Commit Graph

2466 Commits

Author SHA1 Message Date
Toby Zerner
7651907f56 Don't break compatibility with extensions that return a function name
eg. s9e/mediaembed
2018-01-31 07:20:49 +10:30
Toby Zerner
557a65aadd Grant users permission to view empty discussions if they can edit posts
This fixes an issue where unapproved discussions (via
flarum-ext-approval) that were rejected became invisible to the user.

This solution is imperfect and some more substantial thought into how
flarum-ext-approval works is required in the future.
2018-01-30 11:14:25 +10:30
Toby Zerner
ad4bd3d001
Overhaul model visibility scoping (#1342)
* Overhaul the way model visibility scoping works

- Previously post visibility scoping required concrete knowledge of the
  parent discussion, ie. you needed a Discussion model on which you
  would call `postsVisibleTo($actor)`. This meant that to fetch posts
  from different discussions (eg. when listing user posts), it was a
  convoluted process, ultimately causing #1333.

  Now posts behave like any other model in terms of visibility scoping,
  and you simply call `whereVisibleTo($actor)` on a Post query. This
  scope will automatically apply a WHERE EXISTS clause that scopes the
  query to only include posts whose discussions are visible too. Thus,
  fetching posts from multiple discussions can now be done in a single
  query, simplifying things greatly and fixing #1333.

- As such, the ScopePostVisibility event has been removed. Also, the
  rest of the "Scope" events have been consolidated into a single event,
  ScopeModelVisibility. This event is called whenever a user must have
  a certain $ability in order to see a set of discussions. Typically
  this ability is just "view". But in the case of discussions which have
  been marked as `is_private`, it is "viewPrivate". And in the case of
  discussions which have been hidden, it is "hide". etc.

  The relevant API on AbstractPolicy has been refined, now providing
  `find`, `findPrivate`, `findEmpty`, and `findWithPermission` methods.
  This could probably do with further refinement and we can re-address
  it once we get around to implementing more Extenders.

- An additional change is that Discussion::comments() (the relation
  used to calculate the cached number of replies) now yields "comments
  that are not private", where before it meant "comments that are
  visible to Guests". This was flawed because eg. comments in non-public
  tags are technically not visible to Guests.

  Consequently, the Approval extension must adopt usage of `is_private`,
  so that posts which are not approved are not included in the replies
  count. Fundamentally, `is_private` now indicates that a discussion/
  post should be hidden by default and should only be visible if it
  meets certain criteria. This is in comparison to non-is_private
  entities, which are visible by default and may be hidden if they don't
  meet certain criteria.

Note that these changes have not been extensively tested, but I have
been over the logic multiple times and it seems to check out.

* Add event to determine whether a discussion `is_private`

See https://github.com/flarum/core/pull/1153#issuecomment-292693624

* Don't include hidden posts in the comments count

* Apply fixes from StyleCI (#1350)
2018-01-27 09:57:16 +10:30
Franz Liedke
4b1a299b3c
Convert closures in arrays to Compat extenders as well
Refs #851.
2018-01-21 22:38:06 +01:00
Franz Liedke
fa14be591c
Use cursor() fetching when deleting many posts
Refs #1319.
2018-01-21 21:53:48 +01:00
Franz Liedke
072f4f89cb
Assets extender: Remove defaultAssets() method
See a7821a24a2 (r26990974).
2018-01-21 21:14:08 +01:00
Toby Zerner
ed3e833181 Fix docblocks 2018-01-21 08:28:15 +10:30
Toby Zerner
7f92838225 Fix Laravel 5.5 query scoping 2018-01-21 08:28:08 +10:30
Toby Zerner
2159107214
Merge pull request #1330 from clarkwinkelmann/signup-fields-locking
Prevent editing fields in sign up modal according to identification data
2018-01-12 08:38:49 +10:30
Clark Winkelmann
d357364712 Rename method and attribute, and remove unnecessary attribute filtering 2018-01-11 23:05:26 +01:00
Clark Winkelmann
26449a64fe Merge remote-tracking branch 'upstream/master' into signup-fields-locking 2018-01-11 22:54:41 +01:00
Toby Zerner
ae2e07e94c Remove use of event priorities
Event priorities are no longer in Laravel - see dbbfc62bef

