Robin Ward
28f486cb7a
FIX: Regular users shouldn't be able to invite to PMs if disabled
2017-05-19 12:57:21 -04:00
Robin Ward
addc85cd08
FIX: Don't let users edit wiki posts unless they can reply
2017-05-08 16:23:11 -04:00
Guo Xiang Tan
a28704bcee
FIX: Can't recover a post when its user has been deleted.
...
https://meta.discourse.org/t/moving-posts-to-new-topic/58436
2017-03-06 14:29:06 +08:00
Arpit Jalan
213a496203
FIX: show all staff events related to the target user
2017-02-22 13:31:40 +05:30
Arpit Jalan
b32f33b3f0
FIX: allow staff members to send PMs when enable_private_messages is disabled
2017-02-22 11:32:09 +05:30
Arpit Jalan
046cbad10b
FEATURE: add a button on admin user page that links to action log
2017-02-21 21:38:37 +05:30
Arpit Jalan
dc2171960b
FIX: allow existing users to be invited to topic/message when must_approve_users is enabled
2017-02-03 13:01:23 +05:30
Leo McArdle
c76f6856ea
FEATURE: reply as new message to the same recipients
2017-01-27 12:24:31 +08:00
Guo Xiang Tan
58f3a2e9a9
Fix randomly failing spec.
2017-01-06 15:25:49 +08:00
Guo Xiang Tan
c7b151683d
FIX: Do not allow admins to meddle with admin and moderation access of non real users.
2016-12-29 11:11:33 +08:00
Guo Xiang Tan
5d7f3223f0
SECURITY: Users can only bookmark posts which they can see.
2016-12-21 12:01:26 +08:00
Neil Lalonde
c75bebdea2
FIX: uncategorized setting to control whether topic featured links are allowed
2016-12-20 15:55:30 -05:00
Neil Lalonde
923cf73c6e
Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox.
2016-12-19 14:54:07 -05:00
Erick Guan
52763f5115
FEATURE: Allow posting a link with topics
2016-12-05 17:20:54 +01:00
Sam
674264726d
FIX: should not be allowed to see users list of people who started a PM
2016-10-19 17:36:35 +11:00
Sam Saffron
4d8d5613e4
FEATURE: add min_trust_level_to_edit_post
...
add minimum trust level to edit post (default 0)
2016-10-01 02:12:27 +10:00
Sam Saffron
46b34e3c62
FEATURE: remove user option for edit history public
...
Users can no longer opt-in for "public" edit history
if site owner disables it.
This feature adds cost and complexity to post rendering since
user options need to be premeptively loaded for every user in the
stream. It is also confusing to explain to communities with private edit
history.
2016-07-16 21:30:00 +10:00
Sam
d61df21d69
FEATURE: allow people to send messages to themselves (for notes etc)
2016-07-04 11:36:43 +10:00
Guo Xiang Tan
dfdc54957c
FIX: A blocked user should not be able to moderate anything.
2016-06-20 15:51:26 +08:00
Neil Lalonde
f3f6c2f98f
FEATURE: tag groups
2016-06-06 14:18:48 -04:00
Neil Lalonde
0f8b4dcc86
FIX: trust level 3 should not be able to edit topics in categories that restrict them from doing so
2016-06-01 15:42:10 -04:00
Arpit Jalan
b25d950d99
FEATURE: allow moderators to convert a private message to public topic or vice versa
2016-05-04 22:47:32 +05:30
Arpit Jalan
acfb540952
FEATURE: move a topic from PM to regular topic or vice versa
2016-05-02 21:34:05 +05:30
Robin Ward
de82bd946d
FIX: Group members should be able to see their groups even if private
2016-04-26 14:17:53 -04:00
Sam
8ba57c0ffd
FIX: restrict moderators from creating/editing topics in readonly categories
...
In the past moderators had blanket access to all categories they were allowed
to see. This tightens down the restriction.
