Commit Graph

638 Commits

Author SHA1 Message Date
Guo Xiang Tan 14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Guo Xiang Tan d601a6b23c FIX: Support old Service Worker source file path to avoid routing errors. 2018-02-19 08:04:45 +08:00
Guo Xiang Tan 28365f8ae5 PERF: Have nginx cache and serve the service worker file. 2018-02-15 10:50:39 +08:00
Erick Guan 03b3e57a44 FEATURE: login by a link from email
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Muhlis Cahyono cc3cf6588b FEATURE: Notification API Endpoints for Admins
* create/update/delete notification api with external url
* remove external url feature
* Fix Travis CI build error (add new line)
* Fix Travis CI build error
2018-02-13 01:38:26 -05:00
Robin Ward 6b04967e2f FEATURE: Staff members can lock posts
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Robin Ward d0b44520bd Put back removed constants with deprecations for plugin compatibility 2017-12-21 17:18:01 -05:00
Robin Ward aed37770e3 FIX: Load the route format before discourse 2017-12-21 16:29:11 -05:00
Robin Ward 063e449ce5 FIX: `RouteFormat` is a better class name than `RouteFormats` 2017-12-21 15:30:32 -05:00
Robin Ward 2908aab0da Allow extensibility on username route format (non-english usernames) 2017-12-21 14:32:51 -05:00
Arpit Jalan eab66065d1 FEATURE: search log term details page (#5445) 2017-12-20 13:41:31 +11:00
Régis Hanol 1b4483c942 FEATURE: Added 'select +below' and 'select +all replies' options to selecting posts 2017-12-13 22:12:06 +01:00
Robin Ward 410994b7f5 FEATURE: Show a button to Staff for "Moderation History" on posts/topics
When clicked, it pops up a modal showing a history of moderation actions
taken on the post or topic.
2017-12-05 15:20:20 -05:00
Vinoth Kannan 6e054b2572 FEATURE: Convert HTML to Markdown while pasting in composer 2017-12-05 12:23:39 -05:00
Jeff Wong b094894c94 Feature: Add service worker registration method to plugin API 2017-11-28 14:01:41 +08:00
Robin Ward 628275fc31 FIX: Some badge routes were still working even with badges disabled 2017-11-21 12:22:44 -05:00
Arpit Jalan 3831663fea FEATURE: search logs page (#5313) 2017-11-15 11:13:50 +11:00
Robin Ward 1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Penar Musaraj bd1616d3d9 Add offline route and service worker to fix Android app install banner (#5217)
* set up static offline.html route and service worker for Android Web App Banner

* add viewport meta tag to offline view for android app banner

* add i18n support for offline.html pages, cleanup

* fix html syntax, add page title, remove license for service-worker.js
2017-10-31 10:46:48 +11:00
Neil Lalonde beca02c046 FIX: moderators couldn't see flagged topics list 2017-10-05 14:12:07 -04:00
Robin Ward d7c37d9369 Add front end service for staff controls 2017-09-25 12:25:14 -04:00
Robin Ward 40eba8cd93 FEATURE: View flags grouped by topic 2017-09-25 12:25:14 -04:00
Bianca Nenciu 6bc74ceb50 Split alias levels in mentionable and messageable levels. (#5065)
* Split alias levels in mentionable and messageable levels.

* Fixed some tests.

* Set messageable level to everyone by default.

* By defaults, groups are not mentionable or messageable.

