Commit Graph

231 Commits

Author SHA1 Message Date
Mark VanLandingham
4eb54f08b2
FEATURE: Site setting/UI to allow users to set their primary group (#8244)
* FEATURE: Site setting/ui to allow users to set their primary group

* prettier and remove logic from account template

* added 1 to 43 to make web_hook_user_serializer_spec pass
2019-10-28 12:46:27 -05:00
David Taylor
eec464d8d1 SECURITY: Check permissions when autocompleting mentions 2019-10-28 11:01:47 +00:00
Krzysztof Kotlarek
427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Penar Musaraj
c6cfbebf1f
FIX: ignore min_trust_to_send_messages when messaging groups (#8104)
This means that TL0 users can message groups with "Who can message this
group?" set to "Everyone".

It also means that members of a group with "Who can message this
group?" set to "members, moderators and admins" can also message the
group, even when their trust level is below min_trust_to_send_messages.
2019-09-18 15:23:13 -04:00
Blake Erickson
893d30fb92 REVERT: External auth when redeeming invites
Reverting this commit:

87a0a6664e

because I'm extracting all of this logic into a plugin instead.
2019-08-16 12:44:14 -06:00
Vinoth Kannan
88359b0f16
FEATURE: add support for group members visibility level (#8004)
There are 5 visibility levels (similar to group visibility)

public (default)
logged-in users
members only
staff
owners

Admins & group owners always have visibility to group members.
2019-08-14 19:00:04 +05:30
Blake Erickson
87a0a6664e FEATURE: External auth when redeeming invites
This feature (when enabled) will allow for invite_only sites to require
external authentication before they can redeem an invite.

- Created hidden site setting to toggle this
- Enables sending invites with local logins disabled
- OAuth button added to invite form
- Requires OAuth email address to match invite email address
- Prevents redeeming invite if OAuth authentication fails
2019-08-11 12:20:02 -06:00
Penar Musaraj
b690fc3d98
FEATURE: Add new group visibility option for "logged on users" (#7814)
Groups can now be marked as visible to "logged on users". All automatic groups (except `everyone`) are now visible to "logged on users", previously they were marked as public but suppressed in the group page for non-staff.
2019-07-08 15:09:50 -04:00
romanrizzi
2fa8df7cd2 New: can_see_groups? method for better perf 2019-05-30 08:45:20 +08:00
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Sam Saffron
e2bcf55077 DEV: move send => public_send in lib folder
This handles most of the cases in `lib` where we were using send instead
of public_send
2019-05-07 12:25:44 +10:00
Maja Komel
5c795bc480 FIX: prevent anonymous users from changing their email/username/name (#7311) 2019-04-17 18:05:02 +10:00
Robin Ward
ba6d4b2a8d FIX: Better handling for toggling must_approve_users
If you turn it on now, default all users to approved since they were
previously. Also support approving a user that doesn't have a reviewable
record (it will be created first.)

This also includes a refactor to move class method calls to
`DiscourseEvent` into an initializer. Otherwise the load order of
classes makes a difference in the test environment and some settings
might be triggered and others not, randomly.
2019-04-16 15:56:35 -04:00
Robin Ward
a5d9afe397 FEATURE: Include a user's pending posts in the topic view
Also includes a refactor to TopicView's serializer which was not
building our attributes using serializers properly.
2019-04-12 14:25:12 -04:00
Tarek Khalil
442fb2facb FEATURE: Remove ignore feature SiteSetting and enable ignore by default (#7349) 2019-04-10 12:54:59 +02:00
Tarek Khalil
ef2362a30f
FEATURE: Introducing new UI for changing User's notification levels (#7248)
* FEATURE: Introducing new UI for tracking User's ignored or muted states
2019-03-27 09:41:50 +00:00
Tarek Khalil
1dd0fa0c4e
REFACTOR: Move redundant ignored user check into guardian (#7219)
* REFACTOR: Move redundant ignored user check into guardian
2019-03-20 19:55:46 +00:00
Tarek Khalil
ed73cc60a9 FIX: Staff should be allowed to ignore users (#7216) 2019-03-20 15:47:13 +01:00
Tarek Khalil
5852e86226 FEATURE: Only allow TL2 Users to ignore other users (#7212) 2019-03-20 15:02:33 +01:00
Tarek Khalil
3b59ff0d02 [FEATURE] Disallow ignoring self, admins or moderators users (#7202) 2019-03-20 11:18:46 +01:00
Arpit Jalan
fabeba788d
FIX: allow sending PMs to staff via flag even when PMs are disabled (#6938)
* FIX: allow sending PMs to staff via flag even when PMs are disabled
FIX: allow sending PMs to staff via flag even if the user trust level is insufficient

* Update lib/topic_creator.rb

Co-Authored-By: techAPJ <arpit@techapj.com>
2019-01-24 16:56:59 +05:30
Robin Ward
dbe42068a2 REFACTOR: Move option to return emails into the serializer
This makes more sense than having the guardian take an accessor.
The logic belongs in the Serializer, where the JSON is calculated.

