Commit Graph

249 Commits

Author SHA1 Message Date
Sam Saffron
941162e90e FIX: draft not clearing when replying to new topic
This amends our API so we provide it with the draft key when saving a post
this means post creator can clean up the draft consistently even if we are
doing fancy stuff like replying to a new topic or new pm or whatever.

There will be some followup work to clean it up so client never calls destroy
on draft during normal operation and the #create/#update endpoints takes care of it
every time
2019-11-26 18:23:20 +11:00
Dan Ungureanu
a992caf741
DEV: Replace magic values (#8398)
Follow-up to 35942f7c7c.
2019-11-25 14:32:19 +02:00
Krzysztof Kotlarek
427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Rimian Perkins
6bbd83067d FEATURE: New post editing period for >= tl2 users (#8070)
* FEATURE: Add tl2 threshold for editing new posts

* Adds a new setting and for tl2 editing posts (30 days same as old value)
* Sets the tl0/tl1 editing period as 1 day

* FIX: Spec uses wrong setting

* Fix site setting on guardian spec

* FIX: post editing period specs

* Avoid shared examples
* Use update_columns to avoid callbacks on user during tests
2019-09-06 07:44:12 -04:00
Dan Ungureanu
9f5cfa192e
FEATURE: Allow Markdown in post notices. (#7864) 2019-07-09 14:42:02 +03:00
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Blake Erickson
5b5b5a5931 FIX: return an error if a user tries to whisper
This commit fixes a bug where a user creates a whisper post via the api
but is posted as a regular message because they don't have access to
whisper. Now a 403 unauthorized will be returned instead of the whisper
param just being ignored for regular users. Staff users should not be
affected by this change.

https://meta.discourse.org/t/a-whisper-is-posted-as-a-message-if-the-user-is-not-staff-moderator-admin-when-using-the-api/116601
2019-05-07 11:42:26 -06:00
Guo Xiang Tan
152238b4cf DEV: Prefer public_send over send. 2019-05-07 09:33:21 +08:00
Dan Ungureanu
57d1dea8a2
FEATURE: Let staff add custom post notices. (#7377) 2019-04-19 17:53:58 +03:00
Robin Ward
b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Arpit Jalan
05ebb52ec4
FEATURE: defer flags when deleting child replies (#7111) 2019-03-06 14:32:25 +05:30
Vinoth Kannan
2b006c0429 FEATURE: Invalidate broken images cache on Rebuild HTML action 2018-12-26 23:22:07 +05:30
Arpit Jalan
40f10855c6
FIX: defer flags (only) when handling a flag and deleting replies (#6702) 2018-11-29 22:44:18 +05:30
Robin Ward
467be59d75 FEATURE: Allow expanded posts to return user custom fields 2018-11-13 12:44:54 -05:00
Bianca Nenciu
fa0e421af3 FIX: Do not leak information about post revisions. (#6536) 2018-10-31 14:47:00 +00:00
Bianca Nenciu
f60b10d090 UX: Warn users if the post that's currently edited has changed. (#6498) 2018-10-17 15:35:32 +02:00
Bianca Nenciu
1d26a473e7 FEATURE: Show "Recently used devices" in user preferences (#6335)
* FEATURE: Added MaxMindDb to resolve IP information.

* FEATURE: Added browser detection based on user agent.

* FEATURE: Added recently used devices in user preferences.

* DEV: Added acceptance test for recently used devices.

* UX: Do not show 'Show more' button if there aren't more tokens.

* DEV: Fix unit tests.

* DEV: Make changes after code review.

* Add more detailed unit tests.

* Improve logging messages.

* Minor coding style fixes.

* DEV: Use DropdownSelectBoxComponent and run Prettier.

* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
Gerhard Schlager
ef4b9f98c1 FEATURE: Allow admins to reply without topic bump 2018-08-10 10:48:30 +10:00
David Taylor
0d0d78841b
FIX: Remove plugin.enabled? checks at initialization time (#6166)
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
  - An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
  - In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.

Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.

