Commit Graph

3462 Commits

Author SHA1 Message Date
David Sevilla Martín
44dba542b1 Prepare beta.10 release (#1885)
* Update Application version string to beta 10
* Add beta.10 changelog
2019-09-16 09:28:17 +02:00
Franz Liedke
cbe7d4dfdb Restore beta.9 behavior of assertCan()
In flarum/core#1854, I changed the implementation of `assertCan()` to be
more aware of the user's log-in status. I came across this when unifying
our API's response status code when actors are not authenticated or not
authorized to do something.

@luceos rightfully had to tweak this again in 8e3eb59, because the
behavior changed for one of the few API endpoints that checked for a
permission that even guests can have.

It turns out having this complex behavior in `assertCan()` is quite
misleading, because the name suggests a simple permission check and
nothing more.

Where we actually want to differ between HTTP 401 and 403, we can do
this using two method calls, and enforce it with our tests.

If this turns out to be problematic or extremely common, we can revisit
this and introduce a method with a different, better name in the future.

This commit restores the method's behavior in the last release, so we
also avoid another breaking change for extensions.
2019-09-14 21:32:00 +02:00
Franz Liedke
26d2031aa4 Add a test for viewUserList guest permission
This test would have failed without commit 8e3eb59. Next, I will revert
that commit and most of my PR #1854, so we need this test to ensure the
API continues to behave as desired.
2019-09-14 21:30:09 +02:00
Franz Liedke
f4219b0de6 Apply fixes from StyleCI
[ci skip] [skip ci]
2019-09-14 18:57:28 +00:00
Franz Liedke
9120e556eb Convert more controller tests to feature tests 2019-09-14 13:09:56 +02:00
Franz Liedke
cad6ab1e6e Update vulnerable JS dependencies 2019-09-13 15:26:10 +02:00
Franz Liedke
eca288f525 Send a HTTP 401 for incorrect login credentials
This fixes a regression from #1843 and #1854. Now, the frontend again
shows the proper "Incorrect login details" message instead of "You
do not have permission to do that".
2019-09-13 15:03:03 +02:00
Franz Liedke
b75e8284da Convert another controller test to feature test
Decouple from implementation, test closer to HTTP...
2019-09-13 14:58:45 +02:00
flarum-bot
9f8aeb7927 Bundled output for commit 5e53145bab [skip ci] 2019-09-12 22:36:12 +00:00
David Sevilla Martín
5e53145bab Fix errors caused by deletion alert when deleting users (#1883)
Refs #1788

TypeError: t.showDeletionAlert is not a function
  at onSuccess(./src/forum/utils/UserControls.js:104:12)

Also, don't override 'this' param with user object for editAction
2019-09-13 00:34:05 +02:00
Daniël Klabbers
4bfcf4e052 moved the artisan binary override and commented some of the bindings for queue 2019-09-12 09:11:12 +02:00
flarum-bot
c1e03b0436 Bundled output for commit 5530422210 [skip ci] 2019-09-11 22:16:20 +00:00
David Sevilla Martin
5530422210 Fixes an issue where deleting a nonexistent model would error instead of resolving gracefully 2019-09-11 18:14:37 -04:00
Daniël Klabbers
c4806e19b5 prevent constant to be duplicated during tests 2019-09-11 12:20:35 +02:00
Daniël Klabbers
55d7e86a38 Merge branch 'master' of github.com:flarum/core 2019-09-11 11:59:10 +02:00
Daniël Klabbers
8e3eb5986f Fixes an issue where permission checks aren't made for guest users,
due to the gate being accessed after the check whether the user
is registered/signed in.
2019-09-11 11:58:27 +02:00
luceos
8b029f9cd4 Apply fixes from StyleCI
[ci skip] [skip ci]
2019-09-11 09:43:46 +00:00
Daniël Klabbers
58e1c6cd99 Fixes the queue listen command. We might need to rectify this implementation before stable. 2019-09-11 11:42:52 +02:00
Daniël Klabbers
923eea1cd8 Fixes an issue where a different cache driver is used and Formatter
attempts to load the s9e Renderer from the wrong cache. It has
to be saved locally so that it can be properly loaded using
the spl auto register functionality.
2019-09-10 12:33:25 +02:00
Franz Liedke
d4ad62c9b0 Fix instructions in PR template 2019-09-10 00:18:04 +02:00
flarum-bot
361d2e5ec2 Bundled output for commit 80ff7eb4ea [skip ci] 2019-09-09 21:37:54 +00:00
David Sevilla Martín
80ff7eb4ea Mark notification as read without visiting discussion (#1874) 2019-09-09 23:36:06 +02:00
flarum-bot
10bd406e18 Bundled output for commit 827c8ff50f [skip ci] 2019-09-09 21:07:00 +00:00
David Sevilla Martín
827c8ff50f Fix error thrown if textarea doesn't exist in TextEditor (#1852)
* Prevent textarea not existing from causing errors to be thrown

