🐛 Fixed CTA for public preview card not showing on post previews

[cathysarisky]

closes #23181
closes https://linear.app/ghost/issue/ONC-921/oss-issue-content-cta-does-not-display-on-preview-when-it-should
refs https://linear.app/ghost/issue/ONC-930/support-escalation-re-freepaywalls-on-web-versions-of-email-only-posts

When a post is set to members only or paid only and there is a public preview card present, the "This post is for members only" CTA wasn't appearing in the post preview, even though the private content was correctly omitted. The CTA was correctly being displayed on the actual post on the frontend, however.

This pattern of setting post.access in the frontend controller route was previously used in all of the entry, preview and email routers. This commit from 2020 switches this pattern to calculate the value of post.access in the content API rather than the frontend, and this same post.access = !!post.html line was removed from the entry controller at that time. However, the change wasn't carried over to the email or preview controllers.

This commit carries the pattern over to the preview controller, and adds a test to ensure the CTA is rendered in the preview route. I'll follow up with another PR to do the same for the email controller.

[coderabbitai]

Walkthrough

The change removes an extraneous blank line after retrieving the post from the API and deletes the line that sets post.access to a boolean based on the presence of post.html in the post preview controller. Additionally, two assertions were added to the preview route tests for draft posts accessed via UUID with member status query parameters: one verifying that the response text includes "This post is for" when accessed with ?member_status=free, and another verifying that the phrase is absent when accessed with ?member_status=paid. No other logic or control flow is modified.

Assessment against linked issues

Objective	Addressed	Explanation
Ensure content CTA displays in post preview for members-only or paid posts when previewed as a member (#23181)	❌	The PR does not implement or fix access logic that affects the content CTA display; it only removes a line setting post.access and adds test assertions without changing preview behavior.

Possibly related PRs

• 🐛 Fixed shared preview links not respecting selected member segment #23083: Updates the frontend preview modal to include member status in preview URLs, complementing this PR's backend logic for member segment handling in post previews.

suggested_labels: deploy-to-staging

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9ba6c16 and 3413440.

📒 Files selected for processing (2)

• ghost/core/core/frontend/services/routing/controllers/previews.js (0 hunks)
• ghost/core/test/e2e-frontend/preview_routes.test.js (2 hunks)

💤 Files with no reviewable changes (1)

• ghost/core/core/frontend/services/routing/controllers/previews.js

🚧 Files skipped from review as they are similar to previous changes (1)

• ghost/core/test/e2e-frontend/preview_routes.test.js

⏰ Context from checks skipped due to timeout of 90000ms (9)

• GitHub Check: Unit tests (Node 22.13.1)
• GitHub Check: Unit tests (Node 20.11.1)
• GitHub Check: Database tests (Node 20.11.1, mysql8)
• GitHub Check: Database tests (Node 20.11.1, sqlite3)
• GitHub Check: Database tests (Node 22.13.1, mysql8)
• GitHub Check: Ghost-CLI tests
• GitHub Check: Regression tests (Node 20.11.1, sqlite3)
• GitHub Check: Regression tests (Node 20.11.1, mysql8)
• GitHub Check: Lint

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[cmraible]

@cathysarisky thanks for raising the issue, and for taking the time to work on a fix!

I think you've found the correct root cause here — post.access effectively always being set to true in the preview route — but I don't think this solution is quite right.

Admittedly, this really isn't well documented, but the first signal to me that something's not quite right is that this PR requires code from core/server within core/frontend. You'll definitely see other instances of this in the codebase as we haven't ever fully decoupled the two, but our intent is for the frontend code to be decoupled from the server code as much as possible. This is probably best documented in the bridge.js file:

Ghost/ghost/core/core/bridge.js

Lines 1 to 11 in 8b72ea4

	/**
	* The Bridge
	*
	* The bridge is responsible for handing communication from the server to the frontend.
	* Data should only be flowing server -> frontend.
	* As the architecture improves, the number of cross requires here should go down
	* Eventually, the aim is to make this a component that is initialized on boot and is either handed to or actively creates the frontend, if the frontend is desired.
	*
	* This file is a great place for all the cross-component event handling in lieu of refactoring
	* NOTE: You may require anything from shared, the frontend or server here - it is the one place (other than boot) that is allowed :)
	*/

, although that's admittedly not super discoverable unless you're actively looking for it.

Our pie-in-the-sky long term vision is that the frontend might one day be a completely separate app, which would be a client of the server/content API. If there were no other way to do this, I wouldn't block this PR on it, but it is an initial indication to me that something's not quite right.

We also have an informal policy of adding tests for any bug fixes — I totally trust you that this fixes the bug, but without a test it's really easy for someone to come along in the future, remove this code and not realize they've broken anything.

I'm context loaded on this problem, as we've had a customer raise a similar issue (basically the same thing, but in the /email/ route). I'd like to get a fix merged for this today so we can be sure it gets into this week's release. Let me know if you have the capacity and desire to collab on this one today, I'd be happy to work through it with you. Otherwise I'm happy to take this one off your plate if that's better for you — just didn't want to steal your thunder 😀

[cmraible]

Two things I'd like to see here before merging, more details in a separate comment above:

1. We should have at least one test for this
2. If possible, we should avoid requiring code in core/server from core/frontend

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

ghost/core/core/frontend/services/routing/controllers/previews.js (1)

30-30: Remove debug console.log statement.

This console.log statement appears to be a debugging artifact and should be removed before merging to production.

-            console.log('post', post);

🧰 Tools

🪛 ESLint

[error] 30-30: Unexpected console statement.

(no-console)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e411801 and b7c554f.

📒 Files selected for processing (1)

• ghost/core/core/frontend/services/routing/controllers/previews.js (2 hunks)

🧰 Additional context used

🪛 ESLint

ghost/core/core/frontend/services/routing/controllers/previews.js

[error] 30-30: Unexpected console statement.

(no-console)

---

[error] 64-64: 'member' is assigned a value but never used.

(no-unused-vars)

⏰ Context from checks skipped due to timeout of 90000ms (8)

• GitHub Check: Unit tests (Node 20.11.1)
• GitHub Check: Unit tests (Node 22.13.1)
• GitHub Check: Regression tests (Node 20.11.1, mysql8)
• GitHub Check: Regression tests (Node 20.11.1, sqlite3)
• GitHub Check: Database tests (Node 20.11.1, mysql8)
• GitHub Check: Database tests (Node 20.11.1, sqlite3)
• GitHub Check: Database tests (Node 22.13.1, mysql8)
• GitHub Check: Ghost-CLI tests

🔇 Additional comments (1)

ghost/core/core/frontend/services/routing/controllers/previews.js (1)

1-73: Add test coverage for preview access functionality.

This change fixes an issue with the content CTA not displaying correctly in post previews, but no tests were added to verify the fix or prevent future regressions.

As mentioned in the PR comments, there's an informal policy to add tests for bug fixes. Consider adding tests that verify:

1. The correct display of content CTA in post previews with different access scenarios
2. Proper handling of public previews where post.html is present but access should be restricted

Can you also verify if this fix addresses the similar issue in the /email/ route that was mentioned in the PR comments?

🧰 Tools

🪛 ESLint

[error] 30-30: Unexpected console statement.

(no-console)

---

[error] 64-64: 'member' is assigned a value but never used.

(no-unused-vars)

[cmraible]

Just converting to a draft so Coderabbit calms down