77d4c4d8dc
Fix all the errors to get our tests green on Rails 5.1.
2017-09-25 13:48:58 +08:00
4d840d10db
PERF: Reduce number of Redis hits per requests.
2017-09-07 13:34:27 +08:00
8463b676df
Revert "Activate mini-profiler when in profiling env."
...
This reverts commit d61109388c
2017-09-06 11:26:03 +08:00
d61109388c
Activate mini-profiler when in profiling env.
2017-09-06 11:19:20 +08:00
2e4b3e9b06
Don't include all html builders on client and server side
2017-08-07 11:29:35 -04:00
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
6eb6c25816
FIX: Keep the flash when redirecting for login_required
2017-05-25 14:10:15 -04:00
d0f84aa14e
FIX: missing to_i which breaks selector component for anon
2017-05-24 11:39:10 -04:00
e1dd543a93
FEATURE: allow users to select theme on single device
2017-05-15 12:48:16 -04:00
2d96a0785d
FEATURE: theme selection is now global per-user
2017-05-12 12:41:34 -04:00
b381372184
Use Ember.js for the `/u/account-created` path so we can add controls
2017-05-03 11:18:01 -04:00
8b8ee2ad61
Pass a context in when using a HTML builder
2017-04-18 12:35:35 -04:00
1363988cd7
Support for an HTML builder that can create dynamic HTML
2017-04-17 17:32:55 -04:00
04016f0dec
Support Ruby 2.4.
2017-04-15 12:29:00 +08:00
ed2e62f845
correct environment handling for test mode
2017-04-14 14:00:46 -04:00
def7348777
FIX: display custom sections with default theme
...
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
a3e8c3cd7b
FEATURE: Native theme support
...
This feature introduces the concept of themes. Themes are an evolution
of site customizations.
Themes introduce two very big conceptual changes:
- A theme may include other "child themes", children can include grand
children and so on.
- A theme may specify a color scheme
The change does away with the idea of "enabled" color schemes.
It also adds a bunch of big niceties like
- You can source a theme from a git repo
- History for themes is much improved
- You can only have a single enabled theme. Themes can be selected by
users, if you opt for it.
On a technical level this change comes with a whole bunch of goodies
- All CSS is now compiled using a custom pipeline that uses libsass
see /lib/stylesheet
- There is a single pipeline for css compilation (in the past we used
one for customizations and another one for the rest of the app
- The stylesheet pipeline is now divorced of sprockets, there is no
reliance on sprockets for CSS bundling
- CSS is generated with source maps everywhere (including themes) this
makes debugging much easier
- Our "live reloader" is smarter and avoid a flash of unstyled content
we run a file watcher in "puma" in dev so you no longer need to run
rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
0013a23dc1
SECURITY: prefer render plain/html to render text where possible
2017-04-10 08:01:42 -04:00
3839206317
FIX: Return JSON errors for `by-external` if JSON requested
2017-04-04 16:22:14 -04:00
1d4993a185
FIX: Sync user's notification channel before preloaded current user data.
...
This is to fix the problem where a newly created user would not
receive live updates for the first notification if the notification
is published before the client has subscribed to the channel.
2017-03-20 17:17:21 +08:00
9e60f9f093
JSON API parsing error on CSRF exception: single quotes in ['BAD CSRF'] is invalid JSON:
...
https://meta.discourse.org/t/json-api-parsing-error-single-quotes-used-for-errors-like-bad-csrf/58869
2017-03-16 16:47:18 -07:00
fdf749770b
remove unecessary '.limit(1)'
2017-02-24 12:56:13 +01:00
f15f61da0a
FEATURE: add immutable caching to rails site of things
2017-02-23 13:05:00 -05:00
1935f624b8
FEATURE: reset active record cache in sidekiq if needed
...
This can happen in multisite environments after restores
2017-02-17 12:09:53 -05:00
e0ff57ca75
SECURITY: prevent reuse of password reset
2016-12-19 18:00:22 +11:00
6ff309aa80
SECURITY: don't grant same privileges to user_api and api access
...
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
81d333289e
FIX: Return 503 when in readonly mode.
2016-12-07 14:04:42 +08:00
1db9d17756
Make removal of topic columns more resilient to deploys
2016-12-05 12:11:46 +11:00
c04d4171ff
FIX: whisper no longer experimental
...
