mirror of
https://github.com/TryGhost/Ghost.git
synced 2023-12-13 21:00:40 +01:00
Added permissions for actions including migration
refs #10431 - migration script to add permissions for actions - restricted to owner & admin & integration role for now - we will add permissions for other rules too, but we need add more granular restrictions - e.g. contributors can only read actions for posts which he created
This commit is contained in:
kirrg001
Katharina Irrgang
parent
c127b406fc
commit
fde31b31ba
5 changed files with 69 additions and 11 deletions
|
|
@ -0,0 +1,47 @@
|
|||
const _ = require('lodash');
|
||||
const utils = require('../../../schema/fixtures/utils');
|
||||
const permissions = require('../../../../services/permissions');
|
||||
const common = require('../../../../lib/common');
|
||||
const resource = 'action';
|
||||
const _private = {};
|
||||
|
||||
_private.getPermissions = function getPermissions() {
|
||||
return utils.findModelFixtures('Permission', {object_type: resource});
|
||||
};
|
||||
|
||||
_private.getRelations = function getRelations() {
|
||||
return utils.findPermissionRelationsForObject(resource);
|
||||
};
|
||||
|
||||
_private.printResult = function printResult(result, message) {
|
||||
if (result.done === result.expected) {
|
||||
common.logging.info(message);
|
||||
} else {
|
||||
common.logging.warn('(' + result.done + '/' + result.expected + ') ' + message);
|
||||
}
|
||||
};
|
||||
|
||||
module.exports.config = {
|
||||
transaction: true
|
||||
};
|
||||
|
||||
module.exports.up = function addRedirectsPermissions(options) {
|
||||
const modelToAdd = _private.getPermissions();
|
||||
const relationToAdd = _private.getRelations();
|
||||
const localOptions = _.merge({
|
||||
context: {
|
||||
internal: true,
|
||||
migrating: true
|
||||
}
|
||||
}, options);
|
||||
|
||||
return utils.addFixturesForModel(modelToAdd, localOptions)
|
||||
.then(function (result) {
|
||||
_private.printResult(result, 'Adding permissions fixtures for ' + resource + 's');
|
||||
return utils.addFixturesForRelation(relationToAdd, localOptions);
|
||||
})
|
||||
.then(function (result) {
|
||||
_private.printResult(result, 'Adding permissions_roles fixtures for ' + resource + 's');
|
||||
return permissions.init(localOptions);
|
||||
});
|
||||
};
|
||||
|
|
@ -391,6 +391,11 @@
|
|||
"name": "Delete API keys",
|
||||
"action_type": "destroy",
|
||||
"object_type": "api_key"
|
||||
},
|
||||
{
|
||||
"name": "Browse Actions",
|
||||
"action_type": "browse",
|
||||
"object_type": "action"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
|
@ -559,7 +564,8 @@
|
|||
"redirect": "all",
|
||||
"webhook": "all",
|
||||
"integration": "all",
|
||||
"api_key": "all"
|
||||
"api_key": "all",
|
||||
"action": "all"
|
||||
},
|
||||
"Admin Integration": {
|
||||
"mail": "all",
|
||||
|
|
@ -575,7 +581,8 @@
|
|||
"subscriber": "all",
|
||||
"invite": "all",
|
||||
"redirect": "all",
|
||||
"webhook": "all"
|
||||
"webhook": "all",
|
||||
"action": "all"
|
||||
},
|
||||
"Editor": {
|
||||
"post": "all",
|
||||
|
|
|
|||
|
|
@ -194,6 +194,10 @@ describe('Database Migration (special functions)', function () {
|
|||
permissions[62].should.be.AssignedToRoles(['Administrator']);
|
||||
permissions[63].name.should.eql('Delete API keys');
|
||||
permissions[63].should.be.AssignedToRoles(['Administrator']);
|
||||
|
||||
// Actions
|
||||
permissions[64].name.should.eql('Browse Actions');
|
||||
permissions[64].should.be.AssignedToRoles(['Administrator', 'Admin Integration']);
|
||||
});
|
||||
|
||||
describe('Populate', function () {
|
||||
|
|
@ -258,7 +262,7 @@ describe('Database Migration (special functions)', function () {
|
|||
result.roles.at(5).get('name').should.eql('Admin Integration');
|
||||
|
||||
// Permissions
|
||||
result.permissions.length.should.eql(64);
|
||||
result.permissions.length.should.eql(65);
|
||||
result.permissions.toJSON().should.be.CompletePermissions();
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -150,19 +150,19 @@ describe('Migration Fixture Utils', function () {
|
|||
fixtureUtils.addFixturesForRelation(fixtures.relations[0]).then(function (result) {
|
||||
should.exist(result);
|
||||
result.should.be.an.Object();
|
||||
result.should.have.property('expected', 59);
|
||||
result.should.have.property('done', 59);
|
||||
result.should.have.property('expected', 61);
|
||||
result.should.have.property('done', 61);
|
||||
|
||||
// Permissions & Roles
|
||||
permsAllStub.calledOnce.should.be.true();
|
||||
rolesAllStub.calledOnce.should.be.true();
|
||||
dataMethodStub.filter.callCount.should.eql(59);
|
||||
dataMethodStub.filter.callCount.should.eql(61);
|
||||
dataMethodStub.find.callCount.should.eql(5);
|
||||
baseUtilAttachStub.callCount.should.eql(59);
|
||||
baseUtilAttachStub.callCount.should.eql(61);
|
||||
|
||||
fromItem.related.callCount.should.eql(59);
|
||||
fromItem.findWhere.callCount.should.eql(59);
|
||||
toItem[0].get.callCount.should.eql(118);
|
||||
fromItem.related.callCount.should.eql(61);
|
||||
fromItem.findWhere.callCount.should.eql(61);
|
||||
toItem[0].get.callCount.should.eql(122);
|
||||
|
||||
done();
|
||||
}).catch(done);
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ var should = require('should'),
|
|||
describe('DB version integrity', function () {
|
||||
// Only these variables should need updating
|
||||
const currentSchemaHash = 'ddca519660d4c9489259557438a41c78';
|
||||
const currentFixturesHash = 'cc19eac0f38ed778d25c82753f687495';
|
||||
const currentFixturesHash = '6b154399f5582f7744fbfd9c30ec709b';
|
||||
|
||||
// If this test is failing, then it is likely a change has been made that requires a DB version bump,
|
||||
// and the values above will need updating as confirmation
|
||||
|
|
|
|||
Loading…
Reference in a new issue