Sam
67db561429
BUGFIX: missed a key rename
...
BUGFIX: API spec not enabling CSRF
2014-05-23 08:43:19 +10:00
Sam
cf254000cf
Revert "Revert "BUGFIX: improve error messages for invalid API keys""
...
This reverts commit e9afe28586
.
2014-05-23 08:43:19 +10:00
Neil Lalonde
e9afe28586
Revert "BUGFIX: improve error messages for invalid API keys"
2014-05-22 14:55:36 -04:00
Sam
eeef775f21
BUGFIX: improve error messages for invalid API keys
...
BUGFIX: don't track last seen for message bus
2014-05-22 09:01:29 +10:00
Vikhyat Korrapati
d208e4d517
Multiple grant badges.
2014-05-21 12:54:55 +05:30
Neil Lalonde
27cbc06563
Add fixed_category_positions site setting to handle whether categories are ordered by specified positions or by activity.
2014-05-16 11:33:52 -04:00
Vikhyat Korrapati
b144b75565
Add automatically assigned trust level badges.
2014-05-14 20:47:21 +05:30
Neil Lalonde
c4d3aa3d47
Theming: a UI to choose some base colors that are applied to all the site css. CSS compiled outside of asset pipeline.
2014-05-14 10:18:12 -04:00
Wojciech Zawistowski
960d64930c
Wiki Post
2014-05-13 08:53:11 -04:00
Régis Hanol
fca6738212
BUGFIX: could not see the revisions of a post in a deleted topic
2014-05-12 16:30:10 +02:00
Régis Hanol
bc3de84ebf
FEATURE: remove bookmark button in activity feed
2014-05-12 09:33:26 +02:00
Sam
084ec87850
FEATURE: admins can invite users to groups via the web UI
2014-05-09 18:22:36 +10:00
Sam
3f07c1d0a1
Backend support for group invites
2014-05-09 18:22:35 +10:00
Sam
a2e2d0e886
Merge pull request #2316 from mutiny/refactor-where-first
...
Refactor `where(...).first` to `find_by(...)`
2014-05-08 09:10:45 +10:00
Régis Hanol
21e8ae0eca
BUGFIX: the /top page now shows the first non-empty period
2014-05-07 19:04:39 +02:00
Louis Rose
1574485443
Perform the where(...).first to find_by(...) refactoring.
...
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Régis Hanol
4371374ba6
FEATURE: support for enabling all upload file types
...
BUGFIX: authorized extensions is now case insensitive
2014-04-29 19:12:35 +02:00
Sam
0fc4c47927
Merge pull request #2295 from vikhyat/badge-system
...
Titleable badges
2014-04-29 11:26:51 +10:00
Neil Lalonde
1da59e7e2e
FIX: deactivated users shouldn't be able to log in
2014-04-28 13:46:28 -04:00
Vikhyat Korrapati
b4e037dfb2
Allow badges to be marked as "titleable".
2014-04-28 10:30:38 +05:30
Sam
4445b8c3c0
Factor out mocks
2014-04-28 00:34:55 +10:00
Neil Lalonde
feaaf55a0c
Theming: color scheme editing. Unfinished! Doesn't have any effect on css files yet.
2014-04-24 16:49:12 -04:00
Sam
05efc8df16
BUGFIX: likes would cause whole post to re-render
2014-04-24 12:42:04 +10:00
Robin Ward
af877781b7
Allow admins to choose if groups are visible or not.
2014-04-22 16:43:46 -04:00
Sam
a3b2b4baca
FEATURE: custom fields on User
2014-04-22 13:52:13 +10:00
Robin Ward
b9ca124756
Support for /my/preferences to automatically redirect to the logged in
...
user.
2014-04-21 11:52:11 -04:00
Régis Hanol
b2cb4b27a1
Merge pull request #2273 from paully21/development-branch
...
Add blurb of post to search results via API
2014-04-17 21:06:03 +02:00
paully21
84d100be85
Add blurb of post to search results via API
2014-04-17 07:58:51 -05:00
Vikhyat Korrapati
3136217fc1
Add badge page.
2014-04-17 01:57:57 +05:30
Vikhyat Korrapati
acfcf0b64e
Add /badges route that lists all defined badges.
2014-04-16 18:42:06 +05:30
Vikhyat Korrapati
de23caa871
Slightly faster badge system specs. (Shaves off ~100ms)
2014-04-16 18:08:10 +05:30
Régis Hanol
2505d18aa9
FEATURE: support email attachments
2014-04-14 22:55:57 +02:00
riking
1540a3d5e5
Allow changing ownwership of posts by admins
2014-04-08 01:47:42 -07:00
Robin Ward
10d0320532
FIX: Allow expanding posts when anonymous, add specs
2014-04-03 11:30:43 -04:00
Sam
be06156629
SECURITY: when enabled_local_logins is false users could log in via API
...
thanks @Nicholas Blanco
2014-03-26 15:39:44 +11:00
Robin Ward
539890afdf
Let's not show tons of extra information about invites unless you're the
...
person who invited them.
