riking
4c8850108a
SECURITY: Don't leak topic title in the redirect
2015-02-04 11:55:39 -08:00
Sam
b1f81c0dca
Merge pull request #3080 from riking/misc
...
Miscellaneous fixes from PR#3000
2015-01-30 10:23:17 +11:00
Sam
ea7af7a83b
Merge pull request #3135 from longhotsummer/fix-no-user-params
...
FIX: creating a user shouldn't error when optional fields aren't given
2015-01-30 10:12:57 +11:00
riking
85a7b925c7
Miscellaneous fixes from PR#3000
...
FIX: Don't require login to view post raw
FIX: Don't submit read-guidelines for anonymous users (causes
unnecessary 403 errors from ensure_logged_in)
FIX: Don't pass nil to an array serializer
2015-01-29 13:56:32 -08:00
Robin Ward
1f40807001
Add extensibility point for whenever a post is created
2015-01-29 12:46:29 -05:00
Greg Kempe
d99ccf6d27
FIX: creating a user shouldn't error when optional fields aren't provided
...
This fixes a bug where the server would 500 if the only user fields
where optional ones, and the create_user call didn't provide any
values so that params[:user_fields] was nil.
Additionally, don't bother double-checked for required fields, since we
iterate over all fields and will catch any that are required and blank.
2015-01-27 11:48:27 +02:00
Régis Hanol
f7f5e39f75
FIX: Minor Admin bug with a setting when creating a new group
2015-01-23 20:31:48 +01:00
Régis Hanol
256519dddf
FEATURE: automatic group membership based on email address
2015-01-23 18:25:43 +01:00
Robin Ward
b3a2c0c45b
SECURITY: The SSO return_path
was an open redirect
...
This security fix needs SSO to be configured, and the user has to go
through the entire auth process before being redirected to the wrong host so
it is probably lower priority for most installs.
2015-01-22 12:20:17 -05:00
Régis Hanol
e300945879
FEATURE: split group admin in 2 tabs (custom & automatic)
...
FIX: clear the user-selector when adding new members
2015-01-21 20:52:48 +01:00
riking
1ab0d6bd82
FEATURE: Log username changes by staff
...
Also fix the tests for changing username
2015-01-17 02:26:12 -08:00
Régis Hanol
7a86abd105
Merge pull request #3084 from jmay/group-managers
...
table & model changes for group managers with permission to edit members
2015-01-16 12:02:38 +01:00
Arpit Jalan
c619aed8f9
💄 add username and date-time in exported file name
2015-01-16 01:39:46 +05:30
Jason W. May
a2b284a0a4
table & model changes for group managers with permission to edit membership
2015-01-15 11:44:42 -08:00
Arpit Jalan
b94c7922c5
🐎 gzip csv export files
2015-01-14 13:38:37 +05:30
Régis Hanol
1032fa7262
Merge pull request #3089 from lucianosousa/enhacement/controllers-rspec3
...
controllers with rspec3 syntax
2015-01-12 16:25:31 +01:00
Luciano Sousa
bc73238c8f
controllers with rspec3 syntax
2015-01-09 14:04:02 -03:00
Luciano Sousa
16156bdc1d
removing rspec3 warning
2015-01-09 09:55:58 -03:00
Sam
efc717c14a
FEATURE: remove star concept from Discourse
2015-01-07 13:43:27 +11:00
Jeff Atwood
6953923a03
remove |starred| from topnav default options
2015-01-06 16:03:45 -08:00
Régis Hanol
060cda7772
FIX: proper handling of group memberships
2015-01-05 18:51:45 +01:00
Neil Lalonde
4c166942ad
FEATURE: Invite admin api has an optional param send_email which can prevent sending an email to the invited user. The api will return the password reset url so that the caller can send an email with it instead.
2015-01-02 15:48:54 -05:00
Régis Hanol
9fcaf090ec
Merge pull request #3068 from fantasticfears/category_slug
...
support setting category slug
2015-01-02 11:55:27 +01:00
Arpit Jalan
bfe95966b4
better filenames for export
2015-01-02 15:30:50 +05:30
Robin Ward
35edfb5b91
FIX: Don't truncate groups. @ZogStrIP we need to create a better fix for
...
this in the new year.