- Regular users are not notified of whispers
- Regular users no longer have "stuck" topics in unread
- Additional tracking for staff highest post number
- Remove a bunch of unused columns in topics table
2016-12-02 17:03:31 +11:00
d95fbd89d0
Enable miniprofiler in development automatically.
2016-11-29 10:59:10 +08:00
63d9d4f301
FIX: properly specify default on no cache on all resources
2016-11-15 17:00:44 +11:00
6031e692f0
Merge pull request #4366 from xfalcox/print
...
Print Support
2016-10-11 11:47:20 +11:00
600b23c0a4
FIX: permalink redirects should work on tag paths
2016-10-04 12:01:42 -04:00
c12e533273
Feature: Adds a button to print a topic
2016-09-26 20:44:50 -03:00
7f66cf618c
FIX: You should be an admin to do the wizard
2016-09-22 11:12:51 -04:00
29cf47cfb2
Track steps the user has completed, nag them to finish it.
2016-09-22 09:52:19 -04:00
75f3f7fcbd
FEATURE: clean API method for reading a single notification
2016-09-16 16:14:15 +10:00
eaf87f0770
FIX: correctly handle api key so it uses current user provider
2016-08-26 10:39:13 +10:00
df535c6346
FEATURE: refresh session cookie at most once an hour
...
This feature ensures session cookie lifespan is extended
when user is online.
Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
5fed886c8f
FIX: Update post replies when we move posts. ( #4324 )
2016-07-13 17:34:21 +02:00
e221414935
PERF: Remove N+1 queries on user messages page.
2016-06-29 09:30:54 +08:00
c0e25b5a9a
Replace certain uses of 'gsub' with 'tr' or 'chomp' for a speed
...
improvement
2016-06-10 22:08:37 -05:00
4180e207c3
FIX: Crazy large ids should not raise exceptions
2016-03-23 12:13:47 -04:00
84d234a98a
Merge pull request #4076 from scossar/locale-from-header-setting
...
FEATURE: add site setting for setting locale from header
2016-03-17 07:53:20 +11:00
06591022fe
FEATURE: Generous badge
2016-03-15 16:08:29 -04:00
0cbeda8414
add site setting for setting locale from header
2016-03-14 16:18:19 -07:00
7598037080
Only pull in gem if it is being used, remove middleware
2016-03-04 23:17:14 +11:00
1135d2094a
Merge pull request #4006 from scossar/set-locale-from-header
...
Feature: (WIP) Set locale from Accept-Language header
2016-03-04 09:12:30 +01:00
610954ecce
Merge pull request #4035 from tgxworld/dont_return_500_when_plugin_is_disabled
...
Return 404 instead 500 when plugin is disabled.
2016-02-27 16:55:50 +11:00
0a396583ed
set locale for anonymous from header
...
set locale on signup
update spec
add locale option
2016-02-26 13:45:00 -08:00
a3fa80847e
Return 404 instead 500 when plugin is disabled.
2016-02-24 17:09:30 +08:00
d77511319e
show monthly top topics on 404 page
2016-02-24 13:46:55 +05:30
4c0a40f2b0
FIX: publish notification state when notifications are read
...
(this clears green and blue bubbles)
2016-02-22 12:24:51 +11:00
dd6ebde824
FIX: Always ensure notifications are treated as read once clicked
...
UX: improve messaging so notifications list is far more stable
PERF: improve performance of notifcation lookup queries
- Add feature "SetTransientHeader" that allows shipping info to server
in the next Ajax request
- remove local storage hack used for notifications
- amend lookupStale to return hydrated objects, move logic into store
- stop magically clearing various notifications (likes, invitee accepted, group_summary, granted badge)
2016-02-15 19:29:47 +11:00
825a01cec3
fix the build
2016-01-15 12:34:28 +01:00
c9c6b09f36
FIX: allow staff members to edit staged users preferences
2016-01-15 12:16:00 +01:00
f2480aa81f
FIX: When 410 is received, display proper error message instead of generic.
