Added Admin Settings changes for super editor role (#22452)

ref #22445

This PR contains the admin-x-settings changes needed to allow the super
editor role.

---------

Co-authored-by: Steve Larson <[email protected]>

Author: cathysarisky

.github/workflows/ci.yml

@@ -470,6 +470,10 @@ jobs:
         with:
           timezoneLinux: "America/New_York"
 
+      # Ensure all built packages are built before running tests (admin is built in job_setup)
+      - name: Build remaining assets
+        run: yarn nx run-many -t build --exclude=ghost-admin
+
       - run: yarn nx affected -t test:unit --base=${{ needs.job_setup.outputs.BASE_COMMIT }}
 
       - uses: actions/upload-artifact@v4

apps/admin-x-framework/src/api/roles.ts

@@ -1,6 +1,6 @@
 import {Meta, createQuery} from '../utils/api/hooks';
 
-export type UserRoleType = 'Owner' | 'Administrator' | 'Editor' | 'Author' | 'Contributor';
+export type UserRoleType = 'Owner' | 'Administrator' | 'Editor' | 'Author' | 'Contributor' | 'Super Editor';
 
 export type UserRole = {
     id: string;

apps/admin-x-framework/src/api/users.ts

@@ -148,7 +148,9 @@ export function isAdminUser(user: User) {
 }
 
 export function isEditorUser(user: User) {
-    return user.roles.some(role => role.name === 'Editor');
+    const isAnyEditor = user.roles.some(role => role.name === 'Editor') 
+    || user.roles.some(role => role.name === 'Super Editor');
+    return isAnyEditor;
 }
 
 export function isAuthorUser(user: User) {

apps/admin-x-framework/types/api/roles.d.ts

@@ -0,0 +1,19 @@
+import { Meta } from '../utils/api/hooks';
+export type UserRoleType = 'Owner' | 'Administrator' | 'Editor' | 'Author' | 'Contributor' | 'Super Editor';
+export type UserRole = {
+    id: string;
+    name: UserRoleType;
+    description: string;
+    created_at: string;
+    updated_at: string;
+};
+export interface RolesResponseType {
+    meta?: Meta;
+    roles: UserRole[];
+}
+export declare const useBrowseRoles: ({ searchParams, ...query }?: import("@tanstack/react-query").UseQueryOptions<RolesResponseType, unknown, RolesResponseType, import("@tanstack/query-core").QueryKey> & {
+    searchParams?: Record<string, string> | undefined;
+    defaultErrorHandler?: boolean | undefined;
+}) => Omit<import("@tanstack/react-query").UseQueryResult<RolesResponseType>, "data"> & {
+    data: RolesResponseType | undefined;
+};

apps/admin-x-settings/src/components/settings/general/InviteUserModal.tsx

@@ -7,10 +7,11 @@ import {useAddInvite, useBrowseInvites} from '@tryghost/admin-x-framework/api/in
 import {useBrowseRoles} from '@tryghost/admin-x-framework/api/roles';
 import {useBrowseUsers} from '@tryghost/admin-x-framework/api/users';
 import {useEffect, useRef, useState} from 'react';
+import {useGlobalData} from '../../providers/GlobalDataProvider';
 import {useHandleError} from '@tryghost/admin-x-framework/hooks';
 import {useRouting} from '@tryghost/admin-x-framework/routing';
 
-type RoleType = 'administrator' | 'editor' | 'author' | 'contributor';
+type RoleType = 'administrator' | 'editor' | 'author' | 'contributor' | 'super editor';
 
 const InviteUserModal = NiceModal.create(() => {
     const modal = NiceModal.useModal();
@@ -21,7 +22,8 @@ const InviteUserModal = NiceModal.create(() => {
     const limiter = useLimiter();
 
