Commit Graph

173 Commits

Author SHA1 Message Date
Roman Rizzi
5a0480efd7
DEV: Trigger an event when a user is granted admin or moderation. (#17663) 2022-07-26 10:20:34 -03:00
Krzysztof Kotlarek
09932738e5
FEATURE: whispers available for groups (#17170)
Before, whispers were only available for staff members.

Config has been changed to allow to configure privileged groups with access to whispers. Post migration was added to move from the old setting into the new one.

I considered having a boolean column `whisperer` on user model similar to `admin/moderator` for performance reason. Finally, I decided to keep looking for groups as queries are only done for current user and didn't notice any N+1 queries.
2022-06-30 10:18:12 +10:00
Alan Guo Xiang Tan
0ae7b43018
PERF: Remove total for time to first response report. (#17082)
The query is very inefficient without any constraints on large sites and
the average of all time to first response since the beginning of time is
not useful as well.
2022-06-14 13:27:48 +10:00
David Taylor
922fbe82da
DEV: Ensure custom_fields_clean? returns false when values change (#16552)
We were calling `dup` on the hash and using that to check for changes. However, we were not duplicating the values, so changes to arrays or nested hashes would not be detected.
2022-04-25 17:19:39 +01:00
Osama Sayegh
eb5a3cfded
FEATURE: Add 2FA support to the Discourse Connect Provider protocol (#16386)
Discourse has the Discourse Connect Provider protocol that makes it possible to
use a Discourse instance as an identity provider for external sites. As a
natural extension to this protocol, this PR adds a new feature that makes it
possible to use Discourse as a 2FA provider as well as an identity provider.

The rationale for this change is that it's very difficult to implement 2FA
support in a website and if you have multiple websites that need to have 2FA,
it's unrealistic to build and maintain a separate 2FA implementation for each
one. But with this change, you can piggyback on Discourse to take care of all
the 2FA details for you for as many sites as you wish.

To use Discourse as a 2FA provider, you'll need to follow this guide:
https://meta.discourse.org/t/-/32974. It walks you through what you need to
implement on your end/site and how to configure your Discourse instance. Once
you're done, there is only one additional thing you need to do which is to
include `require_2fa=true` in the payload that you send to Discourse.

When Discourse sees `require_2fa=true`, it'll prompt the user to confirm their
2FA using whatever methods they've enabled (TOTP or security keys), and once
they confirm they'll be redirected back to the return URL you've configured and
the payload will contain `confirmed_2fa=true`. If the user has no 2FA methods
enabled however, the payload will not contain `confirmed_2fa`, but it will
contain `no_2fa_methods=true`.

You'll need to be careful to re-run all the security checks and ensure the user
can still access the resource on your site after they return from Discourse.
This is very important because there's nothing that guarantees the user that
will come back from Discourse after they confirm 2FA is the same user that
you've redirected to Discourse.

Internal ticket: t62183.
2022-04-13 15:04:09 +03:00
Sam
d4d3580761
PERF: perform all cached counting in background (#15991)
Previously cached counting made redis calls in main thread and performed
the flush in main thread.

This could lead to pathological states in extreme heavy load.

This refactor reduces load and cleans up the interface
2022-02-22 16:45:25 +00:00
David Taylor
94a47d037f
PERF: Reduce number of EXPIRE calls from CachedCounting (#15958)
Previously we were calling `EXPIRE` every time we incremented a given key. Instead, we can call EXPIRE once when the key is first populated. A LUA script is used to make this as efficient as possible.

Consumers of this Concern use daily keys. Since we're now calling EXPIRE only at the beginning of the day, rather than throughout the day, the expire time has been increased from 3 to 4 days.
2022-02-15 16:55:21 +00:00
Rafael dos Santos Silva
4d3da70bc6
PERF: Use Redis SET EX GET instead of LUA script for counting (#15939)
This will prevent Discourse from booting on Redis < 6.2.0
2022-02-15 10:36:07 -03:00
Martin Brennan
70af45055a
DEV: Clear custom field preload proxy on preload_custom_fields (#15671)
If a model class calls preload_custom_fields twice then
we have to clear this otherwise the fields are cached inside the
already existing proxy and no new ones are added, so when we check
for custom_fields[KEY] an error is likely to occur
2022-01-21 14:29:51 +10:00
Martin Brennan
c1ae214c7b
DEV: Add more info to N1 custom field error (#15670)
This commit makes a more specific N1NotPreLoadedError from
StandardError to raise when a custom field is loaded before
being preloaded, so it is easier to test that this does
not happen from plugins. Also adds the name of the class
trying to load the custom field to the error message.
2022-01-21 13:21:13 +10:00
Michelle Bueno Saquetim Vendrame
9b5836aa1d
Add three reports (#14338)
* Add report top_users_by_received_likes

