Commit Graph

2782 Commits

Author SHA1 Message Date
Clark Winkelmann
15114ebd90 Fix formatting 2018-02-09 18:42:43 +01:00
Clark Winkelmann
51adf57f17 Fix formatting 2018-02-09 18:41:51 +01:00
Clark Winkelmann
d47aed59c6 Add extension rollback command 2018-02-09 18:32:44 +01:00
Toby Zerner
c3d034d2fa Merge pull request #1361 from clarkwinkelmann/extendable-notification-methods
Extendable notification methods
2018-02-09 13:51:39 +10:30
Clark Winkelmann
e0b7182908 Fix jsdoc for notification types 2018-02-09 02:53:05 +01:00
Clark Winkelmann
982cbe4b49 Use an extendable ItemList for notification methods 2018-02-09 02:51:42 +01:00
Johann Rodríguez
0fedee8f80 No slug? Then no '-' separator! (#1351)
* Stop using slug separator when there is no slug

* Changing as per upstream requirements
2018-02-09 07:22:50 +10:30
Toby Zerner
6922c3081e Remove excerpt margin on mobile 2018-02-08 07:18:29 +10:30
Toby Zerner
327989d40c Fix CSS rule 2018-02-08 07:08:54 +10:30
Toby Zerner
4ccdd32bb4 Fix regression: set actor before eager loading user state 2018-02-08 07:08:39 +10:30
Toby Zerner
6a53fe35b3 Improve search performance (#1339)
* Improve fulltext gambit

* Only search in visible posts

This change relies on the `visibility-scoping` branch to be merged.

* Change posts table to use InnoDB engine

Doing a JOIN between an InnoDB table (discussions) and a MyISAM table
(posts) is very very (very) bad for performance. FULLTEXT indexes are
fully supported in InnoDB now, and it is a superior engine in every
other way, so there is no longer any reason to be using MyISAM.

* Use ::class

* Only search for comment posts

* Add fulltext index to discussions.title

* Fix migration not working if there is a table prefix

* Update frontend appearance

* Apply fixes from StyleCI

[ci skip] [skip ci]

* Show search result excerpts on mobile
2018-02-08 06:38:08 +10:30
Daniel Klabbers
a816068397 Improved the console configuring event to support any type of console command to be added 2018-02-07 13:58:31 +01:00
Clark Winkelmann
63a9258fe4 Add console configuration event (#1349)
* Add console configuration event

* Fix comment formatting
2018-02-07 21:49:08 +10:30
Daniel Klabbers
bcc239d468 validation requires nullable now in order to allow null values to pass the validation 2018-02-02 11:38:06 +01:00
Toby Zerner
0f49b62bcf Merge pull request #1358 from clarkwinkelmann/avatar-permission
Assert permission when updating avatar
2018-02-01 06:54:47 +10:30
Clark Winkelmann
8835aee224 Assert permission when updating avatar 2018-01-31 16:36:42 +01:00
Toby Zerner
c4b8875be2 Don't break compatibility with extensions that return a function name
eg. s9e/mediaembed
2018-01-31 07:20:49 +10:30
Toby Zerner
4af6acdbda Grant users permission to view empty discussions if they can edit posts
This fixes an issue where unapproved discussions (via
flarum-ext-approval) that were rejected became invisible to the user.

This solution is imperfect and some more substantial thought into how
flarum-ext-approval works is required in the future.
2018-01-30 11:14:25 +10:30
Toby Zerner
b5eab781f1 Overhaul model visibility scoping (#1342)
* Overhaul the way model visibility scoping works

- Previously post visibility scoping required concrete knowledge of the
  parent discussion, ie. you needed a Discussion model on which you
  would call `postsVisibleTo($actor)`. This meant that to fetch posts
  from different discussions (eg. when listing user posts), it was a
  convoluted process, ultimately causing #1333.

  Now posts behave like any other model in terms of visibility scoping,
  and you simply call `whereVisibleTo($actor)` on a Post query. This
  scope will automatically apply a WHERE EXISTS clause that scopes the
  query to only include posts whose discussions are visible too. Thus,
  fetching posts from multiple discussions can now be done in a single
  query, simplifying things greatly and fixing #1333.

- As such, the ScopePostVisibility event has been removed. Also, the
  rest of the "Scope" events have been consolidated into a single event,
  ScopeModelVisibility. This event is called whenever a user must have
  a certain $ability in order to see a set of discussions. Typically
  this ability is just "view". But in the case of discussions which have
  been marked as `is_private`, it is "viewPrivate". And in the case of
  discussions which have been hidden, it is "hide". etc.

  The relevant API on AbstractPolicy has been refined, now providing
  `find`, `findPrivate`, `findEmpty`, and `findWithPermission` methods.
  This could probably do with further refinement and we can re-address
  it once we get around to implementing more Extenders.

- An additional change is that Discussion::comments() (the relation
  used to calculate the cached number of replies) now yields "comments
  that are not private", where before it meant "comments that are
  visible to Guests". This was flawed because eg. comments in non-public
  tags are technically not visible to Guests.

  Consequently, the Approval extension must adopt usage of `is_private`,
  so that posts which are not approved are not included in the replies
  count. Fundamentally, `is_private` now indicates that a discussion/
  post should be hidden by default and should only be visible if it
  meets certain criteria. This is in comparison to non-is_private
  entities, which are visible by default and may be hidden if they don't
  meet certain criteria.

Note that these changes have not been extensively tested, but I have
been over the logic multiple times and it seems to check out.

