Commit Graph

239 Commits

Author SHA1 Message Date
Arpit Jalan ff0376a80b rename 'enable_private_messages' to 'enable_personal_messages' 2018-02-01 13:25:29 +05:30
Sam 650ec9c73f minor test the developer cache first before digging into email 2018-01-17 15:50:41 +11:00
Guo Xiang Tan f2565f6c7e SECURITY: Any group can be invited into a PM. 2017-12-14 14:57:48 +08:00
Robin Ward 1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Neil Lalonde 4452d67a23 Revert "FIX: TL0 users' messages to moderators were not being posted when flagging private messages" 2017-10-23 18:17:53 -04:00
Guo Xiang Tan 79de10b212 FEATURE: Allow users to disable new PMs.
https://meta.discourse.org/t/is-it-possible-to-disable-private-messaging-for-a-specific-user/46391
2017-10-19 12:32:55 +08:00
Neil Lalonde b124e5f19f FIX: TL0 users' messages to moderators were not being posted when flagging private messages 2017-10-13 11:55:49 -04:00
Robin Ward db929e58fc FIX: Don't allow staff to approve users with unverified emails 2017-09-04 12:55:39 -04:00
Bianca Nenciu bb3a5910d7 Support for sending PMs to email addresses (#4988)
* Added support for sending PMs to email addresses.

* Made changes after review.

* Added settings validator.

* Fixed tests.
2017-08-28 12:07:30 -04:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Guo Xiang Tan 2a17f1ccd7 FIX: Group owners should be able to invite users to their groups.
https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12
2017-07-21 23:48:25 +09:00
Robin Ward f1a6449e4b SECURITY: Remove disposable invite feature 2017-07-07 20:24:39 -04:00
Arpit Jalan c243861b17 FIX: do not show "Send Activation Email" button if `must_approve_users` setting is enabled
https://meta.discourse.org/t/error-when-pressing-send-activitation-email-when-must-approve-users-setting-is-enabled/65408
2017-07-04 14:00:50 +05:30
Sam 845170bd6b FEATURE: add support for group visibility level
There are 4 visibility levels

