Commit Graph

2789 Commits

Author SHA1 Message Date
Maja Komel
39522659a6 FIX: validate parent category/subcategories permissions
See: https://meta.discourse.org/t/subcategories-do-not-inherit-permissions-from-parent-category/17174/23 for more details

This ensures users with access to child category can always at least see parent
2019-02-14 16:38:52 +11:00
Régis Hanol
4d674acc25 FEATURE: AWS SNS bounce notifications webhooks 2019-02-13 21:26:40 +01:00
David Taylor
59640ef373 DEV: Add additional hooks for theme-creator plugin 2019-02-12 14:17:34 +00:00
Dan Ungureanu
90ce448675 PERF: Cache build_not_found_page 2019-02-12 21:20:33 +11:00
Robin Ward
c719658f9f human? helper method on a user
This is cleaner than hard coding `id > 0` in ruby code.
2019-02-08 13:34:54 -05:00
Robin Ward
bc3efab816 FIX: When disagreeing with a flag that silenced a user, unsilence them
Previously it would unhide their post but leave them silenced.

This fix also cleans up some of the helper classes to make it easier
to pass extra data to the silencing code (for example, a link to the
post that caused the user to be silenced.)

This patch also refactors the auto_silence specs to avoid using
stubs.
2019-02-08 08:50:50 -05:00
David Taylor
f3cfce4a93
FEATURE: Calculate sprite-sheet based on currently active themes (#6973)
Previously there was only one sprite sheet, which always included icons from all themes even if they were disabled
2019-02-06 15:51:23 +00:00
Arpit Jalan
381793243e FIX: include error message if the "accept invite" process fails 2019-02-06 19:20:25 +05:30
Vinoth Kannan
e7821a63e7 FIX: Users should able check the emails for self 2019-02-05 23:31:19 +05:30
David Taylor
7b7bc3db39 FIX: Rescue and display import errors when updating theme via git 2019-02-05 13:49:16 +00:00
Régis Hanol
1021a42b22 FIX: new mailgun webhooks 2019-01-31 17:52:33 +01:00
David Taylor
d8bd3c32ca
DEV: Allow theme CLI to specify which theme to synchronize (#6963)
Currently the theme is matched by name, which can be fragile when there are many themes with the same name. This functionality will be used by the next version of theme CLI.
2019-01-30 14:17:04 +00:00
Guo Xiang Tan
60c1cd9f81 FIX: Return 400 when username params is invalid. 2019-01-30 16:06:55 +08:00
Robin Ward
6f656f6e7d FIX: Better error handling if a file cannot be sent
If for some reason `Discourse.store.path_for` returns `nil`, the
forum would throw an error rather than returning 404.

Why would it be `nil`? One cause could be changing the type of
file store and having the `url` field no longer be relative.
2019-01-29 16:47:25 -05:00
David Taylor
77d26b9df6 FIX: Support application/gzip theme imports, and improve error message 2019-01-28 11:51:14 +00:00
Blake Erickson
de47b35b2d FIX: user_id handling on remove user from group
Under some conditions it was possible to pass in a user_id as an
integer, but we would try and parse it as a comma delimited string
resulting in an error. This has been fixed so that we are no longer
mapping the user_id param to user_ids.
2019-01-24 17:40:48 -07:00
David Taylor
afd449089f
FEATURE: Import and export themes in a .tar.gz format (#6916) 2019-01-23 14:40:21 +00:00
David Taylor
2e59a37687
FEATURE: List unused theme components (#6924) 2019-01-23 09:20:13 +00:00
Guo Xiang Tan
2d354ec9b0 FIX: ForumsController doesn't need to inherit from ApplicationController.
Application controller has a whole bunch of before/after actions which
we have no need for.
2019-01-21 14:37:04 +08:00
Maja Komel
45f66826ee PERF: delete potentially large associated tables before user_destroyer.destroy transaction 2019-01-18 16:10:03 +01:00
Gerhard Schlager
457e6c7b37 FIX: Mods weren't able to see emails in admin user list 2019-01-18 15:37:30 +01:00
David Taylor
880311dd4d
FEATURE: Support for localized themes (#6848)
- Themes can supply translation files in a format like `/locales/{locale}.yml`. These files should be valid YAML, with a single top level key equal to the locale being defined. For now these can only be defined using the `discourse_theme` CLI, importing a `.tar.gz`, or from a GIT repository.

