Commit Graph

192 Commits

Author SHA1 Message Date
Guo Xiang Tan 2ad2ed2eb2 FIX: Couldn't move a topic into the uncategorized category. 2018-03-13 10:20:47 +08:00
Arpit Jalan 003b03d939 allow staff to delete user if posts are 5 or less irrespective of delete_user_max_post_age 2018-03-05 23:31:29 +05:30
Robin Ward cd6c5fc5fb FIX: Disable "Make Personal Message" if they are disabled 2018-03-02 20:28:39 -05:00
Sam 75172024ca SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:27 +11:00
Guo Xiang Tan e7a7356986 Remove ancient votes code that is no longer used. 2018-02-28 14:37:22 +08:00
Guo Xiang Tan 902c5d11cf FIX: Don't allow other flag actions after `notify_moderator` has happened.
https://meta.discourse.org/t/receiving-sorry-an-error-has-occurred-during-flagging-step-of-discobot-tutorial/77233/5
2018-02-28 11:27:56 +08:00
Robin Ward 69af881f7f New site setting `trusted_users_can_edit_others`
The default is true to keep with previous discourse behavior. If
disabled, high trust level users cannot edit the topics or posts of
other users.
2018-02-22 20:39:24 -05:00
Vinoth Kannan 84867c1c07 Rename site setting to allow_staff_to_tag_pms from allow_staff_to_tag_in_pm 2018-02-22 06:48:34 +05:30
Vinoth Kannan 2b509eaa91
Merge branch 'master' into pm-tags 2018-02-21 23:55:59 +05:30
Vinoth Kannan 84ce1acfef FEATURE: Allow staffs to tag PMs 2018-02-21 20:11:46 +05:30
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Robin Ward b4aa0b096e FIX: Couldn't like staff when `allow_flagging_staff` was set 2018-02-14 15:46:04 -05:00
Robin Ward 4dfe659189 Rename `allow staff flags` to `allow flagging staff` 2018-02-12 15:27:26 -05:00
Robin Ward 6287631745 FEATURE: New site setting, `allow staff flags`, false by default
For some large communities, it makes sense to disable flagging of
staff posts.
2018-02-12 14:56:21 -05:00
Guo Xiang Tan 932a1a1187 Remove use of deprecated site setting. 2018-02-12 14:26:22 +08:00
Robin Ward dedeb2deb8 FIX: Don't show the link button in the composer if linking is disabled 2018-02-08 12:56:10 -05:00
Robin Ward b2b6dc68a6 FEATURE: a setting to customize the minimum TL to flag a post 2018-02-06 17:12:27 -05:00
Robin Ward 2f19588311 FIX: If personal messages are disabled, don't show messages for groups 2018-02-02 16:35:54 -05:00
Arpit Jalan ff0376a80b rename 'enable_private_messages' to 'enable_personal_messages' 2018-02-01 13:25:29 +05:30
Robin Ward 9721fb7573 Linting 2018-01-26 14:35:04 -05:00
Robin Ward 6b04967e2f FEATURE: Staff members can lock posts
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Robin Ward 782d75069e FIX: UX improvements for system messages when PMs are disabled 2018-01-23 13:12:11 -05:00
Robin Ward 1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Neil Lalonde 9dc9ca4ac0 FIX: be consistent with how first posts in topics are counted. do like DirectoryItem.refresh_period :all 2017-11-10 12:18:25 -05:00
Neil Lalonde fb5b9b6d06 FIX: don't offer the "Something Else" flag reason to TL0 users since they don't have permission to send private messages 2017-10-24 11:47:42 -04:00
Robin Ward 838568cbc3 Refactor flag types for more customization 2017-10-19 13:55:23 -04:00
Guo Xiang Tan 25c25ae423 FEATURE: Allow user to leave a PM. 2017-10-19 12:32:55 +08:00
OsamaSayegh 79f3d299a1 Don't allow category definition topics to be converted to PMs (#5216) 2017-10-02 10:04:58 +02:00
Robin Ward 561fa7d0cd FEATURE: Site Setting to hide suspension reason on the public profile 2017-09-25 12:25:14 -04:00
Guo Xiang Tan 5d4221fbe1 PERF: Avoid calling expensive `PostGuardian#can_see_post?` multiple times.
Before

```
Your Results: (note for timings- percentile is first, duration is second
in millisecs)
---
topic_admin:
  50: 19
  75: 19
  90: 21
  99: 27
topic:
  50: 56
  75: 62
  90: 64
  99: 99
timings:
  load_rails: 1262
ruby-version: 2.4.1-p111
rss_kb: 198432
pss_kb: 136612
virtual: physical
architecture: amd64
operatingsystem: Ubuntu
memorysize: 15.59 GB
kernelversion: 4.10.0
physicalprocessorcount: 1
processor0: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
rss_kb_9877: 327892
pss_kb_9877: 263671
rss_kb_9946: 325468
pss_kb_9946: 261671
rss_kb_10153: 326456
pss_kb_10153: 262657
```