2014-12-31 12:58:50 -05:00
Arpit Jalan
78537aad39
FIX: rate limit user posts export
2014-12-31 00:54:23 +05:30
Erick Guan
1e166d89ff
support setting category slug
2014-12-30 03:14:54 +08:00
Robin Ward
1055fc0919
Merge pull request #3021 from jmay/custom-category-slug
...
optional custom value for category slug (create and update)
2014-12-29 10:34:23 -05:00
Régis Hanol
267de04e2d
Merge pull request #3061 from techAPJ/patch-1
...
Rename CsvExportLog to UserExport
2014-12-29 12:39:53 +01:00
Régis Hanol
bfbc49ef6f
FIX: log only 1 'show email' record
2014-12-29 11:50:36 +01:00
Arpit Jalan
68e66f3a25
Rename CsvExportLog to UserExport
2014-12-28 22:31:12 +05:30
Régis Hanol
9932bea7ce
FEATURE: default emoji override
2014-12-25 17:58:15 +01:00
Arpit Jalan
7c7474aa10
create a new table to maintain csv export log
2014-12-24 16:25:36 +05:30
Arpit Jalan
bb152a5b3f
FEATURE: download user posts archive
2014-12-24 15:13:48 +05:30
Sam
5b844f5320
FEATURE: more than 1 site customization can be enabled at once
...
FIX: more robust site customizations
Rewrote site customization to use distributed cache and a much cleaner
css delivery mechanism
2014-12-23 13:03:48 +11:00
Régis Hanol
45dbdb6896
FEATURE: custom emojis
2014-12-23 01:12:26 +01:00
Robin Ward
9bb2ab6265
Merge pull request #3034 from fantasticfears/filter_system_user
...
disable sending email or show presence when forgot system user password
2014-12-19 16:52:01 -05:00
Erick Guan
ceca85c9eb
use system user helper and constant when it's referred
2014-12-18 18:21:14 +08:00
Sam
ae16186100
FEATURE: post chunk size should not be configurable
...
If people need to configure post chunk size use a plugin
Core only supports out of the box settings, if changed can lead to
severe performance issues.
2014-12-15 10:57:34 +11:00
Blake Erickson
02ade72ceb
Update username should return a json response
...
- Have update username return json response that contains the updated
username and id. I figured this would be better than just return "OK".
- Add test to verify that the new username is returned.
2014-12-10 09:43:16 -07:00
Erick Guan
9937af7ac4
disable sending email or show presence when forgot system user password
2014-12-10 14:17:56 +08:00
Blake Erickson
1d0eccf710
Have activate user return json
...
- Change activate user from admin controller to return json
- Test that it returns json
- Remove unnessary test from log_out spec
This commit was created so that when you activate a user through the api
it returns a json response.
2014-12-08 11:16:57 -07:00
Blake Erickson
e9e88c9b82
Remove legacy avatar code
...
- Remove method that was only left around because the
[api](https://github.com/discourse/discourse_api/pull/53 ) called it
- Modify test to use new route instead of legacy route
https://meta.discourse.org/t/legacy-route-for-avatars/22838/2
2014-12-07 06:13:14 -07:00
Blake Erickson
a61519eebf
Have pick_avatar return json.
...
I'm working on writing a test in the discourse_api gem for uploading
avatars and the pick method needs to return a json response.
I also added a test to make sure json is returned.
2014-12-06 09:26:32 -07:00
Jason W. May
efa872e426
optional custom value for category slug (create and update)
2014-12-03 16:23:59 -08:00
Sam
a8ff5fe97c
Merge pull request #3002 from jmay/group-membership-api
...
use limit & offset for pagination of group members
2014-12-03 11:11:10 +11:00
Régis Hanol
f226e4efc0
FIX: don't error out when updating a topic with no changes
2014-12-02 02:16:30 +01:00
Blake Erickson
bdc92eec70
Have log_out method return json.
...