* Made staff groups messageable by the system.
2017-08-28 12:32:08 -04:00
Sam d7a2584c6e FEATURE: image uploads now have short urls
Shorten all image uploads to use short urls, this is the client
side implementation.
2017-08-22 16:40:08 -04:00
Neil Lalonde ec85b41078 UX: Move watched words to the Logs section of admin 2017-07-31 17:06:50 -04:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Neil Lalonde 24cb950432 FEATURE: Watched Words: when posts contain words, do one of flag, require approval, censor, or block 2017-07-26 11:01:09 -04:00
Guo Xiang Tan 2a17f1ccd7 FIX: Group owners should be able to invite users to their groups.
https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12
2017-07-21 23:48:25 +09:00
Robin Ward 3882722195 FEATURE: Inline (Mini) Oneboxing
see:
https://meta.discourse.org/t/mini-inline-onebox-support-rfc/66400?source_topic_id=66066
2017-07-20 15:38:04 -04:00
Robin Ward cdb3706025 Track clicks on topics in search results 2017-07-17 15:42:32 -04:00
Robin Ward f1a6449e4b SECURITY: Remove disposable invite feature 2017-07-07 20:24:39 -04:00
Arpit Jalan e7b9b1312e FEATURE: remove all invites
https://meta.discourse.org/t/remove-all-invitations-button-for-the-admin-panel/65207
2017-06-29 22:30:10 +05:30
Guo Xiang Tan 117d5f1b6a FIX: `/u.json` should return 404 instead of 500. 2017-06-27 10:11:48 +09:00
Guo Xiang Tan 47ca0f7f09 FIX: Foward requests to `/u/new` to our Ember router. 2017-06-21 13:06:28 +09:00
Guo Xiang Tan a5d3abc9b6 FIX: Create group membership request on behalf of user. 2017-06-13 17:49:21 +09:00
Neil Lalonde 55b61e9bea rename topic_status_update to topic_timer 2017-05-11 18:27:53 -04:00
Robin Ward 01d2685c60 FIX: `users_account_created_path` should point to `/u/` 2017-05-11 11:18:06 -04:00
Sam bc0b9af576 FEATURE: support uploads for themes
This allows themes to bundle various assets
2017-05-10 15:47:11 -04:00
Robin Ward 552e01a266 FIX: Support updating the `google+` key 2017-05-09 14:08:32 -04:00
Neil Lalonde 7f09bc9a09 Merge pull request #4849 from discourse/prefs
User preferences in tabs
2017-05-03 16:53:26 -04:00
Robin Ward 12fb20fe1b FEATURE: Allow users to resend/update email from confirmation page 2017-05-03 11:18:01 -04:00
Neil Lalonde 2503241ce5 FEATURE: rebuild user preferences page to use tabs 2017-05-02 16:52:18 -04:00
Arpit Jalan a2be68bacf FIX: add route for '/admin/users/list' 2017-04-27 08:35:02 +05:30
Sam def7348777 FIX: display custom sections with default theme
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
Sam a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Ryan C. Gordon e15d11df18 Added an API to ask if an incoming email should be dropped at the SMTP level.
This lets an SMTP server optionally decide if it should reject a mail without
passing it on to Discourse at all, possibly before even reading the
email's payload, to prevent spam-induced backscatter and save resources.

