Commit Graph

135 Commits

Author SHA1 Message Date
Blake Erickson 2032c11f78
FIX: Return 422 when creating topics with tags w/out permission (#10400)
The UI prevents users from trying to create tags on topics when they
don't have permission, but if you are trying to add tags to a topic via
the API and you don't have permission before this change it would
silently succeed in creating the topic, but it wouldn't have any tags.

Now a 422 error will be returned with an error message when trying to
create a topic with tags when tagging is disabled or you don't have
enough trust level to add tags to a topic.

Bug report: https://meta.discourse.org/t/-/70525/14
2020-08-10 16:14:15 -06:00
David Taylor cb12a721c4
REFACTOR: Refactor pull_hotlinked_images job
This commit should cause no functional change
- Split into functions to avoid deep nesting
- Register custom field type, and remove manual json parse/serialize
- Recover from deleted upload records

Also adds a test to ensure pull_hotlinked_images redownloads secure images only once
2020-08-05 12:14:59 +01:00
Krzysztof Kotlarek e0d9232259
FIX: use allowlist and blocklist terminology (#10209)
This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 10:23:54 +10:00
jbrw 2aec92d0b4
FEATURE - allow Group Moderators to edit category description (#10292)
Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2020-07-23 09:50:00 -04:00
jbrw 0ed784b4fc
FEATURE: Create logs for Group Moderator changes (#10271) 2020-07-21 14:29:02 -04:00
jbrw 7ab5658462
FEATURE: Allow group moderators to add/remove staff notes (#10252)
* FEATURE: Allow group moderators to add/remove staff notes
2020-07-20 15:53:47 -04:00
Bianca Nenciu db1bebddce
FIX: Hide the post history for TL4 (#10065) 2020-06-18 13:27:51 +03:00
Vinoth Kannan 7fe414d35d FIX: hide rss feed & json if a user profile is hidden. 2020-06-03 19:03:02 +05:30
Blake Erickson 6548cd1a96 FIX: sending messages to groups with non-lowercase names
Fixes a regression in

e8fb9d4066

which caused a bug where you couldn't send a message to a group that
contained an Uppercase letter. Added a test case for this.

Bug report: https://meta.discourse.org/t/-/152999
2020-05-27 14:52:08 -06:00
Arpit Jalan e8fb9d4066 FIX: when creating new PM username/groupname should be case-insensitive
(take 2)

https://meta.discourse.org/t/case-sensitivity-in-links-to-groupname/147596
https://meta.discourse.org/t/remove-case-sensitive-in-adding-users-to-a-message/151275
2020-05-25 21:34:05 +05:30
Arpit Jalan 302b37c805 Revert "FIX: when creating new PM username/groupname should be case-insensitive"
This reverts commit 2be79d94f5.

This is affecting multiple code path. Investigating.
2020-05-25 20:10:14 +05:30
Arpit Jalan 2be79d94f5 FIX: when creating new PM username/groupname should be case-insensitive
https://meta.discourse.org/t/case-sensitivity-in-links-to-groupname/147596
https://meta.discourse.org/t/remove-case-sensitive-in-adding-users-to-a-message/151275
2020-05-25 19:04:59 +05:30
Michael Brown d9a02d1336
Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse""
This reverts commit 20780a1eee.

* SECURITY: re-adds accidentally reverted commit:
  03d26cd6: ensure embed_url contains valid http(s) uri
* when the merge commit e62a85cf was reverted, git chose the 2660c2e2 parent to land on
  instead of the 03d26cd6 parent (which contains security fixes)
2020-05-23 00:56:13 -04:00
Jeff Atwood 20780a1eee Revert "Merge branch 'master' of https://github.com/discourse/discourse"
This reverts commit e62a85cf6f, reversing
changes made to 2660c2e21d.
2020-05-22 20:25:56 -07:00
Blake Erickson 03d26cd6f0 SECURITY: ensure embed_url contains valid http(s) uri 2020-05-22 14:54:56 -06:00
Jarek Radosz 781e3f5e10
DEV: Use `response.parsed_body` in specs (#9615)
Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 17:04:12 +02:00
Martin Brennan 628ba9d1e2
FEATURE: Promote bookmarks with reminders to core functionality (#9369)
The main thrust of this PR is to take all the conditional checks based on the `enable_bookmarks_with_reminders` away and only keep the code from the `true` path, making bookmarks with reminders the core bookmarks feature. There is also a migration to create `Bookmark` records out of `PostAction` bookmarks for a site.

