Commit Graph

1436 Commits

Author SHA1 Message Date
Sam
f555bbb416 FEATURE: long descriptions for badges to help teach people 2015-02-27 17:19:18 +11:00
Sam
71d6266f98 REGRESSION: exceptions are handled natively by logster 2015-02-27 13:05:51 +11:00
Robin Ward
3e2ba5b30b FIX: If an IP is blocked, don't allow people to login using it 2015-02-25 16:02:40 -05:00
Robin Ward
005b8bf7c3 FIX: When creating a SSO user via sync, do not user the IP address. 2015-02-25 14:41:23 -05:00
Régis Hanol
cf00e73ed8 Merge pull request #3234 from fullfatthings/add_remove_group_members_by_id_or_name
Allow adding and removing members of groups by username or id
2015-02-25 17:30:25 +01:00
Arpit Jalan
a8b927da91 FEATURE: add canonical tag to category latest page 2015-02-25 20:46:45 +05:30
Dan Singerman
1c545d4c1e Allow adding and removing members of groups by username or id
As discussed here: https://meta.discourse.org/t/discourse-gem-group-add/25668/2.
2015-02-25 14:52:13 +00:00
Sam
fe578f9944 FEATURE: Allow manual assignment of related post to badge
PERF: clean up performance of user badges admin when large number of badges exist
2015-02-25 12:53:01 +11:00
Sam
130dbf7358 PERF: don't run stats query in user card 2015-02-24 13:31:23 +11:00
Sigurður Guðbrandsson
96e6fd3449 Cleaned up the sso codefix, thanks @SamSaffron
@SamSaffron showed me a cleaner way to use the if statements in the sso redirect code.

Thanks sam ;)
2015-02-23 22:10:44 +00:00
Sigurður Guðbrandsson
334a357363 FIX: Forward to SSO login automatically
Forward to SSO login URL automatically if SSO is enabled and login is required.

Makes it simpler for users to log in automatically.
2015-02-23 21:20:36 +00:00
Robin Ward
ca5730018a FIX: SSO code should respect IP address filters 2015-02-23 16:01:46 -05:00
Robin Ward
8186d86f38 FIX: Enforce max length for custom user fields 2015-02-23 13:02:30 -05:00
Sam
5266ad4539 Merge pull request #3183 from riking/json-errors-2
Consolidate custom exception handling
2015-02-23 16:58:05 +11:00
riking
ecb911285d Fix the render_json_error api 2015-02-22 21:28:50 -08:00
Sam
6960639c58 Merge pull request #3190 from riking/thrown_logging
Delete old ErrorLog, use Logster for 500 errors
2015-02-23 14:19:16 +11:00
Régis Hanol
20c9a312c7 FIX: clicks counter on attachments wasn't always working 2015-02-22 20:47:18 +01:00
Sam
17927b2e8b FIX: don't use flash cause we are not redirecting
(we should probably change that though)
2015-02-20 10:28:58 +11:00
Neil Lalonde
16bea87fd3 Merge master 2015-02-19 16:17:51 -05:00
Sam
67f404d281 FIX: remove notifications on deleted topics from the stream 2015-02-19 12:40:00 +11:00
Sam
59a28bf5c1 regression: bookmarked may be missing, do not fail 2015-02-19 11:42:01 +11:00
Sam
b041b3f67f FIX: bookmark topic was not working intuitively
- explicitly call out "clear bookmarks"
- correct keyboard shortcuts
- properly remove bookmarks when toggeling
2015-02-19 10:58:57 +11:00
Loïc Guitaut
395654bf24 Fix regression on editing private messages
v1.2.0beta9 has introduced a regression in edit of a private topic
(first post). Previously a check for no change in TopicsController was
made but it has been changed without considering that the topic could
be private.

By simply forcing a conversion of `topic.category_id` to integer, the case
where its value is nil is handled correctly as it was previously.
2015-02-18 00:41:16 +01:00
Sam
6c09b6739d BUG: minor, do not send access origin if not set 2015-02-17 09:58:43 +11:00
Régis Hanol
0b45054e2b FIX: couldn't uncategorize a topic 2015-02-16 10:31:36 +01:00
Robin Ward
3ce2077aa8 Migrate unsubscribe keys to the database.
This should reduce a lot of the keys in redis.
2015-02-13 14:24:15 -05:00
Sam
ca915e8ad7 correct issue under 2.0.0 2015-02-11 17:41:24 +11:00
Sam
9a59caf800 add regexp to reporting 2015-02-11 17:23:54 +11:00
Sam
e427d54191 FEATURE: show large objects in admin/memory_stats 2015-02-11 17:18:47 +11:00
Régis Hanol
c4e427cf73 FEATURE: filter screened IP addresses 2015-02-10 19:38:59 +01:00
Robin Ward
8d46de4819 Add a spec for the new plugins controller 2015-02-10 12:35:53 -05:00
Sam
39e828dee4 improve formatting 2015-02-10 15:59:08 +11:00
Sam
d5405eebde Add basic snapshot comparison for tracking memory leaks 2015-02-10 15:54:16 +11:00
Sam
1d99f5c9c0 FEATURE: add process stats to memory report 2015-02-10 12:34:01 +11:00
Sam
3aea00473b FEATURE: improve memory reporting of /admin/memory_stats 2015-02-10 11:48:30 +11:00
riking
68ccd2d664 FEATURE: All 500 errors now show up in Logster
Added Discourse.handle_request_exception()
2015-02-09 12:48:33 -08:00
riking
5657006aca Rename handle_exception to handle_job_exception 2015-02-09 12:47:46 -08:00
riking
8d39480831 use symbols for error types (squash me) 2015-02-09 10:20:00 -08:00
Régis Hanol
1e6f886886 FIX: use distributed mutex to prevent errors when uploading emojis in batches 2015-02-09 18:54:57 +01:00
Lincoln Lee
02f3f8c1b3 Fix customize HTML/CSS only show desktop code
custom_top and custom_footer method in SiteCustomization is setting
:desktop as default argument for `target`

It output the desktop version of the custom_top, custom_footer even
user in mobile_view.