2015-12-30 17:18:32 +05:00
d1ebb9d0b5
FIX: I18n Fallbacks were not applying correctly
2015-12-23 12:09:18 -05:00
de88be2fbc
Support for "Only show overridden" in site text customization
2015-11-30 15:25:08 -05:00
16b3d26d7b
allow staff members to view staged accounts user card/profile
2015-11-27 20:02:24 +01:00
1506eba28d
Support for overriding client side translation keys
2015-11-20 17:14:01 -05:00
3720783c1b
Refactor to our own Discourse I18n backend
...
This removes some monkey patches and makes testing easier.
It will also support database backed I18n changes.
2015-11-13 16:35:02 -05:00
106cb9874a
FIX: show 404 page when user is logged out and navigates to private message
2015-10-30 17:41:55 +05:30
db5379508e
FIX: Don't show an anonymous cache if there is a flash
2015-10-28 15:12:05 -04:00
6f43b575a8
FEATURE: no need to cap new and unread together anymore
...
- leave unread alone
- cap new at 500 per site, with a site setting
2015-10-01 17:17:15 +10:00
3620c8c85e
Move descriptions for rate limiting errors into the exception
2015-09-24 13:52:46 -04:00
335be272ff
FEATURE: implement capping of new/unread
...
We cap new and unread at 2/5th of SiteSetting.max_tracked_new_unread
This dynamic capping is applied under 2 conditions:
1. New capping is applied once every 15 minutes in the periodical job, this effectively ensures that usually even super active sites are capped at 200 new items
2. Unread capping is applied if a user hits max_tracked_new_unread,
meaning if new + unread == 500, we defer a job that runs within 15 minutes that will cap user at 200 unread
This logic ensures that at worst case a user gets "bad" numbers for 15 minutes and then the system goes ahead and fixes itself up
2015-09-07 12:03:17 +10:00
8055d065f2
Refactor ApplicationController#redirect_to_login_if_required to use session for SSO
2015-08-11 16:48:55 +01:00
9911e92e24
Merge pull request #3609 from riking/patch-7
...
FEATURE: Localization fallbacks
2015-07-30 10:44:29 -04:00
d6069e8c90
UX: fix container layout
2015-07-28 13:58:30 +05:30
4491813d22
Revert "Revert "PERF: optimise query that gathers topic tracking state""
...
This reverts commit 909be09f1a
2015-07-21 21:48:07 +10:00
909be09f1a
Revert "PERF: optimise query that gathers topic tracking state"
...
This reverts commit 343e417a55
2015-07-21 17:35:50 +10:00
343e417a55
PERF: optimise query that gathers topic tracking state
...
(this query runs on the front page to figure out new and unread topics)
2015-07-21 17:14:30 +10:00
ecfa17b5a7
FEATURE: Localization fallbacks (server-side)
...
The FallbackLocaleList object tells I18n::Backend::Fallbacks what order the
languages should be attempted in. Because of the translate_accelerator patch,
the SiteSetting.default_locale is *not* guaranteed to be fully loaded after the
server starts, so a call to ensure_loaded! is added after the locale is set for
the current user.
The declarations of config.i18n.fallbacks = true in the environment files were
actually garbage, because the I18n.default_locale was
SiteSetting.default_locale, so there was nothing to fall back to. *derp*
2015-07-15 10:17:36 -07:00
b052179ae6
Merge pull request #3163 from rcfox/fix-by-external
...
Allow periods in the external_id value used in the /users/by-external route.
2015-06-24 13:07:12 +10:00
f26eee8431
FEATURE: add username to NGINX logs
2015-06-16 17:43:53 +10:00
690f4a4c37
add X so it shows up at the end of chrome
2015-06-16 10:27:42 +10:00
9b8b1d0034
FEATURE: add special header that names the action for the request
2015-06-16 09:54:44 +10:00
5da5269652
FIX: Bad page title for categories view by google crawler
2015-06-08 12:07:35 -04:00
fe46d1dd3b
PERF: avoid cookies for all static, public, cached forever assets
2015-05-22 16:15:46 +10:00
0ed1c8011c
FIX: About page error when `login_required`
2015-05-21 14:37:49 -04:00
e5888cf090
PERF: avoid preloading json in cases where it is not needed
...
(uploads / avatars / non GET requests)
2015-05-20 17:12:16 +10:00
14d2b76354
Merge branch 'master' into fix-by-external
...