2014-03-21 14:16:11 -04:00
Vikhyat Korrapati
dcaa069bb5
Log badge grant/revoke to the staff actions log.
2014-03-21 11:10:07 +05:30
Sam
fe63db7953
Merge pull request #2115 from vikhyat/badge-system
...
Initial badge system implementation
2014-03-17 10:06:37 +11:00
Vikhyat Korrapati
9b26c8584e
Initial badge system implementation.
2014-03-14 21:49:26 +05:30
Neil Lalonde
283dc7dd2d
Trust level 4: add ability to edit any post and see edit history
2014-03-13 10:47:49 -04:00
Neil Lalonde
9ca516e58d
Rename nickname to username in the code. Use new hub routes. (Old routes still exist as aliases for old Discourse instances.)
2014-03-12 12:39:36 -04:00
Robin Ward
dc1d6decf5
Support for removal of old backups automatically via a site setting
2014-03-12 12:24:35 -04:00
Régis Hanol
363fabd3e7
add tests for ListController.best_period_for
2014-03-12 12:58:41 +01:00
Régis Hanol
bce4130d39
Merge pull request #2036 from ArmedGuy/profile-backgrounds
...
FEATURE: Profile Backgrounds
2014-03-05 16:00:49 +01:00
Johan Jatko
98c479c3c4
FEATURE: Profile Backgrounds
...
Shares a modified codebase with avatars called "user_image"
2014-03-05 15:10:44 +01:00
Stephen Birarda
c3eb2025d8
add option to override user attributes from SSO payload
...
add an external_username attribute for username from SSO payload
repair the field name in SingleSignOnRecord migration
move setting of external_username for sso to controller
add settings toggle to override username/email from SSO payload
fix changing of external username after override toggle
complete tests and logic for sso override
add some extra context to username override option
add external_email and external_name to single sign on record
add setting for name override from SSO payload
complete override with stored external_email and external_name
add missing checks to tests
remove an unneeded describe block
break up a monster method for single sign on
fixes for sso attribute override after failed tests
2014-03-04 09:52:21 -08:00
Robin Ward
f9cd354a2c
FEATURE: Button to reset new
2014-03-03 15:47:01 -05:00
Sam
557af84ae2
FIX: broken spec
2014-02-26 10:52:11 +11:00
Sam
50a8d3caae
BUGFIX: sso to send welcome emails
2014-02-26 10:28:03 +11:00
Sam
440435f023
FEATURE: SSO to handle return_path automatically
2014-02-26 09:58:30 +11:00
Sam
6f31d3f0e5
FEATURE: single sign on support
...
Added support for outsourcing auth to a different website, documentation on meta
2014-02-25 14:31:03 +11:00
Wojciech Zawistowski
d555df28f2
PostsController tests clean up.
2014-02-24 18:14:35 +01:00
Robin Ward
1aa27ade17
FEATURE: If you don't select any topics to "Dissmiss Read" it does all
...
by filter.
2014-02-21 15:18:45 -05:00
Robin Ward
a07e9f7e71
FEATURE: Bulk reset read
status.
2014-02-21 15:18:45 -05:00
Robin Ward
d95887c57d
CHANGE: We now include the _escaped_fragment_
support by default, but
...
only if the crawler check fails. It is a fallback for non-google search
engines that support the Ajax crawling API.
2014-02-20 17:02:26 -05:00
Wojciech Zawistowski
cfbeba84d2
Adds tests for PostsController#replies.
2014-02-20 17:38:13 +01:00
Régis Hanol
d443ddd43d
Merge pull request #1922 from joallard/language-toggle
...
Allow users to toggle interface language in their preferences
2014-02-19 18:28:00 +01:00
Wojciech Zawistowski
5e8db5ce14
Adds specs for PostsController#by_number.
2014-02-19 17:41:17 +01:00
Robin Ward
18e98851e3
Use lower case group names in URLs
2014-02-18 16:43:19 -05:00
Sam
43612e9fde
Merge pull request #1971 from velesin/posts_controller_refactoring
...
Refactors PostsController and adds unit tests.
2014-02-19 08:34:40 +11:00
Robin Ward
f19b0b5fe0
Include members count on groups page.
2014-02-18 16:17:04 -05:00
Jonathan Allard
0592420e52
Add a site setting to allow users to toggle I18n.locale
...
It is false by default.
2014-02-18 14:54:00 -05:00
Jonathan Allard
c513725f26
Allow users to toggle interface language in their preferences
2014-02-18 14:53:59 -05:00
Wojciech Zawistowski
5b9a4d3581
Refactors PostsController and adds unit tests.
2014-02-18 17:19:38 +01:00
Stephan Kaag
f12925887c
Drop Rails3 support
2014-02-17 19:42:08 +01:00
Christian Ramón
566d25ea75
fix typos in posts_controller_spec.
...
fixing 'suceeds' typo.