### Summary

* Remove logic based on whether enable_bookmarks_with_reminders is true. This site setting is now obsolete, the old bookmark functionality is being removed. Retain the setting and set the value to `true` in a migration.
* Use the code from the rake task to create a database migration that creates bookmarks from post actions.
* Change the bookmark report to read from the new table.
* Get rid of old endpoints for bookmarks
* Link to the new bookmarks list from the user summary page
2020-04-22 13:44:19 +10:00
Martin Brennan 344ef5226c
FEATURE: Edit bookmark reminders from post and explicit delete button (#9455)
There is now an explicit "Delete Bookmark" button in the edit modal. A confirmation is shown before deleting.

Along with this, when the bookmarked post icon is clicked the modal is now shown instead of just deleting the bookmark. Also, the "Delete Bookmark" button from the user bookmark list now confirms the action.

Add a `d d` shortcut in the modal to delete the bookmark.
2020-04-20 13:30:04 +10:00
Blake Erickson d04ba4b3b2
DEPRECATION: Remove support for api creds in query params (#9106)
* DEPRECATION: Remove support for api creds in query params

This commit removes support for api credentials in query params except
for a few whitelisted routes like rss/json feeds and the handle_mail
route.

Several tests were written to valid these changes, but the bulk of the
spec changes are just switching them over to use header based auth so
that they will pass without changing what they were actually testing.

Original commit that notified admins this change was coming was created
over 3 months ago: 2db2003187

* fix tests

* Also allow iCalendar feeds

Co-authored-by: Rafael dos Santos Silva <xfalcox@gmail.com>
2020-04-06 16:55:44 -06:00
Martin Brennan 849631188f
FEATURE: Allow custom date + time for bookmark reminders (#9185)
A custom date and time can now be selected for a bookmark reminder

The reminder will not happen at the exact time but rather at the next 5 minute interval of the bookmark reminder schedule.

This PR also fixes issues with bulk deleting topic bookmarks.
2020-03-12 10:52:15 +10:00
Jarek Radosz 29b35aa64c
DEV: Improve flaky time-sensitive specs (#9141) 2020-03-10 22:13:17 +01:00
Joffrey JAFFEUX 0ea11a9d49
FIX: ensures we don't attempt to create a new PM on an existing topic (#9029)
This fix attempts to both fix it at UI level and server side. A previous attempt related to this behavior has been made in commit: 49c750ca78
2020-02-24 08:55:12 -06:00
Régis Hanol 821e920711 DEV: fix deprecation warnings in specs
Also fixed a typo in a string key "max_pm_recepients" -> "max_pm_recipients"
2020-01-23 16:37:48 +01:00
Martin Brennan c677f8ee6a
DEV: Add debug lines for mystery no_user_selected error (#8759)
On some customer forums we are randomly getting a "You must select a valid user" error when sending a PM even when all parameters seem to be OK. This is an attempt to track it down with more data.
2020-01-21 10:50:44 +10:00
Gerhard Schlager ab07b945c2
Merge pull request #8736 from gschlager/rename_reply_id_column
REFACTOR: Rename `post_replies.reply_id` column to `post_replies.reply_post_id`
2020-01-17 17:24:49 +01:00
Mark VanLandingham 6ec3d42b16
FEATURE: Allow complex post params from plugin (#8598) 2019-12-20 10:37:12 -06:00
David Taylor a6aada16bd DEV: Refactor API key specs to avoid hard-coding keys
By hard-coding keys, we are not testing the API key system end to end. This change also makes the specs more resilient to upcoming API key changes
2019-11-29 15:16:22 +00:00
Sam Saffron 941162e90e FIX: draft not clearing when replying to new topic
This amends our API so we provide it with the draft key when saving a post
this means post creator can clean up the draft consistently even if we are
doing fancy stuff like replying to a new topic or new pm or whatever.

