Guo Xiang Tan
a1888b301b
DEV: Don't require login for QUit test path.
2018-11-23 13:50:19 +08:00
Arpit Jalan
60941f214c
FIX: remove unneeded keys from failed response
2018-11-22 14:59:50 +05:30
Guo Xiang Tan
6111b285d9
DEV: Remove comment that links to a private topic.
...
Not going to be useful for other developers.
2018-11-22 14:55:02 +08:00
Kyle Zhao
8e32aa1483
FEATURE: show post approvals in Moderation History ( #6643 )
2018-11-22 10:22:23 +08:00
Arpit Jalan
61eff22b29
FIX: raise Discourse::NotFound
unless the user is present
2018-11-21 10:57:42 +05:30
Arpit Jalan
10cc698df3
FIX: respond with proper error message if user not found
2018-11-21 10:47:37 +05:30
Arpit Jalan
539f1c6252
FIX: raise Discourse::NotFound
unless the topic is present
2018-11-21 09:48:38 +05:30
Sam
20268385a5
FIX: never attempt to log invalid post numbers
...
Previously in some cases we would queue logging of invalid post numbers
The impact would be we would miss logging an incoming link and would leak
an error.
2018-11-21 11:58:47 +11:00
Arpit Jalan
5951e111ad
FIX: handle nil topic value when removing allowed users
2018-11-20 22:55:39 +05:30
Arpit Jalan
22a7f1e7f2
FIX: handle nil user value on password reset
2018-11-20 21:49:47 +05:30
Joffrey JAFFEUX
e860c8b844
FIX: adds support for missing reports from old dashboard ( #6624 )
2018-11-19 12:20:05 +01:00
Sam
6556a87629
FIX: only check for conflict on edit drafts
...
In some unknown cases non edit drafts are being checked for conflict
2018-11-15 13:14:07 +11:00
Leo McArdle
7bc121a065
allow CSP reports to be sent when header isn't set by Discourse ( #6594 )
2018-11-14 16:23:29 -05:00
Régis Hanol
c78dcde973
FIX: only send originalText when we need to
2018-11-14 17:47:59 +01:00
Bianca Nenciu
34e4d82f1a
FEATURE: Report edit conflicts when saving draft. ( #6585 )
2018-11-14 12:56:25 +01:00
Guo Xiang Tan
44391ee8ab
FEATURE: Upload Site Settings. ( #6573 )
2018-11-14 15:03:02 +08:00
David Taylor
17bc82765b
FEATURE: Log password changes in UserHistory ( #6600 )
2018-11-14 08:32:42 +08:00
Robin Ward
467be59d75
FEATURE: Allow expanded posts to return user custom fields
2018-11-13 12:44:54 -05:00
Sam
80ceb57c76
DEV: add API endpoint to destroy_timings only of last post
...
Previously API only allowed you to nuke all timings from a topic,
new API is less punishing and allows you just to remove 1 post.
2018-11-13 16:07:48 +11:00
Vinoth Kannan
dda1824270
Use hijack in inline onebox controller
2018-11-13 02:39:20 +05:30
David Taylor
d89ffbeffd
FEATURE: Add button to delete unused tags ( #6587 )
...
This is particularly useful if you have uploaded a CSV file, and wish
to bulk-delete all of the tags that you uploaded.
2018-11-12 16:24:34 +00:00
Bianca Nenciu
5af9a69a3b
FIX: Do not check for suspicious login when impersonating. ( #6534 )
...
* FIX: Do not check for suspicious login when impersonating.
* DEV: Add 'impersonate' parameter to log_on_user.
2018-11-12 15:34:12 +01:00
Joffrey JAFFEUX
9c616e0679
FIX: handles not found reports in bulk loading ( #6582 )
2018-11-12 13:47:24 +01:00
Gerhard Schlager
7c4d4331bc
FEATURE: Better handling of quotation marks in site text search
...
It also matches 3 dots with the ellipsis symbol.
2018-11-12 13:26:41 +01:00
Sam
64d9be726f
the protection I placed was in the wrong path moved to /session/sso
...
correct previous commit
2018-11-09 17:18:01 +11:00
Sam
3ae4fcd1f7
Improve redirect avoidance for /sso paths
...
e6b3310577
was missing an ege case
where return url included current_hostname
2018-11-09 17:03:58 +11:00
Sam
e6b3310577
FIX: never redirect back to /sso
it will cause a loop
...
If for any reason our return url is set to `/sso` bypass using it
for login redirect
2018-11-09 14:27:36 +11:00
Sam
15991677d4
FIX: ensure we never cache login redirects by mistake
2018-11-09 11:14:35 +11:00
Robin Ward
242a5fc5ef
Add DiscourseEvents for when users as unsuspended/unsilenced
2018-11-08 16:33:38 -05:00
Sam
42572ff138
Revert font awesome 5 changes
...
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Penar Musaraj
09dc922b3b
Fix several FontAwesome 5 issues
...
add missing icons, update SvgSprite methods (to fix ruby 2.4 issues), update whisper icon in composer, fix alignment issues
2018-11-07 22:20:53 -05:00
Penar Musaraj
005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs ( #6557 )
...
* First take on subsetting svg icons
* FontAwesome 5 svg subset WIP
* Include icons from plugins/badges into svg sprite subset
* add svg icon support to themes
* Add spec for SvgSprite
* Misc. SVG icon fixes
* Use FA5 svgs in local-dates plugin
* CSS adjustments, fix SVG icons in group flair
* Use SVG icons in poll plugin
* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
Sam
0a442e319c
FIX: correct svg handling for images
...
We regressed and optimized images no longer worked with svg
The following adds the correct logic to simply copy file for svgs
and bypasses resizing for svg avatars
2018-11-07 15:29:26 +11:00
Robin Ward
931c3d165b
Revert "FIX: We shouldn't include topics when mobile view is enabled"
...
This reverts commit 2feadcdafb
.
2018-11-02 10:29:44 -04:00
Robin Ward
2feadcdafb
FIX: We shouldn't include topics when mobile view is enabled
...
This setting was set to be the opposite of what we want
2018-11-01 14:47:06 -04:00
Sam
ceafcbc898
FEATURE: show added date when looking at group members
2018-11-01 15:33:28 +11:00
Sam
aa044623bd
FIX: do not create superflous sessions when logged on
...
In some SSO implementations we may want to issue SSO pipelines for
already logged on users
In these cases do not re-log-in a user if they are clearly logged on
2018-11-01 12:54:01 +11:00
Bianca Nenciu
fa0e421af3
FIX: Do not leak information about post revisions. ( #6536 )
2018-10-31 14:47:00 +00:00
Blake Erickson
589e3fcaa0
FIX: return 400 for missing required params ( #6546 )
...
If a required param is missing return a 400 and show a message
displaying which param was missing. Added this to the application
controller so that we don't have to add this logic to every controller
action.