- public (default)
- members only
- staff
- owners

Note, admins and group owners ALWAYS have visibility to groups

Migration treated old "non public" as "members only"
2017-07-03 15:26:57 -04:00
Arpit Jalan e7b9b1312e FEATURE: remove all invites
https://meta.discourse.org/t/remove-all-invitations-button-for-the-admin-panel/65207
2017-06-29 22:30:10 +05:30
Robin Ward 908433a7a0 SECURITY: Validate the `entity` when downloading a CSV 2017-05-19 16:00:51 -04:00
Robin Ward 28f486cb7a FIX: Regular users shouldn't be able to invite to PMs if disabled 2017-05-19 12:57:21 -04:00
Arpit Jalan 5d9d2cf287 FIX: do not explicitly show email of flagger / flagged user 2017-04-20 22:09:30 +05:30
David Taylor 96f2335c09 FIX: Corrects typo to avoid error 500 on theme change 2017-04-15 01:21:53 +01:00
Sam def7348777 FIX: display custom sections with default theme
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
Arpit Jalan 213a496203 FIX: show all staff events related to the target user 2017-02-22 13:31:40 +05:30
Arpit Jalan b32f33b3f0 FIX: allow staff members to send PMs when enable_private_messages is disabled 2017-02-22 11:32:09 +05:30
Arpit Jalan 046cbad10b FEATURE: add a button on admin user page that links to action log 2017-02-21 21:38:37 +05:30
Arpit Jalan dc2171960b FIX: allow existing users to be invited to topic/message when must_approve_users is enabled 2017-02-03 13:01:23 +05:30
Guo Xiang Tan c7b151683d FIX: Do not allow admins to meddle with admin and moderation access of non real users. 2016-12-29 11:11:33 +08:00
Sam ab68e0c9db FEATURE: allow "developer" account flagging via developers table
This mechanism for flagging developer accounts will eventually replace
DISCOURSE_DEVELOPER_EMAILS
2016-07-28 10:14:06 +10:00
Sam d61df21d69 FEATURE: allow people to send messages to themselves (for notes etc) 2016-07-04 11:36:43 +10:00
Régis Hanol 800081f606 FIX: staged users weren't able to reply in restricted categories 2016-06-26 19:25:45 +02:00
Guo Xiang Tan dfdc54957c
FIX: A blocked user should not be able to moderate anything. 2016-06-20 15:51:26 +08:00
Arpit Jalan b1a94049e0 FIX: only staff can access 'resend all invites' feature 2016-06-07 10:57:08 +05:30
Neil Lalonde f3f6c2f98f FEATURE: tag groups 2016-06-06 14:18:48 -04:00
Arpit Jalan 22d7ea1192 FIX: user can't export entity unless they are logged in 2016-05-05 19:12:37 +05:30
Neil Lalonde e5918c7d00 FEATURE: Merge tagging plugin into core 2016-04-27 11:58:53 -04:00
Robin Ward de82bd946d
FIX: Group members should be able to see their groups even if private 2016-04-26 14:17:53 -04:00
Régis Hanol 415efd0f5b FIX: staged user doesn't get notified for replies in topics they created in secured categories 2016-02-24 11:30:17 +01:00
Neil Lalonde 685ba1eb7f FEATURE: blocked users can send and reply to private messages from staff 2016-01-22 12:54:24 -05:00
Arpit Jalan 9f8d6b6088 FIX: allow exisiting users to be invited to topic/message when enable_local_logins is disabled 2015-10-30 11:28:05 +05:30
Sam e29fe77b45 FEATURE: make trust level for message sending configurable
- add min_trust_to_send_messages site setting (default 1) to allow admins
 to configure when messages can be sent between members
2015-10-12 11:15:48 +11:00
Arpit Jalan 4d593d1c18 FIX: staff should be immune to max_invites_per_day setting 2015-06-05 10:22:41 +05:30
Sam dd91d5b02f FEATURE: disable invites by setting max_invites_per_day to 0 2015-05-19 16:51:21 +10:00
Arpit Jalan d491d4f997 FEATURE: invite existing users to private topic 2015-04-16 00:52:54 +05:30
Régis Hanol 23e8e1b6c1 Merge pull request #3303 from riking/patch-6
FIX: Don't fail topic auto-close if privledges are lost
2015-04-06 11:12:37 +02:00
Arpit Jalan e8dd5592c6 FEATURE: support inviting existing users to topic and message when SSO is enabled 2015-04-05 14:31:35 +05:30
riking 03b971c3e3 FIX: Don't fail topic auto-close if privledges are lost 2015-03-27 15:31:04 -07:00
Sam 1601211617 Revert "FEATURE: allow end users to opt out of getting any private messages"
This reverts commit 229ecc4f8a.
2015-03-23 17:21:58 +11:00
Sam 229ecc4f8a FEATURE: allow end users to opt out of getting any private messages 2015-03-23 15:50:45 +11:00
Jason W. May 0f36774246 group manager can invite members into the group from any restricted topic 2015-03-03 12:18:42 -08:00
Jason W. May a2b284a0a4 table & model changes for group managers with permission to edit membership 2015-01-15 11:44:42 -08:00
Arpit Jalan 78537aad39 FIX: rate limit user posts export 2014-12-31 00:54:23 +05:30
Arpit Jalan bb152a5b3f FEATURE: download user posts archive 2014-12-24 15:13:48 +05:30
Régis Hanol b09ad87098 FIX: add 'show emails' button from moderators in user admin section 2014-11-03 12:46:08 +01:00
Régis Hanol e7f251c105 LOTS of changes to properly handle post/topic revisions
FIX: history revision can now properly be hidden
FIX: PostRevision serializer is now entirely dynamic to properly handle
hidden revisions
FIX: default history modal to "side by side" view on mobile
FIX: properly hiden which revision has been hidden
UX: inline category/user/wiki/post_type changes with the revision
details
FEATURE: new '/posts/:post_id/revisions/latest' endpoint to retrieve
latest revision
UX: do not show the hide/show revision button on mobile (no room for
them)
UX: remove CSS transitions on the buttons in the history modal
FIX: PostRevisor now handles all the changes that might create new
revisions
FIX: PostRevision.ensure_consistency! was wrong due to off by 1
mistake...
refactored topic's callbacks for better readability
extracted 'PostRevisionGuardian'
2014-10-27 22:06:43 +01:00
Sam 59d04c0695 Internal renaming of elder,leader,regular,basic to numbers
Changed internals so trust levels are referred to with

TrustLevel[1], TrustLevel[2] etc.

