Commit Graph

933 Commits

Author SHA1 Message Date
Ryan C. Gordon
a51c191a66 Make Email::Receiver.check_address() into a class method. 2017-04-05 23:10:36 -04:00
Ryan C. Gordon
e15d11df18 Added an API to ask if an incoming email should be dropped at the SMTP level.
This lets an SMTP server optionally decide if it should reject a mail without
passing it on to Discourse at all, possibly before even reading the
email's payload, to prevent spam-induced backscatter and save resources.

This just does the bare minimum sanity checking that could prevent obvious
backscatter. For legit errors from legit users, Discourse will still send a
much more pleasant reply email.
2017-04-05 23:10:36 -04:00
Robin Ward
17f2974d0a SECURITY: Confirm new administrator accounts via email 2017-04-04 15:59:01 -04:00
Robin Ward
14410b71fb Convert server side paths to use /u/ 2017-03-30 10:23:24 -04:00
Guo Xiang Tan
a818fa9831 FIX: Show stats of the last 30 days be default for admin reports.
* `1.month.ago + 1.month` uses the calendar month for calculations
  such that `1.month.ago` from the 30th of March 2017 will give
  us the 28th of February 2017. Adding one month ahead from
  28th February 2017 will be 28th of March 2017.
2017-03-30 09:48:10 +08:00
Guo Xiang Tan
1a7e954e09 FIX: Store custom emojis as uploads.
* Depending on a hardcoded directory was a flawed design
  which made it impossible to debug when custom emojis go
  missing.
2017-03-14 13:07:18 +08:00
Régis Hanol
00380d84c5 UX: display text & html parts alongside raw email in incoming email modal 2017-03-08 23:15:42 +01:00
Rafael dos Santos Silva
c3477cd40d Merge pull request #4716 from discourse/bounced_emails_details
FEATURE: Allow checking the raw response of a bounced email
2017-03-06 13:30:19 -03:00
Rafael dos Santos Silva
aac4a4ed94 Handle invalid parameters and missing bounced emails 2017-03-02 20:37:28 -03:00
Blake Erickson
80858bae2c FEATURE: further restrict downloading of backups
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
Rafael dos Santos Silva
5296f00c28 FEATURE: Allow checking the raw response of a bounced email 2017-02-22 14:51:33 -03:00
Régis Hanol
f51e3b2131 FIX: should not be able to rename a system badge 2017-02-20 14:35:05 +01:00
Régis Hanol
cb99f59ec3 reset bounce score when email is successfully changed 2017-02-20 10:37:01 +01:00
Sam
ff49f72ad9 FEATURE: per client user tokens
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Sam
2dec731da3 SECURITY: correctly validate input when admin searches for screened ips 2017-02-06 16:11:16 -05:00
Régis Hanol
fbf9172db8 FIX: log backups download/destroy staff action
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
Guo Xiang Tan
515f50e42e FEATURE: Log admin action when readonly mode is changed. 2017-01-12 09:41:02 +08:00
Guo Xiang Tan
cdd550e947 Use a different Redis key when PG failover sets site to readonly mode. 2017-01-11 16:38:49 +08:00
Neil Lalonde
fc0a0a76a4 Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user 2017-01-10 17:25:36 -05:00
Claas Augner
bec10ada2a
Remove unused email templates from controller 2017-01-05 15:31:14 +01:00
Guo Xiang Tan
5098baee2f FIX: Undefined variable. 2017-01-04 17:37:23 +08:00
Guo Xiang Tan
7c7c233c1c FIX: Can't update Groups#allow_membership_requests in admin. 2016-12-20 15:14:35 +08:00
Guo Xiang Tan
43ee9f884e FEATURE: Add Group#full_name. 2016-12-13 16:16:26 +08:00
Guo Xiang Tan
da7009a968 FEATURE: Add request membership button for allowed groups. 2016-12-12 22:48:08 +08:00
Guo Xiang Tan
05f55dbc10 FEATURE: Group logs. 2016-12-12 17:29:54 +08:00
Guo Xiang Tan
790f1ef9f3 FIX: Permit missing params. 2016-12-12 17:00:30 +08:00
Guo Xiang Tan
31acd311e5 FEATURE: Allow group owners to edit group name and avatar flair. 2016-12-05 14:27:46 +08:00
Guo Xiang Tan
5794f1619d PERF: Fix N+1 queries when loading groups. 2016-11-26 02:20:26 +08:00
Guo Xiang Tan
712ff01f38 PERF: Remove eager load. 2016-11-25 11:21:08 +08:00
Neil Lalonde
f885e5b5e6 fix success response handling of sending digest preview email 2016-11-24 15:05:33 -05:00
Guo Xiang Tan
84914c5e1f PERF: Fix N+1 query. 2016-11-24 17:47:14 +08:00
Neil Lalonde
47aa3d94aa FEATURE: send digest preview to an email address 2016-11-23 17:51:57 -05:00
Régis Hanol
81e2a0099f FIX: ensure the group 'everyone' is never shown when using a different locale 2016-10-24 10:53:31 +02:00
Sam
9a94d1b212 FIX: everyone is not a visible group 2016-10-24 13:03:22 +11:00
Guo Xiang Tan
547750e9dd Unify API keys and web hooks into a single admin nav header. 2016-09-20 05:22:03 +08:00
Erick Guan
00d5facf36 FEATURE: prompts new webhook events 2016-09-19 12:07:17 +08:00
cpradio
2eddeab66b Escape the hyphen 2016-09-16 19:07:46 -04:00
cpradio
0d2d8797b6 FIX: Backup validation wasn't escaping hyphens 2016-09-16 15:20:42 -04:00
Guo Xiang Tan
512922d776 SECURITY: Add filename validation for backup uploads. 2016-09-16 11:58:14 +08:00
Arpit Jalan
19ddf95efa FIX: add custom invite email templates 2016-09-08 00:54:48 +05:30
Erick Guan
9ce61b4586 FEATURE: Webhooks. 2016-09-05 18:44:00 +08:00
Neil Lalonde
2251104e32 FEATURE: avatar flair can be font awesome icons 2016-08-26 17:15:37 -04:00
Robin Ward
c3a3aff120 FEATURE: Support for a whitelist for embeddable host paths 2016-08-23 14:56:12 -04:00
Neil Lalonde
d079f69b7b FEATURE: add flair to avatars using new settings in the groups admin UI 2016-08-17 15:13:15 -04:00
Sam
c6dbaca0dc SECURITY: disable user entered badge SQL by default
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
Régis Hanol
7b6d946613 FIX: searching received emails for TO was broken 2016-07-13 22:43:25 +02:00
Guo Xiang Tan
f256e3afb6 Merge pull request #4297 from tgxworld/handle_user_enabled_readonly_mode
Handle user enabled readonly mode
2016-07-05 19:54:32 +08:00
Guo Xiang Tan
22ade1f811
FEATURE: Add event trigger when a user is logged out. 2016-07-04 17:20:30 +08:00
Guo Xiang Tan
64858c10fe
FIX: Set a not expiring key for user enabled readonly mode. 2016-06-29 15:10:01 +08:00
Robin Ward
ccf9b70671 When restoring a backup, disable emails.
This prevents accidental sending of emails after a restore before
the admin has had a chance to review everything.
2016-06-24 17:15:15 -04:00
Régis Hanol
2ecd0da59f REFACTOR: use same code path for handling emails via API and POP 2016-06-22 15:50:49 +02:00
Régis Hanol
1e57bbf5c8 Lots bounce emails related fixes
- Show bounce score on user admin page
- Added reset bounce score button on user admin page
- Only whitelisted email types are sent to emails with high bounce score
- FIX: properly detect bounces even when there is no TO: header in the email
- Don't desactivate a user when reaching the bounce threshold
2016-05-06 19:34:33 +02:00
Régis Hanol
8e611ec7a1 FEATURE: handle bounced emails 2016-05-02 23:15:32 +02:00
Arpit Jalan
74b3807f60 FEATURE: new bootstrap mode settings for brand new Discourse community (#4193)
* FEATURE: new bootstrap mode settings for brand new Discourse community