2018-10-31 13:02:48 +11:00
Sam
32b1f34910
PERF: avoid DNS lookups when getting IP info
...
Also cleans up interface in DiscourseIpInfo
grew cache to 2000 entries
2018-10-31 12:38:57 +11:00
Bianca Nenciu
e1e392f15b
DEV: Use DiscourseIpInfo for all IP queries. ( #6482 )
...
* DEV: Use DiscourseIpInfo for all IP queries.
* UX: Use latitude and longitude for more precision.
2018-10-30 22:08:57 +00:00
Bianca Nenciu
4b7ab97a01
FIX: Add 'log in via link' to email templates. ( #6545 )
2018-10-30 19:15:05 +00:00
Vinoth Kannan
92bf3c667e
FIX: Flash authentication data not rendered in latest iOS safari browser
2018-10-30 04:00:36 +05:30
Rafael dos Santos Silva
84f858fc23
FIX: Remove orientation from the webmanifest
...
We don't really care about orientation, so let the user OS handle it.
2018-10-26 13:48:14 -03:00
Rafael dos Santos Silva
2450f178ca
FEATURE: Allow admins to control PWA display mode per user agent
2018-10-26 13:47:22 -03:00
Joffrey JAFFEUX
8e274f7296
UX: bumps the user-api-key version to 3 ( #6526 )
...
* UX: bumps the user-api-key version to 3
* fix spec
2018-10-25 09:46:34 +00:00
Bianca Nenciu
6a3767cde7
FEATURE: Warn users via email about suspicious logins. ( #6520 )
...
* FEATURE: Warn users via email about suspicious logins.
* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
Kyle Zhao
e9a971a2b6
FEATURE: [Experimental] Content Security Policy ( #6514 )
...
do not register new MIME type, parse raw body instead
2018-10-22 13:22:23 -04:00
Régis Hanol
3e232412e3
UX: show error when hitting the rate limit on password reset
2018-10-22 19:00:30 +02:00
David Taylor
3377f26eba
FIX: Clean tag before searching for matches
2018-10-22 11:09:06 +01:00
Kyle Zhao
dca830cb73
Revert "FEATURE: [Experimental] Content Security Policy ( #6504 )"
...
This reverts commit fb8231077a
.
2018-10-19 11:53:29 -04:00
Kyle Zhao
fb8231077a
FEATURE: [Experimental] Content Security Policy ( #6504 )
2018-10-19 10:39:22 -04:00
David Taylor
7166d7de9a
FIX: Prevent duplicate tags in tag-choosers ( #6512 )
...
* FIX: Prevent duplicate tags in tag-choosers
This reverts 5685b45
, which fixes the duplicate tags problem.
The fix introduced by 5685b45
is re-implemented on the server.
2018-10-19 13:44:43 +01:00
Blake Erickson
93485facaf
FIX: lowercase username for add/rem group members
...
This fix searches for users based on the downcased username so that if
you pass in usernames to add/remove from a group and you don't have the
casing just right it will still find the correct users.
I updated the tests to add a username that has a mix of upper and
lowercase letters to verify this functionality.
2018-10-18 13:17:24 -06:00
Bianca Nenciu
f60b10d090
UX: Warn users if the post that's currently edited has changed. ( #6498 )
2018-10-17 15:35:32 +02:00
Arpit Jalan
42c405a820
FIX: use topic summary for meta description if topic excerpt is blank
2018-10-17 14:13:30 +05:30
Kyle Zhao
99d1ded3b3
rename route /javascripts
to /theme-javascripts
( #6495 )
2018-10-15 11:32:52 -04:00
David Taylor
7ac08f936e
FEATURE: Upload tags from CSV ( #6484 )
2018-10-15 09:12:54 +01:00
Maja Komel
27e732a58d
FEATURE: allow multiple secrets for Discourse SSO provider
...
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.
This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
Kyle Zhao
6acdea37c4
DEV: extract inline js when baking theme fields ( #6447 )
...
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields
This work is needed to support CSP work
2018-10-15 15:55:23 +11:00
Guo Xiang Tan
aa60936115
DEV: Add order to avoid randomly failing test.
2018-10-15 11:42:45 +08:00
Guo Xiang Tan
84d4c81a26
FEATURE: Support backup uploads/downloads directly to/from S3.
...
This reverts commit 3c59106bac
.
2018-10-15 09:43:31 +08:00
Sam
a1c912b630
Return 400 instead of 404 for bad token
2018-10-12 10:51:41 +11:00
Bianca Nenciu
048cdfbcfa
FIX: Do not allow revoking the token of current session. ( #6472 )
...
* FIX: Do not allow revoking the token of current session.
* DEV: Add getter of current auth_token from Guardian.
2018-10-12 10:40:48 +11:00
Vinoth Kannan
39b7e32848
DEV: Require sso and sig query string params for sso_login
2018-10-12 05:03:30 +05:30
Blake Erickson
13b3cead06
FEATURE: Allow bulk removing users from a group
...
This change maintains backwards compatibility to allow you to remove a
single user from a group but allows you to specify a comma separated list
of users for bulk removal from a group.
Also it extracts out common functionality for fetching users from params
used in bulk adding users so it can also be used for removing users.
2018-10-11 15:30:54 -06:00
Guo Xiang Tan
3c59106bac
Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
...
This reverts commit c29a4dddc1
.
We're doing a beta bump soon so un-revert this after that is done.
2018-10-11 11:08:23 +08:00
Gerhard Schlager
c29a4dddc1
FEATURE: Support backup uploads/downloads directly to/from S3.
2018-10-11 10:38:43 +08:00
Robin Ward
a566ed42ae
FEATURE: Option to disable user presence and profile
...
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
Bianca Nenciu
1d26a473e7
FEATURE: Show "Recently used devices" in user preferences ( #6335 )
...
* FEATURE: Added MaxMindDb to resolve IP information.
* FEATURE: Added browser detection based on user agent.
* FEATURE: Added recently used devices in user preferences.
* DEV: Added acceptance test for recently used devices.
* UX: Do not show 'Show more' button if there aren't more tokens.
* DEV: Fix unit tests.
* DEV: Make changes after code review.
* Add more detailed unit tests.
* Improve logging messages.
* Minor coding style fixes.
* DEV: Use DropdownSelectBoxComponent and run Prettier.
* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
Erin Kosewic
51aba32651
FEATURE: add branch option to remote theme import
...
* FEATURE: add branch option to remote theme import
* FIX: Add missing variable in params
* FIX: Add missing param for import_theme method
* SPEC: Add test methods for branch support in git import
* FIX: Add missing space to scss style
* Do not assume default branch as master
* Change branch field placeholder
* FIX: add missing div start tag
2018-10-09 17:01:08 +11:00
Jeff Wong
e55f220b33
add category style boxes with featured topics option
2018-10-08 16:19:54 -07:00
Joffrey JAFFEUX
22187508e3
FEATURE: adds header text/background color to site ( #6462 )
2018-10-08 11:52:57 +02:00
David Taylor
9bf522f227
FEATURE: Mixed case tagging ( #6454 )
...
