*/
destroy: function destroy(options) {
return canThis(options.context).remove.user(options.id).then(function () {
return canThis(options.context).destroy.user(options.id).then(function () {
return users.read(options).then(function (result) {
return dataProvider.User.destroy(options).then(function () {
return result;
Expand Down
126 changes: 89 additions & 37 deletions core/server/data/fixtures/permissions/permissions.json
View file
Original file line number Diff line number Diff line change
@@ -1,63 +1,59 @@
{
"permissions": {
"post": [
"db": [
{
"name": "Edit posts",
"action_type": "edit"
"name": "Export database",
"action_type": "exportContent"
},
{
"name": "Remove posts",
"action_type": "remove"
"name": "Import database",
"action_type": "importContent"
},
{
"name": "Create posts",
"action_type": "create"
"name": "Delete all content",
"action_type": "deleteAllContent"
}
],
"slug": [
"mail": [
{
"name": "Generate post slug",
"action_type": "generate"
},
{
"name": "Generate tag slug",
"action_type": "generate"
"name": "Send mail",
"action_type": "send"
}
],
"db": [
"notification": [
{
"name": "Export database",
"action_type": "exportContent"
"name": "Browse notifications",
"action_type": "browse"
},
{
"name": "Import database",
"action_type": "importContent"
"name": "Add notifications",
"action_type": "add"
},
{
"name": "Delete all content",
"action_type": "deleteAllContent"
"name": "Delete notifications",
"action_type": "destroy"
}
],
"user": [
"post": [
{
"name": "Browse users",
"name": "Browse posts",
"action_type": "browse"
},
{
"name": "Read users",
"name": "Read posts",
"action_type": "read"
},
{
"name": "Edit users",
"name": "Edit posts",
"action_type": "edit"
},
{
"name": "Add users",
"name": "Add posts",
"action_type": "add"
},
{
"name": "Remove users",
"action_type": "remove"
"name": "Delete posts",
"action_type": "destroy"
}
],
"setting": [
Expand All @@ -74,6 +70,34 @@
"action_type": "edit"
}
],
"slug": [
{
"name": "Generate slugs",
"action_type": "generate"
}
],
"tag": [
{
"name": "Browse tags",
"action_type": "browse"
},
{
"name": "Read tags",
"action_type": "read"
},
{
"name": "Edit tags",
"action_type": "edit"
},
{
"name": "Add tags",
"action_type": "add"
},
{
"name": "Delete tags",
"action_type": "destroy"
}
],
"theme": [
{
"name": "Browse themes",
Expand All @@ -83,28 +107,56 @@
"name": "Edit themes",
"action_type": "edit"
}
],
"user": [
{
"name": "Browse users",
"action_type": "browse"
},
{
"name": "Read users",
"action_type": "read"
},
{
"name": "Edit users",
"action_type": "edit"
},
{
"name": "Add users",
"action_type": "add"
},
{
"name": "Delete users",
"action_type": "destroy"
}
]
},
"permissions_roles": {
"Administrator": {
"post": "all",
"slug": "all",
"db": "all",
"user": "all",
"mail": "all",
"notification": "all",
"post": "all",
"setting": "all",
"theme": "all"
"slug": "all",
"tag": "all",
"theme": "all",
"user": "all"
},
"Editor": {
"post": "all",
"setting": ["browse", "read"],
"slug": "all",
"user": "all",
"setting": ["browse", "read"]
"tag": "all",
"user": "all"

},
"Author": {
"post": ["add"],
"post": ["browse", "read", "add"],
"setting": ["browse", "read"],
"slug": "all",
"user": ["browse", "read"],
"setting": ["browse", "read"]
"tag": ["browse", "read", "add"],
"user": ["browse", "read"]
}
}
}
2 changes: 2 additions & 0 deletions core/server/models/settings.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,13 +135,15 @@ Settings = ghostBookshelf.Model.extend({
},

populateDefault: function (key) {

if (!getDefaultSettings()[key]) {
return when.reject(new errors.NotFoundError('Unable to find default setting: ' + key));
}

// TOOD: databaseVersion and currentVersion special cases?

this.findOne({ key: key }).then(function (foundSetting) {

if (foundSetting) {
return foundSetting;
}
Expand Down
6 changes: 3 additions & 3 deletions core/test/unit/permissions_spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,8 @@ describe('Permissions', function () {
{ act: 'add', obj: 'post' },
{ act: 'add', obj: 'user' },
{ act: 'add', obj: 'page' },
{ act: 'remove', obj: 'post' },
{ act: 'remove', obj: 'user' }
{ act: 'destroy', obj: 'post' },
{ act: 'destroy', obj: 'user' }
],
currTestPermId = 1,

Expand Down Expand Up @@ -397,7 +397,7 @@ describe('Permissions', function () {
done();
})
.catch(function () {
done(new Error('Allowed an edit of post 1'));
done(new Error('Did not allow an edit of post 1'));
});
});

Expand Down
29 changes: 20 additions & 9 deletions core/test/utils/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ var knex = require('../../server/models/base').knex,
_ = require('lodash'),
fs = require('fs-extra'),
path = require('path'),
migration = require("../../server/data/migration/"),
migration = require('../../server/data/migration/'),
DataGenerator = require('./fixtures/data-generator'),
API = require('./api'),
fork = require('./fork');
Expand Down Expand Up @@ -126,14 +126,25 @@ function insertDefaultApp() {

apps.push(DataGenerator.forKnex.createApp(DataGenerator.Content.apps[0]));

return knex('apps')
.insert(apps)
.then(function () {
return knex('permissions_apps')
.insert({
app_id: 1,
permission_id: 1
});
return knex('permissions')
.select('id')
.where('object_type', 'post')
.andWhere('action_type', 'edit')
.then(function (result) {
var permission_id = result[0].id;
if (permission_id) {
return knex('apps')
.insert(apps)
.then(function () {
return knex('permissions_apps')
.insert({
app_id: 1,
permission_id: permission_id
});
});
}

throw new Error('Permissions not created');
});
}

Expand Down

0 comments on commit ce06ad4

Please sign in to comment.