Robin Ward
dbe42068a2
REFACTOR: Move option to return emails into the serializer
...
This makes more sense than having the guardian take an accessor.
The logic belongs in the Serializer, where the JSON is calculated.
Also removed some of the DRYness in the spec. It's fewer lines
and made it easier to test the option on the serializer.
2019-01-11 11:17:23 -05:00
Guo Xiang Tan
978f0db109
SECURITY: Require groups to be given when inviting to a restricted category. ( #6715 )
2018-12-05 16:43:07 +01:00
David Taylor
9248ad1905
DEV: Enable Style/SingleLineMethods
and Style/Semicolon
in Rubocop ( #6717 )
2018-12-04 11:48:13 +08:00
Sam
a1c912b630
Return 400 instead of 404 for bad token
2018-10-12 10:51:41 +11:00
Bianca Nenciu
048cdfbcfa
FIX: Do not allow revoking the token of current session. ( #6472 )
...
* FIX: Do not allow revoking the token of current session.
* DEV: Add getter of current auth_token from Guardian.
2018-10-12 10:40:48 +11:00
Bianca Nenciu
1d26a473e7
FEATURE: Show "Recently used devices" in user preferences ( #6335 )
...
* FEATURE: Added MaxMindDb to resolve IP information.
* FEATURE: Added browser detection based on user agent.
* FEATURE: Added recently used devices in user preferences.
* DEV: Added acceptance test for recently used devices.
* UX: Do not show 'Show more' button if there aren't more tokens.
* DEV: Fix unit tests.
* DEV: Make changes after code review.
* Add more detailed unit tests.
* Improve logging messages.
* Minor coding style fixes.
* DEV: Use DropdownSelectBoxComponent and run Prettier.
* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
Kyle Zhao
4bb980b9f7
FEATURE: do not allow moderators to export user list ( #6418 )
2018-09-21 09:07:13 +08:00
Sam
879067d000
FIX: check admin theme cookie against user selectable
...
previously admin got a free pass and could set theme via cookie to anything
including themes that are not selectable
this refactor ensures that only "preview" gets a free pass, all the rest
goes through the same pipeline
2018-09-07 10:47:28 +10:00
Sam
4205c528d0
FEATURE: hide enable_personal_email_messages and min_trust_to_send_email_messages
...
These site settings are very hard to explain and only applicable for very
specific Discourse setups.
If an admin "enables staged users" which is used in support scenarios then
all staff can send "messages" directly to an "email".
The setting allows you to extend this to TL4 or any trust level.
Actual use case would be a support type setup with restricted staff. It is
quite rare so hiding this for now and re-evaluate keeping the setting in
2019
2018-08-27 11:38:22 +10:00
Osama Sayegh
2711f173dc
FIX: don't allow inviting more than max_allowed_message_recipients
...
* FIX: don't allow inviting more than `max_allowed_message_recipients` setting allows
* add specs for guardian
* user preferences for auto track shouldn't be applicable to PMs (it auto watches on visit)
Execlude PMs from "Automatically track topics I enter..." and "When I post in a topic, set that topic to..." user preferences
* groups take only 1 slot in PM
* just return if topic is a PM
2018-08-23 14:36:49 +10:00
Osama Sayegh
865cb3feb9
FIX: allow selecting site's default theme from preference
2018-08-10 14:12:02 +03:00
Osama Sayegh
0b7ed8ffaf
FEATURE: backend support for user-selectable components
...
* FEATURE: backend support for user-selectable components
* fix problems with previewing default theme
* rename preview_key => preview_theme_id
* omit default theme from child themes dropdown and try a different fix
* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
OsamaSayegh
decf1f27cf
FEATURE: Groundwork for user-selectable theme components
...
* Phase 0 for user-selectable theme components
- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
Blake Erickson
7750b30016
FIX: Allow a user to remove their title
...
Somewhere there was a regression and a user couldn't remove their own
title. If they selected '(none)' in the UI it would say it was saved,
but it would not actually be updated in the db.
2018-05-31 17:16:52 -06:00
Neil Lalonde
f7c4c71409
FIX: title selector needs to flag whether title comes from badge or not
2018-04-26 16:51:11 -04:00
Robin Ward
a5172a37e0
Allow staff members to enable safe mode, even if disabled
2018-04-25 11:49:57 -04:00
Neil Lalonde
f6cfff3cea
UX: user preferences allows users to choose which title to use from their badges and groups
2018-04-06 14:34:36 -04:00
Arpit Jalan
a8149f8969
FIX: user should not be able to invite to PM if trust level requirment not met
...