2016-04-13 15:59:38 +10:00
Arpit Jalan
094f7a73d5
FIX: allow post editing but do not allow ninja edit for active flagged post
2016-03-31 00:11:08 +05:30
Arpit Jalan
6f0137dec9
FEATURE: disable post editing when the post has active flag
2016-03-30 23:28:49 +05:30
Neil Lalonde
fd853e0776
FIX: error when sending a private message to a group in some cases
2016-03-23 16:20:31 -04:00
Arpit Jalan
3e32393ab6
FIX: do not allow normal users to wiki edit-expired posts
2016-03-15 15:05:57 +05:30
Régis Hanol
415efd0f5b
FIX: staged user doesn't get notified for replies in topics they created in secured categories
2016-02-24 11:30:17 +01:00
Sam
3829c78526
PERF: shift most user options out of the user table
...
As it stands we load up user records quite frequently on the topic pages,
this in turn pulls all the columns for the users being selected, just to
discard them after they are loaded
New structure keeps all options in a discrete table, this is better organised
and allows us to easily add more column without worrying about bloating the
user table
2016-02-17 18:08:25 +11:00
Arpit Jalan
106e3c897f
FIX: TL3 users should not be able to edit title of archived topics
2016-01-29 01:16:41 +05:30
Neil Lalonde
685ba1eb7f
FEATURE: blocked users can send and reply to private messages from staff
2016-01-22 12:54:24 -05:00
Arpit Jalan
06bac23e5f
FEATURE: allow users to wikify their own posts based on trust level
2016-01-12 08:44:25 +05:30
Andy Waite
3e50313fdc
Prepare for separation of RSpec helper files
...
Since rspec-rails 3, the default installation creates two helper files:
* `spec_helper.rb`
* `rails_helper.rb`
`spec_helper.rb` is intended as a way of running specs that do not
require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's
current `spec_helper.rb` does).
For more information:
https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files
In this commit, I've simply replaced all instances of `spec_helper` with
`rails_helper`, and renamed the original `spec_helper.rb`.
This brings the Discourse project closer to the standard usage of RSpec
in a Rails app.
At present, every spec relies on loading Rails, but there are likely
many that don't need to. In a future pull request, I hope to introduce a
separate, minimal `spec_helper.rb` which can be used in tests which
don't rely on Rails.
2015-12-01 20:39:42 +00:00
Sam Saffron
6dd4bc7d57
FEATURE: support group owner, capable of controlling group membership
...
Group owners are regular users that can add or remove users to a group
The Admin UX allows admins to appoint group owners
The public group UX will display group owners first and unlock UI to
add and remove members
Group owners can only be appointed on non automatic groups
Group owners may not appoint another group owner
2015-11-10 00:56:57 +11:00
Arpit Jalan
9f8d6b6088
FIX: allow exisiting users to be invited to topic/message when enable_local_logins is disabled
2015-10-30 11:28:05 +05:30
Sam
e29fe77b45
FEATURE: make trust level for message sending configurable
...
- add min_trust_to_send_messages site setting (default 1) to allow admins
to configure when messages can be sent between members
2015-10-12 11:15:48 +11:00
Robin Ward
5af0f5f80e
FEATURE: Whisper posts
2015-09-11 14:05:21 -04:00
Arpit Jalan
4d593d1c18
FIX: staff should be immune to max_invites_per_day setting
2015-06-05 10:22:41 +05:30
Sam
dd91d5b02f
FEATURE: disable invites by setting max_invites_per_day to 0
2015-05-19 16:51:21 +10:00
Robin Ward
f9069c350f
FIX: Permission issues when editing topics
...
If a user can't create a topic in a category, they should'be be
able to edit topics.
2015-04-30 17:08:12 -04:00
Arthur Neves
b8cbe51026
Convert specs to RSpec 2.99.2 syntax with Transpec
...
