Ghost/core/server/models/role.js

var _              = require('lodash'),
    errors         = require('../errors'),
    ghostBookshelf = require('./base'),
    when           = require('when'),

    Role,
    Roles;

Role = ghostBookshelf.Model.extend({

    tableName: 'roles',

    users: function () {
        return this.belongsToMany('User');
    },

    permissions: function () {
        return this.belongsToMany('Permission');
    }
}, {
    /**
    * Returns an array of keys permitted in a method's `options` hash, depending on the current method.
    * @param {String} methodName The name of the method to check valid options for.
    * @return {Array} Keys allowed in the `options` hash of the model's method.
    */
    permittedOptions: function (methodName) {
        var options = ghostBookshelf.Model.permittedOptions(),

            // whitelists for the `options` hash argument on methods, by method name.
            // these are the only options that can be passed to Bookshelf / Knex.
            validOptions = {
                findOne: ['withRelated']
            };

        if (validOptions[methodName]) {
            options = options.concat(validOptions[methodName]);
        }

        return options;
    },


    permissable: function (roleModelOrId, context, loadedPermissions, hasUserPermission, hasAppPermission) {
        var self = this,
            checkAgainst = [],
            origArgs;

        // If we passed in an id instead of a model, get the model
        // then check the permissions
        if (_.isNumber(roleModelOrId) || _.isString(roleModelOrId)) {
            // Grab the original args without the first one
            origArgs = _.toArray(arguments).slice(1);
            // Get the actual post model
            return this.findOne({id: roleModelOrId, status: 'all'}).then(function (foundRoleModel) {
                // Build up the original args but substitute with actual model
                var newArgs = [foundRoleModel].concat(origArgs);

                return self.permissable.apply(self, newArgs);
            }, errors.logAndThrowError);
        }

        switch (loadedPermissions.user) {
            case 'Owner':
            case 'Administrator':
                checkAgainst = ['Administrator', 'Editor', 'Author'];
                break;
            case 'Editor':
                checkAgainst = ['Editor', 'Author'];
        }

        // If we have a role passed into here
        if (roleModelOrId && !_.contains(checkAgainst, roleModelOrId.get('name'))) {
            // Role not in the list of permissible roles
            hasUserPermission = false;
        }

        if (hasUserPermission && hasAppPermission) {
            return when.resolve();
        }
        return when.reject();
    }
});

Roles = ghostBookshelf.Collection.extend({
    model: Role
});

module.exports = {
    Role: ghostBookshelf.model('Role', Role),
    Roles: ghostBookshelf.collection('Roles', Roles)
};
Added /roles/ API endpoint Closes #3196 * adds `/roles/` endpoint * is given the current user as context * wraps everything in a canthis.browse.role * gets all the available roles (should "Owner" be filtered out?) * optional parameter: `permission=assign`. Gets all roles authenticated user could assign * if we're not signed in, gives a "please sign in" (standard) error * if we're signed in, but user is not in the context, gives a "there was no user in the context" error * if the user is an "Author", gives a "there are no available roles to assign" error * implemented hacky filter because when.js produces heisenbugs past 3.2.3 (when.filter not available) * added extra fixtures to `permissions.json`. Might need a migration. Caveats: * there are no tests * for some reason the setup functional test was failing for me locally 2014-07-15 19:22:06 +04:00			`var _ = require('lodash'),`
			`errors = require('../errors'),`
			`ghostBookshelf = require('./base'),`
			`when = require('when'),`
Improvements for models #closes #1655 - removed models as parameter for bookshelf-session - changed to read permittedAttributes from schema.js - changed updateTags to be executed at saved event - added validate to execute after saving event - added test for published_at = null (see #2015) - fixed typo in general.hbs 2014-02-19 17:57:26 +04:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files 2013-06-25 15:43:15 +04:00			`Role,`
			`Roles;`

Updating to bookshelf 0.5.7 & knex 0.4.11 2013-09-23 02:20:08 +04:00			`Role = ghostBookshelf.Model.extend({`
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files 2013-06-25 15:43:15 +04:00
Set migrations to use new 000 schema issue #632 - removed old schemas - updated base model to reflect all of the consistent behaviours and properties across the models - updated all models to match the new schema TODO - no fixtures are currently loaded except settings - need to rename properties across the codebase 2013-09-14 23:01:46 +04:00			`tableName: 'roles',`
Agressive stripping of the model attributes - fixes #517 - prevents this from occuring again in future with other relations - validation function & stripping done for all models - casper test for flow, plus validation & logged out tests 2013-08-25 14:49:31 +04:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files 2013-06-25 15:43:15 +04:00			`users: function () {`
Use bookshelf's model registry plugin Refs #2170 This removes the circular dependency problem from our models thanks to https://github.com/tgriesser/bookshelf/issues/181 - add the registry plugin - switch all models and collections to be registered - switch relationships to be defined using a string, which calls from the registry 2014-07-13 15:17:18 +04:00			`return this.belongsToMany('User');`
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files 2013-06-25 15:43:15 +04:00			`},`

