Commit Graph

345 Commits

Author SHA1 Message Date
Sam 7df4e4afb9 security fix, anon should not be treated as though they can create anything 2013-10-13 09:54:48 +11:00
Navin Keswani d87389b38e No more rails 4 deprecation warnings 2013-08-25 23:18:11 +02:00
Navin 9ab2471a92 Fix rails4 deprecation warnings
That appear when running topic_spec.rb
2013-08-15 17:52:18 +02:00
Neil Lalonde 882c1524f7 Strip trailing and leading spaces from category names 2013-07-30 16:48:45 -04:00
Stephan Kaag 0e3b8fbb24 Remove some calls to `all`. They are not required, and Rails4 raises warnings about them. 2013-07-22 20:44:11 +02:00
Sam 352ac9e60c Finalize read only and post only categories, finished off UI work 2013-07-16 15:46:11 +10:00
Sam ecf17cfebb work in progress, add fidelity to category group permissions (full, create posts, readonly) 2013-07-16 15:46:11 +10:00
Ian Christian Myers 0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Ian Christian Myers 130d837952 Implemented strong_parameters for Category/CategoriesController.
Category now requires parameters to be permitted by strong_parameters using #require or #permit for mass-assignment. Missing required parameters now throw a ActionController::ParameterMissing execption instead of the Discourse::InvalidParameters execption.
2013-06-04 23:45:25 -07:00
Sam 870e59883b secure the links on the topic pages, eliminated deleted topics as well. 2013-06-05 16:10:26 +10:00
Sam d2c1eb090e Merge pull request #921 from nirnanaaa/postgres-truefalse
removed t's and f's from models
2013-05-30 21:38:26 -07:00
Neil Lalonde b82a5dfd56 Move logic to reject slugs that are just numbers into the slug module 2013-05-30 11:54:02 -04:00
Neil Lalonde 7d5c313456 Don't allow category slugs that are numbers 2013-05-30 11:09:09 -04:00
Sam e93b7a3b20 more progress towards live unread and new counts, unread message implemented, still to implement delete messages 2013-05-30 16:49:57 +10:00
nirnanaaa 364113a4d5 removed t and f 's from group model
removed t and f 's from user model as mentioned in #919

removed t's and f's from category model
2013-05-29 22:10:43 +02:00
Robin Ward 560fb15d8a Include pinned topics in category list.
- removes an (n+1) query for user data
- supports the preload store for the data to avoid a second request
- fix a bug where uncategorizes was reporting (0, 0, 0) for topics by week, month, year
2013-05-28 15:36:16 -04:00
Victor Cruz Dueñas bca006feca removed unnecesary method 2013-05-24 18:03:02 +02:00
Sam ca2dee52db moved comments to the bottom, they are way less intrusive there 2013-05-24 12:48:32 +10:00
Sam 2cd95bc649 lets try out annotations 2013-05-24 12:35:14 +10:00
Robin Ward 7a31630837 Search Refactor: Remove some manual SQL, make search data tables more idomatic Rails/AR 2013-05-22 16:31:13 -04:00
Robin Ward 27828c5ec2 Merge pull request #871 from avdi/refactoring-with-josh-and-avdi
Various refactorings towards Ruby/Rails idiom from Josh Susser and Avdi Grimm
2013-05-21 07:18:50 -07:00
Josh Susser and Avdi Grimm 5659b66729 Refactor select().map() to use pluck.
Remove a method already provided by ActiveRecord.
2013-05-17 15:11:37 -04:00
Lee Machin dadb7eaa23 fix crash caused by incorrect query in scope
setting all categories to be secured led to a blank screen on all pages

use stabby lambda for consistency in class

make the test a little more concise

- move the local assignments into let blocks for
reusability

- remove calls to `to_a`, which aren't needed

- use 'be_empty' instead of '[]' to be consistent
with the other matchers in the test

add a test for the `secured` scope with multiple
secured categories
2013-05-15 22:26:52 +01:00
Sam b6bf95e741 speed up startup (avoid loading some gems on startup)
correct group permission leaks
add Discourse.cache for richer caching support
2013-05-13 18:04:03 +10:00
Sam 942f168ab6 UI still a tad rough, but we have a first pass of secure categories 2013-05-10 16:47:47 +10:00
Sam 4f328e3e45 +x on files makes no sense unless they really are executable
rails in the script dir makes no sense, use binstubs or bundler instead
2013-05-09 17:35:15 +10:00
Sam 5cfcdc7ef0 backend for secure categories mostly done (todo pm groups) 2013-04-29 16:33:43 +10:00
Sam 4d9dc82be0 bug fix 2013-04-24 14:39:31 +10:00
Neil Lalonde c0f3c47196 Use message bus to broadcast addition and removal of categories 2013-04-10 15:53:36 -04:00
Robin Ward 79c986dd92 Fix issue with duplicate slugs 2013-04-01 12:26:51 -04:00
Kuba Brecka d50b5e1fd8 make sure Category.topic_count is consistent with week/year stats 2013-03-31 13:22:05 +02:00
Robin Ward 36269cfbaa Rename 'popular' to 'latest'. First stab at 'Hot' tab. 2013-03-27 16:21:23 -04:00
Régis Hanol 3bf6625aa4 displays a message when a failure happen while creating a new category 2013-03-14 22:25:55 +01:00
Robin Ward 8c02d2f48d Robin sucks at merging! This fixes a n+1 query. 2013-03-08 16:48:56 -05:00
Robin Ward b8fd734d0e Merge branch 'refactor-category' of git://github.com/goshakkk/discourse
Conflicts:
	app/models/category.rb
2013-03-08 10:49:25 -05:00
Sam d6ca23a75b remove N+1 queries 2013-03-08 05:34:19 -08:00
Robin Ward 052887c296 Category Topics are no longer invisible, they are pinned. 2013-03-07 12:46:23 -05:00
Gosha Arinich a1825fece9 refactor Category
* move callback bodies to separate methods (easier to test)
2013-03-05 21:09:13 +03:00
Gosha Arinich 6e5399d544 minor cleanup, using AR querying DSL over raw SQL in some places 2013-02-28 21:54:12 +03:00
Gosha Arinich cafc75b238 remove trailing whitespaces ❤️ 2013-02-26 07:31:35 +03:00
Robin Ward 532b1f5450 Can edit category descriptions, they show up in a `title` attribute 2013-02-22 13:43:47 -05:00
Dan Neumann 37ca391f50 validate category user_id. 2013-02-19 21:24:38 -06:00
Dan Neumann fac75401ef category stats shouldn't include deleted topics. 2013-02-16 21:10:18 -06:00
Jakub Arnold 61654ab8f0 Fix all the trailing whitespace 2013-02-07 16:45:24 +01:00
Robin Ward 21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00