Commit Graph

45 Commits

Author SHA1 Message Date
Alan Guo Xiang Tan
65820e8ac1
SECURITY: Restrict display of topic titles associated with user badges (#18768) (#18770)
Before this commit, we did not have guardian checks in place to determine if a
topic's title associated with a user badge should be displayed or not.
This means that the topic title of topics with restricted access
could be leaked to anon and users without access if certain conditions
are met. While we will not specify the conditions required, we have internally
assessed that the odds of meeting such conditions are low.

With this commit, we will now apply a guardian check to ensure that the
current user is able to see a topic before the topic's title is included
in the serialized object of a `UserBadge`.
2022-10-27 11:48:00 +08:00
Andrei Prigorshnev
1cadae3879
FIX: simplify and improve choosing favorite badges (#13743)
* No need to return anything except a status code from the server

* Switch a badge state before sending a request and then switch it back in case of an error
2021-07-16 11:13:00 +08:00
Andrei Prigorshnev
5cd447695e
FIX: problems with choosing favorite badges (#13731) 2021-07-15 14:51:44 +04:00
Bianca Nenciu
87c1e98571
FEATURE: Let users select flair (#13587)
User flair was given by user's primary group. This PR separates the
two, adds a new field to the user model for flair group ID and users
can select their flair from user preferences now.
2021-07-08 10:46:21 +03:00
Bianca Nenciu
a22aa7562a
FIX: Make favorite work with multiple grant badges (#13492)
Badges that are awarded multiple times can be favorite and not favorite
at the same time. This caused few problems when users tried to favorite
them as they were counted multiple times or their state was incorrectly
displayed.
2021-06-23 14:41:23 +03:00
Bianca Nenciu
ee87d8c93b
FEATURE: Make max number of favorite configurable (#13480)
It used to be hardcoded to 2 and now it uses max_favorite_badges site
setting. When zero, it disables favorite badges.
2021-06-22 18:58:03 +03:00
Joffrey JAFFEUX
1cd0424ccd
FEATURE: lets users favorite 2 badges to show on user-card (#13151) 2021-06-01 10:33:40 +02:00
Osama Sayegh
a23d0f9961
UX: Add image uploader widget for uploading badge images (#12377)
Currently the process of adding a custom image to badge is quite clunky; you have to upload your image to a topic, and then copy the image URL and pasting it in a text field. Besides being clucky, if the topic or post that contains the image is deleted, the image will be garbage-collected in a few days and the badge will lose the image because the application is not that the image is referenced by a badge.

This commit improves that by adding a proper image uploader widget for badge images.
2021-03-17 08:55:23 +03:00
Régis Hanol
860deeb072 FIX: identify slug-less topic urls everywhere
In 91c89df6, I fixed the onebox to support local topics with a slug-less URL.
This commit fixes all the other spots (search, topic links and user badges) where we look up for a local topic.

Follow-up-to: 91c89df6
2020-06-29 12:31:20 +02:00
Vinoth Kannan
7fe414d35d FIX: hide rss feed & json if a user profile is hidden. 2020-06-03 19:03:02 +05:30
Daniel Waterworth
55a1394342 DEV: pluck_first
Doing .pluck(:column).first is a very common pattern in Discourse and in
most cases, a limit cause isn't being added. Instead of adding a limit
clause to all these callsites, this commit adds two new methods to
ActiveRecord::Relation:

pluck_first, equivalent to limit(1).pluck(*columns).first

and pluck_first! which, like other finder methods, raises an exception
when no record is found
2019-10-21 12:08:20 +01:00
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Saurabh Patel
99856478d6 FIX: use discourse route_for function to check url route
it takes care if there is a relative url root
2019-01-11 14:58:45 +08:00
Saurabh Patel
0fca3205b5 FIX: show error msg on grant badge if message available from backend (#6801) 2018-12-31 10:46:39 +01:00
Maja Komel
1d649e147b FEATURE: show avatar flair on group, badges and directory pages (#6732) 2018-12-06 12:18:52 +01:00
Saurabh Patel
55945ec7c8 FIX: throw error when link in reason for grant badge is an external link (#6690) 2018-11-28 18:01:41 +01:00
Régis Hanol
de92913bf4 FIX: store the topic links using the cooked upload url 2018-08-14 12:23:32 +02:00
Guo Xiang Tan
ad5082d969 Make rubocop happy again. 2018-06-07 13:28:18 +08:00
Guo Xiang Tan
142571bba0 Remove use of rescue nil.
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
2018-04-02 13:52:51 +08:00
Arpit Jalan
5003f07b2c FEATURE: new site setting show_inactive_accounts 2017-12-07 19:22:41 +05:30
Robin Ward
628275fc31 FIX: Some badge routes were still working even with badges disabled 2017-11-21 12:22:44 -05:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Régis Hanol
0bf001ccd7 FIX: badge grant count wasn't filtered to the current user in the user summary 2016-03-30 23:11:00 +02:00
Sam Saffron
a656a672a1 FIX: Don't limit the count of badges to 96 2016-03-05 10:57:32 +11:00
Sam
ca3e2b4da3 FEATURE: you can not drill down and see why you have badges
Clicking on badges filters down the list to a particular user.
2016-01-18 17:59:20 +11:00
Sam
8da8999aa1 Revert "FIX: properly filter badges when they're on a whisper"
This reverts commit 6b07575632.
2015-09-25 10:20:47 +10:00
Régis Hanol
6b07575632 FIX: properly filter badges when they're on a whisper 2015-09-25 00:30:29 +02:00
Sam
8277a586bb usage of raise corrected 2015-05-07 11:00:51 +10:00
Sam
f555bbb416 FEATURE: long descriptions for badges to help teach people 2015-02-27 17:19:18 +11:00
Sam
fe578f9944 FEATURE: Allow manual assignment of related post to badge
PERF: clean up performance of user badges admin when large number of badges exist
2015-02-25 12:53:01 +11:00
riking
99c11e2184 Sort the badges on the user profile page
Also clean up UserBadgesController so it isn't doing two things in one
method
2014-08-25 12:40:51 -07:00
Sam
c8284170ad FEATURE: badge grouping UI
FIX: not loading more badges on badge show page
2014-07-18 15:46:36 +10:00
Sam
88469721b9 FEATURE: Allow admins to disable specific badges 2014-07-14 17:40:36 +10:00
Vikhyat Korrapati
2e52f795ea Backend changes to support improved badge pages. 2014-06-28 01:24:00 +05:30
Vikhyat Korrapati
67a2b2598d Cosmetic changes. 2014-06-19 16:56:18 +05:30
Vikhyat Korrapati
d208e4d517 Multiple grant badges. 2014-05-21 12:54:55 +05:30
Vikhyat Korrapati
4de700b49b Change badge user list limit to 96 so that it is divisible by 8. 2014-05-19 10:32:59 +05:30
Louis Rose
1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Vikhyat Korrapati
4e89b64e64 Load 100 users at a time for the badge page, with a button to load more. 2014-04-24 14:48:26 +05:30
Vikhyat Korrapati
843023d7c9 Fix user_badges n+1 query. 2014-04-17 21:58:05 +05:30
Sam
30e73104e4 Bump up to 200 for now, UI perf needs lots of work 2014-04-17 16:25:06 +10:00
Vikhyat Korrapati
3136217fc1 Add badge page. 2014-04-17 01:57:57 +05:30
Vikhyat Korrapati
dcaa069bb5 Log badge grant/revoke to the staff actions log. 2014-03-21 11:10:07 +05:30
Vikhyat Korrapati
50ce93a850 Use render_serialized for rendering instances in UserBadgeController. 2014-03-21 11:09:19 +05:30
Vikhyat Korrapati
9b26c8584e Initial badge system implementation. 2014-03-14 21:49:26 +05:30