     const {updateRoute} = useRouting();
-
+    const {config} = useGlobalData();
+    const editorBeta = config.labs.superEditors;
     const focusRef = useRef<HTMLInputElement>(null);
     const [email, setEmail] = useState<string>('');
     const [saveState, setSaveState] = useState<'saving' | 'saved' | 'error' | ''>('');
@@ -173,10 +175,23 @@ const InviteUserModal = NiceModal.create(() => {
             value: 'administrator'
         }
     ];
-
+    
+    // If the editor beta is enabled, replace the editor role option with super editor options.
+    // This gets a little weird, because we aren't changing what is actually assigned based on the toggle.
+    // So, a site could have the editor beta enabled, but that doesn't automatically convert their editors.
+    // (Editors can be up/downgraded by reassigning them in this modal.  For 6.0, we should decide whether
+    // the old editors are going away or whether both roles are staying, and tidy this up then.)
+
+    if (editorBeta) {
+        roleOptions[2] = {
+            hint: 'Can invite and manage other Authors and Contributors, as well as edit and publish any posts on the site. Can manage members and moderate comments.',
+            label: 'Editor (beta mode)',
+            value: 'super editor'
+        };
+    };
     const allowedRoleOptions = roleOptions.filter((option) => {
         return assignableRoles.some((r) => {
-            return r.name === option.label;
+            return r.name === option.label || (r.name === 'Super Editor' && option.label === 'Editor (beta mode)');
         });
     });
 

apps/admin-x-settings/src/components/settings/general/users/RoleSelector.tsx

@@ -1,9 +1,12 @@
 import {Heading, Icon, Radio} from '@tryghost/admin-x-design-system';
 import {User, isOwnerUser} from '@tryghost/admin-x-framework/api/users';
 import {useBrowseRoles} from '@tryghost/admin-x-framework/api/roles';
+import {useGlobalData} from '../../../providers/GlobalDataProvider';
 
 const RoleSelector: React.FC<{ user: User; setUserData: (user: User) => void; }> = ({user, setUserData}) => {
     const {data: {roles} = {}} = useBrowseRoles();
+    const {config} = useGlobalData();
+    const editorBeta = config.labs.superEditors;
 
     if (isOwnerUser(user)) {
         return (
@@ -16,32 +19,47 @@ const RoleSelector: React.FC<{ user: User; setUserData: (user: User) => void; }>
             </>
         );
     }
+    let optionsArray = [
+        {
+            hint: 'Can create and edit their own posts, but cannot publish. An Editor needs to approve and publish for them.',
+            label: 'Contributor',
+            value: 'contributor'
+        },
+        {
+            hint: 'A trusted user who can create, edit and publish their own posts, but can’t modify others.',
+            label: 'Author',
+            value: 'author'
+        },
+        {
+            hint: 'Can invite and manage other Authors and Contributors, as well as edit and publish any posts on the site.',
+            label: 'Editor',
+            value: 'editor'
+        },
+        {
+            hint: 'Trusted staff user who should be able to manage all content and users, as well as site settings and options.',
+            label: 'Administrator',
+            value: 'administrator'
+        }
+    ];
+    // if the editor beta is enabled, replace the editor role with super editor
+    if (editorBeta) {
+        optionsArray = optionsArray.map((option) => {
+            if (option.value === 'editor') {
+                return {
+                    ...option,
+                    label: 'Editor (beta mode)',
+                    value: 'super editor',
+                    hint: 'Can invite and manage other Authors and Contributors, as well as edit and publish any posts on the site. Can manage members and moderate comments.'
+                };
+            }
+            return option;
+        });
+    }
 
     return (
         <Radio
             id='role'
-            options={[
-                {
-                    hint: 'Can create and edit their own posts, but cannot publish. An Editor needs to approve and publish for them.',
-                    label: 'Contributor',
-                    value: 'contributor'
-                },
-                {
-                    hint: 'A trusted user who can create, edit and publish their own posts, but can’t modify others.',
-                    label: 'Author',
-                    value: 'author'
-                },
-                {
-                    hint: 'Can invite and manage other Authors and Contributors, as well as edit and publish any posts on the site.',
-                    label: 'Editor',
-                    value: 'editor'
-                },
-                {
-                    hint: 'Trusted staff user who should be able to manage all content and users, as well as site settings and options.',
-                    label: 'Administrator',
-                    value: 'administrator'
-                }
-            ]}
+            options={optionsArray}
             selectedOption={user.roles[0].name.toLowerCase()}
             title="Role"
             onSelect={(value) => {

apps/admin-x-settings/src/hooks/useStaffUsers.tsx

@@ -27,6 +27,14 @@ function getUsersByRole(users: User[], role: string): User[] {
     });
 }
 
