Commit Graph

3278 Commits

Author SHA1 Message Date
Daniël Klabbers
58299edc20 added author Daniel Klabbers 2020-02-04 22:59:02 +01:00
David Sevilla Martín
18774e0b10 Prepare beta.10 release (#1885)
* Update Application version string to beta 10
* Add beta.10 changelog
2020-02-04 22:59:02 +01:00
Franz Liedke
86d890d043 Restore beta.9 behavior of assertCan()
In flarum/core#1854, I changed the implementation of `assertCan()` to be
more aware of the user's log-in status. I came across this when unifying
our API's response status code when actors are not authenticated or not
authorized to do something.

@luceos rightfully had to tweak this again in ea84fc4, because the
behavior changed for one of the few API endpoints that checked for a
permission that even guests can have.

It turns out having this complex behavior in `assertCan()` is quite
misleading, because the name suggests a simple permission check and
nothing more.

Where we actually want to differ between HTTP 401 and 403, we can do
this using two method calls, and enforce it with our tests.

If this turns out to be problematic or extremely common, we can revisit
this and introduce a method with a different, better name in the future.

This commit restores the method's behavior in the last release, so we
also avoid another breaking change for extensions.
2020-02-04 22:59:02 +01:00
Franz Liedke
ab0ba707e7 Add a test for viewUserList guest permission
This test would have failed without commit ea84fc4. Next, I will revert
that commit and most of my PR #1854, so we need this test to ensure the
API continues to behave as desired.
2020-02-04 22:59:02 +01:00
Franz Liedke
04b2cf4462 Apply fixes from StyleCI
[ci skip] [skip ci]
2020-02-04 22:59:02 +01:00
Franz Liedke
28e3ec4014 Convert more controller tests to feature tests 2020-02-04 22:59:02 +01:00
Franz Liedke
a6decb2350 Update vulnerable JS dependencies 2020-02-04 22:59:02 +01:00
Franz Liedke
1e55361539 Send a HTTP 401 for incorrect login credentials
This fixes a regression from #1843 and #1854. Now, the frontend again
shows the proper "Incorrect login details" message instead of "You
do not have permission to do that".
2020-02-04 22:59:02 +01:00
Franz Liedke
e80f5429d0 Convert another controller test to feature test
Decouple from implementation, test closer to HTTP...
2020-02-04 22:59:02 +01:00
flarum-bot
108a23c1eb Bundled output for commit a9557c399a [skip ci] 2020-02-04 22:58:49 +01:00
David Sevilla Martín
1dd329982a Fix errors caused by deletion alert when deleting users (#1883)
Refs #1788

TypeError: t.showDeletionAlert is not a function
  at onSuccess(./src/forum/utils/UserControls.js:104:12)

Also, don't override 'this' param with user object for editAction
2020-02-04 22:58:49 +01:00
Daniël Klabbers
e0c2ef5e64 moved the artisan binary override and commented some of the bindings for queue 2020-02-04 22:58:49 +01:00
flarum-bot
d654517c91 Bundled output for commit 119831e51c [skip ci] 2020-02-04 22:58:49 +01:00
David Sevilla Martin
0232d949e9 Fixes an issue where deleting a nonexistent model would error instead of resolving gracefully 2020-02-04 22:58:49 +01:00
Daniël Klabbers
6363753d0f prevent constant to be duplicated during tests 2020-02-04 22:58:49 +01:00
luceos
0918b04fe2 Apply fixes from StyleCI
[ci skip] [skip ci]
2020-02-04 22:58:49 +01:00
Daniël Klabbers
929d7b87c1 Fixes an issue where permission checks aren't made for guest users,
due to the gate being accessed after the check whether the user
is registered/signed in.
2020-02-04 22:58:49 +01:00
Daniël Klabbers
544f687cf4 Fixes the queue listen command. We might need to rectify this implementation before stable. 2020-02-04 22:58:49 +01:00
Daniël Klabbers
a7ed625d16 Fixes an issue where a different cache driver is used and Formatter
attempts to load the s9e Renderer from the wrong cache. It has
to be saved locally so that it can be properly loaded using
the spl auto register functionality.
2020-02-04 22:58:49 +01:00
Franz Liedke
a67eca0c9e Fix instructions in PR template 2020-02-04 22:58:49 +01:00
flarum-bot
855dd2445a Bundled output for commit 24964b94bf [skip ci] 2020-02-04 22:58:49 +01:00
David Sevilla Martín
1a3d955b4f Mark notification as read without visiting discussion (#1874) 2020-02-04 22:58:48 +01:00
flarum-bot
8db91e3395 Bundled output for commit 2e647cdda8 [skip ci] 2020-02-04 22:58:48 +01:00
David Sevilla Martín
d725012a84 Fix error thrown if textarea doesn't exist in TextEditor (#1852)
* Prevent textarea not existing from causing errors to be thrown