Updated the AbstractPolicy terminology to reflect the new behaviour,
which is that there is no guarantee that the catch-all methods will run
after all specific methods have run globally. This behaviour is only
guaranteed within the policy.
2018-01-11 14:10:37 +10:30
Toby Zerner
801d619a36 Fix docblock return type 2018-01-11 12:11:48 +10:30
Toby Zerner
0befe041c7 Use whereRaw instead of Expression 2018-01-11 11:56:18 +10:30
Toby Zerner
1c87c33d4d Use ::class, update some typehints 2018-01-11 11:55:57 +10:30
Franz Liedke
3480a65989
Avoid calculations in views
Instead, look up existence of navigation links in the underlying
API document.
2018-01-10 20:39:53 +01:00
Franz Liedke
2979e8bc28
Use Blade's inject helper 2018-01-10 20:36:50 +01:00
Franz Liedke
8c470954eb
Add pagination link for previous page 2018-01-10 20:35:07 +01:00
Franz Liedke
6913e8f0f8
Only display pagination link if necessary
Otherwise, search engines start indexing pages that aren't filled yet.

Refs #189.
2018-01-10 20:34:25 +01:00
Franz Liedke
30a04e7bf9
Don't use invokables with Container::call() 2018-01-10 19:37:18 +01:00
Franz Liedke
0af97c427c
Re-introduce Compat extender
Turns out Container::call() does not work with invokable classes.
Thus, we need to wrap callables in a custom extender class to
support injecting any resolvable type-hint automatically.

Refs #851.
2018-01-10 19:32:57 +01:00
Toby Zerner
1c1cefa017 Update test namespaces 2018-01-11 01:25:10 +10:30
Franz Liedke
c6747b6910
Get rid of Compat extender
Now that we support any form of callable to be returned from the
bootstrap.php files, it is no longer needed.
2018-01-09 22:35:40 +01:00
Franz Liedke
1ce70eeb6e
Turn extenders into callables
This simplifies the API and gives extension developers more
flexibility, for a) maintaining backwards compatibility, and
b) doing advanced stuff that extenders do not allow.

Note that only extenders are guaranteed to work across
different versions of Flarum (once the API surface is stable).

See the discussion in https://github.com/flarum/core/pull/1335.
2018-01-09 20:49:51 +01:00
Daniel Klabbers
714775cfed fixed two typehints on migrations repository 2018-01-09 16:28:50 +01:00
Toby Zerner
bdc1a100cd
Merge pull request #1340 from clarkwinkelmann/fix-password-changed-on-reset
Dispatch user events after password reset
2018-01-09 13:35:24 +10:30
Clark Winkelmann
f3e29ab801 Dispatch user events after password reset
Previously PasswordChanged was never sent
2018-01-09 03:44:06 +01:00
Franz Liedke
26e53fc51b
Tweak route registration extender: Use plural
This makes it more consistent with other existing extenders,
while also making registration of multiple routes more
comfortable for extension developers, and likely slightly
more performant. :-)
2018-01-07 19:50:49 +01:00
Franz Liedke
848293a7d5
Merge pull request #1338 from gwillem/fix-permissions
Remove execute permissions from php/less files
2018-01-07 18:30:40 +01:00
Willem de Groot
5af65dede1 Fix StyleCI spacing 2018-01-06 12:03:02 +01:00
Willem de Groot
e774baf32f Remove execute permissions from php/less files 2018-01-06 11:59:25 +01:00
Toby Zerner
2ac04aac8e Merge branch '0.1.0-beta.7' 2018-01-06 20:06:43 +10:30
Clark Winkelmann
c6aeeeb3c1 Always apply attributes from token when registering
The change introduced in #1033 transformed any identification attribute returned from an OAuth provider to just a default value.