+function getUsersByRoles(users: User[], roles: string[]): User[] {
+    return users.filter((user) => {
+        return user.roles.find((userRole) => {
+            return roles.includes(userRole.name);
+        });
+    });
+}
+
 function getOwnerUser(users: User[]): User {
     return getUsersByRole(users, 'Owner')[0];
 }
@@ -39,7 +47,7 @@ const useStaffUsers = (): UsersHook => {
 
     const ownerUser = useMemo(() => getOwnerUser(users), [users]);
     const adminUsers = useMemo(() => getUsersByRole(users, 'Administrator'), [users]);
-    const editorUsers = useMemo(() => getUsersByRole(users, 'Editor'), [users]);
+    const editorUsers = useMemo(() => getUsersByRoles(users, ['Editor', 'Super Editor']), [users]);
     const authorUsers = useMemo(() => getUsersByRole(users, 'Author'), [users]);
     const contributorUsers = useMemo(() => getUsersByRole(users, 'Contributor'), [users]);
     const mappedInvites = useMemo(() => invites.map((invite) => {

ghost/core/core/server/models/invite.js

@@ -87,12 +87,12 @@ Invite = ghostBookshelf.Model.extend({
                 if (loadedPermissions.user) {
                     const {isOwner, isAdmin, isEitherEditor} = setIsRoles(loadedPermissions);
                     if (isOwner || isAdmin) {
-                        allowed = ['Administrator', 'Editor', 'Author', 'Contributor'];
+                        allowed = ['Administrator', 'Editor', 'Author', 'Contributor', 'Super Editor'];
                     } else if (isEitherEditor) {
                         allowed = ['Author', 'Contributor'];
                     }
                 } else if (loadedPermissions.apiKey) {
-                    allowed = ['Editor', 'Author', 'Contributor'];
+                    allowed = ['Editor', 'Author', 'Contributor', 'Super Editor'];
                 }
 
                 if (allowed.indexOf(roleToInvite.get('name')) === -1) {

ghost/core/core/shared/labs.js

@@ -38,7 +38,8 @@ const BETA_FEATURES = [
     'ActivityPub',
     'importMemberTier',
     'staff2fa',
-    'contentVisibility'
+    'contentVisibility',
+    'superEditors'
 ];
 
 const ALPHA_FEATURES = [

ghost/core/test/e2e-api/admin/__snapshots__/config.test.js.snap

@@ -29,6 +29,7 @@ Object {
       "members": true,
       "postsX": true,
       "stripeAutomaticTax": true,
+      "superEditors": true,
       "themeErrorsNotification": true,
       "urlCache": true,
       "webmentions": true,

ghost/core/test/e2e-api/admin/invites.test.js

@@ -116,6 +116,7 @@ describe('Invites API', function () {
             mailService.GhostMailer.prototype.send.called.should.be.false();
         });
     });
+    
     describe('As Admin Integration', function () {
         before(async function () {
             await localUtils.startGhost();
@@ -212,6 +213,33 @@ describe('Invites API', function () {
             res.headers.location.should.equal(`http://127.0.0.1:2369${localUtils.API.getApiQuery('invites/')}${res.body.invites[0].id}/`);
         });
 
+        it('Can add a new invite by API Key with the Super Editor Role', async function () {
+            const roleId = testUtils.getExistingData().roles.find(role => role.name === 'Super Editor').id;
+            const res = await request
+                .post(localUtils.API.getApiQuery('invites/'))
+                .set('Authorization', `Ghost ${localUtils.getValidAdminToken('/admin/')}`)
+                .send({
+                    invites: [{email: '[email protected]', role_id: roleId}]
+                })
+                .expect('Content-Type', /json/)
+                .expect('Cache-Control', testUtils.cacheRules.private)
+                .expect(201);
+
+            should.not.exist(res.headers['x-cache-invalidate']);
+            const jsonResponse = res.body;
+            should.exist(jsonResponse);
+            should.exist(jsonResponse.invites);
+            jsonResponse.invites.should.have.length(1);
+
+            localUtils.API.checkResponse(jsonResponse.invites[0], 'invite');
+            jsonResponse.invites[0].role_id.should.eql(roleId);
+
+            mailService.GhostMailer.prototype.send.called.should.be.true();
+
+            should.exist(res.headers.location);
+            res.headers.location.should.equal(`http://127.0.0.1:2369${localUtils.API.getApiQuery('invites/')}${res.body.invites[0].id}/`);
+        });
+
         it('Can not add a new invite by API Key with the Administrator Role', async function () {
             const roleId = testUtils.getExistingData().roles.find(role => role.name === 'Administrator').id;
             await request
@@ -225,4 +253,4 @@ describe('Invites API', function () {
                 .expect(403);
         });
     });
-});
+});