This just does the bare minimum sanity checking that could prevent obvious
backscatter. For legit errors from legit users, Discourse will still send a
much more pleasant reply email.
2017-04-05 23:10:36 -04:00
Robin Ward 40ab2e5667 FEATURE: Let users update their emails before confirming
This allows users who entered a typo or invalid email address when
signing up an opportunity to fix it and resending the confirmation
email to that address.
2017-04-05 16:44:49 -04:00
Robin Ward 17f2974d0a SECURITY: Confirm new administrator accounts via email 2017-04-04 15:59:01 -04:00
Guo Xiang Tan 34b7bee568 FEATURE: Allow admin to auto reopen at topic.
* This commit also introduces a `TopicStatusUpdate`
  model to support other forms of deferred topic
  status update in the future.
2017-03-31 11:14:18 +08:00
Guo Xiang Tan 12e02873fc Remove duplications in routes.rb. 2017-03-31 10:14:08 +08:00
Robin Ward 14410b71fb Convert server side paths to use `/u/` 2017-03-30 10:23:24 -04:00
Robin Ward 45a257815a Convert front end paths from `/users/` to `/u/` 2017-03-30 10:23:24 -04:00
Robin Ward 6b976433c9 Support for both `/users/` and `/u/` paths 2017-03-30 10:23:24 -04:00
Guo Xiang Tan 3ef82bb32c SECURITY: CSRF vulnerabilities in `Admin::BackupsController`. 2017-03-23 10:29:35 +08:00
Joe Buhlig 8d06833e51 FIX: Add route for user TL3 requirements page 2017-03-16 10:05:28 -05:00
Arpit Jalan 848120c098 FEATURE: RSS feed for top page period filters 2017-03-13 15:23:46 +05:30
Arpit Jalan f7e7ca3937 FEATURE: anonymized site statistics 2017-03-10 18:50:26 +05:30
Rafael dos Santos Silva c3477cd40d Merge pull request #4716 from discourse/bounced_emails_details
FEATURE: Allow checking the raw response of a bounced email
2017-03-06 13:30:19 -03:00
Neil Lalonde 6aab8cb331 FEATURE: new category setting for whether to show latest topics or top topics by default 2017-03-03 11:30:44 -05:00
Blake Erickson 80858bae2c FEATURE: further restrict downloading of backups
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
Blake Erickson 5ba8f8d1a6 FIX: typo in a routes.rb comment
sidekiq was spelled wrong
2017-02-25 10:03:19 -07:00
Rafael dos Santos Silva 5296f00c28 FEATURE: Allow checking the raw response of a bounced email 2017-02-22 14:51:33 -03:00
Arpit Jalan 9dd09e453b FEATURE: add explicit confirmation button to accept the invite 2017-01-25 15:50:30 +05:30
Robin Ward 41307c3d1c SECURITY: Moderators should not be able to access customizations 2017-01-06 14:42:53 -05:00
Guo Xiang Tan ad4a96d387 FIX: Only send membership request to the last 5 active group owners. 2017-01-03 15:33:57 +08:00
Guo Xiang Tan a5fead3857 UX: Redesign group page to follow user page. 2016-12-22 13:08:59 +08:00
Arpit Jalan 563bcfb705 FIX: make upload extension optional in route 2016-12-19 15:06:03 +05:30
Arpit Jalan ab6843dcde FIX: username route was broken 2016-12-16 23:56:22 +05:30
Guo Xiang Tan d8541c589a FIX: Incorrect route for updating username. 2016-12-17 00:23:12 +08:00
Régis Hanol 197517d55e FIX: locally uploaded audio & video files should onebox even when the extension is uppercase 2016-12-15 23:21:44 +01:00
Guo Xiang Tan 8bd1ac53f1 FIX: Don't include format in route ids. 2016-12-14 13:57:51 +08:00
Guo Xiang Tan 05f55dbc10 FEATURE: Group logs. 2016-12-12 17:29:54 +08:00
Arpit Jalan ce974da9e5 FIX: simplify CSV file upload 2016-12-05 14:09:08 +05:30
Sam 39a524aac8 FEATURE: brotli cdn bypass for assets
Allow CDNS that strip out brotli encoding to use brotli regardless
2016-12-05 13:57:09 +11:00
Guo Xiang Tan 559918c6c6 PERF: Add endpoint to check if a group can be mentioned by user. 2016-11-26 02:20:46 +08:00
Guo Xiang Tan 5794f1619d PERF: Fix N+1 queries when loading groups. 2016-11-26 02:20:26 +08:00
Sam 88a46be051 FEATURE: display text excerpts when scrolling on mobile 2016-11-25 11:35:29 +11:00
Guo Xiang Tan 0b28075c00 Revert "REFACTOR: `ajax` defaults to json data type for GET requests."
This reverts commit af0b6ce53d.
2016-11-24 16:47:18 +08:00
Guo Xiang Tan af0b6ce53d REFACTOR: `ajax` defaults to json data type for GET requests. 2016-11-24 16:20:17 +08:00
Neil Lalonde 47aa3d94aa FEATURE: send digest preview to an email address 2016-11-23 17:51:57 -05:00
Sam e2c87da42a FEATURE: Add basic support for Safe Mode
In Safe Mode all JS extensions and site customizations are disabled.

To access Safe Mode visit `sitename.org/safe-mode`
2016-11-21 16:46:14 +11:00
Dmitry Demenchuk 6df6b59259 Remove useless routing for ForumsController 2016-10-27 15:25:16 +01:00
Robin Ward 19e2eec219 Allow step 0 to resend the confirmation email 2016-10-21 11:34:19 -04:00
Robin Ward c03d25f170 FEATURE: Configure Admin Account
Adds a "Step 0" to the wizard if the site has no admin accounts where
the user is prompted to finish setting up their admin account from the
list of acceptable email addresses.