* Replace [0] with .length
2019-09-09 17:05:11 -04:00
Daniël Klabbers
22f3c82e9a listen and restart currently fail in the queue, see #1879 2019-09-09 15:47:56 +02:00
flarum-bot
405cc7b56e Bundled output for commit 12cc20ad62 [skip ci] 2019-09-08 17:33:39 +00:00
Matthew Kilgore
12cc20ad62 Fix the new edit user permission label (#1870) 2019-09-08 13:31:57 -04:00
David Sevilla Martín
5b8d8667d6 Add DB prefix to PHP tests (#1855)
* Add test job with PHP 7.3, MySQL & custom prefix

* Add prefix MariaDB test

* Add PHP 7.4 to tests

* Remove PHP 7.4 from tests

This reverts commit 270cba2f5f.
2019-09-08 13:28:39 -04:00
David Sevilla Martín
fb45773ecb Add back defaults for language and direction attributes (#1860) 2019-09-05 08:28:52 +02:00
flarum-bot
56dbcf026d Bundled output for commit cf16b6c20b [skip ci] 2019-09-05 00:34:59 +00:00
Franz Liedke
cf16b6c20b Optimize ScrollListener performance
Listen to "scroll" event and throttle callback executions instead
of actively polling for changes to the scroll position.

Fixes #1222.
2019-09-05 02:17:09 +02:00
Franz Liedke
ef38660f08 Fix failing test 2019-09-05 00:07:40 +02:00
Franz Liedke
9dc2f1eb8e Debug mode: Include stacktrace in JSON-API errors
Refs #1843, #1865.
2019-09-04 23:35:32 +02:00
Franz Liedke
5048e097a5 Refactor JSON-API error formatter 2019-09-04 23:30:22 +02:00
Franz Liedke
e52a5d8353 Apply fixes from StyleCI (#1867)
[ci skip] [skip ci]
2019-09-04 01:44:59 +02:00
Franz Liedke
429b8e1a32 Restore error details in JSON-API error formatter
Fixes #1865. Refs #1843.
2019-09-04 01:44:22 +02:00
Franz Liedke
a7b19284b9 Convert controller test to request test
This further decouples these tests from the implementation (i.e. which
controller are we calling?).
2019-09-04 01:27:24 +02:00
Matteo Contrini
0005da3a0d Allow formatting post content without a request (#1848) 2019-09-04 00:12:28 +02:00
Matthew Kilgore
e5e505e85a Add Edit User permission to permissions grid (#1859) 2019-09-03 23:54:38 +02:00
Franz Liedke
a61f6d4453 Merge pull request #1854 from flarum/fl/1641-fix-status-codes
Error handling: Fix status codes
2019-09-02 16:33:48 +02:00
dependabot[bot]
e04d825ee2 Bump lodash from 4.17.11 to 4.17.15 in /js (#1863)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.15.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.15)

Signed-off-by: dependabot[bot] <support@github.com>
2019-08-28 09:11:25 +02:00
dependabot[bot]
f95d2a8841 Bump mixin-deep from 1.3.1 to 1.3.2 in /js (#1862)
Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/jonschlinkert/mixin-deep/releases)
- [Commits](https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2)

Signed-off-by: dependabot[bot] <support@github.com>
2019-08-28 09:06:38 +02:00
Franz Liedke
6a6a915732 Remove unnecessary dependency
Refs #1773.
2019-08-22 10:04:38 +02:00
Franz Liedke
54b4292c5e Remove superfluous ForbiddenException
It has the same effect as the PermissionDeniedException, so let's
just use that.

Refs #1641.
2019-08-22 00:06:26 +02:00
Franz Liedke
fbc940412c When signups are prohibited, respond with HTTP 403 2019-08-21 23:48:24 +02:00
Franz Liedke
67aa8d5cef Move authentication check into assertCan() method
This will cause the right error (HTTP 401) to be thrown whenever
we're checking for a specific permission, but the user is not even
logged in. Authenticated users will still get HTTP 403.
2019-08-21 23:48:03 +02:00
Franz Liedke
152b455acf Remove unnecessary indirection 2019-08-21 00:06:32 +02:00
Franz Liedke
ee4a536de1 Document permission check methods 2019-08-21 00:06:31 +02:00
Franz Liedke
7d52a49cfb Fix inconsistent status codes
HTTP 401 should be used when logging in (i.e. authenticating) would make
a difference; HTTP 403 is reserved for requests that fail because the
already authenticated user is not authorized (i.e. lacking permissions)
to do something.
2019-08-21 00:06:31 +02:00
Franz Liedke
7eaa566f9a Travis: Remove deploy key 2019-08-21 00:06:16 +02:00