Also removed some of the DRYness in the spec. It's fewer lines
and made it easier to test the option on the serializer.
2019-01-11 11:17:23 -05:00
Guo Xiang Tan
978f0db109 SECURITY: Require groups to be given when inviting to a restricted category. (#6715) 2018-12-05 16:43:07 +01:00
David Taylor
9248ad1905 DEV: Enable Style/SingleLineMethods and Style/Semicolon in Rubocop (#6717) 2018-12-04 11:48:13 +08:00
Sam
a1c912b630 Return 400 instead of 404 for bad token 2018-10-12 10:51:41 +11:00
Bianca Nenciu
048cdfbcfa FIX: Do not allow revoking the token of current session. (#6472)
* FIX: Do not allow revoking the token of current session.

* DEV: Add getter of current auth_token from Guardian.
2018-10-12 10:40:48 +11:00
Bianca Nenciu
1d26a473e7 FEATURE: Show "Recently used devices" in user preferences (#6335)
* FEATURE: Added MaxMindDb to resolve IP information.

* FEATURE: Added browser detection based on user agent.

* FEATURE: Added recently used devices in user preferences.

* DEV: Added acceptance test for recently used devices.

* UX: Do not show 'Show more' button if there aren't more tokens.

* DEV: Fix unit tests.

* DEV: Make changes after code review.

* Add more detailed unit tests.

* Improve logging messages.

* Minor coding style fixes.

* DEV: Use DropdownSelectBoxComponent and run Prettier.

* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
Kyle Zhao
4bb980b9f7
FEATURE: do not allow moderators to export user list (#6418) 2018-09-21 09:07:13 +08:00
Sam
879067d000 FIX: check admin theme cookie against user selectable
previously admin got a free pass and could set theme via cookie to anything
including themes that are not selectable

this refactor ensures that only "preview" gets a free pass, all the rest
goes through the same pipeline
2018-09-07 10:47:28 +10:00
Sam
4205c528d0 FEATURE: hide enable_personal_email_messages and min_trust_to_send_email_messages
These site settings are very hard to explain and only applicable for very
specific Discourse setups.

If an admin "enables staged users" which is used in support scenarios then
all staff can send "messages" directly to an "email".

The setting allows you to extend this to TL4 or any trust level.

Actual use case would be a support type setup with restricted staff. It is
quite rare so hiding this for now and re-evaluate keeping the setting in
2019
2018-08-27 11:38:22 +10:00
Osama Sayegh
2711f173dc FIX: don't allow inviting more than max_allowed_message_recipients
* FIX: don't allow inviting more than `max_allowed_message_recipients` setting allows

* add specs for guardian

* user preferences for auto track shouldn't be applicable to PMs (it auto watches on visit)

Execlude PMs from "Automatically track topics I enter..." and "When I post in a topic, set that topic to..." user preferences

* groups take only 1 slot in PM

* just return if topic is a PM
2018-08-23 14:36:49 +10:00
Osama Sayegh
865cb3feb9
FIX: allow selecting site's default theme from preference 2018-08-10 14:12:02 +03:00
Osama Sayegh
0b7ed8ffaf FEATURE: backend support for user-selectable components
* FEATURE: backend support for user-selectable components

* fix problems with previewing default theme

* rename preview_key => preview_theme_id

* omit default theme from child themes dropdown and try a different fix

* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
OsamaSayegh
decf1f27cf FEATURE: Groundwork for user-selectable theme components
* Phase 0 for user-selectable theme components

- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
Blake Erickson
7750b30016 FIX: Allow a user to remove their title
Somewhere there was a regression and a user couldn't remove their own
title. If they selected '(none)' in the UI it would say it was saved,
but it would not actually be updated in the db.
2018-05-31 17:16:52 -06:00
Neil Lalonde
f7c4c71409 FIX: title selector needs to flag whether title comes from badge or not 2018-04-26 16:51:11 -04:00
Robin Ward
a5172a37e0 Allow staff members to enable safe mode, even if disabled 2018-04-25 11:49:57 -04:00
Neil Lalonde
f6cfff3cea UX: user preferences allows users to choose which title to use from their badges and groups 2018-04-06 14:34:36 -04:00
Arpit Jalan
a8149f8969 FIX: user should not be able to invite to PM if trust level requirment not met
FIX: when personal messages are disabled let user invite to a public topic
2018-03-08 14:59:04 +05:30
Vinoth Kannan
7cbda949f1 REFACTOR: New spec tests and code improvement 2018-02-22 20:27:02 +05:30
Vinoth Kannan
84ce1acfef FEATURE: Allow staffs to tag PMs 2018-02-21 20:11:46 +05:30
Arpit Jalan
7e48c47d37 rename 'enable_private_email_messages' to 'enable_personal_email_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan
ff0376a80b rename 'enable_private_messages' to 'enable_personal_messages' 2018-02-01 13:25:29 +05:30
Sam
650ec9c73f minor test the developer cache first before digging into email 2018-01-17 15:50:41 +11:00
Guo Xiang Tan
f2565f6c7e SECURITY: Any group can be invited into a PM. 2017-12-14 14:57:48 +08:00
Robin Ward
1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Neil Lalonde
4452d67a23 Revert "FIX: TL0 users' messages to moderators were not being posted when flagging private messages" 2017-10-23 18:17:53 -04:00
Guo Xiang Tan
79de10b212 FEATURE: Allow users to disable new PMs.
https://meta.discourse.org/t/is-it-possible-to-disable-private-messaging-for-a-specific-user/46391
2017-10-19 12:32:55 +08:00
Neil Lalonde
b124e5f19f FIX: TL0 users' messages to moderators were not being posted when flagging private messages 2017-10-13 11:55:49 -04:00
Robin Ward
db929e58fc FIX: Don't allow staff to approve users with unverified emails 2017-09-04 12:55:39 -04:00
Bianca Nenciu
bb3a5910d7 Support for sending PMs to email addresses (#4988)
* Added support for sending PMs to email addresses.

* Made changes after review.

* Added settings validator.

* Fixed tests.
2017-08-28 12:07:30 -04:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Guo Xiang Tan
2a17f1ccd7 FIX: Group owners should be able to invite users to their groups.
https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12
2017-07-21 23:48:25 +09:00
Robin Ward
f1a6449e4b SECURITY: Remove disposable invite feature 2017-07-07 20:24:39 -04:00
Arpit Jalan
c243861b17 FIX: do not show "Send Activation Email" button if must_approve_users setting is enabled
https://meta.discourse.org/t/error-when-pressing-send-activitation-email-when-must-approve-users-setting-is-enabled/65408
2017-07-04 14:00:50 +05:30
Sam
845170bd6b FEATURE: add support for group visibility level
There are 4 visibility levels