Conflicts:
app/controllers/users_controller.rb
2015-05-15 19:54:11 -04:00
8277a586bb
usage of raise corrected
2015-05-07 11:00:51 +10:00
16408cee06
Allow Postgres to trigger readonly mode for the site.
2015-04-29 11:49:58 -04:00
3cb4554bbb
Can refresh queued posts via button
2015-04-27 13:52:54 -04:00
3a6efa25f0
Allow ReadOnly to propogate up to the Ember app via Response Header
2015-04-24 14:37:16 -04:00
0c233e4e25
Interface is wired up for Approving/Rejecting posts
2015-04-15 14:54:37 -04:00
96d2c5069b
Interface for reviewing queued posts
2015-04-15 14:54:37 -04:00
19a9a8b408
`NewPostManager` determines whether to queue a post or not
2015-04-15 14:54:36 -04:00
bb20f64cb2
use standard error so its easier to catch
2015-03-23 12:20:50 +11:00
df3b1f6968
FIX: editing a post wasn't showing error messages from the server
2015-03-19 12:25:15 +01:00
3ad12d44f3
Use a mixin for the `path` function to DRY it up
2015-03-09 15:24:16 -04:00
f5af4768eb
FEATURE: add clean support for running Discourse in a subfolder
...
To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish
2015-03-09 13:14:29 +11:00
71d6266f98
REGRESSION: exceptions are handled natively by logster
2015-02-27 13:05:51 +11:00
96e6fd3449
Cleaned up the sso codefix, thanks @SamSaffron
...
@SamSaffron showed me a cleaner way to use the if statements in the sso redirect code.
Thanks sam ;)
2015-02-23 22:10:44 +00:00
334a357363
FIX: Forward to SSO login automatically
...
Forward to SSO login URL automatically if SSO is enabled and login is required.
Makes it simpler for users to log in automatically.
2015-02-23 21:20:36 +00:00
5266ad4539
Merge pull request #3183 from riking/json-errors-2
...
Consolidate custom exception handling
2015-02-23 16:58:05 +11:00
ecb911285d
Fix the render_json_error api
2015-02-22 21:28:50 -08:00
68ccd2d664
FEATURE: All 500 errors now show up in Logster
...
Added Discourse.handle_request_exception()
2015-02-09 12:48:33 -08:00
8d39480831
use symbols for error types (squash me)
2015-02-09 10:20:00 -08:00
02f3f8c1b3
Fix customize HTML/CSS only show desktop code
...
custom_top and custom_footer method in SiteCustomization is setting
:desktop as default argument for `target`
It output the desktop version of the custom_top, custom_footer even
user in mobile_view.
This fix is adding the missing target into method argument.
2015-02-10 00:48:42 +08:00
a16aa9fde8
HACK: Keep old behavior for topics#show
2015-02-08 13:56:56 -08:00
8cf21f2363
FEATURE: Refactor error returns in application_controller
2015-02-08 13:40:38 -08:00
06f02ce9fc
FIX: 🈂️ Allow closing polls in multi-locale sites
2015-02-05 19:55:03 -08:00
25daca8f23
Helpers for plugins to support enabling/disabling
2015-02-04 16:23:56 -05:00
68377ba4ab
add class for container div on 404 page
2015-02-04 00:40:21 +05:30
c3f21dcdfc
Remove the .json part from the external_id value when using it to lookup a user.
2015-02-02 12:58:02 -05:00
fb72e2665f
PERF 🐎 Don't calculate preload data for non-xhr json requests
...
This will help out anyone querying as API instead of through a
browser.
2015-01-23 21:14:58 -08:00
987504c6ab
Rename `no_js` layout to `no_ember`
...
While *sometimes* `no_js` was used for visitors without js (for example
disabling it on your browser) it was also used for some pages that were
disabled to JS capable browsers, including the 404 page.
Even worse, sometimes it was used on pages that *had* Javascript, such
as our `/activate-account` route. It has been renamed to `no_ember` to
indicate what it really is, a layout for the site that doesn't load our
Ember.js application.