This commit helps improve the discourse_api experience so that we can
check the json response if it was a success or not. This commit also
checks that a 404 is sent instead of a 500 if a bad user_id is passed
in.
2014-12-01 06:03:25 -07:00
Régis Hanol
5b90ceb71d
FEATURE: rolls up 1.2.*.* IP ranges when number of entries > 10
2014-11-27 19:29:30 +01:00
Sam
013f1a6dd0
FEATURE: allow creating admin and moderator accounts via SSO
2014-11-27 12:39:00 +11:00
Sam
c10e3df012
FEATURE: implement SSO provider on Discourse so Auth can be farmed to it
...
FEATURE: pass return_sso_url to SSO endpoints, for easier return
2014-11-26 17:26:27 +11:00
Jason W. May
610c2a4d65
checking actual values in the spec, not just counts
2014-11-25 09:12:24 -08:00
Jason W. May
adb570fe53
use limit & offset for pagination of group members
2014-11-24 12:12:48 -08:00
Régis Hanol
7b0ae702e7
FEATURE: log a new staff action when rolling up banned IP addresses
2014-11-24 19:48:54 +01:00
Régis Hanol
1023191315
FEATURE: roll up function for 123.456.789.* ranges
2014-11-24 17:25:48 +01:00
Sam
1c498eb491
FEATURE: API endpoint for inviting an admin
2014-11-24 15:42:56 +11:00
Jason W. May
6f8119ebb8
Merge branch 'master' into group-admin-incremental
2014-11-21 10:04:05 -08:00
Régis Hanol
b8d806ee07
FEATURE: delete all accounts from this IP in the IP lookup modal
2014-11-20 19:59:20 +01:00
Jason W. May
50de22801f
API addition: HTTP PATCH support for /groups/xxx: incremental membership changes
2014-11-20 09:29:56 -08:00
Arpit Jalan
aebf36c356
remove /download from csv file url
2014-11-20 00:34:38 +05:30
Régis Hanol
a036ac7bdc
FIX: users can see the raw email source of their own posts
2014-11-12 14:49:42 +01:00
David McClure
efc4109902
update specs to remove deprecation warnings
2014-11-07 06:05:44 -08:00
Régis Hanol
bb2d538194
FEATURE: log impersonations
2014-11-06 10:58:47 +01:00
Robin Ward
068d22e9b3
Add API support for querying admin reports by date range
2014-11-05 13:11:37 -05:00
Robin Ward
c9eb809dad
FIX: The text to users who signed up when approval was required was
...
misleading.
2014-11-04 15:48:03 -05:00
Régis Hanol
b09ad87098
FIX: add 'show emails' button from moderators in user admin section
2014-11-03 12:46:08 +01:00
Robin Ward
316f1bea04
SECURITY: Don't allow redirects with periods in case you don't control
...
other tlds on the same domain.
2014-10-30 11:31:44 -04:00
Régis Hanol
865194f409
FIX: cannot show email for pending/inactive users
2014-10-29 01:07:27 +01:00
Sam
7d6d8bd0a3
FEATURE: admin end point to sync sso /admin/users/sync_sso
...
Must be admin to invoke (api is fine too), uses same sso payload nonce is ignored
2014-10-28 11:25:21 +11:00
Régis Hanol
e7f251c105
LOTS of changes to properly handle post/topic revisions
...
FIX: history revision can now properly be hidden
FIX: PostRevision serializer is now entirely dynamic to properly handle
hidden revisions
FIX: default history modal to "side by side" view on mobile
FIX: properly hiden which revision has been hidden
UX: inline category/user/wiki/post_type changes with the revision
details
FEATURE: new '/posts/:post_id/revisions/latest' endpoint to retrieve
latest revision
UX: do not show the hide/show revision button on mobile (no room for
them)
UX: remove CSS transitions on the buttons in the history modal
FIX: PostRevisor now handles all the changes that might create new
revisions
FIX: PostRevision.ensure_consistency! was wrong due to off by 1
mistake...