* Add event to determine whether a discussion `is_private`

See https://github.com/flarum/core/pull/1153#issuecomment-292693624

* Don't include hidden posts in the comments count

* Apply fixes from StyleCI (#1350)
2018-01-27 09:57:16 +10:30
Franz Liedke
5d76cf8e55 Convert closures in arrays to Compat extenders as well
Refs #851.
2018-01-21 22:38:06 +01:00
Franz Liedke
57bb2e17b5 Use cursor() fetching when deleting many posts
Refs #1319.
2018-01-21 21:53:48 +01:00
Franz Liedke
ac04b6ada5 Assets extender: Remove defaultAssets() method
See a7821a24a2 (r26990974).
2018-01-21 21:14:08 +01:00
Toby Zerner
b1ea9aa4ee Fix docblocks 2018-01-21 08:28:15 +10:30
Toby Zerner
ee8d7c63cd Fix Laravel 5.5 query scoping 2018-01-21 08:28:08 +10:30
Toby Zerner
64b30faa39 Merge pull request #1330 from clarkwinkelmann/signup-fields-locking
Prevent editing fields in sign up modal according to identification data
2018-01-12 08:38:49 +10:30
Clark Winkelmann
2797eaff9a Rename method and attribute, and remove unnecessary attribute filtering 2018-01-11 23:05:26 +01:00
Clark Winkelmann
324616728e Merge remote-tracking branch 'upstream/master' into signup-fields-locking 2018-01-11 22:54:41 +01:00
Toby Zerner
050d6bdc9e Remove use of event priorities
Event priorities are no longer in Laravel - see dbbfc62bef

Updated the AbstractPolicy terminology to reflect the new behaviour,
which is that there is no guarantee that the catch-all methods will run
after all specific methods have run globally. This behaviour is only
guaranteed within the policy.
2018-01-11 14:10:37 +10:30
Toby Zerner
1b15f6cded Fix docblock return type 2018-01-11 12:11:48 +10:30
Toby Zerner
3b5a5ea2ba Use whereRaw instead of Expression 2018-01-11 11:56:18 +10:30
Toby Zerner
00ddef53b4 Use ::class, update some typehints 2018-01-11 11:55:57 +10:30
Franz Liedke
b491bd1e36 Avoid calculations in views
Instead, look up existence of navigation links in the underlying
API document.
2018-01-10 20:39:53 +01:00
Franz Liedke
81c86b726c Use Blade's inject helper 2018-01-10 20:36:50 +01:00
Franz Liedke
973c629719 Add pagination link for previous page 2018-01-10 20:35:07 +01:00
Franz Liedke
a331f750cf Only display pagination link if necessary
Otherwise, search engines start indexing pages that aren't filled yet.

Refs #189.
2018-01-10 20:34:25 +01:00
Franz Liedke
c07ed29057 Don't use invokables with Container::call() 2018-01-10 19:37:18 +01:00
Franz Liedke
73662598ef Re-introduce Compat extender
Turns out Container::call() does not work with invokable classes.
Thus, we need to wrap callables in a custom extender class to
support injecting any resolvable type-hint automatically.

Refs #851.
2018-01-10 19:32:57 +01:00
Toby Zerner
cc1239fe9f Update test namespaces 2018-01-11 01:25:10 +10:30
Franz Liedke
d7536d4f50 Get rid of Compat extender
Now that we support any form of callable to be returned from the
bootstrap.php files, it is no longer needed.
2018-01-09 22:35:40 +01:00
Franz Liedke
37c29a14e5 Turn extenders into callables
This simplifies the API and gives extension developers more
flexibility, for a) maintaining backwards compatibility, and
b) doing advanced stuff that extenders do not allow.

Note that only extenders are guaranteed to work across
different versions of Flarum (once the API surface is stable).

See the discussion in https://github.com/flarum/core/pull/1335.
2018-01-09 20:49:51 +01:00
Daniel Klabbers
d175953f90 fixed two typehints on migrations repository 2018-01-09 16:28:50 +01:00
Toby Zerner
b140263830 Merge pull request #1340 from clarkwinkelmann/fix-password-changed-on-reset
Dispatch user events after password reset
2018-01-09 13:35:24 +10:30
Clark Winkelmann
9eae3cc318 Dispatch user events after password reset
Previously PasswordChanged was never sent
2018-01-09 03:44:06 +01:00
Franz Liedke
fd40e1a7fc Tweak route registration extender: Use plural
This makes it more consistent with other existing extenders,
while also making registration of multiple routes more
comfortable for extension developers, and likely slightly
more performant. :-)
2018-01-07 19:50:49 +01:00
Franz Liedke
cd6c259274 Merge pull request #1338 from gwillem/fix-permissions
Remove execute permissions from php/less files
2018-01-07 18:30:40 +01:00
Willem de Groot
257fb93d03 Fix StyleCI spacing 2018-01-06 12:03:02 +01:00
Willem de Groot
d613e5293c Remove execute permissions from php/less files 2018-01-06 11:59:25 +01:00
Toby Zerner
a8f792c34b Merge branch '0.1.0-beta.7' 2018-01-06 20:06:43 +10:30
Clark Winkelmann
31b925164c Always apply attributes from token when registering
The change introduced in #1033 transformed any identification attribute returned from an OAuth provider to just a default value.

When the identification attribute used by the provider is the email or username, this allowed the user to supply a different email or username and still getting an already-enabled account with the credentials he entered.

Skipping attributes with an existing value makes no sense here because it's a always a fresh user and values from AbstractOAuth2Controller::getIdentification() should always be enforced.
2018-01-06 20:04:42 +10:30
Toby Zerner
6df4e63910 Merge pull request #1335 from flarum/next-back-extenders
Start of PHP extenders API
2018-01-06 09:17:27 +10:30