2015-01-15 15:56:53 -05:00
6734a51b6a
move SiteText.{head,top,bottom} to SiteCustomization
2015-01-14 12:15:53 +01:00
f3b72f5d96
Revert "move SiteText.{head,bottom} to SiteCustomization and remove redundant SiteText.top"
...
This reverts commit 6ee2849df6
2015-01-12 20:21:22 -05:00
6ee2849df6
move SiteText.{head,bottom} to SiteCustomization and remove redundant SiteText.top
2015-01-12 19:59:43 +01:00
a99c3c3df9
FEATURE: allow users to persist customization with &sticky=true
2015-01-06 17:39:08 +11:00
45dbdb6896
FEATURE: custom emojis
2014-12-23 01:12:26 +01:00
cdbee4f5d9
Merge pull request #3045 from techAPJ/patch-2
...
FIX: redirect client to the original url after logging in for private in...
2014-12-17 11:21:56 +01:00
9f8e73303a
FIX: redirect client to the original url after logging in for private instances
2014-12-16 13:19:26 +05:30
b1bc4741b1
FEATURE: Load fewer topics in the topic list on slow platforms (Android)
2014-12-15 11:54:26 -05:00
c7bc692f40
PERF: stop querying banner topic on every page hit
2014-11-14 15:39:17 +11:00
ec76be964e
UX: better footer handling
2014-11-10 21:51:55 +01:00
572842721d
FIX: Better page titles for SEO
2014-10-30 14:26:56 -04:00
5754e8dd0f
FEATURE: auto-close topics based on last post
2014-10-10 18:21:44 +02:00
8b5a1cd20f
Migrate `tosAccepted` to new user fields
2014-09-30 10:45:18 -04:00
e14e8f64bc
FIX: don't stop youtube when liking a post
...
Also fixes post action create/destroy api not to include post raw.
2014-09-25 12:02:41 +10:00
bc53d48bd7
Renaming site contents to site text
2014-09-24 16:08:14 -04:00
56eda5abf9
FIX: Don't allow profile bios longer than 3k chars
2014-09-08 15:23:21 -04:00
b04a52676e
FIX: Don't show wrong flag choices after undo
2014-09-02 17:37:54 -04:00
c9262a8390
FIX: Resend activation email was busted
2014-08-28 12:07:13 -04:00
9a1580244a
FIX: Don't show profile pages for inactive users and don't show them in
...
search results.
2014-08-13 13:30:25 -04:00
0920c4bea6
PERF: reduce storage requirements for incoming links
...
Only store incoming links for topics.
2014-08-04 11:06:48 +10:00
9468ebeb2e
CHANGE: Mini Profiler only enabled for developers in prd
2014-07-17 08:34:41 +10:00
783454ebe1
Fix /p/post/user route not saving referrals
...
Make user id optional for /p/id/uid
Add /posts/id/raw route for debugging failed post processing
2014-07-11 14:44:07 -07:00
5bcfb6ee38
FIX: don't show 'About category' topics on the 404 page
2014-07-04 16:18:17 -04:00
2d5f667160
Make ?preview-style make sense
...
New behavior:
?preview-style=(sha) -- see that stylesheet
?preview-style= -- see the currently selected stylesheet
?preview-style=default -- see the default stylesheet ("rescue mode")
2014-06-20 09:06:36 -07:00
ad2bd11d6e
Add a way to get user based on sso external id
2014-06-18 14:40:25 -04:00
00117c18c3
FEATURE: dismissable banner topic
2014-06-18 20:05:19 +02:00
f1a28d62a3
FEATURE: support registration of custom html by plugins
2014-06-05 11:39:33 +10:00
fa6f22dd39
Move letter avatars out of upload system
...
FIX: S3 issues around system avatars
FIX: reduced backup file size
2014-05-30 14:45:55 +10:00
f8b7f0d73f
FEATURE: logster env tab, log current user
2014-05-12 15:28:23 +10:00
1574485443
Perform the where(...).first to find_by(...) refactoring.
...
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
8f53b7a65b
Detect arrays for serialization using respond_to?(:to_ary).
...
This is the way AMS detects arrays, and is more robust than checking
is_a? for whitelisted classes. For example, this works for
ActiveRecord::AssociationRelation which the current logic does not
handle.