* Add report top_users_by_received_likes_from_inferior_trust_level

* Add report top_users_by_likes_received_from_a_variety_of_people

* Add test to report_top_users_by_received_likes

* add top_users_by_likes_received_from_a_variety_of_people report test

* add top_users_by_likes_received_from_inferior_trust_level report tests
2021-12-02 22:41:55 +05:30
Roman Rizzi
df3eb93973
DEV: Sanitize HTML admin inputs (#14681)
* DEV: Sanitize HTML admin inputs

This PR adds on-save HTML sanitization for:

Client site settings
translation overrides
badges descriptions
user fields descriptions

I used Rails's SafeListSanitizer, which [accepts the following HTML tags and attributes](018cf54073/lib/rails/html/sanitizer.rb (L108))

* Make sure that the sanitization logic doesn't corrupt settings with special characters
2021-10-27 11:33:07 -03:00
Alan Guo Xiang Tan
412587f70a
FEATURE: Publish read topic tracking events for private messages. (#14274)
Follow-up to fc1fd1b416
2021-09-09 09:16:53 +08:00
Jean
e7b8e75583
FEATURE: Add post edits count to user activity (#13495) 2021-08-02 10:15:53 -04:00
jbrw
4728962f7d
FIX: Don’t translate TrustLevel name when generating links (#13588)
We want to put the name of the trust level in to generated URLs, not the human-readable form.

i.e.:

`/admin/users/list/newuser`

rather than:

`/admin/users/list/new user`
2021-06-30 14:19:15 -04:00
Jarek Radosz
b4f0a0fb94
FIX: Nil-filled CF arrays were not being deleted (#13518) 2021-06-25 11:34:51 +02:00
Alan Guo Xiang Tan
0e4b8c5318 PERF: Cache categories in Site model take 3.
Previous attempt resulted in custom fields going missing in the
serialized output.

This reverts commit 83a6ad32ff.
2021-06-24 13:30:51 +08:00
Joffrey JAFFEUX
8c213fa98b
FIX: correctly implements average for reports (#13447)
- Also now marks time_to_first_response as an averaged chart
- Averaged charts will now be marked as such in the UI
2021-06-21 10:35:11 +02:00
Gerhard Schlager
41ee5b7c86
FIX: Don't store translated trust level names in anonymous cache (#13224)
Refactors `TrustLevel` and moves translations from server to client

Additional changes:
  * "staff" and "admin" wasn't translatable in site settings
  * it replaces a concatenated string with a translation
  * uses translation for trust levels in users_by_trust_level report
  * adds a DB migration to rename keys of translation overrides affected by this commit
2021-06-01 22:11:48 +02:00
Josh Soref
59097b207f
DEV: Correct typos and spelling mistakes (#12812)
Over the years we accrued many spelling mistakes in the code base. 

This PR attempts to fix spelling mistakes and typos in all areas of the code that are extremely safe to change 

- comments
- test descriptions
- other low risk areas
2021-05-21 11:43:47 +10:00
David Taylor
821bb1e8cb
FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978)
The 'Discourse SSO' protocol is being rebranded to DiscourseConnect. This should help to reduce confusion when 'SSO' is used in the generic sense.

This commit aims to:
- Rename `sso_` site settings. DiscourseConnect specific ones are prefixed `discourse_connect_`. Generic settings are prefixed `auth_`
- Add (server-side-only) backwards compatibility for the old setting names, with deprecation notices
- Copy `site_settings` database records to the new names
- Rename relevant translation keys
- Update relevant translations

This commit does **not** aim to:
- Rename any Ruby classes or methods. This might be done in a future commit
- Change any URLs. This would break existing integrations
- Make any changes to the protocol. This would break existing integrations
- Change any functionality. Further normalization across DiscourseConnect and other auth methods will be done separately

The risks are:
- There is no backwards compatibility for site settings on the client-side. Accessing auth-related site settings in Javascript is fairly rare, and an error on the client side would not be security-critical.
- If a plugin is monkey-patching parts of the auth process, changes to locale keys could cause broken error messages. This should also be unlikely. The old site setting names remain functional, so security-related overrides will remain working.