			`permissions: function () {`
Use bookshelf's model registry plugin Refs #2170 This removes the circular dependency problem from our models thanks to https://github.com/tgriesser/bookshelf/issues/181 - add the registry plugin - switch all models and collections to be registered - switch relationships to be defined using a string, which calls from the registry 2014-07-13 15:17:18 +04:00			`return this.belongsToMany('Permission');`
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files 2013-06-25 15:43:15 +04:00			`}`
Sanitize models' attributes/options before passing to bookshelf/knex closes #2653 - enforce strict whitelists for model methods - create a class method that reports a model method's valid options - create a class method that filters a model's valid attributes from data - create a class method that filters valid options from a model method's options hash 2014-05-06 05:45:08 +04:00			`}, {`
			`/**`
			* Returns an array of keys permitted in a method's `options` hash, depending on the current method.
			`* @param {String} methodName The name of the method to check valid options for.`
			* @return {Array} Keys allowed in the `options` hash of the model's method.
			`*/`
			`permittedOptions: function (methodName) {`
			`var options = ghostBookshelf.Model.permittedOptions(),`

			// whitelists for the `options` hash argument on methods, by method name.
			`// these are the only options that can be passed to Bookshelf / Knex.`
			`validOptions = {`
Extending context concept to models fixes #3275, fixes #3290, ref #3086, ref #3084 - Ensure that we use the current logged in user and not just user 1 when - removing hard coded user: 1 except where absolutely necessary - passing context, rather than user to models - base model has a new function to determine what id to use for created_by etc 2014-07-15 15:03:12 +04:00			`findOne: ['withRelated']`
Sanitize models' attributes/options before passing to bookshelf/knex closes #2653 - enforce strict whitelists for model methods - create a class method that reports a model method's valid options - create a class method that filters a model's valid attributes from data - create a class method that filters valid options from a model method's options hash 2014-05-06 05:45:08 +04:00			`};`

			`if (validOptions[methodName]) {`
			`options = options.concat(validOptions[methodName]);`
			`}`

			`return options;`
Added /roles/ API endpoint Closes #3196 * adds `/roles/` endpoint * is given the current user as context * wraps everything in a canthis.browse.role * gets all the available roles (should "Owner" be filtered out?) * optional parameter: `permission=assign`. Gets all roles authenticated user could assign * if we're not signed in, gives a "please sign in" (standard) error * if we're signed in, but user is not in the context, gives a "there was no user in the context" error * if the user is an "Author", gives a "there are no available roles to assign" error * implemented hacky filter because when.js produces heisenbugs past 3.2.3 (when.filter not available) * added extra fixtures to `permissions.json`. Might need a migration. Caveats: * there are no tests * for some reason the setup functional test was failing for me locally 2014-07-15 19:22:06 +04:00			`},`


			`permissable: function (roleModelOrId, context, loadedPermissions, hasUserPermission, hasAppPermission) {`
			`var self = this,`
			`checkAgainst = [],`
			`origArgs;`

			`// If we passed in an id instead of a model, get the model`
			`// then check the permissions`
			`if (_.isNumber(roleModelOrId) \|\| _.isString(roleModelOrId)) {`
			`// Grab the original args without the first one`
			`origArgs = _.toArray(arguments).slice(1);`
			`// Get the actual post model`
			`return this.findOne({id: roleModelOrId, status: 'all'}).then(function (foundRoleModel) {`
			`// Build up the original args but substitute with actual model`
			`var newArgs = [foundRoleModel].concat(origArgs);`

			`return self.permissable.apply(self, newArgs);`
			`}, errors.logAndThrowError);`
			`}`

			`switch (loadedPermissions.user) {`
			`case 'Owner':`
			`case 'Administrator':`
			`checkAgainst = ['Administrator', 'Editor', 'Author'];`
			`break;`
			`case 'Editor':`
			`checkAgainst = ['Editor', 'Author'];`
			`}`

			`// If we have a role passed into here`
			`if (roleModelOrId && !_.contains(checkAgainst, roleModelOrId.get('name'))) {`
			`// Role not in the list of permissible roles`
			`hasUserPermission = false;`
			`}`

			`if (hasUserPermission && hasAppPermission) {`
			`return when.resolve();`
			`}`
			`return when.reject();`
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData 2014-05-08 16:41:19 +04:00			`}`
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files 2013-06-25 15:43:15 +04:00			`});`

Updating to bookshelf 0.5.7 & knex 0.4.11 2013-09-23 02:20:08 +04:00			`Roles = ghostBookshelf.Collection.extend({`
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files 2013-06-25 15:43:15 +04:00			`model: Role`
			`});`

			`module.exports = {`
Use bookshelf's model registry plugin Refs #2170 This removes the circular dependency problem from our models thanks to https://github.com/tgriesser/bookshelf/issues/181 - add the registry plugin - switch all models and collections to be registered - switch relationships to be defined using a string, which calls from the registry 2014-07-13 15:17:18 +04:00			`Role: ghostBookshelf.model('Role', Role),`
			`Roles: ghostBookshelf.collection('Roles', Roles)`
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files 2013-06-25 15:43:15 +04:00			`};`