This fix is adding the missing target into method argument.
2015-02-10 00:48:42 +08:00
Sam
e8323fa534 FIX: removing a group from a user was not removing primary group 2015-02-09 16:03:09 +11:00
riking
a16aa9fde8 HACK: Keep old behavior for topics#show 2015-02-08 13:56:56 -08:00
riking
8cf21f2363 FEATURE: Refactor error returns in application_controller 2015-02-08 13:40:38 -08:00
Robin Ward
3d7b534564 FEATURE: New "Plugins" admin section with extensibility support 2015-02-06 17:33:24 -05:00
Régis Hanol
8e2d84ee27 Merge pull request #3174 from riking/patch-poll
FIX: Allow closing polls in multi-locale sites
2015-02-06 09:44:44 +01:00
Sam
95f8b3ed4c FIX: status route should be served as text not html 2015-02-06 15:56:21 +11:00
riking
06f02ce9fc FIX: 🈂️ Allow closing polls in multi-locale sites 2015-02-05 19:55:03 -08:00
Sam
3a0cd0b760 make custom fields a bit more permissive input wise 2015-02-06 09:03:23 +11:00
Robin Ward
4e64d16a47 FEATURE: Allow plugins to log staff actions 2015-02-05 15:26:34 -05:00
Régis Hanol
f1403206ca Merge pull request #3169 from riking/patch-3
SECURITY: Don't leak topic title in the redirect
2015-02-05 12:47:58 +01:00
Arpit Jalan
026df5185e FIX: subcategory url was incorrect in rss 2015-02-05 13:22:28 +05:30
Robin Ward
25daca8f23 Helpers for plugins to support enabling/disabling 2015-02-04 16:23:56 -05:00
riking
4c8850108a SECURITY: Don't leak topic title in the redirect 2015-02-04 11:55:39 -08:00
Sam
67eccee990 FEATURE: basic disk space usage stats 2015-02-04 18:05:17 +11:00
Arpit Jalan
68377ba4ab add class for container div on 404 page 2015-02-04 00:40:21 +05:30
Régis Hanol
0e5c9b2590 small upload code refactor 2015-02-03 18:44:18 +01:00
Ryan Fox
c3f21dcdfc Remove the .json part from the external_id value when using it to lookup a user. 2015-02-02 12:58:02 -05:00
Ryan Fox
1f0915bf83 Allow periods in the external_id value used in the /users/by-external route. 2015-02-02 12:55:32 -05:00
Sam
b1f81c0dca Merge pull request #3080 from riking/misc
Miscellaneous fixes from PR#3000
2015-01-30 10:23:17 +11:00
Sam
ea7af7a83b Merge pull request #3135 from longhotsummer/fix-no-user-params
FIX: creating a user shouldn't error when optional fields aren't given
2015-01-30 10:12:57 +11:00
Neil Lalonde
67b262b93e Merge branch 'master' of github.com:discourse/discourse 2015-01-29 17:39:52 -05:00
Neil Lalonde
644c7a4675 FEATURE: Add an option to show custom user fields on profiles. Default is to not show them. 2015-01-29 17:38:39 -05:00
riking
85a7b925c7 Miscellaneous fixes from PR#3000
FIX: Don't require login to view post raw
FIX: Don't submit read-guidelines for anonymous users (causes
unnecessary 403 errors from ensure_logged_in)
FIX: Don't pass nil to an array serializer
2015-01-29 13:56:32 -08:00
Sam
a6ce188f35 Merge pull request #3126 from riking/latest-posts
Latest posts endpoint at /posts.json
2015-01-30 08:55:45 +11:00
Robin Ward
f028b51620 Add post parameters so plugins like akismet can use it for spam
prevention.
2015-01-29 13:09:35 -05:00
Robin Ward
1f40807001 Add extensibility point for whenever a post is created 2015-01-29 12:46:29 -05:00
Arpit Jalan
4e4bb736a8 build is failing :fired: 2015-01-29 15:18:38 +05:30
Arpit Jalan
e8db47a1fe FIX: PMs were not allowed to be edited in some cases 2015-01-29 15:00:11 +05:30
Régis Hanol
cd2c9edb46 FIX: 🐛 upload on IE9 wasn't working :'(
- FIX: make sure we set a default name to a pasted image only on Chrome (the only browser that supports it)
- FIX: use ".json" extension to uploads endpoints since IE9 doesn't pass the correct header
- FIX: pass the CSRF token in a query parameter since IE9 doesn't pass it in the headers
- FIX: display error messages comming from the server when there is one over the default error message
- FIX: HACK around IE9 security issue when clicking a file input via JavaScript (use a label and set `visibility:hidden` on the input)
- FIX: hide the "cancel" upload on IE9 since it's not supported
- FIX: return "text/plain" content-type when uploading a file for IE9 in order to prevent it from displaying the save dialog
- FIX: check the maximum file size on the server 💥
- update jQuery File Upload Plugin to v. 5.42.2
- update JQuery IFram Transport Plugin to v. 1.8.5
- update jQuery UI Widget to v. 1.11.1
2015-01-28 19:43:20 +01:00
Robin Ward
8fc477ab07 More refactoring to support extensibility of history 2015-01-28 13:37:06 -05:00
Robin Ward
d43944b3ed Extensibility for tracking changes to a topic 2015-01-28 13:37:06 -05:00
Greg Kempe
d99ccf6d27 FIX: creating a user shouldn't error when optional fields aren't provided
This fixes a bug where the server would 500 if the only user fields
where optional ones, and the create_user call didn't provide any
values so that params[:user_fields] was nil.