A follow-up commit will be made with a post-deploy migration to delete the old `site_settings` rows.
2021-02-08 10:04:33 +00:00
David Taylor
d25fd34b44
DEV: Remove with_deleted workarounds for old Rails version (#11550)
* DEV: Remove with_deleted workarounds for old Rails version

These workarounds using private APIs are no longer required in the latest version of Rails. The referenced issue (https://github.com/rails/rails/issues/4306) was closed in 2013. The acts_as_paranoid workaround which this was based on was removed for rails > 5.

Switching to using a scope also allows us to use it within a `belongs_to` relation (e.g. in the Poll model). This avoids issues which can be caused by unscoping all `where` clauses.

Predicates are not necessarily strings, so calling `.join(" AND ")` can sometimes cause weird errors. If we use `WhereClause#ast`, and then `.to_sql` we achieve the same thing with fully public APIs, and it will work successfully for all predicates.
2020-12-22 10:38:59 +11:00
Jarek Radosz
2f4a1ff61b
DEV: Update rubocop-discourse from 2.3.2 to 2.4.0 (#11079)
Also fixes whitespace related issues raised by rubocop.
2020-10-30 15:04:29 +01:00
Mark VanLandingham
c750a02f05
DEV: Move reports to concerns for autoloading (#11066) 2020-10-29 11:49:09 -05:00
Mark VanLandingham
554a617b3d
DEV: Better custom field preload error (#11044) 2020-10-27 10:05:07 -05:00
Bianca Nenciu
25b8ed740b
DEV: Make site setting type uploaded_image_list use upload IDs (#10401)
It used to be a list of concatenated upload URLs which was prone to
break.
2020-10-13 16:17:06 +03:00
fzngagan
c363189858 Accounted for the change while reading the fields added specs to confirm working 2020-08-25 09:52:18 -04:00
fzngagan
352ad826c1 FIX: symbols and strings should be treated similarly while saving custom fields 2020-08-25 09:52:18 -04:00
Neil Lalonde
1ca81fbb95
FEATURE: set notification levels when added to a group (#10378)
* FEATURE: set notification levels when added to a group

This feature allows admins and group owners to define default
category and tag tracking levels that will be applied to user
preferences automatically at the time when users are added to the
group. Users are free to change those preferences afterwards.
When removed from a group, the user's notification preferences aren't
changed.
2020-08-06 12:27:27 -04:00
Krzysztof Kotlarek
e0d9232259
FIX: use allowlist and blocklist terminology (#10209)
This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 10:23:54 +10:00
Dan Ungureanu
e08b860e88
FIX: Improve category hashtag lookup (#10133)
* FIX: Improve category hashtag lookup

This commit improves support for sub-sub-categories and does not include
the ID of the category in the slug, which fixes the composer preview.

* FIX: Sub-sub-categories can be mentioned using only two levels

* FIX: Remove support for three-level hashtags

* DEV: Simplify code
2020-07-07 10:19:01 +10:00
David Taylor
6caad5c083
FIX: Do not send staff welcome message if user already has role 2020-06-17 12:12:55 +01:00
Sam Saffron
d0d5a138c3
DEV: stop freezing frozen strings
We have the `# frozen_string_literal: true` comment on all our
files. This means all string literals are frozen. There is no need
to call #freeze on any literals.

For files with `# frozen_string_literal: true`

```
puts %w{a b}[0].frozen?
=> true

puts "hi".frozen?
=> true

puts "a #{1} b".frozen?
=> true

puts ("a " + "b").frozen?
=> false

puts (-("a " + "b")).frozen?
=> true
```

For more details see: https://samsaffron.com/archive/2018/02/16/reducing-string-duplication-in-ruby
2020-04-30 16:48:53 +10:00
Vinoth Kannan
fd39c85c1a FIX: add category hashtags support for sub-sub categories.
Hashtags will include last two levels only (ex: "parent:child").
2020-04-06 20:43:38 +05:30
David Taylor
d23f7af3cb
PERF: Allow user serializer to make use of preloaded custom fields (#9074) 2020-03-03 13:56:54 +00:00
Robin Ward
a47e0a3fda FIX: TOTP could not be used on sites with colons in their names
This is because the TOTP gem identifies as a colon as an addressable
protocol. The solution for now is to remove the colon in the issuer
name.