Once confirmed, the wizard begins.
2016-10-19 11:27:56 -04:00
Arpit Jalan 12894a4876 FIX: dots in group name was breaking route 2016-10-12 23:36:10 +05:30
Sam 6031e692f0 Merge pull request #4366 from xfalcox/print
Print Support
2016-10-11 11:47:20 +11:00
Sam 3e513f5c05 Merge pull request #4459 from vibol/master
FEATURE: sparkpost webhook
2016-10-10 17:17:17 +11:00
Blake Erickson 5c131d3e10 Remove route to action that doesn't exist
Removed the `post "t"` route from the routes file because the
`topics#create` action doesn't exist in the topics controller. New
topics are created in the posts controller.
2016-10-03 07:17:13 -06:00
Vibol Hou 34af73c7cb FEATURE: sparkpost webhook 2016-09-26 22:13:34 -07:00
Rafael dos Santos Silva c12e533273 Feature: Adds a button to print a topic 2016-09-26 20:44:50 -03:00
Robin Ward c94e6f1b96 Add locale step 2016-09-22 09:52:19 -04:00
Robin Ward 3a4615c205 Wizard: Step 1 2016-09-22 09:48:58 -04:00
Robin Ward 0471ad393c Scaffold for new Wizard - Rails / Ember / Tests 2016-09-22 09:48:58 -04:00
Robin Ward 6070939daa Support for other i18n bundles 2016-09-22 09:48:58 -04:00
Guo Xiang Tan 547750e9dd Unify API keys and web hooks into a single admin nav header. 2016-09-20 05:22:03 +08:00
Erick Guan 00d5facf36 FEATURE: prompts new webhook events 2016-09-19 12:07:17 +08:00
Sam 75f3f7fcbd FEATURE: clean API method for reading a single notification 2016-09-16 16:14:15 +10:00
Erick Guan 9ce61b4586 FEATURE: Webhooks. 2016-09-05 18:44:00 +08:00
Régis Hanol e064e6f7a3 FEATURE: new 'categories_and_latest' endpoint 2016-08-29 22:47:44 +02:00
Sam 416e7e0d1e FEATURE: basic UI to view user api keys 2016-08-16 17:06:52 +10:00
Sam b7cea24d76 FEATURE: more user API flow, support key creation 2016-08-16 17:06:52 +10:00
Neil Lalonde 3b792054f2 Merge pull request #4387 from gdpelican/feature/tags-intersection
FEATURE: Tags intersection page
2016-08-15 16:24:29 -04:00
James Kiesel 037e9bb7b8 Support any number of tag intersections 2016-08-15 15:30:17 -04:00
Sam fc095acaaa Feature: User API key support (server side implementation)
- Supports throttled read and write
- No support for push yet, but data is captured about intent
2016-08-15 17:59:36 +10:00
James Kiesel 7e73b933c7 First pass 2016-08-12 15:28:46 -04:00
Sam 7e4503dd99 FEATURE: basic info route for all sites, even ones that require login
This information is public in meta tags already on home page, providing a
route allows consumers to check it way more cheaply
2016-08-12 17:10:35 +10:00
Sam afaba56de3 FEATURE: missing API endpoint for topic tracking states 2016-08-12 17:10:35 +10:00
Guo Xiang Tan 0a942dbc73 FEATURE: Avoid creating an archive for database only backups. 2016-08-03 16:23:46 +08:00
Régis Hanol c4b52b1a19 GET is a more RESTy verb for '/users/:username/emails' 2016-07-27 20:15:28 +02:00
Andre Pereira 8cbd585e20 FEATURE: Allow staff users to merge posts. 2016-07-27 12:04:14 +08:00
Neil Lalonde 11b3b5e30a FIX: when topic list is filtered by tag and category, subsequent page fetches would ignore the category filter 2016-07-25 16:16:18 -04:00
Sam 8866169879 FEATURE: can invite/revoke groups on private messages 2016-06-20 16:29:27 +10:00
Sam 852860de66 FEATURE: simpler and friendlier unsubscribe workflow
- All unsubscribes go to the exact same page
- You may unsubscribe from watching a category on that page
- You no longer need to be logged in to unsubscribe from a topic
- Simplified footer on emails
2016-06-17 11:28:49 +10:00
Régis Hanol 49f8a2baa7 FEATURE: support for mandrill webhooks 2016-06-13 12:32:14 +02:00
zachGlasgow 42ec8a7c3d Add constraints to remove dots from username. (#4255)
Rails is using dots as a separator for formatted routes. As a result
if the username has more than one dot it will not match the route.

