9778bfb749
Merge pull request #1059 from vipulnsward/fix_method_typo
...
`fake_success_reponse` => `fake_success_response`
2013-06-20 18:23:46 -07:00
1884dc8d3f
`fake_success_reponse` => `fake_success_response`
2013-06-21 01:17:35 +05:30
6c37a8f8fb
Merge pull request #1055 from vipulnsward/dedeuplicate_app_controller
...
Remove code duplication in ApplicationController
2013-06-20 09:55:09 -07:00
4ddc0825f5
Remove code duplication in ApplicationController
2013-06-20 21:17:33 +05:30
8e6a903f9b
Merge pull request #1046 from house9/admin-user-index-2
...
extract Admin::UsersController#index to its own query class
2013-06-20 07:52:22 -07:00
08df4c41cc
Merge branch 'master' of github.com:discourse/discourse
2013-06-20 17:42:29 +10:00
4a8a663a67
flagging workflow changes per http://meta.discourse.org/t/we-need-an-archive-flag-notification-button/7450
2013-06-20 17:42:15 +10:00
e0ff74ead0
extract Admin::UsersController#index to its own query class
...
- move query to its own class
- use postgres ILIKE case insensitive
- removed duplicated list of trust levels
2013-06-19 13:48:45 -07:00
e263bb3c0a
Anons should be able to see post history
2013-06-19 16:43:16 -04:00
5ef6714d48
New site setting: `minimum_topics_similar`, allows you to specify a minimum amount
...
of topics that need to be in the database before it will suggest similar topics as
a user creates a post.
2013-06-19 13:14:24 -04:00
799b402778
fix horribly broken invite code, could lead to inviting the wrong person to a conversation
2013-06-19 10:31:19 +10:00
eea00afb80
tos and privacy urls redirect based on site settings
2013-06-18 10:52:04 -04:00
b9a2469774
Merge pull request #1041 from vipulnsward/refactor_topics_controller
...
Refactor `TopicsController` and remove code duplication
2013-06-18 06:35:32 -07:00
80c42753e1
fix up find as you type for the invite into PM function
...
allow mods to remove users from a PM
2013-06-18 17:17:01 +10:00
531587c5ca
Refactor `TopicsController` and remove code duplication
2013-06-18 11:22:09 +05:30
7abb20928b
Merge pull request #1033 from chrishunt/move-dynamic-favicon-to-user
...
Move 'dynamic favicon' setting to User preference
2013-06-17 17:31:02 -07:00
7ca5ab3da3
allow api for restricted by global password sites
2013-06-17 16:09:59 +10:00
80c03b7b1e
case sensitive where it should not be
2013-06-17 15:47:18 +10:00
dd5cd1df4f
Merge pull request #1037 from ZogStriP/imagineering
...
Imagineering
2013-06-16 22:01:10 -07:00
0052e78bfe
render error when people attempt to save an invalid group name
...
hide controls when we showing an automatic group
2013-06-17 13:43:06 +10:00
b97d186cb5
automatic groups should not allow you to muck with the listed users in the group
2013-06-17 12:54:25 +10:00
dbfd40da84
order group member by username, bump up max count to 200 for now
2013-06-17 12:02:48 +10:00
6ea91b4416
remove useless upload topic direct association
2013-06-17 02:49:33 +02:00
09d3800701
Move 'dynamic favicon' from Server to User pref
2013-06-14 23:58:24 -07:00
8298a07fd9
`toggle_mute` doesn't require a param
2013-06-14 11:08:59 +05:30
e6e81efe85
correct information leak in page not found
2013-06-13 10:27:17 +10:00
77b218a142
FIX: Do not suggest similar topics from secure categories you can't see.
2013-06-12 13:45:11 -04:00
a362d62b42
Do not return mail password in EmailController
2013-06-11 16:00:13 -07:00
82b5f57e40
Make it possible to set a site setting to empty string
2013-06-11 14:31:38 -04:00
93bbe190c0
Moved Email components into a module
2013-06-10 15:34:10 -04:00
3b7d3aa487
FIX: Search wasn't using the lowercase username for finding the context.
2013-06-10 10:42:06 -04:00
169125e96d
Fix a case where a random topic with null slug will be rendered instead of 404
2013-06-07 14:30:26 -04:00
5217602ec3
FIX: RSS paths render a 404 for missing topics.
2013-06-07 12:52:12 -04:00
b61e10f9ad
All parameters for #create in PostsController pass through strong_parameters.
...
We are now explicitly whitelisting all parameters for Post creation. A nice side-effect is that it cleans up the #create action in PostsController. We can now trust that all parameters entering PostCreator are of a safe scalar type.
2013-06-07 01:29:25 -07:00
41b0692543
Show 'waiting approval' and don't send email
...
When 'must approve users' in enabled, we don't want to send an
activation email to users after they sign up. Instead, we will show them
'waiting approval' and not take an action until their account is
approved by an admin.
2013-06-06 18:36:16 -07:00
a151bfc7ec
Store when a topic was first set to auto-close and report that amount of time when it closes. And do some refactoring.
2013-06-06 17:04:21 -04:00
8f32aed944
Only use HTML templates for the digest email.
2013-06-06 15:08:56 -04:00
62041da7e0
Handle /t/only-the-slug urls by trying to find the topic by slug (second try)
2013-06-06 14:41:37 -04:00
bac03a3369
Merge pull request #975 from jd-erreape/username_refactor
...
[WIP] Refactored user_name suggestion methods into a module
2013-06-06 08:12:29 -07:00
96d23ddd8d
Refactored user_name suggestion methods into a module to reduce the complexity of User model
2013-06-06 16:40:10 +02:00
0d01c33482
Enabled strong_parameters across all models/controllers.
...
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.
The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.
It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
255a614142
keep /srv/status exposed
2013-06-06 14:40:10 +10:00
2ca734c118
Merge pull request #964 from chrishunt/exclusive-club
...
Add 'invite only' site setting
2013-06-05 16:38:47 -07:00
0b97ea6345
Better HTML emails, smarter email digests, new email section in admin with digest preview
2013-06-05 17:47:25 -04:00
a523fa56ac
Don't require authentication for invites
2013-06-05 11:12:37 -07:00
acf147ef88
Disable OmniAuth account creation if 'invite only'
2013-06-05 11:11:02 -07:00
d432798ff8
Silently fail if user tries to sneak in
...
When 'invite only' is enabled, there's no way for a user to create an
account unless they try and sneak in by POSTing to /users/. We will
silently fail if this happens.
2013-06-05 11:08:21 -07:00
41528f5d11
Implemented strong_parameters for Upload/UploadsController.
...
The topic_id param is now required using strong_parameters' #require method. If the parameter is missing ActionController::ParameterMissing will be raised instead of Discourse::InvalidParameters.
2013-06-05 00:55:55 -07:00
f50b648844
Implemented strong_parameters for PostAction/PostActionsController.
...
PostActionsController now uses strong_parameters' #require to require certain parameters. ActionController::ParameterMissing is now thrown when a reqired parameter is missing, rather than Discourse::InvalidParameters.
2013-06-05 00:23:51 -07:00
3b245031a4
Implemented strong_parameters for Invite/InvitesController.
...
The email parameter is now required using strong parameters and will throw ActionController::ParameterMissing if it is missing. If the email address is incorrect or invalid, Discourse::InvalidParameters will still be thrown.
2013-06-05 00:04:03 -07:00
Sam
Vipul A M
Robin Ward
Jesse House
Neil Lalonde
Régis Hanol
Chris Hunt
Ian Christian Myers
Juan de Dios Herrero