After

```
Your Results: (note for timings- percentile is first, duration is second
in millisecs)
---
topic_admin:
  50: 18
  75: 18
  90: 20
  99: 28
topic:
  50: 41
  75: 42
  90: 46
  99: 49
timings:
  load_rails: 1201
ruby-version: 2.4.1-p111
rss_kb: 187936
pss_kb: 123596
virtual: physical
architecture: amd64
operatingsystem: Ubuntu
memorysize: 15.59 GB
kernelversion: 4.10.0
physicalprocessorcount: 1
processor0: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
rss_kb_26478: 342360
pss_kb_26478: 276696
rss_kb_26547: 340368
pss_kb_26547: 275930
rss_kb_26747: 338964
pss_kb_26747: 274466
```
2017-09-08 14:07:24 +08:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Robin Ward addc85cd08 FIX: Don't let users edit wiki posts unless they can reply 2017-05-08 16:23:11 -04:00
Guo Xiang Tan a28704bcee FIX: Can't recover a post when its user has been deleted.
https://meta.discourse.org/t/moving-posts-to-new-topic/58436
2017-03-06 14:29:06 +08:00
Leo McArdle c76f6856ea FEATURE: reply as new message to the same recipients 2017-01-27 12:24:31 +08:00
Guo Xiang Tan 5d7f3223f0 SECURITY: Users can only bookmark posts which they can see. 2016-12-21 12:01:26 +08:00
Neil Lalonde c75bebdea2 FIX: uncategorized setting to control whether topic featured links are allowed 2016-12-20 15:55:30 -05:00
Neil Lalonde 923cf73c6e Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox. 2016-12-19 14:54:07 -05:00
Guo Xiang Tan 05f55dbc10 FEATURE: Group logs. 2016-12-12 17:29:54 +08:00
Erick Guan 52763f5115
FEATURE: Allow posting a link with topics 2016-12-05 17:20:54 +01:00
Kiffin Gish 3aa22715af A new guard for changing post timestamps called can_change_post_timestamps? 2016-11-06 20:14:09 +01:00
Sam 674264726d FIX: should not be allowed to see users list of people who started a PM 2016-10-19 17:36:35 +11:00
Sam Saffron 4d8d5613e4 FEATURE: add min_trust_level_to_edit_post
add minimum trust level to edit post (default 0)
2016-10-01 02:12:27 +10:00
Robin Ward e78b7a243e FIX: Don't enqueue posts if the user can't create them (ex: closed) 2016-09-09 12:15:56 -04:00
Sam Saffron 46b34e3c62 FEATURE: remove user option for edit history public
Users can no longer opt-in for "public" edit history
if site owner disables it.

This feature adds cost and complexity to post rendering since
user options need to be premeptively loaded for every user in the
stream. It is also confusing to explain to communities with private edit
history.
2016-07-16 21:30:00 +10:00
Régis Hanol b65f2fc565 we can't see a nil category 2016-07-02 12:21:14 +02:00
Régis Hanol 5eda2f43c6 small topic/category guardians refactor 2016-06-27 14:36:57 +02:00
Régis Hanol 800081f606 FIX: staged users weren't able to reply in restricted categories 2016-06-26 19:25:45 +02:00
Neil Lalonde f3f6c2f98f FEATURE: tag groups 2016-06-06 14:18:48 -04:00
Neil Lalonde 0f8b4dcc86 FIX: trust level 3 should not be able to edit topics in categories that restrict them from doing so 2016-06-01 15:42:10 -04:00
Régis Hanol 1e57bbf5c8 Lots bounce emails related fixes
- Show bounce score on user admin page
- Added reset bounce score button on user admin page
- Only whitelisted email types are sent to emails with high bounce score
- FIX: properly detect bounces even when there is no TO: header in the email
- Don't desactivate a user when reaching the bounce threshold
2016-05-06 19:34:33 +02:00
Arpit Jalan b25d950d99 FEATURE: allow moderators to convert a private message to public topic or vice versa 2016-05-04 22:47:32 +05:30
Arpit Jalan acfb540952 FEATURE: move a topic from PM to regular topic or vice versa 2016-05-02 21:34:05 +05:30
Sam 9e50f36c50 Merge pull request #4137 from cpradio/add-warning-to-flag
FEATURE: Add warning input to flag dialog when notifying a user
2016-04-15 16:23:22 +10:00
Sam 8ba57c0ffd FIX: restrict moderators from creating/editing topics in readonly categories
In the past moderators had blanket access to all categories they were allowed
to see. This tightens down the restriction.
2016-04-13 15:59:38 +10:00
cpradio 95fa340601 Added spec tests 2016-04-03 19:44:14 -04:00
Arpit Jalan 094f7a73d5 FIX: allow post editing but do not allow ninja edit for active flagged post 2016-03-31 00:11:08 +05:30
Arpit Jalan 6f0137dec9 FEATURE: disable post editing when the post has active flag 2016-03-30 23:28:49 +05:30
Arpit Jalan 3e32393ab6 FIX: do not allow normal users to wiki edit-expired posts 2016-03-15 15:05:57 +05:30
Régis Hanol 415efd0f5b FIX: staged user doesn't get notified for replies in topics they created in secured categories 2016-02-24 11:30:17 +01:00
Sam 3829c78526 PERF: shift most user options out of the user table
As it stands we load up user records quite frequently on the topic pages,
this in turn pulls all the columns for the users being selected, just to
discard them after they are loaded

