Commit Graph

34196 Commits

Author SHA1 Message Date
Blake Erickson
69498a58e9
FEATURE: Staff only poll results (#7984)
* FEATURE: Staff only poll results

These changes allow only staff to see the results of a poll.

Non-staff users will be shown a screen like this:

1b8bd76013.png

The "Votes are public" message has been removed from the info section,
and the button to show the votes has been replaced with a message
stating the results will only be shown to staff.

* Update PR based on feedback

* Update plugins/poll/app/models/poll.rb

make sure we return a boolean

Co-Authored-By: Régis Hanol <regis@hanol.fr>
2019-08-15 12:27:18 -06:00
Joffrey JAFFEUX
00b91de5e8 DEV: allows customHref for extra nav items (#8012)
* DEV: allowes customHref for extra nav item

* linting

* uses value not key
2019-08-15 12:26:21 -06:00
Robin Ward
b8f21ea962 FIX: Explicitly require topic_query_params 2019-08-15 13:54:52 -04:00
Robin Ward
23367e79ea
FEATURE: Embed topics list on remote sites via Javascript API. (#8008)
This adds support for a `<d-topics-list>` tag you can embed in your site
that will be rendered as a list of discourse topics. Any attributes on
the tag will be passed as filters. For example:

`<d-topics-list discourse-url="URL" category="1234">` will filter to category 1234.

To use this feature, enable the `embed topics list` site setting. Then
on the site you want to embed, include the following javascript:

`<script
src="http://URL/javascripts/embed-topics.js"></script>`

Where `URL` is your discourse forum's URL.

Then include the `<d-topics-list discourse-url="URL">` tag in your HTML document and it will
be replaced with the list of topics.
2019-08-15 13:41:06 -04:00
David Taylor
fafc6bcde0 FIX: Clear banner topic cache after remapping 2019-08-15 11:24:20 +01:00
Joffrey JAFFEUX
0a6d1b687c FIX: ensures reports can't modify records (#8006) 2019-08-15 17:27:53 +10:00
OsamaSayegh
50368940f7 DEV: Bump Logster version to 2.3.1
Commits since last version bump: 5cdcb76...c5bcb8e
2019-08-15 07:21:34 +00:00
Sam Saffron
d05b724c4e FIX: correct race condition loading library
In some very rare cases CssParser could be loaded but CssParser::Parser not
this ensures we check for the actual constant we plan to call for concurrent
digest generations
2019-08-15 17:16:41 +10:00
Kris
f7c648e3af update color variable 2019-08-14 22:57:13 -04:00
Sam Saffron
e53a171916 FIX: hold s3 related distributed locks longer
These operations are pretty expensive and can take multiple minutes due to
networking.

Hold distributed mutex for much longer.
2019-08-15 11:48:44 +10:00
Roman Rizzi
79957706b1
FIX: Store custom attributes that are needed by plugins in queuedpost payload (#8009) 2019-08-14 15:02:59 -03:00
Joffrey JAFFEUX
a5542768ea
FIX: attempts to use params from addDiscoveryQueryParam (#8007)
This commit will for example allow this:

```
api.addDiscoveryQueryParam("my_param", { persist: true });
```

If you page is forum.foo.bar/?my_param=1, when clicking on an "unread" link for example this query string will be kept.
2019-08-14 19:56:02 +02:00
Vinoth Kannan
88359b0f16
FEATURE: add support for group members visibility level (#8004)
There are 5 visibility levels (similar to group visibility)