Changing the issuer changes the token values, but now it was completely
broken for colons so this should not be breaking anyone new.
2020-02-20 16:35:30 -05:00
Blake Erickson
926d5f1c0a REFACTOR: Edit title respects min trust to edit post
Follow up to: 241d8f6452
2020-02-05 10:36:24 -07:00
Blake Erickson
241d8f6452 FIX: Edit title respects min trust to edit post
This fix ensures that the site setting `post_edit_time_limit` does not
bypass the limit of the site setting `min_trust_to_edit_post`. This
prevents a bug where users that did not meet the minimum trust level to
edit could edit the title of topics.
2020-02-04 16:31:16 -07:00
Sam Saffron
bff9880d63 DEV: increase the length of backup codes
16 ^ 8 though not tiny but is a workable search space in the event of
breach, 16 ^ 16 is not.
2020-01-21 15:32:06 +11:00
Martin Brennan
66f2db4ea4 SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00
Martin Brennan
cb660ef952 SECURITY: Improve second factor auth logic 2020-01-10 10:45:56 +10:00
Martin Brennan
beb91e7eff
FIX: require: false for rotp gem (#8540)
The ROTP gem is only used in a very small amount of places in the app, we don't need to globally require it.

Also set the Addressable gem to not have a specific version range, as it has not been a problem yet.

Some slight refactoring of UserSecondFactor here too to use SecondFactorManager to avoid code repetition
2019-12-17 10:33:51 +10:00
Roman Rizzi
b6a2875749
FIX: Granting staff status should auto-approve users waiting approval (#8533)
* FIX: Granting staff status should auto-approve users waiting approval

* Update app/models/concerns/roleable.rb

Co-Authored-By: Robin Ward <robin.ward@gmail.com>
2019-12-12 16:26:38 -03:00
Martin Brennan
edbc356593
FIX: Replace deprecated URI.encode, URI.escape, URI.unescape and URI.unencode (#8528)
The following methods have long been deprecated in ruby due to flaws in their implementation per http://blade.nagaokaut.ac.jp/cgi-bin/vframe.rb/ruby/ruby-core/29293?29179-31097:

URI.escape
URI.unescape
URI.encode
URI.unencode
escape/encode are just aliases for one another. This PR uses the Addressable gem to replace these methods with its own encode, unencode, and encode_component methods where appropriate.

I have put all references to Addressable::URI here into the UrlHelper to keep them corralled in one place to make changes to this implementation easier.

Addressable is now also an explicit gem dependency.
2019-12-12 12:49:21 +10:00
dependabot-preview[bot]
9b30922109 Build(deps): Bump rotp from 3.3.1 to 5.1.0 (#8477)
* Build(deps): Bump rotp from 3.3.1 to 5.1.0

Bumps [rotp](https://github.com/mdp/rotp) from 3.3.1 to 5.1.0.
- [Release notes](https://github.com/mdp/rotp/releases)
- [Changelog](https://github.com/mdp/rotp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mdp/rotp/compare/v3.3.1...v5.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* Fix breaking ROTP changes
2019-12-09 14:29:48 +10:00
Joffrey JAFFEUX
0d3d2c43a0
DEV: s/\$redis/Discourse\.redis (#8431)
This commit also adds a rubocop rule to prevent global variables.
2019-12-03 10:05:53 +01:00
Vinoth Kannan
671f303b53
FEATURE: Add welcome message for admins. (#8293) 2019-11-05 18:15:55 +05:30
Jeff Wong
74dc37c07c FIX: upserting custom fields using keywords converts the array key to a string 2019-10-29 11:35:38 -07:00
Mark VanLandingham
437edfc415
FEATURE: Welcome moderator message - add copy! (#8246) 2019-10-28 08:58:45 -05:00
Daniel Waterworth
55a1394342 DEV: pluck_first
Doing .pluck(:column).first is a very common pattern in Discourse and in
most cases, a limit cause isn't being added. Instead of adding a limit
clause to all these callsites, this commit adds two new methods to
ActiveRecord::Relation:

pluck_first, equivalent to limit(1).pluck(*columns).first

and pluck_first! which, like other finder methods, raises an exception
when no record is found
2019-10-21 12:08:20 +01:00
Daniel Waterworth
7a0c06691c FIX: Account for nil when looking up subcategories 2019-10-16 20:04:54 +01:00
Martin Brennan
68d35b14f4 FEATURE: Webauthn authenticator management with 2FA login (Security Keys) (#8099)
Adds 2 factor authentication method via second factor security keys over [web authn](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API).