Additionally, don't bother double-checked for required fields, since we
iterate over all fields and will catch any that are required and blank.
2015-01-27 11:48:27 +02:00
Sam
497042ddf2 FIX: don't restrict to local filesystem for df check
FIX: check correct directory when looking at backup limits
2015-01-27 08:25:57 +11:00
riking
9e9119d1c1 FEATURE: Enable pagination of /posts.json 2015-01-23 21:22:19 -08:00
riking
1d24d8471e FEATURE: Latest posts endpoint at /posts.json 2015-01-23 21:16:03 -08:00
riking
fb72e2665f PERF 🐎 Don't calculate preload data for non-xhr json requests
This will help out anyone querying as API instead of through a
browser.
2015-01-23 21:14:58 -08:00
Régis Hanol
f7f5e39f75 FIX: Minor Admin bug with a setting when creating a new group 2015-01-23 20:31:48 +01:00
Régis Hanol
256519dddf FEATURE: automatic group membership based on email address 2015-01-23 18:25:43 +01:00
Robin Ward
f5e0cf63f6 SECURITY: The SSO return_path was an open redirect
This security fix needs SSO to be configured, and the user has to go
through the entire auth process before being redirected to the wrong host so
it is probably lower priority for most installs.
2015-01-22 12:33:07 -05:00
Robin Ward
b3a2c0c45b SECURITY: The SSO return_path was an open redirect
This security fix needs SSO to be configured, and the user has to go
through the entire auth process before being redirected to the wrong host so
it is probably lower priority for most installs.
2015-01-22 12:20:17 -05:00
Régis Hanol
e300945879 FEATURE: split group admin in 2 tabs (custom & automatic)
FIX: clear the user-selector when adding new members
2015-01-21 20:52:48 +01:00
Neil Lalonde
7412ff4da7 FIX: suspended users are logged out when they are suspended. Show a reason for suspension when they try to log in. 2015-01-19 12:37:02 -05:00
riking
1ab0d6bd82 FEATURE: Log username changes by staff
Also fix the tests for changing username
2015-01-17 02:26:12 -08:00
Régis Hanol
7a86abd105 Merge pull request #3084 from jmay/group-managers
table & model changes for group managers with permission to edit members
2015-01-16 12:02:38 +01:00
Robin Ward
987504c6ab Rename no_js layout to no_ember
While *sometimes* `no_js` was used for visitors without js (for example
disabling it on your browser) it was also used for some pages that were
disabled to JS capable browsers, including the 404 page.

Even worse, sometimes it was used on pages that *had* Javascript, such
as our `/activate-account` route. It has been renamed to `no_ember` to
indicate what it really is, a layout for the site that doesn't load our
Ember.js application.
2015-01-15 15:56:53 -05:00
Arpit Jalan
c619aed8f9 💄 add username and date-time in exported file name 2015-01-16 01:39:46 +05:30
Jason W. May
a2b284a0a4 table & model changes for group managers with permission to edit membership 2015-01-15 11:44:42 -08:00
Régis Hanol
6734a51b6a move SiteText.{head,top,bottom} to SiteCustomization 2015-01-14 12:15:53 +01:00
Robin Ward
f3b72f5d96 Revert "move SiteText.{head,bottom} to SiteCustomization and remove redundant SiteText.top"
This reverts commit 6ee2849df6.
2015-01-12 20:21:22 -05:00
Régis Hanol
6ee2849df6 move SiteText.{head,bottom} to SiteCustomization and remove redundant SiteText.top 2015-01-12 19:59:43 +01:00
Régis Hanol
c681b353f2 FEATURE: bookmark topic button 2015-01-12 12:10:15 +01:00
Robin Ward
0bc0bd7a21 Pass the current_user to the topic saved event 2015-01-08 17:29:11 -05:00
Robin Ward
74051a2df4 Allow plugins to build topic lists 2015-01-08 16:44:27 -05:00
Sam
ea87f5fd8a FEATURE: support for filter=bookmarked and filter=liked in topic list 2015-01-07 18:20:10 +11:00
Sam
95f9788a77 FEATURE: add ?bookmarked=true for topic lists 2015-01-07 13:58:34 +11:00
Sam
efc717c14a FEATURE: remove star concept from Discourse 2015-01-07 13:43:27 +11:00
Jeff Atwood
86c13ada44 fix a few places we were using /category vs /c 2015-01-06 15:56:07 -08:00
Robin Ward
704ac91a22 FIX: Broken spec 2015-01-06 17:06:24 -05:00
Robin Ward
5667478b4d A common, extensible interface for sending topic columns across the wire
This allows plugins to specify topic columns to serialize and save in
the database via the composer when creating topics and editing their
first posts.
2015-01-06 14:53:12 -05:00
Sam
a99c3c3df9 FEATURE: allow users to persist customization with &sticky=true 2015-01-06 17:39:08 +11:00
Sam
e6dba8adc2 SECURITY: don't echo the "strategy" param returned by auto provider 2015-01-06 16:28:45 +11:00
Régis Hanol
e20078a9dc PERF: fix performance issue when displaying the user card for admins 2015-01-05 19:49:32 +01:00
Régis Hanol
060cda7772 FIX: proper handling of group memberships 2015-01-05 18:51:45 +01:00
Robin Ward
6f72f265cb A trigger when a topic is updated, adds a couple of custom field tests 2015-01-02 15:57:08 -05:00
Neil Lalonde
4c166942ad FEATURE: Invite admin api has an optional param send_email which can prevent sending an email to the invited user. The api will return the password reset url so that the caller can send an email with it instead. 2015-01-02 15:48:54 -05:00
Régis Hanol
9fcaf090ec Merge pull request #3068 from fantasticfears/category_slug
support setting category slug
2015-01-02 11:55:27 +01:00
Arpit Jalan
bfe95966b4 better filenames for export 2015-01-02 15:30:50 +05:30
Robin Ward
35edfb5b91 FIX: Don't truncate groups. @ZogStrIP we need to create a better fix for
this in the new year.
2014-12-31 12:58:50 -05:00
Arpit Jalan
78537aad39 FIX: rate limit user posts export 2014-12-31 00:54:23 +05:30
Erick Guan
1e166d89ff support setting category slug 2014-12-30 03:14:54 +08:00
Robin Ward
1055fc0919 Merge pull request #3021 from jmay/custom-category-slug
optional custom value for category slug (create and update)
2014-12-29 10:34:23 -05:00
Arpit Jalan
68e66f3a25 Rename CsvExportLog to UserExport 2014-12-28 22:31:12 +05:30
Régis Hanol
9932bea7ce FEATURE: default emoji override 2014-12-25 17:58:15 +01:00
Arpit Jalan
7c7474aa10 create a new table to maintain csv export log 2014-12-24 16:25:36 +05:30
Arpit Jalan
bb152a5b3f FEATURE: download user posts archive 2014-12-24 15:13:48 +05:30
Sam
5b844f5320 FEATURE: more than 1 site customization can be enabled at once
FIX: more robust site customizations