public (default)
logged-in users
members only
staff
owners

Admins & group owners always have visibility to group members.
2019-08-14 19:00:04 +05:30
David Taylor
f4aa6096ab FIX: Convert omniauth authenticator names to symbols before comparing
This is necessary because some auth plugins define their name as a string
2019-08-14 12:57:11 +01:00
David Taylor
5755d3886f FIX: Do not raise exception if the authenticator email is missing
Followup to 296cdc53ee
2019-08-14 12:08:59 +01:00
David Taylor
92f2202e4a SECURITY: Restrict message-bus access on login_required sites 2019-08-14 09:43:12 +01:00
Gerhard Schlager
888b635cfc Import avatars and likes in the Zendesk AP importer
Co-authored-by: Justin DiRose <justin@justindirose.com>
2019-08-14 10:42:52 +02:00
Kyle Zhao
2fbafd077c DEV: Mount plugin symlinks to dev docker container (#8002)
When developing using docker, in order to support symlinks in the
`plugins/` directory, this reads the symlinks' values and mounts them to
the dev docker container.
2019-08-14 18:13:01 +10:00
Bianca Nenciu
ba396a5384
DEV: Use ResultSet with staff action logs. (#7661) 2019-08-13 20:55:05 +03:00
Blake Erickson
296cdc53ee FIX: Downcase email coming back from auth-provider 2019-08-13 10:53:50 -06:00
Régis Hanol
c628166bb4 FIX: replace model usage with SQL query
Follow-up to b500ef77
2019-08-13 18:32:24 +02:00
David Taylor
961213ba52 FIX: Correct ordering for post_edits report, and remove query limit 2019-08-13 16:53:16 +01:00
David Taylor
572e928cba FIX: Correct query for post_edits dashboard report
- Use query builder to improve readability
- Remove subquery, so that all `where` filters happen alongside the limit
- Add 'edited at' column to the report
2019-08-13 16:11:17 +01:00
Jarek Radosz
6a65e5312b FEATURE: Add a preview to the poll builder (#7988)
* FEATURE: Add a preview to the poll builder

* Use selectKit helper in the poll preview test

* Extract the mobile-specific poll builder form CSS
2019-08-13 09:49:40 -04:00
Sam Saffron
6374dc7d51 UX: add link to robots.txt editor in site setting description
This surfaces our robots.txt editor and provides enough warning to scare
people from actually changing it.
2019-08-13 16:53:43 +10:00
Vinoth Kannan
9919ee1900 FIX: remove the tmp inventory files after the s3 uploads check. 2019-08-13 11:52:57 +05:30
Sam Saffron
1358339bf9 lint file
$window no longer used in panStart followup on 7877383e
2019-08-13 11:13:59 +10:00
Jeff Wong
7877383e62
FIX: RIP swipe-in menus on Android (#7997)
In later versions of android, swipe-in from the sides on android triggers
forward/back functionality. We can no longer trigger menu swipes on android

https://www.androidcentral.com/android-q-getting-rid-back-button-side-swipe-gesture
2019-08-12 17:30:18 -07:00
Sam Saffron
7632fe0b58 PERF: rake posts:rebake_uncooked_posts runs inline
Running this inline makes more sense otherwise there is extreme risk in
saturating sidekiq queue.