* new SiteSetting.set_and_log method
2016-04-26 13:08:19 -04:00
Régis Hanol
7d9f2265b9 FIX: improve support for handling emails coming from screened email addresses 2016-04-18 23:01:54 +02:00
Guo Xiang Tan
983d64fd56 PERF: N+1 query on badges index. 2016-04-12 17:45:02 +08:00
Robin Ward
cc25716e47 FIX: Allow message format translations to be overridden 2016-04-08 14:49:50 -04:00
Thorben Egberts
cf8b3fbd56 FEATURE: add user custom fields to user card
The user's custom fields are now displayed on the user card. This has to be enabled for each custom field in the custom field settings. See https://meta.discourse.org/t/custom-user-fields-on-usercard/22662/
2016-04-08 14:35:41 +02:00
Sam
a130cb8305 FEATURE: move more urgent emails notifications to critical queue
Move signup, admin login and password change email notifications
to critical queue
2016-04-07 14:39:01 +10:00
Régis Hanol
79639e2dec FIX: ensure group's users counters are kept in sync 2016-04-04 17:03:18 +02:00
Guo Xiang Tan
9a5ded48cf FIX: Return a proper error message when sync sso fails. 2016-03-26 13:30:15 +08:00
Régis Hanol
39863953cd new 'enable_staged_users' site setting 2016-03-23 18:56:03 +01:00
Robin Ward
5fcd5002c4 FIX: Saving a user field as required didn't work the first time 2016-03-09 15:34:48 -05:00
Robin Ward
5771d2aee2 SECURITY: Support for confirm old as well as new email accounts 2016-03-08 14:52:22 -05:00
Régis Hanol
622d804d46 FEATURE: Add rejection message on rejected IncomingEmail
FIX: Better RateLimit description in rejected IncomingEmail
FEATURE: Send email when hitting a rate limit
2016-03-07 16:56:17 +01:00
Régis Hanol
f3c868e7bb run the BackupChunksMerger job in 5 seconds 2016-03-03 12:01:13 +01:00
Arpit Jalan
8f62a0caa8 FEATURE: log backup operation 2016-02-27 23:33:18 +05:30
Neil Lalonde
283ff4c7f8 move code for bulk adding users to a group from controller to model 2016-02-18 14:03:08 -05:00
Régis Hanol
63b9d1c645 FIX: sends an email notifcation when a user's post is linked 2016-02-16 18:29:23 +01:00
Régis Hanol
bf96025507 link email logs to the post that generate the email notification when available 2016-02-16 16:35:57 +01:00
Régis Hanol
91bb38626c FEATURE: new incoming email details modal 2016-02-10 22:00:27 +01:00
Erick Guan
35142847ba FIX: Prepend the user id before username in admin user routes 2016-02-09 15:14:13 +01:00
Arpit Jalan
eec8436cfe FEATURE: filter admin reports via user group 2016-02-04 11:23:49 +05:30
Régis Hanol
cf4c256b17 FEATURE: new 'raw email' modal when listing rejected emails 2016-02-01 21:41:49 +01:00
Arpit Jalan
74f22f95da FEATURE: log admin/moderator grant/revoke action 2016-01-27 15:39:04 +05:30
Régis Hanol
3083657358 FEATURE: better email in support
FEATURE: new incoming_email model
FEATURE: infinite scrolling in emails admin
FEATURE: new 'emails:import' rake task
2016-01-19 00:57:55 +01:00
Neil Lalonde
1aa68e085e don't hide all a user's posts when staff manually blocks them 2016-01-14 15:20:26 -05:00
Arpit Jalan
4c967d11b4 FEATURE: log site text changes 2015-12-18 19:42:06 +05:30
Robin Ward
d22a479c61 FIX: Error filtering for overidden values with no query 2015-12-08 12:49:37 -05:00
Régis Hanol
578f606a1a add 'incoming_email' to groups 2015-12-07 12:39:28 +01:00
Robin Ward
b0b85725ad If a search for a translation is exactly the value, prioritize it 2015-11-30 15:31:30 -05:00
Robin Ward
de88be2fbc Support for "Only show overridden" in site text customization 2015-11-30 15:25:08 -05:00
Robin Ward
5e93140f85 FEATURE: Can override any translation via an admin interface 2015-11-27 11:35:19 -05:00
Robin Ward
8eeb027c65 Can revert changes to email templates 2015-11-20 12:30:21 -05:00
Robin Ward
f5b34d5f53 FEATURE: Admin interface for editing email templates 2015-11-19 16:39:34 -05:00
Sam Saffron
6dd4bc7d57 FEATURE: support group owner, capable of controlling group membership
Group owners are regular users that can add or remove users to a group
The Admin UX allows admins to appoint group owners
The public group UX will display group owners first and unlock UI to
add and remove members

