apostrophe 3.23.0 → 3.24.0

package/.github/workflows/main.yml

@@ -2,12 +2,12 @@
 
 name: Tests
 
-# Controls when the action will run. 
+# Controls when the action will run.
 on:
   push:
-    branches: [ '*' ]
+    branches: ["main"]
   pull_request:
-    branches: [ '*' ]
+    branches: ["*"]
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
@@ -25,21 +25,21 @@ jobs:
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-    - name: Git checkout
-      uses: actions/checkout@v2
+      - name: Git checkout
+        uses: actions/checkout@v2
 
-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v1
-      with:
-        node-version: ${{ matrix.node-version }}
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v1
+        with:
+          node-version: ${{ matrix.node-version }}
 
-    - name: Start MongoDB
-      uses: supercharge/mongodb-github-action@1.3.0
-      with:
-        mongodb-version: ${{ matrix.mongodb-version }}
+      - name: Start MongoDB
+        uses: supercharge/mongodb-github-action@1.3.0
+        with:
+          mongodb-version: ${{ matrix.mongodb-version }}
 
-    - run: npm install
+      - run: npm install
 
-    - run: npm test
-      env:
-        CI: true
+      - run: npm test
+        env:
+          CI: true

package/CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## 3.24.0 (2022-07-06)
+
+### Adds
+
+* Handle `private: true` locale option in i18n module, preventing logged out users from accessing the content of a private locale.
+
+### Fixes
+
+* Fix missing title translation in the "Array Editor" component.
+* Add `follow: true` flag to `glob` functions (with `**` pattern) to allow registering symlink files and folders for nested modules
+* Fix disabled context menu for relationship fields editing ([#3820](https://github.com/apostrophecms/apostrophe/issues/3820))
+* In getReq method form the task module, extract the right `role` property from the options object.
+* Fix `def:` option in `array` fields, in order to be able to see the default items in the array editor modal
+
 ## 3.23.0 (2022-06-22)
 
 ### Adds

package/index.js

@@ -371,7 +371,7 @@ async function apostrophe(options, telemetry, rootSpan) {
     if (!options.nestedModuleSubdirs) {
       return;
     }
-    const configs = glob.sync(self.localModules + '/**/modules.js');
+    const configs = glob.sync(self.localModules + '/**/modules.js', { follow: true });
     _.each(configs, function(config) {
       try {
         _.merge(self.options.modules, require(config));

package/lib/locales.js

@@ -0,0 +1,43 @@
+const { stripIndent } = require('common-tags');
+
+module.exports = {
+  // Make sure they are adequately distinguished by
+  // hostname and prefix
+  verifyLocales(locales, baseUrl) {
+    const taken = {};
+    let hostnamesCount = 0;
+    for (const [ name, options ] of Object.entries(locales)) {
+      const hostname = options.hostname || '__none';
+      const prefix = options.prefix || '__none';
+      const key = `${hostname}:${prefix}`;
+
+      hostnamesCount += options.hostname ? 1 : 0;
+
+      if (taken[key]) {
+        throw new Error(stripIndent`
+          The locale "${name}" cannot be distinguished from earlier locales.
+          Make sure it is uniquely distinguished by its hostname option,
+          prefix option or a combination of the two.
+          One locale per site may be a default with neither hostname nor prefix,
+          and one locale per hostname may be a default for that hostname without a prefix.
+        `);
+      }
+      taken[key] = true;
+    }
+
+    if (
+      hostnamesCount > 0 &&
+      hostnamesCount < Object.keys(locales).length &&
+      !baseUrl
+    ) {
+      throw new Error(stripIndent`
+        If some of your locales have hostnames, then they all must have
+        hostnames, or your top-level baseUrl option must be set.
+
+        In development, you can set baseUrl to http://localhost:3000
+        for testing purposes. In production it should always be set
+        to a real base URL for the site.
+      `);
+    }
+  }
+};

package/lib/moog-require.js

@@ -60,7 +60,7 @@ module.exports = function(options) {
         // Fetching a list of index.js files on the first call and then searching it each time for
         // one that refers to the right type name shaves as much as 60 seconds off the startup
         // time in a large project, compared to using the glob cache feature
-        self._indexes = glob.sync(self.options.localModules + '/**/index.js');
+        self._indexes = glob.sync(self.options.localModules + '/**/index.js', { follow: true });
       }
       const matches = self._indexes.filter(function(index) {
         // Double-check that we're not confusing "@apostrophecms/asset" with "asset" by