There will be some followup work to clean it up so client never calls destroy
on draft during normal operation and the #create/#update endpoints takes care of it
every time
2019-11-26 18:23:20 +11:00
Dan Ungureanu a992caf741
DEV: Replace magic values (#8398)
Follow-up to 35942f7c7c.
2019-11-25 14:32:19 +02:00
David Taylor 52c5cf33f8
FEATURE: Overhaul of admin API key system (#8284)
- Allow revoking keys without deleting them
- Auto-revoke keys after a period of no use (default 6 months)
- Allow multiple keys per user
- Allow attaching a description to each key, for easier auditing
- Log changes to keys in the staff action log
- Move all key management to one place, and improve the UI
2019-11-05 14:10:23 +00:00
Justin DiRose 63fabdb6f2 FIX: first post true if user creates topic first (#8139)
Reported here: https://meta.discourse.org/t/user-was-banned-for-posting-a-reply-within-3-seconds/128823/12
The problem here is the user could create a topic, then reply and get
silenced on the second time (though technically their first post) for being below the
min_first_post_typing_time threshold.
2019-10-02 15:51:40 -04:00
Rimian Perkins 6bbd83067d FEATURE: New post editing period for >= tl2 users (#8070)
* FEATURE: Add tl2 threshold for editing new posts

* Adds a new setting and for tl2 editing posts (30 days same as old value)
* Sets the tl0/tl1 editing period as 1 day

* FIX: Spec uses wrong setting

* Fix site setting on guardian spec

* FIX: post editing period specs

* Avoid shared examples
* Use update_columns to avoid callbacks on user during tests
2019-09-06 07:44:12 -04:00
Robin Ward a727968112 FIX: Provide an error message if no valid tags were selected 2019-07-25 12:46:16 -04:00
Dan Ungureanu 9f5cfa192e
FEATURE: Allow Markdown in post notices. (#7864) 2019-07-09 14:42:02 +03:00
Robin Ward f1d547c301 FEATURE: Show "in reply to" on the review queue
We now show if a queued or flagged post is a reply to another when in
the review queue. It's especially helpful for queued posts where
normally they are linked to the topic where they are created, and you
have no context about the reply.

Note that this will only apply to new queued posts going forward.
Previously queued posts will not show the "in reply to"
2019-06-05 12:34:41 -04:00
Guo Xiang Tan e2444e0d31 DEV: Fix another frozen string error. 2019-05-17 10:07:37 +08:00
Guo Xiang Tan ce15f085c6 DEV: Return the right response code and error message.
Follow up to d1dbafebbc.

Also remove test that is a duplicate of
867c1a5ac9.
2019-05-10 07:33:02 +08:00
Blake Erickson d1dbafebbc FIX: Return error if new topic category not found take 2
If creating a topic via the api as an admin and the category you specify
cannot be found an error will now be returned instead of just creating
the topic with no category. This will prevent accidental public topic
creation originally intended for a private category.

