Commit Graph

716 Commits

Author SHA1 Message Date
Robin Ward ae277e28a6 FEATURE: Allow embedding topics without creating them, by id 2015-06-09 16:24:20 -04:00
Sam Saffron e3fa27a01c FEATURE: serialize and update category custom_fields
- send to client
- update from client
2015-06-10 06:13:36 +10:00
Robin Ward 7b6d6b76eb FEATURE: Multiple embeddable hosts
- Also refactors two site settings components into one, with tests
2015-06-09 13:25:43 -04:00
Arpit Jalan 74141cc475 FIX: send 404 error when unauthorized user tries to download user archive 2015-06-08 11:32:31 +05:30
Sam Saffron 73646184aa correct specs 2015-06-05 18:58:20 +10:00
Arpit Jalan b33654ac31 Remove site setting stubbing (Round 1) 2015-06-03 15:44:00 +05:30
Régis Hanol acafa491b2 user avatar urls/templates refactor 2015-05-29 18:51:17 +02:00
Régis Hanol cb025a65e0 FIX: make sure we also save the user_avatar.custom_upload_id 2015-05-29 10:21:41 +02:00
Neil Lalonde ea8cf1a208 FIX: topic auto-close uses the client's time zone 2015-05-27 18:01:46 -04:00
Régis Hanol 83d2b59fc3 FIX: s3 endpoint when using 'us-east-1' region 2015-05-27 17:50:49 +02:00
Sam a988cd5abe FIX: redirect to CDN avatar for s3 avatars 2015-05-27 12:02:57 +10:00
Sam 147ea002f7 FIX: allow handling for avatars that are not in the set of "resized sizes" 2015-05-26 15:41:50 +10:00
Régis Hanol bb0c2813ac FEATURE: generate (avatar) thumbnails in a background task
FIX: keep the "uploading..." indicator until the server replies via the MessageBus
FIX: text was disapearing when uploading an avatar

PERF: always use a region for S3 (defaults to 'us-east-1')
FEATURE: ApplyCDN middleware when using S3
FIX: use the same pattern to store files on S3 and locally
PERF: keep a local cache of uploads when generating thumbnails
FEATURE: migrate_to_s3 rake task
2015-05-25 17:59:00 +02:00
Sam 379eb01aab missing prep in test 2015-05-23 15:39:44 +10:00
Sam bcaed90744 fix missing rtl stylesheets 2015-05-23 15:25:05 +10:00
Sam 96dbeb8608 fix stylesheet cache to recover if file is on disk 2015-05-22 11:22:12 +10:00
Régis Hanol c91634c09a FIX: support for async uploads of emojis 2015-05-20 16:45:48 +02:00
Régis Hanol 8d967d9065 FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-20 16:45:48 +02:00
Robin Ward 7d23826cee FIX: Keep around the page when redirecting 2015-05-20 10:16:17 -04:00
Régis Hanol 7d3b7a5657 fix the build 2015-05-20 15:32:31 +02:00
Sam 8be746b285 fix spec 2015-05-20 12:35:22 +10:00
Sam d1d703718a Merge pull request #3476 from paulkaplan/sso-distrust-email
Add SSO setting to not trust emails automatically
2015-05-20 12:07:14 +10:00
Paul Kaplan 1c34341f31 Replace site setting with a payload attribute 2015-05-19 11:16:02 -05:00
Régis Hanol 9ded21e4c6 FIX: consistent and future-proof upload storage pattern 2015-05-19 12:31:12 +02:00
Paul Kaplan b8a43e153c Use session controller to prevent inactive SSO users 2015-05-15 12:15:06 -05:00
Erick Guan 4c00eef8b5 FIX: category custom slug can't be set when generation method is none 2015-05-13 16:54:19 +08:00
Robin Ward 0b65c88003 Upgrade Notifications to fix deprecations and use store 2015-05-11 11:20:45 -04:00
Sam 124ae8ada6 correct spec 2015-05-06 12:01:47 +10:00
Robin Ward 16408cee06 Allow Postgres to trigger readonly mode for the site. 2015-04-29 11:49:58 -04:00
Sam 6a338afbdd Merge pull request #3403 from zzakcanncode/rspec_up
Rspec 3
2015-04-28 07:50:30 +10:00
Arpit Jalan 2932284293 FEATURE: magic login route for admin when SSO is enabled 2015-04-27 22:54:48 +05:30
Arthur Neves b8cbe51026
Convert specs to RSpec 2.99.2 syntax with Transpec
This conversion is done by Transpec 3.1.0 with the following command:
    transpec

