npm - ghost - Versions diffs - 5.112.0 → 5.113.1 - Mend

ghost 5.112.0 → 5.113.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (157) hide show

package/core/server/adapters/cache/AdapterCacheMemoryTTL.js ADDED Viewed

@@ -0,0 +1,54 @@
+const TTLCache = require('@isaacs/ttlcache');
+const Base = require('@tryghost/adapter-base-cache');
+/**
+ * Cache adapter compatible wrapper around TTLCache
+ * Distinct features of this cache adapter:
+ * - it is in-memory only
+ * - it supports time-to-live (TTL)
+ * - it supports a max number of items
+ */
+class AdapterCacheMemoryTTL extends Base {
+    #cache;
+    /**
+     *
+     * @param {Object} [deps]
+     * @param {Number} [deps.max] - The max number of items to keep in the cache.
+     * @param {Number} [deps.ttl] - The max time in ms to store items
+     */
+    constructor({max = Infinity, ttl = Infinity} = {}) {
+        super();
+        this.#cache = new TTLCache({max, ttl});
+    }
+    get(key) {
+        return this.#cache.get(key);
+    }
+    /**
+     *
+     * @param {String} key
+     * @param {*} value
+     * @param {Object} [options]
+     * @param {Number} [options.ttl]
+    */
+    set(key, value, {ttl} = {}) {
+        this.#cache.set(key, value, {ttl});
+    }
+    reset() {
+        this.#cache.clear();
+    }
+    /**
+     * Helper method to assist "getAll" type of operations
+     * @returns {Array<String>} all keys present in the cache
+     */
+    keys() {
+        return [...this.#cache.keys()];
+    }
+}
+module.exports = AdapterCacheMemoryTTL;

package/core/server/adapters/cache/memory-ttl.js CHANGED Viewed

@@ -1,3 +1,3 @@
-const TTLMemoryCache = require('@tryghost/adapter-cache-memory-ttl');
+const TTLMemoryCache = require('./AdapterCacheMemoryTTL');
 module.exports = TTLMemoryCache;

package/core/server/data/migrations/versions/5.113/2025-03-07-12-24-00-add-super-editor.js ADDED Viewed

@@ -0,0 +1,31 @@
+const logging = require('@tryghost/logging');
+const {default: ObjectID} = require('bson-objectid');
+const {createTransactionalMigration, meta} = require('../../utils');
+module.exports = createTransactionalMigration(
+    async function up(knex) {
+        logging.info('Creating "Super Editor" role');
+        const existingRole = await knex('roles').where({
+            name: 'Super Editor'
+        }).first();
+        if (existingRole) {
+            logging.warn('"Super Editor" role already exists, skipping');
+            return;
+        }
+        await knex('roles').insert({
+            id: (new ObjectID()).toHexString(),
+            name: 'Super Editor',
+            description: 'Editor plus member management',
+            created_by: meta.MIGRATION_USER,
+            created_at: knex.raw('current_timestamp')
+        });
+    },
+    async function down(knex) {
+        logging.info('Deleting role "Super Editor"');
+        await knex('roles').where({
+            name: 'Super Editor'
+        }).del();
+    }
+);

package/core/server/data/migrations/versions/5.113/2025-03-07-12-25-00-add-member-perms-to-super-editor.js ADDED Viewed

@@ -0,0 +1,291 @@
+const {addPermissionToRole, combineTransactionalMigrations} = require('../../utils');
+module.exports = combineTransactionalMigrations(
+    addPermissionToRole({
+        permission: 'Browse Members',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Read Members',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Edit Members',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Add Members',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Delete Members',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Read offers',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Browse offers',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Read member signin urls',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Browse notifications',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Add notifications',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Delete notifications',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Generate slugs',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Browse posts',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Read posts',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Edit posts',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Add posts',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Delete posts',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Publish posts',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Browse settings',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Read settings',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Browse tags',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Read tags',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Edit tags',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Add tags',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Delete tags',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Browse themes',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'View active theme details',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Browse users',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Read users',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Edit users',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Add users',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Delete users',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Assign a role',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Browse roles',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Browse invites',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Read invites',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Add invites',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Delete invites',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Edit invites',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Email preview',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Send test email',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Read emails',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Browse emails',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Retry emails',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Browse snippets',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Read snippets',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Edit snippets',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Add snippets',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Delete snippets',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Browse labels',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Read labels',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Edit labels',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Add labels',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Delete labels',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Browse Products',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Read Products',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Browse newsletters',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Read newsletters',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Browse collections',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Read collections',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Edit collections',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Add collections',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Delete collections',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Moderate comments',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Like comments',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Unlike comments',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Add comments',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Edit comments',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Delete comments',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Read comments',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Browse comments',
+        role: 'Super Editor'
+    }),
+    addPermissionToRole({
+        permission: 'Report comments',
+        role: 'Super Editor'
+    })
+);