Group owners can only be appointed on non automatic groups
Group owners may not appoint another group owner
2015-11-10 00:56:57 +11:00
Leo McArdle
fe5264f9e9 filter by username in email digest preview
adds a user prompt on the email digest preview page to generate a preview for a particular user
also fixes some broken styling on the page
2015-10-30 18:11:38 +00:00
Robin Ward
23371b026d FIX: Don't raise an error if you try to assign a group that exists 2015-10-28 12:21:54 -04:00
Robin Ward
47e25648df FEATURE: Change user groups in bulk via admin 2015-10-26 15:57:30 -04:00
Sam
dfe3ecb914 PERF: disable prepared statements
see: https://github.com/rails/rails/issues/21992
2015-10-19 14:02:22 +11:00
Sam
dc859beff3 FEATURE: add handle_mail admin route
you can post full email payloads to this endpoint /admin/email/handle_mail
2015-10-19 08:33:24 +11:00
Robin Ward
7802757306 FIX: Username for topic creation is required 2015-10-13 16:33:26 -04:00
Arpit Jalan
607265fc28 FEATURE: add users to group via email 2015-09-15 12:36:44 +05:30
Neil Lalonde
1bd0f5b015 FEATURE: group can grant a trust level when a user is added 2015-09-01 16:52:12 -04:00
Régis Hanol
96c23d51a2 FIX: don't break the message bus when restoring a backup 2015-08-27 20:02:13 +02:00
Régis Hanol
73624e63c5 FIX: revoke any api keys when suspending an user 2015-08-23 22:33:37 +02:00
Robin Ward
146f2eab7f Can edit settings on the embedding page 2015-08-20 15:56:05 -04:00
Robin Ward
d1c69189f3 FEATURE: Can edit category/host relationships for embedding 2015-08-20 15:56:04 -04:00
Jonathan Brachthaeuser
c0e88724c2 Preserve user-field options when updating user-fields
Avoid deleting options of the user-field when no options are
transmitted.
2015-08-17 19:01:20 +02:00
Robin Ward
7fffd483f8 Fix deprecations with site text, upgrade to ES6 / store 2015-08-10 10:21:04 -04:00
Robin Ward
bd631e343a FEATURE: Can create stylesheets for embedded comments 2015-08-10 10:21:04 -04:00
Robin Ward
0932e82508 Refactor Customizations to have deeper URLs 2015-08-10 10:21:04 -04:00
Robin Ward
aa6f792ce1 FEATURE: Custom orders for user fields 2015-07-30 14:53:13 -04:00
Robin Ward
dc8a68fd29 FEATURE: New "Dropdown" user field type 2015-07-28 12:30:21 -04:00
Arpit Jalan
5fc7545c01 UX: include more details on Permalinks page 2015-07-17 21:39:23 +05:30
Arpit Jalan
dc90c396f2 FEATURE: manage Permalinks 2015-07-17 01:26:02 +05:30
Régis Hanol
f18098fd9b FEATURE: category dropdown in admin reports 2015-06-24 15:19:39 +02:00
Robin Ward
76bfd723f6 Merge pull request #3482 from riking/patch-3
Import/Export site customizations
2015-06-22 14:03:07 -04:00
Arpit Jalan
d21944a0b6 FIX: add missing translation keys 2015-05-26 19:11:37 +05:30
Régis Hanol
c91634c09a FIX: support for async uploads of emojis 2015-05-20 16:45:48 +02:00
riking
d112f39031 Change extension back to .dcstyle.json 2015-05-19 18:35:16 -07:00
riking
fbc06d044f Use .dcstylejson instead of .dcstyle.json 2015-05-16 20:41:35 -07:00
riking
1e53c179a3 FEATURE: Export customizations as JSON files 2015-05-16 20:24:13 -07:00
Sam
8277a586bb usage of raise corrected 2015-05-07 11:00:51 +10:00
Sam
803feefd54 MessageBus handles readonly redis now, no need to wrap it 2015-05-04 12:21:00 +10:00
Robin Ward
5b3f99aa50 Don't blow up if Redis switches to READONLY 2015-04-24 14:37:16 -04:00
Robin Ward
96d2c5069b Interface for reviewing queued posts 2015-04-15 14:54:37 -04:00
Arpit Jalan
499bed69e2 FIX: show error message if user already exist in group 2015-04-15 14:15:58 +05:30
Sam
75890aed26 FEATURE: allow admins to choose a group as a primary group
FEATURE: allow admins to set a default title for a group
2015-04-10 12:17:28 +10:00
Régis Hanol
babbbc06d1 FIX: add support for .tgz and .gz backup files 2015-04-07 15:26:47 +02:00
Sam
586cca352d move memory diagnostics into lib, so it can be reused elsewhere 2015-03-30 10:14:42 +11:00
Neil Lalonde
608647d02f FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-10 11:59:08 -04:00
Régis Hanol
fc962eb378 FEATURE: automatic daily roll-up for screened IP addresses 2015-03-09 18:55:17 +01:00
Robin Ward
84b84a9d7c Support for url_list site setting. 2015-03-03 16:19:29 -05:00
Robin Ward
005b8bf7c3 FIX: When creating a SSO user via sync, do not user the IP address. 2015-02-25 14:41:23 -05:00
Dan Singerman
1c545d4c1e Allow adding and removing members of groups by username or id
As discussed here: https://meta.discourse.org/t/discourse-gem-group-add/25668/2.
2015-02-25 14:52:13 +00:00
Robin Ward
ca5730018a FIX: SSO code should respect IP address filters 2015-02-23 16:01:46 -05:00
Sam
ca915e8ad7 correct issue under 2.0.0 2015-02-11 17:41:24 +11:00
Sam
9a59caf800 add regexp to reporting 2015-02-11 17:23:54 +11:00
Sam
e427d54191 FEATURE: show large objects in admin/memory_stats 2015-02-11 17:18:47 +11:00
Régis Hanol
c4e427cf73 FEATURE: filter screened IP addresses 2015-02-10 19:38:59 +01:00
Robin Ward
8d46de4819 Add a spec for the new plugins controller 2015-02-10 12:35:53 -05:00
Sam
39e828dee4 improve formatting 2015-02-10 15:59:08 +11:00
Sam
d5405eebde Add basic snapshot comparison for tracking memory leaks 2015-02-10 15:54:16 +11:00
Sam
1d99f5c9c0 FEATURE: add process stats to memory report 2015-02-10 12:34:01 +11:00
Sam
3aea00473b FEATURE: improve memory reporting of /admin/memory_stats 2015-02-10 11:48:30 +11:00
Régis Hanol
1e6f886886 FIX: use distributed mutex to prevent errors when uploading emojis in batches 2015-02-09 18:54:57 +01:00
Sam
e8323fa534 FIX: removing a group from a user was not removing primary group 2015-02-09 16:03:09 +11:00
Robin Ward
3d7b534564 FEATURE: New "Plugins" admin section with extensibility support 2015-02-06 17:33:24 -05:00
Robin Ward
4e64d16a47 FEATURE: Allow plugins to log staff actions 2015-02-05 15:26:34 -05:00
Sam
67eccee990 FEATURE: basic disk space usage stats 2015-02-04 18:05:17 +11:00
Neil Lalonde
644c7a4675 FEATURE: Add an option to show custom user fields on profiles. Default is to not show them. 2015-01-29 17:38:39 -05:00
Sam
497042ddf2 FIX: don't restrict to local filesystem for df check
FIX: check correct directory when looking at backup limits
2015-01-27 08:25:57 +11:00
Régis Hanol
f7f5e39f75 FIX: Minor Admin bug with a setting when creating a new group 2015-01-23 20:31:48 +01:00
Régis Hanol
256519dddf FEATURE: automatic group membership based on email address 2015-01-23 18:25:43 +01:00
Régis Hanol
e300945879 FEATURE: split group admin in 2 tabs (custom & automatic)
FIX: clear the user-selector when adding new members
2015-01-21 20:52:48 +01:00
Neil Lalonde
7412ff4da7 FIX: suspended users are logged out when they are suspended. Show a reason for suspension when they try to log in. 2015-01-19 12:37:02 -05:00
Régis Hanol
6734a51b6a move SiteText.{head,top,bottom} to SiteCustomization 2015-01-14 12:15:53 +01:00
Robin Ward
f3b72f5d96 Revert "move SiteText.{head,bottom} to SiteCustomization and remove redundant SiteText.top"
This reverts commit 6ee2849df6.
2015-01-12 20:21:22 -05:00
Régis Hanol
6ee2849df6 move SiteText.{head,bottom} to SiteCustomization and remove redundant SiteText.top 2015-01-12 19:59:43 +01:00
Régis Hanol
060cda7772 FIX: proper handling of group memberships 2015-01-05 18:51:45 +01:00
Neil Lalonde
4c166942ad FEATURE: Invite admin api has an optional param send_email which can prevent sending an email to the invited user. The api will return the password reset url so that the caller can send an email with it instead. 2015-01-02 15:48:54 -05:00
Régis Hanol
9932bea7ce FEATURE: default emoji override 2014-12-25 17:58:15 +01:00
Arpit Jalan
bb152a5b3f FEATURE: download user posts archive 2014-12-24 15:13:48 +05:30
Sam
ba68eee20b FIX: stable ordering for site customisations 2014-12-23 13:03:48 +11:00
Sam
f23eb475a4 FEATURE: remove override stylesheet option, too confusing 2014-12-23 13:03:48 +11:00
Régis Hanol
45dbdb6896 FEATURE: custom emojis 2014-12-23 01:12:26 +01:00
Arpit Jalan
42cbe6ef2a FEATURE: export csv for all the logs 2014-12-11 23:33:26 +05:30
Blake Erickson
1d0eccf710 Have activate user return json
- Change activate user from admin controller to return json
- Test that it returns json
- Remove unnessary test from log_out spec