This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
riking ee812eb447 FIX: Do not perform grants if badges are disabled 2014-09-02 13:12:27 -07:00
Arpit Jalan f571abfaaf FEATURE: allow staff to send multiple invites to same email 2014-07-30 00:13:11 +05:30
Arpit Jalan 575b5e3d13 FEATURE: disposable invite tokens 2014-07-14 21:30:46 +05:30
Sam d99a9b6735 FIX: invite security check broke PM viewing for all admins 2014-07-05 16:56:26 +10:00
Arpit Jalan 48f86181bf REFACTOR: move all conditions to guardian 2014-07-04 23:04:19 +05:30
Neil Lalonde 4f523ae1b9 Don't allow invites if local logins are disabled, since it provides a way to bypass external auth 2014-06-18 16:46:20 -04:00
Arpit Jalan 727184641e FEATURE: Bulk Invite 2014-06-09 01:43:39 +05:30
Régis Hanol fca6738212 BUGFIX: could not see the revisions of a post in a deleted topic 2014-05-12 16:30:10 +02:00
Sam 084ec87850 FEATURE: admins can invite users to groups via the web UI 2014-05-09 18:22:36 +10:00
Sam 3f07c1d0a1 Backend support for group invites 2014-05-09 18:22:35 +10:00
Neil Lalonde f44bd4ec28 Don't allow sending private messages to suspended users. Emails to suspended users should tell them how to respond, since they can't. 2014-05-06 15:01:27 -04:00
Neil Lalonde 1da59e7e2e FIX: deactivated users shouldn't be able to log in 2014-04-28 13:46:28 -04:00
Neil Lalonde 7993c27ce5 Also allow system_user to send pm's even if enable_private_messages is disabled 2014-04-25 14:52:57 -04:00
Neil Lalonde ee8bbadfe8 Allow contact user to send private messages even if enable_private_messages is false 2014-04-23 17:00:22 -04:00
Robin Ward 84da39f5dc FIX: Admins should always be able to see groups so they can edit them. 2014-04-23 15:15:46 -04:00
Robin Ward af877781b7 Allow admins to choose if groups are visible or not. 2014-04-22 16:43:46 -04:00
Sam 25860622b7 BUGFIX: if SSO is enabled invite system is disabled 2014-04-22 09:17:37 +10:00
Thomas Cioppettini 38882eb1a7 Remove threequals from ruby files 2014-03-26 12:20:41 -07:00
Robin Ward 539890afdf Let's not show tons of extra information about invites unless you're the
person who invited them.
2014-03-21 14:16:11 -04:00
Neil Lalonde 2c725e2779 FEATURE: Trust level 4 abilities: pin/unpin, close, archive, make invisible, split/merge topic 2014-03-17 14:50:28 -04:00
Vikhyat Korrapati 9b26c8584e Initial badge system implementation. 2014-03-14 21:49:26 +05:30
Régis Hanol 831ad524e6 added some comments 2014-02-13 13:31:13 -08:00
Neil Lalonde 8711762143 Users who have made no more than one post can delete their own accounts from their user preferences page. 2014-02-13 13:52:06 -05:00
Robin Ward b61df08d1b FEATURE: Admin selector to choose a primary group for a user, display it
and apply a CSS class to their posts.
2014-02-10 17:00:15 -05:00
Sam d9c05fcfc8 SECURITY: dissalow mods from seeing PMs 2014-02-07 14:24:19 +11:00
Régis Hanol 4fb274fb9d BUGFIX: history link doesn't work on deleted posts 2014-02-04 20:05:50 +01:00
Neil Lalonde 7c8ea8c166 Trust level 3 users can edit topic titles and change category 2014-01-16 11:59:26 -05:00
Patrick ffb29dea77 Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter
Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-10 21:22:54 -06:00
Neil Lalonde 259295d865 Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year. 2014-01-09 11:55:04 -05:00
verg 8a830fb8e3 Prevent deleting 'uncategorized' category 2013-12-31 11:22:44 -06:00
Régis Hanol 06dd7ffe3c better revision history 2013-12-12 03:41:34 +01:00
Robin Ward 309904ef8f Revert "Merge pull request #1673 from aperrault/patch-04"
This reverts commit c9ea89bdd3, reversing
changes made to 9ed49888fc.
2013-11-19 14:08:45 -05:00
