Robin Ward
17f2974d0a
SECURITY: Confirm new administrator accounts via email
2017-04-04 15:59:01 -04:00
Guo Xiang Tan
3ef82bb32c
SECURITY: CSRF vulnerabilities in Admin::BackupsController
.
2017-03-23 10:29:35 +08:00
Guo Xiang Tan
1a7e954e09
FIX: Store custom emojis as uploads.
...
* Depending on a hardcoded directory was a flawed design
which made it impossible to debug when custom emojis go
missing.
2017-03-14 13:07:18 +08:00
Arpit Jalan
d5bcc70e9c
FIX: grant trust level when bulk adding users to group
2017-03-06 14:39:53 +05:30
Blake Erickson
80858bae2c
FEATURE: further restrict downloading of backups
...
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
Régis Hanol
f51e3b2131
FIX: should not be able to rename a system badge
2017-02-20 14:35:05 +01:00
Sam
2dec731da3
SECURITY: correctly validate input when admin searches for screened ips
2017-02-06 16:11:16 -05:00
Régis Hanol
fbf9172db8
FIX: log backups download/destroy staff action
...
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
Guo Xiang Tan
515f50e42e
FEATURE: Log admin action when readonly mode is changed.
2017-01-12 09:41:02 +08:00
Guo Xiang Tan
7c7c233c1c
FIX: Can't update Groups#allow_membership_requests
in admin.
2016-12-20 15:14:35 +08:00
Guo Xiang Tan
43ee9f884e
FEATURE: Add Group#full_name
.
2016-12-13 16:16:26 +08:00
Guo Xiang Tan
da7009a968
FEATURE: Add request membership button for allowed groups.
2016-12-12 22:48:08 +08:00
Guo Xiang Tan
05f55dbc10
FEATURE: Group logs.
2016-12-12 17:29:54 +08:00
Guo Xiang Tan
be5b5f6bea
FEATURE: Public groups.
2016-12-12 17:00:30 +08:00
Guo Xiang Tan
37b256e7f2
Fix specs.
2016-12-05 17:13:58 +08:00
Guo Xiang Tan
31acd311e5
FEATURE: Allow group owners to edit group name and avatar flair.
2016-12-05 14:27:46 +08:00
Guo Xiang Tan
5794f1619d
PERF: Fix N+1 queries when loading groups.
2016-11-26 02:20:26 +08:00
Régis Hanol
81e2a0099f
FIX: ensure the group 'everyone' is never shown when using a different locale
2016-10-24 10:53:31 +02:00
cpradio
0d2d8797b6
FIX: Backup validation wasn't escaping hyphens
2016-09-16 15:20:42 -04:00
Guo Xiang Tan
a04dadf9b4
FIX: Randomly failing specs try 2.
2016-09-16 15:10:37 +08:00
Guo Xiang Tan
903d1dd326
FIX: Randomly failing specs.
2016-09-16 14:56:59 +08:00
Guo Xiang Tan
512922d776
SECURITY: Add filename validation for backup uploads.
2016-09-16 11:58:14 +08:00
Neil Lalonde
2251104e32
FEATURE: avatar flair can be font awesome icons
2016-08-26 17:15:37 -04:00
Neil Lalonde
d079f69b7b
FEATURE: add flair to avatars using new settings in the groups admin UI
2016-08-17 15:13:15 -04:00
Sam
c6dbaca0dc
SECURITY: disable user entered badge SQL by default
...
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
Arpit Jalan
c626558d36
UX: group pages should not show Messages tab to unauthorised users ( #4318 )
2016-07-09 00:50:04 +05:30
Robin Ward
ccf9b70671
When restoring a backup, disable emails.
...
This prevents accidental sending of emails after a restore before
the admin has had a chance to review everything.
2016-06-24 17:15:15 -04:00
Sam
a130cb8305
FEATURE: move more urgent emails notifications to critical queue
...
