Robin Ward
a5172a37e0
Allow staff members to enable safe mode, even if disabled
2018-04-25 11:49:57 -04:00
Neil Lalonde
f6cfff3cea
UX: user preferences allows users to choose which title to use from their badges and groups
2018-04-06 14:34:36 -04:00
Arpit Jalan
a8149f8969
FIX: user should not be able to invite to PM if trust level requirment not met
...
FIX: when personal messages are disabled let user invite to a public topic
2018-03-08 14:59:04 +05:30
Vinoth Kannan
7cbda949f1
REFACTOR: New spec tests and code improvement
2018-02-22 20:27:02 +05:30
Vinoth Kannan
84ce1acfef
FEATURE: Allow staffs to tag PMs
2018-02-21 20:11:46 +05:30
Arpit Jalan
7e48c47d37
rename 'enable_private_email_messages' to 'enable_personal_email_messages'
2018-02-01 13:25:29 +05:30
Arpit Jalan
ff0376a80b
rename 'enable_private_messages' to 'enable_personal_messages'
2018-02-01 13:25:29 +05:30
Sam
650ec9c73f
minor test the developer cache first before digging into email
2018-01-17 15:50:41 +11:00
Guo Xiang Tan
f2565f6c7e
SECURITY: Any group can be invited into a PM.
2017-12-14 14:57:48 +08:00
Robin Ward
1f14350220
Rename "Blocked" to "Silenced"
2017-11-10 14:10:27 -05:00
Neil Lalonde
4452d67a23
Revert "FIX: TL0 users' messages to moderators were not being posted when flagging private messages"
2017-10-23 18:17:53 -04:00
Guo Xiang Tan
79de10b212
FEATURE: Allow users to disable new PMs.
...
https://meta.discourse.org/t/is-it-possible-to-disable-private-messaging-for-a-specific-user/46391
2017-10-19 12:32:55 +08:00
Neil Lalonde
b124e5f19f
FIX: TL0 users' messages to moderators were not being posted when flagging private messages
2017-10-13 11:55:49 -04:00
Robin Ward
db929e58fc
FIX: Don't allow staff to approve users with unverified emails
2017-09-04 12:55:39 -04:00
Bianca Nenciu
bb3a5910d7
Support for sending PMs to email addresses ( #4988 )
...
* Added support for sending PMs to email addresses.
* Made changes after review.
* Added settings validator.
* Fixed tests.
2017-08-28 12:07:30 -04:00
Guo Xiang Tan
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
Guo Xiang Tan
2a17f1ccd7
FIX: Group owners should be able to invite users to their groups.
...
https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12
2017-07-21 23:48:25 +09:00
Robin Ward
f1a6449e4b
SECURITY: Remove disposable invite feature
2017-07-07 20:24:39 -04:00
Arpit Jalan
c243861b17
FIX: do not show "Send Activation Email" button if must_approve_users
setting is enabled
...
https://meta.discourse.org/t/error-when-pressing-send-activitation-email-when-must-approve-users-setting-is-enabled/65408
2017-07-04 14:00:50 +05:30
Sam
845170bd6b
FEATURE: add support for group visibility level
...
There are 4 visibility levels
- public (default)
- members only
- staff
- owners
Note, admins and group owners ALWAYS have visibility to groups
Migration treated old "non public" as "members only"
2017-07-03 15:26:57 -04:00
Arpit Jalan
e7b9b1312e
FEATURE: remove all invites
...
https://meta.discourse.org/t/remove-all-invitations-button-for-the-admin-panel/65207
2017-06-29 22:30:10 +05:30
Robin Ward
908433a7a0
SECURITY: Validate the entity
when downloading a CSV
2017-05-19 16:00:51 -04:00
Robin Ward
28f486cb7a
FIX: Regular users shouldn't be able to invite to PMs if disabled
2017-05-19 12:57:21 -04:00
Arpit Jalan
5d9d2cf287
FIX: do not explicitly show email of flagger / flagged user
2017-04-20 22:09:30 +05:30
David Taylor
96f2335c09
FIX: Corrects typo to avoid error 500 on theme change
2017-04-15 01:21:53 +01:00
Sam
def7348777
FIX: display custom sections with default theme
...
