Skip to content

Commit

Permalink
Refactor to remove author.email from API
Browse files Browse the repository at this point in the history 
refs #2330

- Pass through `options` to all toJSON calls on posts, tags, and users
- Use options.context.user to determine whether it's OK to return user.email
- Remove author.email handling code from frontend.js
  • Loading branch information
@ErisDS
ErisDS committed Apr 17, 2015
1 parent ede50f3 commit e26e83d
Show file tree
Hide file tree
Showing 14 changed files with 61 additions and 77 deletions.
2 changes: 1 addition & 1 deletion core/server/api/authentication.js
View file
Expand Up @@ -228,7 +228,7 @@ authentication = {
userSettings.push({key: 'title', value: setupUser.blogTitle});
userSettings.push({key: 'description', value: 'Thoughts, stories and ideas.'});
}
setupUser = user.toJSON();
setupUser = user.toJSON(internal);
return settings.edit({settings: userSettings}, {context: {user: setupUser.id}});
}).then(function () {
var data = {
Expand Down
7 changes: 4 additions & 3 deletions core/server/api/posts.js
View file
Expand Up @@ -73,6 +73,7 @@ posts = {
read: function read(options) {
var attrs = ['id', 'slug', 'status'],
data = _.pick(options, attrs);

options = _.omit(options, attrs);

// only published posts if no user is present
Expand All @@ -86,7 +87,7 @@ posts = {

return dataProvider.Post.findOne(data, options).then(function (result) {
if (result) {
return {posts: [result.toJSON()]};
return {posts: [result.toJSON(options)]};
}

return Promise.reject(new errors.NotFoundError('Post not found.'));
Expand All @@ -112,7 +113,7 @@ posts = {
return dataProvider.Post.edit(checkedPostData.posts[0], options);
}).then(function (result) {
if (result) {
var post = result.toJSON();
var post = result.toJSON(options);

// If previously was not published and now is (or vice versa), signal the change
post.statusChanged = false;
Expand Down Expand Up @@ -149,7 +150,7 @@ posts = {

return dataProvider.Post.add(checkedPostData.posts[0], options);
}).then(function (result) {
var post = result.toJSON();
var post = result.toJSON(options);

if (post.status === 'published') {
// When creating a new post that is published right now, signal the change
Expand Down
6 changes: 3 additions & 3 deletions core/server/api/tags.js
View file
Expand Up @@ -62,7 +62,7 @@ tags = {

return dataProvider.Tag.findOne(data, options).then(function (result) {
if (result) {
return {tags: [result.toJSON()]};
return {tags: [result.toJSON(options)]};
}

return Promise.reject(new errors.NotFoundError('Tag not found.'));
Expand All @@ -88,7 +88,7 @@ tags = {
return utils.checkObject(object, docName).then(function (checkedTagData) {
return dataProvider.Tag.add(checkedTagData.tags[0], options);
}).then(function (result) {
var tag = result.toJSON();
var tag = result.toJSON(options);

return {tags: [tag]};
});
Expand Down Expand Up @@ -117,7 +117,7 @@ tags = {
return dataProvider.Tag.edit(checkedTagData.tags[0], options);
}).then(function (result) {
if (result) {
var tag = result.toJSON();
var tag = result.toJSON(options);

return {tags: [tag]};
}
Expand Down
10 changes: 5 additions & 5 deletions core/server/api/users.js
View file
Expand Up @@ -112,7 +112,7 @@ users = {

return dataProvider.User.findOne(data, options).then(function (result) {
if (result) {
return {users: [result.toJSON()]};
return {users: [result.toJSON(options)]};
}

return Promise.reject(new errors.NotFoundError('User not found.'));
Expand Down Expand Up @@ -141,7 +141,7 @@ users = {
return dataProvider.User.edit(data.users[0], options)
.then(function (result) {
if (result) {
return {users: [result.toJSON()]};
return {users: [result.toJSON(options)]};
}

return Promise.reject(new errors.NotFoundError('User not found.'));
Expand All @@ -162,7 +162,7 @@ users = {
return dataProvider.User.findOne(
{id: options.context.user, status: 'all'}, {include: ['roles']}
).then(function (contextUser) {
var contextRoleId = contextUser.related('roles').toJSON()[0].id;
var contextRoleId = contextUser.related('roles').toJSON(options)[0].id;

if (roleId !== contextRoleId && editedUserId === contextUser.id) {
return Promise.reject(new errors.NoPermissionError('You cannot change your own role.'));
Expand Down Expand Up @@ -231,15 +231,15 @@ users = {
}
}
}).then(function (invitedUser) {
user = invitedUser.toJSON();
user = invitedUser.toJSON(options);
return sendInviteEmail(user);
}).then(function () {
// If status was invited-pending and sending the invitation succeeded, set status to invited.
if (user.status === 'invited-pending') {
return dataProvider.User.edit(
{status: 'invited'}, _.extend({}, options, {id: user.id})
).then(function (editedUser) {
user = editedUser.toJSON();
user = editedUser.toJSON(options);
});
}
}).then(function () {
Expand Down
14 changes: 0 additions & 14 deletions core/server/controllers/frontend.js
View file
Expand Up @@ -41,14 +41,6 @@ function getPostPage(options) {
* @return {Object} containing page variables
*/
function formatPageResponse(posts, page, extraValues) {
// Delete email from author for frontend output
// TODO: do this on API level if no context is available
posts = _.each(posts, function (post) {
if (post.author) {
delete post.author.email;
}
return post;
});
extraValues = extraValues || {};