Rewrote site customization to use distributed cache and a much cleaner
css delivery mechanism
2014-12-23 13:03:48 +11:00
Sam
ba68eee20b FIX: stable ordering for site customisations 2014-12-23 13:03:48 +11:00
Sam
f23eb475a4 FEATURE: remove override stylesheet option, too confusing 2014-12-23 13:03:48 +11:00
Régis Hanol
45dbdb6896 FEATURE: custom emojis 2014-12-23 01:12:26 +01:00
Robin Ward
9bb2ab6265 Merge pull request #3034 from fantasticfears/filter_system_user
disable sending email or show presence when forgot system user password
2014-12-19 16:52:01 -05:00
Erick Guan
ceca85c9eb use system user helper and constant when it's referred 2014-12-18 18:21:14 +08:00
Régis Hanol
f5317a519f Merge pull request #3035 from oblakeerickson/update_username_return_json
Update username should return a json response
2014-12-17 11:23:33 +01:00
Régis Hanol
cdbee4f5d9 Merge pull request #3045 from techAPJ/patch-2
FIX: redirect client to the original url after logging in for private in...
2014-12-17 11:21:56 +01:00
Arpit Jalan
9f8e73303a FIX: redirect client to the original url after logging in for private instances 2014-12-16 13:19:26 +05:30
Robin Ward
b1bc4741b1 FEATURE: Load fewer topics in the topic list on slow platforms (Android) 2014-12-15 11:54:26 -05:00
Robin Ward
2d6b15a34d Load fewer posts when the android platform is detected 2014-12-12 11:47:39 -05:00
Arpit Jalan
42cbe6ef2a FEATURE: export csv for all the logs 2014-12-11 23:33:26 +05:30
Blake Erickson
02ade72ceb Update username should return a json response
- Have update username return json response that contains the updated
  username and id. I figured this would be better than just return "OK".
- Add test to verify that the new username is returned.
2014-12-10 09:43:16 -07:00
Erick Guan
9937af7ac4 disable sending email or show presence when forgot system user password 2014-12-10 14:17:56 +08:00
Blake Erickson
1d0eccf710 Have activate user return json
- Change activate user from admin controller to return json
- Test that it returns json
- Remove unnessary test from log_out spec

This commit was created so that when you activate a user through the api
it returns a json response.
2014-12-08 11:16:57 -07:00
Sam
fdecd69228 Merge pull request #3026 from oblakeerickson/legacy_avatar
Remove legacy avatar code
2014-12-08 11:03:55 +11:00
Lourens Naudé
fb60daa867 Introduce support for dumping Rails process heap at the end of a benchmark run 2014-12-07 22:55:37 +00:00
Blake Erickson
e9e88c9b82 Remove legacy avatar code
- Remove method that was only left around because the
  [api](https://github.com/discourse/discourse_api/pull/53) called it
- Modify test to use new route instead of legacy route

https://meta.discourse.org/t/legacy-route-for-avatars/22838/2
2014-12-07 06:13:14 -07:00
Régis Hanol
dec881ac9d Merge pull request #3024 from oblakeerickson/avatar_return_json
Have pick_avatar return json.
2014-12-06 18:20:42 +01:00
Blake Erickson
a61519eebf Have pick_avatar return json.
I'm working on writing a test in the discourse_api gem for uploading
avatars and the pick method needs to return a json response.