- Fallback is handled on a global level (if the locale is not defined in the theme), as well as on individual keys (if some keys are missing from the selected interface language).

- Administrators can override individual keys on a per-theme basis in the /admin/customize/themes user interface.

- Theme developers should access defined translations using the new theme prefix variables:
  JavaScript: `I18n.t(themePrefix("my_translation_key"))`
  Handlebars: `{{theme-i18n "my_translation_key"}}` or `{{i18n (theme-prefix "my_translation_key")}}`

- To design for backwards compatibility, theme developers can check for the presence of the `themePrefix` variable in JavaScript

- As part of this, the old `{{themeSetting.setting_name}}` syntax is deprecated in favour of `{{theme-setting "setting_name"}}`
2019-01-17 11:46:11 +00:00
Guo Xiang Tan
ebe65577ed
FEATURE: Consolidate likes notifications. (#6879) 2019-01-16 10:40:16 +08:00
Arpit Jalan
0cb2b7d603 FIX: add meta details for user summary page 2019-01-14 19:49:14 +05:30
Arpit Jalan
a121d40771
FIX: do not show PM topics when moving posts to an existing public topic (#6876) 2019-01-14 15:00:45 +05:30
Robin Ward
dbe42068a2 REFACTOR: Move option to return emails into the serializer
This makes more sense than having the guardian take an accessor.
The logic belongs in the Serializer, where the JSON is calculated.

Also removed some of the DRYness in the spec. It's fewer lines
and made it easier to test the option on the serializer.
2019-01-11 11:17:23 -05:00
Saurabh Patel
99856478d6 FIX: use discourse route_for function to check url route
it takes care if there is a relative url root
2019-01-11 14:58:45 +08:00
Guo Xiang Tan
c2bca9cabe Make rubocop happy. 2019-01-10 10:52:15 +08:00
Guo Xiang Tan
d10694150e Revert "FIX: Partial reply key search in email sent logs."
This reverts commit e9b2018bc8.
2019-01-10 10:05:56 +08:00
Saurabh Patel
b63b399799 DEV: remove uploaded_meta_id column from category (#6725)
* DEV: remove uploaded_meta_id column from category

* remove uploaded_meta part
2019-01-10 09:37:21 +08:00
Guo Xiang Tan
e9b2018bc8 FIX: Partial reply key search in email sent logs.
Follow up to c85b9c6ed3
2019-01-10 09:25:14 +08:00
Michael Brown
c85b9c6ed3 FIX: searching email logs by reply key (#6868)
* you can't use LIKE or ILIKE on a UUID
2019-01-10 07:51:58 +08:00
Sam
f947e3c6cc FIX: always serve new avatar for previous version
Previously we killed caching on old avatars cause we kept serving blank
this meant we would front many more avatar requests after a version change

This change ensures all old avatars do not cause a flood of requests on the
server
2019-01-08 19:51:33 +11:00
Arpit Jalan
e0bc82657b FIX: better accept invite flow when user is invited via a link 2019-01-07 14:22:08 +05:30
cfitz
19d7545318 FEATURE: Make auth_redirect param options on user_api_keys
This is a possible solution for https://meta.discourse.org/t/user-api-keys-specification/48536/19
This allows for user-api-key requests to not require a redirect url.
Instead, the encypted payload will just be displayed after creation  ( which can be copied
pasted into an env for a CLI, for example  )