var resp = {
Expand All @@ -63,12 +55,6 @@ function formatPageResponse(posts, page, extraValues) {
* @return {Object} containing page variables
*/
function formatResponse(post) {
// Delete email from author for frontend output
// TODO: do this on API level if no context is available
if (post.author) {
delete post.author.email;
}

return {
post: post
};
Expand Down
13 changes: 8 additions & 5 deletions core/server/data/import/data-importer.js
View file
Expand Up @@ -3,6 +3,8 @@ var Promise = require('bluebird'),
models = require('../../models'),
utils = require('./utils'),

internal = utils.internal,

DataImporter;

DataImporter = function () {};
Expand All @@ -12,13 +14,14 @@ DataImporter.prototype.importData = function (data) {
};

DataImporter.prototype.loadUsers = function () {
var users = {all: {}};
var users = {all: {}},
options = _.extend({}, {include: ['roles']}, internal);

return models.User.findAll({include: ['roles']}).then(function (_users) {
return models.User.findAll(options).then(function (_users) {
_users.forEach(function (user) {
users.all[user.get('email')] = {realId: user.get('id')};
if (user.related('roles').toJSON()[0] && user.related('roles').toJSON()[0].name === 'Owner') {
users.owner = user.toJSON();
if (user.related('roles').toJSON(options)[0] && user.related('roles').toJSON(options)[0].name === 'Owner') {
users.owner = user.toJSON(options);
}
});

Expand Down Expand Up @@ -47,7 +50,7 @@ DataImporter.prototype.doUserImport = function (t, tableData, users, errors) {
if (d.isRejected()) {
errors = errors.concat(d.reason());
} else {
imported.push(d.value().toJSON());
imported.push(d.value().toJSON(internal));
}
});

Expand Down
12 changes: 7 additions & 5 deletions core/server/data/import/utils.js
View file
Expand Up @@ -35,6 +35,8 @@ stripProperties = function stripProperties(properties, data) {
};

utils = {
internal: internal,

processUsers: function preProcessUsers(tableData, owner, existingUsers, objs) {
// We need to:
// 1. figure out who the owner of the blog is
Expand Down Expand Up @@ -164,7 +166,7 @@ utils = {

ops.push(models.Tag.findOne({name: tag.name}, {transacting: transaction}).then(function (_tag) {
if (!_tag) {
return models.Tag.add(tag, _.extend(internal, {transacting: transaction}))
return models.Tag.add(tag, _.extend({}, internal, {transacting: transaction}))
.catch(function (error) {
return Promise.reject({raw: error, model: 'tag', data: tag});
});
Expand Down Expand Up @@ -196,7 +198,7 @@ utils = {
post.created_at = Date.now();
}

ops.push(models.Post.add(post, _.extend(internal, {transacting: transaction, importing: true}))
ops.push(models.Post.add(post, _.extend({}, internal, {transacting: transaction, importing: true}))
.catch(function (error) {
return Promise.reject({raw: error, model: 'post', data: post});
})
Expand Down Expand Up @@ -225,7 +227,7 @@ utils = {
user.password = globalUtils.uid(50);
user.status = 'locked';

ops.push(models.User.add(user, _.extend(internal, {transacting: transaction}))
ops.push(models.User.add(user, _.extend({}, internal, {transacting: transaction}))
.catch(function (error) {
return Promise.reject({raw: error, model: 'user', data: user});
}));
Expand Down Expand Up @@ -255,7 +257,7 @@ utils = {
datum.key = updatedSettingKeys[datum.key] || datum.key;
});

ops.push(models.Settings.edit(tableData, _.extend(internal, {transacting: transaction})).catch(function (error) {
ops.push(models.Settings.edit(tableData, _.extend({}, internal, {transacting: transaction})).catch(function (error) {
// Ignore NotFound errors
if (!(error instanceof errors.NotFoundError)) {
return Promise.reject({raw: error, model: 'setting', data: tableData});
Expand All @@ -278,7 +280,7 @@ utils = {
// Avoid duplicates
ops.push(models.App.findOne({name: app.name}, {transacting: transaction}).then(function (_app) {
if (!_app) {
return models.App.add(app, _.extend(internal, {transacting: transaction}))
return models.App.add(app, _.extend({}, internal, {transacting: transaction}))
.catch(function (error) {
return Promise.reject({raw: error, model: 'app', data: app});
});
Expand Down
2 changes: 1 addition & 1 deletion core/server/models/base.js
View file
Expand Up @@ -152,7 +152,7 @@ ghostBookshelf.Model = ghostBookshelf.Model.extend({
// if include is set, expand to full object
var fullKey = _.isEmpty(options.name) ? key : options.name + '.' + key;
if (_.contains(self.include, fullKey)) {
attrs[key] = relation.toJSON({name: fullKey, include: self.include});
attrs[key] = relation.toJSON(_.extend({}, options, {name: fullKey, include: self.include}));
}
}
});
Expand Down
19 changes: 6 additions & 13 deletions core/server/models/post.js
View file
Expand Up @@ -26,7 +26,7 @@ getPermalinkSetting = function (model, attributes, options) {
}
return ghostBookshelf.model('Settings').findOne({key: 'permalinks'}).then(function (response) {
if (response) {
response = response.toJSON();
response = response.toJSON(options);
permalinkSetting = response.hasOwnProperty('value') ? response.value : '';
}
});
Expand Down Expand Up @@ -204,7 +204,7 @@ Post = ghostBookshelf.Model.extend({
var doNotExist = [],
sequenceTasks = [];