FIX: when personal messages are disabled let user invite to a public topic
2018-03-08 14:59:04 +05:30
Vinoth Kannan
7cbda949f1
REFACTOR: New spec tests and code improvement
2018-02-22 20:27:02 +05:30
Vinoth Kannan
84ce1acfef
FEATURE: Allow staffs to tag PMs
2018-02-21 20:11:46 +05:30
Arpit Jalan
7e48c47d37
rename 'enable_private_email_messages' to 'enable_personal_email_messages'
2018-02-01 13:25:29 +05:30
Arpit Jalan
ff0376a80b
rename 'enable_private_messages' to 'enable_personal_messages'
2018-02-01 13:25:29 +05:30
Sam
650ec9c73f
minor test the developer cache first before digging into email
2018-01-17 15:50:41 +11:00
Guo Xiang Tan
f2565f6c7e
SECURITY: Any group can be invited into a PM.
2017-12-14 14:57:48 +08:00
Robin Ward
1f14350220
Rename "Blocked" to "Silenced"
2017-11-10 14:10:27 -05:00
Neil Lalonde
4452d67a23
Revert "FIX: TL0 users' messages to moderators were not being posted when flagging private messages"
2017-10-23 18:17:53 -04:00
Guo Xiang Tan
79de10b212
FEATURE: Allow users to disable new PMs.
...
https://meta.discourse.org/t/is-it-possible-to-disable-private-messaging-for-a-specific-user/46391
2017-10-19 12:32:55 +08:00
Neil Lalonde
b124e5f19f
FIX: TL0 users' messages to moderators were not being posted when flagging private messages
2017-10-13 11:55:49 -04:00
Robin Ward
db929e58fc
FIX: Don't allow staff to approve users with unverified emails
2017-09-04 12:55:39 -04:00
Bianca Nenciu
bb3a5910d7
Support for sending PMs to email addresses ( #4988 )
...
* Added support for sending PMs to email addresses.
* Made changes after review.
* Added settings validator.
* Fixed tests.
2017-08-28 12:07:30 -04:00
Guo Xiang Tan
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
Guo Xiang Tan
2a17f1ccd7
FIX: Group owners should be able to invite users to their groups.
...
https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12
2017-07-21 23:48:25 +09:00
Robin Ward
f1a6449e4b
SECURITY: Remove disposable invite feature
2017-07-07 20:24:39 -04:00
Arpit Jalan
c243861b17
FIX: do not show "Send Activation Email" button if must_approve_users
setting is enabled
...
https://meta.discourse.org/t/error-when-pressing-send-activitation-email-when-must-approve-users-setting-is-enabled/65408
2017-07-04 14:00:50 +05:30
Sam
845170bd6b
FEATURE: add support for group visibility level
...
There are 4 visibility levels
- public (default)
- members only
- staff
- owners
Note, admins and group owners ALWAYS have visibility to groups
Migration treated old "non public" as "members only"
2017-07-03 15:26:57 -04:00
Arpit Jalan
e7b9b1312e
FEATURE: remove all invites
...
https://meta.discourse.org/t/remove-all-invitations-button-for-the-admin-panel/65207
2017-06-29 22:30:10 +05:30
Robin Ward
908433a7a0
SECURITY: Validate the entity
when downloading a CSV
2017-05-19 16:00:51 -04:00
Robin Ward
28f486cb7a
FIX: Regular users shouldn't be able to invite to PMs if disabled
2017-05-19 12:57:21 -04:00
Arpit Jalan
5d9d2cf287
FIX: do not explicitly show email of flagger / flagged user
2017-04-20 22:09:30 +05:30
David Taylor
96f2335c09
FIX: Corrects typo to avoid error 500 on theme change
2017-04-15 01:21:53 +01:00
Sam
def7348777
FIX: display custom sections with default theme
...
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
Arpit Jalan
213a496203
FIX: show all staff events related to the target user
2017-02-22 13:31:40 +05:30
Arpit Jalan
b32f33b3f0
FIX: allow staff members to send PMs when enable_private_messages is disabled
2017-02-22 11:32:09 +05:30
Arpit Jalan
046cbad10b
FEATURE: add a button on admin user page that links to action log
2017-02-21 21:38:37 +05:30
Arpit Jalan
dc2171960b
FIX: allow existing users to be invited to topic/message when must_approve_users is enabled
2017-02-03 13:01:23 +05:30
Guo Xiang Tan
c7b151683d
FIX: Do not allow admins to meddle with admin and moderation access of non real users.
