Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added /roles/ API endpoint #3311

Merged
merged 1 commit into from
Jul 21, 2014
Merged

Added /roles/ API endpoint #3311

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions core/server/api/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ var _ = require('lodash'),
mail = require('./mail'),
notifications = require('./notifications'),
posts = require('./posts'),
roles = require('./roles'),
settings = require('./settings'),
tags = require('./tags'),
themes = require('./themes'),
Expand Down Expand Up @@ -280,6 +281,7 @@ module.exports = {
mail: mail,
notifications: notifications,
posts: posts,
roles: roles,
settings: settings,
tags: tags,
themes: themes,
Expand Down
60 changes: 60 additions & 0 deletions core/server/api/roles.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
// # Posts API
// RESTful API for the Post resource
var when = require('when'),
_ = require('lodash'),
canThis = require('../permissions').canThis,
dataProvider = require('../models'),
errors = require('../errors'),

roles;

/**
* ## Roles API Methods
*
* **See:** [API Methods](index.js.html#api%20methods)
*/
roles = {
/**
* ### Browse
* Find all roles
*
* Will return all roles that the current user is able to assign
*
*
* @public
* @param {{context, page, limit, status, staticPages, tag}} options (optional)
* @returns {Promise(Roles)} Roles Collection
*/
browse: function browse(options) {
var permissionMap = [];
options = options || {};

return canThis(options.context).browse.role().then(function () {
return dataProvider.Role.findAll(options).then(function (foundRoles) {
if (options.permissions === 'assign') {
// Hacky implementation of filtering because when.filter is only available in when 3.4.0,
// but that's buggy and kills other tests and introduces Heisenbugs. Until we turn everything
// to Bluebird, this works. Sorry.
// TODO: replace with better filter when bluebird lands
_.each(foundRoles.toJSON(), function (role) {
permissionMap.push(canThis(options.context).assign.role(role).then(function () {
return role;
}, function () {
return null;
}));
});

return when.all(permissionMap).then(function (resolved) {
return { roles: _.filter(resolved, function (role) {
return role !== null;
}) };
}).catch(errors.logAndThrowError);
}
return { roles: foundRoles.toJSON() };
});
})
.catch(errors.logAndThrowError);
}
};

module.exports = roles;
22 changes: 18 additions & 4 deletions core/server/data/fixtures/permissions/permissions.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,16 @@
"name": "Delete users",
"action_type": "destroy"
}
],
"role": [
{
"name": "Assign a role",
"action_type": "assign"
},
{
"name": "Browse roles",
"action_type": "browse"
}
]
},
"permissions_roles": {
Expand All @@ -141,22 +151,26 @@
"slug": "all",
"tag": "all",
"theme": "all",
"user": "all"
"user": "all",
"role": "all"
},
"Editor": {
"post": "all",
"setting": ["browse", "read"],
"slug": "all",
"tag": "all",
"user": "all"

"user": "all",
"setting": ["browse", "read"],
"role": "all"
},
"Author": {
"post": ["browse", "read", "add"],
"setting": ["browse", "read"],
"slug": "all",
"tag": ["browse", "read", "add"],
"user": ["browse", "read"]
"user": ["browse", "read"],
"setting": ["browse", "read"],
"role": ["browse"]
}
}
}
46 changes: 45 additions & 1 deletion core/server/models/role.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
var ghostBookshelf = require('./base'),
var _ = require('lodash'),
errors = require('../errors'),
ghostBookshelf = require('./base'),
when = require('when'),

Role,
Roles;
Expand Down Expand Up @@ -34,6 +37,47 @@ Role = ghostBookshelf.Model.extend({
}

return options;
},


permissable: function (roleModelOrId, context, loadedPermissions, hasUserPermission, hasAppPermission) {
var self = this,
checkAgainst = [],
origArgs;

// If we passed in an id instead of a model, get the model
// then check the permissions
if (_.isNumber(roleModelOrId) || _.isString(roleModelOrId)) {
// Grab the original args without the first one
origArgs = _.toArray(arguments).slice(1);
// Get the actual post model
return this.findOne({id: roleModelOrId, status: 'all'}).then(function (foundRoleModel) {
// Build up the original args but substitute with actual model
var newArgs = [foundRoleModel].concat(origArgs);

return self.permissable.apply(self, newArgs);
}, errors.logAndThrowError);
}

switch (loadedPermissions.user) {
case 'Owner':
case 'Administrator':
checkAgainst = ['Administrator', 'Editor', 'Author'];
break;
case 'Editor':
checkAgainst = ['Editor', 'Author'];
}

// If we have a role passed into here
if (roleModelOrId && !_.contains(checkAgainst, roleModelOrId.get('name'))) {
// Role not in the list of permissible roles
hasUserPermission = false;
}

if (hasUserPermission && hasAppPermission) {
return when.resolve();
}
return when.reject();
}
});

Expand Down
3 changes: 3 additions & 0 deletions core/server/routes/api.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@ apiRoutes = function (middleware) {
// ## Tags
router.get('/tags', api.http(api.tags.browse));

// ## Roles
router.get('/roles/', api.http(api.roles.browse));

// ## Slugs
router.get('/slugs/:type/:name', api.http(api.slugs.generate));

Expand Down