I also added a test to make sure json is returned.
2014-12-06 09:26:32 -07:00
Neil Lalonde
917a91eb40 FIX: permalink redirect support for url's with extensions in them, like .html and .php 2014-12-04 16:39:10 -05:00
Sam
4aa0d88c6c FEATURE: search private messages option 2014-12-04 13:50:36 +11:00
Jason W. May
efa872e426 optional custom value for category slug (create and update) 2014-12-03 16:23:59 -08:00
Sam
a8ff5fe97c Merge pull request #3002 from jmay/group-membership-api
use limit & offset for pagination of group members
2014-12-03 11:11:10 +11:00
Régis Hanol
f226e4efc0 FIX: don't error out when updating a topic with no changes 2014-12-02 02:16:30 +01:00
Blake Erickson
bdc92eec70 Have log_out method return json.
This commit helps improve the discourse_api experience so that we can
check the json response if it was a success or not. This commit also
checks that a 404 is sent instead of a 500 if a bad user_id is passed
in.
2014-12-01 06:03:25 -07:00
Régis Hanol
07211489f0 FIX: hide restricted profile info from TL0 users to anonymous in 'JS-off' page 2014-11-27 19:51:13 +01:00
Régis Hanol
5b90ceb71d FEATURE: rolls up 1.2.*.* IP ranges when number of entries > 10 2014-11-27 19:29:30 +01:00
Sam
800ae5265f Add admin and moderator state to sso provider 2014-11-27 12:24:37 +11:00
Robin Ward
257bde8e2b FEATURE: "Suspect" users list in admin. 2014-11-26 13:58:16 -05:00
Sam
c10e3df012 FEATURE: implement SSO provider on Discourse so Auth can be farmed to it
FEATURE: pass return_sso_url to SSO endpoints, for easier return
2014-11-26 17:26:27 +11:00
Jason W. May
adb570fe53 use limit & offset for pagination of group members 2014-11-24 12:12:48 -08:00
Robin Ward
d3510bff04 Merge pull request #3001 from techAPJ/patch-1
FEATURE: add topic status namespace in RSS feed
2014-11-24 14:45:59 -05:00
Arpit Jalan
55e2126b1e FEATURE: add topic status namespace in RSS feed 2014-11-25 00:52:26 +05:30
Régis Hanol
7b0ae702e7 FEATURE: log a new staff action when rolling up banned IP addresses 2014-11-24 19:48:54 +01:00
Régis Hanol
d3d517108d FIX: display total number of other accounts with the same IP address in the IP lookup dialog 2014-11-24 19:34:04 +01:00
Régis Hanol
7b1c001932 FIX: limit other accounts deletion to 50 accounts otherwise it'll feel too slow 2014-11-24 18:05:40 +01:00
Régis Hanol
1023191315 FEATURE: roll up function for 123.456.789.* ranges 2014-11-24 17:25:48 +01:00
Sam
1c498eb491 FEATURE: API endpoint for inviting an admin 2014-11-24 15:42:56 +11:00
Sam
9e1e3df6c9 FEATURE: Localize SSO error messages 2014-11-24 12:16:23 +11:00
Sam
490cd6f539 Merge pull request #2989 from jmay/group-admin-incremental
API addition: HTTP PATCH support for /groups/xxx: incremental membership changes
2014-11-24 11:50:51 +11:00
Sam
d3b24b625b Add more SSO logging for failure conditions 2014-11-24 10:02:22 +11:00
Arpit Jalan
7455e81b31 sort screened IPs by match_count 2014-11-22 01:41:59 +05:30
Arpit Jalan
515882d224 FEATURE: export screened IPs list in a CSV file 2014-11-22 00:59:48 +05:30
Jason W. May
6f8119ebb8 Merge branch 'master' into group-admin-incremental 2014-11-21 10:04:05 -08:00
Jason W. May
98404d19c5 check that changes param is present 2014-11-21 10:03:29 -08:00
Sam
d53b4ab5bc Merge pull request #2979 from techAPJ/patch-1
FEATURE: log out user everywhere and refresh/redirect
2014-11-21 16:59:44 +11:00
Régis Hanol
b8d806ee07 FEATURE: delete all accounts from this IP in the IP lookup modal 2014-11-20 19:59:20 +01:00
Jason W. May
50de22801f API addition: HTTP PATCH support for /groups/xxx: incremental membership changes 2014-11-20 09:29:56 -08:00
Sam
6b10c4dc54 add support for hidden api keys, used in hosting scenarios 2014-11-20 15:38:20 +11:00
Robin Ward
87cd5dbcb7 Merge pull request #2985 from techAPJ/patch-3
remove /download from csv file url
2014-11-19 14:10:34 -05:00
Arpit Jalan
aebf36c356 remove /download from csv file url 2014-11-20 00:34:38 +05:30
Arpit Jalan
c84b51d4ae FEATURE: show exact error for test email 2014-11-19 22:58:59 +05:30
Arpit Jalan
eb9eada894 FEATURE: log out user everywhere and refresh/redirect 2014-11-19 12:34:34 +05:30
Neil Lalonde
6e0152ab94 Version bump to v1.1.1 2014-11-18 15:57:50 -05:00
Régis Hanol
9c1341b554 FIX: limit the number of group members returned for automatic groups 2014-11-18 12:13:45 +01:00
Régis Hanol
f18d30f1d7 FIX: don't limit the number of group members returned to the front-end (UI needs some work for large groups) 2014-11-18 12:09:37 +01:00
Jeff Atwood
75b5b27f78 we don't need this /popular redirect any more 2014-11-17 16:40:23 -08:00
Régis Hanol
7bb9a839e5 fix the build (again) 2014-11-17 16:06:43 +01:00
Régis Hanol
dd9c475ea0 FIX: changing category within edit grace period as TL3 pops up an error 2014-11-17 15:57:45 +01:00
Régis Hanol
7641d88224 FEATURE: new 'maximum new user accounts per registration IP' site setting 2014-11-17 12:04:29 +01:00
Sam
c7bc692f40 PERF: stop querying banner topic on every page hit 2014-11-14 15:39:17 +11:00
Sam
4fc3834dd6 FEATURE: allow inline disposition on uploads
when linking an upload allow ?inline=1 to display upload inline
2014-11-13 08:50:55 +11:00
Régis Hanol
a036ac7bdc FIX: users can see the raw email source of their own posts 2014-11-12 14:49:42 +01:00
Régis Hanol
ec76be964e UX: better footer handling 2014-11-10 21:51:55 +01:00
riking
d7a4e39e1d FEATURE: ?include_raw parameter for /t/id/posts.json
include_raw is not added for the wordpress view because it uses the
BasicPostSerializer, and is not a one-line change.