I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
  - `post_custom_fields_whitelist`
  - `whitelist_staff_user_custom_field`
  - `add_permitted_post_create_param`
2018-07-25 16:44:09 +01:00
Joffrey JAFFEUX
a2281fbb19
FEATURE: allows to jump to a date in a topic 2018-07-19 16:00:13 +02:00
Kyle Zhao
2901691e87 FEATURE: per-category approval settings (#5778)
- disallow moving topics to a category that requires topic approval
2018-07-13 12:51:08 +10:00
Arpit Jalan
2c971c41f6 FIX: post deletions rate limit per day was not working 2018-06-28 19:21:27 +05:30
Arpit Jalan
a6d50d1ff7 FEATURE: new settings to control posts deletions rate limit 2018-06-28 17:03:37 +05:30
Arpit Jalan
c352f8eb15 FEATURE: rate limit post deletions to 50 per day 2018-06-28 16:38:58 +05:30
Arpit Jalan
6bcdc3ba4b FEATURE: allow author to delete posts irrespective of post_edit_time_limit 2018-06-26 21:43:06 +05:30
Gerhard Schlager
ed4c0c4a63 FEATURE: Add option to delete all replies of flagged post 2018-04-24 11:08:05 -04:00
Robin Ward
b9abd7dc9e FEATURE: Shared Drafts
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.

* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.

* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.

* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.

* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
2018-03-20 17:15:26 -04:00
Sam
75172024ca SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:27 +11:00
Sam
41986cdb2f Refactor requires login logic, reduce duplicate code
This also corrects the positioning in the chain of the check
and removes misuse of prepend_before_action
2018-02-01 15:17:59 +11:00
Sam
f2e7b74d88 FIX: don't return 200s when login is required to paths
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
2018-02-01 12:26:45 +11:00
Robin Ward
6b04967e2f FEATURE: Staff members can lock posts
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Régis Hanol
1b4483c942 FEATURE: Added 'select +below' and 'select +all replies' options to selecting posts 2017-12-13 22:12:06 +01:00
Guo Xiang Tan
e73fbfe265 FIX: Topic#featured_link_root_domain extracts URL before parsing. 2017-12-04 10:00:07 +08:00
Robin Ward
23dce88f5f FIX: Removed a line by accident, broke tests 2017-10-23 14:49:14 -04:00
Robin Ward
89a1b34480 FIX: Show the deleted icon if the quote expands a deleted topic 2017-10-23 13:41:41 -04:00
Guo Xiang Tan
77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Bianca Nenciu
6bc74ceb50 Split alias levels in mentionable and messageable levels. (#5065)
* Split alias levels in mentionable and messageable levels.

* Fixed some tests.

* Set messageable level to everyone by default.

* By defaults, groups are not mentionable or messageable.

* Made staff groups messageable by the system.
2017-08-28 12:32:08 -04:00
Bianca Nenciu
bb3a5910d7 Support for sending PMs to email addresses (#4988)
* Added support for sending PMs to email addresses.

* Made changes after review.

* Added settings validator.