Also: Show instructions when creating user-api-key w/out redirect

This adds a view to show instructions when requesting a user-api-key
without a redirect. It adds a erb template and json format.
Also adds a i18n user_api_key.instructions for server.en.yml
2019-01-04 14:46:18 +11:00
Vinoth Kannan
385829d7be FEATURE: Display error message when category restriction is applied for tags 2019-01-04 00:29:13 +05:30
Arpit Jalan
bea7a8a4d1 FIX: show accurate error message based on invite token validity 2019-01-03 07:46:05 +05:30
Sam
14911d50a1 DEV: improve comment explaining need for favicon proxy 2019-01-02 13:15:20 +11:00
Arpit Jalan
70fdc10365
FEATURE: move posts to new/existing PM (#6802) 2018-12-31 17:17:22 +05:30
Saurabh Patel
0fca3205b5 FIX: show error msg on grant badge if message available from backend (#6801) 2018-12-31 10:46:39 +01:00
Joffrey JAFFEUX
1d62d3df6f
FIX: remove storage_stats from the list of reports, too specific (#6817) 2018-12-27 22:21:08 +01:00
Vinoth Kannan
2b006c0429 FEATURE: Invalidate broken images cache on Rebuild HTML action 2018-12-26 23:22:07 +05:30
David Taylor
7feabd9e49 PERF: Eradicate N+1 queries from the theme admin page 2018-12-21 11:03:58 +02:00
Vinoth Kannan
e7e4074856 FIX: raises an error if q param is empty in search page 2018-12-20 21:43:14 +05:30
Arpit Jalan
1ea0cbece8 FIX: skip adding sso diagnostics if sso object is nil 2018-12-19 20:55:35 +05:30
Joffrey JAFFEUX
e655e1863f
UX: Adding reports dashboard tab, new layout, report descriptions (#6790)
Co-Authored-By: Kris  <shout@k-ris.com>
2018-12-19 14:44:43 +01:00
Maja Komel
2fcbbead45 FIX: move sso provider into its own class so it doesn't interfere with sso client (#6767) 2018-12-19 10:22:10 +01:00
Neil Lalonde
6774b64aef FEATURE: add /conduct as an alias for /guidelines 2018-12-18 16:40:24 -05:00
Rishabh
c279792130 FIX: Allow sending test e-mails to any email address when disable_email is set to non-staff (#6792) 2018-12-18 16:12:05 +01:00
Vinoth Kannan
a313b01148 DEV: raise error if search term length is less than required 2018-12-18 20:06:59 +05:30
Gerhard Schlager
1a8ca68ea3 FEATURE: Improve backup stats on admin dashboard
* Dashboard doesn't timeout anymore when Amazon S3 is used for backups
* Storage stats are now a proper report with the same caching rules
* Changing the backup_location, s3_backup_bucket or creating and deleting backups removes the report from the cache
* It shows the number of backups and the backup location
* It shows the used space for the correct backup location instead of always showing used space on local storage
* It shows the date of the last backup as relative date
2018-12-17 11:35:11 +01:00
Guo Xiang Tan
e9ea0102a5 FIX: Consistency about our response for invalid user id in Admin::UsersController. 2018-12-15 08:01:35 +08:00
Joffrey JAFFEUX
03014b0d05
FEATURE: adds security tab to dashboard (#6768)
This commit also includes the new staff_logins report
2018-12-14 13:47:59 +01:00
Maja Komel
9f89aadd33 FIX: delete all posts in batches without hijack (#6747) 2018-12-14 11:04:18 +01:00
Sam
94b8ba4f8f FIX: remove slow platform detection from server side
Historically due to https://meta.discourse.org/t/why-is-discourse-so-slow-on-android/8823
we decreased page sizes of both home page and topic page on android by half.

This was done on the server side and as a side effect and caused page sizes on android
to mismatch between Android and non Android.

Unfortunately about a year ago googlebot started pretending it is Android,
this cause Google to start indexing pages as what android would see. So
it saw double the amount of pages in the index as what exists on desktop.
This in turn caused double the amount of indexing work and a large amount
of broken links on long topics.

This fix removes all special behavior which is no longer needed due to
other performance work in Discourse including raw handlebars on home page
and virtual dom on topic pages.