New structure keeps all options in a discrete table, this is better organised
and allows us to easily add more column without worrying about bloating the
user table
2016-02-17 18:08:25 +11:00
Arpit Jalan 106e3c897f FIX: TL3 users should not be able to edit title of archived topics 2016-01-29 01:16:41 +05:30
Neil Lalonde 685ba1eb7f FEATURE: blocked users can send and reply to private messages from staff 2016-01-22 12:54:24 -05:00
Arpit Jalan 06bac23e5f FEATURE: allow users to wikify their own posts based on trust level 2016-01-12 08:44:25 +05:30
Régis Hanol 3aa5129f54 FEATURE: allow group members to see all messages on group page 2015-12-07 23:19:33 +01:00
Sam Saffron 6dd4bc7d57 FEATURE: support group owner, capable of controlling group membership
Group owners are regular users that can add or remove users to a group
The Admin UX allows admins to appoint group owners
The public group UX will display group owners first and unlock UI to
add and remove members

Group owners can only be appointed on non automatic groups
Group owners may not appoint another group owner
2015-11-10 00:56:57 +11:00
Sam e29fe77b45 FEATURE: make trust level for message sending configurable
- add min_trust_to_send_messages site setting (default 1) to allow admins
 to configure when messages can be sent between members
2015-10-12 11:15:48 +11:00
Sam a61765b9e4 PERF: improve perf of initial payload
also reduce  querying in topic query
2015-09-23 13:13:50 +10:00
Régis Hanol 4f7140fb32 FIX: properly filter whispers in user stream 2015-09-22 00:50:52 +02:00
Kane York c9e4745fe8 FIX: Return 410 Gone for deleted topics you could otherwise see 2015-09-18 00:14:43 -07:00
Robin Ward 5af0f5f80e FEATURE: Whisper posts 2015-09-11 14:05:21 -04:00
Régis Hanol d5a2029026 FIX: category permissions weren't properly loaded when /categories is the homepage
FIX: don't scope to a specific category when creating a new topic from /categories
2015-09-07 18:52:53 +02:00
Robin Ward f9069c350f FIX: Permission issues when editing topics
If a user can't create a topic in a category, they should'be be
able to edit topics.
2015-04-30 17:08:12 -04:00
Régis Hanol a737090442 - FEATURE: revamped poll plugin
- add User.staff scope
- inject MessageBus into Ember views (so it can be used by the poll plugin)
- REFACTOR: use more accurate is_first_post? method instead of post_number == 1
- FEATURE: add support for JSON-typed custom fields
- FEATURE: allow plugins to add validation
- FEATURE: add post_custom_fields to PostSerializer
- FEATURE: allow plugins to whitelist post_custom_fields
- FIX: don't bump when post did not save successfully
- FEATURE: polls are supported in any post
- FEATURE: allow for multiple polls in the same post
- FEATURE: multiple choice polls
- FEATURE: rating polls
- FEATURE: new dialect allowing users to preview polls in the composer
2015-04-23 19:33:29 +02:00
Robin Ward 19a9a8b408 `NewPostManager` determines whether to queue a post or not 2015-04-15 14:54:36 -04:00
Sam 4bfca12b11 FEATURE: anonymous_account_duration_minutes , cycle anon accounts after N minutes from last post
fixes it so anon users can not like stuff
2015-04-08 12:30:02 +10:00
Neil Lalonde 608647d02f FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-10 11:59:08 -04:00
riking 1c0658e204 FIX: People could retitle restricted topics
Sort of a security fix but not really
2015-02-25 21:09:53 -08:00
Régis Hanol 1a070b16e4 FIX: use the 'post edit time limit' for topics too 2015-02-25 20:53:21 +01:00
Robin Ward e207ca36ee Easier helper for filtering secured categories 2015-02-12 11:52:59 -05:00