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
Arpit Jalan
213a496203
FIX: show all staff events related to the target user
2017-02-22 13:31:40 +05:30
Arpit Jalan
b32f33b3f0
FIX: allow staff members to send PMs when enable_private_messages is disabled
2017-02-22 11:32:09 +05:30
Arpit Jalan
046cbad10b
FEATURE: add a button on admin user page that links to action log
2017-02-21 21:38:37 +05:30
Arpit Jalan
dc2171960b
FIX: allow existing users to be invited to topic/message when must_approve_users is enabled
2017-02-03 13:01:23 +05:30
Guo Xiang Tan
c7b151683d
FIX: Do not allow admins to meddle with admin and moderation access of non real users.
2016-12-29 11:11:33 +08:00
Sam
ab68e0c9db
FEATURE: allow "developer" account flagging via developers table
...
This mechanism for flagging developer accounts will eventually replace
DISCOURSE_DEVELOPER_EMAILS
2016-07-28 10:14:06 +10:00
Sam
d61df21d69
FEATURE: allow people to send messages to themselves (for notes etc)
2016-07-04 11:36:43 +10:00
Régis Hanol
800081f606
FIX: staged users weren't able to reply in restricted categories
2016-06-26 19:25:45 +02:00
Guo Xiang Tan
dfdc54957c
FIX: A blocked user should not be able to moderate anything.
2016-06-20 15:51:26 +08:00
Arpit Jalan
b1a94049e0
FIX: only staff can access 'resend all invites' feature
2016-06-07 10:57:08 +05:30
Neil Lalonde
f3f6c2f98f
FEATURE: tag groups
2016-06-06 14:18:48 -04:00
Arpit Jalan
22d7ea1192
FIX: user can't export entity unless they are logged in
2016-05-05 19:12:37 +05:30
Neil Lalonde
e5918c7d00
FEATURE: Merge tagging plugin into core
2016-04-27 11:58:53 -04:00
Robin Ward
de82bd946d
FIX: Group members should be able to see their groups even if private
2016-04-26 14:17:53 -04:00
Régis Hanol
415efd0f5b
FIX: staged user doesn't get notified for replies in topics they created in secured categories
2016-02-24 11:30:17 +01:00
Neil Lalonde
685ba1eb7f
FEATURE: blocked users can send and reply to private messages from staff
2016-01-22 12:54:24 -05:00
Arpit Jalan
9f8d6b6088
FIX: allow exisiting users to be invited to topic/message when enable_local_logins is disabled
2015-10-30 11:28:05 +05:30
Sam
e29fe77b45
FEATURE: make trust level for message sending configurable
...
- add min_trust_to_send_messages site setting (default 1) to allow admins
to configure when messages can be sent between members
2015-10-12 11:15:48 +11:00
Arpit Jalan
4d593d1c18
FIX: staff should be immune to max_invites_per_day setting
2015-06-05 10:22:41 +05:30
Sam
dd91d5b02f
FEATURE: disable invites by setting max_invites_per_day to 0
2015-05-19 16:51:21 +10:00
Arpit Jalan
d491d4f997
FEATURE: invite existing users to private topic
2015-04-16 00:52:54 +05:30
Régis Hanol
23e8e1b6c1
Merge pull request #3303 from riking/patch-6
...
FIX: Don't fail topic auto-close if privledges are lost
2015-04-06 11:12:37 +02:00
Arpit Jalan
e8dd5592c6
FEATURE: support inviting existing users to topic and message when SSO is enabled
2015-04-05 14:31:35 +05:30
riking
03b971c3e3
FIX: Don't fail topic auto-close if privledges are lost
2015-03-27 15:31:04 -07:00
Sam
1601211617
Revert "FEATURE: allow end users to opt out of getting any private messages"
...
This reverts commit 229ecc4f8a
.
2015-03-23 17:21:58 +11:00
Sam
229ecc4f8a
FEATURE: allow end users to opt out of getting any private messages
2015-03-23 15:50:45 +11:00
Jason W. May
0f36774246
group manager can invite members into the group from any restricted topic
2015-03-03 12:18:42 -08:00
Jason W. May
a2b284a0a4
table & model changes for group managers with permission to edit membership
2015-01-15 11:44:42 -08:00
Arpit Jalan
78537aad39
FIX: rate limit user posts export
2014-12-31 00:54:23 +05:30
Arpit Jalan
bb152a5b3f
FEATURE: download user posts archive
2014-12-24 15:13:48 +05:30
Régis Hanol
b09ad87098
FIX: add 'show emails' button from moderators in user admin section
2014-11-03 12:46:08 +01:00
Régis Hanol
e7f251c105
LOTS of changes to properly handle post/topic revisions
...
