Commit Graph

124 Commits

Author SHA1 Message Date
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Guo Xiang Tan
451f7842ff DEV: More send -> public_send. 2019-05-07 10:05:58 +08:00
Guo Xiang Tan
152238b4cf DEV: Prefer public_send over send. 2019-05-07 09:33:21 +08:00
Sam Saffron
9be70a22cd DEV: introduce new API to look up dynamic site setting
This removes all uses of both `send` and `public_send` from consumers of
SiteSetting and instead introduces a `get` helper for dynamic lookup

This leads to much cleaner and safer code long term as we are always explicit
to test that a site setting is really there before sending an arbitrary
string to the class

It also removes a couple of risky stubs from the auth provider test
2019-05-07 11:00:30 +10:00
Roman Rizzi
aec457e09a
DEV: Expose a way to extend a method that returns a list 2019-04-08 14:42:36 -03:00
Robin Ward
b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Penar Musaraj
9bf11a7c02
FEATURE: Add localized timezone names (#7004)
Uses github.com/discourse/moment-timezone-names-translations to translate timezone names.
Plugins can also provide their own timezone name translations.
2019-02-25 14:40:02 -05:00
Gerhard Schlager
84c56e16f9 REFACTOR: Use keyword argument for fallback_to_english flag 2019-02-19 15:28:47 +01:00
Régis Hanol
95e5f8380d FEATURE: Allow plugins to add custom emoji translations
FIX: buildTranslationTree was erroring when translations overlapped (ie. ":-)" and ":-))")
FIX: emoji translations wasn't working properly when translations overlapped
2019-01-04 15:27:46 +01:00
David Taylor
23c65feb6c DEV: Prevent deprecation warnings being incorrectly logged 2018-12-31 14:41:30 +00:00
David Taylor
4e010382cc REFACTOR: Initialize auth providers after plugin.activate!
Also added some helpful functionality for plugin developers:
- Raises RuntimeException if the auth provider has been registered too late
- Logs use of deprecated parameters
2018-11-30 16:58:18 +00:00
Kyle Zhao
488fba3c5f
FEATURE: allow plugins and themes to extend the default CSP (#6704)
* FEATURE: allow plugins and themes to extend the default CSP

For plugins:

```
extend_content_security_policy(
  script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'],
  style_src: ['https://domain.com/style.css']
)
```

For themes and components:

```
extend_content_security_policy:
  type: list
  default: "script_src:https://domain.com/|style_src:https://domain.com"
```

* clear CSP base url before each test

we have a test that stubs `Rails.env.development?` to true

* Only allow extending directives that core includes, for now
2018-11-30 09:51:45 -05:00
Penar Musaraj
03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
David Taylor
052bf37578 FIX: Use Discourse.deprecate instead of Rails.logger.warn
This will significantly reduce the volume of logs when the condition is hit
2018-11-22 15:59:47 +00:00
Sam
42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Penar Musaraj
005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
David Taylor
c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499)
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Guo Xiang Tan
1c9b5e75e7 DEV: Support post deployment migrations for plugins. 2018-10-09 13:11:45 +08:00
David Taylor
4382fb5fac DEV: Allow plugins to whitelist specific user custom_fields for editing (#6358) 2018-09-04 20:45:36 +10:00
Robin Ward
5895507153 FEATURE: Ability for plugins to whitelist custom fields for flags
You can now call `whitelist_flag_post_custom_field` from your plugins
and those custom fields will be available on the flagged posts
area of the admin section.
2018-08-09 10:49:14 -04:00
Sam
4b000f5d12 FIX: do not use lib for requires
this breaks loading the app from arbitrary dirs
2018-08-07 11:04:29 +10:00
David Taylor
812add18bd REFACTOR: Serve auth provider information in the site serializer.
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
David Taylor
8d1acbd4c2 DEV: Include specific authenticator name in warning message 2018-07-30 11:33:48 +01:00
David Taylor
467c529920 FIX: Remove return statement from inside block 2018-07-26 15:52:39 +01:00
David Taylor
0d0d78841b
FIX: Remove plugin.enabled? checks at initialization time (#6166)
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
  - An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
  - In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.

Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.

I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
  - `post_custom_fields_whitelist`
  - `whitelist_staff_user_custom_field`
  - `add_permitted_post_create_param`
2018-07-25 16:44:09 +01:00
David Taylor
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Robin Ward
6901e0e043 FIX: Rails.logger isn't always available when loading plugin locales 2018-06-22 10:20:20 -04:00
Joffrey JAFFEUX
24c27b5321
FEATURE: adds a add_report method accessible in plugin.rb 2018-06-19 15:00:11 +02:00
Guo Xiang Tan
c6f45fcfdb Expose an API for plugins to be hidden on the admin plugin page. 2018-05-08 13:24:58 +08:00
Guo Xiang Tan
8cf0f51eb2 UX: Display site settings shortcut for poll and discourse-nginx-performance-report.
https://meta.discourse.org/t/improving-admin-plugins/84585/29?u=tgxworld
2018-05-08 10:34:32 +08:00
Robin Ward
93b40d5e59 Don't use puts here since it happens in tests 2018-04-30 12:26:43 -04:00
Robin Ward
cfcdc4b420 Output when a locale is invalid 2018-04-20 15:29:18 -04:00
Joffrey JAFFEUX
45f657336e
FEATURE: adds support for loading existing core asset in pretty text 2018-04-10 08:37:16 +02:00
Gerhard Schlager
eb52c5469e FEATURE: Allow plugins to register a new locale 2018-01-25 14:57:41 +01:00
Jeff Wong
b094894c94 Feature: Add service worker registration method to plugin API 2017-11-28 14:01:41 +08:00
Robin Ward
966c7e7f07 FEATURE: Allow plugins to dynamically add seed fixture paths
This is useful if your plugin wants different seed data for different
locales for example.
2017-11-16 14:43:17 -05:00
Robin Ward
838568cbc3 Refactor flag types for more customization 2017-10-19 13:55:23 -04:00
Robin Ward
823936ca9c A plugin API to catch exceptions 2017-10-02 12:05:12 -04:00
Robin Ward
34f98f362f Add a plugin hook to specify a class on the body of the document 2017-09-28 13:17:09 -04:00
Guo Xiang Tan
77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Robin Ward
e7885c20cb Add reloadable support for patching in an avatar lookup 2017-08-30 14:24:03 -04:00
Guo Xiang Tan
2157079d09 Add Plugin API to register a category custom field. 2017-08-17 15:59:57 +09:00
Régis Hanol
55f449edc5 FIX: reloading issues with classes 2017-08-16 23:00:52 +02:00
Robin Ward
5ed809a15b FIX: Reloading issues with classes 2017-08-13 13:19:50 -04:00
Régis Hanol
51ef36abb4 Add a bunch of reload-friendly class variables accessors plugin APIs 2017-08-12 04:21:02 +02:00
Régis Hanol
04460ecac5 'add_to_serializer' should define the 'include_' method by default 2017-08-09 22:22:18 +02:00
Robin Ward
f11253dcb6 Allow plugin patches to reload in development mode 2017-08-09 12:30:27 -04:00
Robin Ward
43fd90b2da Remove serve_public_dir -- it's not needed 2017-07-28 13:44:38 -04:00
Robin Ward
5ae79697b8 Remove unused register_theme code, expose serve_public 2017-07-28 11:47:25 -04:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00