When the identification attribute used by the provider is the email or username, this allowed the user to supply a different email or username and still getting an already-enabled account with the credentials he entered.

Skipping attributes with an existing value makes no sense here because it's a always a fresh user and values from AbstractOAuth2Controller::getIdentification() should always be enforced.
2018-01-06 20:04:42 +10:30
Toby Zerner
f247d8c2a6
Merge pull request #1335 from flarum/next-back-extenders
Start of PHP extenders API
2018-01-06 09:17:27 +10:30
Franz Liedke
0380536cb4
Add another newline before custom footer HTML 2018-01-05 23:46:38 +01:00
AFR
6dc96b38af Add Custom Footer HTML (#1315)
* Add Custom Footer HTML

Straight copy from Custom Header HTML

* Move Custom Footer HTML to exactly before `</body>` tag.

* Fix invalid class name

* Append CustomFooterHTML when preparing the view.

* Some consistency in placing the variable
2018-01-05 23:44:11 +01:00
Clark Winkelmann
9342723f64 Manage Composer height with overridable methods (#1272)
* Manage Composer height in a separate class with overridable methods

* Use a computed method

* Keep everything in Composer.js

* Drop usage of computed property for the Composer height
Because the Composer height also depends on the page height and is rarely called without position, height or page height changing anyway
2018-01-04 09:39:06 +10:30
Franz Liedke
8d049126d0
Add Route extender for registering routes with forum, admin or API 2018-01-03 23:19:45 +01:00
Franz Liedke
63be95fb8a
Admin: Set up all event listeners in one place
See discussion in #1273.
2018-01-03 20:23:05 +01:00
Franz Liedke
1d47047d45
Add FormatterConfiguration extender for extensions working with TextFormatter 2018-01-03 09:42:11 +01:00
Franz Liedke
4e30ad5891
Add Assets extender for frontend extensions 2018-01-03 09:42:11 +01:00
Franz Liedke
f4ad227576
Add Locale extender for language pack extensions 2018-01-03 09:42:11 +01:00
Franz Liedke
5b6d043f80
Resolve extenders from ExtensionManager
Loading the activated extensions now means retrieving an array of
extenders (classes that implement a certain type of extension of a core
feature in Flarum).

For now, the only existing extender is the Compat extender which is used
to handle old-style bootstrappers that simply return a closure that
receives all of its dependencies via auto injection.

In the future, extensions will be able to return an array of extender
instances from their bootstrapper instead. These extender classes will
be implemented in the next step.
2018-01-03 09:42:11 +01:00
Franz Liedke
c41e58531a
Deprecate remaining non-namespaced events
These will be replaced by etenders soon.
2018-01-03 09:42:11 +01:00
Franz Liedke
b760d113d2
Installation default data: Use more sensible defaults
Using .dev as a TLD for local development is discouraged, as at
least Chrome now enforces HTTPS for these domains.

As far as I know, by default, the MySQL root user does not have
a password on many platforms. I use it this way on my local
machine, and this makes it convenient to setup a local copy.
2018-01-03 09:41:46 +01:00
Franz Liedke
936f67e953
Use ::class instead of some hardcoded class names
This gives us better refactoring functionality in IDEs like
PhpStorm, and also more quickly surfaces typos through errors
about undefined classes. :)
2018-01-03 09:41:46 +01:00
Franz Liedke
3f7e7520b0
Clean up code, use PHP 7 feature :) 2018-01-03 09:41:46 +01:00
Clark Winkelmann
7ccb263926 Fix array_only usage 2018-01-02 00:27:13 +01:00
Toby Zerner
fe56f57e8f Fix order of array_first arguments
As per https://laravel.com/docs/5.3/upgrade (under "Arrays")
2018-01-02 09:48:50 +10:30
Clark Winkelmann
fa9d89d690 Prevent editing fields in sign up modal according to identification data 2018-01-02 00:13:33 +01:00