FIX: history revision can now properly be hidden
FIX: PostRevision serializer is now entirely dynamic to properly handle
hidden revisions
FIX: default history modal to "side by side" view on mobile
FIX: properly hiden which revision has been hidden
UX: inline category/user/wiki/post_type changes with the revision
details
FEATURE: new '/posts/:post_id/revisions/latest' endpoint to retrieve
latest revision
UX: do not show the hide/show revision button on mobile (no room for
them)
UX: remove CSS transitions on the buttons in the history modal
FIX: PostRevisor now handles all the changes that might create new
revisions
FIX: PostRevision.ensure_consistency! was wrong due to off by 1
mistake...
refactored topic's callbacks for better readability
extracted 'PostRevisionGuardian'
2014-10-27 22:06:43 +01:00
Sam
59d04c0695
Internal renaming of elder,leader,regular,basic to numbers
...
Changed internals so trust levels are referred to with
TrustLevel[1], TrustLevel[2] etc.
This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
riking
ee812eb447
FIX: Do not perform grants if badges are disabled
2014-09-02 13:12:27 -07:00
Arpit Jalan
f571abfaaf
FEATURE: allow staff to send multiple invites to same email
2014-07-30 00:13:11 +05:30
Arpit Jalan
575b5e3d13
FEATURE: disposable invite tokens
2014-07-14 21:30:46 +05:30
Sam
d99a9b6735
FIX: invite security check broke PM viewing for all admins
2014-07-05 16:56:26 +10:00
Arpit Jalan
48f86181bf
REFACTOR: move all conditions to guardian
2014-07-04 23:04:19 +05:30
Neil Lalonde
4f523ae1b9
Don't allow invites if local logins are disabled, since it provides a way to bypass external auth
2014-06-18 16:46:20 -04:00
Arpit Jalan
727184641e
FEATURE: Bulk Invite
2014-06-09 01:43:39 +05:30
Régis Hanol
fca6738212
BUGFIX: could not see the revisions of a post in a deleted topic
2014-05-12 16:30:10 +02:00
Sam
084ec87850
FEATURE: admins can invite users to groups via the web UI
2014-05-09 18:22:36 +10:00
Sam
3f07c1d0a1
Backend support for group invites
2014-05-09 18:22:35 +10:00
Neil Lalonde
f44bd4ec28
Don't allow sending private messages to suspended users. Emails to suspended users should tell them how to respond, since they can't.
2014-05-06 15:01:27 -04:00
Neil Lalonde
1da59e7e2e
FIX: deactivated users shouldn't be able to log in
2014-04-28 13:46:28 -04:00
Neil Lalonde
7993c27ce5
Also allow system_user to send pm's even if enable_private_messages is disabled
2014-04-25 14:52:57 -04:00
Neil Lalonde
ee8bbadfe8
Allow contact user to send private messages even if enable_private_messages is false
2014-04-23 17:00:22 -04:00
Robin Ward
84da39f5dc
FIX: Admins should always be able to see groups so they can edit them.
2014-04-23 15:15:46 -04:00
Robin Ward
af877781b7
Allow admins to choose if groups are visible or not.
2014-04-22 16:43:46 -04:00
Sam
25860622b7
BUGFIX: if SSO is enabled invite system is disabled
2014-04-22 09:17:37 +10:00
Thomas Cioppettini
38882eb1a7
Remove threequals from ruby files
2014-03-26 12:20:41 -07:00
Robin Ward
539890afdf
Let's not show tons of extra information about invites unless you're the
...
person who invited them.
2014-03-21 14:16:11 -04:00
Neil Lalonde
2c725e2779
FEATURE: Trust level 4 abilities: pin/unpin, close, archive, make invisible, split/merge topic
2014-03-17 14:50:28 -04:00
Vikhyat Korrapati
9b26c8584e
Initial badge system implementation.
2014-03-14 21:49:26 +05:30
Régis Hanol
831ad524e6
added some comments
2014-02-13 13:31:13 -08:00
Neil Lalonde
8711762143
Users who have made no more than one post can delete their own accounts from their user preferences page.
2014-02-13 13:52:06 -05:00
Robin Ward
b61df08d1b
FEATURE: Admin selector to choose a primary group for a user, display it
...
and apply a CSS class to their posts.
2014-02-10 17:00:15 -05:00
Sam
d9c05fcfc8
SECURITY: dissalow mods from seeing PMs
2014-02-07 14:24:19 +11:00
Régis Hanol
4fb274fb9d
BUGFIX: history link doesn't work on deleted posts
2014-02-04 20:05:50 +01:00
Neil Lalonde
7c8ea8c166
Trust level 3 users can edit topic titles and change category
2014-01-16 11:59:26 -05:00
Patrick
ffb29dea77
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter
...
Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-10 21:22:54 -06:00
Neil Lalonde
259295d865
Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year.
2014-01-09 11:55:04 -05:00
verg
8a830fb8e3
Prevent deleting 'uncategorized' category
2013-12-31 11:22:44 -06:00
Régis Hanol
06dd7ffe3c
better revision history
2013-12-12 03:41:34 +01:00
Robin Ward
309904ef8f
Revert "Merge pull request #1673 from aperrault/patch-04"
...
This reverts commit c9ea89bdd3
, reversing
changes made to 9ed49888fc
.
2013-11-19 14:08:45 -05:00
Autumn Perrault
d9c026bec5
Fixing neglect to determine whether a user has the permission to create a topic on a category (besides being able to create a post) in ListController, TopicList, and TopicListSerializer causing the "Create Topic" button to appear even if a user cannot actually create a topic in that category but can reply to a topic therein.
2013-11-19 05:09:58 -07:00
Neil Lalonde
0c6f794eb0
Used the term suspended instead of banned.
2013-11-07 13:53:49 -05:00
Robin Ward
de30af9302
Support for inviting to a forum from a user's invite page.
2013-11-06 12:56:50 -05:00
Neil Lalonde
4e46d91b8d
Refactor SpamRulesEnforcer so that each spam rule is in its own class
2013-10-25 13:25:02 -04:00
Sam
e18b93026a
defer view creation on so updates are not performed when people navigate to topics
2013-10-07 15:04:59 +11:00
Sam
5bf26ec34e
large refactor, ship a few columns from the user table into user_stats
2013-10-07 15:04:59 +11:00
Matthieu Guillemot
3ba1f20674
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-14 21:34:21 +09:00
Sam
36f8c9c45b
improve logic and performance on front page to avoid massive query
2013-09-10 16:02:54 +10:00
Sam
41a1b6942d
notify moderators now goes to the "community" user, that saves our poor mods from a flood of pms
...
if any staff respond to a pm they are automatically added to the list of recipients and will start
getting email notifications
2013-09-06 14:07:23 +10:00
Sam
5b08f73561
give god rights of impersonation to developers, must be edited into the production.rb config file
2013-09-05 10:27:34 +10:00
Neil Lalonde
b47eedba00
Add min_trust_to_create_topic setting to require a certain trust level before users can start new topics
2013-09-03 19:12:22 -04:00
Neil Lalonde
663adde90e
Users can change their own username at any time if they have no posts
2013-08-23 11:23:00 -04:00
Giuseppe Capizzi
eaede108c7
Remove duplication from Guardian
2013-08-16 14:24:29 +02:00
Neil Lalonde
b8a1e21dbd
Delete all posts is allowed for the same amount of time as delete user
2013-08-13 11:11:05 -04:00
Neil Lalonde
b36c6d7b78
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:55:09 -04:00
Neil Lalonde
4fd5087f91
Add button to delete a spammer in the flag modal
...
Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI
Moderators can delete users too
2013-07-29 15:29:44 -04:00
Neil Lalonde
e25638dab0
add a way to delete posts and topics when deleting a user with UserDestroyer
2013-07-29 15:29:43 -04:00
Sam
7b1f9928e4
staff can change trust levels
2013-07-23 09:13:48 +10:00
Sam
1f3c5cb656
allow end user to recover a post they delete
...
automatically delete stubs after 1 day
2013-07-22 17:48:47 +10:00
Sam
352ac9e60c
Finalize read only and post only categories, finished off UI work
2013-07-16 15:46:11 +10:00
Sam
ecf17cfebb
work in progress, add fidelity to category group permissions (full, create posts, readonly)
2013-07-16 15:46:11 +10:00
Robin Ward
6ca5df0a09
Can recover deleted topics. Deleted topics show the first post as deleted in the UI.
2013-07-12 12:09:17 -04:00
Robin Ward
19c169540c
Staff can enter and view deleted topics
2013-07-11 16:39:35 -04:00
Neil Lalonde
7977deb3bf
Don't allow editing of title and category of an archived topic
2013-07-09 16:54:46 -04:00
Navin
3da37506da
Back end - temporary boosting of trust levels
2013-07-03 10:30:40 +02:00
Neil Lalonde
b2d300fe0b
Add ability to give users a title. Show them under usernames beside posts. Needs love from a designer.