Bug raised here -> https://meta.discourse.org/t/refreshing-a-users-detail-page-in-admin-doesnt-work-in-some-cases/44891
2016-06-09 09:52:42 +02:00
Neil Lalonde a49ace0ffb FEATURE: ability to restrict tags to categories using groups 2016-06-07 15:36:20 -04:00
Robin Ward 6aaa484baa REFACTOR: Move composer messages to store 2016-06-07 14:47:22 -04:00
Neil Lalonde f3f6c2f98f FEATURE: tag groups 2016-06-06 14:18:48 -04:00
Régis Hanol fe595f1653 FEATURE: mailjet webhook 2016-06-06 19:47:45 +02:00
Arpit Jalan c4e1ad0953 FEATURE: Resend all pending invitations 2016-06-03 12:23:13 +05:30
Régis Hanol 9704603fab FEATURE: sendgrid webhooks 2016-06-01 21:48:06 +02:00
Régis Hanol 116efffdaa FEATURE: webhooks support for mailgun 2016-05-30 17:11:17 +02:00
Régis Hanol 1e57bbf5c8 Lots bounce emails related fixes
- Show bounce score on user admin page
- Added reset bounce score button on user admin page
- Only whitelisted email types are sent to emails with high bounce score
- FIX: properly detect bounces even when there is no TO: header in the email
- Don't desactivate a user when reaching the bounce threshold
2016-05-06 19:34:33 +02:00
Arpit Jalan 82daf93eb3 Merge pull request #4206 from techAPJ/convert-topic
FEATURE: move a topic from PM to regular topic or vice versa
2016-05-04 01:33:15 +05:30
Régis Hanol 8e611ec7a1 FEATURE: handle bounced emails 2016-05-02 23:15:32 +02:00
Arpit Jalan acfb540952 FEATURE: move a topic from PM to regular topic or vice versa 2016-05-02 21:34:05 +05:30
Neil Lalonde e5918c7d00 FEATURE: Merge tagging plugin into core 2016-04-27 11:58:53 -04:00
Régis Hanol 379bfac36d Merge pull request #4010 from riking/patch-sitelinks
FEATURE: Add /search discovery
2016-04-14 10:35:13 +02:00
Régis Hanol 7783ba46fc remove /error endpoint 2016-04-11 20:43:24 +02:00
Régis Hanol 42da8a9246 match is old school (cc @EvilTrout) 2016-04-06 21:57:54 +02:00
Robin Ward 8e50f0de6a FIX: Support editing translation keys with uppercase characters 2016-04-06 15:26:18 -04:00
Régis Hanol d402a45781 FIX: hitting '/t/:id/posts.json' should return the first page of posts 2016-04-05 19:12:14 +02:00
Régis Hanol 332a1ea87e FIX: add support for 'space' in backup's filename 2016-04-04 17:24:02 +02:00
Arpit Jalan 41208b99a1 FEATURE: RSS feed for user posts and topics 2016-03-31 20:24:05 +05:30
Kane York f2ddd44712 FEATURE: Add /search discovery
The opensearch.xml results in a "site search engine" being added to
Chrome, while the sitelinks search tag results in "Search this website"
being added to Google Search.
2016-03-28 15:07:59 -07:00
Sam c650c2a16f FIX: regression in badge grant admin page 2016-03-29 07:58:45 +11:00
Neil Lalonde 476a5fd43c FIX: unhandled extensions like .php on static routes will show the usual not found page 2016-03-24 13:22:06 -04:00
Arpit Jalan 34469e725b FEATURE: separate API endpoints for public and private posts 2016-03-21 18:21:15 +05:30
Arpit Jalan bd83cf7f4c FEATURE: add group posts and mentions RSS 2016-03-18 22:29:10 +05:30
Sam Saffron e84d5549ef FEATURE: only allow sidekiq in master site when hosted on multisite 2016-03-17 00:26:07 +11:00
Arpit Jalan ff12b5bf57 FIX: newly created categories were not showing up 2016-03-14 23:17:02 +05:30
Arpit Jalan 89248580dc FEATURE: revert post to a specific revision 2016-03-11 02:46:55 +05:30
Robin Ward 5771d2aee2 SECURITY: Support for confirm old as well as new email accounts 2016-03-08 14:52:22 -05:00
Robin Ward d62689fa76 Move updating a user's email to its own controller 2016-03-08 14:52:22 -05:00
Régis Hanol 341037d6fb FIX: less restricting 'BACKUP_ROUTE_FORMAT' 2016-03-03 18:52:32 +01:00
Régis Hanol 91bb38626c FEATURE: new incoming email details modal 2016-02-10 22:00:27 +01:00
Erick Guan 35142847ba FIX: Prepend the user id before username in admin user routes 2016-02-09 15:14:13 +01:00
Régis Hanol cf4c256b17 FEATURE: new 'raw email' modal when listing rejected emails 2016-02-01 21:41:49 +01:00
Sam Saffron 7303f8f309 FEATURE: first pass at user summary page 2016-01-20 15:14:25 +11:00
Neil Lalonde 9ad226aaa8 FEATURE: add email query param to login, signup, and password-reset URLs to prefill form 2016-01-19 16:53:46 -05:00
Régis Hanol 3083657358 FEATURE: better email in support
FEATURE: new incoming_email model
FEATURE: infinite scrolling in emails admin
FEATURE: new 'emails:import' rake task
2016-01-19 00:57:55 +01:00
Sam 06b5798fb9 fix activity pending route, hidden for now 2016-01-12 15:48:44 +11:00
Neil Lalonde c7df6783a9 FIX: only invalidate password reset links using javascript 2016-01-04 11:48:54 -05:00
Guo Xiang Tan c1dbf5c1c4 FEATURE: Autolinking to category using hashtags. 2016-01-05 00:12:24 +08:00
Sam a4587b18f5 FEATURE: allow users to archive messages from message page 2015-12-30 13:26:39 +11:00
Arpit Jalan 3a28bafc0f FEATURE: onebox internal audio or video files 2015-12-25 01:52:14 +05:30
Sam 03ea0bfe22 FEATURE: allow users to archive messages
Messages are now in 3 buckets

