71c1b8b9b9
When deleting a post as staff, ask if you want to delete direct replies too
2013-09-05 11:03:34 -04:00
f157ec1f91
Select +Replies for bulk operations
2013-09-05 11:03:29 -04:00
e15982a476
FIX: convert error in test
2013-08-28 22:06:09 +02:00
9085cec232
Move json hash from users controller to NicknameUnavailable
2013-08-26 15:00:11 +00:00
213ce33af2
Fixed all broken specs
...
Moved middleware config into authenticators
2013-08-26 12:59:17 +10:00
af356e58d4
work in progress, get specs to work.
2013-08-26 12:59:17 +10:00
f87ba0d88f
Merge pull request #1381 from einarj/test_nickname_hub_registration_failure
...
Added test case for nickname registration failure
2013-08-25 17:12:52 -07:00
d87389b38e
No more rails 4 deprecation warnings
2013-08-25 23:18:11 +02:00
0d22a77c63
Added test case for nickname registration failure
...
* Also made a minor readability change by moving the auth.present? check
* from UsersController#create into #create_third_party_auth_records
* which is the method that relies on the check.
2013-08-25 20:18:07 +00:00
3b9e62e6b9
improved specs for avatar
2013-08-24 22:45:05 +02:00
86012ac579
Fix a case when the wrong topic is loaded because the slug starts with a number
2013-08-22 16:23:46 -04:00
a95303fcd8
Log site customization changes. Use a modal to show staff action log details for site customizations.
2013-08-21 12:33:24 -04:00
1d030666d8
Log site setting changes and show in admin
2013-08-19 16:58:38 -04:00
4af8a9102e
Authenticate with Discourse via OAuth2
...
See https://github.com/michaelkirk/discourse_oauth2_example for an
example of how you might integrate your existing oauth2 provider's
authentication via a Discourse plugin.
2013-08-17 21:45:20 -07:00
b6285b85d2
Add reject option to pending users page
2013-08-16 11:42:43 -04:00
293361dcd3
Screened URLs list in admin
2013-08-15 10:52:26 -04:00
86647f0a54
Add ScreenedUrl. Rename BlockedEmail to ScreenedEmail.
2013-08-14 16:08:23 -04:00
ed060ed5f1
Change trust level logs the previous trust level
2013-08-13 12:04:28 -04:00
b36c6d7b78
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:55:09 -04:00
5c8c52482a
Add a way to view staff action logs in admin
2013-08-07 16:27:34 -04:00
d2fb6ec53f
Blocked Emails list in admin
2013-08-07 16:27:34 -04:00
1c3804934e
Show the entire history of replies above a post when you expend "in reply to"
2013-08-06 17:43:10 -04:00
c74da0d262
Admins who haven't been approved can log in when must_approve_users is enabled
2013-08-06 16:51:29 -04:00
98b58150bb
Dashboard calculations are done with an async job now
2013-08-02 18:32:33 -04:00
16cd3e2a53
Fix to allow admins to change the case of a someone's username
2013-07-30 16:48:45 -04:00
e25638dab0
add a way to delete posts and topics when deleting a user with UserDestroyer
2013-07-29 15:29:43 -04:00
a8df9778b5
Rename AdminLog to StaffActionLog
2013-07-29 15:29:43 -04:00
4a20d09523
distributed memoizer added to ensure absolute duplicate posts don't get through
...
in case of an absolute dupe just return the memoized post
This works around issues with wordpress being crazy
2013-07-29 12:25:19 +10:00
c28b377494
Don't redirect to arbitrary URLs via link tracker
2013-07-26 12:14:11 -04:00
f99acebdaa
Rails 4 updates
2013-07-24 21:09:18 +02:00
cb5ce3aab9
Merge pull request #1247 from sir-pinecone/strip-spaces-from-login
...
Strip leading/trailing spaces from login
2013-07-24 00:16:55 -07:00
b223cdb493
Strip spaces from group names upon creation
2013-07-24 00:00:17 -04:00
25f8692a79
Strip leading/trailing spaces from login
2013-07-23 23:03:38 -04:00
be9217d4c8
add server-side filesize check on uploads
2013-07-24 00:54:41 +02:00
9ac6c6e2e9
Merge pull request #1233 from sir-pinecone/improve-group-deletion
...
Add confirmation modal to admin group deletion
2013-07-23 00:43:06 -07:00
1f3c5cb656
allow end user to recover a post they delete
...
automatically delete stubs after 1 day
2013-07-22 17:48:47 +10:00
9616767bff
Add confirmation modal to admin group deletion
2013-07-22 02:48:23 -04:00
c2be81a76e
Merge pull request #1199 from ZogStriP/uploads
...
adds the `max_attachment_size_kb` setting
2013-07-16 23:03:42 -07:00
943f88fb88
make specs more robust
2013-07-16 16:18:05 +10:00
352ac9e60c
Finalize read only and post only categories, finished off UI work
2013-07-16 15:46:11 +10:00
ecf17cfebb
work in progress, add fidelity to category group permissions (full, create posts, readonly)
2013-07-16 15:46:11 +10:00
5ce05ff5cb
adds the `max_attachment_size_kb` setting
...
so that we can specify a different max upload size for attachments and images.