2013-06-25 18:39:20 -04:00
Sam
e53aa45f54
I think this is more correct, admins/mods should always be able to invite
2013-06-21 16:35:27 +10:00
Sam
80c42753e1
fix up find as you type for the invite into PM function
...
allow mods to remove users from a PM
2013-06-18 17:17:01 +10:00
Neil Lalonde
c4904aacc0
Automatically flag someone as a spammer if their posts get at least X spam flags from N users while their trust level is 'new user'. Staff can clear and set this status from the user record in admin.
2013-06-03 16:37:40 -04:00
Matt Van Horn
e5e904aa4e
minor refactorings
2013-05-24 13:36:33 -07:00
Matt Van Horn
872995db57
refactor guardian class for clarity & correctness
...
introduce NullUser to avoid type-checking
DRY up code
reduce number of multiple returns
remove some redundant/impossible logic branches
add pending test for possible bug
add test & fix for ability to flag archived posts
add #secure_category? method to topic class
Fix bug that prevented flagging of archived topics
Rename NullUser to AnonymousUser
DRY up can_<action>? methods
Fix some ownership logic, and a test, for Guardian
2013-05-22 01:09:34 -07:00
Sam
b5eff93a9d
update message bus to support per client filtering
...
start work on user_tracking_state
fix can_ban? in guardian
expose protected scopes on topic_query we need
move guardian spec to use build as opposed to creating topics / posts / users
start work on user tracking spec
2013-05-21 16:39:51 +10:00
Sam
b6bf95e741
speed up startup (avoid loading some gems on startup)
...
correct group permission leaks
add Discourse.cache for richer caching support
2013-05-13 18:04:03 +10:00
Sam
5280b3a01b
more group progress, UI getting there, controller mostly done
...
changed it so notify moderators goes to the moderators group
allow admins to grant self moderation and revoke self moderation
2013-05-09 17:37:34 +10:00
Neil Lalonde
f35a44aeae
Add ability for admins and mods to send another activation email to a user, to activate an account, and deactivate an account
2013-05-08 10:10:47 -04:00
Sam
3eab0be4a8
deleting posts as an admin was bust
2013-05-03 17:56:23 +10:00
Sam
5ec52bd2e9
:s/moderator?/staff/g ... our naming was kind of crazy, renamed moderator? to staff
2013-05-02 17:22:27 +10:00
Sam
65cd00cf25
moderators now have teeth, more at http://meta.discourse.org/t/moderator-permission-set/6307/5
...
allow pms to be targetted at groups
2013-05-02 15:15:53 +10:00
Sam
5cfcdc7ef0
backend for secure categories mostly done (todo pm groups)
2013-04-29 16:33:43 +10:00
Neil Lalonde
651cfba93f
Add ability to destroy a user with 0 posts
2013-04-12 16:53:00 -04:00
Sam
e969eb14e8
added 2 new flag types: notify user and notify moderators
...
fixed up messed up user navigation
refactored
2013-04-12 17:55:45 +10:00
Sam
4fbf017272
get regular trust level going, self heal inconsistent topic timings
2013-04-05 15:30:28 +11:00
Robin Ward
738789f336
Admins can't lock themselves out of a site by setting approval.
2013-04-03 12:23:28 -04:00
Sam
62c60540be
pull moderator into own column, rename trust levels
2013-03-19 21:06:11 -07:00
Sam
ec948dc660
loading a user in a post_action is wasteful
2013-03-19 16:54:23 -07:00
Régis Hanol
239cbd2d58
enforce coding convention
...
replaced every `and` by `&&` and every `or` by `||`
2013-03-05 01:42:44 +01:00
Gosha Arinich
0c99dea153
introduce Enum
2013-03-01 21:16:36 +03:00
Gosha Arinich
cafc75b238
remove trailing whitespaces ❤️
2013-02-26 07:31:35 +03:00
Ismael Abreu
80bec6efc9
Adds grant and revoke moderation buttons so admins can make users moderators
2013-02-14 01:12:23 +00:00
Robin Ward
03a798b202
Can clear flags on deleted posts if you're a moderator
2013-02-08 19:07:29 -05:00
Robin Ward
084a873b91
Give regular users a delete button. If they click it, their post will be revised to
...
say it was deleted.
2013-02-07 15:14:23 -05:00
Sam Saffron
85973ce6b0
added delete all posts button
...
wired up the ability to enable all themes
2013-02-07 18:11:56 +11:00
Bruno Bonamin
de871ccf8a
Fixed minor typo in lib/guardian.rb
...
Just a letter switch I found upon browsing the code :)
2013-02-06 17:46:45 -02:00
Robin Ward
21b5628528
Initial release of Discourse
2013-02-05 14:16:51 -05:00