This conversion is done by Transpec 3.1.0 with the following command:
transpec
* 424 conversions
from: obj.should
to: expect(obj).to
* 325 conversions
from: == expected
to: eq(expected)
* 38 conversions
from: obj.should_not
to: expect(obj).not_to
* 15 conversions
from: =~ /pattern/
to: match(/pattern/)
* 9 conversions
from: it { should ... }
to: it { is_expected.to ... }
* 5 conversions
from: lambda { }.should_not
to: expect { }.not_to
* 4 conversions
from: lambda { }.should
to: expect { }.to
* 2 conversions
from: -> { }.should
to: expect { }.to
* 2 conversions
from: -> { }.should_not
to: expect { }.not_to
* 1 conversion
from: === expected
to: be === expected
* 1 conversion
from: =~ [1, 2]
to: match_array([1, 2])
For more details: https://github.com/yujinakayama/transpec#supported-conversions
2015-04-25 11:18:35 -04:00
Régis Hanol
3a40875e0b
Merge pull request #3247 from jmay/group-manager-invites
...
group manager can issue invitations from restricted topics
2015-03-16 09:53:04 +01:00
Neil Lalonde
608647d02f
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts.
2015-03-10 11:59:08 -04:00
Jason W. May
0f36774246
group manager can invite members into the group from any restricted topic
2015-03-03 12:18:42 -08:00
Régis Hanol
1a070b16e4
FIX: use the 'post edit time limit' for topics too
2015-02-25 20:53:21 +01:00
Régis Hanol
3cad4824d7
FEATURE: allow moderators to see flagged private messages
2015-02-16 13:03:04 +01:00
Robin Ward
e207ca36ee
Easier helper for filtering secured categories
2015-02-12 11:52:59 -05:00
Luciano Sousa
0fd98b56d8
few components with rspec3 syntax
2015-01-09 13:34:37 -03:00
Régis Hanol
6cec925f26
FIX: all PMs should be flaggable
2015-01-08 16:06:43 +01:00
Neil Lalonde
3cb25b019e
FIX: when private messages are disabled in settings, flag modal shouldn't show private message options
2014-12-19 16:47:39 -05:00
Régis Hanol
de76b512c1
fix most deprecations in the specs (still some left)
2014-09-25 17:44:48 +02:00
Robin Ward
309b67add4
FIX: If a post has been hidden due to flagging, don't use the absolute
...
edit window for edit prevention.
2014-09-16 11:21:14 -04:00
Sam
0f585bcdbe
FIX: PM should never be allowed to have a category
...
FIX: TL3 should not be allowed to muck with PM titles
2014-09-11 17:39:34 +10:00
Sam
e3f7d2a3ac
remove elder terminology in specs
2014-09-05 16:55:48 +10:00
Sam
59d04c0695
Internal renaming of elder,leader,regular,basic to numbers
...
Changed internals so trust levels are referred to with
TrustLevel[1], TrustLevel[2] etc.
This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
Neil Lalonde
2f32af3941
FIX: staff should be able to edit topics that have been archived
2014-08-15 12:45:05 -04:00
Sam
347aa343b0
fix spec, I don't agree with allowing mods and staff to edit this
2014-08-15 12:56:03 +10:00
Neil Lalonde
5caf72510c
Prevent deleting the static page doc topics
2014-08-13 17:03:45 -04:00
Régis Hanol
3ae1ebdfc3
FIX: use PostDestroyer when deleting/recovering a topic
2014-08-07 19:12:35 +02:00
Sam
e7e70d14da
Merge pull request #2591 from BenLubar/benlubar-edit-history-public
...
add profile option for edit history visibility
2014-07-30 14:09:10 +10:00
Neil Lalonde
fc22127726
FIX: only admin can edit faq, tos, and privacy policy
2014-07-29 10:40:09 -04:00
Ben Lubar
93ea940a4d
add spec for public edit history
2014-07-29 01:00:39 -05:00
Régis Hanol
bddffa7f9a
FEATURE: flag dispositions normalization
...