I tested we do not need this on Blu Advance 5.0 it has 1.3 GHZ mediatec mt6580
This phone retails for around $50 USD.

If we decide long term that we want any hacks like this we will shift them
to the client side. It can just hold data in memory without rendering.
2018-12-13 13:57:05 +11:00
Maja Komel
dbbadb5c35 FEATURE: add short_site_description setting to be included in title tag on homepage 2018-12-12 11:46:58 +01:00
Guo Xiang Tan
86926f4aee DEV: Let create! handle the check for persistence.
This is unlikely to fail but we want to know when it does.
2018-12-12 08:36:13 +08:00
David Taylor
0f734e2ae2 FIX: Return authenticated=true when reconnecting
This prevents a registration popup on the client
2018-12-11 17:40:02 +00:00
Gerhard Schlager
688755baf2 DEV: Improve specs and handle invalid email token
Follow-up to 7977b09025
2018-12-11 18:04:10 +01:00
David Taylor
c7c56af397
FEATURE: Allow connecting associated accounts when two-factor is enabled (#6754)
Previously the 'reconnect' process was a bit magic - IF you were already logged into discourse, and followed the auth flow, your account would be reconnected and you would be 'logged in again'.

Now, we explicitly check for a reconnect=true parameter when the flow is started, store it in the session, and then only follow the reconnect logic if that variable is present. Setting this parameter also skips the 'logged in again' step, which means reconnect now works with 2fa enabled.
2018-12-11 13:19:00 +00:00
Gerhard Schlager
7977b09025 FEATURE: Activate users invited via email when invite is redeemed
Do not send an activation email to users invited via email. They
already confirmed their email address by clicking the invite link.
Users invited via link will need to confirm their email address before
they can login.
2018-12-11 00:09:53 +01:00
Rafael dos Santos Silva
efec2db859 FEATURE: Web Share Target Support
This adds a **very basic** support for share to Discourse.

Currently, this is only supported in Android + Chrome 71+.

After installing a Discourse site to the Home Screen, you will be
able to share from anywhere in the OS to the Discourse site.

Discourse will use the title and text from the share event.
2018-12-07 13:48:09 -02:00
Saurabh Patel
9e3143445b DEV:add uploaded_meta option in category for category meta image (#6724) 2018-12-07 16:24:07 +01:00
David Taylor
f7ce607e5d
FIX: Return 422 instead of 500 for invalid SSO signature (#6738) 2018-12-07 15:01:44 +00:00
Maja Komel
1d649e147b FEATURE: show avatar flair on group, badges and directory pages (#6732) 2018-12-06 12:18:52 +01:00
Bianca Nenciu
56890efd7a FEATURE: Add 'Advanced Test' for admin panel. 2018-12-05 21:56:18 +01:00
Bianca Nenciu
1a4f592749 FIX: Always allow admins upload selectable avatars. 2018-12-05 21:55:23 +01:00
Guo Xiang Tan
978f0db109 SECURITY: Require groups to be given when inviting to a restricted category. (#6715) 2018-12-05 16:43:07 +01:00
Vinoth Kannan
d33d031742
FEATURE: Filter topic and post web hook events by tags (#6726)
* FEATURE: Filter topic and post web hook events by tags

* Add a spec test with unmatched tags
2018-12-05 14:44:06 +05:30
Régis Hanol
3c9c95ac83 Update Rubocop to 0.60 2018-12-04 10:48:16 +01:00
Arpit Jalan
40f10855c6
FIX: defer flags (only) when handling a flag and deleting replies (#6702) 2018-11-29 22:44:18 +05:30
Maja Komel
4a8f21d387 FIX: prevent minimum_required_tags on category being set to null (#6703)
* FIX: prevent minimum_required_tags on category being set to null