package/modules/@apostrophecms/i18n/index.js

@@ -11,6 +11,7 @@ const _ = require('lodash');
 const { stripIndent } = require('common-tags');
 const ExpressSessionCookie = require('express-session/session/cookie');
 const path = require('path');
+const { verifyLocales } = require('../../../lib/locales');
 
 const apostropheI18nDebugPlugin = {
   type: 'postProcessor',
@@ -218,7 +219,8 @@ module.exports = {
         } else {
           locale = self.matchLocale(req);
         }
-        const localeOptions = self.locales[locale];
+        const locales = self.filterPrivateLocales(req, self.locales);
+        const localeOptions = locales[locale];
         if (localeOptions.prefix) {
           // Remove locale prefix so URL parsing can proceed normally from here
           if (req.path === localeOptions.prefix) {
@@ -464,8 +466,9 @@ module.exports = {
       // possible the default locale is returned.
       matchLocale(req) {
         const hostname = req.hostname;
+        const locales = self.filterPrivateLocales(req, self.locales);
         let best = false;
-        for (const [ name, options ] of Object.entries(self.locales)) {
+        for (const [ name, options ] of Object.entries(locales)) {
           const matchedHostname = options.hostname
             ? (hostname === options.hostname.split(':')[0]) : null;
           const matchedPrefix = options.prefix
@@ -568,34 +571,7 @@ module.exports = {
             label: 'English'
           }
         };
-        const taken = {};
-        let hostnamesCount = 0;
-        for (const [ name, options ] of Object.entries(locales)) {
-          const key = (options.hostname || '__none') + ':' + (options.prefix || '__none');
-          hostnamesCount += (options.hostname ? 1 : 0);
-          if (taken[key]) {
-            throw new Error(stripIndent`
-              @apostrophecms/i18n: the locale ${name} cannot be distinguished from
-              earlier locales. Make sure it is uniquely distinguished by its hostname
-              option, prefix option or a combination of the two. One locale per site
-              may be a default with neither hostname nor prefix, and one locale per
-              hostname may be a default for that hostname without a prefix.
-            `);
-          }
-          taken[key] = true;
-        }
-        if ((hostnamesCount > 0) && (hostnamesCount < Object.keys(locales).length) && (!self.apos.options.baseUrl)) {
-          throw new Error(stripIndent`
-            If some of your locales have hostnames, then they all must have
-            hostnames, or your top-level baseUrl option must be set.
-
-            In development, you can set baseUrl to http://localhost:3000
-            for testing purposes. In production it should always be set
-            to a real base URL for the site.
-          `);
-        }
-        // Make sure they are adequately distinguished by
-        // hostname and prefix
+        verifyLocales(locales, self.apos.options.baseUrl);
         return locales;
       },
       sanitizeLocaleName(locale) {
@@ -656,6 +632,16 @@ module.exports = {
           }
           return res.redirect(corresponding._url);
         };
+      },
+      // Exclude private locales when logged out
+      filterPrivateLocales(req, locales) {
+        return req.user
+          ? locales
+          : Object.fromEntries(
+            Object
+              .entries(locales)
+              .filter(([ name, options ]) => options.private !== true)
+          );
       }
     };
   }

package/modules/@apostrophecms/polymorphic-type/index.js

@@ -2,7 +2,10 @@ const _ = require('lodash');
 
 module.exports = {
   extend: '@apostrophecms/doc-type',
-  options: { name: '@apostrophecms/polymorphic' },
+  options: {
+    name: '@apostrophecms/polymorphic',
+    showPermissions: false
+  },
   routes(self) {
     return {
       post: {

package/modules/@apostrophecms/schema/ui/apos/components/AposArrayEditor.vue

@@ -1,7 +1,7 @@
 <template>
   <AposModal
     class="apos-array-editor" :modal="modal"
-    :modal-title="`Edit ${field.label}`"
+    :modal-title="modalTitle"
     @inactive="modal.active = false" @show-modal="modal.showModal = true"
     @esc="confirmAndCancel" @no-modal="$emit('safe-close')"
   >
@@ -113,6 +113,12 @@ export default {
   },
   emits: [ 'modal-result', 'safe-close' ],
   data() {
+    // Automatically add `_id` to default items
+    const items = this.items.map(item => ({
+      ...item,
+      _id: item._id || cuid()
+    }));
+
     return {
       currentId: null,
       currentDoc: null,
@@ -121,12 +127,16 @@ export default {
         type: 'overlay',
         showModal: false
       },
+      modalTitle: {
+        key: 'apostrophe:editType',
+        type: this.$t(this.field.label)
+      },
       titleFieldChoices: null,
       // If we don't clone, then we're making
       // permanent modifications whether the user
       // clicks save or not
-      next: klona(this.items),
-      original: klona(this.items),
+      next: klona(items),
+      original: klona(items),
       triggerValidation: false,
       minError: false,
       maxError: false,