2014-02-16 12:17:36 -05:00
Régis Hanol
3f3c9ca7cb
FEATURE: add filters on email logs
2014-02-15 00:50:08 +01:00
Régis Hanol
b89d328de2
display/preload the logs of the last/current operation
2014-02-13 13:31:14 -08:00
Régis Hanol
3be1b5569a
backups controller & specs
2014-02-13 13:31:13 -08:00
Régis Hanol
8344f0d8fd
remove old import/export code
2014-02-13 13:31:13 -08:00
Neil Lalonde
8711762143
Users who have made no more than one post can delete their own accounts from their user preferences page.
2014-02-13 13:52:06 -05:00
Robin Ward
669247977b
FEATURE: Show the posts count on the groups page. It seems a bit odd
...
that it uses a new AJAX call, but I wanted to keep the count separate
from the group object itself.
2014-02-12 14:01:36 -05:00
Robin Ward
ca17f8a437
FIX: Wrong text. Thanks @riking
2014-02-10 17:36:13 -05:00
Robin Ward
b61df08d1b
FEATURE: Admin selector to choose a primary group for a user, display it
...
and apply a CSS class to their posts.
2014-02-10 17:00:15 -05:00
Robin Ward
2490837929
Added some specs for the group controller methods
2014-02-07 11:07:23 -05:00
Sam
93434be16d
SECURITY: reduce moderator rights
...
You can now hide particular categories from certain moderators
2014-02-07 14:11:52 +11:00
Robin Ward
aff16f372b
FIX: Show a nicer error when a user tries to access a category they
...
can't see.
2014-02-05 15:33:52 -05:00
Robin Ward
1dac3cfd64
API endpoint for retrieving the current user
2014-02-05 13:46:24 -05:00
Régis Hanol
4fb274fb9d
BUGFIX: history link doesn't work on deleted posts
2014-02-04 20:05:50 +01:00
Régis Hanol
d2974c2a15
BUGFIX: proper handling of top_menu_items
2014-02-03 16:08:00 +01:00
Robin Ward
b315a5c28f
Delegate bulk operations to a TopicsBulkAction
object.
2014-01-30 11:44:29 -05:00
Robin Ward
2892153712
REMOVE: Get rid of the hotness
control for good.
2014-01-29 11:54:34 -05:00
Neil Lalonde
74f1c553e3
FIX: 1868 Security: Dangerous Send
2014-01-27 13:05:51 -05:00
slainer68
748e1e0748
Allow using the API when Login required site setting is on.
2014-01-24 14:02:49 +01:00
Régis Hanol
8d2e5041bc
BUGFIX: proper handling of /none subcategory
2014-01-18 19:27:25 +01:00
Sam
2b64118df1
Merge pull request #1782 from ligthyear/group-mention
...
Allow groups to be used as aliases for user mentions
2014-01-12 14:36:45 -08:00
Neil Lalonde
52580f09af
Rename favorite to starred everywhere
2014-01-10 14:54:19 -05:00
Robin Ward
ca26d6d0d6
FIX: Uncaught promise on link click; fixes broken build
2014-01-09 16:31:26 -05:00
Neil Lalonde
259295d865
Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year.
2014-01-09 11:55:04 -05:00
Benjamin Kampmann
c743a985a4
Allow groups to be used as aliases for user mention
...
when configured by the admin a group can be found through the @mentions
feature in both the compose/reply and the private message user-selectors
and once selected the mention will be replaced by the list of users in
the group
2014-01-08 02:36:24 +11:00
Régis Hanol
8d73b7f94d
BUGFIX: hide sensitive site settings
2014-01-06 13:03:53 +01:00
Robin Ward
1ffcf39448
Make embedded comments look nicer
2014-01-03 12:52:42 -05:00
Robin Ward
4f8aed295a
FEATURE: Embeddable Discourse comments, now with simple-rss instead of feedzirra
2013-12-31 15:01:22 -05:00
Robin Ward
62db063e1e
Revert "Support for Embeddable Comments via IFRAME" - it depends on Curl
...
which not every server has. Have to rethink this.
This reverts commit e3e4c62887
.
2013-12-31 12:52:31 -05:00
Robin Ward
e3e4c62887
Support for Embeddable Comments via IFRAME
2013-12-31 12:26:24 -05:00
Régis Hanol
567d2bd23c
add top page
2013-12-24 00:50:36 +01:00
Neil Lalonde
341adc93a4
Allow categories with null position, which means sort them based on activity. Mix absolutely positioned (position is not null) categories with null position categories.
2013-12-16 15:13:57 -05:00
Robin Ward
06e9cbc6cb
FIX: Look up a url without the query string if it couldn't be found with it.
2013-12-13 12:56:20 -05:00
Sam
05a3c8090f
Merge pull request #1658 from salbertson/sa-refactor-users-controller-create
...
Refactor UsersController#create
2013-12-12 22:16:50 -08:00
Régis Hanol
06dd7ffe3c
better revision history
2013-12-12 03:41:34 +01:00
Neil Lalonde
9a24d2651d
Allow category to auto-close topics in X hours instead of days. FIX: the system message that says a topic was automatically closed was only counting in days.