This commit was created so that when you activate a user through the api
it returns a json response.
2014-12-08 11:16:57 -07:00
Lourens Naudé
fb60daa867 Introduce support for dumping Rails process heap at the end of a benchmark run 2014-12-07 22:55:37 +00:00
Blake Erickson
bdc92eec70 Have log_out method return json.
This commit helps improve the discourse_api experience so that we can
check the json response if it was a success or not. This commit also
checks that a 404 is sent instead of a 500 if a bad user_id is passed
in.
2014-12-01 06:03:25 -07:00
Régis Hanol
5b90ceb71d FEATURE: rolls up 1.2.*.* IP ranges when number of entries > 10 2014-11-27 19:29:30 +01:00
Robin Ward
257bde8e2b FEATURE: "Suspect" users list in admin. 2014-11-26 13:58:16 -05:00
Régis Hanol
7b0ae702e7 FEATURE: log a new staff action when rolling up banned IP addresses 2014-11-24 19:48:54 +01:00
Régis Hanol
d3d517108d FIX: display total number of other accounts with the same IP address in the IP lookup dialog 2014-11-24 19:34:04 +01:00
Régis Hanol
7b1c001932 FIX: limit other accounts deletion to 50 accounts otherwise it'll feel too slow 2014-11-24 18:05:40 +01:00
Régis Hanol
1023191315 FEATURE: roll up function for 123.456.789.* ranges 2014-11-24 17:25:48 +01:00
Sam
1c498eb491 FEATURE: API endpoint for inviting an admin 2014-11-24 15:42:56 +11:00
Sam
490cd6f539 Merge pull request #2989 from jmay/group-admin-incremental
API addition: HTTP PATCH support for /groups/xxx: incremental membership changes
2014-11-24 11:50:51 +11:00
Arpit Jalan
7455e81b31 sort screened IPs by match_count 2014-11-22 01:41:59 +05:30
Arpit Jalan
515882d224 FEATURE: export screened IPs list in a CSV file 2014-11-22 00:59:48 +05:30
Jason W. May
6f8119ebb8 Merge branch 'master' into group-admin-incremental 2014-11-21 10:04:05 -08:00
Jason W. May
98404d19c5 check that changes param is present 2014-11-21 10:03:29 -08:00
Sam
d53b4ab5bc Merge pull request #2979 from techAPJ/patch-1
FEATURE: log out user everywhere and refresh/redirect
2014-11-21 16:59:44 +11:00
Régis Hanol
b8d806ee07 FEATURE: delete all accounts from this IP in the IP lookup modal 2014-11-20 19:59:20 +01:00
Jason W. May
50de22801f API addition: HTTP PATCH support for /groups/xxx: incremental membership changes 2014-11-20 09:29:56 -08:00
Sam
6b10c4dc54 add support for hidden api keys, used in hosting scenarios 2014-11-20 15:38:20 +11:00
Robin Ward
87cd5dbcb7 Merge pull request #2985 from techAPJ/patch-3
remove /download from csv file url
2014-11-19 14:10:34 -05:00
Arpit Jalan
aebf36c356 remove /download from csv file url 2014-11-20 00:34:38 +05:30
Arpit Jalan
c84b51d4ae FEATURE: show exact error for test email 2014-11-19 22:58:59 +05:30
Arpit Jalan
eb9eada894 FEATURE: log out user everywhere and refresh/redirect 2014-11-19 12:34:34 +05:30
Régis Hanol
ec76be964e UX: better footer handling 2014-11-10 21:51:55 +01:00
Régis Hanol
bb2d538194 FEATURE: log impersonations 2014-11-06 10:58:47 +01:00
Robin Ward
fde5e739c9 Work in progress (up till about?) 2014-11-05 12:39:25 -05:00
Régis Hanol
b09ad87098 FIX: add 'show emails' button from moderators in user admin section 2014-11-03 12:46:08 +01:00
Sam
59cc2476a1 Merge pull request #2933 from techAPJ/patch-1
trivial update to allow api endpoint for sync_sso
2014-10-30 21:39:54 +11:00
Arpit Jalan
fb750af659 trivial update to allow api endpoint for sync_sso 2014-10-30 15:30:44 +05:30
Régis Hanol
6e053942a4 FIX: moderators should be able to search users by email 2014-10-29 22:08:41 +01:00
Sam
7d6d8bd0a3 FEATURE: admin end point to sync sso /admin/users/sync_sso
Must be admin to invoke (api is fine too), uses same sso payload nonce is ignored
2014-10-28 11:25:21 +11:00
Régis Hanol
10094a0bcd FIX: resolve flags as good when deleting a spam user 2014-10-20 16:59:06 +02:00
Robin Ward
0cbdf6f5bb FIX: Many bugs with admin badges interface
* Editing a badge's title would show it as changed in the side even if
  you didn't hit save