package/modules/@apostrophecms/task/index.js

@@ -287,9 +287,11 @@ module.exports = {
         };
         addCloneMethod(req);
         req.res.__ = req.__;
-        const { _role, ...properties } = options || {};
+        const { role: _role, ...properties } = options || {};
+
         Object.assign(req, properties);
         self.apos.i18n.setPrefixUrls(req);
+
         return req;
 
         function addCloneMethod(req) {

package/modules/@apostrophecms/ui/ui/apos/components/AposSlat.vue

@@ -34,7 +34,7 @@
           @item-clicked="$emit('item-clicked', item)"
           menu-placement="bottom-start"
           menu-offset="40, 10"
-          disabled="disabled"
+          :disabled="disabled"
         />
         <AposButton
           class="apos-slat__editor-btn"
@@ -48,7 +48,7 @@
           :icon-only="true"
           :modifiers="['inline']"
           @click="$emit('item-clicked', item)"
-          disabled="disabled"
+          :disabled="disabled"
         />
         <a
           class="apos-slat__control apos-slat__control--view"
@@ -169,7 +169,7 @@ export default {
   },
   computed: {
     itemSize() {
-      const size = this.item.length.size;
+      const size = this.item.length?.size;
       if (size < 1000000) {
         return `${(size / 1000).toFixed(0)}KB`;
       } else {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "apostrophe",
-  "version": "3.23.0",
+  "version": "3.24.0",
   "description": "The Apostrophe Content Management System.",
   "main": "index.js",
   "scripts": {

package/test/caches.js

@@ -22,6 +22,11 @@ describe('Caches', function() {
   it('should allow us to store capuchin', async function() {
     await apos.cache.set('test', 'capuchin', { message: 'eek eek' });
   });
+  it('second cache can contain capuchin with a different value', async function() {
+    await apos.cache.set('test2', 'capuchin', { message: 'ook ook' });
+    assert.strictEqual((await apos.cache.get('test', 'capuchin')).message, 'eek eek');
+    assert.strictEqual((await apos.cache.get('test2', 'capuchin')).message, 'ook ook');
+  });
   it('should now contain capuchin', async function() {
     const monkey = await apos.cache.get('test', 'capuchin');
     assert(monkey);
@@ -33,4 +38,19 @@ describe('Caches', function() {
   it('should not contain capuchin anymore', async function() {
     assert(!(await apos.cache.get('test', 'capuchin')));
   });
+  it('but test2 cache still does contain capuchin', async function() {
+    assert.strictEqual((await apos.cache.get('test2', 'capuchin')).message, 'ook ook');
+  });
+  it('unique key index does block double insert in same namespace', async function() {
+    try {
+      await apos.cache.cacheCollection.insert({
+        name: 'test2',
+        key: 'capuchin'
+      });
+      // That's bad, we should be blocked
+      assert(false);
+    } catch (e) {
+      // That's good, we were blocked
+    }
+  });
 });

package/test/pages.js

@@ -1229,10 +1229,11 @@ describe('Pages', function() {
         try {
           const publicUrl = generatePublicUrl(shareResponse);
           await apos.http.get(publicUrl, { fullResponse: true });
-          throw new Error('should have thrown 404 error');
         } catch (error) {
           assert(error.status === 404);
+          return;
         }
+        throw new Error('should have thrown 404 error');
       });
     });
   });

package/test/pieces.js

@@ -1818,10 +1818,11 @@ describe('Pieces', function() {
         try {
           const publicUrl = generatePublicUrl(shareResponse);
           await apos.http.get(publicUrl, { fullResponse: true });
-          throw new Error('should have thrown 404 error');
         } catch (error) {
           assert(error.status === 404);
+          return;
         }
+        throw new Error('should have thrown 404 error');
       });
     });
   });

package/test/static-i18n.js

@@ -21,6 +21,10 @@ describe('static i18n', function() {
               en: {},
               fr: {
                 prefix: '/fr'
+              },
+              es: {
+                prefix: '/es',
+                private: true
               }
             }
           }
@@ -88,4 +92,14 @@ describe('static i18n', function() {
     assert.strictEqual(browserData.i18n.en.custom.customTestOne, 'Custom Test One From Subtype');
   });
 
+  it('should return a 404 HTTP error code when a logged out user tries to access to a content in a private locale', async function() {
+    try {
+      await apos.http.get('/es');
+    } catch (error) {
+      assert(error.status === 404);
+      return;
+    }
+    throw new Error('should have thrown 404 error');
+  });
+
 });