2013-12-06 16:39:35 -05:00
Scott Albertson
51eff92170
Refactor UsersController#create
...
* Simplify controller action
* Extract service classes
2013-12-05 10:11:16 -08:00
Neil Lalonde
a9ab98ef9e
Auto-close time can be entered in 3 ways, so a topic can close at any time
2013-11-27 09:52:35 -05:00
Neil Lalonde
981d8f6aea
Signup form: prefill username if Discourse Hub has a match for the email address. Also, fix some bad specs in username_checker_service_spec that were passing...
2013-11-19 14:15:28 -05:00
Robin Ward
639394e38a
FIX: Pinned topics within a category weren't working without a refresh
2013-11-18 10:52:01 -05:00
Régis Hanol
482b752046
add edit reason when editing a post
2013-11-15 23:28:49 +01:00
Scott Albertson
77b59b54ce
Refactor UsersController#invited
...
* Add test coverage
* Simplify controller action
* Move finder code to Invite class
2013-11-11 13:23:49 -08:00
Régis Hanol
d65cd0f97e
Merge pull request #1637 from railsaholic/refactor_users_upload_avatar_action
...
Refactor Users#upload_avatar method
2013-11-11 09:59:30 -08:00
railsaholic
58f78e9001
Refactor Users#upload_avatar method
...
Moved avatar file upload to ```AvatarUploadService``` class and
```AvatarUploadPolicy```
Address review comments + require missing file in spec
2013-11-11 23:21:14 +05:30
Sam
a9c5d843f7
remove problem spec that does not work properly in rails 4 mode into application controller and correct it
2013-11-11 10:50:48 +11:00
sirMackk
af67284995
User ctrl refactor - breaks up large methods, moves some logic into model
...
Includes missing methods from backup for travis to pass
fix missing code, failing specs
keep params handling in the controller.
2013-11-09 18:44:13 +05:30
Robin Ward
6e43372e7c
Merge pull request #1610 from salbertson/sa-refactor-users-update
...
Move logic for updating a user to a service class
2013-11-07 12:29:19 -08:00
Neil Lalonde
0c6f794eb0
Used the term suspended instead of banned.
2013-11-07 13:53:49 -05:00
Scott Albertson
72bfa4471f
Move logic for updating a user into a service class
2013-11-07 08:39:39 -08:00
Robin Ward
de30af9302
Support for inviting to a forum from a user's invite page.
2013-11-06 12:56:50 -05:00
Régis Hanol
37fd7ab574
pull hotlinked images
2013-11-05 19:07:29 +01:00
Neil Lalonde
ede59a4386
FIX: issue 1538. After upgrading and before a new version check request has been made, dashboard might still say that an update is available.
2013-11-04 12:51:09 -05:00
Scott Albertson
c0cffca1e6
Test title updating
2013-11-01 13:43:31 -07:00
Scott Albertson
3cc17ad4cd
Add test coverage for #update
2013-11-01 13:43:31 -07:00
Scott Albertson
58f96bdfb5
Remove duplication in test setup
2013-11-01 13:43:31 -07:00
Scott Albertson
2e7696630b
Make #update specs consistent
...
* Use expect syntax
* Avoid lets
* Stub Guardian method used in the controller
2013-11-01 13:43:31 -07:00
Neil Lalonde
ce5ebc3eb5
On sites with login_required enabled, after signup, don't show the /login page again
2013-10-30 16:37:36 -04:00
Robin Ward
3d6d7c8abe
SiteSetting to hide regular names from users
2013-10-30 15:45:34 -04:00
Robin Ward
6063b52d6a
Support for choosing a destination category when splitting topics.
2013-10-29 15:30:06 -04:00
Sam
666264879c
change it so all topics MUST include a category, we store a special uncategorized category to compensate
...
this cleans up a bunch of internals and removes some settings
2013-10-24 12:08:02 +11:00
Robin Ward
541620c115
Routes and support for sub-categories
2013-10-23 15:22:49 -04:00
Robin Ward
f73a64982a
Raise an error if a api_username
is supplied and does not match the key
2013-10-23 11:05:49 -04:00
Robin Ward
348e2e3ef2
Support for per-user API keys
2013-10-22 17:34:39 -04:00
Neil Lalonde
7d582fbee3
Screened ip address can be edited, deleted, and changed to allow or block.
2013-10-22 16:30:46 -04:00
Régis Hanol
9b2f821012
Merge pull request #1512 from ScotterC/avatar-from-url
...
Build out a URI Adapter to allow uploading an avatar via a url
2013-10-21 13:17:37 -07:00
Scott Carleton
cbef844a57
Build out a URI Adapter to allow uploading an avatar via a url
...
Currently only really accessible via the API. The UriAdapter creates a
tempfile from a url and gives a ActionDispatch::HTTP::UploadedFile back
to the controller to process as normal.