* Clicking a badge would not scroll to the top

* If there was an error saving a badge there was a missing i18n key

* URLs were using queryParams instead of paths

* User `label` tags for checkboxes for larger click targets

* Saved! text would persist when viewing another badge

* After creating a new badge it would show nothing

* Validation errors were not being properly released to the client

* Query errors were surrounded by an extra array
2014-10-17 16:14:49 -04:00
Robin Ward
2322586131 FIX: Saving a field as not required was actually making it required
until you edited it.
2014-10-14 17:21:34 -04:00
Régis Hanol
5504622c1b rename export/import in favor of backup/restore for better consistency 2014-10-10 20:04:07 +02:00
Robin Ward
f9a8f6d6ce FEATURE: Support for a required setting on user fields. 2014-10-08 15:10:19 -04:00
Régis Hanol
c46b9c0ac3 FIX: allow admins to search users by email 2014-10-07 12:05:38 +02:00
Robin Ward
381814fd5d Adds support for a description to user fields. 2014-10-02 15:56:52 -04:00
Robin Ward
edb34c178a FEATURE: Show user fields when the user is signing up 2014-09-30 10:45:18 -04:00
Sam
0fc6c751cb FEATURE: implement lock/unlock trust level mechanics 2014-09-30 13:16:34 +10:00
riking
bff95a6a97 Rename 'leader' -> 'tl3' 2014-09-30 13:16:34 +10:00
riking
c8111ada6e FEATURE: Allow admins to lock users from TL3 promotion/demotion
Also, update the display logic for the leader promotion screen to
account for the demotion grace period.
2014-09-30 13:15:13 +10:00
Robin Ward
0fc0533134 FEATURE: Admin interface for adding custom fields for users 2014-09-25 16:17:51 -04:00
Robin Ward
bc53d48bd7 Renaming site contents to site text 2014-09-24 16:08:14 -04:00
Sam
9428ad779f FIX: send content length with backups 2014-09-23 09:25:53 +10:00
Régis Hanol
79030c874e FIX: allow staff members to restore withdrawn posts that are flagged 2014-09-09 20:26:40 +02:00
Sam
59d04c0695 Internal renaming of elder,leader,regular,basic to numbers
Changed internals so trust levels are referred to with

TrustLevel[1], TrustLevel[2] etc.

This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
riking
3cf493eb4f FIX: Apply contract checks when first creating a badge 2014-09-02 19:09:51 -07:00
riking
1833b43ae2 FEATURE: Badge query validation, preview results, and EXPLAIN
Upon saving a badge or requesting a badge result preview,
BadgeGranter.contract_checks! will examine the provided badge SQL for
some contractual obligations - namely, the returned columns and use of
trigger parameters.

Saving the badge is wrapped in a transaction to make this easier, by
raising ActiveRecord::Rollback on a detected violation.

On the client, a modal view is added for the badge query sample run
results, named admin-badge-preview.
The preview action is moved up to the route.
The save action, on failure, triggers a 'saveError' action (also in the
route).

The preview action gains a new parameter, 'explain', which will give the
output of an EXPLAIN query for the badge sql, which can be used by forum
admins to estimate the cost of their badge queries.
The preview link is replaced by two links, one which omits (false) and
includes (true) the EXPLAIN query.

The Badge.save() method is amended to propogate errors.

Badge::Trigger gets some utility methods for use in the
BadgeGranter.contract_checks! method.

Additionally, extra checks outside of BadgeGranter.contract_checks! are
added in the preview() method, to cover cases of null granted_at
columns.

An uninitialized variable path is removed in the backfill() method.

TODO - it would be nice to be able to get the actual names of all
columns the provided query returns, so we could give more errors
2014-08-31 11:25:44 -07:00
Régis Hanol
8a20d05ba5 FEATURE: backup without uploads 2014-08-20 18:53:58 +02:00
Sam
8737ffb272 Merge pull request #2658 from akshaymohite/optimization-fixes
Not initializing variable for looping if unused in loop
2014-08-18 14:42:52 +10:00
Sam
baaa3e0f9f FIX: #2664 it should be validates not validate
Thanks @chancancode
2014-08-18 14:40:54 +10:00
Akshay
6301a43d57 Not initializing variable for looping if unused in loop 2014-08-15 03:24:55 +05:30
Arpit Jalan
d0736a06b6 FEATURE: export user list 2014-08-15 01:46:57 +05:30
Régis Hanol
e64d3b8a42 FIX: disagree flag should unhide hidden post 2014-08-11 10:48:00 +02:00
Sam
0b01310c84 FIX: system badges where created under id 100 2014-08-06 10:51:39 +10:00
Régis Hanol
ec30086dea FEATURE: agree all the flags 2014-08-04 22:48:04 +02:00
Sam
5a3466a6c3 FIX: keep correct ordering on admin badges 2014-07-30 08:46:59 +10:00
Robin Ward
ac4a33a656 FIX: Display proper error message when changing a trust level fails 2014-07-29 15:54:20 -04:00
Régis Hanol
bddffa7f9a FEATURE: flag dispositions normalization
All flags should end up in one of the three dispositions
  - Agree
  - Disagree
  - Defer

In the administration area, the *active* flags section displays 4 buttons
  - Agree (hide post + send PM)
  - Disagree
  - Defer
  - Delete

Clicking "Delete" will open a modal that offer to
  - Delete Post & Defer Flags
  - Delete Post & Agree with Flags
  - Delete Spammer (if available)

When the flag has a list associated, the list will now display 1
response and 1 reply and a "show more..." link if there are more in the
conversation. Replying to the conversation will NOT give a disposition.
Moderators must click the buttons that does that.

If someone clicks one buttons, this will add a default moderator message
from that moderator saying what happened.

The *old* flags section now displays the proper dispositions and is
super duper fast (no more N+9999 queries).