refactored topic's callbacks for better readability
extracted 'PostRevisionGuardian'
2014-10-27 22:06:43 +01:00
Robin Ward
71f211f0b3
FEATURE: Allow users to select a badge with an image to appear on their
...
user card
2014-10-20 16:35:38 -04:00
Robin Ward
1cf4a0d604
Rename "User Expansion" to the much clearer "User Card"
2014-10-20 12:11:59 -04:00
Jeff Atwood
92b615b503
reorganize site settings a bit
2014-10-19 23:14:50 -07:00
Arpit Jalan
f8237e2ac0
add spec for raw_email action
2014-10-18 22:36:08 +05:30
Robin Ward
f3a67a48a3
Merge pull request #2874 from cpradio/clear-notifications
...
FEATURE: Mark All as Read button for Notifications page
2014-10-16 15:57:19 -04:00
Robin Ward
4d465362b5
FEATURE: Allow a user to upload an image for their expansion background.
2014-10-16 15:05:36 -04:00
cpradio
8f390c979b
FEATURE: Mark All as Read button for Notifications page
...
Added a Mark All as Read button to the top/bottom of the notifications user page
https://meta.discourse.org/t/possibility-to-selectively-or-completely-mark-notifications-as-read/20227
Remove notifications property (no longer used)
2014-10-13 06:31:27 -04:00
Régis Hanol
5754e8dd0f
FEATURE: auto-close topics based on last post
2014-10-10 18:21:44 +02:00
Régis Hanol
7e8c4b63f4
FIX: only show agreed abd deferred flags on user's profile
2014-10-09 16:10:16 +02:00
Robin Ward
f9a8f6d6ce
FEATURE: Support for a required
setting on user fields.
2014-10-08 15:10:19 -04:00
Sam
0e7be81e60
FIX: badge granted titles were not being revoked when badge was revoked
2014-10-08 10:26:18 +11:00
Robin Ward
2fbfc9dffa
FIX: Editing a topic's title should be rate limited too.
2014-10-07 16:46:01 -04:00
Robin Ward
1252e7324f
Added easy impersonate route while in development mode
2014-10-07 12:25:50 -04:00
Arpit Jalan
78fd99fc40
Feature: resend invites
2014-10-07 01:43:17 +05:30
Robin Ward
381814fd5d
Adds support for a description to user fields.
2014-10-02 15:56:52 -04:00
Sam
29bb9eaa89
Merge pull request #2835 from techAPJ/patch-2
...
add user email on account created page
2014-10-02 17:29:26 +10:00
Arpit Jalan
41af2d79b5
add user email on account created page
2014-10-02 12:43:44 +05:30
Régis Hanol
98b6b9821a
FEATURE: log topic/post deletions from staff members
2014-10-01 17:40:13 +02:00
Robin Ward
edb34c178a
FEATURE: Show user fields when the user is signing up
2014-09-30 10:45:18 -04:00
Sam
4bcd4e05b8
correct spec
2014-09-30 13:16:34 +10:00
Régis Hanol
a7a1dcadcc
use the right HTTP verb
2014-09-29 22:41:54 +02:00
Régis Hanol
7e309a21cf
FEATURE: hide emails behind a button for staff members
2014-09-29 22:31:05 +02:00
Robin Ward
0fc0533134
FEATURE: Admin interface for adding custom fields for users
2014-09-25 16:17:51 -04:00
Régis Hanol
de76b512c1
fix most deprecations in the specs (still some left)
2014-09-25 17:44:48 +02:00
Sam
dd5872eecb
remove warnings
2014-09-25 17:46:51 +10:00
Robin Ward
bc53d48bd7
Renaming site contents to site text
2014-09-24 16:08:14 -04:00
Sam
58eabb03e5
FEATURE: api support for arbitrary unlinked assets
...
admins can set retain periods for assets
2014-09-23 16:50:17 +10:00
Sam
d1f6aba71f
fix test
2014-09-23 09:55:30 +10:00
Sam
9428ad779f
FIX: send content length with backups
2014-09-23 09:25:53 +10:00
Sam
8c74255cbb
FIX: 404 if we try to navigate to a non-existant page
2014-09-22 17:08:11 +10:00