From b37c0f2e915ec1a6923dc1c84cf728139acb1fc2 Mon Sep 17 00:00:00 2001 From: Delgermurun Date: Tue, 20 Oct 2015 20:11:49 +0800 Subject: [PATCH] Apply pipeline to db api endpoint refs #5508 - adds pipeline to export, import and delete all methods --- core/server/api/db.js | 80 ++++++++++++++++-------- core/server/permissions/index.js | 3 +- core/test/integration/api/api_db_spec.js | 6 +- 3 files changed, 57 insertions(+), 32 deletions(-) diff --git a/core/server/api/db.js b/core/server/api/db.js index 2c7e6e23e2..75e635d5f8 100644 --- a/core/server/api/db.js +++ b/core/server/api/db.js @@ -6,10 +6,11 @@ var _ = require('lodash'), importer = require('../data/importer'), models = require('../models'), errors = require('../errors'), - canThis = require('../permissions').canThis, utils = require('./utils'), + pipeline = require('../utils/pipeline'), api = {}, + docName = 'db', db; api.settings = require('./settings'); @@ -29,18 +30,25 @@ db = { * @returns {Promise} Ghost Export JSON format */ exportContent: function (options) { + var tasks = []; + options = options || {}; // Export data, otherwise send error 500 - return canThis(options.context).exportContent.db().then(function () { + function exportContent() { return dataExport().then(function (exportedData) { return {db: [exportedData]}; }).catch(function (error) { return Promise.reject(new errors.InternalServerError(error.message || error)); }); - }, function () { - return Promise.reject(new errors.NoPermissionError('You do not have permission to export data (no rights).')); - }); + } + + tasks = [ + utils.handlePermissions(docName, 'exportContent'), + exportContent + ]; + + return pipeline(tasks, options); }, /** * ### Import Content @@ -51,31 +59,42 @@ db = { * @returns {Promise} Success */ importContent: function (options) { + var tasks = []; + options = options || {}; - // Check if a file was provided - if (!utils.checkFileExists(options, 'importfile')) { - return Promise.reject(new errors.NoPermissionError('Please select a file to import.')); + function validate(options) { + // Check if a file was provided + if (!utils.checkFileExists(options, 'importfile')) { + return Promise.reject(new errors.NoPermissionError('Please select a file to import.')); + } + + // Check if the file is valid + if (!utils.checkFileIsValid(options.importfile, importer.getTypes(), importer.getExtensions())) { + return Promise.reject(new errors.UnsupportedMediaTypeError( + 'Unsupported file. Please try any of the following formats: ' + + _.reduce(importer.getExtensions(), function (memo, ext) { + return memo ? memo + ', ' + ext : ext; + }) + )); + } + + return options; } - // Check if the file is valid - if (!utils.checkFileIsValid(options.importfile, importer.getTypes(), importer.getExtensions())) { - return Promise.reject(new errors.UnsupportedMediaTypeError( - 'Unsupported file. Please try any of the following formats: ' + - _.reduce(importer.getExtensions(), function (memo, ext) { - return memo ? memo + ', ' + ext : ext; - }) - )); - } - - // Permissions check - return canThis(options.context).importContent.db().then(function () { + function importContent(options) { return importer.importFromFile(options.importfile) .then(api.settings.updateSettingsCache) .return({db: []}); - }, function () { - return Promise.reject(new errors.NoPermissionError('You do not have permission to import data (no rights).')); - }); + } + + tasks = [ + validate, + utils.handlePermissions(docName, 'importContent'), + importContent + ]; + + return pipeline(tasks, options); }, /** * ### Delete All Content @@ -86,17 +105,24 @@ db = { * @returns {Promise} Success */ deleteAllContent: function (options) { + var tasks; + options = options || {}; - return canThis(options.context).deleteAllContent.db().then(function () { + function deleteContent() { return Promise.resolve(models.deleteAllContent()) .return({db: []}) .catch(function (error) { return Promise.reject(new errors.InternalServerError(error.message || error)); }); - }, function () { - return Promise.reject(new errors.NoPermissionError('You do not have permission to export data (no rights).')); - }); + } + + tasks = [ + utils.handlePermissions(docName, 'deleteAllContent'), + deleteContent + ]; + + return pipeline(tasks, options); } }; diff --git a/core/server/permissions/index.js b/core/server/permissions/index.js index 9a46d9f28c..e5eca61c16 100644 --- a/core/server/permissions/index.js +++ b/core/server/permissions/index.js @@ -118,7 +118,6 @@ CanThisResult.prototype.buildObjectTypeHandlers = function (objTypes, actType, c permission: Models.Permission, setting: Models.Settings }; - // Iterate through the object types, i.e. ['post', 'tag', 'user'] return _.reduce(objTypes, function (objTypeHandlers, objType) { // Grab the TargetModel through the objectTypeModelMap @@ -172,7 +171,7 @@ CanThisResult.prototype.buildObjectTypeHandlers = function (objTypes, actType, c }; // Check user permissions for matching action, object and id. - if (_.any(loadedPermissions.user.roles, {name: 'Owner'})) { + if (loadedPermissions.user && _.any(loadedPermissions.user.roles, {name: 'Owner'})) { hasUserPermission = true; } else if (!_.isEmpty(userPermissions)) { hasUserPermission = _.any(userPermissions, checkPermission); diff --git a/core/test/integration/api/api_db_spec.js b/core/test/integration/api/api_db_spec.js index fb4275521d..578dd549cc 100644 --- a/core/test/integration/api/api_db_spec.js +++ b/core/test/integration/api/api_db_spec.js @@ -54,7 +54,7 @@ describe('DB API', function () { }).catch(done); }); - it('delete all content is denied (editor & author)', function (done) { + it('delete all content is denied (editor, author & without authentication)', function (done) { return dbAPI.deleteAllContent(testUtils.context.editor).then(function () { done(new Error('Delete all content is not denied for editor.')); }, function (error) { @@ -73,7 +73,7 @@ describe('DB API', function () { }).catch(done); }); - it('export content is denied (editor & author)', function (done) { + it('export content is denied (editor, author & without authentication)', function (done) { return dbAPI.exportContent(testUtils.context.editor).then(function () { done(new Error('Export content is not denied for editor.')); }, function (error) { @@ -92,7 +92,7 @@ describe('DB API', function () { }).catch(done); }); - it('import content is denied (editor & author)', function (done) { + it('import content is denied (editor, author & without authentication)', function (done) { return dbAPI.importContent(testUtils.context.editor).then(function () { done(new Error('Import content is not denied for editor.')); }, function (error) {