- By default, behaviour is not changed: tags are made lowercase upon creation and edit.
- If force_lowercase_tags is disabled, then mixed case tags are allowed.
- Tags must remain case-insensitively unique. This is enforced by ActiveRecord and Postgres.
- A migration is added to provide a `UNIQUE` index on `lower(name)`. Migration includes a safety to correct any current tags that do not meet the criteria.
- A `where_name` scope is added to `models/tag.rb`, to allow easy case-insensitive lookups. This is used instead of `Tag.where(name: "blah")`.
- URLs remain lowercase. Mixed case URLs are functional, but have the lowercase equivalent as the canonical.
2018-10-05 10:23:52 +01:00
Sam
5b630f3188
FIX: stop logging every time invalid params are sent
...
Previously we were logging warning for invalid encoded params, this can
cause a log flood
2018-10-05 14:33:19 +10:00
Vinoth Kannan
ca74246651
FIX: redirect users to SSO client URL after social login
2018-10-05 00:01:08 +05:30
Sam
df45e82377
SECURITY: only allow picking of avatars created by self ( #6417 )
...
* SECURITY: only allow picking of avatars created by self
Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
Vinoth Kannan
9281b72308
FEATURE: Log entity export in staff logs
2018-09-19 03:16:45 +05:30
Sam
0e9841b995
SECURITY: remove admin memory diagnostics routes
2018-09-18 08:35:09 +10:00
Neil Lalonde
6f1b8ad16d
FIX: tag groups page should only be visible to staff
...
No security concern here because nothing private was visible,
and no actions could be taken by non-staff users.
2018-09-17 11:41:18 -04:00
Kyle Zhao
7b19ed06c1
reworked specs of existing group behavior
2018-09-17 17:46:43 +10:00
pmusaraj
5bdf476de7
raise error early in drafts controller
2018-09-13 08:40:57 -04:00
pmusaraj
aa614e393c
return 403 when trying drafts of another user
2018-09-12 13:08:02 -04:00
Sam
d1984a0b4d
FIX: display a correct error when attempting to agree on a deferred flag
...
Previously we would raise a 500 error if a moderator tried to agree on a
flag another moderator deferred.
This can happen cause the UX for flags does not live refresh as flags
are handled
2018-09-12 13:16:59 +10:00
Guo Xiang Tan
71185c13b5
Merge pull request #6377 from tgxworld/remove_tif_tiff
...
Drop `tif`, `tiff`, `webp` and `bmp` from supported images.
2018-09-12 09:32:32 +08:00
Guo Xiang Tan
e1b16e445e
Rename FileHelper.is_image?
-> FileHelper.is_supported_image?
.
2018-09-12 09:22:28 +08:00
Osama Sayegh
16bd3f2cf2
FIX: use current user color scheme when filling theme-color
attribute ( #6384 )
...
* FIX: use current user color scheme when filling `meta` attribute `theme-color`
* update manifest.webmanifest colors
2018-09-12 11:04:58 +10:00
Neil Lalonde
9e77fd8fc3
FIX: wrong category links on subfolder install in rss feed for a category topic list
2018-09-07 10:03:30 -04:00
Sam
879067d000
FIX: check admin theme cookie against user selectable
...
previously admin got a free pass and could set theme via cookie to anything
including themes that are not selectable
this refactor ensures that only "preview" gets a free pass, all the rest
goes through the same pipeline
2018-09-07 10:47:28 +10:00
Gerhard Schlager
797cbf8653
FIX: Remove user fields when anonymizing user
2018-09-07 00:02:56 +02:00
Vinoth Kannan
d8b543bb67
FIX: redirect to original URL after social signup
2018-09-05 01:44:23 +05:30
David Taylor
4382fb5fac
DEV: Allow plugins to whitelist specific user custom_fields for editing ( #6358 )
2018-09-04 20:45:36 +10:00
Sam
2f5c21e28c
FIX: return a 400 error instead of 500 for null injections
...
Many security scanners like to inject NULL in inputs causing application
to exception out and return a 500
We now handle this exception and render a 400 status back
2018-09-04 12:11:52 +10:00
Gerhard Schlager
f33433bf9e
Validation of params should restrict to max int ( #6331 )
...
* FIX: Validation of params should restrict to max int
* FIX: Send status 400 when "page" param isn't between 1 and max int
2018-09-03 14:45:32 +10:00
Guo Xiang Tan
59c9051a2e
REFACTOR: Rescue error at the specific spot that is raising the error.
2018-09-03 11:04:58 +08:00
Bianca Nenciu
f5e0356fb2
correct miscellaneous issues with user login history
2018-09-02 17:24:54 +10:00
Bianca Nenciu
931cffcebe
FEATURE: Let users see their user auth tokens. ( #6313 )
2018-08-31 10:18:06 +02:00
Sam
b3aab1770f
FIX: set old last modified date for invalid avatars
...
In some cases Akami was holding tight to these invalid avatars,
to avoid this happening we explain the avatar image is ancient
then when a new upload is added it automatically is older than
this.
2018-08-31 17:07:31 +10:00
Blake Erickson
ae532f8548
FIX: return 422 for an invalid group name on category create
2018-08-30 14:28:55 -06:00
David Taylor
103509b9dd
SECURITY: Prevent users from modifying custom fields
2018-08-30 12:59:36 +01:00
Bianca Nenciu
72ffabf619
UX: Improve email testing admin tool. ( #6308 )
2018-08-29 23:14:16 +02:00
Neil Lalonde
9bf4333491
FIX: redirect to wrong URL after account creation on subfolder install
2018-08-24 10:34:44 -04:00
Joffrey JAFFEUX
82dcc5cbfa
FEATURE: makes reports loadable in bulk ( #6309 )
2018-08-24 15:28:01 +02:00
Osama Sayegh
e0cc29d658
FEATURE: themes and components split
...
* FEATURE: themes and components split
* two seperate methods to switch theme type
* use strict equality operator
2018-08-24 11:30:00 +10:00
Sam
29315b73c2
FIX: improve last_modified date returned for avatars
...
instead of hard coding a date:
1. For optimized images use the upload date when on s3
2. For not-found use 10 minutes ago to match the expiry
2018-08-24 09:36:11 +10:00
Osama Sayegh
2711f173dc
FIX: don't allow inviting more than max_allowed_message_recipients
...
* FIX: don't allow inviting more than `max_allowed_message_recipients` setting allows
* add specs for guardian
* user preferences for auto track shouldn't be applicable to PMs (it auto watches on visit)
Execlude PMs from "Automatically track topics I enter..." and "When I post in a topic, set that topic to..." user preferences
* groups take only 1 slot in PM
* just return if topic is a PM
2018-08-23 14:36:49 +10:00
James Kiesel
cdea969c6a
FEATURE: Make initial admins TL1
...