2013-07-16 02:01:36 +02:00
0e504aac9b
FIX: You can reset your password even if logins are required.
2013-07-15 12:12:54 -04:00
6ca5df0a09
Can recover deleted topics. Deleted topics show the first post as deleted in the UI.
2013-07-12 12:09:17 -04:00
b94d26d798
update back-end specs
2013-07-10 22:59:54 +02:00
b7327942af
Add `deleted_by` to `Trashable` tables
2013-07-09 15:46:36 -04:00
ba7a4e9845
Merge pull request #1165 from novemberkilo/feature/log-trust-level-boosts
...
Log all changes of user trust level by an admin
2013-07-09 12:16:08 -07:00
3c38062802
Check for updates: edge cases when the message on the dashboard doesn't make sense.
2013-07-09 14:01:08 -04:00
d98f288aa4
FIX: Recovering a deleted post was not updating a topic's statistics
2013-07-09 12:15:55 -04:00
45d85f4054
If the change doesn't go through, don't log anything
2013-07-08 12:51:35 +02:00
d77ce23de2
Log all changes of user trust level by an admin
2013-07-08 11:53:22 +02:00
91238af6f1
correct failing specs
2013-07-08 12:25:38 +10:00
6cd6484b5e
New mode for Wordpress: Filter ONLY posts liked by moderators
2013-07-05 16:07:24 -04:00
4c90b16681
FIX: Next pages were missing on `<noscript>` content. Also fixed some long standing bugs.
2013-07-05 14:45:54 -04:00
84ce04dfa5
Use POST for send_activation_email action
2013-07-05 12:26:46 -04:00
07ebd20776
Merge pull request #1143 from ahx/fix-cas-email-name-and-improve-authentication-specs
...
Improve the omniauth controller specs. Fix the email provided by CAS. Get name from CAS attributes.
2013-07-04 14:48:52 -07:00
661f2057f7
Improve the omniauth controller specs. Fix the email provided by CAS. Get name from CAS attributes.
...
* Make omniauth controller specs more robust by using shared examples for all authentication providers in controller spec. – Still passing. Yay!
* Return "casuser", instead of "casuser@" when no cas_domainname is configured.
* If no cas_domainname is configured, the CAS authentication would return "casuser@" for the users email field, because it tried to assume the email adress of the CAS user by it's username + cas_domainname.
Now it just returns the username instead of adding an "@" if cas_domainname is not configured.
This especially makes sense on CAS setups where the username equals the users email adress.
The old behaviour, if cas_domainname is configured, was not changed.
* Fetch the email from CAS attributes if provided
If the cas:authenticationSuccess (handled via omniauth-cas) response gives us an email use that.
If not, behave as before (username or username@cas_domainname).
* Fetch the (full) name from CAS attributes if provided
If the CAS response by omniauth provides a [:info][:name] field, prefer this over the uid, because we want the name to be a "Full Name", instead of just a "shortname"
2013-07-04 12:01:39 +02:00
3da37506da
Back end - temporary boosting of trust levels
2013-07-03 10:30:40 +02:00
075ed1ab53
Refactor user blocking code; hide the Block button in admin
2013-07-02 14:42:53 -04:00
5770879472
Refactor: Move Topic Details into better objects, identity map, tests, query string filters
2013-07-02 10:36:46 -04:00
46c6949b6e
Merge pull request #1123 from stephankaag/rails4-new
...
Refactor routes in order to be compatible with Rails 4
2013-07-01 16:07:22 -07:00
e39cc464b1
Refactor routes in order to be compatible with Rails 4
2013-07-01 20:00:06 +02:00
2ccf339437
Removed a debugging "put"
2013-06-28 23:16:13 +02:00
a352b70bfc
Permit changing my own username's case without an error saying it is already taken
2013-06-28 16:21:46 -04:00
b37b6ce664
Minor spec clean-up
2013-06-28 14:43:35 -04:00
2deaf8ef98
Custom Wordpress Serializer and Path, with Specs
2013-06-28 13:56:13 -04:00
1355c1e3b0
Fix links to uncategorized when SiteSetting.uncategorized_name is set
2013-06-27 16:16:06 -04:00
5d6ad8f39c
Show a useful message when a banned user tries to log in
2013-06-27 15:14:42 -04:00
92562c2090
Merge pull request #1057 from house9/list-controller-1
...
refactor list_controller
2013-06-25 17:36:56 -07:00
a86b35c873
Remove the access_password site setting
2013-06-25 15:05:25 -04:00
2e12eb2b62
refactor list_controller
...