Allows a user to authenticate a second factor on login, login-via-email, admin-login, and change password routes. Adds registration area within existing user second factor preferences to register multiple security keys. Supports both external (yubikey) and built-in (macOS/android fingerprint readers).
2019-10-01 19:08:41 -07:00
Rimian Perkins
6bbd83067d FEATURE: New post editing period for >= tl2 users (#8070)
* FEATURE: Add tl2 threshold for editing new posts

* Adds a new setting and for tl2 editing posts (30 days same as old value)
* Sets the tl0/tl1 editing period as 1 day

* FIX: Spec uses wrong setting

* Fix site setting on guardian spec

* FIX: post editing period specs

* Avoid shared examples
* Use update_columns to avoid callbacks on user during tests
2019-09-06 07:44:12 -04:00
Robin Ward
3132a9007b FIX: Use correct timezone for manual SQL 2019-07-06 15:14:07 -04:00
Robin Ward
a075fd46fd FIX: Don't use exceptions to catch conflicts
If a database exception is raised ActiveRecord will always rollback
even if caught.

Instead we build the query in manual SQL and DO NOTHING when there's a
conflict. If we detect nothing was done, perform an update.
2019-07-06 14:43:56 -04:00
Robin Ward
72bac61c90 FIX: Upsert a custom field if a unique constraint fails 2019-07-04 13:26:25 -04:00
Jeff Wong
88ef5e55fe
FEATURE: add ability to have multiple totp factors (#7626)
Adds a second factor landing page that centralizes a user's second factor configuration.

This contains both TOTP and Backup, and also allows multiple TOTP tokens to be registered and organized by a name. Access to this page is authenticated via password, and cached for 30 minutes via a secure session.
2019-06-26 16:58:06 -07:00
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Sam Saffron
cac80cdc3b DEV: more send -> public_send changes
This is a work in progress commit for more send to public_send conversions

Also adds some comments for cases where we need to keep send
2019-05-07 11:58:06 +10:00
Guo Xiang Tan
152238b4cf DEV: Prefer public_send over send. 2019-05-07 09:33:21 +08:00
Guo Xiang Tan
a8baa6d9e7 FIX: Old Upload#url scheme support for Upload.get_from_url.
This is for backwards compatibility purposes. Even if `Upload#url` has a
format that we don't recognize, we should still return the upload object
as long as the upload record is present.
2019-04-24 10:15:47 +08:00
Vinoth Kannan
5de483a1b9 PERF: Very post upload's existence by preloaded upload sha1s array 2019-04-19 17:27:16 +05:30
Vinoth Kannan
73663c2fdb FIX: should find records by sha1 only in Upload model 2019-04-09 18:48:49 +05:30
Guo Xiang Tan
f0bb492d24 Fix regression due to 914ada1c74. 2019-04-09 09:47:11 +08:00
Vinoth Kannan
f5ac01253a FIX: use new changed method name and remove whitespaces 2019-04-09 02:25:26 +05:30
Vinoth Kannan
914ada1c74 DEV: convert scheduled job EnsurePostUploadsExistence into a rake task 2019-04-09 02:07:35 +05:30
Guo Xiang Tan
ac661e856a
FEATURE: Allow categories to be prioritized/deprioritized in search. (#7209) 2019-03-25 10:59:55 +08:00
Guo Xiang Tan
5e410dc5e0
FEATURE: Ability to exclude category from search results. (#7194)
This commit also adds `Category#search_priority` which sets the ground
work to enable prioritizing of posts for certain categories when searching.
2019-03-18 15:25:45 +08:00
Guo Xiang Tan
6327f36bfd PERF: Avoid loading ActiveRecord objects when checking for second factor.
* Eliminate DB query for sites without local logins and sites that has
SSO enabled.
2019-03-15 15:09:44 +08:00
Vinoth Kannan
27e7f2bee0 DEV: call 'enqueue_hooks' method only if active webhooks exist 2019-02-19 12:43:08 +05:30
Vinoth Kannan
f2c3415548 FIX: Should not generate payload until active webhooks are exist 2019-02-19 12:23:42 +05:30
Guo Xiang Tan
22408f93c9 FIX: Wrap custom fields database statements in a transaction.
Kind of strange that we don't do it because a database statement
may fail and leave us in a weird state.
2018-10-18 12:23:04 +08:00
Vinoth Kannan
8430ea927e FIX: Generate webhook payloads before destroy events (#6325) 2018-10-05 16:53:59 +08:00
Arpit Jalan
e364547ff7 FIX: ignore and log bad json values for custom fields 2018-09-13 14:26:30 +05:30
Maja Komel
cb89797e9a FEATURE: shows remaining backup codes in user preferences 2018-07-04 10:45:42 +02:00
hellekin
25cfc98b67 Fix 'asscoiated' typo
I know that **Naming is CRITICAL** and that **Refactoring only NOT welcome**.