* Match register controller TL to rake admin:create
* Don't promote if trust_level > 1
2018-08-22 15:45:24 +10:00
Sam
5a6d1ee257
FIX: defer actions in a static method
...
This avoids capturing a huge closure and passing to defer
2018-08-22 14:36:56 +10:00
Gerhard Schlager
17dc8f2490
UX: Wizard resends activation email when user exists
2018-08-21 19:13:41 +02:00
Sam
2d96160192
FEATURE: improve API error reporting for invalid records
2018-08-21 11:54:34 +10:00
Bianca Nenciu
dc5fddbfe6
FIX: Do not show an empty modal when an IP address is allowed or blocked. ( #6265 )
2018-08-20 17:37:30 +02:00
Guo Xiang Tan
b4f92a05b3
FIX: Load more on groups page does not account for params.
...
https://meta.discourse.org/t/cant-scroll-through-list-of-users-groups-if-more-than-one-page/92259
2018-08-20 17:08:50 +08:00
Sam
ce4b12ae59
FIX: if we have not target available do not redirect
2018-08-20 13:10:59 +10:00
Joffrey JAFFEUX
37d4f27c44
FIX: quality/bugfix dashboard/reports pass ( #6283 )
2018-08-17 16:19:25 +02:00
Sam
9628c3cf97
FEATURE: automatically correct extension for bad uploads
...
This fixes with post thumbnails on the fly
2018-08-17 14:00:27 +10:00
Sam
baa72d18f8
FIX: simplify so we ban all auth paths
...
previously plugins that have auth paths were not disallowed and robots
tend to call them
2018-08-16 19:16:47 +10:00
Sam
796164b58c
FIX: automatically correct bad avatars on access
...
Also start relying on upload extension for optimized images
2018-08-16 16:32:56 +10:00
Rafael dos Santos Silva
c8b5e6baae
FEATURE: Use display: browser
in webmanifest for iOS devices
...
Since iOS doesn't have a back button and can have issues on log in.
See https://twitter.com/firt/status/1021477243909033984
2018-08-15 23:36:08 -03:00
Misaka 0x4e21
d4fd19d49a
UX: Replace Google search with Discourse search on not found page
...
* UX: Replace Google search with Discourse search on not found page.
* FIX: Update application_controller_spec.rb.
2018-08-15 11:53:04 +10:00
Régis Hanol
12bab65167
FIX: going from /categories to /latest on mobile might break infinite scrolling
2018-08-15 01:22:03 +02:00
Régis Hanol
de92913bf4
FIX: store the topic links using the cooked upload url
2018-08-14 12:23:32 +02:00
Sam
ad5f502332
FIX: add a basic validator for topic params
...
This cuts down on log noise when people try out sql injection
2018-08-14 17:01:04 +10:00
Sam
6f6b4ff988
regression: don't return from a block
...
also clean up some warnings (shadowed var, unused var)
2018-08-10 14:53:55 +10:00
Gerhard Schlager
b9072e8292
FEATURE: Add "Reset Bump Date" action to topic admin wrench ( #6246 )
2018-08-10 10:51:03 +10:00
Gerhard Schlager
ef4b9f98c1
FEATURE: Allow admins to reply without topic bump
2018-08-10 10:48:30 +10:00
Neil Lalonde
2c4d7225d8
FIX: permalink redirects with subfolder
2018-08-09 11:05:27 -04:00
Sam
ed4c0f256e
FIX: check permalinks for deleted topics
...
- allow to specify 410 vs 404 in Discourse::NotFound exception
- remove unused `permalink_redirect_or_not_found` which
- handle JS side links to topics via Discourse-Xhr-Redirect mechanism
2018-08-09 15:05:12 +10:00
Osama Sayegh
0d45826d22
fix theme previewing ( #6245 )
2018-08-08 10:58:45 +03:00
Osama Sayegh
0b7ed8ffaf
FEATURE: backend support for user-selectable components
...
* FEATURE: backend support for user-selectable components
* fix problems with previewing default theme
* rename preview_key => preview_theme_id
* omit default theme from child themes dropdown and try a different fix
* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
Joffrey JAFFEUX
67ec81babf
FIX: fixes last backup/last_update dates ( #6242 )
2018-08-07 08:19:52 -04:00
Guo Xiang Tan
2b57239389
FIX: Upload's content is the only source of truth for the file type.
2018-08-07 13:15:00 +08:00
Sam
6797395bd0
FIX: staff should be allowed to agree and keep post
2018-08-07 10:05:43 +10:00
Joffrey JAFFEUX
7f2f3b8b22
FIX: improves reports resilience ( #6239 )
...
This commit makes most of the reports now lazy loaded, and making them benefits from graceful failures.
2018-08-06 16:57:40 -04:00
David Taylor
812add18bd
REFACTOR: Serve auth provider information in the site serializer.
...
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
Régis Hanol
535732bdc1
FIX: ensure the 'email_revoked' PM template is customizable
2018-08-03 17:10:20 +02:00
Penar Musaraj
4a872823e7
Improvements to user drafts ( #6226 )
...
* drafts in user profile: only show to user herself (not to admins), use avatar replying to (instead of topic OP), add keyboard shortcut for drafts, simplify display labels
* use JSON when testing Draft.stream
2018-08-02 07:41:27 +10:00
Penar Musaraj
1f45215537
FEATURE: Drafts view in user profile
...
* add drafts.json endpoint, user profile tab with drafts stream
* improve drafts stream display in user profile
* truncate excerpts in drafts list, better handling for resume draft action
* improve draft stream SQL query, add rspec tests
* if composer is open, quietly close it when user opens another draft from drafts stream; load PM draft only when user is in /u/username/messages (instead of /u/username)
* cleanup
* linting fixes
* apply prettier styling to modified files
* add client tests for drafts, includes a fixture for drafts.json
* improvements to code following review
* refresh drafts route when user deletes a draft open in the composer while being in the drafts route; minor prettier scss fix
* added more spec tests, deleted an acceptance test for removing drafts that was too finicky, formatting and code style fixes, added appEvent for draft:destroyed
* prettier, eslint fixes
* use "username_lower" from users table, added error handling for rejected promises
* adds guardian spec for can_see_drafts, adds improvements following code review
* move DraftsController spec to its own file
* fix failing drafts qunit test, use getOwner instead of deprecated this.container
* limit test fixture for draft.json testing to new_topic request only
2018-08-01 16:34:54 +10:00
Guo Xiang Tan
919e8db686
FIX: Check for group name availability should skip reserved usernames.