All flags should end up in one of the three dispositions
- Agree
- Disagree
- Defer
In the administration area, the *active* flags section displays 4 buttons
- Agree (hide post + send PM)
- Disagree
- Defer
- Delete
Clicking "Delete" will open a modal that offer to
- Delete Post & Defer Flags
- Delete Post & Agree with Flags
- Delete Spammer (if available)
When the flag has a list associated, the list will now display 1
response and 1 reply and a "show more..." link if there are more in the
conversation. Replying to the conversation will NOT give a disposition.
Moderators must click the buttons that does that.
If someone clicks one buttons, this will add a default moderator message
from that moderator saying what happened.
The *old* flags section now displays the proper dispositions and is
super duper fast (no more N+9999 queries).
FIX: the old list includes deleted topics
FIX: the lists now properly display the topic states (deleted, closed,
archived, hidden, PM)
FIX: flagging a topic that you've already flagged the first post
2014-07-28 19:28:07 +02:00
riking
19b757b058
FEATURE: Hide deleted posts by default for staff
2014-07-17 10:40:15 -07:00
Arpit Jalan
48f86181bf
REFACTOR: move all conditions to guardian
2014-07-04 23:04:19 +05:30
Robin Ward
a2fec165d5
Disable editing of hidden posts within a timeframe from when the post
...
was initially hidden.
2014-06-20 15:38:03 -04:00
Neil Lalonde
4f523ae1b9
Don't allow invites if local logins are disabled, since it provides a way to bypass external auth
2014-06-18 16:46:20 -04:00
Neil Lalonde
faed17aa18
Moderators should always be able to create topics too
2014-06-09 15:28:03 -04:00
Neil Lalonde
4d50d0d109
FIX: admins should be able to create topics, even if min_trust_to_create_topic is higher than their trust level
2014-06-09 11:03:21 -04:00
Wojciech Zawistowski
960d64930c
Wiki Post
2014-05-13 08:53:11 -04:00
Neil Lalonde
e68e97d986
FIX: moderators can't see private topics that they aren't invited to see.
2014-05-12 15:26:46 -04:00
Neil Lalonde
f44bd4ec28
Don't allow sending private messages to suspended users. Emails to suspended users should tell them how to respond, since they can't.
2014-05-06 15:01:27 -04:00
Neil Lalonde
7993c27ce5
Also allow system_user to send pm's even if enable_private_messages is disabled
2014-04-25 14:52:57 -04:00
Neil Lalonde
ee8bbadfe8
Allow contact user to send private messages even if enable_private_messages is false
2014-04-23 17:00:22 -04:00
Robin Ward
84da39f5dc
FIX: Admins should always be able to see groups so they can edit them.
2014-04-23 15:15:46 -04:00
Robin Ward
af877781b7
Allow admins to choose if groups are visible or not.
2014-04-22 16:43:46 -04:00
Robin Ward
539890afdf
Let's not show tons of extra information about invites unless you're the
...
person who invited them.
2014-03-21 14:16:11 -04:00
Neil Lalonde
2c725e2779
FEATURE: Trust level 4 abilities: pin/unpin, close, archive, make invisible, split/merge topic
2014-03-17 14:50:28 -04:00
Forest Carlisle
e904b2faad
Adding name to the list of uneditable items in preferences UI
...
* If enable_names, enable_sso, and sso_overrides_name settings are true.
* Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 13:26:40 -07:00
Régis Hanol
fd1c824187
Revert "Merge pull request #2116 from LessonPlanet/disable-name-edit-for-sso"
...
This reverts commit 91aa21671a
, reversing
changes made to f19596af0d
.
2014-03-13 18:17:59 +01:00
Neil Lalonde
283dc7dd2d
Trust level 4: add ability to edit any post and see edit history
2014-03-13 10:47:49 -04:00
Forest Carlisle
e8c7c6fab7
Adding name to the list of uneditable items in preferences UI
...
* If enable_names, enable_sso, and sso_overrides_name settings are true.