This is the only use of the TopicViewPostsSerializer class, and the
previous change covered the only use of the TopicViewSerializer class.
No other locations include the PostStreamSerializerMixin. Therefore,
this feature is most likely complete.
2014-11-07 07:28:07 -08:00
Neil Lalonde
361aca1156 merge master 2014-11-06 15:26:38 -05:00
Régis Hanol
bb2d538194 FEATURE: log impersonations 2014-11-06 10:58:47 +01:00
Robin Ward
fde5e739c9 Work in progress (up till about?) 2014-11-05 12:39:25 -05:00
Robin Ward
c9eb809dad FIX: The text to users who signed up when approval was required was
misleading.
2014-11-04 15:48:03 -05:00
Sam
8432acf0af Merge pull request #2938 from riking/include_raw
Add ?include_raw parameter to topic views
2014-11-04 14:26:35 +11:00
Régis Hanol
fd5677808c SPEC: make sure digest doesn't pick any topics in categories that are muted 2014-11-03 16:57:50 +01:00
Régis Hanol
b09ad87098 FIX: add 'show emails' button from moderators in user admin section 2014-11-03 12:46:08 +01:00
riking
6a946712b3 Add ?include_raw parameter to topic views 2014-11-01 14:32:18 -07:00
Sam
bd78fca121 Merge pull request #2908 from cpradio/pr-dismiss-posts-topics-on-category
FEATURE: Show dismiss posts/topics buttons on category filtered lists
2014-10-31 11:34:53 +11:00
Robin Ward
572842721d FIX: Better page titles for SEO 2014-10-30 14:26:56 -04:00
Robin Ward
013e3312ad SECURITY: Don't allow redirects with periods in case you don't control
other tlds on the same domain.
2014-10-30 11:32:26 -04:00
Robin Ward
316f1bea04 SECURITY: Don't allow redirects with periods in case you don't control
other tlds on the same domain.
2014-10-30 11:31:44 -04:00
cpradio
50f7fbc361 Apply comment from @sam to consolidate logic 2014-10-30 10:19:49 -04:00
Sam
59cc2476a1 Merge pull request #2933 from techAPJ/patch-1
trivial update to allow api endpoint for sync_sso
2014-10-30 21:39:54 +11:00
Arpit Jalan
fb750af659 trivial update to allow api endpoint for sync_sso 2014-10-30 15:30:44 +05:30
Régis Hanol
6e053942a4 FIX: moderators should be able to search users by email 2014-10-29 22:08:41 +01:00
Régis Hanol
865194f409 FIX: cannot show email for pending/inactive users 2014-10-29 01:07:27 +01:00
Sam
7d6d8bd0a3 FEATURE: admin end point to sync sso /admin/users/sync_sso
Must be admin to invoke (api is fine too), uses same sso payload nonce is ignored
2014-10-28 11:25:21 +11:00
Régis Hanol
e7f251c105 LOTS of changes to properly handle post/topic revisions
FIX: history revision can now properly be hidden
FIX: PostRevision serializer is now entirely dynamic to properly handle
hidden revisions
FIX: default history modal to "side by side" view on mobile
FIX: properly hiden which revision has been hidden
UX: inline category/user/wiki/post_type changes with the revision
details
FEATURE: new '/posts/:post_id/revisions/latest' endpoint to retrieve
latest revision
UX: do not show the hide/show revision button on mobile (no room for
them)
UX: remove CSS transitions on the buttons in the history modal
FIX: PostRevisor now handles all the changes that might create new
revisions
FIX: PostRevision.ensure_consistency! was wrong due to off by 1
mistake...
refactored topic's callbacks for better readability
extracted 'PostRevisionGuardian'
2014-10-27 22:06:43 +01:00
Sam
1cc37e32b9 FEATURE: add max_reply_history to limit number of replies
that can be expanded, when clicking "in-reply-to"
2014-10-27 09:44:42 +11:00
cpradio
c6e54741bb Apply comments from eviltrout, using this.get('category.id'), and use snake case for category_id 2014-10-24 17:01:28 -04:00
cpradio
439f393d89 Show dismiss posts/topics buttons on category filtered lists 2014-10-23 17:41:39 -04:00
Régis Hanol
de415b804c FIX: add 'Content-Length' header for avatars 2014-10-22 15:39:51 +02:00
Sam
832655df14 attempt to get content length through 2014-10-21 16:17:13 +11:00
Sam
4e7057efb1 Clean up content type and add Expires header when serving CDN assets 2014-10-21 15:59:34 +11:00
Robin Ward
71f211f0b3 FEATURE: Allow users to select a badge with an image to appear on their
user card
2014-10-20 16:35:38 -04:00
Robin Ward
1cf4a0d604 Rename "User Expansion" to the much clearer "User Card" 2014-10-20 12:11:59 -04:00
Régis Hanol
10094a0bcd FIX: resolve flags as good when deleting a spam user 2014-10-20 16:59:06 +02:00
Sam
8efee0d03d don't use Markdown 2014-10-18 17:17:38 +11:00
Jeff Atwood
92b615b503 reorganize site settings a bit 2014-10-19 23:14:50 -07:00
Sam
742c5e29c9 FEATURE: advanced search help 2014-10-18 14:27:33 +11:00
Régis Hanol
c59e56ec63 Merge pull request #2882 from techAPJ/patch-1
FEATURE: show raw email for replies/topics created via email
2014-10-18 21:16:17 +02:00
Arpit Jalan
72873b8368 further optimize raw email feature 2014-10-18 00:50:02 +05:30
Robin Ward
0cbdf6f5bb FIX: Many bugs with admin badges interface
* Editing a badge's title would show it as changed in the side even if
  you didn't hit save

* Clicking a badge would not scroll to the top

* If there was an error saving a badge there was a missing i18n key

* URLs were using queryParams instead of paths

* User `label` tags for checkboxes for larger click targets

* Saved! text would persist when viewing another badge

* After creating a new badge it would show nothing

* Validation errors were not being properly released to the client

* Query errors were surrounded by an extra array
2014-10-17 16:14:49 -04:00
Robin Ward
f3a67a48a3 Merge pull request #2874 from cpradio/clear-notifications
FEATURE: Mark All as Read button for Notifications page
2014-10-16 15:57:19 -04:00
Robin Ward
4d465362b5 FEATURE: Allow a user to upload an image for their expansion background. 2014-10-16 15:05:36 -04:00
Robin Ward
d2ac5a9ac6 Rename /category/xyz paths to /c/xyz -- @SamSaffron did most of the
work even though I'm merging the patch!
2014-10-16 12:15:31 -04:00
cpradio
8f390c979b FEATURE: Mark All as Read button for Notifications page
Added a Mark All as Read button to the top/bottom of the notifications user page
https://meta.discourse.org/t/possibility-to-selectively-or-completely-mark-notifications-as-read/20227