2018-08-01 11:09:33 +08:00
Neil Lalonde
c12a9279f6
post deleted notification regression because controller was agreeing with all flags too early
2018-07-30 16:45:46 -04:00
Guo Xiang Tan
87537b679c
Drop reply_key
, skipped
and skipped_reason
from email_logs
.
2018-07-30 11:39:28 +08:00
Neil Lalonde
1708ff1808
UX: add a route /rules as an alias for /faq and /guidelines
2018-07-26 15:38:08 -04:00
Joffrey JAFFEUX
330cf78c83
FIX: don’t break browser history on dashboard visit ( #6186 )
2018-07-26 14:59:28 -04:00
David Taylor
0d0d78841b
FIX: Remove plugin.enabled?
checks at initialization time ( #6166 )
...
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
- An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
- In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.
Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.
I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
- `post_custom_fields_whitelist`
- `whitelist_staff_user_custom_field`
- `add_permitted_post_create_param`
2018-07-25 16:44:09 +01:00
Gerhard Schlager
9989c8179d
FIX: Translation for default (light) color scheme was missing
2018-07-25 11:28:14 +02:00
Gerhard Schlager
1ac643d71c
FIX: Email template for "Queued Posts Reminder" was not found
2018-07-24 17:26:52 +02:00
Guo Xiang Tan
fad9c2b971
PERF: Move EmailLog#reply_key
into new post_reply_keys
table.
2018-07-24 13:51:53 +08:00
Guo Xiang Tan
ae8b0a517f
PERF: Split skipped email logs into a seperate table.
2018-07-24 13:14:37 +08:00
David Taylor
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 ( #6099 )
...
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Sam
caa669cf29
FIX: if exclude_category_ids is specified pass it through
...
This allows us to optionally show all topics on latest even if stuff is
suppressed via a plugin
2018-07-23 17:23:00 +10:00
Blake Erickson
37b726982d
Fix silence and unsilenced response bodies
...
Both response bodies had a typo that included suspended_at, so I renamed
it to silenced_at.
2018-07-22 16:08:36 -06:00
Joffrey JAFFEUX
1d5096eb46
FIX: lazy load more reports in dashboard
2018-07-20 23:35:53 -04:00
Joffrey JAFFEUX
1a78e12f4e
FEATURE: part 2 of dashboard improvements
...
- moderation tab
- sorting/pagination
- improved third party reports support
- trending charts
- better perf
- many fixes
- refactoring
- new reports
Co-Authored-By: Simon Cossar <scossar@users.noreply.github.com>
2018-07-19 14:33:11 -04:00
Joffrey JAFFEUX
a2281fbb19
FEATURE: allows to jump to a date in a topic
2018-07-19 16:00:13 +02:00
Régis Hanol
6d6e026e3c
FEATURE: selectable avatars
2018-07-18 12:57:43 +02:00
Vinoth Kannan
f3868fd646
FIX: Create empty user_avatar row if not exist
2018-07-16 14:06:49 +05:30
Sam
ac0053f491
FEATURE: navigate to first post and auto bump category settings
...
### navigate_to_first_post_after_read setting for categories
When enabled on categories logged on users will return to OP after
reading the entire category. (useful for documentation categories)
### num_auto_bump_daily
Set a number of topics that will automatically bump daily on a category.
- Every 15 minutes we will check if any category has this setting
- Categories with the setting are shuffled
- We exclude pinned, closed, category description and archived topics
- Maximum of 1 topic for the list of categories is bumped till limit reached per category
- We always try to bump oldest first
- Limit is elastic using a RateLimiter that ensures that we only bump N per day
Also some minor organisation on category settings
Froze strings on category.rb
2018-07-16 18:10:35 +10:00
Leo McArdle
21ebb1cd54
FEATURE: Secondary emails support.
2018-07-16 11:09:49 +08:00
Vinoth Kannan
06deffc9da
FIX: returns provider_not_enabled error even if enabled
2018-07-13 22:49:30 +05:30
Guo Xiang Tan
9647a0a4bc
Remove unnecessary complex method.
2018-07-13 15:34:28 +08:00
Guo Xiang Tan
711371e8c8
FIX: Select+below will ask server for post ids on megatopics.
2018-07-13 15:10:39 +08:00
Kyle Zhao
2901691e87
FEATURE: per-category approval settings ( #5778 )
...
- disallow moving topics to a category that requires topic approval
2018-07-13 12:51:08 +10:00
Guo Xiang Tan
258e9e35ca
PERF: Make mega topics work without a stream.
...
There are tradeoffs that we took here. For the complete
story see
https://meta.discourse.org/t/performance-improvements-on-long-topics/30187/27?u=tgxworld .
2018-07-12 12:46:12 +08:00
OsamaSayegh
decf1f27cf
FEATURE: Groundwork for user-selectable theme components
...
* Phase 0 for user-selectable theme components
- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
David Taylor
9a813210b9
SECURITY: Do not allow authentication with disabled plugin-supplied a… ( #6071 )
...
Do not allow authentication with disabled plugin-supplied auth providers
2018-07-09 14:25:58 +10:00
Maja Komel
18f5f646b1
FEATURE: allow selecting a tag when moving posts to a new topic ( #6072 )
2018-07-06 18:21:32 +02:00
Arpit Jalan
b9835cc392
FIX: do not use scheduler for uploading csv file for invite
...
Since the bulk invite process already happens in a dedicated Sidekiq job
2018-07-04 13:28:11 +05:30
Sam
e72fd7ae4e
FIX: move crawler blocking into anon cache
...
This refinement of previous fix moves the crawler blocking into
anonymous cache
This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 11:14:43 +10:00
Sam
7f98ed69cd
FIX: move crawler blocking to app controller
...
We need access to site settings in multisite, we do not have access
yet if we attempt to get them in request tracker middleware
2018-07-04 10:30:50 +10:00
Sam
6a54da0902
FIX: raise invalid params for bad callback
...
Corrects it so we raise a 400 instead of logged 500 error
2018-06-29 10:43:33 +10:00
Sam
982df3c17b
FIX: return status 400 for invalid member params
...
previously error returned was a 500 which is not ideal
and is logged
2018-06-29 10:15:17 +10:00
Robin Ward
fd7bb8e656
FIX: Scope the cn
to the subfolder
2018-06-28 11:03:36 -04:00
Arpit Jalan
2c971c41f6
FIX: post deletions rate limit per day was not working
2018-06-28 19:21:27 +05:30
Arpit Jalan
a6d50d1ff7
FEATURE: new settings to control posts deletions rate limit
2018-06-28 17:03:37 +05:30
Arpit Jalan
c352f8eb15
FEATURE: rate limit post deletions to 50 per day
2018-06-28 16:38:58 +05:30
Maja Komel
ec3e6a81a4
FEATURE: Second factor backup
2018-06-28 10:12:32 +02:00
Arpit Jalan
6bcdc3ba4b
FEATURE: allow author to delete posts irrespective of post_edit_time_limit
2018-06-26 21:43:06 +05:30
Arpit Jalan
7efdccdbc5
FIX: allow staff to remove tags from queued topics
2018-06-26 17:08:40 +05:30
Joffrey JAFFEUX
95d99de7b4
FIX: hides durability section in dashboard if backups are disabled
2018-06-20 22:26:37 +02:00
Guo Xiang Tan
0365806b93
FIX: Properly display error when post action fails to create.