2016-12-29 11:11:33 +08:00
Sam
ab68e0c9db
FEATURE: allow "developer" account flagging via developers table
...
This mechanism for flagging developer accounts will eventually replace
DISCOURSE_DEVELOPER_EMAILS
2016-07-28 10:14:06 +10:00
Sam
d61df21d69
FEATURE: allow people to send messages to themselves (for notes etc)
2016-07-04 11:36:43 +10:00
Régis Hanol
800081f606
FIX: staged users weren't able to reply in restricted categories
2016-06-26 19:25:45 +02:00
Guo Xiang Tan
dfdc54957c
FIX: A blocked user should not be able to moderate anything.
2016-06-20 15:51:26 +08:00
Arpit Jalan
b1a94049e0
FIX: only staff can access 'resend all invites' feature
2016-06-07 10:57:08 +05:30
Neil Lalonde
f3f6c2f98f
FEATURE: tag groups
2016-06-06 14:18:48 -04:00
Arpit Jalan
22d7ea1192
FIX: user can't export entity unless they are logged in
2016-05-05 19:12:37 +05:30
Neil Lalonde
e5918c7d00
FEATURE: Merge tagging plugin into core
2016-04-27 11:58:53 -04:00
Robin Ward
de82bd946d
FIX: Group members should be able to see their groups even if private
2016-04-26 14:17:53 -04:00
Régis Hanol
415efd0f5b
FIX: staged user doesn't get notified for replies in topics they created in secured categories
2016-02-24 11:30:17 +01:00
Neil Lalonde
685ba1eb7f
FEATURE: blocked users can send and reply to private messages from staff
2016-01-22 12:54:24 -05:00
Arpit Jalan
9f8d6b6088
FIX: allow exisiting users to be invited to topic/message when enable_local_logins is disabled
2015-10-30 11:28:05 +05:30
Sam
e29fe77b45
FEATURE: make trust level for message sending configurable
...
- add min_trust_to_send_messages site setting (default 1) to allow admins
to configure when messages can be sent between members
2015-10-12 11:15:48 +11:00
Arpit Jalan
4d593d1c18
FIX: staff should be immune to max_invites_per_day setting
2015-06-05 10:22:41 +05:30
Sam
dd91d5b02f
FEATURE: disable invites by setting max_invites_per_day to 0
2015-05-19 16:51:21 +10:00
Arpit Jalan
d491d4f997
FEATURE: invite existing users to private topic
2015-04-16 00:52:54 +05:30
Régis Hanol
23e8e1b6c1
Merge pull request #3303 from riking/patch-6
...
FIX: Don't fail topic auto-close if privledges are lost
2015-04-06 11:12:37 +02:00
Arpit Jalan
e8dd5592c6
FEATURE: support inviting existing users to topic and message when SSO is enabled
2015-04-05 14:31:35 +05:30
riking
03b971c3e3
FIX: Don't fail topic auto-close if privledges are lost
2015-03-27 15:31:04 -07:00
Sam
1601211617
Revert "FEATURE: allow end users to opt out of getting any private messages"
...
This reverts commit 229ecc4f8a
.
2015-03-23 17:21:58 +11:00
Sam
229ecc4f8a
FEATURE: allow end users to opt out of getting any private messages
2015-03-23 15:50:45 +11:00
Jason W. May
0f36774246
group manager can invite members into the group from any restricted topic
2015-03-03 12:18:42 -08:00
Jason W. May
a2b284a0a4
table & model changes for group managers with permission to edit membership
2015-01-15 11:44:42 -08:00
Arpit Jalan
78537aad39
FIX: rate limit user posts export
2014-12-31 00:54:23 +05:30
Arpit Jalan
bb152a5b3f
FEATURE: download user posts archive
2014-12-24 15:13:48 +05:30
Régis Hanol
b09ad87098
FIX: add 'show emails' button from moderators in user admin section
2014-11-03 12:46:08 +01:00
Régis Hanol
e7f251c105
LOTS of changes to properly handle post/topic revisions
...