Remove notifications property (no longer used)
2014-10-13 06:31:27 -04:00
Robin Ward
2322586131 FIX: Saving a field as not required was actually making it required
until you edited it.
2014-10-14 17:21:34 -04:00
David McClure
19d5362c6b FEATURE: ability to hide or show specific post revisions 2014-10-14 07:19:45 -07:00
Régis Hanol
5504622c1b rename export/import in favor of backup/restore for better consistency 2014-10-10 20:04:07 +02:00
Régis Hanol
5754e8dd0f FEATURE: auto-close topics based on last post 2014-10-10 18:21:44 +02:00
Régis Hanol
7e8c4b63f4 FIX: only show agreed abd deferred flags on user's profile 2014-10-09 16:10:16 +02:00
Robin Ward
f9a8f6d6ce FEATURE: Support for a required setting on user fields. 2014-10-08 15:10:19 -04:00
Robin Ward
1f26a79899 FIX: Category latest pages were not preloading properly, causing weird
refreshes when clicking the home logo.
2014-10-08 12:45:18 -04:00
Sam
0e7be81e60 FIX: badge granted titles were not being revoked when badge was revoked 2014-10-08 10:26:18 +11:00
Robin Ward
2fbfc9dffa FIX: Editing a topic's title should be rate limited too. 2014-10-07 16:46:01 -04:00
Robin Ward
1252e7324f Added easy impersonate route while in development mode 2014-10-07 12:25:50 -04:00
Régis Hanol
c46b9c0ac3 FIX: allow admins to search users by email 2014-10-07 12:05:38 +02:00
Arpit Jalan
78fd99fc40 Feature: resend invites 2014-10-07 01:43:17 +05:30
Neil Lalonde
90771937f0 FIX: broken external auth 2014-10-03 16:15:00 -04:00
Neil Lalonde
ebf46450bc Refactor omniauth_callbacks_controller for extensibility 2014-10-03 11:02:04 -04:00
Robin Ward
381814fd5d Adds support for a description to user fields. 2014-10-02 15:56:52 -04:00
Sam
29bb9eaa89 Merge pull request #2835 from techAPJ/patch-2
add user email on account created page
2014-10-02 17:29:26 +10:00
Arpit Jalan
41af2d79b5 add user email on account created page 2014-10-02 12:43:44 +05:30
Régis Hanol
98b6b9821a FEATURE: log topic/post deletions from staff members 2014-10-01 17:40:13 +02:00
Robin Ward
be93f224a6 Revert "add user email on account created page"
This reverts commit 164fc1108a.
2014-10-01 10:30:26 -04:00
Arpit Jalan
164fc1108a add user email on account created page 2014-10-01 13:53:50 +05:30
Robin Ward
8b5a1cd20f Migrate tosAccepted to new user fields 2014-09-30 10:45:18 -04:00
Robin Ward
edb34c178a FEATURE: Show user fields when the user is signing up 2014-09-30 10:45:18 -04:00
Sam
0fc6c751cb FEATURE: implement lock/unlock trust level mechanics 2014-09-30 13:16:34 +10:00
riking
bff95a6a97 Rename 'leader' -> 'tl3' 2014-09-30 13:16:34 +10:00
riking
c8111ada6e FEATURE: Allow admins to lock users from TL3 promotion/demotion
Also, update the display logic for the leader promotion screen to
account for the demotion grace period.
2014-09-30 13:15:13 +10:00
Régis Hanol
7e309a21cf FEATURE: hide emails behind a button for staff members 2014-09-29 22:31:05 +02:00
Régis Hanol
652cc3efba FEATURE: new rake task to clean up uploads & thumbnails 2014-09-29 18:31:53 +02:00
Robin Ward
0fc0533134 FEATURE: Admin interface for adding custom fields for users 2014-09-25 16:17:51 -04:00
Sam
a901d682fe raise not found if user is not found 2014-09-25 17:45:45 +10:00
Sam
8f8ea735ee FIX: allow retry activation of account by username or password 2014-09-25 17:42:48 +10:00
Sam
e14e8f64bc FIX: don't stop youtube when liking a post
Also fixes post action create/destroy api not to include post raw.
2014-09-25 12:02:41 +10:00
Sam
48145e8e23 SECURITY: rate limit user/password login 2014-09-25 10:13:13 +10:00
Sam
d53e01619f SECURITY: rate limit user/password login 2014-09-25 10:06:44 +10:00
Régis Hanol
bfdbb70b3b FIX: automatic backup uploads to S3 when using a region 2014-09-24 22:52:09 +02:00
Robin Ward
bc53d48bd7 Renaming site contents to site text 2014-09-24 16:08:14 -04:00
Robin Ward
d073b908a9 Merge pull request #2818 from techAPJ/patch-4
Trigger browser password manager after signing up
2014-09-23 15:43:31 -04:00
Arpit Jalan
b3838c2c1c Trigger browser password manager after sigining up 2014-09-24 01:04:36 +05:30
Sam
58eabb03e5 FEATURE: api support for arbitrary unlinked assets
admins can set retain periods for assets
2014-09-23 16:50:17 +10:00
Sam
9428ad779f FIX: send content length with backups 2014-09-23 09:25:53 +10:00
Sam
7a4082cbad FIX: allow API to create users when invite_only is true 2014-09-23 09:06:19 +10:00
Régis Hanol
0b13f6572f FEATURE: staff option to unhide a post 2014-09-22 18:55:13 +02:00
Sam
f625500792 lower band check as well 2014-09-22 17:11:04 +10:00
Sam
8c74255cbb FIX: 404 if we try to navigate to a non-existant page 2014-09-22 17:08:11 +10:00
Neil Lalonde
6fe364e7ae SECURITY: rate limit change email requests 2014-09-18 10:49:43 -04:00
Neil Lalonde
c4e285f3ec SECURITY: rate limit change email requests 2014-09-18 10:48:56 -04:00
Robin Ward
c16b8364ab FIX: Support ember app routing to topics with only slugs 2014-09-17 11:18:59 -04:00
Robin Ward
e4287d9de9 FIX: Resend activation email was busted 2014-09-16 10:24:02 -04:00
riking
3d3313d5ee SECURITY: Limit passwords to 200 characters
Prevents layer 8 attack.
2014-09-12 12:21:06 -04:00
riking
2c6d03f87f SECURITY: Limit passwords to 200 characters
Prevents layer 8 attack.
2014-09-12 12:07:11 -04:00
Robin Ward
eb512f07a7 FIX: Spec failures for feeds related to enabling categories as default
page for anons when latest is deleted.
2014-09-11 15:30:41 -04:00
Régis Hanol
e56fcf0c43 FEATURE: add 'rebake post' in post wrench menu 2014-09-11 16:04:40 +02:00
Sam
0f585bcdbe FIX: PM should never be allowed to have a category
FIX: TL3 should not be allowed to muck with PM titles
2014-09-11 17:39:34 +10:00
Sam
45e8337a29 FEATURE: renames forgot_password_verbose, forgot_password_strict 2014-09-11 15:53:29 +10:00
Sam
61bcde6284 FEATURE: inform users if forgot password works or not
FIX: flash dialog in forgot password often had wrong color

