diff --git a/ghost/core/core/server/data/migrations/versions/5.81/2024-03-18-16-20-add-missing-post-permissions.js b/ghost/core/core/server/data/migrations/versions/5.81/2024-03-18-16-20-add-missing-post-permissions.js new file mode 100644 index 000000000000..dd8bf0a863bc --- /dev/null +++ b/ghost/core/core/server/data/migrations/versions/5.81/2024-03-18-16-20-add-missing-post-permissions.js @@ -0,0 +1,20 @@ +const {combineTransactionalMigrations, addPermissionToRole} = require('../../utils'); + +module.exports = combineTransactionalMigrations( + addPermissionToRole({ + permission: 'Edit posts', + role: 'Author' + }), + addPermissionToRole({ + permission: 'Edit posts', + role: 'Contributor' + }), + addPermissionToRole({ + permission: 'Delete posts', + role: 'Author' + }), + addPermissionToRole({ + permission: 'Delete posts', + role: 'Contributor' + }) +); diff --git a/ghost/core/core/server/data/schema/fixtures/fixtures.json b/ghost/core/core/server/data/schema/fixtures/fixtures.json index c9478e628b4c..e6dd4b8d017a 100644 --- a/ghost/core/core/server/data/schema/fixtures/fixtures.json +++ b/ghost/core/core/server/data/schema/fixtures/fixtures.json @@ -929,7 +929,7 @@ "recommendation": ["browse", "read"] }, "Author": { - "post": ["browse", "read", "add"], + "post": ["browse", "read", "edit", "add", "destroy"], "setting": ["browse", "read"], "slug": "all", "tag": ["browse", "read", "add"], @@ -946,7 +946,7 @@ "recommendation": ["browse", "read"] }, "Contributor": { - "post": ["browse", "read", "add"], + "post": ["browse", "read", "edit", "add", "destroy"], "setting": ["browse", "read"], "slug": "all", "tag": ["browse", "read"], diff --git a/ghost/core/test/integration/migrations/migration.test.js b/ghost/core/test/integration/migrations/migration.test.js index 1a5fc87a853e..0da8cf8d35b4 100644 --- a/ghost/core/test/integration/migrations/migration.test.js +++ b/ghost/core/test/integration/migrations/migration.test.js @@ -114,9 +114,9 @@ describe('Migrations', function () { permissions.should.havePermission('Browse posts', ['Administrator', 'Editor', 'Author', 'Contributor', 'Admin Integration']); permissions.should.havePermission('Read posts', ['Administrator', 'Editor', 'Author', 'Contributor', 'Admin Integration']); - permissions.should.havePermission('Edit posts', ['Administrator', 'Editor', 'Admin Integration']); + permissions.should.havePermission('Edit posts', ['Administrator', 'Editor', 'Author', 'Contributor', 'Admin Integration']); permissions.should.havePermission('Add posts', ['Administrator', 'Editor', 'Author', 'Contributor', 'Admin Integration']); - permissions.should.havePermission('Delete posts', ['Administrator', 'Editor', 'Admin Integration']); + permissions.should.havePermission('Delete posts', ['Administrator', 'Editor', 'Author', 'Contributor', 'Admin Integration']); permissions.should.havePermission('Publish posts', ['Administrator', 'Editor', 'Admin Integration', 'Scheduler Integration']); permissions.should.havePermission('Browse settings', ['Administrator', 'Editor', 'Author', 'Contributor', 'Admin Integration']); diff --git a/ghost/core/test/unit/server/data/schema/integrity.test.js b/ghost/core/test/unit/server/data/schema/integrity.test.js index fea8db9b1e5e..6e5aa22ec06b 100644 --- a/ghost/core/test/unit/server/data/schema/integrity.test.js +++ b/ghost/core/test/unit/server/data/schema/integrity.test.js @@ -36,7 +36,7 @@ const validateRouteSettings = require('../../../../../core/server/services/route describe('DB version integrity', function () { // Only these variables should need updating const currentSchemaHash = '34a9fa4dc1223ef6c45f8ed991d25de5'; - const currentFixturesHash = '4db87173699ad9c9d8a67ccab96dfd2d'; + const currentFixturesHash = 'a489d615989eab1023d4b8af0ecee7fd'; const currentSettingsHash = '5c957ceb48c4878767d7d3db484c592d'; const currentRoutesHash = '3d180d52c663d173a6be791ef411ed01'; diff --git a/ghost/core/test/unit/server/models/post.test.js b/ghost/core/test/unit/server/models/post.test.js index 9be8599febfd..bb96bece61b3 100644 --- a/ghost/core/test/unit/server/models/post.test.js +++ b/ghost/core/test/unit/server/models/post.test.js @@ -392,17 +392,15 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () { context, unsafeAttrs, testUtils.permissions.contributor, - false, - false, - true + true, + true, + false ).then(() => { done(new Error('Permissible function should have rejected.')); }).catch((error) => { error.should.be.an.instanceof(errors.NoPermissionError); - should(mockPostObj.get.called).be.false(); - should(mockPostObj.related.calledOnce).be.true(); done(); - }); + }).catch(done); }); it('rejects if changing visibility', function (done) { @@ -422,17 +420,15 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () { context, unsafeAttrs, testUtils.permissions.contributor, - false, - false, - true + true, + true, + false ).then(() => { done(new Error('Permissible function should have rejected.')); }).catch((error) => { error.should.be.an.instanceof(errors.NoPermissionError); - should(mockPostObj.get.called).be.false(); - should(mockPostObj.related.calledOnce).be.true(); done(); - }); + }).catch(done); }); it('rejects if changing authors.0', function (done) { @@ -451,9 +447,9 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () { context, unsafeAttrs, testUtils.permissions.contributor, - false, true, - true + true, + false ).then(() => { done(new Error('Permissible function should have rejected.')); }).catch((error) => { @@ -481,9 +477,9 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () { context, unsafeAttrs, testUtils.permissions.contributor, - false, true, - true + true, + false ).then((result) => { should.exist(result); should(result.excludedAttrs).deepEqual(['authors', 'tags']); @@ -510,9 +506,9 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () { context, unsafeAttrs, testUtils.permissions.contributor, - false, true, - true + true, + false ).then(() => { done(new Error('Permissible function should have rejected.')); }).catch((error) => { @@ -539,9 +535,9 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () { context, unsafeAttrs, testUtils.permissions.contributor, - false, true, - true + true, + false ).then(() => { done(new Error('Permissible function should have rejected.')); }).catch((error) => { @@ -568,9 +564,9 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () { context, unsafeAttrs, testUtils.permissions.contributor, - false, true, - true + true, + false ).then((result) => { should.exist(result); should(result.excludedAttrs).deepEqual(['authors', 'tags']); @@ -594,7 +590,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () { context, unsafeAttrs, testUtils.permissions.contributor, - false, + true, true, true ).then(() => { @@ -619,7 +615,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () { context, unsafeAttrs, testUtils.permissions.contributor, - false, + true, true, true ).then(() => { @@ -644,7 +640,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () { context, unsafeAttrs, testUtils.permissions.contributor, - false, + true, true, true ).then(() => { @@ -669,7 +665,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () { context, unsafeAttrs, testUtils.permissions.contributor, - false, + true, true, true ).then((result) => { @@ -697,7 +693,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () { context, {}, testUtils.permissions.contributor, - false, + true, true, true ).then(() => { @@ -726,7 +722,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () { context, {}, testUtils.permissions.contributor, - false, + true, true, true ).then(() => { @@ -755,7 +751,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () { context, {}, testUtils.permissions.contributor, - false, + true, true, true ).then((result) => { diff --git a/ghost/core/test/utils/fixtures/fixtures.json b/ghost/core/test/utils/fixtures/fixtures.json index 6218bdf21857..c6f10459ba05 100644 --- a/ghost/core/test/utils/fixtures/fixtures.json +++ b/ghost/core/test/utils/fixtures/fixtures.json @@ -1105,7 +1105,7 @@ "recommendation": ["browse", "read"] }, "Author": { - "post": ["browse", "read", "add"], + "post": ["browse", "read", "edit", "add", "destroy"], "setting": ["browse", "read"], "slug": "all", "tag": ["browse", "read", "add"], @@ -1122,7 +1122,7 @@ "recommendation": ["browse", "read"] }, "Contributor": { - "post": ["browse", "read", "add"], + "post": ["browse", "read", "edit", "add", "destroy"], "setting": ["browse", "read"], "slug": "all", "tag": ["browse", "read"],