package/core/server/data/schema/fixtures/fixtures.json CHANGED Viewed

@@ -106,6 +106,10 @@
                 {
                     "name": "Scheduler Integration",
                     "description": "Internal Scheduler Client"
+                },
+                {
+                    "name": "Super Editor",
+                    "description": "Super Editors"
                 }
             ]
         },
@@ -917,6 +921,29 @@
                     "recommendation": "all",
                     "member_signin_url": "read"
                 },
+                "Super Editor": {
+                    "notification": "all",
+                    "post": "all",
+                    "setting": ["browse", "read"],
+                    "slug": "all",
+                    "tag": "all",
+                    "user": "all",
+                    "role": "all",
+                    "invite": "all",
+                    "theme": ["browse", "readActive"],
+                    "email_preview": "all",
+                    "email": "all",
+                    "snippet": "all",
+                    "label": ["browse", "read", "edit", "add", "destroy"],
+                    "product": ["browse", "read"],
+                    "newsletter": ["browse", "read"],
+                    "collection": "all",
+                    "recommendation": ["browse", "read"],
+                    "member": ["browse", "read", "add", "edit", "destroy"],
+                    "member_signin_url": "read",
+                    "offer": ["browse", "read"],
+                    "comment": "all"
+                },
                 "Editor": {
                     "notification": "all",
                     "post": "all",

package/core/server/models/invite.js CHANGED Viewed

@@ -87,12 +87,12 @@ Invite = ghostBookshelf.Model.extend({
                 if (loadedPermissions.user) {
                     const {isOwner, isAdmin, isEitherEditor} = setIsRoles(loadedPermissions);
                     if (isOwner || isAdmin) {
-                        allowed = ['Administrator', 'Editor', 'Author', 'Contributor'];
+                        allowed = ['Administrator', 'Editor', 'Author', 'Contributor', 'Super Editor'];
                     } else if (isEitherEditor) {
                         allowed = ['Author', 'Contributor'];
                     }
                 } else if (loadedPermissions.apiKey) {
-                    allowed = ['Editor', 'Author', 'Contributor'];
+                    allowed = ['Editor', 'Author', 'Contributor', 'Super Editor'];
                 }
                 if (allowed.indexOf(roleToInvite.get('name')) === -1) {

package/core/server/models/role.js CHANGED Viewed

@@ -82,9 +82,9 @@ Role = ghostBookshelf.Model.extend({
             const {isOwner, isAdmin, isEitherEditor} = setIsRoles(loadedPermissions);
             let checkAgainst;
             if (isOwner) {
-                checkAgainst = ['Owner', 'Administrator', 'Editor', 'Author', 'Contributor'];
+                checkAgainst = ['Owner', 'Administrator', 'Super Editor', 'Editor', 'Author', 'Contributor'];
             } else if (isAdmin) {
-                checkAgainst = ['Administrator', 'Editor', 'Author', 'Contributor'];
+                checkAgainst = ['Administrator', 'Super Editor', 'Editor', 'Author', 'Contributor'];
             } else if (isEitherEditor) {
                 checkAgainst = ['Author', 'Contributor'];
             }