FIX: the old list includes deleted topics
FIX: the lists now properly display the topic states (deleted, closed,
archived, hidden, PM)
FIX: flagging a topic that you've already flagged the first post
2014-07-28 19:28:07 +02:00
Sam
1a6aa07611 FEATURE: editable badge groups 2014-07-27 18:22:01 +10:00
Sam
ec03d135fa FEATURE: allow advanced badge options in admin screen
clean up serializer, allow simplistic preview
2014-07-24 18:28:23 +10:00
Sam
b9a7d945c3 Improve badge grouping UI
Start work on triggers
2014-07-23 11:43:17 +10:00
Robin Ward
f06f8abedd Merge pull request #2537 from ligthyear/group-member-management-on-user
Improved Group Member Management on User Administration
2014-07-17 11:00:05 -04:00
Sam
88469721b9 FEATURE: Allow admins to disable specific badges 2014-07-14 17:40:36 +10:00
Benjamin Kampmann
ac3f1ba3d6 Improved Group Member Management on User Administration
Allows for a quick and easy group membership management on the
user-administration page. Uses the select2 UI component to
autosuggest other groups, remove existing ones and lock in automatic
groups.
2014-07-13 20:11:38 +02:00
Régis Hanol
59b5ba7c0f BUGFIX: IP lookup wasn't working when using HTTPS
REFACTOR: the ip locator into a ip-lookup component
2014-07-07 22:18:18 +02:00
Sam
6bbb083d47 FEATURE: support "unlisted" badges. 2014-07-03 17:44:36 +10:00
Vikhyat Korrapati
e0fd1f6f5e Add ability to specify custom font awesome icon for badges. 2014-06-19 16:56:18 +05:30
Sam
56dcd00570 BUGFIX: trust_level_0 group not including trust_level_1
BUGFIX: manual trust level change not adding user to groups
BUGFIX: system not in correct trust level groups
2014-06-17 10:52:02 +10:00
Régis Hanol
0781531e3c Merge pull request #2415 from techAPJ/bulk-invite-users-5
FEATURE: Bulk Invite
2014-06-10 19:11:11 +02:00
Neil Lalonde
c61462662b Add ability to run validation on site settings. notification_email and other email address settings are now validated. 2014-06-09 16:59:20 -04:00
Arpit Jalan
727184641e FEATURE: Bulk Invite 2014-06-09 01:43:39 +05:30
Sam Saffron
d97ceb1d72 FEATURE: log_out endpoint for admins 2014-06-06 13:02:52 +10:00
Sam
9e9c41ac52 FEATURE: admins can clear screend emails if needed 2014-06-02 16:53:00 +10:00
Vikhyat Korrapati
d208e4d517 Multiple grant badges. 2014-05-21 12:54:55 +05:30
Neil Lalonde
c4d3aa3d47 Theming: a UI to choose some base colors that are applied to all the site css. CSS compiled outside of asset pipeline. 2014-05-14 10:18:12 -04:00
Sam
084ec87850 FEATURE: admins can invite users to groups via the web UI 2014-05-09 18:22:36 +10:00
Louis Rose
1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Régis Hanol
11af466737 FEATURE: add a specific flag reason when a post has been hidden 2014-04-30 16:58:01 +02:00
Sam
0fc4c47927 Merge pull request #2295 from vikhyat/badge-system
Titleable badges
2014-04-29 11:26:51 +10:00
Neil Lalonde
1da59e7e2e FIX: deactivated users shouldn't be able to log in 2014-04-28 13:46:28 -04:00
Vikhyat Korrapati
b4e037dfb2 Allow badges to be marked as "titleable". 2014-04-28 10:30:38 +05:30
Neil Lalonde
feaaf55a0c Theming: color scheme editing. Unfinished! Doesn't have any effect on css files yet. 2014-04-24 16:49:12 -04:00
Robin Ward
e48cf06fc9 REFACTOR: Add urls for admin groups, make it more idiomatic ember 2014-04-23 15:15:46 -04:00
Robin Ward
af877781b7 Allow admins to choose if groups are visible or not. 2014-04-22 16:43:46 -04:00
Vikhyat Korrapati
acfcf0b64e Add /badges route that lists all defined badges. 2014-04-16 18:42:06 +05:30
riking
eb90315dfd Strip whitespace from site settings 2014-04-08 01:59:48 -07:00
Vikhyat Korrapati
0f9ea25010 Interface for granting/revoking badges from admin user page. 2014-03-21 11:09:19 +05:30
Sam
fe63db7953 Merge pull request #2115 from vikhyat/badge-system
Initial badge system implementation
2014-03-17 10:06:37 +11:00
Vikhyat Korrapati
9b26c8584e Initial badge system implementation. 2014-03-14 21:49:26 +05:30
Robin Ward
dc1d6decf5 Support for removal of old backups automatically via a site setting 2014-03-12 12:24:35 -04:00
Neil Lalonde
b40313559b FIX: moderators should not be able to see site setting changes in the staff action logs. Fixes #2027 2014-02-28 16:30:54 -05:00
Régis Hanol
ca9f6e9137 BUGFIX: couldn't upload backup on OSX
--B is not a valid df option on OSX
2014-02-28 15:43:50 +01:00
Régis Hanol
70ca6171d1 BUGFIX: fix math & unit when checking disk space 2014-02-27 16:55:12 +01:00
Régis Hanol
043901ef46 FEATURE: warn the user when there is not enough space on disk to upload a backup 2014-02-26 19:38:06 +01:00
Régis Hanol
68a935c36b FEATURE: upload backups 2014-02-22 01:41:01 +01:00
Régis Hanol
683bf8c0a4 FEATURE: add all email logs tab 2014-02-15 01:17:13 +01:00
Régis Hanol
3f3c9ca7cb FEATURE: add filters on email logs 2014-02-15 00:50:08 +01:00
Neil Lalonde
35dae76bbd Log when and why an email was not sent in email_logs 2014-02-14 13:06:39 -05:00
Sam
177371fb69 do a full GC prior to getting stats 2014-02-14 16:10:26 +11:00
Sam
b75620973f FEATURE: memory stats route for diagnostics in admin 2014-02-14 15:45:12 +11:00
Régis Hanol
b89d328de2 display/preload the logs of the last/current operation 2014-02-13 13:31:14 -08:00
Régis Hanol
3be1b5569a backups controller & specs 2014-02-13 13:31:13 -08:00
Régis Hanol
8344f0d8fd remove old import/export code 2014-02-13 13:31:13 -08:00
Robin Ward
b61df08d1b FEATURE: Admin selector to choose a primary group for a user, display it
and apply a CSS class to their posts.
2014-02-10 17:00:15 -05:00
Robin Ward
3b1ef6ebc9 Work in progress: Groups Page 2014-02-07 10:44:51 -05:00
Sam
93434be16d SECURITY: reduce moderator rights
You can now hide particular categories from certain moderators
2014-02-07 14:11:52 +11:00
Neil Lalonde
74f1c553e3 FIX: 1868 Security: Dangerous Send 2014-01-27 13:05:51 -05:00
Neil Lalonde
90e195b2e7 More work on trust level 3 requirements page 2014-01-24 11:56:46 -05:00
Sam
2b64118df1 Merge pull request #1782 from ligthyear/group-mention
Allow groups to be used as aliases for user mentions
2014-01-12 14:36:45 -08:00
Robin Ward
852d110f35 Test email is now synchronous and ignores sidekiq queue. 2014-01-09 15:25:25 -05:00
Benjamin Kampmann
c743a985a4 Allow groups to be used as aliases for user mention
when configured by the admin a group can be found through the @mentions
feature in both the compose/reply and the private message user-selectors
and once selected the mention will be replaced by the list of users in
the group
2014-01-08 02:36:24 +11:00
Régis Hanol