This will help a lot in being able to transfer avatar urls from another
app without monkey patching a lot of discourse code.
2013-10-21 14:53:03 -04:00
Neil Lalonde
648b11a0eb
Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address.
2013-10-21 14:50:18 -04:00
Manoj
7dfa99998f
Remove duplication of action defintion, add missing spec for topics_by, extract out URL construction logic
2013-10-21 08:34:18 +05:30
dbarbera
9106596a9a
add image authorization on upload_avatar
2013-10-12 14:11:44 +02:00
Régis Hanol
23bf4436f5
FIX: avatar was attached to the user who uploaded it...
2013-10-12 10:55:41 +02:00
Régis Hanol
c38ba8acdd
add rss links to anonymous homepages
2013-10-11 18:43:29 +02:00
Neil Lalonde
bccb37b6f3
When creating a topic, don't select a category by default when allow_uncategorized_topics is false. Also, added category validation on the server to enforce allow_uncategorized_topics.
2013-10-08 14:41:20 -04:00
Sam
e18b93026a
defer view creation on so updates are not performed when people navigate to topics
2013-10-07 15:04:59 +11:00
Sam
5bf26ec34e
large refactor, ship a few columns from the user table into user_stats
2013-10-07 15:04:59 +11:00
Régis Hanol
af96ef2994
FIX: deleting a flagged post issue
...
cf. http://meta.discourse.org/t/deleting-a-flagged-post-issue/10061
The bug was only happening when you were about the delete the first post, which means deleting the entire topic.
2013-10-02 16:59:57 +02:00
Robin Ward
3f0c03a20c
FIX: Prevent unauthorized list of private message titles. Also remove some unused code.
2013-09-30 14:35:11 -04:00
Régis Hanol
cd4cda5b4c
allow users to specify thumbnail size
2013-09-27 10:57:31 +02:00
Matthieu Guillemot
3ba1f20674
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-14 21:34:21 +09:00
Robin Ward
7d9a84b496
New User Education goes through a server side ComposerMessages check. Composer message for users
...
who don't have avatars.
2013-09-13 12:23:53 -04:00
Régis Hanol
45b838009c
proper content-disposition header when downloading attachments
2013-09-06 19:23:56 +02:00
Emili Parreno
4a0f3b3ac2
fix user_controller_spec when testing too long usernames
2013-09-05 17:36:53 +02:00
Robin Ward
71c1b8b9b9
When deleting a post as staff, ask if you want to delete direct replies too
2013-09-05 11:03:34 -04:00
Robin Ward
f157ec1f91
Select +Replies for bulk operations
2013-09-05 11:03:29 -04:00
Régis Hanol
e15982a476
FIX: convert error in test
2013-08-28 22:06:09 +02:00
Einar Jonsson
9085cec232
Move json hash from users controller to NicknameUnavailable
2013-08-26 15:00:11 +00:00
Sam
213ce33af2
Fixed all broken specs
...
Moved middleware config into authenticators
2013-08-26 12:59:17 +10:00
Sam
af356e58d4
work in progress, get specs to work.
2013-08-26 12:59:17 +10:00
Sam
f87ba0d88f
Merge pull request #1381 from einarj/test_nickname_hub_registration_failure
...
Added test case for nickname registration failure
2013-08-25 17:12:52 -07:00
Navin Keswani
d87389b38e
No more rails 4 deprecation warnings
2013-08-25 23:18:11 +02:00
Einar Jonsson
0d22a77c63
Added test case for nickname registration failure
...
* Also made a minor readability change by moving the auth.present? check
* from UsersController#create into #create_third_party_auth_records
* which is the method that relies on the check.
2013-08-25 20:18:07 +00:00
Régis Hanol
3b9e62e6b9
improved specs for avatar
2013-08-24 22:45:05 +02:00
Neil Lalonde
86012ac579
Fix a case when the wrong topic is loaded because the slug starts with a number
2013-08-22 16:23:46 -04:00
Neil Lalonde
a95303fcd8
Log site customization changes. Use a modal to show staff action log details for site customizations.
2013-08-21 12:33:24 -04:00
Neil Lalonde
1d030666d8
Log site setting changes and show in admin
2013-08-19 16:58:38 -04:00
Michael Kirk
4af8a9102e
Authenticate with Discourse via OAuth2
...
See https://github.com/michaelkirk/discourse_oauth2_example for an
example of how you might integrate your existing oauth2 provider's
authentication via a Discourse plugin.
2013-08-17 21:45:20 -07:00
Neil Lalonde
b6285b85d2
Add reject option to pending users page
2013-08-16 11:42:43 -04:00
Neil Lalonde
293361dcd3
Screened URLs list in admin
2013-08-15 10:52:26 -04:00
Neil Lalonde
86647f0a54
Add ScreenedUrl. Rename BlockedEmail to ScreenedEmail.
