Isaac Janzen dd495a0e19

FEATURE: Allow admins to delete reviewables via API (#21174) ...

This PR adds the ability to destroy reviewables for a passed user via the API. This was not possible before as this action was reserved for reviewables for you created only.

If a user is an admin and calls the `#destroy` action from the API they are able to destroy a reviewable for a passed user. A user can be targeted by passed either their:
- username
- external_id (for SSO) 

to the request.

In the case you attempt to destroy a non-personal reviewable and
- You are not an admin
- You do not access the `#destroy` action via the API

you will raise a `Discourse::InvalidAccess` (403) and will not succeed in destroying the reviewable.

2023-04-20 09:38:41 -05:00

..

assets

Revert "DEV: Merge package.json files (#21172)" (#21182)

2023-04-20 14:57:40 +02:00

controllers

FEATURE: Allow admins to delete reviewables via API (#21174)

2023-04-20 09:38:41 -05:00

helpers

UX: Improve login required page (#20847)

2023-03-28 07:09:44 -05:00

jobs

PERF: Avoid full posts table scans during anonymisation (#21081)

2023-04-12 18:39:10 +01:00

mailers

DEV: Replace #pluck_first freedom patch with AR #pick in core (#19893)

2023-02-13 12:39:45 +08:00

models

FEATURE: Add new don't feed the trolls feature (#21001)

2023-04-20 15:49:35 +08:00

serializers

FEATURE: Add an emoji deny list site setting (#20929)

2023-04-13 15:38:54 +08:00

services

FIX: Hashtag subcategory ref incorrect when not highest-ranked type (#21163)

2023-04-20 09:03:55 +10:00

views

UX: better digest centering in event of truncation (#21176)

2023-04-20 09:33:50 -04:00