8d73b7f94d BUGFIX: hide sensitive site settings 2014-01-06 13:03:53 +01:00
Robin Ward
8c8645f158 FIX: Code and Emoticon formatting in HTML emails. 2013-11-28 17:21:14 -05:00
Sam
8339337cd1 strip out docker stuff, put into a plugin 2013-11-13 17:42:31 +11:00
Régis Hanol
e9f9d22482 add query parameter to temporarily disable customization 2013-11-12 18:14:22 +01:00
Sam
932c2675a7 work in progress, admin page for upgrades (provides source lives in git) 2013-11-12 16:42:35 +11:00
Neil Lalonde
0c6f794eb0 Used the term suspended instead of banned. 2013-11-07 13:53:49 -05:00
Neil Lalonde
9c91ddd854 Should have put order on the screened urls results 2013-11-04 16:31:31 -05:00
Neil Lalonde
bd9b85f076 Screened Urls page shows results for each domain instead of each url 2013-11-04 16:24:48 -05:00
Neil Lalonde
92a0729937 When banning a user, a reason can be provided. The user will see this reason when trying to log in. Also log bans and unbans in the staff action logs. 2013-11-01 10:47:26 -04:00
Neil Lalonde
017efdece5 A form to add ip addresses to be blocked or whitelisted 2013-10-24 17:19:10 -04:00
Sam
738a25b732 fix failure in rails 4 mode 2013-10-24 13:40:18 +11:00
Neil Lalonde
bf06014a16 Order by creation time by default in screened ip addresses table 2013-10-23 13:01:50 -04:00
Robin Ward
348e2e3ef2 Support for per-user API keys 2013-10-22 17:34:39 -04:00
Neil Lalonde
7d582fbee3 Screened ip address can be edited, deleted, and changed to allow or block. 2013-10-22 16:30:46 -04:00
Neil Lalonde
648b11a0eb Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address. 2013-10-21 14:50:18 -04:00
Neil Lalonde
13f17b2a5c Add ability to customize css and header for mobile 2013-09-16 12:28:02 -04:00
Neil Lalonde
e8ef55c446 Rename StaffActionLog to UserHistory 2013-09-10 22:01:20 -04:00
Neil Lalonde
47add6da70 Log when a site customization is deleted 2013-08-21 12:33:24 -04:00
Neil Lalonde
a95303fcd8 Log site customization changes. Use a modal to show staff action log details for site customizations. 2013-08-21 12:33:24 -04:00
Neil Lalonde
3abeb5f793 Staff action logs can be filtered to changes of one site setting 2013-08-20 13:50:51 -04:00
Neil Lalonde
1d030666d8 Log site setting changes and show in admin 2013-08-19 16:58:38 -04:00
Sam
a9393e4a7a paging for flag list
corrected reload behavior on flag list
refactored post actions ... extracted flag queries
2013-08-19 21:14:26 +10:00
Neil Lalonde
b6285b85d2 Add reject option to pending users page 2013-08-16 11:42:43 -04:00
Neil Lalonde
293361dcd3 Screened URLs list in admin 2013-08-15 10:52:26 -04:00
Neil Lalonde
86647f0a54 Add ScreenedUrl. Rename BlockedEmail to ScreenedEmail. 2013-08-14 16:08:23 -04:00
Neil Lalonde
bb492eb8bf Add filtering to staff logs page 2013-08-09 16:59:05 -04:00
Neil Lalonde
90a3bcf6ff Add filter by action to staff logs page 2013-08-09 10:06:59 -04:00
Neil Lalonde
33bddbff85 Use Ember.ListView for staff action logs page 2013-08-09 10:06:58 -04:00
Neil Lalonde
0d44313a4b Use Ember.ListView for blocked emails list 2013-08-09 10:06:58 -04:00
Neil Lalonde
5c8c52482a Add a way to view staff action logs in admin 2013-08-07 16:27:34 -04:00
Neil Lalonde
d2fb6ec53f Blocked Emails list in admin 2013-08-07 16:27:34 -04:00
Neil Lalonde
98b58150bb Dashboard calculations are done with an async job now 2013-08-02 18:32:33 -04:00
Neil Lalonde
06140740d0 Version checks: tolerate old version check data that can happen immediately after upgrading but forgetting to restart sidekiq/clockwork. Don't cache version check data along with other dashboard data. 2013-07-30 12:12:04 -04:00
Neil Lalonde
4fd5087f91 Add button to delete a spammer in the flag modal
Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI
Moderators can delete users too
2013-07-29 15:29:44 -04:00
Neil Lalonde
e076158789 Add ip_address, email, and context to staff_action_logs table. Context should usually be the url from which the staff member performed the action, but could be any string that describes what the staff member was doing when the action was performed. 2013-07-29 15:29:43 -04:00
Neil Lalonde
5f3e9131ed Deleting a user from admin user page has the option to also block signups from the same email address 2013-07-29 15:29:43 -04:00
Neil Lalonde
e25638dab0 add a way to delete posts and topics when deleting a user with UserDestroyer 2013-07-29 15:29:43 -04:00
Neil Lalonde
a8df9778b5 Rename AdminLog to StaffActionLog 2013-07-29 15:29:43 -04:00
Michael Campagnaro
aa7e96c0fa Fix auto-group refresh response so that ajax callback runs 2013-07-26 19:47:32 -04:00
Sam
880dd53f48 Merge pull request #1249 from sir-pinecone/strip-spaces-from-group
Strip spaces from group names upon creation
2013-07-24 00:15:53 -07:00
Michael Campagnaro
867ce0310c display group validation errors in alert modal 2013-07-24 00:42:44 -04:00
Michael Campagnaro
b223cdb493 Strip spaces from group names upon creation 2013-07-24 00:00:17 -04:00
Sam
9ac6c6e2e9 Merge pull request #1233 from sir-pinecone/improve-group-deletion
Add confirmation modal to admin group deletion
2013-07-23 00:43:06 -07:00
Stephan Kaag
0e3b8fbb24 Remove some calls to all. They are not required, and Rails4 raises warnings about them. 2013-07-22 20:44:11 +02:00
Michael Campagnaro
9616767bff Add confirmation modal to admin group deletion 2013-07-22 02:48:23 -04:00
Navin
d77ce23de2 Log all changes of user trust level by an admin 2013-07-08 11:53:22 +02:00
Sam
91238af6f1 correct failing specs 2013-07-08 12:25:38 +10:00
Navin
3da37506da Back end - temporary boosting of trust levels 2013-07-03 10:30:40 +02:00
Neil Lalonde
075ed1ab53 Refactor user blocking code; hide the Block button in admin 2013-07-02 14:42:53 -04:00
Robin Ward
89f182899f Support for custom Privacy Policies 2013-06-26 10:59:36 -04:00
Robin Ward
8e6a903f9b Merge pull request #1046 from house9/admin-user-index-2
extract Admin::UsersController#index to its own query class
2013-06-20 07:52:22 -07:00
Sam
4a8a663a67 flagging workflow changes per http://meta.discourse.org/t/we-need-an-archive-flag-notification-button/7450 2013-06-20 17:42:15 +10:00
Jesse House
e0ff74ead0 extract Admin::UsersController#index to its own query class
- move query to its own class
- use postgres ILIKE case insensitive
- removed duplicated list of trust levels
2013-06-19 13:48:45 -07:00
Sam
799b402778 fix horribly broken invite code, could lead to inviting the wrong person to a conversation 2013-06-19 10:31:19 +10:00
Sam
80c03b7b1e case sensitive where it should not be 2013-06-17 15:47:18 +10:00
Sam