2013-08-14 16:08:23 -04:00
Neil Lalonde
ed060ed5f1
Change trust level logs the previous trust level
2013-08-13 12:04:28 -04:00
Neil Lalonde
b36c6d7b78
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:55:09 -04:00
Neil Lalonde
5c8c52482a
Add a way to view staff action logs in admin
2013-08-07 16:27:34 -04:00
Neil Lalonde
d2fb6ec53f
Blocked Emails list in admin
2013-08-07 16:27:34 -04:00
Robin Ward
1c3804934e
Show the entire history of replies above a post when you expend "in reply to"
2013-08-06 17:43:10 -04:00
Neil Lalonde
c74da0d262
Admins who haven't been approved can log in when must_approve_users is enabled
2013-08-06 16:51:29 -04:00
Neil Lalonde
98b58150bb
Dashboard calculations are done with an async job now
2013-08-02 18:32:33 -04:00
Neil Lalonde
16cd3e2a53
Fix to allow admins to change the case of a someone's username
2013-07-30 16:48:45 -04:00
Neil Lalonde
e25638dab0
add a way to delete posts and topics when deleting a user with UserDestroyer
2013-07-29 15:29:43 -04:00
Neil Lalonde
a8df9778b5
Rename AdminLog to StaffActionLog
2013-07-29 15:29:43 -04:00
Sam
4a20d09523
distributed memoizer added to ensure absolute duplicate posts don't get through
...
in case of an absolute dupe just return the memoized post
This works around issues with wordpress being crazy
2013-07-29 12:25:19 +10:00
Robin Ward
c28b377494
Don't redirect to arbitrary URLs via link tracker
2013-07-26 12:14:11 -04:00
Stephan Kaag
f99acebdaa
Rails 4 updates
2013-07-24 21:09:18 +02:00
Sam
cb5ce3aab9
Merge pull request #1247 from sir-pinecone/strip-spaces-from-login
...
Strip leading/trailing spaces from login
2013-07-24 00:16:55 -07:00
Michael Campagnaro
b223cdb493
Strip spaces from group names upon creation
2013-07-24 00:00:17 -04:00
Michael Campagnaro
25f8692a79
Strip leading/trailing spaces from login
2013-07-23 23:03:38 -04:00
Régis Hanol
be9217d4c8
add server-side filesize check on uploads
2013-07-24 00:54:41 +02:00
Sam
9ac6c6e2e9
Merge pull request #1233 from sir-pinecone/improve-group-deletion
...
Add confirmation modal to admin group deletion
2013-07-23 00:43:06 -07:00
Sam
1f3c5cb656
allow end user to recover a post they delete
...
automatically delete stubs after 1 day
2013-07-22 17:48:47 +10:00
Michael Campagnaro
9616767bff
Add confirmation modal to admin group deletion
2013-07-22 02:48:23 -04:00
Sam
c2be81a76e
Merge pull request #1199 from ZogStriP/uploads
...
adds the `max_attachment_size_kb` setting
2013-07-16 23:03:42 -07:00
Sam
943f88fb88
make specs more robust
2013-07-16 16:18:05 +10:00
Sam
352ac9e60c
Finalize read only and post only categories, finished off UI work
2013-07-16 15:46:11 +10:00
Sam
ecf17cfebb
work in progress, add fidelity to category group permissions (full, create posts, readonly)
2013-07-16 15:46:11 +10:00
Régis Hanol
5ce05ff5cb
adds the max_attachment_size_kb
setting
...
so that we can specify a different max upload size for attachments and images.
2013-07-16 02:01:36 +02:00
Robin Ward
0e504aac9b
FIX: You can reset your password even if logins are required.
2013-07-15 12:12:54 -04:00
Robin Ward
6ca5df0a09
Can recover deleted topics. Deleted topics show the first post as deleted in the UI.
2013-07-12 12:09:17 -04:00
Régis Hanol
b94d26d798
update back-end specs
2013-07-10 22:59:54 +02:00
Robin Ward
b7327942af
Add deleted_by
to Trashable
tables
2013-07-09 15:46:36 -04:00
Neil Lalonde
ba7a4e9845
Merge pull request #1165 from novemberkilo/feature/log-trust-level-boosts
...
Log all changes of user trust level by an admin
2013-07-09 12:16:08 -07:00
Neil Lalonde
3c38062802
Check for updates: edge cases when the message on the dashboard doesn't make sense.
2013-07-09 14:01:08 -04:00
Robin Ward
d98f288aa4
FIX: Recovering a deleted post was not updating a topic's statistics
2013-07-09 12:15:55 -04:00
Navin
45d85f4054
If the change doesn't go through, don't log anything
2013-07-08 12:51:35 +02:00
Navin
d77ce23de2
Log all changes of user trust level by an admin
2013-07-08 11:53:22 +02:00
Sam
91238af6f1
correct failing specs
2013-07-08 12:25:38 +10:00
Robin Ward
6cd6484b5e
New mode for Wordpress: Filter ONLY posts liked by moderators
2013-07-05 16:07:24 -04:00
Robin Ward
4c90b16681
FIX: Next pages were missing on <noscript>
content. Also fixed some long standing bugs.