* 424 conversions
    from: obj.should
      to: expect(obj).to

* 325 conversions
    from: == expected
      to: eq(expected)

* 38 conversions
    from: obj.should_not
      to: expect(obj).not_to

* 15 conversions
    from: =~ /pattern/
      to: match(/pattern/)

* 9 conversions
    from: it { should ... }
      to: it { is_expected.to ... }

* 5 conversions
    from: lambda { }.should_not
      to: expect { }.not_to

* 4 conversions
    from: lambda { }.should
      to: expect { }.to

* 2 conversions
    from: -> { }.should
      to: expect { }.to

* 2 conversions
    from: -> { }.should_not
      to: expect { }.not_to

* 1 conversion
    from: === expected
      to: be === expected

* 1 conversion
    from: =~ [1, 2]
      to: match_array([1, 2])

For more details: https://github.com/yujinakayama/transpec#supported-conversions
2015-04-25 11:18:35 -04:00
Robin Ward 3a6efa25f0 Allow ReadOnly to propogate up to the Ember app via Response Header 2015-04-24 14:37:16 -04:00
Robin Ward 5bf8c31af4 Users can see their pending posts 2015-04-21 16:44:47 -04:00
Robin Ward 2459f52c71 Merge pull request #3375 from techAPJ/patch-2
FEATURE: invite existing users to private topic
2015-04-16 11:13:42 -04:00
Arpit Jalan 866d1cd8e3 FIX: handle error for duplicate email_in address 2015-04-16 16:23:22 +05:30
Arpit Jalan d491d4f997 FEATURE: invite existing users to private topic 2015-04-16 00:52:54 +05:30
Robin Ward 0c233e4e25 Interface is wired up for Approving/Rejecting posts 2015-04-15 14:54:37 -04:00
Robin Ward 96d2c5069b Interface for reviewing queued posts 2015-04-15 14:54:37 -04:00
Robin Ward 19a9a8b408 `NewPostManager` determines whether to queue a post or not 2015-04-15 14:54:36 -04:00
Arpit Jalan 499bed69e2 FIX: show error message if user already exist in group 2015-04-15 14:15:58 +05:30
Sam 2a3f71a9a1 SECURITY: log off all existing sessions when resetting password 2015-04-15 08:57:43 +10:00
Robin Ward 869d8e25ad Promotion fails if the user account isn't old enough yet. 2015-04-14 12:14:59 -04:00
Robin Ward db4c04d606 FIX: Moderators shouldn't be able to see secure deleted posts 2015-04-13 11:48:31 -04:00
Sam 75890aed26 FEATURE: allow admins to choose a group as a primary group
FEATURE: allow admins to set a default title for a group
2015-04-10 12:17:28 +10:00
Sam f5d89169e2 FEATURE: initial implemenation of anonymous posting mode 2015-04-07 18:05:31 +10:00
Robin Ward 28864e74bc FIX: Don't show the filter title on the default route 2015-03-30 11:40:44 -04:00
Sam 48c58601a6 fix spec 2015-03-27 13:14:50 +11:00
Sam 94fceaf517 Remove non-legit test, we should always change attributes even if external is unchanged
Overriding should be all or nothing
2015-03-27 09:57:43 +11:00
Robin Ward 2cc5858163 Add site setting to disable User Directory, include restricted info 2015-03-26 11:26:19 -04:00
Robin Ward 33e35930b0 FIX: Server error when no results on user directory while logged in 2015-03-25 11:18:46 -04:00
Sam 92e371f0b3 FEATURE: civilized mute
Allow user to mute all notifications generated by specific users
2015-03-24 11:55:22 +11:00
Robin Ward 6d38005a22 Allow staff to change uneditable user fields 2015-03-20 15:18:43 -04:00
Robin Ward 7ef306cd3b A bunch of tweaks to the Users directory
- Move user directory from `/directory` to `/users/`
- Defaults to 'weekly' time period
- Don't include deleted topics/posts in the results
- Move heart icon to header instead of on each row
- "Users" instead of "Users found"
2015-03-19 12:29:38 -04:00
Robin Ward 3d2d224312 FEATURE: User Directory, with sorting and time period filter 2015-03-18 15:20:34 -04:00
Sam 89ea125c73 automatic need only be added once to the hash 2015-03-18 17:47:39 +11:00
Jason W. May 0f36774246 group manager can invite members into the group from any restricted topic 2015-03-03 12:18:42 -08:00
Neil Lalonde 1bf4f34049 FIX: topic and post counts are not updated when ownership of a post is changed 2015-03-02 12:13:21 -05:00
Régis Hanol 7d8dd9d93b fix some rspec deprecations 2015-02-26 13:05:20 +01:00
Sigurður Guðbrandsson 83f719fb80 FIX: Cleaned the commit
Only changing the code I changed, not other tests.
2015-02-26 01:24:21 +00:00
Sigurður Guðbrandsson 73068d5fa3 ADD: Spec tests for User Badge triggers
NOTE: The DiscourseEvent trigger mechanism is VERY weird.
If there are ANY triggers triggered in the chain, you can't only list the one you're looking for, you have to list all triggers in the order they will come.