0052e78bfe render error when people attempt to save an invalid group name
hide controls when we showing an automatic group
2013-06-17 13:43:06 +10:00
Sam
b97d186cb5 automatic groups should not allow you to muck with the listed users in the group 2013-06-17 12:54:25 +10:00
Sam
dbfd40da84 order group member by username, bump up max count to 200 for now 2013-06-17 12:02:48 +10:00
Chris Hunt
a362d62b42 Do not return mail password in EmailController 2013-06-11 16:00:13 -07:00
Neil Lalonde
82b5f57e40 Make it possible to set a site setting to empty string 2013-06-11 14:31:38 -04:00
Robin Ward
93bbe190c0 Moved Email components into a module 2013-06-10 15:34:10 -04:00
Robin Ward
8f32aed944 Only use HTML templates for the digest email. 2013-06-06 15:08:56 -04:00
Ian Christian Myers
0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Robin Ward
0b97ea6345 Better HTML emails, smarter email digests, new email section in admin with digest preview 2013-06-05 17:47:25 -04:00
Neil Lalonde
2259e97d42 Add a count of blocked users on the dashboard 2013-06-04 11:53:19 -04:00
Neil Lalonde
c4904aacc0 Automatically flag someone as a spammer if their posts get at least X spam flags from N users while their trust level is 'new user'. Staff can clear and set this status from the user record in admin. 2013-06-03 16:37:40 -04:00
Robin Ward
830b93a16b Reduced complexity of admin flags controller, split up into methods, moved reports into model. 2013-05-29 16:49:34 -04:00
Robin Ward
3037e9adf6 FIX: Clearing flags wasn't making topics visible again. 2013-05-24 16:03:20 -04:00
Neil Lalonde
21b4b8d5d5 Expire dashboard data when you upgrade to a new discourse version. Version check data was being cached and causing confusion to people who upgraded. 2013-05-14 16:17:25 -04:00
Sam
a27046bacd fix cache hole 2013-05-13 11:09:03 +10:00
Sam
5280b3a01b more group progress, UI getting there, controller mostly done
changed it so notify moderators goes to the moderators group
allow admins to grant self moderation and revoke self moderation
2013-05-09 17:37:34 +10:00
Sam
0f0fd281a8 group progress, never email banned users 2013-05-09 11:34:58 +10:00
Neil Lalonde
f35a44aeae Add ability for admins and mods to send another activation email to a user, to activate an account, and deactivate an account 2013-05-08 10:10:47 -04:00
Sam
6b536dcde5 work in progress ... groups 2013-05-08 15:20:38 +10:00
Sam
be1ab8b275 automatic group infrustructure 2013-05-06 14:49:56 +10:00
Sam
5ec52bd2e9 :s/moderator?/staff/g ... our naming was kind of crazy, renamed moderator? to staff 2013-05-02 17:22:27 +10:00
Sam
65cd00cf25 moderators now have teeth, more at http://meta.discourse.org/t/moderator-permission-set/6307/5
allow pms to be targetted at groups
2013-05-02 15:15:53 +10:00
Neil Lalonde
06e5083950 Dashboard links to list of admins and moderators; Move a bunch of ember routes into one file: admin_users_list_routes.js 2013-04-23 12:07:58 -04:00
Neil Lalonde
fe1b979c65 Admin Dashboard: click numbers in Users per Trust Level table to see a list of the users 2013-04-23 10:41:40 -04:00
Sam
4cea92c4e9 work in progress add support for groups 2013-04-19 10:34:39 +10:00
Sam
2bdb53261b don't treat notify user as a flag 2013-04-15 13:09:52 +10:00
Neil Lalonde
651cfba93f Add ability to destroy a user with 0 posts 2013-04-12 16:53:00 -04:00
Régis Hanol
41b7f741d0 extract hard-coded strings 2013-04-07 18:14:50 +02:00
Sam
a2cca2540e some minimal site settings diags
fix issue where days_visited was totally out of sync
2013-04-05 17:47:54 +11:00
Robin Ward
fa1ba6791b Work in Progress: Content Editing in Admin Section 2013-04-04 17:26:22 -04:00
Neil Lalonde
25073e873f Fetch the list of problems more frequently on the admin dashboard 2013-03-29 15:48:26 -04:00
Sam
c57ec611e1 basic api support 2013-03-25 18:04:46 -07:00
buddhamagnet
baef69d08c add render nothing to refresh_browsers method 2013-03-23 21:37:37 +00:00
Sarah Vessels
54c7b1ab63 Use consistent new-style hashes in render calls *twitch* 2013-03-22 14:08:11 -04:00
Neil Lalonde
c3c25b894a Cache dashboard data in the controller, not the report model 2013-03-20 13:54:32 -04:00
Neil Lalonde
1e4dd3ea0c Start detecting install problems and report them on the admin dashboard. This commit adds check for Rails.env 2013-03-20 12:00:52 -04:00
Sam
62c60540be pull moderator into own column, rename trust levels 2013-03-19 21:06:11 -07:00
Neil Lalonde
50b04b2209 Add email counts to admin dashboard 2013-03-18 10:08:09 -04:00
Neil Lalonde
6a99d12784 Add likes to admin dashboard 2013-03-18 10:08:08 -04:00
Neil Lalonde
d9cdde9aa7 Add user counts for each trust level to admin dashboard 2013-03-15 18:09:02 -04:00
Neil Lalonde
8983df9856 Show current user count for now, not at different points in time 2013-03-15 18:09:01 -04:00
Neil Lalonde
6c4d9ecfdc Use one request to fetch dashboard report data and check version 2013-03-14 18:26:26 -04:00
Alexander
c4f1cb0d7b Raise 404 from Admin::UsersController#show if no user found
[Fixes #353]
2013-03-05 14:02:23 -08:00
Régis Hanol
239cbd2d58 enforce coding convention
replaced every `and` by `&&` and every `or` by `||`
2013-03-05 01:42:44 +01:00
Gosha Arinich
0c99dea153 introduce Enum 2013-03-01 21:16:36 +03:00
Robin Ward
dc8e1196fd Code to support EmberJS + Discourse Tutorial feature: Admin Reports 2013-02-27 22:40:36 -05:00
Gosha Arinich
12d664a610 refactor Topic
* move finding by username/email to User
* make SiteSetting return a range of possible post title lengths
* remove unnecessary conditions
2013-02-26 19:27:59 +03:00
Neil Lalonde
c0371ff427 Add version checking that shows on the admin dashboard 2013-02-19 15:20:49 -05:00
Neil Lalonde
39eab7c425 Replace mentions of mothership with discourse_hub 2013-02-14 12:57:26 -05:00
Ismael Abreu
80bec6efc9 Adds grant and revoke moderation buttons so admins can make users moderators 2013-02-14 01:12:23 +00:00
Sam Saffron
8250586306 add to_date so its more explicit 2013-02-11 09:11:02 +11:00
Kuba Brecka
d0c1d94918 fix user listing and search on non-US locale 2013-02-10 12:18:11 +01:00
Jakub Arnold
61654ab8f0 Fix all the trailing whitespace 2013-02-07 16:45:24 +01:00
Sam Saffron
85973ce6b0 added delete all posts button
wired up the ability to enable all themes
2013-02-07 18:11:56 +11:00
Sam Saffron
7cdf1266ad remove unused var 2013-02-07 12:32:29 +11:00
Sam Saffron
6f2f7b0589 flagging work, we should be clearing from the mod menu if a topic or post is deleted 2013-02-06 12:13:41 +11:00
Robin Ward
21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00