Commit Graph

2531 Commits

Author SHA1 Message Date
Clark Winkelmann
c9cfcee12a
Fix formatting 2018-02-09 18:41:51 +01:00
Clark Winkelmann
479fafbf5c
Add extension rollback command 2018-02-09 18:32:44 +01:00
Toby Zerner
aff1b9a5e4
Merge pull request #1361 from clarkwinkelmann/extendable-notification-methods
Extendable notification methods
2018-02-09 13:51:39 +10:30
Clark Winkelmann
a53d95a3d9
Fix jsdoc for notification types 2018-02-09 02:53:05 +01:00
Clark Winkelmann
ff10ed0ea9
Use an extendable ItemList for notification methods 2018-02-09 02:51:42 +01:00
Johann Rodríguez
7721288ac6 No slug? Then no '-' separator! (#1351)
* Stop using slug separator when there is no slug

* Changing as per upstream requirements
2018-02-09 07:22:50 +10:30
Toby Zerner
c3a6f7daef Remove excerpt margin on mobile 2018-02-08 07:18:29 +10:30
Toby Zerner
a4704b1e2e Fix CSS rule 2018-02-08 07:08:54 +10:30
Toby Zerner
0ab1f2cfe7 Fix regression: set actor before eager loading user state 2018-02-08 07:08:39 +10:30
Toby Zerner
322a84f516
Improve search performance (#1339)
* Improve fulltext gambit

* Only search in visible posts

This change relies on the `visibility-scoping` branch to be merged.

* Change posts table to use InnoDB engine

Doing a JOIN between an InnoDB table (discussions) and a MyISAM table
(posts) is very very (very) bad for performance. FULLTEXT indexes are
fully supported in InnoDB now, and it is a superior engine in every
other way, so there is no longer any reason to be using MyISAM.

* Use ::class

* Only search for comment posts

* Add fulltext index to discussions.title

* Fix migration not working if there is a table prefix

* Update frontend appearance

* Apply fixes from StyleCI

[ci skip] [skip ci]

* Show search result excerpts on mobile
2018-02-08 06:38:08 +10:30
Daniel Klabbers
80ec3b5e17 Improved the console configuring event to support any type of console command to be added 2018-02-07 13:58:31 +01:00
Clark Winkelmann
636e965873 Add console configuration event (#1349)
* Add console configuration event

* Fix comment formatting
2018-02-07 21:49:08 +10:30
Daniel Klabbers
419adb748b validation requires nullable now in order to allow null values to pass the validation 2018-02-02 11:38:06 +01:00
Toby Zerner
25154dabff
Merge pull request #1358 from clarkwinkelmann/avatar-permission
Assert permission when updating avatar
2018-02-01 06:54:47 +10:30
Clark Winkelmann
2eae968a70 Assert permission when updating avatar 2018-01-31 16:36:42 +01:00
Toby Zerner
7651907f56 Don't break compatibility with extensions that return a function name
eg. s9e/mediaembed
2018-01-31 07:20:49 +10:30
Toby Zerner
557a65aadd Grant users permission to view empty discussions if they can edit posts
This fixes an issue where unapproved discussions (via
flarum-ext-approval) that were rejected became invisible to the user.

This solution is imperfect and some more substantial thought into how
flarum-ext-approval works is required in the future.
2018-01-30 11:14:25 +10:30
Toby Zerner
ad4bd3d001
Overhaul model visibility scoping (#1342)
* Overhaul the way model visibility scoping works

- Previously post visibility scoping required concrete knowledge of the
  parent discussion, ie. you needed a Discussion model on which you
  would call `postsVisibleTo($actor)`. This meant that to fetch posts
  from different discussions (eg. when listing user posts), it was a
  convoluted process, ultimately causing #1333.

  Now posts behave like any other model in terms of visibility scoping,
  and you simply call `whereVisibleTo($actor)` on a Post query. This
  scope will automatically apply a WHERE EXISTS clause that scopes the
  query to only include posts whose discussions are visible too. Thus,
  fetching posts from multiple discussions can now be done in a single
  query, simplifying things greatly and fixing #1333.

- As such, the ScopePostVisibility event has been removed. Also, the
  rest of the "Scope" events have been consolidated into a single event,
  ScopeModelVisibility. This event is called whenever a user must have
  a certain $ability in order to see a set of discussions. Typically
  this ability is just "view". But in the case of discussions which have
  been marked as `is_private`, it is "viewPrivate". And in the case of
  discussions which have been hidden, it is "hide". etc.

  The relevant API on AbstractPolicy has been refined, now providing
  `find`, `findPrivate`, `findEmpty`, and `findWithPermission` methods.
  This could probably do with further refinement and we can re-address
  it once we get around to implementing more Extenders.

- An additional change is that Discussion::comments() (the relation
  used to calculate the cached number of replies) now yields "comments
  that are not private", where before it meant "comments that are
  visible to Guests". This was flawed because eg. comments in non-public
  tags are technically not visible to Guests.

  Consequently, the Approval extension must adopt usage of `is_private`,
  so that posts which are not approved are not included in the replies
  count. Fundamentally, `is_private` now indicates that a discussion/
  post should be hidden by default and should only be visible if it
  meets certain criteria. This is in comparison to non-is_private
  entities, which are visible by default and may be hidden if they don't
  meet certain criteria.

Note that these changes have not been extensively tested, but I have
been over the logic multiple times and it seems to check out.