Autumn Perrault d9c026bec5 Fixing neglect to determine whether a user has the permission to create a topic on a category (besides being able to create a post) in ListController, TopicList, and TopicListSerializer causing the "Create Topic" button to appear even if a user cannot actually create a topic in that category but can reply to a topic therein. 2013-11-19 05:09:58 -07:00
Neil Lalonde 0c6f794eb0 Used the term suspended instead of banned. 2013-11-07 13:53:49 -05:00
Robin Ward de30af9302 Support for inviting to a forum from a user's invite page. 2013-11-06 12:56:50 -05:00
Neil Lalonde 4e46d91b8d Refactor SpamRulesEnforcer so that each spam rule is in its own class 2013-10-25 13:25:02 -04:00
Sam e18b93026a defer view creation on so updates are not performed when people navigate to topics 2013-10-07 15:04:59 +11:00
Sam 5bf26ec34e large refactor, ship a few columns from the user table into user_stats 2013-10-07 15:04:59 +11:00
Matthieu Guillemot 3ba1f20674 New site settings to enable/disable the possibility of editing user's nickname or email address 2013-09-14 21:34:21 +09:00
Sam 36f8c9c45b improve logic and performance on front page to avoid massive query 2013-09-10 16:02:54 +10:00
Sam 41a1b6942d notify moderators now goes to the "community" user, that saves our poor mods from a flood of pms
if any staff respond to a pm they are automatically added to the list of recipients and will start
getting email notifications
2013-09-06 14:07:23 +10:00
Sam 5b08f73561 give god rights of impersonation to developers, must be edited into the production.rb config file 2013-09-05 10:27:34 +10:00
Neil Lalonde b47eedba00 Add min_trust_to_create_topic setting to require a certain trust level before users can start new topics 2013-09-03 19:12:22 -04:00
Neil Lalonde 663adde90e Users can change their own username at any time if they have no posts 2013-08-23 11:23:00 -04:00
Giuseppe Capizzi eaede108c7 Remove duplication from Guardian 2013-08-16 14:24:29 +02:00
Neil Lalonde b8a1e21dbd Delete all posts is allowed for the same amount of time as delete user 2013-08-13 11:11:05 -04:00
Neil Lalonde b36c6d7b78 Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days. 2013-08-12 14:55:09 -04:00
Neil Lalonde 4fd5087f91 Add button to delete a spammer in the flag modal
Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI
Moderators can delete users too
2013-07-29 15:29:44 -04:00
Neil Lalonde e25638dab0 add a way to delete posts and topics when deleting a user with UserDestroyer 2013-07-29 15:29:43 -04:00
Sam 7b1f9928e4 staff can change trust levels 2013-07-23 09:13:48 +10:00
Sam 1f3c5cb656 allow end user to recover a post they delete
automatically delete stubs after 1 day
2013-07-22 17:48:47 +10:00
Sam 352ac9e60c Finalize read only and post only categories, finished off UI work 2013-07-16 15:46:11 +10:00
Sam ecf17cfebb work in progress, add fidelity to category group permissions (full, create posts, readonly) 2013-07-16 15:46:11 +10:00
Robin Ward 6ca5df0a09 Can recover deleted topics. Deleted topics show the first post as deleted in the UI. 2013-07-12 12:09:17 -04:00
Robin Ward 19c169540c Staff can enter and view deleted topics 2013-07-11 16:39:35 -04:00
Neil Lalonde 7977deb3bf Don't allow editing of title and category of an archived topic 2013-07-09 16:54:46 -04:00
Navin 3da37506da Back end - temporary boosting of trust levels 2013-07-03 10:30:40 +02:00
Neil Lalonde b2d300fe0b Add ability to give users a title. Show them under usernames beside posts. Needs love from a designer. 2013-06-25 18:39:20 -04:00
Sam e53aa45f54 I think this is more correct, admins/mods should always be able to invite 2013-06-21 16:35:27 +10:00
Sam 80c42753e1 fix up find as you type for the invite into PM function
allow mods to remove users from a PM
2013-06-18 17:17:01 +10:00