2013-07-05 14:45:54 -04:00
Neil Lalonde
84ce04dfa5
Use POST for send_activation_email action
2013-07-05 12:26:46 -04:00
Robin Ward
07ebd20776
Merge pull request #1143 from ahx/fix-cas-email-name-and-improve-authentication-specs
...
Improve the omniauth controller specs. Fix the email provided by CAS. Get name from CAS attributes.
2013-07-04 14:48:52 -07:00
Andreas Haller
661f2057f7
Improve the omniauth controller specs. Fix the email provided by CAS. Get name from CAS attributes.
...
* Make omniauth controller specs more robust by using shared examples for all authentication providers in controller spec. – Still passing. Yay!
* Return "casuser", instead of "casuser@" when no cas_domainname is configured.
* If no cas_domainname is configured, the CAS authentication would return "casuser@" for the users email field, because it tried to assume the email adress of the CAS user by it's username + cas_domainname.
Now it just returns the username instead of adding an "@" if cas_domainname is not configured.
This especially makes sense on CAS setups where the username equals the users email adress.
The old behaviour, if cas_domainname is configured, was not changed.
* Fetch the email from CAS attributes if provided
If the cas:authenticationSuccess (handled via omniauth-cas) response gives us an email use that.
If not, behave as before (username or username@cas_domainname).
* Fetch the (full) name from CAS attributes if provided
If the CAS response by omniauth provides a [:info][:name] field, prefer this over the uid, because we want the name to be a "Full Name", instead of just a "shortname"
2013-07-04 12:01:39 +02:00
Navin
3da37506da
Back end - temporary boosting of trust levels
2013-07-03 10:30:40 +02:00
Neil Lalonde
075ed1ab53
Refactor user blocking code; hide the Block button in admin
2013-07-02 14:42:53 -04:00
Robin Ward
5770879472
Refactor: Move Topic Details into better objects, identity map, tests, query string filters
2013-07-02 10:36:46 -04:00
Sam
46c6949b6e
Merge pull request #1123 from stephankaag/rails4-new
...
Refactor routes in order to be compatible with Rails 4
2013-07-01 16:07:22 -07:00
Stephan Kaag
e39cc464b1
Refactor routes in order to be compatible with Rails 4
2013-07-01 20:00:06 +02:00
Régis Hanol
2ccf339437
Removed a debugging "put"
2013-06-28 23:16:13 +02:00
Neil Lalonde
a352b70bfc
Permit changing my own username's case without an error saying it is already taken
2013-06-28 16:21:46 -04:00
Neil Lalonde
b37b6ce664
Minor spec clean-up
2013-06-28 14:43:35 -04:00
Robin Ward
2deaf8ef98
Custom Wordpress Serializer and Path, with Specs
2013-06-28 13:56:13 -04:00
Neil Lalonde
1355c1e3b0
Fix links to uncategorized when SiteSetting.uncategorized_name is set
2013-06-27 16:16:06 -04:00
Neil Lalonde
5d6ad8f39c
Show a useful message when a banned user tries to log in
2013-06-27 15:14:42 -04:00
Sam
92562c2090
Merge pull request #1057 from house9/list-controller-1
...
refactor list_controller
2013-06-25 17:36:56 -07:00
Neil Lalonde
a86b35c873
Remove the access_password site setting
2013-06-25 15:05:25 -04:00
Jesse House
2e12eb2b62
refactor list_controller
...
- minor refactoring of actions 'category' and 'category_feed'
- fix defect in 'category' where check was for literal
string 'uncategorized' instead of SiteSetting.uncategorized_name
- major refactoring on defined topic actions
2013-06-25 08:29:00 -07:00
Jesse House
06be760257
adds TopMenuItem model which encapsulates top_menu parsing logic
2013-06-24 10:04:18 -07:00
Neil Lalonde
e263bb3c0a
Anons should be able to see post history
2013-06-19 16:43:16 -04:00
Robin Ward
5ef6714d48
New site setting: minimum_topics_similar
, allows you to specify a minimum amount
...
of topics that need to be in the database before it will suggest similar topics as
a user creates a post.
2013-06-19 13:14:24 -04:00
Sam
799b402778
fix horribly broken invite code, could lead to inviting the wrong person to a conversation
2013-06-19 10:31:19 +10:00
Neil Lalonde
eea00afb80
tos and privacy urls redirect based on site settings
2013-06-18 10:52:04 -04:00
Régis Hanol
6ea91b4416
remove useless upload topic direct association
2013-06-17 02:49:33 +02:00
Robin Ward
77b218a142
FIX: Do not suggest similar topics from secure categories you can't see.
