Enabled collections permissions in controller

refs https://github.com/TryGhost/Team/issues/3220 - With permissions in place in the database, they can be enabled on controller level.
TryGhost · Jun 9, 2023 · f7e2f82 · f7e2f82
1 parent 05bb82c
commit f7e2f82
Showing 1 changed file with 11 additions and 16 deletions.
diff --git a/ghost/core/core/server/api/endpoints/collections.js b/ghost/core/core/server/api/endpoints/collections.js
@@ -19,8 +19,7 @@ module.exports = {
             'page',
             'filter'
         ],
-        // @NOTE: should have permissions when moving out of Alpha
-        permissions: false,
+        permissions: true,
         query(frame) {
             return collectionsService.api.getAll(frame.options);
         }
@@ -33,8 +32,7 @@ module.exports = {
         data: [
             'id'
         ],
-        // @NOTE: should have permissions when moving out of Alpha
-        permissions: false,
+        permissions: true,
         async query(frame) {
             const model = await collectionsService.api.getById(frame.data.id);
 
@@ -53,8 +51,7 @@ module.exports = {
         headers: {
             cacheInvalidate: true
         },
-        // @NOTE: should have permissions when moving out of Alpha
-        permissions: false,
+        permissions: true,
         async query(frame) {
             return await collectionsService.api.createCollection(frame.data.collections[0]);
         }
@@ -74,8 +71,7 @@ module.exports = {
                 }
             }
         },
-        // @NOTE: should have permissions when moving out of Alpha
-        permissions: false,
+        permissions: true,
         async query(frame) {
             const model = await collectionsService.api.edit(Object.assign(frame.data.collections[0], {
                 id: frame.options.id
@@ -101,7 +97,6 @@ module.exports = {
     },
 
     addPost: {
-        docName: 'collection_posts',
         statusCode: 200,
         headers: {
             cacheInvalidate: false
@@ -124,8 +119,9 @@ module.exports = {
                 }
             }
         },
-        // @NOTE: should have permissions when moving out of Alpha
-        permissions: false,
+        permissions: {
+            method: 'edit'
+        },
         async query(frame) {
             const collectionPost = await collectionsService.api.addPostToCollection(frame.options.id, {
                 id: frame.data.posts[0].id
@@ -156,15 +152,13 @@ module.exports = {
                 }
             }
         },
-        // @NOTE: should have permissions when moving out of Alpha
-        permissions: false,
+        permissions: true,
         async query(frame) {
             return await collectionsService.api.destroy(frame.options.id);
         }
     },
 
     destroyPost: {
-        docName: 'collection_posts',
         statusCode: 200,
         headers: {
             cacheInvalidate: true
@@ -183,8 +177,9 @@ module.exports = {
                 }
             }
         },
-        // @NOTE: should have permissions when moving out of Alpha
-        permissions: false,
+        permissions: {
+            method: 'edit'
+        },
         async query(frame) {
             const collection = await collectionsService.api.removePostFromCollection(frame.options.id, frame.options.post_id);