2018-06-20 21:20:23 +08:00
Sam
5f64fd0a21
DEV: remove exec_sql and replace with mini_sql
...
Introduce new patterns for direct sql that are safe and fast.
MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API
- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder
See more at: https://github.com/discourse/mini_sql
2018-06-19 16:13:36 +10:00
Joffrey JAFFEUX
f2dbe66367
FEATURE: adds a /admin/reports route to list all reports
2018-06-18 12:31:56 +02:00
Rafael dos Santos Silva
51cb38783e
FIX: start_url was wrong in non-subfolder
2018-06-15 14:29:33 -03:00
Rafael dos Santos Silva
8fc08aad09
FEATURE: Update the webmanifest
...
- Remove share target because the spec is changing
- Allow any orientation again because natural is too restrictive
- Use correct file and mime types for the manifest
2018-06-14 00:13:28 -03:00
Sam Saffron
030e322a39
FEATURE: block top level /my/ routes
2018-06-12 19:47:45 +10:00
Jeff Wong
44ee26721a
FIX: add check for missing assets file in development
2018-06-11 11:18:34 -07:00
Arpit Jalan
f9ab3848ed
FEATURE: support disabling emails for non-staff users
2018-06-07 18:31:08 +05:30
Guo Xiang Tan
ad5082d969
Make rubocop happy again.
2018-06-07 13:28:18 +08:00
Sam
89ad2b5900
DEV: Rails 5.2 upgrade and global gem upgrade
...
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated
Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
Vinoth Kannan
d8e641cd98
FIX: avatar_url includes upload_path twice when local storage used
2018-06-06 18:27:30 +05:30
Guo Xiang Tan
a83ab01264
REFACTOR: Remove extra param for group mentionable and messableable route.
2018-06-06 09:42:09 +08:00
Arpit Jalan
f8d82f135f
FIX: do not verify group visibility when checking for mentionable/messageable
2018-06-05 16:59:21 +05:30
Guo Xiang Tan
95f9b72351
FIX: Update activation email route was returning a generic json error.
2018-05-31 14:19:43 +08:00
Guo Xiang Tan
21e9315416
FIX: Use user account email instead of auth email when totp is enabled.
...
https://meta.discourse.org/t/github-2fa-flow-broken/88674
2018-05-30 12:15:12 +08:00
Guo Xiang Tan
a081771950
Merge pull request #5872 from OsamaSayegh/users-controller-specs-to-request
...
REFACTOR: users contollers specs => request specs
2018-05-28 13:32:37 +08:00
OsamaSayegh
449399bef3
return 403 forbidden when local logins disabled
2018-05-26 05:18:19 +03:00
Régis Hanol
5b2e7c8d10
fix the build
2018-05-26 03:11:10 +02:00
Robin Ward
4195c7c9ea
FEATURE: Ability to clear a user's penalty history
...
You can do this manually if you want to allow them to reach TL3 without
their penalty history counting against them.
2018-05-25 12:54:22 -04:00
Guo Xiang Tan
569f63b8a2
Merge pull request #5825 from featheredtoast/extend-service-worker-cache
...
FIX: update cache times for service workers
2018-05-25 09:28:17 +08:00
Sam
53b97b28f0
FIX: in rare conditions post timing would miss the user
2018-05-24 15:38:33 +10:00
Neil Lalonde
3db1032bfd
FIX: not found page shouldn't include the Google search form for sites with login_required enabled
2018-05-23 16:59:02 -04:00
Blake Erickson
3edca8b104
Return a 403 instead of 200 when trying to delete a user with posts
...
See [this commit][1] for more info
[1]: bd352a17bf
2018-05-22 17:02:02 -06:00
Sam
3e06def856
FIX: If we have no logo defined use sketch in manifest
2018-05-22 12:10:59 +10:00
Sam
788ca1f112
FIX: stop adding email to unsubscribe url
...
Instead of adding email to unsubscribe url store it in redis for 1 hour
rate limit calls to unsubscribe endpoint to ensure there is no risk of
bloating redis
Also move controller to request specs
2018-05-22 09:07:03 +10:00
Guo Xiang Tan
467d91347a
Missing specs for Group
, Tag
, Category
and Flag
web hooks.
2018-05-21 17:29:58 +08:00
Arpit Jalan
9f422c93f6
FIX: restrict updates on confirm_old_email
email templates
2018-05-19 12:19:59 +05:30
Arpit Jalan
003b7f06ad
FIX: rescue specific error
2018-05-18 09:52:16 +05:30
Jeff Wong
04c7dbafa3
FIX: manifest.json better detection at mime type. Find size if uploaded
2018-05-17 14:45:24 -07:00
Jeff Wong
41ffafb65e
FIX: best effort at returning correct mime types in manifest.json
2018-05-17 12:14:39 -07:00
Régis Hanol
53f8f6095d
FEATURE: staff action logs when creating/updating/deleting badges
2018-05-17 18:09:27 +02:00
Arpit Jalan
9532d9a555
FIX: handle invalid tags
2018-05-17 19:33:12 +05:30
Régis Hanol
131b7f5da5
make 🤖 rubocop happy
2018-05-16 16:35:04 +02:00
Joe Buhlig
3cd4c82c49
Allow parameters for group and username filters on directory ( #5815 )
2018-05-16 16:20:17 +02:00
Régis Hanol
5e97a9bfb7
FIX: tags in a 'visible by everyone but usable only by staff' group weren't visible by everyone
2018-05-16 09:48:19 +02:00
Sam
ff90881238
DEV: fix live refresh if you have a custom theme selected in dev
2018-05-16 17:25:49 +10:00
Sam
21e0b7c818
avoid async report pattern and replace with simpler hijack
2018-05-16 16:05:03 +10:00
Sam
193b6d5651
UX: improve new dashboard
...
- top referred topics
- limit search logs to 8 results
2018-05-15 15:08:36 +10:00
Jeff Wong
e4a33cbc0a
FIX: update cache times for service workers
...
Add a last modified time.
Register newer service workers and claim clients more quickly.
2018-05-14 12:29:24 -07:00
Régis Hanol
e9abdaebbe
UX: show an enveloppe icon when a badge is used in messages
...
- the badge count now includes messages
- only show the message badges to admins
2018-05-14 19:02:00 +02:00
Sam
6332d5040d
UX: switch dashboard to be the new dashboard
...