Example: line 98-100
:user_created and :user_verified are triggers that are introduced in PR #3237 so if this PR is accepted but not PR #3237 then lines 98-99 need to be removed.
2015-02-26 00:55:17 +00:00
Robin Ward 3e2ba5b30b FIX: If an IP is blocked, don't allow people to login using it 2015-02-25 16:02:40 -05:00
Robin Ward 005b8bf7c3 FIX: When creating a SSO user via sync, do not user the IP address. 2015-02-25 14:41:23 -05:00
Dan Singerman 1c545d4c1e Allow adding and removing members of groups by username or id
As discussed here: https://meta.discourse.org/t/discourse-gem-group-add/25668/2.
2015-02-25 14:52:13 +00:00
Sam fe578f9944 FEATURE: Allow manual assignment of related post to badge
PERF: clean up performance of user badges admin when large number of badges exist
2015-02-25 12:53:01 +11:00
Robin Ward 34dc1f9e10 Spec to ensure that SSO respects blocked emails 2015-02-23 17:14:54 -05:00
Robin Ward ca5730018a FIX: SSO code should respect IP address filters 2015-02-23 16:01:46 -05:00
Robin Ward 8186d86f38 FIX: Enforce max length for custom user fields 2015-02-23 13:02:30 -05:00
Régis Hanol 20c9a312c7 FIX: clicks counter on attachments wasn't always working 2015-02-22 20:47:18 +01:00
Sam 17927b2e8b FIX: don't use flash cause we are not redirecting
(we should probably change that though)
2015-02-20 10:28:58 +11:00
Sam b041b3f67f FIX: bookmark topic was not working intuitively
- explicitly call out "clear bookmarks"
- correct keyboard shortcuts
- properly remove bookmarks when toggeling
2015-02-19 10:58:57 +11:00
Loïc Guitaut 395654bf24 Fix regression on editing private messages
v1.2.0beta9 has introduced a regression in edit of a private topic
(first post). Previously a check for no change in TopicsController was
made but it has been changed without considering that the topic could
be private.