Move signup, admin login and password change email notifications
to critical queue
2016-04-07 14:39:01 +10:00
Guo Xiang Tan
9a5ded48cf
FIX: Return a proper error message when sync sso fails.
2016-03-26 13:30:15 +08:00
Arpit Jalan
bfaa4cdb37
FEATURE: compose a new pre-filled private message to a group via URL
2016-03-03 00:19:06 +05:30
Erick Guan
35142847ba
FIX: Prepend the user id before username in admin user routes
2016-02-09 15:14:13 +01:00
Sam
b75353c26f
correct specs
2016-01-27 23:40:45 +11:00
Sam
d20f6e0cb0
fix test and comment out js test for now
2015-12-20 17:34:15 +11:00
Arpit Jalan
4c967d11b4
FEATURE: log site text changes
2015-12-18 19:42:06 +05:30
Régis Hanol
15c229195f
FEATURE: notification_level on a per-group basis
2015-12-14 23:17:09 +01:00
Régis Hanol
578f606a1a
add 'incoming_email' to groups
2015-12-07 12:39:28 +01:00
Andy Waite
3e50313fdc
Prepare for separation of RSpec helper files
...
Since rspec-rails 3, the default installation creates two helper files:
* `spec_helper.rb`
* `rails_helper.rb`
`spec_helper.rb` is intended as a way of running specs that do not
require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's
current `spec_helper.rb` does).
For more information:
https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files
In this commit, I've simply replaced all instances of `spec_helper` with
`rails_helper`, and renamed the original `spec_helper.rb`.
This brings the Discourse project closer to the standard usage of RSpec
in a Rails app.
At present, every spec relies on loading Rails, but there are likely
many that don't need to. In a future pull request, I hope to introduce a
separate, minimal `spec_helper.rb` which can be used in tests which
don't rely on Rails.
2015-12-01 20:39:42 +00:00
Robin Ward
5e93140f85
FEATURE: Can override any translation via an admin interface
2015-11-27 11:35:19 -05:00
Sam Saffron
6dd4bc7d57
FEATURE: support group owner, capable of controlling group membership
...
Group owners are regular users that can add or remove users to a group
The Admin UX allows admins to appoint group owners
The public group UX will display group owners first and unlock UI to
add and remove members
Group owners can only be appointed on non automatic groups
Group owners may not appoint another group owner
2015-11-10 00:56:57 +11:00
Leo McArdle
fe5264f9e9
filter by username in email digest preview
...
adds a user prompt on the email digest preview page to generate a preview for a particular user
also fixes some broken styling on the page
2015-10-30 18:11:38 +00:00
Robin Ward
23371b026d
FIX: Don't raise an error if you try to assign a group that exists
2015-10-28 12:21:54 -04:00
Robin Ward
47e25648df
FEATURE: Change user groups in bulk via admin
2015-10-26 15:57:30 -04:00
Neil Lalonde
1bd0f5b015
FEATURE: group can grant a trust level when a user is added
2015-09-01 16:52:12 -04:00
Régis Hanol
1a82a59f47
fix the build
2015-08-27 22:46:30 +02:00
Régis Hanol
73624e63c5
FIX: revoke any api keys when suspending an user
2015-08-23 22:33:37 +02:00
Robin Ward
d1c69189f3
FEATURE: Can edit category/host relationships for embedding
2015-08-20 15:56:04 -04:00
Jonathan Brachthaeuser
c0e88724c2
Preserve user-field options when updating user-fields
...
Avoid deleting options of the user-field when no options are
transmitted.
2015-08-17 19:01:20 +02:00
Robin Ward
118763df50
FIX: Broken spec
2015-08-10 10:34:40 -04:00
Robin Ward
dc8a68fd29
FEATURE: New "Dropdown" user field type
2015-07-28 12:30:21 -04:00
Arpit Jalan
dc90c396f2
FEATURE: manage Permalinks
2015-07-17 01:26:02 +05:30