2014-03-12 17:09:53 -07:00
Neil Lalonde
2838e1c3b5
FIX: don't show option to flag with notify_user to trust level 0 users. they can't send private messages.
2014-03-10 11:48:40 -04:00
Douglas Browne
a1e70ac57e
Added spec for SSO override username/email changes
2014-03-09 21:38:36 -04:00
Neil Lalonde
b696c96a19
Look at the age of a user's first post to determine if the user can be nuked, instead of looking at when the user registered.
2014-02-20 12:29:40 -05:00
Neil Lalonde
8711762143
Users who have made no more than one post can delete their own accounts from their user preferences page.
2014-02-13 13:52:06 -05:00
Sam
81a4b4d97e
Merge pull request #1939 from lukemelia/patch-1
...
Fixed typo in test name
2014-02-13 17:15:49 +11:00
Robin Ward
f73a3f252a
FIX: Don't allow parent categories to be deleted. Also, remove
...
duplicated logic and rely on the server response for `can_delete`
status.
2014-02-12 17:24:25 -05:00
Luke Melia
e4ff06baad
Fixed typo in test name
2014-02-12 15:24:44 -05:00
Sam
93434be16d
SECURITY: reduce moderator rights
...
You can now hide particular categories from certain moderators
2014-02-07 14:11:52 +11:00
Robin Ward
8c29ed870e
Non-staff users may not delete their posts in archived topics.
2014-01-17 17:42:12 -05:00
Neil Lalonde
7c8ea8c166
Trust level 3 users can edit topic titles and change category
2014-01-16 11:59:26 -05:00
Neil Lalonde
259295d865
Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year.
2014-01-09 11:55:04 -05:00
verg
8a830fb8e3
Prevent deleting 'uncategorized' category
2013-12-31 11:22:44 -06:00
Jithu Gopal
9584ecb295
fixing gender sensitive pronouns
2013-12-03 10:19:54 +05:30
Neil Lalonde
0c6f794eb0
Used the term suspended instead of banned.
2013-11-07 13:53:49 -05:00
Robin Ward
de30af9302
Support for inviting to a forum from a user's invite page.
2013-11-06 12:56:50 -05:00
Sam
666264879c
change it so all topics MUST include a category, we store a special uncategorized category to compensate
...
this cleans up a bunch of internals and removes some settings
2013-10-24 12:08:02 +11:00
Matthieu Guillemot
3ba1f20674
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-14 21:34:21 +09:00
Sam
5b08f73561
give god rights of impersonation to developers, must be edited into the production.rb config file
2013-09-05 10:27:34 +10:00
Neil Lalonde
b47eedba00
Add min_trust_to_create_topic setting to require a certain trust level before users can start new topics
2013-09-03 19:12:22 -04:00
Neil Lalonde
663adde90e
Users can change their own username at any time if they have no posts
2013-08-23 11:23:00 -04:00
Régis Hanol
c867b67a0b
custom avatar support
2013-08-13 22:08:29 +02:00
Neil Lalonde
b8a1e21dbd
Delete all posts is allowed for the same amount of time as delete user
2013-08-13 11:11:05 -04:00
Neil Lalonde
b36c6d7b78
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:55:09 -04:00
Neil Lalonde
4fd5087f91
Add button to delete a spammer in the flag modal
...
Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI
Moderators can delete users too
2013-07-29 15:29:44 -04:00
Neil Lalonde
e25638dab0
add a way to delete posts and topics when deleting a user with UserDestroyer
2013-07-29 15:29:43 -04:00
Sam
7b1f9928e4
staff can change trust levels
2013-07-23 09:13:48 +10:00
Sam
1f3c5cb656
allow end user to recover a post they delete
...
automatically delete stubs after 1 day
2013-07-22 17:48:47 +10:00
Sam
352ac9e60c
Finalize read only and post only categories, finished off UI work
2013-07-16 15:46:11 +10:00
Sam
ecf17cfebb
work in progress, add fidelity to category group permissions (full, create posts, readonly)
2013-07-16 15:46:11 +10:00
Robin Ward
6ca5df0a09
Can recover deleted topics. Deleted topics show the first post as deleted in the UI.