By simply forcing a conversion of `topic.category_id` to integer, the case
where its value is nil is handled correctly as it was previously.
2015-02-18 00:41:16 +01:00
Régis Hanol 0b45054e2b FIX: couldn't uncategorize a topic 2015-02-16 10:31:36 +01:00
Robin Ward 3ce2077aa8 Migrate unsubscribe keys to the database.
This should reduce a lot of the keys in redis.
2015-02-13 14:24:15 -05:00
Régis Hanol c4e427cf73 FEATURE: filter screened IP addresses 2015-02-10 19:38:59 +01:00
Robin Ward 8d46de4819 Add a spec for the new plugins controller 2015-02-10 12:35:53 -05:00
Sam e8323fa534 FIX: removing a group from a user was not removing primary group 2015-02-09 16:03:09 +11:00
riking 4c8850108a SECURITY: Don't leak topic title in the redirect 2015-02-04 11:55:39 -08:00
Sam b1f81c0dca Merge pull request #3080 from riking/misc
Miscellaneous fixes from PR#3000
2015-01-30 10:23:17 +11:00
Sam ea7af7a83b Merge pull request #3135 from longhotsummer/fix-no-user-params
FIX: creating a user shouldn't error when optional fields aren't given
2015-01-30 10:12:57 +11:00
riking 85a7b925c7 Miscellaneous fixes from PR#3000
FIX: Don't require login to view post raw
FIX: Don't submit read-guidelines for anonymous users (causes
unnecessary 403 errors from ensure_logged_in)
FIX: Don't pass nil to an array serializer
2015-01-29 13:56:32 -08:00
Robin Ward 1f40807001 Add extensibility point for whenever a post is created 2015-01-29 12:46:29 -05:00
Greg Kempe d99ccf6d27 FIX: creating a user shouldn't error when optional fields aren't provided
This fixes a bug where the server would 500 if the only user fields
where optional ones, and the create_user call didn't provide any
values so that params[:user_fields] was nil.

Additionally, don't bother double-checked for required fields, since we
iterate over all fields and will catch any that are required and blank.
2015-01-27 11:48:27 +02:00
Régis Hanol f7f5e39f75 FIX: Minor Admin bug with a setting when creating a new group 2015-01-23 20:31:48 +01:00
Régis Hanol 256519dddf FEATURE: automatic group membership based on email address 2015-01-23 18:25:43 +01:00
Robin Ward b3a2c0c45b SECURITY: The SSO `return_path` was an open redirect
This security fix needs SSO to be configured, and the user has to go
through the entire auth process before being redirected to the wrong host so
it is probably lower priority for most installs.
2015-01-22 12:20:17 -05:00
Régis Hanol e300945879 FEATURE: split group admin in 2 tabs (custom & automatic)
FIX: clear the user-selector when adding new members
2015-01-21 20:52:48 +01:00
riking 1ab0d6bd82 FEATURE: Log username changes by staff
Also fix the tests for changing username
2015-01-17 02:26:12 -08:00
Régis Hanol 7a86abd105 Merge pull request #3084 from jmay/group-managers
table & model changes for group managers with permission to edit members
2015-01-16 12:02:38 +01:00
Arpit Jalan c619aed8f9 💄 add username and date-time in exported file name 2015-01-16 01:39:46 +05:30
Jason W. May a2b284a0a4 table & model changes for group managers with permission to edit membership 2015-01-15 11:44:42 -08:00
Arpit Jalan b94c7922c5 🐎 gzip csv export files 2015-01-14 13:38:37 +05:30
Régis Hanol 1032fa7262 Merge pull request #3089 from lucianosousa/enhacement/controllers-rspec3
controllers with rspec3 syntax
2015-01-12 16:25:31 +01:00
Luciano Sousa bc73238c8f controllers with rspec3 syntax 2015-01-09 14:04:02 -03:00
Luciano Sousa 16156bdc1d removing rspec3 warning 2015-01-09 09:55:58 -03:00
Sam efc717c14a FEATURE: remove star concept from Discourse 2015-01-07 13:43:27 +11:00
Jeff Atwood 6953923a03 remove |starred| from topnav default options 2015-01-06 16:03:45 -08:00
Régis Hanol 060cda7772 FIX: proper handling of group memberships 2015-01-05 18:51:45 +01:00
Neil Lalonde 4c166942ad FEATURE: Invite admin api has an optional param send_email which can prevent sending an email to the invited user. The api will return the password reset url so that the caller can send an email with it instead. 2015-01-02 15:48:54 -05:00
Régis Hanol 9fcaf090ec Merge pull request #3068 from fantasticfears/category_slug
support setting category slug
2015-01-02 11:55:27 +01:00
Arpit Jalan bfe95966b4 better filenames for export 2015-01-02 15:30:50 +05:30
Robin Ward 35edfb5b91 FIX: Don't truncate groups. @ZogStrIP we need to create a better fix for
this in the new year.
2014-12-31 12:58:50 -05:00
Arpit Jalan 78537aad39 FIX: rate limit user posts export 2014-12-31 00:54:23 +05:30
Erick Guan 1e166d89ff support setting category slug 2014-12-30 03:14:54 +08:00
Robin Ward 1055fc0919 Merge pull request #3021 from jmay/custom-category-slug
optional custom value for category slug (create and update)
2014-12-29 10:34:23 -05:00
Régis Hanol 267de04e2d Merge pull request #3061 from techAPJ/patch-1
Rename CsvExportLog to UserExport
2014-12-29 12:39:53 +01:00
Régis Hanol bfbc49ef6f FIX: log only 1 'show email' record 2014-12-29 11:50:36 +01:00
Arpit Jalan 68e66f3a25 Rename CsvExportLog to UserExport 2014-12-28 22:31:12 +05:30
Régis Hanol 9932bea7ce FEATURE: default emoji override 2014-12-25 17:58:15 +01:00
Arpit Jalan 7c7474aa10 create a new table to maintain csv export log 2014-12-24 16:25:36 +05:30
Arpit Jalan bb152a5b3f FEATURE: download user posts archive 2014-12-24 15:13:48 +05:30
Sam 5b844f5320 FEATURE: more than 1 site customization can be enabled at once
FIX: more robust site customizations