2013-06-12 13:45:11 -04:00
Sam
54d8c963d0
fix tests and allow SE onebox to onebox Meta cause I need that for an post I am writing
2013-06-12 12:23:24 +10:00
Chris Hunt
a362d62b42
Do not return mail password in EmailController
2013-06-11 16:00:13 -07:00
Neil Lalonde
82b5f57e40
Make it possible to set a site setting to empty string
2013-06-11 14:31:38 -04:00
Neil Lalonde
811a0df68b
Make s3 region site setting a drop down
2013-06-11 14:24:04 -04:00
Neil Lalonde
5ff7e570ac
Add support for enum site settings that render as a dropdown; use a dropdown for default_locale
2013-06-11 11:40:14 -04:00
Neil Lalonde
169125e96d
Fix a case where a random topic with null slug will be rendered instead of 404
2013-06-07 14:30:26 -04:00
Ian Christian Myers
b61e10f9ad
All parameters for #create in PostsController pass through strong_parameters.
...
We are now explicitly whitelisting all parameters for Post creation. A nice side-effect is that it cleans up the #create action in PostsController. We can now trust that all parameters entering PostCreator are of a safe scalar type.
2013-06-07 01:29:25 -07:00
Chris Hunt
93fc0e74bc
Test correct login behavior when pending approval
2013-06-06 18:36:16 -07:00
Chris Hunt
41b0692543
Show 'waiting approval' and don't send email
...
When 'must approve users' in enabled, we don't want to send an
activation email to users after they sign up. Instead, we will show them
'waiting approval' and not take an action until their account is
approved by an admin.
2013-06-06 18:36:16 -07:00
Chris Hunt
e7b38fb188
Move duplicated request to helper method
2013-06-06 18:36:16 -07:00
Chris Hunt
4a182f8bba
Fix spec doc; sends welcome email for active users
2013-06-06 18:36:16 -07:00
Neil Lalonde
a151bfc7ec
Store when a topic was first set to auto-close and report that amount of time when it closes. And do some refactoring.
2013-06-06 17:04:21 -04:00
Neil Lalonde
62041da7e0
Handle /t/only-the-slug urls by trying to find the topic by slug (second try)
2013-06-06 14:41:37 -04:00
Ian Christian Myers
0d01c33482
Enabled strong_parameters across all models/controllers.
...
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.
The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.
It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Sam
2ca734c118
Merge pull request #964 from chrishunt/exclusive-club
...
Add 'invite only' site setting
2013-06-05 16:38:47 -07:00
Robin Ward
0b97ea6345
Better HTML emails, smarter email digests, new email section in admin with digest preview
2013-06-05 17:47:25 -04:00
Chris Hunt
acf147ef88
Disable OmniAuth account creation if 'invite only'
2013-06-05 11:11:02 -07:00
Chris Hunt
d432798ff8
Silently fail if user tries to sneak in
...
When 'invite only' is enabled, there's no way for a user to create an
account unless they try and sneak in by POSTing to /users/. We will
silently fail if this happens.
2013-06-05 11:08:21 -07:00
Ian Christian Myers
41528f5d11
Implemented strong_parameters for Upload/UploadsController.
...
The topic_id param is now required using strong_parameters' #require method. If the parameter is missing ActionController::ParameterMissing will be raised instead of Discourse::InvalidParameters.
2013-06-05 00:55:55 -07:00
Ian Christian Myers
f50b648844
Implemented strong_parameters for PostAction/PostActionsController.
...
PostActionsController now uses strong_parameters' #require to require certain parameters. ActionController::ParameterMissing is now thrown when a reqired parameter is missing, rather than Discourse::InvalidParameters.
2013-06-05 00:23:51 -07:00
Ian Christian Myers
3b245031a4
Implemented strong_parameters for Invite/InvitesController.
...
The email parameter is now required using strong parameters and will throw ActionController::ParameterMissing if it is missing. If the email address is incorrect or invalid, Discourse::InvalidParameters will still be thrown.
2013-06-05 00:04:03 -07:00
Ian Christian Myers
130d837952
Implemented strong_parameters for Category/CategoriesController.
...
Category now requires parameters to be permitted by strong_parameters using #require or #permit for mass-assignment. Missing required parameters now throw a ActionController::ParameterMissing execption instead of the Discourse::InvalidParameters execption.
2013-06-04 23:45:25 -07:00
Chris Hunt
978785720a
Redirect to root after login if no path provided
...
If we do not do this, then people that login from /login will just be
redirected back to the login page. We'd rather have them see the root
path.
2013-06-04 16:10:10 -07:00
Chris Hunt
92a4828f72
Redirect all controllers to login if required
...
We want to skip the filter for sessions controller so that we can login
and we want to skip the filter for static pages because those should be
visible to visitors.
2013-06-04 16:10:10 -07:00
Neil Lalonde
c4904aacc0
Automatically flag someone as a spammer if their posts get at least X spam flags from N users while their trust level is 'new user'. Staff can clear and set this status from the user record in admin.
2013-06-03 16:37:40 -04:00
Robin Ward
545dbfc07e
New Feature: Staff can choose to "Take Action" when flagging to immediately reach hiding
...
thresholds.
2013-05-31 17:39:32 -04:00