2013-07-12 12:09:17 -04:00
Robin Ward
19c169540c
Staff can enter and view deleted topics
2013-07-11 16:39:35 -04:00
Neil Lalonde
7977deb3bf
Don't allow editing of title and category of an archived topic
2013-07-09 16:54:46 -04:00
Robin Ward
b7327942af
Add `deleted_by` to `Trashable` tables
2013-07-09 15:46:36 -04:00
Neil Lalonde
b2d300fe0b
Add ability to give users a title. Show them under usernames beside posts. Needs love from a designer.
2013-06-25 18:39:20 -04:00
Sam
e53aa45f54
I think this is more correct, admins/mods should always be able to invite
2013-06-21 16:35:27 +10:00
Neil Lalonde
c4904aacc0
Automatically flag someone as a spammer if their posts get at least X spam flags from N users while their trust level is 'new user'. Staff can clear and set this status from the user record in admin.
2013-06-03 16:37:40 -04:00
Matt Van Horn
872995db57
refactor guardian class for clarity & correctness
...
introduce NullUser to avoid type-checking
DRY up code
reduce number of multiple returns
remove some redundant/impossible logic branches
add pending test for possible bug
add test & fix for ability to flag archived posts
add #secure_category? method to topic class
Fix bug that prevented flagging of archived topics
Rename NullUser to AnonymousUser
DRY up can_<action>? methods
Fix some ownership logic, and a test, for Guardian
2013-05-22 01:09:34 -07:00
Sam
b5eff93a9d
update message bus to support per client filtering
...
start work on user_tracking_state
fix can_ban? in guardian
expose protected scopes on topic_query we need
move guardian spec to use build as opposed to creating topics / posts / users
start work on user tracking spec
2013-05-21 16:39:51 +10:00
Sam
4f328e3e45
+x on files makes no sense unless they really are executable
...
rails in the script dir makes no sense, use binstubs or bundler instead
2013-05-09 17:35:15 +10:00
Sam
e9fc272db7
remove acts_as_paranoid, use .trash! , .recover! and .with_deleted as needed
...
makes upgrading to rails 4 possible
2013-05-07 14:39:01 +10:00
Sam
65cd00cf25
moderators now have teeth, more at http://meta.discourse.org/t/moderator-permission-set/6307/5
...
allow pms to be targetted at groups
2013-05-02 15:15:53 +10:00
Sam
5cfcdc7ef0
backend for secure categories mostly done (todo pm groups)
2013-04-29 16:33:43 +10:00
Neil Lalonde
651cfba93f
Add ability to destroy a user with 0 posts
2013-04-12 16:53:00 -04:00
Robin Ward
738789f336
Admins can't lock themselves out of a site by setting approval.
2013-04-03 12:23:28 -04:00
Karan Misra
5dfb04e4b3
Convert a lot of :a => b to a: b and bring peace to the world
2013-03-25 05:07:36 +05:30
Robin Ward
59fc3bfac4
PostDestroyer to replace callbacks for destroying
2013-03-18 17:55:11 -04:00
Gosha Arinich
0c99dea153
introduce Enum
2013-03-01 21:16:36 +03:00
Gosha Arinich
cafc75b238
remove trailing whitespaces ❤️
2013-02-26 07:31:35 +03:00
Ismael Abreu
80bec6efc9
Adds grant and revoke moderation buttons so admins can make users moderators
2013-02-14 01:12:23 +00:00
Robin Ward
03a798b202
Can clear flags on deleted posts if you're a moderator
2013-02-08 19:07:29 -05:00
Robin Ward
084a873b91
Give regular users a delete button. If they click it, their post will be revised to
...
say it was deleted.
2013-02-07 15:14:23 -05:00
Robin Ward
21b5628528
Initial release of Discourse
2013-02-05 14:16:51 -05:00