This commit is follow up to 535c594891 and
still allows for the creation of topics where the category param is
blank.
2019-05-09 11:27:45 -06:00
Guo Xiang Tan 867c1a5ac9 DEV: Add request spec for creating an uncategorized category. 2019-05-09 14:53:13 +08:00
Guo Xiang Tan 535c594891 Revert "FIX: Return error if new topic category not found"
This reverts commit 9c606dd99a.
2019-05-09 14:53:13 +08:00
Blake Erickson 9c606dd99a FIX: Return error if new topic category not found
If creating a topic via the api as an admin and the category you specify
cannot be found an error will now be returned instead of just creating
the topic with no category. This will prevent accidental public topic
creation originally intended for a private category.
2019-05-08 15:02:00 -06:00
Daniel Waterworth 73f25311fa Prefabricated post by user 2019-05-08 08:54:37 -04:00
Daniel Waterworth 0578809460 Prefabricate trust_level_4 2019-05-08 08:54:37 -04:00
Daniel Waterworth f984c1740f Use prefabricated user 2019-05-08 08:54:37 -04:00
Daniel Waterworth 86372a94d5 Prefabricated moderator at the top level 2019-05-08 08:54:37 -04:00
Daniel Waterworth e3c09c666b Prefabricated admin 2019-05-08 08:54:37 -04:00
Blake Erickson 5b5b5a5931 FIX: return an error if a user tries to whisper
This commit fixes a bug where a user creates a whisper post via the api
but is posted as a regular message because they don't have access to
whisper. Now a 403 unauthorized will be returned instead of the whisper
param just being ignored for regular users. Staff users should not be
affected by this change.

https://meta.discourse.org/t/a-whisper-is-posted-as-a-message-if-the-user-is-not-staff-moderator-admin-when-using-the-api/116601
2019-05-07 11:42:26 -06:00
Daniel Waterworth e219588142 DEV: Prefabrication (test optimization) (#7414)
* Introduced fab!, a helper that creates database state for a group

It's almost identical to let_it_be, except:

 1. It creates a new object for each test by default,
 2. You can disable it using PREFABRICATION=0
2019-05-07 13:12:20 +10:00
Sam Saffron 4ea21fa2d0 DEV: use #frozen_string_literal: true on all spec
This change both speeds up specs (less strings to allocate) and helps catch
cases where methods in Discourse are mutating inputs.

Overall we will be migrating everything to use #frozen_string_literal: true
it will take a while, but this is the first and safest move in this direction
2019-04-30 10:27:42 +10:00
Sam Saffron 442111af91 DEV: remove a couple of warnings from spec 2019-04-30 08:41:28 +10:00
Daniel Waterworth ad44243a57 Removed unused let blocks (#7446)
The bodies of these blocks were never evaluated.
2019-04-29 15:08:56 +08:00
Robin Ward 6f56fba016 UX: Update post actions to "Approve Post" and "Reject Post"
This should be more clear.
2019-04-23 12:19:11 -04:00
Robin Ward a5d9afe397 FEATURE: Include a user's pending posts in the topic view
Also includes a refactor to TopicView's serializer which was not
building our attributes using serializers properly.
2019-04-12 14:25:12 -04:00
Robin Ward 331a809738 FEATURE: Display the reason for many reviewable items
Queued Posts and Users will now display a reason why they are in the
review queue.
2019-04-11 12:04:45 -04:00
Robin Ward 87de5d9e8f Record the reason that a post was put into the queue 2019-04-10 17:42:49 -04:00
Robin Ward b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Robin Ward fa5a158683 REFACTOR: Move `queue_jobs` out of `SiteSetting`
It is not a setting, and only relevant in specs. The new API is:

```
Jobs.run_later!        # jobs will be thrown on the queue
Jobs.run_immediately!  # jobs will run right away, avoid the queue
```
2019-03-14 10:47:38 -04:00
Robin Ward d1d9a4f128 Add new `run_jobs_synchronously!` helper for tests
Previously if you wanted to have jobs execute in test mode, you'd have
to do `SiteSetting.queue_jobs = false`, because the opposite of queue
is to execute.

