tqt/Ghost
2
1
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2023-12-13 21:00:40 +01:00
Code Issues 1 Releases Wiki Activity

Apply pipeline to db api endpoint

Browse source 
refs #5508
- adds pipeline to export, import and delete all methods
This commit is contained in:
Delgermurun 2015-10-20 20:11:49 +08:00
parent a4cadd50bb
commit b37c0f2e91
3 changed files with 57 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

80
core/server/api/db.js
View file

@ -6,10 +6,11 @@ var _ = require('lodash'),
importer = require('../data/importer'),
models = require('../models'),
errors = require('../errors'),
canThis = require('../permissions').canThis,
utils = require('./utils'),
pipeline = require('../utils/pipeline'),
api = {},
docName = 'db',
db;
api.settings = require('./settings');
@ -29,18 +30,25 @@ db = {
* @returns {Promise} Ghost Export JSON format
*/
exportContent: function (options) {
var tasks = [];
options = options || {};
// Export data, otherwise send error 500
return canThis(options.context).exportContent.db().then(function () {
function exportContent() {
return dataExport().then(function (exportedData) {
return {db: [exportedData]};
}).catch(function (error) {
return Promise.reject(new errors.InternalServerError(error.message || error));
});
}, function () {
return Promise.reject(new errors.NoPermissionError('You do not have permission to export data (no rights).'));
});
}
tasks = [
utils.handlePermissions(docName, 'exportContent'),
exportContent
];
return pipeline(tasks, options);
},
/**
* ### Import Content
@ -51,31 +59,42 @@ db = {
* @returns {Promise} Success
*/
importContent: function (options) {
var tasks = [];
options = options || {};
// Check if a file was provided
if (!utils.checkFileExists(options, 'importfile')) {
return Promise.reject(new errors.NoPermissionError('Please select a file to import.'));
function validate(options) {
// Check if a file was provided
if (!utils.checkFileExists(options, 'importfile')) {
return Promise.reject(new errors.NoPermissionError('Please select a file to import.'));
}
// Check if the file is valid
if (!utils.checkFileIsValid(options.importfile, importer.getTypes(), importer.getExtensions())) {
return Promise.reject(new errors.UnsupportedMediaTypeError(
'Unsupported file. Please try any of the following formats: ' +
_.reduce(importer.getExtensions(), function (memo, ext) {
return memo ? memo + ', ' + ext : ext;
})
));
}
return options;
}
// Check if the file is valid
if (!utils.checkFileIsValid(options.importfile, importer.getTypes(), importer.getExtensions())) {
return Promise.reject(new errors.UnsupportedMediaTypeError(
'Unsupported file. Please try any of the following formats: ' +
_.reduce(importer.getExtensions(), function (memo, ext) {
return memo ? memo + ', ' + ext : ext;
})
));
}
// Permissions check
return canThis(options.context).importContent.db().then(function () {
function importContent(options) {
return importer.importFromFile(options.importfile)
.then(api.settings.updateSettingsCache)
.return({db: []});
}, function () {
return Promise.reject(new errors.NoPermissionError('You do not have permission to import data (no rights).'));
});
}
tasks = [
validate,
utils.handlePermissions(docName, 'importContent'),
importContent
];
return pipeline(tasks, options);
},
/**
* ### Delete All Content
@ -86,17 +105,24 @@ db = {
* @returns {Promise} Success
*/
deleteAllContent: function (options) {
var tasks;
options = options || {};
return canThis(options.context).deleteAllContent.db().then(function () {
function deleteContent() {
return Promise.resolve(models.deleteAllContent())
.return({db: []})
.catch(function (error) {
return Promise.reject(new errors.InternalServerError(error.message || error));
});
}, function () {
return Promise.reject(new errors.NoPermissionError('You do not have permission to export data (no rights).'));
});
}
tasks = [
utils.handlePermissions(docName, 'deleteAllContent'),
deleteContent
];
return pipeline(tasks, options);
}
};

3
core/server/permissions/index.js
View file

@ -118,7 +118,6 @@ CanThisResult.prototype.buildObjectTypeHandlers = function (objTypes, actType, c
permission: Models.Permission,
setting: Models.Settings
};
// Iterate through the object types, i.e. ['post', 'tag', 'user']
return _.reduce(objTypes, function (objTypeHandlers, objType) {
// Grab the TargetModel through the objectTypeModelMap
@ -172,7 +171,7 @@ CanThisResult.prototype.buildObjectTypeHandlers = function (objTypes, actType, c
};
// Check user permissions for matching action, object and id.
if (_.any(loadedPermissions.user.roles, {name: 'Owner'})) {
if (loadedPermissions.user && _.any(loadedPermissions.user.roles, {name: 'Owner'})) {
hasUserPermission = true;
} else if (!_.isEmpty(userPermissions)) {
hasUserPermission = _.any(userPermissions, checkPermission);

6
core/test/integration/api/api_db_spec.js
View file

@ -54,7 +54,7 @@ describe('DB API', function () {
}).catch(done);
});
it('delete all content is denied (editor & author)', function (done) {
it('delete all content is denied (editor, author & without authentication)', function (done) {
return dbAPI.deleteAllContent(testUtils.context.editor).then(function () {
done(new Error('Delete all content is not denied for editor.'));
}, function (error) {
@ -73,7 +73,7 @@ describe('DB API', function () {
}).catch(done);
});
it('export content is denied (editor & author)', function (done) {
it('export content is denied (editor, author & without authentication)', function (done) {
return dbAPI.exportContent(testUtils.context.editor).then(function () {
done(new Error('Export content is not denied for editor.'));
}, function (error) {
@ -92,7 +92,7 @@ describe('DB API', function () {
}).catch(done);
});
it('import content is denied (editor & author)', function (done) {
it('import content is denied (editor, author & without authentication)', function (done) {
return dbAPI.importContent(testUtils.context.editor).then(function () {
done(new Error('Import content is not denied for editor.'));
}, function (error) {