- Inbox for all new messages
- Sent for all sent messages
- Archive for all messages you are done with

You can select messages from your Inbox or Sent and move them to your Archive,
you can move messages out of your Archive similarly

Similar concept applied to group messages, except that archiving and unarchiving
will apply to all group members
2015-12-23 11:09:30 +11:00
Sam a8b5192efd FEATURE: User page refactor
Re-organise user page so it is easier to find interesting info
split it into tabs

- Introduce notifications and messages tabs
- Stop couting stuff for the user page to speed up rendering
- Suppress more information when viewing your own profile
2015-12-20 16:45:49 +11:00
Régis Hanol 15c229195f FEATURE: notification_level on a per-group basis 2015-12-14 23:17:09 +01:00
Sam 8cf4d52cb6 FEATURE: split up group PMS on user page 2015-12-10 11:39:33 +11:00
Régis Hanol 3aa5129f54 FEATURE: allow group members to see all messages on group page 2015-12-07 23:19:33 +01:00
Régis Hanol a37d575d7d FEATURE: new 'My Groups' messages filter in user page 2015-12-07 18:37:03 +01:00
Sam d1a5d8ea62 FEATURE: show group mentions and topics in groups page 2015-12-01 16:52:43 +11:00
Robin Ward 5e93140f85 FEATURE: Can override any translation via an admin interface 2015-11-27 11:35:19 -05:00
Sam d41a8a21cc FIX: show letter avatars even if NGINX is not running in Dev mode 2015-11-25 14:42:46 +11:00
Arpit Jalan 362c515f33 FEATURE: compose a new pre-filled message via URL 2015-11-24 18:55:45 +05:30
Robin Ward 8eeb027c65 Can revert changes to email templates 2015-11-20 12:30:21 -05:00
Robin Ward f5b34d5f53 FEATURE: Admin interface for editing email templates 2015-11-19 16:39:34 -05:00
Sam Saffron 6dd4bc7d57 FEATURE: support group owner, capable of controlling group membership
Group owners are regular users that can add or remove users to a group
The Admin UX allows admins to appoint group owners
The public group UX will display group owners first and unlock UI to
add and remove members