* add migration for NOT_NULL constraint for minimum_required_tags

* add specs
2018-11-29 18:10:14 +01:00
Saurabh Patel
55945ec7c8 FIX: throw error when link in reason for grant badge is an external link (#6690) 2018-11-28 18:01:41 +01:00
Gerhard Schlager
e7b76b319a FEATURE: Setting for short title used by Android on homescreen 2018-11-28 14:59:30 +01:00
Arpit Jalan
851ef14096 Revert "FIX: do not agree flags by default when deleting posts"
This reverts commit cb6fc8057b.
2018-11-28 10:21:11 +05:30
Arpit Jalan
bdb1268528 FIX: static page title should be consistent on client side and server side 2018-11-27 22:03:52 +05:30
Arpit Jalan
6cb49cd42c
Merge pull request #6671 from techAPJ/destroy-posts-flags
FIX: do not agree flags by default when deleting posts
2018-11-27 11:27:23 +05:30
Arpit Jalan
cb6fc8057b FIX: do not agree flags by default when deleting posts 2018-11-27 10:57:20 +05:30
Penar Musaraj
03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
Arpit Jalan
b5bf182ad5 FIX: validate topic deletion when acting on a flag 2018-11-25 23:24:03 +05:30
Guo Xiang Tan
a1888b301b DEV: Don't require login for QUit test path. 2018-11-23 13:50:19 +08:00
Arpit Jalan
60941f214c FIX: remove unneeded keys from failed response 2018-11-22 14:59:50 +05:30
Guo Xiang Tan
6111b285d9 DEV: Remove comment that links to a private topic.
Not going to be useful for other developers.
2018-11-22 14:55:02 +08:00
Kyle Zhao
8e32aa1483 FEATURE: show post approvals in Moderation History (#6643) 2018-11-22 10:22:23 +08:00
Arpit Jalan
61eff22b29 FIX: raise Discourse::NotFound unless the user is present 2018-11-21 10:57:42 +05:30
Arpit Jalan
10cc698df3 FIX: respond with proper error message if user not found 2018-11-21 10:47:37 +05:30
Arpit Jalan
539f1c6252 FIX: raise Discourse::NotFound unless the topic is present 2018-11-21 09:48:38 +05:30
Sam
20268385a5 FIX: never attempt to log invalid post numbers
Previously in some cases we would queue logging of invalid post numbers

The impact would be we would miss logging an incoming link and would leak
an error.
2018-11-21 11:58:47 +11:00
Arpit Jalan
5951e111ad FIX: handle nil topic value when removing allowed users 2018-11-20 22:55:39 +05:30
Arpit Jalan
22a7f1e7f2 FIX: handle nil user value on password reset 2018-11-20 21:49:47 +05:30
Joffrey JAFFEUX
e860c8b844
FIX: adds support for missing reports from old dashboard (#6624) 2018-11-19 12:20:05 +01:00
Sam
6556a87629 FIX: only check for conflict on edit drafts
In some unknown cases non edit drafts are being checked for conflict
2018-11-15 13:14:07 +11:00
Leo McArdle
7bc121a065 allow CSP reports to be sent when header isn't set by Discourse (#6594) 2018-11-14 16:23:29 -05:00
Régis Hanol
c78dcde973 FIX: only send originalText when we need to 2018-11-14 17:47:59 +01:00
Bianca Nenciu
34e4d82f1a FEATURE: Report edit conflicts when saving draft. (#6585) 2018-11-14 12:56:25 +01:00
Guo Xiang Tan
44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00
David Taylor
17bc82765b FEATURE: Log password changes in UserHistory (#6600) 2018-11-14 08:32:42 +08:00
Robin Ward
467be59d75 FEATURE: Allow expanded posts to return user custom fields 2018-11-13 12:44:54 -05:00
Sam
80ceb57c76 DEV: add API endpoint to destroy_timings only of last post
Previously API only allowed you to nuke all timings from a topic,
new API is less punishing and allows you just to remove 1 post.
2018-11-13 16:07:48 +11:00
Vinoth Kannan
dda1824270 Use hijack in inline onebox controller 2018-11-13 02:39:20 +05:30