Skip to content

Commit

Permalink
✨ Add activate theme permission
Browse files Browse the repository at this point in the history 
refs TryGhost#8093

- add permission to activate themes
- update tests
- also: update tests for invites
TODO: change how the active theme setting is updated to reduce extra permissions
  • Loading branch information
@ErisDS
ErisDS committed Mar 13, 2017
1 parent 464b0a4 commit b1665e3
Show file tree
Hide file tree
Showing 5 changed files with 68 additions and 46 deletions.
21 changes: 12 additions & 9 deletions core/server/api/themes.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,15 +39,18 @@ themes = {
value: themeName
}];

// @TODO use theme permissions, not settings permissions
// @TODO validate the theme using gscan
// @TODO use the settings model, not API (&move validation off of the model)
// @TODO actually do things to activate the theme, other than just the setting?

return settings.edit({settings: newSettings}, options).then(function () {
var result = themeList.toAPI(themeList.getAll(), themeName);
return Promise.resolve({themes: result});
});
return apiUtils
.handlePermissions('themes', 'activate')(options)
.then(function activateTheme() {
// @TODO validate the theme using gscan
// @TODO use the settings model, not API (&move validation off of the model)
// @TODO actually do things to activate the theme, other than just the setting?
return settings.edit({settings: newSettings}, options);
})
.then(function hasEditedSetting() {
var result = themeList.toAPI(themeList.getAll(), themeName);
return Promise.resolve({themes: result});
});
},

upload: function upload(options) {
Expand Down
13 changes: 9 additions & 4 deletions core/server/data/schema/fixtures/fixtures.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,11 @@
"action_type": "edit",
"object_type": "theme"
},
{
"name": "Activate themes",
"action_type": "activate",
"object_type": "theme"
},
{
"name": "Upload themes",
"action_type": "add",
Expand Down Expand Up @@ -301,13 +306,13 @@
"object_type": "invite"
},
{
"name": "Add invites",
"action_type": "add",
"name": "Edit invites",
"action_type": "edit",
"object_type": "invite"
},
{
"name": "Edit invites",
"action_type": "edit",
"name": "Add invites",
"action_type": "add",
"object_type": "invite"
},
{
Expand Down
74 changes: 44 additions & 30 deletions core/test/integration/migration_spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,54 +95,68 @@ describe('Database Migration (special functions)', function () {
permissions[21].should.be.AssignedToRoles(['Administrator']);
permissions[22].name.should.eql('Edit themes');
permissions[22].should.be.AssignedToRoles(['Administrator']);
permissions[23].name.should.eql('Upload themes');
permissions[23].name.should.eql('Activate themes');
permissions[23].should.be.AssignedToRoles(['Administrator']);
permissions[24].name.should.eql('Download themes');
permissions[24].name.should.eql('Upload themes');
permissions[24].should.be.AssignedToRoles(['Administrator']);
permissions[25].name.should.eql('Delete themes');
permissions[25].name.should.eql('Download themes');
permissions[25].should.be.AssignedToRoles(['Administrator']);
permissions[26].name.should.eql('Delete themes');
permissions[26].should.be.AssignedToRoles(['Administrator']);

// Users
permissions[26].name.should.eql('Browse users');
permissions[26].should.be.AssignedToRoles(['Administrator', 'Editor', 'Author']);
permissions[27].name.should.eql('Read users');
permissions[27].name.should.eql('Browse users');
permissions[27].should.be.AssignedToRoles(['Administrator', 'Editor', 'Author']);
permissions[28].name.should.eql('Edit users');
permissions[28].should.be.AssignedToRoles(['Administrator', 'Editor']);
permissions[29].name.should.eql('Add users');
permissions[28].name.should.eql('Read users');
permissions[28].should.be.AssignedToRoles(['Administrator', 'Editor', 'Author']);
permissions[29].name.should.eql('Edit users');
permissions[29].should.be.AssignedToRoles(['Administrator', 'Editor']);
permissions[30].name.should.eql('Delete users');
permissions[30].name.should.eql('Add users');
permissions[30].should.be.AssignedToRoles(['Administrator', 'Editor']);
permissions[31].name.should.eql('Delete users');
permissions[31].should.be.AssignedToRoles(['Administrator', 'Editor']);

// Roles
permissions[31].name.should.eql('Assign a role');
permissions[31].should.be.AssignedToRoles(['Administrator', 'Editor']);
permissions[32].name.should.eql('Browse roles');
permissions[32].should.be.AssignedToRoles(['Administrator', 'Editor', 'Author']);
permissions[32].name.should.eql('Assign a role');
permissions[32].should.be.AssignedToRoles(['Administrator', 'Editor']);
permissions[33].name.should.eql('Browse roles');
permissions[33].should.be.AssignedToRoles(['Administrator', 'Editor', 'Author']);