Robin Ward 14a8b3e29c FIX: In case a topic is deleted, allow us to serialize their posts 2015-02-03 14:51:50 -05:00
Arpit Jalan b413c6249d FIX: allow TL4 user to rebake post 2015-02-03 22:49:01 +05:30
Jason W. May a2b284a0a4 table & model changes for group managers with permission to edit membership 2015-01-15 11:44:42 -08:00
Régis Hanol 6cec925f26 FIX: all PMs should be flaggable 2015-01-08 16:06:43 +01:00
Régis Hanol e20078a9dc PERF: fix performance issue when displaying the user card for admins 2015-01-05 19:49:32 +01:00
Neil Lalonde 3cb25b019e FIX: when private messages are disabled in settings, flag modal shouldn't show private message options 2014-12-19 16:47:39 -05:00
Régis Hanol 07211489f0 FIX: hide restricted profile info from TL0 users to anonymous in 'JS-off' page 2014-11-27 19:51:13 +01:00
Régis Hanol a036ac7bdc FIX: users can see the raw email source of their own posts 2014-11-12 14:49:42 +01:00
Régis Hanol e7f251c105 LOTS of changes to properly handle post/topic revisions
FIX: history revision can now properly be hidden
FIX: PostRevision serializer is now entirely dynamic to properly handle
hidden revisions
FIX: default history modal to "side by side" view on mobile
FIX: properly hiden which revision has been hidden
UX: inline category/user/wiki/post_type changes with the revision
details
FEATURE: new '/posts/:post_id/revisions/latest' endpoint to retrieve
latest revision
UX: do not show the hide/show revision button on mobile (no room for
them)
UX: remove CSS transitions on the buttons in the history modal
FIX: PostRevisor now handles all the changes that might create new
revisions
FIX: PostRevision.ensure_consistency! was wrong due to off by 1
mistake...
refactored topic's callbacks for better readability
extracted 'PostRevisionGuardian'
2014-10-27 22:06:43 +01:00
Arpit Jalan 72873b8368 further optimize raw email feature 2014-10-18 00:50:02 +05:30
David McClure 19d5362c6b FEATURE: ability to hide or show specific post revisions 2014-10-14 07:19:45 -07:00
Régis Hanol 7e309a21cf FEATURE: hide emails behind a button for staff members 2014-09-29 22:31:05 +02:00
Régis Hanol 0b13f6572f FEATURE: staff option to unhide a post 2014-09-22 18:55:13 +02:00
Robin Ward 309b67add4 FIX: If a post has been hidden due to flagging, don't use the absolute
edit window for edit prevention.
2014-09-16 11:21:14 -04:00
Régis Hanol e56fcf0c43 FEATURE: add 'rebake post' in post wrench menu 2014-09-11 16:04:40 +02:00
Sam 0f585bcdbe FIX: PM should never be allowed to have a category
FIX: TL3 should not be allowed to muck with PM titles
2014-09-11 17:39:34 +10:00
Régis Hanol 18f8038015 FEATURE: add new 'convert to staff message' in post wrench menu 2014-09-10 23:08:33 +02:00
riking 69bc552054 FEATURE: Actually show more notifications
The "Show more notifications..." link in the notifications dropdown now
links to /my/notifications, which is a historical view of all
notifications you have recieved.

Notification history is loaded in blocks of 60 at a time.

Admins can see others' notification history. (This was requested for
'debugging purposes', though that's what impersonation is for, IMO.)
2014-09-09 16:29:08 -07:00
Sam 59d04c0695 Internal renaming of elder,leader,regular,basic to numbers
Changed internals so trust levels are referred to with

TrustLevel[1], TrustLevel[2] etc.

This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
Neil Lalonde 05d2083796 FIX: can delete category if topic_count < 0 2014-08-22 12:25:28 -04:00
Neil Lalonde 2f32af3941 FIX: staff should be able to edit topics that have been archived 2014-08-15 12:45:05 -04:00