Also:
- add pageviews
- add problems and version sections
2018-05-14 13:07:59 +10:00
Sam
bc9e0d46af
PERF: use cached reports for dashboard if available
2018-05-14 12:01:44 +10:00
Régis Hanol
37232fcb58
FIX: staff members should see all tags
2018-05-13 17:50:21 +02:00
Régis Hanol
2cf6fb7359
FIX: always unstage users when they log in
2018-05-13 17:00:02 +02:00
Régis Hanol
be6404d651
FIX: redirect users after signing up with a social login when using SSO provider
2018-05-13 16:03:11 +02:00
Régis Hanol
09cf35c760
FIX: redirect users after signing up using SSO provider
2018-05-12 00:41:27 +02:00
Régis Hanol
abda21a41f
Revert "FIX: redirect to sso_destination_url after account activation"
...
This reverts commit 0402e97368
.
2018-05-11 22:55:45 +02:00
Régis Hanol
0402e97368
FIX: redirect to sso_destination_url after account activation
2018-05-11 19:57:04 +02:00
Régis Hanol
2958e17cde
remove duplicate code
2018-05-11 12:16:37 +02:00
Sam
8a783412b7
UX: improvements to new dashboard
...
- remove inactive user report and replace with posts
- clean up internals so grouping by week happens on client
- when switching periods old report was not destroyed leading to bugs
- calculate trend based on previous interval ... not previous 30 days
- show percentages for mau/dau
- be more careful about utc date usage
- show uniqu and click through rate on search panel
- publish key of report with report so we only load the correct one
- subscribe earlier in channel in case of concurrency issues
2018-05-11 13:30:32 +10:00
Blake Erickson
bd352a17bf
FIX: Show a json api response when deleting a user with posts
...
A 500 error was actually caused with no response when using the api, so
it wasn't very clear that you need to delete the posts first when using
the api.
2018-05-10 13:04:36 -06:00
Guo Xiang Tan
bbc85258c9
Rename display_plugins
-> visible_plugins
.
2018-05-09 07:52:45 +08:00
Arpit Jalan
83245aa508
FIX: better handling of invite links after they are redeemed
...
FIX: deprecate invite_passthrough_hours setting
2018-05-08 20:17:57 +05:30
Guo Xiang Tan
c6f45fcfdb
Expose an API for plugins to be hidden on the admin plugin page.
2018-05-08 13:24:58 +08:00
Arpit Jalan
3a6e137e70
FIX: add context for deactivated user logs
2018-05-08 08:18:04 +05:30
Misaka 0x4e21
ff6be3c2e3
FEATURE: add profile_background fields into SSO ( #5701 )
...
Add profile_background and card_background fields into Discourse SSO.
2018-05-07 10:03:26 +02:00
Guo Xiang Tan
aa0d32231c
FIX: Incorrect query when removing a group owner.
...
https://meta.discourse.org/t/group-rename-and-group-owners-removal-problems/85596
2018-05-07 13:57:00 +08:00
Jeff Wong
91b31860a1
Feature: Push notifications for Android ( #5792 )
...
* Feature: Push notifications for Android
Notification config for desktop and mobile are merged.
Desktop notifications stay as they are for desktop views.
If mobile mode, push notifications are enabled.
Added push notification subscriptions in their own table, rather than through
custom fields.
Notification banner prompts appear for both mobile and desktop when enabled.
2018-05-04 15:31:48 -07:00
Neil Lalonde
a0447b47e0
UX: when deleting a user, show a modal indicating that the delete is happening. User hijack so requests don't time out.
2018-05-03 16:18:19 -04:00
Joffrey JAFFEUX
980972182f
dashboard next: caching, mobile support and new charts
2018-05-03 15:41:41 +02:00
Neil Lalonde
bd77795d7a
REFACTOR: move support for user card badge images to a plugin discourse-user-card-badges
2018-04-26 13:25:24 -04:00
Robin Ward
a5172a37e0
Allow staff members to enable safe mode, even if disabled
2018-04-25 11:49:57 -04:00
Gerhard Schlager
ed4c0c4a63
FEATURE: Add option to delete all replies of flagged post
2018-04-24 11:08:05 -04:00
Sam
146a6c3592
FIX: exclude topics from latest in /categories on refresh
...
When you hit refresh on categories page it would not supress correctly
2018-04-24 11:07:26 -04:00
Robin Ward
fd14ee4797
FEATURE: Allow safe mode to be disabled
2018-04-24 11:03:33 -04:00
Sam
54d153068a
DEV: remove qunit rails fork and add a couple of async tests
2018-04-23 16:42:40 +10:00
Guo Xiang Tan
70d181bff8
FIX: Better error message in GroupsController#add_members
.
...
https://meta.discourse.org/t/cant-add-members-to-a-group/85738?u=tgxworld
2018-04-20 10:28:52 +08:00
Rafael dos Santos Silva
9014ca4624
FEATURE: Enable the Web Share Target API
...
This will allow a Discourse instance that was installed[1] to receive share events.
See https://wicg.github.io/web-share-target/ for the spec.
1: https://developers.google.com/web/fundamentals/app-install-banners/
2018-04-19 17:00:05 -03:00
Arpit Jalan
91bf10bd12
FIX: create upload record for exported csv files
2018-04-20 00:27:49 +05:30
Joffrey JAFFEUX
0e414d0890
dashboard next: trending search report
...
This commit also improves how data is loaded sync and async
2018-04-19 18:19:21 +02:00
Joffrey JAFFEUX
01c061d20d
dashboard next: perf and UI tweaks
...
* cache CORE reports
* adds backups/uploads section
* few css tweaks
2018-04-18 21:30:41 +02:00
Robin Ward
3d7dbdedc0
FEATURE: An API to help sites build robots.txt files programatically
...
This is mainly useful for subfolder sites, who need to expose their
robots.txt contents to a parent site.
2018-04-16 15:43:20 -04:00
Arpit Jalan
9353ae4b5d
Remove obsolete per topic unsubscribe page.
2018-04-16 16:11:20 +05:30
Joffrey JAFFEUX
0e15a575f4
EXPERIMENTAL: new dashboard UI
...
This is the first iteration of an effort towards making a very good dashboard.
Until we feel confident this is good, this dashboard will only be accessible through /admin/dashboard_next
2018-04-16 10:42:06 +02:00
Arpit Jalan
a1ef455c78
SECURITY: do not show private topic title on /unsubscribed page
2018-04-16 10:35:57 +05:30
Arpit Jalan
a8a12eb2d9
SECURITY: do not disclose topic titles on /unsubscribed page to unauthorized users
2018-04-15 18:01:58 +05:30
Arpit Jalan
18f50ca01a
FIX: parameterize tag_id
2018-04-14 16:42:53 +05:30
Sam
3632b8d8d6
FEATURE: provide extra signal about content age to crawlers
...