Rewrote site customization to use distributed cache and a much cleaner
css delivery mechanism
2014-12-23 13:03:48 +11:00
Régis Hanol 45dbdb6896 FEATURE: custom emojis 2014-12-23 01:12:26 +01:00
Robin Ward 9bb2ab6265 Merge pull request #3034 from fantasticfears/filter_system_user
disable sending email or show presence when forgot system user password
2014-12-19 16:52:01 -05:00
Erick Guan ceca85c9eb use system user helper and constant when it's referred 2014-12-18 18:21:14 +08:00
Sam ae16186100 FEATURE: post chunk size should not be configurable
If people need to configure post chunk size use a plugin
Core only supports out of the box settings, if changed can lead to
severe performance issues.
2014-12-15 10:57:34 +11:00
Blake Erickson 02ade72ceb Update username should return a json response
- Have update username return json response that contains the updated
  username and id. I figured this would be better than just return "OK".
- Add test to verify that the new username is returned.
2014-12-10 09:43:16 -07:00
Erick Guan 9937af7ac4 disable sending email or show presence when forgot system user password 2014-12-10 14:17:56 +08:00
Blake Erickson 1d0eccf710 Have activate user return json
- Change activate user from admin controller to return json
- Test that it returns json
- Remove unnessary test from log_out spec

This commit was created so that when you activate a user through the api
it returns a json response.
2014-12-08 11:16:57 -07:00
Blake Erickson e9e88c9b82 Remove legacy avatar code
- Remove method that was only left around because the
  [api](https://github.com/discourse/discourse_api/pull/53) called it
- Modify test to use new route instead of legacy route

https://meta.discourse.org/t/legacy-route-for-avatars/22838/2
2014-12-07 06:13:14 -07:00
Blake Erickson a61519eebf Have pick_avatar return json.
I'm working on writing a test in the discourse_api gem for uploading
avatars and the pick method needs to return a json response.