- public (default)
- members only
- staff
- owners

Note, admins and group owners ALWAYS have visibility to groups

Migration treated old "non public" as "members only"
2017-07-03 15:26:57 -04:00
Arpit Jalan
e7b9b1312e FEATURE: remove all invites
https://meta.discourse.org/t/remove-all-invitations-button-for-the-admin-panel/65207
2017-06-29 22:30:10 +05:30
Robin Ward
908433a7a0 SECURITY: Validate the entity when downloading a CSV 2017-05-19 16:00:51 -04:00
Robin Ward
28f486cb7a FIX: Regular users shouldn't be able to invite to PMs if disabled 2017-05-19 12:57:21 -04:00
Arpit Jalan
5d9d2cf287 FIX: do not explicitly show email of flagger / flagged user 2017-04-20 22:09:30 +05:30
David Taylor
96f2335c09 FIX: Corrects typo to avoid error 500 on theme change 2017-04-15 01:21:53 +01:00
Sam
def7348777 FIX: display custom sections with default theme
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
Arpit Jalan
213a496203 FIX: show all staff events related to the target user 2017-02-22 13:31:40 +05:30
Arpit Jalan
b32f33b3f0 FIX: allow staff members to send PMs when enable_private_messages is disabled 2017-02-22 11:32:09 +05:30
Arpit Jalan
046cbad10b FEATURE: add a button on admin user page that links to action log 2017-02-21 21:38:37 +05:30
Arpit Jalan
dc2171960b FIX: allow existing users to be invited to topic/message when must_approve_users is enabled 2017-02-03 13:01:23 +05:30
Guo Xiang Tan
c7b151683d FIX: Do not allow admins to meddle with admin and moderation access of non real users. 2016-12-29 11:11:33 +08:00
Sam
ab68e0c9db FEATURE: allow "developer" account flagging via developers table
This mechanism for flagging developer accounts will eventually replace
DISCOURSE_DEVELOPER_EMAILS
2016-07-28 10:14:06 +10:00
Sam
d61df21d69 FEATURE: allow people to send messages to themselves (for notes etc) 2016-07-04 11:36:43 +10:00
Régis Hanol
800081f606 FIX: staged users weren't able to reply in restricted categories 2016-06-26 19:25:45 +02:00
Guo Xiang Tan
dfdc54957c
FIX: A blocked user should not be able to moderate anything. 2016-06-20 15:51:26 +08:00
Arpit Jalan
b1a94049e0 FIX: only staff can access 'resend all invites' feature 2016-06-07 10:57:08 +05:30
Neil Lalonde
f3f6c2f98f FEATURE: tag groups 2016-06-06 14:18:48 -04:00
Arpit Jalan
22d7ea1192 FIX: user can't export entity unless they are logged in 2016-05-05 19:12:37 +05:30
Neil Lalonde
e5918c7d00 FEATURE: Merge tagging plugin into core 2016-04-27 11:58:53 -04:00
Robin Ward
de82bd946d
FIX: Group members should be able to see their groups even if private 2016-04-26 14:17:53 -04:00
Régis Hanol
415efd0f5b FIX: staged user doesn't get notified for replies in topics they created in secured categories 2016-02-24 11:30:17 +01:00
Neil Lalonde
685ba1eb7f FEATURE: blocked users can send and reply to private messages from staff 2016-01-22 12:54:24 -05:00
Arpit Jalan
9f8d6b6088 FIX: allow exisiting users to be invited to topic/message when enable_local_logins is disabled 2015-10-30 11:28:05 +05:30
Sam
e29fe77b45 FEATURE: make trust level for message sending configurable
- add min_trust_to_send_messages site setting (default 1) to allow admins
 to configure when messages can be sent between members
2015-10-12 11:15:48 +11:00
Arpit Jalan
4d593d1c18 FIX: staff should be immune to max_invites_per_day setting 2015-06-05 10:22:41 +05:30
Sam
dd91d5b02f FEATURE: disable invites by setting max_invites_per_day to 0 2015-05-19 16:51:21 +10:00
Arpit Jalan
d491d4f997 FEATURE: invite existing users to private topic 2015-04-16 00:52:54 +05:30
Régis Hanol
23e8e1b6c1 Merge pull request #3303 from riking/patch-6
FIX: Don't fail topic auto-close if privledges are lost
2015-04-06 11:12:37 +02:00
Arpit Jalan
e8dd5592c6 FEATURE: support inviting existing users to topic and message when SSO is enabled 2015-04-05 14:31:35 +05:30
riking
03b971c3e3 FIX: Don't fail topic auto-close if privledges are lost 2015-03-27 15:31:04 -07:00
Sam
1601211617 Revert "FEATURE: allow end users to opt out of getting any private messages"
This reverts commit 229ecc4f8a.
2015-03-23 17:21:58 +11:00
Sam
229ecc4f8a FEATURE: allow end users to opt out of getting any private messages 2015-03-23 15:50:45 +11:00
Jason W. May
0f36774246 group manager can invite members into the group from any restricted topic 2015-03-03 12:18:42 -08:00
Jason W. May
a2b284a0a4 table & model changes for group managers with permission to edit membership 2015-01-15 11:44:42 -08:00
Arpit Jalan
78537aad39 FIX: rate limit user posts export 2014-12-31 00:54:23 +05:30
Arpit Jalan
bb152a5b3f FEATURE: download user posts archive 2014-12-24 15:13:48 +05:30
Régis Hanol
b09ad87098 FIX: add 'show emails' button from moderators in user admin section 2014-11-03 12:46:08 +01:00
Régis Hanol
e7f251c105 LOTS of changes to properly handle post/topic revisions
FIX: history revision can now properly be hidden
FIX: PostRevision serializer is now entirely dynamic to properly handle
hidden revisions
FIX: default history modal to "side by side" view on mobile
FIX: properly hiden which revision has been hidden
UX: inline category/user/wiki/post_type changes with the revision
details
FEATURE: new '/posts/:post_id/revisions/latest' endpoint to retrieve
latest revision
UX: do not show the hide/show revision button on mobile (no room for
them)
UX: remove CSS transitions on the buttons in the history modal
FIX: PostRevisor now handles all the changes that might create new
revisions
FIX: PostRevision.ensure_consistency! was wrong due to off by 1
mistake...
refactored topic's callbacks for better readability
extracted 'PostRevisionGuardian'
2014-10-27 22:06:43 +01:00
Sam
59d04c0695 Internal renaming of elder,leader,regular,basic to numbers
Changed internals so trust levels are referred to with

TrustLevel[1], TrustLevel[2] etc.

This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
riking
ee812eb447 FIX: Do not perform grants if badges are disabled 2014-09-02 13:12:27 -07:00
Arpit Jalan
f571abfaaf FEATURE: allow staff to send multiple invites to same email 2014-07-30 00:13:11 +05:30
Arpit Jalan
575b5e3d13 FEATURE: disposable invite tokens 2014-07-14 21:30:46 +05:30
Sam
d99a9b6735 FIX: invite security check broke PM viewing for all admins 2014-07-05 16:56:26 +10:00
Arpit Jalan
48f86181bf REFACTOR: move all conditions to guardian 2014-07-04 23:04:19 +05:30