Sam Saffron
e5c6d0ea65
SECURITY: do not send push notifications to suspended users
2017-04-05 08:29:43 -04:00
Robin Ward
2c9a43e4fd
Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."
...
This reverts commit 1060239e2d
.
2017-02-27 13:37:08 -05:00
Guo Xiang Tan
5cd680b0be
SECURITY: Ensure oAuth authenticated email is the same as created user's email.
2017-02-24 15:40:31 +08:00
Guo Xiang Tan
465660bdfc
Revert "SECURITY: Ensure that user has been authenticated."
...
This reverts commit d1091f7f57
.
2017-02-24 15:39:56 +08:00
Guo Xiang Tan
d1091f7f57
SECURITY: Ensure that user has been authenticated.
2017-02-24 11:46:59 +08:00
Régis Hanol
f49c9f6c43
FIX: log backups download/destroy staff action
...
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:58:04 +01:00
Guo Xiang Tan
515f50e42e
FEATURE: Log admin action when readonly mode is changed.
2017-01-12 09:41:02 +08:00
Robin Ward
6c3426d266
Let's not notify for trust levels on Staff, either
2017-01-11 11:25:04 -05:00
Neil Lalonde
98bd58df61
Don't show email of deleted users in staff action logs
2017-01-10 17:25:36 -05:00
Neil Lalonde
fc0a0a76a4
Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user
2017-01-10 17:25:36 -05:00
Robin Ward
7341b0d03c
Don't give notifications to admins for trust level notifications
2017-01-10 12:18:48 -05:00
Guo Xiang Tan
d10fe51b72
Fix broken specs since all urls will be oneboxed.
2017-01-06 10:05:51 +08:00
Régis Hanol
cbcb9363f4
fix the build
2017-01-04 14:23:21 +01:00
Sam
c531f4ded5
remove rails-observers
...
Rails yanked out observers many many years ago, instead the functionality
was yanked out to a gem that is very lightly maintained.
For example: if we want to upgrade to rails 5 there is no published gem
Internally the usage of observers had quite a few problem.
The series of refactors renamed a bunch of classes to give us more clarity
and removed some magic.
2016-12-22 16:46:53 +11:00
Sam
019f1a1d06
UserEmailObserver is now removed
...
no big surprises here was pretty straightforward
after_commit semantics sure are weird though
2016-12-22 16:46:53 +11:00
Sam
2f6a4cc6de
remove UserActionObserver, replace with after_save and service
...
interestingly there was some left over dead code from when stars
existed in the topic_users table
2016-12-22 16:46:53 +11:00
Sam
0a78ae739d
Remove SearchObserver, aim is to remove all observers
...
rails-observers gem is mostly unmaintained and is a pain to carry forward
new implementation contains significantly less magic as a bonus
2016-12-22 13:13:14 +11:00
Guo Xiang Tan
69330f8bc2
Add user_updated event to webhooks.
2016-12-13 11:26:26 +08:00
Guo Xiang Tan
05f55dbc10
FEATURE: Group logs.
2016-12-12 17:29:54 +08:00
Régis Hanol
6edd3c347c
FIX: automatically disable digests when enabling mailing list mode
2016-11-28 15:52:35 +01:00
Guo Xiang Tan
f824afb4d3
FEATURE: Allow date_of_field column to be updated.
2016-11-17 15:16:58 +08:00
Guo Xiang Tan
95c6e97587
Ensure we don't run $redis.keys
in production.
2016-11-15 23:23:41 +08:00
Sam
aaf947356b
correct regression where notifications scope is not pushing to push server
2016-10-14 22:52:39 +11:00
Sam
f4f5524190
FEATURE: user API now contains scopes so permission is granular
...
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
Sam
3ad8616f44
Merge pull request #4476 from xfalcox/localize-badge-notifications
...
FIX: Properly localize badge notification on batch grant
2016-10-12 15:16:35 +11:00
Rafael dos Santos Silva
c5b94878ac
We need this variable later
2016-10-11 19:14:32 -03:00
Sam
89daa43754
FEATURE: remap emojis back for push notifications and desktop alerts
2016-10-11 13:03:48 +11:00
cpradio
6f1c31d777
Add notification level user preference when replying to a topic
2016-09-30 14:58:07 -04:00
Rafael dos Santos Silva
9a502c73c9
FIX: Properly localize badge notification on batch grant
2016-09-29 18:55:41 -03:00
Robin Ward
29cf47cfb2
Track steps the user has completed, nag them to finish it.
2016-09-22 09:52:19 -04:00
Robin Ward
c94e6f1b96
Add locale step
2016-09-22 09:52:19 -04:00
Neil Lalonde
06eb256d0a
FIX: blocking users should never hide all posts if they are trust level 1 or higher
2016-09-12 11:58:10 -04:00
Robin Ward
9609a47016
Ability to skip email validation via a plugin
2016-09-07 14:05:46 -04:00
Sam
4fe52c8cbe
FEATURE: backend support for pushing notifications to clients
2016-08-26 12:47:10 +10:00
Robin Ward
4061725a95
FIX: Don't ever grant badges when they're disabled
2016-08-19 15:16:37 -04:00
Arpit Jalan
a590f35982
FEATURE: allow changing post owners without creating post revision
2016-08-19 23:34:21 +05:30
Régis Hanol
e55e2aff94
FIX: FirstReplyByEmail badge wasn't granted
...
DEPRECATED: PostProcess badge trigger
2016-08-10 19:24:01 +02:00
Robin Ward
3d62e5dd98
SECURITY: XSS issue on Admin users list
2016-08-05 12:01:16 -04:00
Robin Ward
429f27ec96
SECURITY: Avoid mass assignment on user create
2016-08-05 11:57:13 -04:00
Sam
9018de39ed
FEATURE: allow shipping bio markdown via SSO
...
- Also adds site setting for sso_overrides_bio to disable bio editing by end users
2016-08-01 15:29:28 +10:00
Régis Hanol
b0f7e4ba00
FEATURE: deactive users after too many bounces
2016-07-25 18:57:06 +02:00
Robin Ward
b2289d733f
List the "Watching First Post" tags on preferences
2016-07-22 16:16:45 -04:00
Robin Ward
c279889191
FIX: Watching First Post in groups was working incorrectly
2016-07-21 15:05:10 -04:00
Robin Ward
09be741820
FIX: Don't alert on new posts in a topic unless it's a new record
2016-07-19 15:57:05 -04:00
Sam Saffron
46b34e3c62
FEATURE: remove user option for edit history public
...
Users can no longer opt-in for "public" edit history
if site owner disables it.
This feature adds cost and complexity to post rendering since
user options need to be premeptively loaded for every user in the
stream. It is also confusing to explain to communities with private edit
history.
2016-07-16 21:30:00 +10:00
Sam
f1b1b0da14
FEATURE: show watched first post in user page
2016-07-08 14:08:10 +10:00
Sam
4161ee210a
FEATURE: improved tag and category watching and tracking
...
- present tags watched on the user prefs page
- automatically watch or unwatch old topics based on watch status
New watching and tracking logic takes care of handling old topics
(either with or without read state)
When you watch a topic you now watch historically
Also removes confusing warnings from user.
2016-07-08 12:58:30 +10:00
Robin Ward
2005565c9c
Server side code for Watching First Post Only
2016-07-07 11:21:50 -04:00
Sam
92daf44daf
correct random suggested topic selection
2016-07-04 10:34:54 +10:00
Guo Xiang Tan
9fc0b8607c
Add event trigger for post notification alert.
2016-07-01 00:12:07 +08:00