2014-04-16 20:48:09 +05:30
558a06a117
Adds better reusable error message support. Added to fetching remote
...
posts. /cc @riking
2014-04-02 13:22:10 -04:00
b0f3061113
It doesn't make sense to redirect when not logged in on a non-GET
...
request. We should report a failure then. They likely logged out or
in another tab or timed out.
2014-03-05 12:12:53 -05:00
7322345039
FIX: when shown 403 error page and logging in, it will take you to the same page
2014-02-26 17:53:53 -05:00
3151f59bc9
REFACTOR: We don't cache the json for the Site model anymore, so let's
...
rename and remove the methods leftover from that.
2014-02-24 14:25:37 -05:00
9545e2e46e
FIX: broken 404 page. don't bother showing current_usre stuff
2014-02-21 12:24:45 -05:00
d95887c57d
CHANGE: We now include the `_escaped_fragment_` support by default, but
...
only if the crawler check fails. It is a fallback for non-google search
engines that support the Ajax crawling API.
2014-02-20 17:02:26 -05:00
c4b5455c21
REFACTOR: Rename `GooglebotDetection` to `CrawlerDetection` because we
...
will likely whitelist more crawlers in the future.
2014-02-20 16:07:02 -05:00
d443ddd43d
Merge pull request #1922 from joallard/language-toggle
...
Allow users to toggle interface language in their preferences
2014-02-19 18:28:00 +01:00
7f6b2e5563
Show login button on 404 page. Add routes to show login and signup modals when page/route loads. If logged in and showing 404 page, load ember app.
2014-02-18 17:18:53 -05:00
0592420e52
Add a site setting to allow users to toggle I18n.locale
...
It is false by default.
2014-02-18 14:54:00 -05:00
c513725f26
Allow users to toggle interface language in their preferences
2014-02-18 14:53:59 -05:00
d298e2e065
Detect Googlebot from user agent and use a different layout that doesn't load javascript
2014-02-15 17:54:34 -05:00
5725f02d9e
allow full access to /admin/backups while in read-only mode
2014-02-13 13:31:14 -08:00
e7472dc374
readonly mode
2014-02-13 13:31:13 -08:00
e0df404d7e
Add site setting tos_accept_required. If enabled, users must check a box saying that they've read and accept the terms of service.
2014-02-07 16:04:13 -05:00
748e1e0748
Allow using the API when Login required site setting is on.
2014-01-24 14:02:49 +01:00
259295d865
Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year.
2014-01-09 11:55:04 -05:00
dfb9b8fa58
Fix unused parameter
2014-01-04 08:53:27 +01:00
1f0a59584b
Revert "Re-apply with fixes: Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations."
2013-12-18 14:47:22 -05:00
94fda12795
use a helper instead of a view for custom HTML content
2013-12-17 18:56:59 +01:00
4c6b535cc0
move arbitrary html content out of noscript and into the preloadstore
2013-12-17 18:25:27 +01:00
5171a23a9c
Re-apply with fixes: Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations.
2013-12-11 11:19:22 -05:00
2596f7dec2
Revert "Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations."
2013-12-09 16:28:11 -05:00
ca5d4d5e54
Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations.
2013-12-09 13:28:42 -05:00
2d9876a6ac
FIX: set_locale filter must be executed before check_xhr filter because check_xhr filter renders html in some cases
2013-12-04 20:49:54 +09:00
7207cef7aa
TopicQuery cleanup in advance of custom sorting:
...
- Move SQL method constants into a module
- Removed unused count methods
- Moved methods that don't return a TopicList into Topic
- Replaced some confusing method signatures
2013-11-13 12:26:32 -05:00
e9f9d22482
add query parameter to temporarily disable customization
2013-11-12 18:14:22 +01:00
de30af9302
Support for inviting to a forum from a user's invite page.
2013-11-06 12:56:50 -05:00
855ee3b43d
Fix ActiveRecord::Associations::CollectionProxy serialization in Rails 4.