* Fixed tests.
2017-08-28 12:07:30 -04:00
Mudasir Raza
84c83afd35 Allow optional import_mode param for posts in api (#4952) 2017-08-17 07:53:04 -04:00
Régis Hanol
4f09a5a7a5 Add 'Post.permitted_create_params' to allow plugins to add new params when creating a post 2017-08-12 04:10:45 +02:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Robin Ward
ae7734707e REFACTOR: Merge different templates from rendering user stream items 2017-06-20 15:45:41 -04:00
Guo Xiang Tan
8ab9f30bbd FIX: User can't remove bookmark from a deleted post. 2017-05-19 12:25:12 +08:00
Guo Xiang Tan
304ace926e FIX: Raise right response when post_action does not exist. 2017-04-27 17:29:53 +08:00
Sam Saffron
0013a23dc1 SECURITY: prefer render plain/html to render text where possible 2017-04-10 08:01:42 -04:00
Robin Ward
14410b71fb Convert server side paths to use /u/ 2017-03-30 10:23:24 -04:00
Sam
bc1a6ccb90 Merge pull request #4741 from tgxworld/allow_bookmark_removal
FIX: Allow user to remove bookmark from posts as long as bookmark is …
2017-03-10 12:49:20 -05:00
Régis Hanol
00380d84c5 UX: display text & html parts alongside raw email in incoming email modal 2017-03-08 23:15:42 +01:00
Guo Xiang Tan
689dd16be0 FIX: Allow user to remove bookmark from posts as long as bookmark is present.
https://meta.discourse.org/t/bookmark-issue-when-access-to-topic-is-lost-pms/51993
2017-03-08 13:53:49 +08:00
Guo Xiang Tan
781d83a46f FIX: Toggling a post's wiki status should not skip revision. 2017-01-25 13:34:55 +08:00
Guo Xiang Tan
0a25df67bc Revert "FIX: Incorrect parameter being passed to component."
This reverts commit d354a6f7a4.
2017-01-25 13:12:24 +08:00
Guo Xiang Tan
d354a6f7a4 FIX: Incorrect parameter being passed to component. 2017-01-25 13:09:08 +08:00
Guo Xiang Tan
32846aad2a FIX: Toggling post's wiki status should not create a new version. 2017-01-20 15:42:33 +08:00
Sam
6ff309aa80 SECURITY: don't grant same privileges to user_api and api access
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Erick Guan
52763f5115
FEATURE: Allow posting a link with topics 2016-12-05 17:20:54 +01:00
Neil Lalonde
29edbafac7 FIX: post short link on subfolder installs 2016-11-01 15:20:04 -04:00
Sam
2b15919aee missing spot where old api was used 2016-08-26 10:58:34 +10:00
Régis Hanol
681f566a66 FIX: staff members should be able to see raw email of deleted posts 2016-08-01 23:55:22 +02:00
Guo Xiang Tan
36ddb1787e FEATURE: Add toggle topic visibility button in popup menu. 2016-07-28 16:57:04 +08:00
Andre Pereira
8cbd585e20 FEATURE: Allow staff users to merge posts. 2016-07-27 12:04:14 +08:00
Steve Kemp
8f8ad3fe4a Allow an (optional) post-creation time to be submitted. (#4205)
* Allow an (optional) post-creation time to be submitted.

This should allow a new post to be created with an initial
date/time specified by the caller, which will be useful for
people writing importers..

* Only allow `created_at` to be submitted via the API.

This addresses the previous concern.
2016-05-22 10:54:03 +02:00
Robin Ward
5518141ad5
Option for verbose logging when API calls to create posts fail 2016-04-12 12:10:48 -04:00
Arpit Jalan
13fa0f8cf8 FIX: only show regular posts in RSS feed 2016-03-31 21:34:53 +05:30
Arpit Jalan
41208b99a1 FEATURE: RSS feed for user posts and topics 2016-03-31 20:24:05 +05:30
Arpit Jalan
c54dc4a8d9 FIX: update RSS description for public/private posts 2016-03-21 18:45:16 +05:30
Arpit Jalan
34469e725b FEATURE: separate API endpoints for public and private posts 2016-03-21 18:21:15 +05:30
Arpit Jalan
89248580dc FEATURE: revert post to a specific revision 2016-03-11 02:46:55 +05:30
Régis Hanol
cf4c256b17 FEATURE: new 'raw email' modal when listing rejected emails 2016-02-01 21:41:49 +01:00
Neil Lalonde
685ba1eb7f FEATURE: blocked users can send and reply to private messages from staff 2016-01-22 12:54:24 -05:00
Arpit Jalan
06bac23e5f FEATURE: allow users to wikify their own posts based on trust level 2016-01-12 08:44:25 +05:30
Sam
9899e8d4a5 FEATURE: First class messages to groups, you can select a group as a target of a message 2015-12-02 15:49:43 +11:00
Robin Ward
3939331dec FIX: Staff was getting 500 when editing post in deleted topic 2015-11-13 11:35:23 -05:00
Arpit Jalan
49edffd3c3 FEATURE: support linking to a specific revision of a topic/post 2015-10-19 14:31:29 +05:30
Régis Hanol
06b799bfbf Merge pull request #3857 from gdpelican/fix-for-untopiced-posts
Don't error on posts#latest if a post does not have a topic
2015-10-16 14:59:36 +02:00
James Kiesel
695b366a03 Don't error on posts#latest if a post does not have a topic 2015-10-16 14:44:48 +03:00
Sam
2422289c8b FIX: whispers should not be revealed in reply to, or reply expansion
FEATURE: mark whisper as experimental
FIX: badges should never apply to whispers
2015-09-25 10:16:19 +10:00
Robin Ward
91f3e8e724 For now, restrict whispering to staff only. 2015-09-15 12:29:32 -04:00
Robin Ward
5af0f5f80e FEATURE: Whisper posts 2015-09-11 14:05:21 -04:00
Kane York
27ee8bea95 FIX: Remove N+1 queries in posts.json 2015-09-04 13:36:47 -07:00
Kane York
32e5016dbb FEATURE: Include topic title, category in posts.json 2015-09-01 17:46:06 -07:00
Kane York
94439ebddd FIX: Tighter rate-limit for post self-deletions 2015-08-18 12:50:45 -07:00
Régis Hanol
23a5c6444a FIX: move topic links and quoted posts extraction to the PostRevisor 2015-08-14 19:33:32 +02:00
Sam
bafdf9290d FIX: don't let blocked users reach post creator or new post queue
correct broken spec
2015-08-06 10:32:53 +10:00
Sam
01ad88f1ed FEATURE: min_first_post_typing_time
If a user spends less than 3 seconds typing
first post they will automatically enter the approval queue
2015-08-04 10:57:34 +10:00
Sam
7b8b96446e FEATURE: track statistics around post creation
- how long were people typing?
- how long was composer open?
- how many drafts were created?
- correct, draft saved to go away after you continue typing

