1882278b5b
- 🛠 add bunyan and prettyjson, remove morgan - ✨ add logging module - GhostLogger class that handles setup of bunyan - PrettyStream for stdout - ✨ config for logging - @TODO: testing level fatal? - ✨ log each request via GhostLogger (express middleware) - @TODO: add errors to output - 🔥 remove errors.updateActiveTheme - we can read the value from config - 🔥 remove 15 helper functions in core/server/errors/index.js - all these functions get replaced by modules: 1. logging 2. error middleware handling for html/json 3. error creation (which will be part of PR #7477) - ✨ add express error handler for html/json - one true error handler for express responses - contains still some TODO's, but they are not high priority for first implementation/integration - this middleware only takes responsibility of either rendering html responses or return json error responses - 🎨 use new express error handler in middleware/index - 404 and 500 handling - 🎨 return error instead of error message in permissions/index.js - the rule for error handling should be: if you call a unit, this unit should return a custom Ghost error - 🎨 wrap serve static module - rule: if you call a module/unit, you should always wrap this error - it's always the same rule - so the caller never has to worry about what comes back - it's always a clear error instance - in this case: we return our notfounderror if serve static does not find the resource - this avoid having checks everywhere - 🎨 replace usages of errors/index.js functions and adapt tests - use logging.error, logging.warn - make tests green - remove some usages of logging and throwing api errors -> because when a request is involved, logging happens automatically - 🐛 return errorDetails to Ghost-Admin - errorDetails is used for Theme error handling - 🎨 use 500er error for theme is missing error in theme-handler - 🎨 extend file rotation to 1w
93 lines
3.2 KiB
JavaScript
93 lines
3.2 KiB
JavaScript
var _ = require('lodash'),
|
|
errors = require('../errors'),
|
|
ghostBookshelf = require('./base'),
|
|
Promise = require('bluebird'),
|
|
i18n = require('../i18n'),
|
|
|
|
Role,
|
|
Roles;
|
|
|
|
Role = ghostBookshelf.Model.extend({
|
|
|
|
tableName: 'roles',
|
|
|
|
users: function users() {
|
|
return this.belongsToMany('User');
|
|
},
|
|
|
|
permissions: function permissions() {
|
|
return this.belongsToMany('Permission');
|
|
}
|
|
}, {
|
|
/**
|
|
* Returns an array of keys permitted in a method's `options` hash, depending on the current method.
|
|
* @param {String} methodName The name of the method to check valid options for.
|
|
* @return {Array} Keys allowed in the `options` hash of the model's method.
|
|
*/
|
|
permittedOptions: function permittedOptions(methodName) {
|
|
var options = ghostBookshelf.Model.permittedOptions(),
|
|
|
|
// whitelists for the `options` hash argument on methods, by method name.
|
|
// these are the only options that can be passed to Bookshelf / Knex.
|
|
validOptions = {
|
|
findOne: ['withRelated'],
|
|
findAll: ['withRelated']
|
|
};
|
|
|
|
if (validOptions[methodName]) {
|
|
options = options.concat(validOptions[methodName]);
|
|
}
|
|
|
|
return options;
|
|
},
|
|
|
|
permissible: function permissible(roleModelOrId, action, context, loadedPermissions, hasUserPermission, hasAppPermission) {
|
|
var self = this,
|
|
checkAgainst = [],
|
|
origArgs;
|
|
|
|
// If we passed in an id instead of a model, get the model
|
|
// then check the permissions
|
|
if (_.isNumber(roleModelOrId) || _.isString(roleModelOrId)) {
|
|
// Grab the original args without the first one
|
|
origArgs = _.toArray(arguments).slice(1);
|
|
|
|
// Get the actual role model
|
|
return this.findOne({id: roleModelOrId, status: 'all'}).then(function then(foundRoleModel) {
|
|
// Build up the original args but substitute with actual model
|
|
var newArgs = [foundRoleModel].concat(origArgs);
|
|
|
|
return self.permissible.apply(self, newArgs);
|
|
});
|
|
}
|
|
|
|
if (action === 'assign' && loadedPermissions.user) {
|
|
if (_.some(loadedPermissions.user.roles, {name: 'Owner'})) {
|
|
checkAgainst = ['Owner', 'Administrator', 'Editor', 'Author'];
|
|
} else if (_.some(loadedPermissions.user.roles, {name: 'Administrator'})) {
|
|
checkAgainst = ['Administrator', 'Editor', 'Author'];
|
|
} else if (_.some(loadedPermissions.user.roles, {name: 'Editor'})) {
|
|
checkAgainst = ['Author'];
|
|
}
|
|
|
|
// Role in the list of permissible roles
|
|
hasUserPermission = roleModelOrId && _.includes(checkAgainst, roleModelOrId.get('name'));
|
|
}
|
|
|
|
if (hasUserPermission && hasAppPermission) {
|
|
return Promise.resolve();
|
|
}
|
|
|
|
return Promise.reject(new errors.NoPermissionError(i18n.t('errors.models.role.notEnoughPermission')));
|
|
}
|
|
});
|
|
|
|
Roles = ghostBookshelf.Collection.extend({
|
|
model: Role
|
|
});
|
|
|
|
module.exports = {
|
|
Role: ghostBookshelf.model('Role', Role),
|
|
Roles: ghostBookshelf.collection('Roles', Roles)
|
|
};
|