package/core/server/models/user.js CHANGED Viewed

@@ -1,4 +1,3 @@
-const _ = require('lodash');
 const validator = require('@tryghost/validator');
 const ObjectId = require('bson-objectid').default;
 const ghostBookshelf = require('./base');
@@ -11,9 +10,9 @@ const {pipeline} = require('@tryghost/promise');
 const validatePassword = require('../lib/validate-password');
 const permissions = require('../services/permissions');
 const urlUtils = require('../../shared/url-utils');
-const activeStates = ['active', 'warn-1', 'warn-2', 'warn-3', 'warn-4'];
-const ASSIGNABLE_ROLES = ['Administrator', 'Editor', 'Author', 'Contributor'];
 const {setIsRoles} = require('./role-utils');
+const activeStates = ['active', 'warn-1', 'warn-2', 'warn-3', 'warn-4'];
+const ASSIGNABLE_ROLES = ['Administrator', 'Super Editor', 'Editor', 'Author', 'Contributor'];
 const messages = {
     valueCannotBeBlank: 'Value in [{tableName}.{columnKey}] cannot be blank.',
@@ -77,7 +76,7 @@ User = ghostBookshelf.Model.extend({
     },
     format(options) {
-        if (!_.isEmpty(options.website) &&
+        if (options.website &&
             !validator.isURL(options.website, {
                 require_protocol: true,
                 protocols: ['http', 'https']
@@ -130,7 +129,7 @@ User = ghostBookshelf.Model.extend({
     onDestroyed: function onDestroyed(model, options) {
         ghostBookshelf.Model.prototype.onDestroyed.apply(this, arguments);
-        if (_.includes(activeStates, model.previous('status'))) {
+        if (activeStates.includes(model.previous('status'))) {
             model.emitChange('deactivated', options);
         }
@@ -143,7 +142,7 @@ User = ghostBookshelf.Model.extend({
         model.emitChange('added', options);
         // active is the default state, so if status isn't provided, this will be an active user
-        if (!model.get('status') || _.includes(activeStates, model.get('status'))) {
+        if (!model.get('status') || activeStates.includes(model.get('status'))) {
             model.emitChange('activated', options);
         }
     },
@@ -152,7 +151,7 @@ User = ghostBookshelf.Model.extend({
         ghostBookshelf.Model.prototype.onUpdated.apply(this, arguments);
         model.statusChanging = model.get('status') !== model.previous('status');
-        model.isActive = _.includes(activeStates, model.get('status'));
+        model.isActive = activeStates.includes(model.get('status'));
         if (model.statusChanging) {
             model.emitChange(model.isActive ? 'activated' : 'deactivated', options);
@@ -456,18 +455,16 @@ User = ghostBookshelf.Model.extend({
         const options = this.filterOptions(unfilteredOptions, 'findOne');
         let query;
         let status;
-        let data = _.cloneDeep(dataToClone);
+        let data = JSON.parse(JSON.stringify(dataToClone));
         const lookupRole = data.role;
         // Ensure only valid fields/columns are added to query
         if (options.columns) {
-            options.columns = _.intersection(options.columns, this.prototype.permittedAttributes());
+            options.columns = options.columns.filter(col => this.prototype.permittedAttributes().includes(col));
         }
         delete data.role;
-        data = _.defaults(data || {}, {
-            status: 'all'
-        });
+        data = Object.assign({}, {status: 'all'}, data || {});
         status = data.status;
         delete data.status;
@@ -476,7 +473,7 @@ User = ghostBookshelf.Model.extend({
         // Support finding by role
         if (lookupRole) {
-            options.withRelated = _.union(options.withRelated, ['roles']);
+            options.withRelated = [...new Set([...(options.withRelated || []), 'roles'])];
             query = this.forge(data);
             query.query('join', 'roles_users', 'users.id', '=', 'roles_users.user_id');
@@ -520,7 +517,7 @@ User = ghostBookshelf.Model.extend({
         } else if (type === 'recommendation-received') {
             filter += '+recommendation_notifications:true';
         }
-        const updatedOptions = _.merge({}, options, {filter, withRelated: ['roles']});
+        const updatedOptions = Object.assign({}, options, {filter, withRelated: ['roles']});
         return this.findAll(updatedOptions).then((users) => {
             return users.toJSON().filter((user) => {
                 return user?.roles?.some((role) => {
@@ -641,7 +638,7 @@ User = ghostBookshelf.Model.extend({
     add: function add(dataToClone, unfilteredOptions) {
         const options = this.filterOptions(unfilteredOptions, 'add');
         const self = this;
-        const data = _.cloneDeep(dataToClone);
+        const data = JSON.parse(JSON.stringify(dataToClone));
         let userData = this.filterData(data);
         let roles;
@@ -653,7 +650,7 @@ User = ghostBookshelf.Model.extend({
         }
         function getAuthorRole() {
-            return ghostBookshelf.model('Role').findOne({name: 'Author'}, _.pick(options, 'transacting'))
+            return ghostBookshelf.model('Role').findOne({name: 'Author'}, {transacting: options.transacting})
                 .then(function then(authorRole) {
                     return [authorRole.get('id')];
                 });
@@ -684,7 +681,7 @@ User = ghostBookshelf.Model.extend({
                 roles = _roles;
                 // CASE: it is possible to add roles by name, by id or by object
-                if (_.isString(roles[0]) && !ObjectId.isValid(roles[0])) {
+                if (typeof roles[0] === 'string' && !ObjectId.isValid(roles[0])) {