(this can be disabled by setting forgot_password_verbose to false)
2014-09-11 12:04:44 +10:00
riking
b62699707d FIX: Unknown /posts/id.json should 404 2014-09-10 18:10:27 -07:00
Régis Hanol
18f8038015 FEATURE: add new 'convert to staff message' in post wrench menu 2014-09-10 23:08:33 +02:00
Neil Lalonde
d15b609e0a FIX: support Permalink urls with query string 2014-09-10 13:58:52 -04:00
riking
69bc552054 FEATURE: Actually show more notifications
The "Show more notifications..." link in the notifications dropdown now
links to /my/notifications, which is a historical view of all
notifications you have recieved.

Notification history is loaded in blocks of 60 at a time.

Admins can see others' notification history. (This was requested for
'debugging purposes', though that's what impersonation is for, IMO.)
2014-09-09 16:29:08 -07:00
Régis Hanol
79030c874e FIX: allow staff members to restore withdrawn posts that are flagged 2014-09-09 20:26:40 +02:00
Régis Hanol
eb34ecfc0c FEATURE: new 'prevent anons from download files' site setting 2014-09-09 18:41:13 +02:00
Robin Ward
56eda5abf9 FIX: Don't allow profile bios longer than 3k chars 2014-09-08 15:23:21 -04:00
Robin Ward
334e21a03a Revert "Revert "FEATURE: Can create warnings for users via PM""
This reverts commit 1c7559380c.
2014-09-08 11:11:56 -04:00
Robin Ward
1c7559380c Revert "FEATURE: Can create warnings for users via PM"
This reverts commit b0bfc1f93f.
2014-09-08 10:38:59 -04:00
Robin Ward
b0bfc1f93f FEATURE: Can create warnings for users via PM 2014-09-08 10:27:06 -04:00
Arpit Jalan
a597f1fa30 FEATURE: hide google search on 404 page for private instance 2014-09-06 15:26:46 +05:30
Neil Lalonde
ca5f361d0a FEATURE: restrict admin access based on IP address 2014-09-05 12:06:01 -04:00
Sam
59d04c0695 Internal renaming of elder,leader,regular,basic to numbers
Changed internals so trust levels are referred to with

TrustLevel[1], TrustLevel[2] etc.

This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
Robin Ward
1e281a909e FIX: Prevent duplicate flags after undoing on the server side too. 2014-09-03 14:43:07 -04:00
Sam
c6aab831ed Merge pull request #2741 from riking/badges_create_checks
FIX: Apply contract checks when first creating a badge
2014-09-03 22:19:09 +10:00
Sam
4f09d552ed FEATURE: increase search expansion to 50 results
refactor search code to deal with proper objects
use proper serializers, test the controllers
2014-09-03 12:13:25 +10:00
riking
3cf493eb4f FIX: Apply contract checks when first creating a badge 2014-09-02 19:09:51 -07:00
Robin Ward
b04a52676e FIX: Don't show wrong flag choices after undo 2014-09-02 17:37:54 -04:00
Robin Ward
abd84cd2a1 FIX: Redirect to Top was showing "latest" content because it was in the
preload store.
2014-09-02 12:29:22 -04:00
riking
1833b43ae2 FEATURE: Badge query validation, preview results, and EXPLAIN
Upon saving a badge or requesting a badge result preview,
BadgeGranter.contract_checks! will examine the provided badge SQL for
some contractual obligations - namely, the returned columns and use of
trigger parameters.

Saving the badge is wrapped in a transaction to make this easier, by
raising ActiveRecord::Rollback on a detected violation.

On the client, a modal view is added for the badge query sample run
results, named admin-badge-preview.
The preview action is moved up to the route.
The save action, on failure, triggers a 'saveError' action (also in the
route).

The preview action gains a new parameter, 'explain', which will give the
output of an EXPLAIN query for the badge sql, which can be used by forum
admins to estimate the cost of their badge queries.
The preview link is replaced by two links, one which omits (false) and
includes (true) the EXPLAIN query.

The Badge.save() method is amended to propogate errors.

Badge::Trigger gets some utility methods for use in the
BadgeGranter.contract_checks! method.

Additionally, extra checks outside of BadgeGranter.contract_checks! are
added in the preview() method, to cover cases of null granted_at
columns.

An uninitialized variable path is removed in the backfill() method.

TODO - it would be nice to be able to get the actual names of all
columns the provided query returns, so we could give more errors
2014-08-31 11:25:44 -07:00
Robin Ward
9062719480 Merge pull request #2720 from techAPJ/patch-3
FIX: do not redirect topic for JSON request
2014-08-29 13:59:45 -04:00
Robin Ward
8ced44a766 SECURITY: User action route was returning too much data 2014-08-29 13:57:47 -04:00
Robin Ward
926e45d030 SECURITY: User action route was returning too much data 2014-08-29 13:46:50 -04:00
Arpit Jalan
84d0b599a4 FIX: do not redirect topic for JSON request 2014-08-29 23:09:02 +05:30
Robin Ward
9ad246affe SECURITY: Only redirect to our host by path on the login action 2014-08-28 17:57:38 -04:00
Robin Ward
85c6eb9b08 SECURITY: Only redirect to our host by path on the login action 2014-08-28 17:45:13 -04:00
Neil Lalonde
14890a6002 FEATURE: add a way to map arbitrary urls to a topic, post, or category. Useful for sites that have migrated to Discourse and want to redirect from their old site to Discourse with 301 redirects. 2014-08-28 15:58:24 -04:00