Neil Lalonde c4904aacc0 Automatically flag someone as a spammer if their posts get at least X spam flags from N users while their trust level is 'new user'. Staff can clear and set this status from the user record in admin. 2013-06-03 16:37:40 -04:00
Matt Van Horn e5e904aa4e minor refactorings 2013-05-24 13:36:33 -07:00
Matt Van Horn 872995db57 refactor guardian class for clarity & correctness
introduce NullUser to avoid type-checking
DRY up code
reduce number of multiple returns
remove some redundant/impossible logic branches
add pending test for possible bug
add test & fix for ability to flag archived posts
add #secure_category? method to topic class
Fix bug that prevented flagging of archived topics
Rename NullUser to AnonymousUser
DRY up can_<action>? methods
Fix some ownership logic, and a test, for Guardian
2013-05-22 01:09:34 -07:00
Sam b5eff93a9d update message bus to support per client filtering
start work on user_tracking_state
fix can_ban? in guardian
expose protected scopes on topic_query we need
move guardian spec to use build as opposed to creating topics / posts / users
start work on user tracking spec
2013-05-21 16:39:51 +10:00
Sam b6bf95e741 speed up startup (avoid loading some gems on startup)
correct group permission leaks
add Discourse.cache for richer caching support
2013-05-13 18:04:03 +10:00
Sam 5280b3a01b more group progress, UI getting there, controller mostly done
changed it so notify moderators goes to the moderators group
allow admins to grant self moderation and revoke self moderation
2013-05-09 17:37:34 +10:00
Neil Lalonde f35a44aeae Add ability for admins and mods to send another activation email to a user, to activate an account, and deactivate an account 2013-05-08 10:10:47 -04:00
Sam 3eab0be4a8 deleting posts as an admin was bust 2013-05-03 17:56:23 +10:00
Sam 5ec52bd2e9 :s/moderator?/staff/g ... our naming was kind of crazy, renamed moderator? to staff 2013-05-02 17:22:27 +10:00
Sam 65cd00cf25 moderators now have teeth, more at http://meta.discourse.org/t/moderator-permission-set/6307/5
allow pms to be targetted at groups
2013-05-02 15:15:53 +10:00
Sam 5cfcdc7ef0 backend for secure categories mostly done (todo pm groups) 2013-04-29 16:33:43 +10:00
Neil Lalonde 651cfba93f Add ability to destroy a user with 0 posts 2013-04-12 16:53:00 -04:00
Sam e969eb14e8 added 2 new flag types: notify user and notify moderators
fixed up messed up user navigation
refactored
2013-04-12 17:55:45 +10:00
Sam 4fbf017272 get regular trust level going, self heal inconsistent topic timings 2013-04-05 15:30:28 +11:00
Robin Ward 738789f336 Admins can't lock themselves out of a site by setting approval. 2013-04-03 12:23:28 -04:00
Sam 62c60540be pull moderator into own column, rename trust levels 2013-03-19 21:06:11 -07:00
Sam ec948dc660 loading a user in a post_action is wasteful 2013-03-19 16:54:23 -07:00
Régis Hanol 239cbd2d58 enforce coding convention
replaced every `and` by `&&` and every `or` by `||`
2013-03-05 01:42:44 +01:00
Gosha Arinich 0c99dea153 introduce Enum 2013-03-01 21:16:36 +03:00
Gosha Arinich cafc75b238 remove trailing whitespaces ❤️ 2013-02-26 07:31:35 +03:00
Ismael Abreu 80bec6efc9 Adds grant and revoke moderation buttons so admins can make users moderators 2013-02-14 01:12:23 +00:00
Robin Ward 03a798b202 Can clear flags on deleted posts if you're a moderator 2013-02-08 19:07:29 -05:00
Robin Ward 084a873b91 Give regular users a delete button. If they click it, their post will be revised to
say it was deleted.
2013-02-07 15:14:23 -05:00
Sam Saffron 85973ce6b0 added delete all posts button
wired up the ability to enable all themes
2013-02-07 18:11:56 +11:00
Bruno Bonamin de871ccf8a Fixed minor typo in lib/guardian.rb
Just a letter switch I found upon browsing the code :)
2013-02-06 17:46:45 -02:00
Robin Ward 21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00