Group owners can only be appointed on non automatic groups
Group owners may not appoint another group owner
2015-11-10 00:56:57 +11:00
Robin Ward 47e25648df FEATURE: Change user groups in bulk via admin 2015-10-26 15:57:30 -04:00
Sam dfe3ecb914 PERF: disable prepared statements
see: https://github.com/rails/rails/issues/21992
2015-10-19 14:02:22 +11:00
Sam dc859beff3 FEATURE: add handle_mail admin route
you can post full email payloads to this endpoint /admin/email/handle_mail
2015-10-19 08:33:24 +11:00
Robin Ward a527c58c7d UX: Show a nicer "Log In" screen if the user follows `/my/preferences` 2015-10-14 13:39:31 -04:00
Robin Ward 33e58c0587 FIX: You can click to see your own PMs from flags
Also refactors post action users to be a new object type since they can
have `post_url` which is not a field of a `User`
2015-09-30 12:28:55 -04:00
Robin Ward 3aaa9a8722 Restrict access to the Email admin tab to Admins 2015-09-29 12:37:46 -04:00
Régis Hanol ed717ccb6e Merge pull request #3794 from tgxworld/add_web_manifes
FEATURE: Add web manifest for Chrome users.
2015-09-23 11:35:14 +02:00
Guo Xiang Tan 71eab8f4df FEATURE: Add web manifest for Chrome users. 2015-09-21 10:34:03 +08:00
Jude Aakjaer 9cca510944 Add embed/info endpoint for TopicEmbed queries 2015-09-16 03:22:24 +00:00
Régis Hanol e43034f08f Revert "FEATURE: SVG letter avatars (based on @eviltrout's spike)"
This reverts commit cd77465788.
2015-09-11 00:23:52 +02:00
Régis Hanol cd77465788 FEATURE: SVG letter avatars (based on @eviltrout's spike) 2015-09-11 00:11:48 +02:00
Arpit Jalan ad481b3427 FIX: permalinks like read.php should work 2015-09-11 00:16:37 +05:30
Kane York 342eba4374 FEATURE: Category reordering dialog 2015-09-06 16:53:52 -07:00
Sam 6e04e5bd2c correct routing to allow for wider regex matching username 2015-09-02 14:57:26 +10:00
Sam 262f561a87 FEATURE: relax username rules to allow - and . and leading _
This relaxes our very strict username rules to allow for some long asked for requests

- leading _ is now allowed
- . is allowed except for trailing char and confusing extensions like .gif .json
- dash (-) is now permitted
2015-09-02 12:13:44 +10:00
Arpit Jalan 4ad07b8c09 FEATURE: generate invite token 2015-08-28 18:29:31 +05:30
Neil Lalonde cc2dc4d550 FEATURE: the notice asking admins to get discussion started will update with live counts of topics and posts 2015-08-27 17:28:40 -04:00
Sam 2c59ad3dd3 FIX: favicon update broken when favicon lived on a CDN 2015-08-25 11:54:23 +10:00
Arpit Jalan 99edcddafb FEATURE: show pending/redeemed invite count in tabs 2015-08-25 01:12:46 +05:30
Sam 2b9ca0de8b Merge pull request #3678 from tgxworld/allow_admin_to_change_timestamp
FEATURE: Allow admin to change timestamp of topic.
2015-08-21 10:34:37 +10:00
Robin Ward d1c69189f3 FEATURE: Can edit category/host relationships for embedding 2015-08-20 15:56:04 -04:00
Guo Xiang Tan c7a21b7c23 FEATURE: Allow admin to change timestamp of topic. 2015-08-17 00:00:05 +08:00
Régis Hanol 6669a2d94d FEATURE: per-topic unsubscribe option in emails 2015-08-12 23:00:16 +02:00
Robin Ward 7fffd483f8 Fix deprecations with site text, upgrade to ES6 / store 2015-08-10 10:21:04 -04:00
Robin Ward 0932e82508 Refactor Customizations to have deeper URLs 2015-08-10 10:21:04 -04:00
Sam 2876725e1b REFACTOR: remove hacky search from discovery 2015-07-27 16:47:06 +10:00
Sam 41ceff8430 UX: move search to its own route
previously search was bundled with discovery, something that makes stuff confusing internally
2015-07-27 16:47:06 +10:00
Robin Ward 29439e5534 SECURITY: Make sure export CSV is generated via a POST 2015-07-24 12:33:53 -04:00
Arpit Jalan dc90c396f2 FEATURE: manage Permalinks 2015-07-17 01:26:02 +05:30
Arpit Jalan e0c9054748 FEATURE: invite page tabs 2015-07-13 09:42:51 +05:30