We can't do this using the ValidatesBeforeSave trait because the
password has been hashed by then. Instead, we must validate the
original password as it comes in.
Implemented our own migration repository + migrator (based on Laravel's
stuff) so that we can keep track of which migrations have been run for
core and per-extension. That way we can simple call the migrator to
upgrade core/extensions, and to uninstall extensions.
Parsing the post content makes it non-empty (`<t></t>`), so we don't
parse it if it is empty. Also delete a created discussion if the first
post was invalid.
closesflarum/core#224
The activity system we were using was built around a separate table.
Whenever the user posted something, or deleted a post, we would sync
the table. The advantage of this was that we could aggregate activity
of all different types very efficiently.
It turns out that it came with a huge disadvantage: there was no
efficient way to enforce permissions on activity. If a user posted
something in a private tag, everyone could still see it on their
activity feed. My stopgap solution was to only sync activity for posts
that are viewable by guests, but that was way too limited.
It also turns out that aggregating activity of different types is
really not that useful, especially considering most of it is the user
making posts. So I've gotten rid of that whole overly-complicated
system, and just made the user profile display separate lists of posts
and discussions, retrieved from those respective APIs. The discussions
page is an actual discussion list too, which is pretty cool.
It's still technically possible to aggregate different activity types
(basically just aggregate API responses together), but we can do that
later if there's a need for it.
This is probably my favourite commit of the day :)
- Fix composer crashing/not showing alert on error
- Make a general ValidationException which takes an array of field ⇒
messages to be outputted nicely by the API