I also added a test to make sure json is returned.
2014-12-06 09:26:32 -07:00
Jason W. May efa872e426 optional custom value for category slug (create and update) 2014-12-03 16:23:59 -08:00
Sam a8ff5fe97c Merge pull request #3002 from jmay/group-membership-api
use limit & offset for pagination of group members
2014-12-03 11:11:10 +11:00
Régis Hanol f226e4efc0 FIX: don't error out when updating a topic with no changes 2014-12-02 02:16:30 +01:00
Blake Erickson bdc92eec70 Have log_out method return json.
This commit helps improve the discourse_api experience so that we can
check the json response if it was a success or not. This commit also
checks that a 404 is sent instead of a 500 if a bad user_id is passed
in.
2014-12-01 06:03:25 -07:00
Régis Hanol 5b90ceb71d FEATURE: rolls up 1.2.*.* IP ranges when number of entries > 10 2014-11-27 19:29:30 +01:00
Sam 013f1a6dd0 FEATURE: allow creating admin and moderator accounts via SSO 2014-11-27 12:39:00 +11:00
Sam c10e3df012 FEATURE: implement SSO provider on Discourse so Auth can be farmed to it
FEATURE: pass return_sso_url to SSO endpoints, for easier return
2014-11-26 17:26:27 +11:00
Jason W. May 610c2a4d65 checking actual values in the spec, not just counts 2014-11-25 09:12:24 -08:00
Jason W. May adb570fe53 use limit & offset for pagination of group members 2014-11-24 12:12:48 -08:00
Régis Hanol 7b0ae702e7 FEATURE: log a new staff action when rolling up banned IP addresses 2014-11-24 19:48:54 +01:00
Régis Hanol 1023191315 FEATURE: roll up function for 123.456.789.* ranges 2014-11-24 17:25:48 +01:00
Sam 1c498eb491 FEATURE: API endpoint for inviting an admin 2014-11-24 15:42:56 +11:00
Jason W. May 6f8119ebb8 Merge branch 'master' into group-admin-incremental 2014-11-21 10:04:05 -08:00
Régis Hanol b8d806ee07 FEATURE: delete all accounts from this IP in the IP lookup modal 2014-11-20 19:59:20 +01:00
Jason W. May 50de22801f API addition: HTTP PATCH support for /groups/xxx: incremental membership changes 2014-11-20 09:29:56 -08:00
Arpit Jalan aebf36c356 remove /download from csv file url 2014-11-20 00:34:38 +05:30
Régis Hanol a036ac7bdc FIX: users can see the raw email source of their own posts 2014-11-12 14:49:42 +01:00
David McClure efc4109902 update specs to remove deprecation warnings 2014-11-07 06:05:44 -08:00
Régis Hanol bb2d538194 FEATURE: log impersonations 2014-11-06 10:58:47 +01:00
Robin Ward 068d22e9b3 Add API support for querying admin reports by date range 2014-11-05 13:11:37 -05:00
Robin Ward c9eb809dad FIX: The text to users who signed up when approval was required was
misleading.
2014-11-04 15:48:03 -05:00
Régis Hanol b09ad87098 FIX: add 'show emails' button from moderators in user admin section 2014-11-03 12:46:08 +01:00
Robin Ward 316f1bea04 SECURITY: Don't allow redirects with periods in case you don't control
other tlds on the same domain.
2014-10-30 11:31:44 -04:00
Régis Hanol 865194f409 FIX: cannot show email for pending/inactive users 2014-10-29 01:07:27 +01:00
Sam 7d6d8bd0a3 FEATURE: admin end point to sync sso /admin/users/sync_sso
Must be admin to invoke (api is fine too), uses same sso payload nonce is ignored
2014-10-28 11:25:21 +11:00
Régis Hanol e7f251c105 LOTS of changes to properly handle post/topic revisions
FIX: history revision can now properly be hidden
FIX: PostRevision serializer is now entirely dynamic to properly handle
hidden revisions
FIX: default history modal to "side by side" view on mobile
FIX: properly hiden which revision has been hidden
UX: inline category/user/wiki/post_type changes with the revision
details
FEATURE: new '/posts/:post_id/revisions/latest' endpoint to retrieve
latest revision
UX: do not show the hide/show revision button on mobile (no room for
them)
UX: remove CSS transitions on the buttons in the history modal
FIX: PostRevisor now handles all the changes that might create new
revisions
FIX: PostRevision.ensure_consistency! was wrong due to off by 1
mistake...
refactored topic's callbacks for better readability
extracted 'PostRevisionGuardian'
2014-10-27 22:06:43 +01:00
Robin Ward 71f211f0b3 FEATURE: Allow users to select a badge with an image to appear on their
user card
2014-10-20 16:35:38 -04:00
Robin Ward 1cf4a0d604 Rename "User Expansion" to the much clearer "User Card" 2014-10-20 12:11:59 -04:00
Jeff Atwood 92b615b503 reorganize site settings a bit 2014-10-19 23:14:50 -07:00