But since I spotted this (consistent) typo and the change does not affect any
functionality -- I checked the presence of "asscoiated" in the code base, I
guess the first rule trumps the second one.

It also gave me a false pretext to bypass my reluctance to use Google forms and
sign de CLA. Typos hurt the eye.
2018-06-29 11:10:05 +10:00
Maja Komel
ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Sam
5f64fd0a21 DEV: remove exec_sql and replace with mini_sql
Introduce new patterns for direct sql that are safe and fast.

MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API

- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder

See more at: https://github.com/discourse/mini_sql
2018-06-19 16:13:36 +10:00
Guo Xiang Tan
ad5082d969 Make rubocop happy again. 2018-06-07 13:28:18 +08:00
Sam
89ad2b5900 DEV: Rails 5.2 upgrade and global gem upgrade
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated

Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
Sam
1ac1ee4287 FEATURE: allow registration of an array custom field 2018-05-22 16:48:39 +10:00
Jeff Wong
74aecdfd9d Feature: add a 30 seconds grace window for 2-factor token checks 2018-05-15 16:13:21 -07:00
Joffrey JAFFEUX
83255d94d9
DateGroupable is not used anymore 2018-05-14 16:26:14 +02:00
Joffrey JAFFEUX
980972182f
dashboard next: caching, mobile support and new charts 2018-05-03 15:41:41 +02:00
Joffrey JAFFEUX
73a1be0d57
Fix spec 2018-04-26 17:19:44 +02:00
Gerhard Schlager
3f6d1a583e Add helper for grouping by periods
The methods are still experimental and might change without notice!

You need to add `include DateGroupable` to your model before you can use it like this:
`User.smart_group_by_date("users.created_at", start_date, end_date)`.count
2018-04-24 23:31:26 +02:00
Neil Lalonde
eb714d8ae3 FIX: application request count keys not expiring in redis 2018-03-27 15:12:39 -04:00
Neil Lalonde
ced7e9a691 FEATURE: control which web crawlers can access using a whitelist or blacklist 2018-03-22 15:41:02 -04:00
Robin Ward
730201d423 New interface to upsert custom fields 2018-03-02 12:45:52 -05:00
Guo Xiang Tan
939180efa8 FIX: Missing 2FA guards when sso is enabled or when local login is disabled. 2018-03-02 10:39:10 +08:00
Guo Xiang Tan
14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Sam
174ab2d93a minor, ensure ordering of custom fields is consistent 2017-11-16 15:14:10 +11:00
Guo Xiang Tan
4bb454d889 FIX: JSON custom fields incorrectly being converted to an array.
https://meta.discourse.org/t/custom-fields-simultaneous-save-with-json-becomes-an-array/73647
2017-11-08 11:17:37 +08:00
Robin Ward
09ed2ed749 Add Suspend User to flags page 2017-09-25 12:28:00 -04:00
Robin Ward
40eba8cd93 FEATURE: View flags grouped by topic 2017-09-25 12:25:14 -04:00
Guo Xiang Tan
77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Régis Hanol
629810bd07 FIX: when registering custom_field types, ensure we're casting them before checking for equality 2017-08-16 23:04:40 +02:00
Erick Guan
1146772deb Fix: unlinked topic search model (#5044) 2017-08-15 11:46:57 -04:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Sam
c531f4ded5 remove rails-observers
Rails yanked out observers many many years ago, instead the functionality
was yanked out to a gem that is very lightly maintained.

For example: if we want to upgrade to rails 5 there is no published gem

Internally the usage of observers had quite a few problem.

The series of refactors renamed a bunch of classes to give us more clarity
and removed some magic.
2016-12-22 16:46:53 +11:00