* Replace [0] with .length
2020-02-04 22:58:48 +01:00
Daniël Klabbers
5a03cd865a listen and restart currently fail in the queue, see #1879 2020-02-04 22:58:48 +01:00
flarum-bot
0a32a96207 Bundled output for commit 8b3913339a [skip ci] 2020-02-04 22:58:48 +01:00
Matthew Kilgore
1587d48e59 Fix the new edit user permission label (#1870) 2020-02-04 22:58:48 +01:00
David Sevilla Martín
b750554011 Add DB prefix to PHP tests (#1855)
* Add test job with PHP 7.3, MySQL & custom prefix

* Add prefix MariaDB test

* Add PHP 7.4 to tests

* Remove PHP 7.4 from tests

This reverts commit 270cba2f5f.
2020-02-04 22:58:48 +01:00
David Sevilla Martín
db7e28d316 Add back defaults for language and direction attributes (#1860) 2020-02-04 22:58:48 +01:00
flarum-bot
14e89546ca Bundled output for commit 0191babb05 [skip ci] 2020-02-04 22:58:48 +01:00
Franz Liedke
92642519d4 Optimize ScrollListener performance
Listen to "scroll" event and throttle callback executions instead
of actively polling for changes to the scroll position.

Fixes #1222.
2020-02-04 22:58:48 +01:00
Franz Liedke
f779f4d092 Fix failing test 2020-02-04 22:58:48 +01:00
Franz Liedke
7b73036441 Debug mode: Include stacktrace in JSON-API errors
Refs #1843, #1865.
2020-02-04 22:58:48 +01:00
Franz Liedke
8b628be507 Refactor JSON-API error formatter 2020-02-04 22:58:48 +01:00
Franz Liedke
51f4bcdcb0 Apply fixes from StyleCI (#1867)
[ci skip] [skip ci]
2020-02-04 22:58:48 +01:00
Franz Liedke
47a528305b Restore error details in JSON-API error formatter
Fixes #1865. Refs #1843.
2020-02-04 22:58:48 +01:00
Franz Liedke
6121229c6f Convert controller test to request test
This further decouples these tests from the implementation (i.e. which
controller are we calling?).
2020-02-04 22:58:48 +01:00
Matteo Contrini
df7f1291a7 Allow formatting post content without a request (#1848) 2020-02-04 22:58:28 +01:00
Matthew Kilgore
52e73b2481 Add Edit User permission to permissions grid (#1859) 2020-02-04 22:58:28 +01:00
Franz Liedke
d08f851c0b When signups are prohibited, respond with HTTP 403 2020-02-04 22:58:28 +01:00
Franz Liedke
22b32bd601 Move authentication check into assertCan() method
This will cause the right error (HTTP 401) to be thrown whenever
we're checking for a specific permission, but the user is not even
logged in. Authenticated users will still get HTTP 403.
2020-02-04 22:58:28 +01:00
Franz Liedke
6797770c75 Remove unnecessary indirection 2020-02-04 22:58:28 +01:00
Franz Liedke
4cab48c0fd Document permission check methods 2020-02-04 22:58:28 +01:00
Franz Liedke
f7222d7e20 Fix inconsistent status codes
HTTP 401 should be used when logging in (i.e. authenticating) would make
a difference; HTTP 403 is reserved for requests that fail because the
already authenticated user is not authorized (i.e. lacking permissions)
to do something.
2020-02-04 22:58:28 +01:00
dependabot[bot]
53c728b184 Bump lodash from 4.17.11 to 4.17.15 in /js (#1863)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.15.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.15)

Signed-off-by: dependabot[bot] <support@github.com>
2020-02-04 22:58:28 +01:00
dependabot[bot]
1d525d0a78 Bump mixin-deep from 1.3.1 to 1.3.2 in /js (#1862)
Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/jonschlinkert/mixin-deep/releases)
- [Commits](https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2)

Signed-off-by: dependabot[bot] <support@github.com>
2020-02-04 22:58:28 +01:00
Franz Liedke
301e571772 Remove unnecessary dependency
Refs #1773.
2020-02-04 22:58:28 +01:00
Franz Liedke
e7c12ce928 Remove superfluous ForbiddenException
It has the same effect as the PermissionDeniedException, so let's
just use that.

Refs #1641.
2020-02-04 22:58:28 +01:00
Franz Liedke
5d5ebc088e Travis: Remove deploy key 2020-02-04 22:55:25 +01:00
David Sevilla Martín
6e62240153 Move to GitHub Actions (#1853) 2020-02-04 22:55:25 +01:00