I found this very confusing, so I created a test helper called
`run_jobs_synchronously!` which is much more clear about what it does.
2019-03-11 16:58:35 -04:00
Arpit Jalan 05ebb52ec4
FEATURE: defer flags when deleting child replies (#7111) 2019-03-06 14:32:25 +05:30
Tim Lange 83f4c4a3f2 FIX: Fixed editing whispers bumps topic (#7106) 2019-03-05 18:02:20 +01:00
Joffrey JAFFEUX 1cd64f68f1
FIX: staff/admin shouldn’t be able to create uncategorized topics (#7077) 2019-02-28 15:51:13 +01:00
Gerhard Schlager b089ac1537 FIX: Posting without bump raised an error for TL4 2019-01-03 14:14:02 +01:00
Vinoth Kannan 2b006c0429 FEATURE: Invalidate broken images cache on Rebuild HTML action 2018-12-26 23:22:07 +05:30
Arpit Jalan 40f10855c6
FIX: defer flags (only) when handling a flag and deleting replies (#6702) 2018-11-29 22:44:18 +05:30
Robin Ward 467be59d75 FEATURE: Allow expanded posts to return user custom fields 2018-11-13 12:44:54 -05:00
Guo Xiang Tan d5df1db3c4 DEV: Improve tests to provide better errors when it fails. 2018-11-13 16:48:04 +08:00
Bianca Nenciu fa0e421af3 FIX: Do not leak information about post revisions. (#6536) 2018-10-31 14:47:00 +00:00
Bianca Nenciu f60b10d090 UX: Warn users if the post that's currently edited has changed. (#6498) 2018-10-17 15:35:32 +02:00
Bianca Nenciu 1d26a473e7 FEATURE: Show "Recently used devices" in user preferences (#6335)
* FEATURE: Added MaxMindDb to resolve IP information.

* FEATURE: Added browser detection based on user agent.

* FEATURE: Added recently used devices in user preferences.

* DEV: Added acceptance test for recently used devices.

* UX: Do not show 'Show more' button if there aren't more tokens.

* DEV: Fix unit tests.

* DEV: Make changes after code review.

* Add more detailed unit tests.

* Improve logging messages.

* Minor coding style fixes.

* DEV: Use DropdownSelectBoxComponent and run Prettier.

* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
Gerhard Schlager ef4b9f98c1 FEATURE: Allow admins to reply without topic bump 2018-08-10 10:48:30 +10:00
Joffrey JAFFEUX a2281fbb19
FEATURE: allows to jump to a date in a topic 2018-07-19 16:00:13 +02:00
Kyle Zhao 2901691e87 FEATURE: per-category approval settings (#5778)
- disallow moving topics to a category that requires topic approval
2018-07-13 12:51:08 +10:00
Arpit Jalan 6bcdc3ba4b FEATURE: allow author to delete posts irrespective of post_edit_time_limit 2018-06-26 21:43:06 +05:30
Guo Xiang Tan 3a8f69c3d2 DEV: Assert for 200 response code to avoid changing magic helper in the future. 2018-06-07 16:11:09 +08:00
Sam 89ad2b5900 DEV: Rails 5.2 upgrade and global gem upgrade
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated

Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
OsamaSayegh d3e610eed9 REFACTOR: topic controller (2) specs to requests (#5911) 2018-06-05 12:03:49 +08:00
Guo Xiang Tan 7fc8a36529 DEV: Take 2 Queue jobs in tests by default.
On my machine this cuts the time taken to run our test suite
from ~11mins to ~9mins.
2018-05-31 16:23:23 +08:00
Guo Xiang Tan 56e9ff6853 Revert "DEV: Queue jobs in tests by default."
Too risky for now

This reverts commit be28154d3b.
2018-05-31 15:34:46 +08:00
Guo Xiang Tan be28154d3b DEV: Queue jobs in tests by default. 2018-05-31 14:45:47 +08:00
OsamaSayegh 609804f5ef REFACTOR: merge posts controller specs into request specs 2018-05-23 08:53:46 +10:00
Robin Ward b9abd7dc9e FEATURE: Shared Drafts
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.

* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.

* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.

* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.

* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
2018-03-20 17:15:26 -04:00
Guo Xiang Tan 5c93d07d2a Remove duplication of params in tests. 2018-03-02 09:25:46 +08:00
Sam 75172024ca SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:27 +11:00
Robin Ward 6b04967e2f FEATURE: Staff members can lock posts
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Guo Xiang Tan 77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00