FIX: raised a proper NotFound exception when filtering groups by username with invalid username.
FIX: properly filter the groups based on current user visibility when viewing another user's groups.
DEV: Guardian.can_see_group?(group) is now using Guardian.can_see_groups(groups) instead of duplicating the same code.
FIX: spec for groups_controller#index when group directory is disabled for logged in user.
FIX: groups_controller.sortable specs to actually test all sorting combinations.
DEV: s/response_body/body/g for slightly shorter spec code.
FIX: rewrote the "view another user's groups" specs to test all group_visibility and members_group_visibility combinations.
DEV: Various refactoring for cleaner and more consistent code.
* UI: Mass grant a badge from the admin ui
* Send the uploaded CSV and badge ID to the backend
* Read the CSV and grant badge in batches
* UX: Communicate the result to the user
* Don't award if badge is disabled
* Create a 'send_notification' method to remove duplicated code, slightly shrink badge image. Replace router transition with href.
* Dynamically discover current route
Now that the spec is finished use the unprefixed API, which was also moved
from window to navigator.
Still uses feature detection so it fail gracefully when not available in
the user agent.
The previous concurrency-safe implementation relied on catching an
index conflict and following through appropriately. Unfortunately
those conflicts were logged to Postgres and there is no easy way
to turn them off.
This solution approaches the problem differently. It should still
be safe under concurrency and not log errors.
When using the login confirmation screen, the referrer URL is `/auth/{provider}`. That means that the user is redirected back to the confirmation screen after logging in, even though login was successful. This is very confusing. Instead, they should be redirected to the homepage.
This can be used for themes/plugins to specify additional URL parameters to be used when starting authentication. Example usage:
```
LoginMethod.findAll()[0].doLogin({params: {mydata: "myvalue"}});
```
Using the rails `form_tag` helper generates a form with the action attribute set to the current URL (without parameters). In this case, we want to include any GET parameters, so it is better to exclude the action attribute from the form tag, and allow browsers to submit to the current URL.
* Make scrolling to bottom post in topic more consistent
* when using the slider to scroll past the bottom post,
we now scroll to the bottom of the post/page IF the
post height is > the window height (e.g. really long
posts). if the post height is smaller, then we lock
onto and jump to the top of the post
* this also removes the mobile hack that would always jump
to the top of the last post on mobile
* Prettier lint
* Reapply "Rename 'target usernames' with 'target recipients' in Composer"
This reverts commit 9fe11d0fc3 which
reverted ebb288dc2c.
* DEV: Add test for replying to PM
I was playing with groups locally and saw this line. I suspect this method isn't needed at all because I don't see any reference to it anywhere in the code, and as far as I know ActiveRecord objects don't have an `id!` method so if this method is called dynamically somewhere it's most likely failing.
if SiteSetting.secure_media is disabled we still want to
redirect to the signed url for uploads that are marked as
secure because their ACLs are probably still private
* Add a rake task to disable secure media. This sets all uploads to `secure: false`, changes the upload ACL to public, and rebakes all the posts using the uploads to make sure they point to the correct URLs. This is in a transaction for each upload with the upload being updated the last step, so if the task fails it can be resumed.
* Also allow viewing media via the secure url if secure media is disabled, redirecting to the normal CDN url, because otherwise media links will be broken while we go and rebake all the posts + update ACLs
* DEV: Remove buffered rendering from topic-list-item
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: 1c7305c0f1 in this
series.
This is just a refactor and should not change any functionality.
* apply prettier fix
* update syntax
* Use computed properties where possible
* switch to using didReceiveAttrs
* Simplify topic.pinned observer