FIX: history revision can now properly be hidden
FIX: PostRevision serializer is now entirely dynamic to properly handle
hidden revisions
FIX: default history modal to "side by side" view on mobile
FIX: properly hiden which revision has been hidden
UX: inline category/user/wiki/post_type changes with the revision
details
FEATURE: new '/posts/:post_id/revisions/latest' endpoint to retrieve
latest revision
UX: do not show the hide/show revision button on mobile (no room for
them)
UX: remove CSS transitions on the buttons in the history modal
FIX: PostRevisor now handles all the changes that might create new
revisions
FIX: PostRevision.ensure_consistency! was wrong due to off by 1
mistake...
refactored topic's callbacks for better readability
extracted 'PostRevisionGuardian'
2014-10-27 22:06:43 +01:00
Sam
59d04c0695
Internal renaming of elder,leader,regular,basic to numbers
...
Changed internals so trust levels are referred to with
TrustLevel[1], TrustLevel[2] etc.
This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
riking
ee812eb447
FIX: Do not perform grants if badges are disabled
2014-09-02 13:12:27 -07:00
Arpit Jalan
f571abfaaf
FEATURE: allow staff to send multiple invites to same email
2014-07-30 00:13:11 +05:30
Arpit Jalan
575b5e3d13
FEATURE: disposable invite tokens
2014-07-14 21:30:46 +05:30
Sam
d99a9b6735
FIX: invite security check broke PM viewing for all admins
2014-07-05 16:56:26 +10:00
Arpit Jalan
48f86181bf
REFACTOR: move all conditions to guardian
2014-07-04 23:04:19 +05:30
Neil Lalonde
4f523ae1b9
Don't allow invites if local logins are disabled, since it provides a way to bypass external auth
2014-06-18 16:46:20 -04:00
Arpit Jalan
727184641e
FEATURE: Bulk Invite
2014-06-09 01:43:39 +05:30
Régis Hanol
fca6738212
BUGFIX: could not see the revisions of a post in a deleted topic
2014-05-12 16:30:10 +02:00
Sam
084ec87850
FEATURE: admins can invite users to groups via the web UI
2014-05-09 18:22:36 +10:00
Sam
3f07c1d0a1
Backend support for group invites
2014-05-09 18:22:35 +10:00
Neil Lalonde
f44bd4ec28
Don't allow sending private messages to suspended users. Emails to suspended users should tell them how to respond, since they can't.
2014-05-06 15:01:27 -04:00
Neil Lalonde
1da59e7e2e
FIX: deactivated users shouldn't be able to log in
2014-04-28 13:46:28 -04:00
Neil Lalonde
7993c27ce5
Also allow system_user to send pm's even if enable_private_messages is disabled
2014-04-25 14:52:57 -04:00
Neil Lalonde
ee8bbadfe8
Allow contact user to send private messages even if enable_private_messages is false
2014-04-23 17:00:22 -04:00
Robin Ward
84da39f5dc
FIX: Admins should always be able to see groups so they can edit them.
2014-04-23 15:15:46 -04:00
Robin Ward
af877781b7
Allow admins to choose if groups are visible or not.
2014-04-22 16:43:46 -04:00
Sam
25860622b7
BUGFIX: if SSO is enabled invite system is disabled
2014-04-22 09:17:37 +10:00
Thomas Cioppettini
38882eb1a7
Remove threequals from ruby files
2014-03-26 12:20:41 -07:00
Robin Ward
539890afdf
Let's not show tons of extra information about invites unless you're the
...
person who invited them.
2014-03-21 14:16:11 -04:00
Neil Lalonde
2c725e2779
FEATURE: Trust level 4 abilities: pin/unpin, close, archive, make invisible, split/merge topic
2014-03-17 14:50:28 -04:00
Vikhyat Korrapati
9b26c8584e
Initial badge system implementation.
2014-03-14 21:49:26 +05:30
Régis Hanol
831ad524e6
added some comments
2014-02-13 13:31:13 -08:00
Neil Lalonde
8711762143
Users who have made no more than one post can delete their own accounts from their user preferences page.
2014-02-13 13:52:06 -05:00
Robin Ward
b61df08d1b
FEATURE: Admin selector to choose a primary group for a user, display it
...
and apply a CSS class to their posts.
2014-02-10 17:00:15 -05:00
Sam
d9c05fcfc8
SECURITY: dissalow mods from seeing PMs
2014-02-07 14:24:19 +11:00
Régis Hanol
4fb274fb9d
BUGFIX: history link doesn't work on deleted posts
2014-02-04 20:05:50 +01:00