Adds Last-Modified field to help teach crawlers not to crawl old content
2018-04-13 14:58:33 +10:00
Régis Hanol
df7970a6f6
prefix the robots.txt rules with the directory when using subfolder
2018-04-11 22:05:02 +02:00
Arpit Jalan
9ca6ebe8fe
FEATURE: enforce tagging on categories
2018-04-11 07:15:24 +05:30
Arpit Jalan
3a86a2588c
FIX: bulk append/replace tags was not working
2018-04-10 13:01:03 +05:30
Sam
5925a581db
array is not supported here, use a simple comma delimited list
2018-04-10 14:37:10 +10:00
Guo Xiang Tan
d9d86577ff
FIX: Staff users are not affected by enable_group_directory
site setting.
2018-04-10 09:22:01 +08:00
Guo Xiang Tan
c82b2dcc24
Remove admin group management pages.
2018-04-09 15:14:50 +08:00
Arpit Jalan
185d6ac747
FIX: use safe navigation operator when checking for totp_enabled
2018-04-09 12:33:41 +05:30
Guo Xiang Tan
0623785f69
FIX: Prevent group owners from editing admin only settings.
2018-04-06 11:44:58 +08:00
Sam
3a7b696703
FEATURE: allow for setting crawl delay per user agent
...
Also moved to default crawl delay bing so no more than a req every 5 seconds is allowed
New site settings:
"slow_down_crawler_user_agents" - list of crawlers that will be slowed down
"slow_down_crawler_rate" - how many seconds to wait between requests
Not enforced server side yet
2018-04-06 10:15:23 +10:00
Gerhard Schlager
cd6a99a027
FEATURE: Send a different PM when a post has been hidden more than once
2018-04-05 14:03:21 +02:00
Guo Xiang Tan
e36e9de28a
Allow admin to view logs of automatic groups.
2018-04-05 16:31:55 +08:00
Guo Xiang Tan
8760c4d68c
Fix GroupsController#group_params
to allow more group attributes to be updated.
2018-04-05 13:53:00 +08:00
Vinoth Kannan
434cbc649f
FEATURE: Webhook for tag events
2018-04-04 17:49:20 +05:30
Vinoth Kannan
16341219ab
Log exception if remote theme importing failed
2018-04-02 20:10:18 +05:30
Guo Xiang Tan
142571bba0
Remove use of rescue nil
.
...
* `rescue nil` is a really bad pattern to use in our code base.
We should rescue errors that we expect the code to throw and
not rescue everything because we're unsure of what errors the
code would throw. This would reduce the amount of pain we face
when debugging why something isn't working as expexted. I've
been bitten countless of times by errors being swallowed as a
result during debugging sessions.
2018-04-02 13:52:51 +08:00
Vinoth Kannan
efb19dbdaf
Merge pull request #5705 from discourse/new_webhooks
...
FEATURE: Webhook for group and category events
2018-04-02 10:53:21 +05:30
Guo Xiang Tan
87e3779085
Merge pull request #5702 from kevinelliott/feature/20180323-fix-mass-assignment
...
20180323 Fix Mass Assignment Warning
2018-04-02 10:19:25 +08:00
Robin Ward
22b631510c
FIX: Silenced user wasn't being linked properly
2018-03-29 17:07:09 -04:00
Neil Lalonde
73c1d3e7fe
FIX: tag notification preferences were being cleared when other preferences were changed
2018-03-29 15:08:32 -04:00
Guo Xiang Tan
52e75eaee9
UX: Tweaks to group pages.
2018-03-29 17:04:48 +08:00
Robin Ward
eab64710ff
FIX: Shared draft performance fix + missing avatars
2018-03-28 16:11:43 -04:00
Robin Ward
4b5977aa6a
Revert "PERF: Don't join on shared drafts unless you have to"
...
This reverts commit efedd9745f
.
2018-03-28 15:35:13 -04:00
Robin Ward
efedd9745f
PERF: Don't join on shared drafts unless you have to
2018-03-28 13:57:39 -04:00
Guo Xiang Tan
21ae49ab92
Simplify log in for request specs.
2018-03-28 11:32:47 +08:00
Guo Xiang Tan
70be8124a3
SECURITY: Don't expose development route in production.
2018-03-28 11:32:47 +08:00
Neil Lalonde
7311023a52
Merge pull request #5700 from discourse/crawl-block
...
FEATURE: control web crawlers access with white/blacklist
2018-03-27 15:06:03 -04:00
Vinoth Kannan
ff9d7a9bfb
FIX: authComplete query param should carry-forward to login page
2018-03-27 17:22:07 +05:30
Guo Xiang Tan
7edab1c0b9
UX: Add groups/custom/new
route for admins to create a new group.
2018-03-27 17:39:05 +08:00
Gerhard Schlager
558914b986
Fix random spec errors
2018-03-27 11:14:06 +02:00
Vinoth Kannan
e7407d0adc
FEATURE: Webhook for group and category events
2018-03-27 11:53:35 +05:30
Guo Xiang Tan
2ecd234e27
UX: Consolidation group manangement into a single tab.
2018-03-27 13:34:46 +08:00
Neil Lalonde
f2c060bdf2
FEATURE: option for tags in a tag group to be visible only to staff
2018-03-26 17:05:09 -04:00
Guo Xiang Tan
dcd1d422d1
UX: Allow admins to set users as owners while adding users.
...
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084/9
2018-03-26 17:33:50 +08:00
Guo Xiang Tan
35745166b5
UX: New group membership management workflow.
...
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084
2018-03-26 16:15:02 +08:00
Kevin Elliott
fa0868fc3f
Explicit param permit and assignment cleanup.
2018-03-23 09:59:31 -07:00
Robin Ward
5f19ad9507
FIX: allow destination categories to be set if not at first
2018-03-23 11:33:02 -04:00
Robin Ward
38af67eb73
Update the destination category id when a user changes it
2018-03-23 11:12:56 -04:00
Guo Xiang Tan
7a4b70ef58
UX cleanup changes to 2FA flow.
2018-03-23 11:05:36 +08:00
Neil Lalonde
ced7e9a691
FEATURE: control which web crawlers can access using a whitelist or blacklist
2018-03-22 15:41:02 -04:00
Guo Xiang Tan
f3b402ffd5
UX: Allow users to filter members on group page.
...
* Only admins are allowed to filter users by email.
2018-03-22 14:02:41 +08:00
Arpit Jalan
d96c1058a2
FEATURE: add staff action log for 'restore topic'
2018-03-21 18:04:13 +05:30
Guo Xiang Tan
a23509cbf3
UX: Limit the number of group names displayed on user page.
2018-03-21 16:38:33 +08:00
Guo Xiang Tan
9f216ac182
FIX: Infinite loading more on groups page.
2018-03-21 09:25:42 +08:00
Robin Ward
b9abd7dc9e
FEATURE: Shared Drafts
...
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.
* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.
* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.
* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.
* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
2018-03-20 17:15:26 -04:00