- minor refactoring of actions 'category' and 'category_feed'
- fix defect in 'category' where check was for literal
string 'uncategorized' instead of SiteSetting.uncategorized_name
- major refactoring on defined topic actions
2013-06-25 08:29:00 -07:00
06be760257
adds TopMenuItem model which encapsulates top_menu parsing logic
2013-06-24 10:04:18 -07:00
e263bb3c0a
Anons should be able to see post history
2013-06-19 16:43:16 -04:00
5ef6714d48
New site setting: `minimum_topics_similar`, allows you to specify a minimum amount
...
of topics that need to be in the database before it will suggest similar topics as
a user creates a post.
2013-06-19 13:14:24 -04:00
799b402778
fix horribly broken invite code, could lead to inviting the wrong person to a conversation
2013-06-19 10:31:19 +10:00
eea00afb80
tos and privacy urls redirect based on site settings
2013-06-18 10:52:04 -04:00
6ea91b4416
remove useless upload topic direct association
2013-06-17 02:49:33 +02:00
77b218a142
FIX: Do not suggest similar topics from secure categories you can't see.
2013-06-12 13:45:11 -04:00
54d8c963d0
fix tests and allow SE onebox to onebox Meta cause I need that for an post I am writing
2013-06-12 12:23:24 +10:00
a362d62b42
Do not return mail password in EmailController
2013-06-11 16:00:13 -07:00
82b5f57e40
Make it possible to set a site setting to empty string
2013-06-11 14:31:38 -04:00
811a0df68b
Make s3 region site setting a drop down
2013-06-11 14:24:04 -04:00
5ff7e570ac
Add support for enum site settings that render as a dropdown; use a dropdown for default_locale
2013-06-11 11:40:14 -04:00
169125e96d
Fix a case where a random topic with null slug will be rendered instead of 404
2013-06-07 14:30:26 -04:00
b61e10f9ad
All parameters for #create in PostsController pass through strong_parameters.
...
We are now explicitly whitelisting all parameters for Post creation. A nice side-effect is that it cleans up the #create action in PostsController. We can now trust that all parameters entering PostCreator are of a safe scalar type.
2013-06-07 01:29:25 -07:00
93fc0e74bc
Test correct login behavior when pending approval
2013-06-06 18:36:16 -07:00
41b0692543
Show 'waiting approval' and don't send email
...
When 'must approve users' in enabled, we don't want to send an
activation email to users after they sign up. Instead, we will show them
'waiting approval' and not take an action until their account is
approved by an admin.
2013-06-06 18:36:16 -07:00
e7b38fb188
Move duplicated request to helper method
2013-06-06 18:36:16 -07:00
4a182f8bba
Fix spec doc; sends welcome email for active users
2013-06-06 18:36:16 -07:00
a151bfc7ec
Store when a topic was first set to auto-close and report that amount of time when it closes. And do some refactoring.
2013-06-06 17:04:21 -04:00
62041da7e0
Handle /t/only-the-slug urls by trying to find the topic by slug (second try)
2013-06-06 14:41:37 -04:00
0d01c33482
Enabled strong_parameters across all models/controllers.
...
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.
The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.
It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
2ca734c118
Merge pull request #964 from chrishunt/exclusive-club
...
Add 'invite only' site setting
2013-06-05 16:38:47 -07:00
0b97ea6345
Better HTML emails, smarter email digests, new email section in admin with digest preview
2013-06-05 17:47:25 -04:00
acf147ef88
Disable OmniAuth account creation if 'invite only'
2013-06-05 11:11:02 -07:00
d432798ff8
Silently fail if user tries to sneak in
...
When 'invite only' is enabled, there's no way for a user to create an
account unless they try and sneak in by POSTing to /users/. We will
silently fail if this happens.
2013-06-05 11:08:21 -07:00
41528f5d11
Implemented strong_parameters for Upload/UploadsController.
...
The topic_id param is now required using strong_parameters' #require method. If the parameter is missing ActionController::ParameterMissing will be raised instead of Discourse::InvalidParameters.
2013-06-05 00:55:55 -07:00
f50b648844
Implemented strong_parameters for PostAction/PostActionsController.
...
PostActionsController now uses strong_parameters' #require to require certain parameters. ActionController::ParameterMissing is now thrown when a reqired parameter is missing, rather than Discourse::InvalidParameters.
2013-06-05 00:23:51 -07:00
3b245031a4
Implemented strong_parameters for Invite/InvitesController.
...
The email parameter is now required using strong parameters and will throw ActionController::ParameterMissing if it is missing. If the email address is incorrect or invalid, Discourse::InvalidParameters will still be thrown.
2013-06-05 00:04:03 -07:00
130d837952
Implemented strong_parameters for Category/CategoriesController.
...
Category now requires parameters to be permitted by strong_parameters using #require or #permit for mass-assignment. Missing required parameters now throw a ActionController::ParameterMissing execption instead of the Discourse::InvalidParameters execption.
2013-06-04 23:45:25 -07:00
Robin Ward
Régis Hanol
Einar Jonsson
Sam
Navin Keswani
Neil Lalonde
Michael Kirk
Stephan Kaag
Michael Campagnaro
Michael Campagnaro
Navin
Andreas Haller
Jesse House
Chris Hunt
Ian Christian Myers