store in Post.find(xyz).post_stat
2015-08-03 14:29:15 +10:00
Robin Ward
5f45e5361f FIX: Moderation actions can have their messages removed 2015-07-28 16:58:56 -04:00
Arpit Jalan
71ee84f848 FEATURE: latest posts RSS feed 2015-06-09 21:45:06 +05:30
Sam
e5888cf090 PERF: avoid preloading json in cases where it is not needed
(uploads / avatars / non GET requests)
2015-05-20 17:12:16 +10:00
Régis Hanol
a737090442 - FEATURE: revamped poll plugin
- add User.staff scope
- inject MessageBus into Ember views (so it can be used by the poll plugin)
- REFACTOR: use more accurate is_first_post? method instead of post_number == 1
- FEATURE: add support for JSON-typed custom fields
- FEATURE: allow plugins to add validation
- FEATURE: add post_custom_fields to PostSerializer
- FEATURE: allow plugins to whitelist post_custom_fields
- FIX: don't bump when post did not save successfully
- FEATURE: polls are supported in any post
- FEATURE: allow for multiple polls in the same post
- FEATURE: multiple choice polls
- FEATURE: rating polls
- FEATURE: new dialect allowing users to preview polls in the composer
2015-04-23 19:33:29 +02:00
Tan Le
9fbc763902 Replace Hash#keys.each with Hash#each_key for some perf boost 2015-04-18 21:53:53 +10:00
Robin Ward
22ffcba8e6 Convert Discourse.Post to ES6 and use Store model
- Includes acceptance tests for composer (post, edit)
- Supports acceptance testing of bootbox
2015-04-15 14:54:36 -04:00
Robin Ward
19a9a8b408 NewPostManager determines whether to queue a post or not 2015-04-15 14:54:36 -04:00
Robin Ward
db4c04d606 FIX: Moderators shouldn't be able to see secure deleted posts 2015-04-13 11:48:31 -04:00
Régis Hanol
6cd4330335 FIX: show all deleted posts 2015-03-11 18:07:47 +01:00
Sam
59a28bf5c1 regression: bookmarked may be missing, do not fail 2015-02-19 11:42:01 +11:00
Sam
b041b3f67f FIX: bookmark topic was not working intuitively
- explicitly call out "clear bookmarks"
- correct keyboard shortcuts
- properly remove bookmarks when toggeling
2015-02-19 10:58:57 +11:00
riking
4c8850108a SECURITY: Don't leak topic title in the redirect 2015-02-04 11:55:39 -08:00
Sam
a6ce188f35 Merge pull request #3126 from riking/latest-posts
Latest posts endpoint at /posts.json
2015-01-30 08:55:45 +11:00
Robin Ward
f028b51620 Add post parameters so plugins like akismet can use it for spam
prevention.
2015-01-29 13:09:35 -05:00
Robin Ward
1f40807001 Add extensibility point for whenever a post is created 2015-01-29 12:46:29 -05:00