This also reworks ordering and selection so we double check if a post needs
rebaking prior to rebaking, this unlocks the ability to run this rake task
from multiple consoles.
2019-08-13 10:28:42 +10:00
David Taylor
213b7d19d9 UX: Fallback to unlocalized auth provider name if required 2019-08-13 01:22:02 +01:00
David Taylor
923c46f5df DEV: Provide method for auth plugins to generate a CSRF token 2019-08-13 01:13:08 +01:00
Gerhard Schlager
4ed517a344 DEV: Make Rubocop happy
Follow-up to 6cc9fe42
2019-08-12 23:10:58 +02:00
Gerhard Schlager
2a95c5c5d6 FIX: Don't update watching_first_post notifications when moving first post
The first post isn't moved. It gets copied during a move. Notifications of this special type should still link to the original first post.
2019-08-12 22:59:43 +02:00
Robin Ward
5981678abd FIX: Trusted users might cause content to be hidden with one flag
The text has been updated to be less specific about "Multiple community
members" to address this case.
2019-08-12 16:00:16 -04:00
Mohamad Abras
6cc9fe42ce add mongo adapter to nodebb importer (#8000) 2019-08-12 14:15:11 -04:00
Kyle Zhao
ca7f1dabbf REFACTOR: user-menu-links widget for extensibility (#7996) 2019-08-12 14:01:59 -04:00
Gerhard Schlager
d686318133 FIX: Prevent failed remaps during restores
Additional changes:
* Verbose logging of remaps during restores
* Exclude the backup_metadata table from restores
2019-08-12 17:15:01 +02:00
Gerhard Schlager
c05739c3c8 FIX: Truncate topic_links.url to 500 chars during remap
This column often breaks remaps because of some weird, long URLs. The data isn't that important, so truncating a couple of URLs doesn't hurt that much.
2019-08-12 17:15:00 +02:00
Gerhard Schlager
8b6341669a REFACTOR: Less duplicate code in DbHelper.remap 2019-08-12 17:15:00 +02:00
Kris
1232889b30 UX: Prevent twitter onebox iframes from being taller than mobie viewport 2019-08-12 11:03:54 -04:00
Dan Ungureanu
2a98becfde
FIX: Do not create a double like notification. (#7999)
When a user liked, unliked and liked again the same post, the poster
would receive a notification such as "X and X liked ...". This happened
because PostActionNotifier.post_action_created was called twice.
2019-08-12 16:22:46 +03:00
David Taylor
1a8fee11a0 DEV: If only one auth provider is enabled allow GET request
In this case, the auth provider is acting as a SSO provider, and can be trusted to maintain its own CSRF protections.
2019-08-12 11:03:05 +01:00
David Taylor
d348368ab6
FEATURE: Allow themes to override color transformation variables (#7987)
Theme developers can now add any of the transformed color variables to their color scheme in about.json. For example

```
  "color_schemes": {
    "Light": {
      "primary": "333333",
      "secondary": "ffffff",
      "primary-low": "ff0000"
    }
  },
```

would override the primary-low variable when compiling SCSS for the color scheme. The primary-low variable will also be visible in administrator color palette UI.
2019-08-12 11:02:38 +01:00
David Taylor
750802bf56
UX: Improve error handling for common OmniAuth exceptions (#7991)
This displays more useful messages for the most common issues we see:
- CSRF (when the user switches browser)
- Invalid IAT (when the server clock is wrong)
- OAuth::Unauthorized for OAuth1 providers, when the credentials are incorrect

This commit also stops earlier for disabled authenticators. Now we stop at the request phase, rather than the callback phase.
2019-08-12 10:55:02 +01:00
Joffrey JAFFEUX
731f61a818
UX: modifies admin email template to have more space for the form (#7993) 2019-08-12 10:27:25 +02:00
Jeff Wong
4cd0cd2f8e FIX: Blank second factor gets default name 2019-08-11 22:13:33 -07:00
Arpit Jalan
44f4801087 Bump onebox version.
- do not double encode percentage in url
- support hashbang in url
2019-08-12 08:42:50 +05:30
Blake Erickson
d7c73ded14 Ran prettier to clean up some formatting
Follow up to:

https://review.discourse.org/t/feature-external-auth-when-redeeming-invites/5152?u=blake
2019-08-11 19:00:52 -06:00
Blake Erickson
87a0a6664e FEATURE: External auth when redeeming invites
This feature (when enabled) will allow for invite_only sites to require
external authentication before they can redeem an invite.

- Created hidden site setting to toggle this
- Enables sending invites with local logins disabled
- OAuth button added to invite form
- Requires OAuth email address to match invite email address
- Prevents redeeming invite if OAuth authentication fails
2019-08-11 12:20:02 -06:00
Joffrey JAFFEUX
3503758599
FIX: polyfills String.prototype.repeat for IE (#7994) 2019-08-10 20:39:04 +02:00