existingTags = existingTags.toJSON();
existingTags = existingTags.toJSON(options);

doNotExist = _.reject(self.myTags, function (tag) {
return _.any(existingTags, function (existingTag) {
Expand Down Expand Up @@ -489,14 +489,7 @@ Post = ghostBookshelf.Model.extend({
pagination.next = null;
pagination.prev = null;

// Pass include to each model so that toJSON works correctly
if (options.include) {
_.each(postCollection.models, function (item) {
item.include = options.include;
});
}

data.posts = postCollection.toJSON();
data.posts = postCollection.toJSON(options);
data.meta = meta;
meta.pagination = pagination;

Expand All @@ -514,14 +507,14 @@ Post = ghostBookshelf.Model.extend({
if (tagInstance) {
meta.filters = {};
if (!tagInstance.isNew()) {
meta.filters.tags = [tagInstance.toJSON()];
meta.filters.tags = [tagInstance.toJSON(options)];
}
}

if (authorInstance) {
meta.filters = {};
if (!authorInstance.isNew()) {
meta.filters.author = authorInstance.toJSON();
meta.filters.author = authorInstance.toJSON(options);
}
}

Expand Down Expand Up @@ -554,7 +547,7 @@ Post = ghostBookshelf.Model.extend({

return ghostBookshelf.Model.findOne.call(this, data, options).then(function (post) {
if ((withNext || withPrev) && post && !post.page) {
var postData = post.toJSON(),
var postData = post.toJSON(options),
publishedAt = postData.published_at,
prev,
next;
Expand Down
2 changes: 1 addition & 1 deletion core/server/models/tag.js
View file
Expand Up @@ -163,7 +163,7 @@ Tag = ghostBookshelf.Model.extend({
pagination.next = null;
pagination.prev = null;

data.tags = tagCollection.toJSON();
data.tags = tagCollection.toJSON(options);
data.meta = meta;
meta.pagination = pagination;

Expand Down
22 changes: 10 additions & 12 deletions core/server/models/user.js
View file
Expand Up @@ -124,6 +124,10 @@ User = ghostBookshelf.Model.extend({
// remove password hash for security reasons
delete attrs.password;

if (!options || !options.context || (!options.context.user && !options.context.internal)) {
delete attrs.email;
}

return attrs;
},

Expand Down Expand Up @@ -340,14 +344,7 @@ User = ghostBookshelf.Model.extend({
pagination.next = null;
pagination.prev = null;

// Pass include to each model so that toJSON works correctly
if (options.include) {
_.each(userCollection.models, function (item) {
item.include = options.include;
});
}

data.users = userCollection.toJSON();
data.users = userCollection.toJSON(options);
data.meta = meta;
meta.pagination = pagination;

Expand All @@ -365,7 +362,7 @@ User = ghostBookshelf.Model.extend({
if (roleInstance) {
meta.filters = {};
if (!roleInstance.isNew()) {
meta.filters.roles = [roleInstance.toJSON()];
meta.filters.roles = [roleInstance.toJSON(options)];
}
}

Expand Down Expand Up @@ -873,7 +870,7 @@ User = ghostBookshelf.Model.extend({
contextUser = results[1];

// check if user has the owner role
var currentRoles = contextUser.toJSON().roles;
var currentRoles = contextUser.toJSON(options).roles;
if (!_.any(currentRoles, {id: ownerRole.id})) {
return Promise.reject(new errors.NoPermissionError('Only owners are able to transfer the owner role.'));
}
Expand All @@ -883,7 +880,7 @@ User = ghostBookshelf.Model.extend({
}).then(function (results) {
var adminRole = results[0],
user = results[1],
currentRoles = user.toJSON().roles;
currentRoles = user.toJSON(options).roles;

if (!_.any(currentRoles, {id: adminRole.id})) {
return Promise.reject(new errors.ValidationError('Only administrators can be assigned the owner role.'));
Expand All @@ -898,7 +895,8 @@ User = ghostBookshelf.Model.extend({
.query('whereIn', 'id', [contextUser.id, results[2]])
.fetch({withRelated: ['roles']});
}).then(function (users) {
return users.toJSON({include: ['roles']});
options.include = ['roles'];
return users.toJSON(options);
});
},

Expand Down

0 comments on commit e26e83d

Please sign in to comment.