2013-11-03 10:41:38 +05:30
348e2e3ef2
Support for per-user API keys
2013-10-22 17:34:39 -04:00
3d647a4b41
remove rack cache, it has been causing trouble
...
instead implement an aggressive anonymous cache that is stored in redis
this cache is sitting in the front of the middleware stack enabled only in production
TODO: expire it more intelligently when stuff is created
2013-10-16 16:39:18 +11:00
939a452293
require dependency was leading to errors in dev
2013-10-09 17:22:41 +11:00
7993845bfa
add current_user_provider so people can override current_user bevior cleanly, see
...
http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278
2013-10-09 15:11:54 +11:00
45d7765936
Merge branch 'master' into mobile
2013-09-05 15:54:22 -04:00
f157ec1f91
Select +Replies for bulk operations
2013-09-05 11:03:29 -04:00
9efa29e688
Detect whether to use mobile view. Session var mobile_view can override automatic detection.
2013-08-27 14:57:42 -04:00
c4a0152dc6
recover from bad CSRF tokens without requiring a hard refresh of the browser
2013-08-27 15:56:12 +10:00
11dca1fd92
make code climate a bit happier
2013-08-06 06:25:44 +10:00
aa6c92922d
SECURITY: correct our CSRF implementation to be much more aggressive
2013-07-29 15:13:13 +10:00
ecf17cfebb
work in progress, add fidelity to category group permissions (full, create posts, readonly)
2013-07-16 15:46:11 +10:00
19c169540c
Staff can enter and view deleted topics
2013-07-11 16:39:35 -04:00
e39cc464b1
Refactor routes in order to be compatible with Rails 4
2013-07-01 20:00:06 +02:00
92562c2090
Merge pull request #1057 from house9/list-controller-1
...
refactor list_controller
2013-06-25 17:36:56 -07:00
a86b35c873
Remove the access_password site setting
2013-06-25 15:05:25 -04:00
2e12eb2b62
refactor list_controller
...
- minor refactoring of actions 'category' and 'category_feed'
- fix defect in 'category' where check was for literal
string 'uncategorized' instead of SiteSetting.uncategorized_name
- major refactoring on defined topic actions
2013-06-25 08:29:00 -07:00
4ddc0825f5
Remove code duplication in ApplicationController
2013-06-20 21:17:33 +05:30
7ca5ab3da3
allow api for restricted by global password sites
2013-06-17 16:09:59 +10:00
b97d186cb5
automatic groups should not allow you to muck with the listed users in the group
2013-06-17 12:54:25 +10:00
e6e81efe85
correct information leak in page not found
2013-06-13 10:27:17 +10:00
5217602ec3
FIX: RSS paths render a 404 for missing topics.
2013-06-07 12:52:12 -04:00
62041da7e0
Handle /t/only-the-slug urls by trying to find the topic by slug (second try)
2013-06-06 14:41:37 -04:00
0d01c33482
Enabled strong_parameters across all models/controllers.
...
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.
The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.
It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
92a4828f72
Redirect all controllers to login if required
...
We want to skip the filter for sessions controller so that we can login
and we want to skip the filter for static pages because those should be
visible to visitors.
2013-06-04 16:10:10 -07:00
02b1f78410
FIX: Include preloaded data even if the request type isn't explicitly text/html
2013-06-04 12:56:12 -04:00
42714b424f
For 403 errors, show the same html page as 404
2013-05-30 16:39:39 -04:00
e93b7a3b20
more progress towards live unread and new counts, unread message implemented, still to implement delete messages
2013-05-30 16:49:57 +10:00
830b93a16b
Reduced complexity of admin flags controller, split up into methods, moved reports into model.
2013-05-29 16:49:34 -04:00
0f296cd42b
Refactor + Fix: Wasn't correctly loading activity streams. Code is a lot more Ember-y now.
2013-05-22 12:06:37 -04:00
fc57578c85
proper 404 for json request 404
2013-05-20 17:28:32 +10:00
Guo Xiang Tan
Robin Ward
Guo Xiang Tan
Sam
Victor van Poppelen
Régis Hanol
Neil Lalonde
Rafael dos Santos Silva
James Cook
scossar
Arpit Jalan
Faisal Abbas
Dan Singerman
Kane York
Ryan Fox
Sigurður Guðbrandsson
Lincoln Lee
Louis Rose
Vikhyat Korrapati
Jonathan Allard
slainer68
christophe
Harry Seo
Stephan Kaag
Jesse House
Vipul A M
Ian Christian Myers
Chris Hunt