* Add event to determine whether a discussion `is_private`

See https://github.com/flarum/core/pull/1153#issuecomment-292693624

* Don't include hidden posts in the comments count

* Apply fixes from StyleCI (#1350)
2018-01-27 09:57:16 +10:30
Franz Liedke
4b1a299b3c
Convert closures in arrays to Compat extenders as well
Refs #851.
2018-01-21 22:38:06 +01:00
Franz Liedke
fa14be591c
Use cursor() fetching when deleting many posts
Refs #1319.
2018-01-21 21:53:48 +01:00
Franz Liedke
072f4f89cb
Assets extender: Remove defaultAssets() method
See a7821a24a2 (r26990974).
2018-01-21 21:14:08 +01:00
Toby Zerner
ed3e833181 Fix docblocks 2018-01-21 08:28:15 +10:30
Toby Zerner
7f92838225 Fix Laravel 5.5 query scoping 2018-01-21 08:28:08 +10:30
Toby Zerner
2159107214
Merge pull request #1330 from clarkwinkelmann/signup-fields-locking
Prevent editing fields in sign up modal according to identification data
2018-01-12 08:38:49 +10:30
Clark Winkelmann
d357364712 Rename method and attribute, and remove unnecessary attribute filtering 2018-01-11 23:05:26 +01:00
Clark Winkelmann
26449a64fe Merge remote-tracking branch 'upstream/master' into signup-fields-locking 2018-01-11 22:54:41 +01:00
Toby Zerner
ae2e07e94c Remove use of event priorities
Event priorities are no longer in Laravel - see dbbfc62bef

Updated the AbstractPolicy terminology to reflect the new behaviour,
which is that there is no guarantee that the catch-all methods will run
after all specific methods have run globally. This behaviour is only
guaranteed within the policy.
2018-01-11 14:10:37 +10:30
Toby Zerner
801d619a36 Fix docblock return type 2018-01-11 12:11:48 +10:30
Toby Zerner
0befe041c7 Use whereRaw instead of Expression 2018-01-11 11:56:18 +10:30
Toby Zerner
1c87c33d4d Use ::class, update some typehints 2018-01-11 11:55:57 +10:30
Franz Liedke
3480a65989
Avoid calculations in views
Instead, look up existence of navigation links in the underlying
API document.
2018-01-10 20:39:53 +01:00
Franz Liedke
2979e8bc28
Use Blade's inject helper 2018-01-10 20:36:50 +01:00
Franz Liedke
8c470954eb
Add pagination link for previous page 2018-01-10 20:35:07 +01:00
Franz Liedke
6913e8f0f8
Only display pagination link if necessary
Otherwise, search engines start indexing pages that aren't filled yet.

Refs #189.
2018-01-10 20:34:25 +01:00
Franz Liedke
30a04e7bf9
Don't use invokables with Container::call() 2018-01-10 19:37:18 +01:00
Franz Liedke
0af97c427c
Re-introduce Compat extender
Turns out Container::call() does not work with invokable classes.
Thus, we need to wrap callables in a custom extender class to
support injecting any resolvable type-hint automatically.

Refs #851.
2018-01-10 19:32:57 +01:00
Toby Zerner
1c1cefa017 Update test namespaces 2018-01-11 01:25:10 +10:30
Franz Liedke
c6747b6910
Get rid of Compat extender
Now that we support any form of callable to be returned from the
bootstrap.php files, it is no longer needed.
2018-01-09 22:35:40 +01:00
Franz Liedke
1ce70eeb6e
Turn extenders into callables
This simplifies the API and gives extension developers more
flexibility, for a) maintaining backwards compatibility, and
b) doing advanced stuff that extenders do not allow.

Note that only extenders are guaranteed to work across
different versions of Flarum (once the API surface is stable).

See the discussion in https://github.com/flarum/core/pull/1335.
2018-01-09 20:49:51 +01:00
Daniel Klabbers
714775cfed fixed two typehints on migrations repository 2018-01-09 16:28:50 +01:00
Toby Zerner
bdc1a100cd
Merge pull request #1340 from clarkwinkelmann/fix-password-changed-on-reset
Dispatch user events after password reset
2018-01-09 13:35:24 +10:30
Clark Winkelmann
f3e29ab801 Dispatch user events after password reset
Previously PasswordChanged was never sent
2018-01-09 03:44:06 +01:00
Franz Liedke
26e53fc51b
Tweak route registration extender: Use plural
This makes it more consistent with other existing extenders,
while also making registration of multiple routes more
comfortable for extension developers, and likely slightly
more performant. :-)
2018-01-07 19:50:49 +01:00
Franz Liedke
848293a7d5
Merge pull request #1338 from gwillem/fix-permissions
Remove execute permissions from php/less files
2018-01-07 18:30:40 +01:00
Willem de Groot
5af65dede1 Fix StyleCI spacing 2018-01-06 12:03:02 +01:00
Willem de Groot
e774baf32f Remove execute permissions from php/less files 2018-01-06 11:59:25 +01:00
Toby Zerner
2ac04aac8e Merge branch '0.1.0-beta.7' 2018-01-06 20:06:43 +10:30
Clark Winkelmann
c6aeeeb3c1 Always apply attributes from token when registering
The change introduced in #1033 transformed any identification attribute returned from an OAuth provider to just a default value.

When the identification attribute used by the provider is the email or username, this allowed the user to supply a different email or username and still getting an already-enabled account with the credentials he entered.

Skipping attributes with an existing value makes no sense here because it's a always a fresh user and values from AbstractOAuth2Controller::getIdentification() should always be enforced.
2018-01-06 20:04:42 +10:30
Toby Zerner
f247d8c2a6
Merge pull request #1335 from flarum/next-back-extenders
Start of PHP extenders API
2018-01-06 09:17:27 +10:30
Franz Liedke
0380536cb4
Add another newline before custom footer HTML 2018-01-05 23:46:38 +01:00