                     const rolePromises = roles.map((roleName) => {
                         return ghostBookshelf.model('Role').findOne({
                             name: roleName
@@ -781,6 +778,23 @@ User = ghostBookshelf.Model.extend({
         });
     },
+    /**
+     * Checks if a user has permission to perform an action on another user
+     *
+     * @param {Object|string|number} userModelOrId - The user model or ID being acted upon
+     * @param {'edit'|'destroy'} action - The action being performed:
+     *                                     - 'edit': Edit user details, status, or role
+     *                                     - 'destroy': Delete a user (Owner cannot be deleted)
+     * @param {Object} context - The context of the request, containing the current user's ID
+     * @param {Object} unsafeAttrs - The attributes being modified in the action
+     * @param {Object} loadedPermissions - The permissions of the user making the request
+     * @param {boolean} hasUserPermission - Whether the user has permission based on user roles
+     * @param {boolean} hasApiKeyPermission - Whether the user has permission based on API key
+     * @returns {Promise<boolean>} Resolves if the action is permitted, rejects with NoPermissionError if not
+     * @throws {errors.NotFoundError} When the target user is not found
+     * @throws {errors.NoPermissionError} When the action is not permitted
+     * @throws {errors.ValidationError} When role changes are invalid
+     */
     permissible: async function permissible(userModelOrId, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasApiKeyPermission) {
         const self = this;
         const userModel = userModelOrId;
@@ -788,13 +802,13 @@ User = ghostBookshelf.Model.extend({
         const {isOwner, isEitherEditor} = setIsRoles(loadedPermissions);
         // If we passed in a model without its related roles, we need to fetch it again
-        if (_.isObject(userModelOrId) && !_.isObject(userModelOrId.related('roles'))) {
+        if (typeof userModelOrId === 'object' && !(typeof userModelOrId.related('roles') === 'object')) {
             userModelOrId = userModelOrId.id;
         }
         // If we passed in an id instead of a model get the model first
-        if (_.isNumber(userModelOrId) || _.isString(userModelOrId)) {
+        if (typeof userModelOrId === 'number' || typeof userModelOrId === 'string') {
             // Grab the original args without the first one
-            origArgs = _.toArray(arguments).slice(1);
+            origArgs = Array.from(arguments).slice(1);
             // Get the actual user model
             return this.findOne({
@@ -822,15 +836,12 @@ User = ghostBookshelf.Model.extend({
         }
         if (action === 'edit') {
-            // Users with the role 'Editor', 'Author', and 'Contributor' have complex permissions when the action === 'edit'
-            // We now have all the info we need to construct the permissions
             if (context.user === userModel.get('id')) {
                 // If this is the same user that requests the operation allow it.
                 hasUserPermission = true;
-            } else if (isOwner) {
+            } else if (loadedPermissions.user && userModel.hasRole('Owner')) {
                 // Owner can only be edited by owner
-                hasUserPermission = loadedPermissions.user && _.some(loadedPermissions.user.roles, {name: 'Owner'});
+                hasUserPermission = isOwner;
             } else if (isEitherEditor) {
                 // If the user we are trying to edit is an Author or Contributor, allow it
                 hasUserPermission = userModel.hasRole('Author') || userModel.hasRole('Contributor');
@@ -1058,7 +1069,7 @@ User = ghostBookshelf.Model.extend({
                 // check if user has the owner role
                 const currentRoles = contextUser.toJSON(options).roles;
-                if (!_.some(currentRoles, {id: ownerRole.id})) {
+                if (!currentRoles.some(role => role.id === ownerRole.id)) {
                     return Promise.reject(new errors.NoPermissionError({
                         message: tpl(messages.onlyOwnerCanTransferOwnerRole)
                     }));
@@ -1081,7 +1092,7 @@ User = ghostBookshelf.Model.extend({
                 const {roles: currentRoles, status} = user.toJSON(options);
-                if (!_.some(currentRoles, {id: adminRole.id})) {
+                if (!currentRoles.some(role => role.id === adminRole.id)) {
                     return Promise.reject(new errors.ValidationError({
                         message: tpl(messages.onlyAdmCanBeAssignedOwnerRole)
                     }));
@@ -1139,4 +1150,4 @@ Users = ghostBookshelf.Collection.extend({
 module.exports = {
     User: ghostBookshelf.model('User', User),
     Users: ghostBookshelf.collection('Users', Users)
-};
+};

package/core/server/services/email-analytics/jobs/update-member-email-analytics/index.js ADDED Viewed

@@ -0,0 +1,13 @@
+const queries = require('../../lib/queries');
+/**
+ * Updates email analytics for a specific member
+ *
+ * @param {Object} options - The options object
+ * @param {string} options.memberId - The ID of the member to update analytics for
+ * @returns {Promise<Object>} The result of the aggregation query (1/0)
+ */
+module.exports = async function updateMemberEmailAnalytics({memberId}) {
+    const result = await queries.aggregateMemberStats(memberId);
+    return result;
+};