// Clients
permissions[33].name.should.eql('Browse clients');
permissions[33].should.be.AssignedToRoles(['Administrator', 'Editor', 'Author']);
permissions[34].name.should.eql('Read clients');
permissions[34].name.should.eql('Browse clients');
permissions[34].should.be.AssignedToRoles(['Administrator', 'Editor', 'Author']);
permissions[35].name.should.eql('Edit clients');
permissions[35].name.should.eql('Read clients');
permissions[35].should.be.AssignedToRoles(['Administrator', 'Editor', 'Author']);
permissions[36].name.should.eql('Add clients');
permissions[36].name.should.eql('Edit clients');
permissions[36].should.be.AssignedToRoles(['Administrator', 'Editor', 'Author']);
permissions[37].name.should.eql('Delete clients');
permissions[37].name.should.eql('Add clients');
permissions[37].should.be.AssignedToRoles(['Administrator', 'Editor', 'Author']);
permissions[38].name.should.eql('Delete clients');
permissions[38].should.be.AssignedToRoles(['Administrator', 'Editor', 'Author']);

// Subscribers
permissions[38].name.should.eql('Browse subscribers');
permissions[38].should.be.AssignedToRoles(['Administrator']);
permissions[39].name.should.eql('Read subscribers');
permissions[39].name.should.eql('Browse subscribers');
permissions[39].should.be.AssignedToRoles(['Administrator']);
permissions[40].name.should.eql('Edit subscribers');
permissions[40].name.should.eql('Read subscribers');
permissions[40].should.be.AssignedToRoles(['Administrator']);
permissions[41].name.should.eql('Add subscribers');
permissions[41].should.be.AssignedToRoles(['Administrator', 'Editor', 'Author']);
permissions[42].name.should.eql('Delete subscribers');
permissions[42].should.be.AssignedToRoles(['Administrator']);
permissions[41].name.should.eql('Edit subscribers');
permissions[41].should.be.AssignedToRoles(['Administrator']);
permissions[42].name.should.eql('Add subscribers');
permissions[42].should.be.AssignedToRoles(['Administrator', 'Editor', 'Author']);
permissions[43].name.should.eql('Delete subscribers');
permissions[43].should.be.AssignedToRoles(['Administrator']);

// Invites
permissions[44].name.should.eql('Browse invites');
permissions[44].should.be.AssignedToRoles(['Administrator', 'Editor']);
permissions[45].name.should.eql('Read invites');
permissions[45].should.be.AssignedToRoles(['Administrator', 'Editor']);
permissions[46].name.should.eql('Edit invites');
permissions[46].should.be.AssignedToRoles(['Administrator', 'Editor']);
permissions[47].name.should.eql('Add invites');
permissions[47].should.be.AssignedToRoles(['Administrator', 'Editor']);
permissions[48].name.should.eql('Delete invites');
permissions[48].should.be.AssignedToRoles(['Administrator', 'Editor']);
});

describe('Populate', function () {
Expand Down Expand Up @@ -203,11 +217,11 @@ describe('Database Migration (special functions)', function () {
result.roles.at(3).get('name').should.eql('Owner');

// Permissions
result.permissions.length.should.eql(48);
result.permissions.length.should.eql(49);
result.permissions.toJSON().should.be.CompletePermissions();

done();
});
}).catch(done);
});
});
});
Expand Down
4 changes: 2 additions & 2 deletions core/test/unit/migration_fixture_utils_spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ describe('Migration Fixture Utils', function () {
postAddStub.calledOnce.should.be.true();

done();
});
}).catch(done);
});

it('should not call add for main post fixture if it is already found', function (done) {
Expand All @@ -128,7 +128,7 @@ describe('Migration Fixture Utils', function () {
postAddStub.calledOnce.should.be.false();

done();
});
}).catch(done);
});
});

Expand Down
2 changes: 1 addition & 1 deletion core/test/unit/migration_spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ should.equal(true, true);
describe('DB version integrity', function () {
// Only these variables should need updating
var currentSchemaHash = 'ae4ada98be2691b4d6e323eebcdb875f',
currentFixturesHash = 'b9e684a87353c592df9b23948e364c05';
currentFixturesHash = '46abf9fd0d67fc89fa7845bef7fc7ffd';

// If this test is failing, then it is likely a change has been made that requires a DB version bump,
// and the values above will need updating as confirmation
Expand Down

0 comments on commit b1665e3

Please sign in to comment.