Commit Graph

54 Commits

Author SHA1 Message Date
Jarek Radosz 694b5f108b
DEV: Fix various rubocop lints (#24749)
These (21 + 3 from previous PRs) are soon to be enabled in rubocop-discourse:

Capybara/VisibilityMatcher
Lint/DeprecatedOpenSSLConstant
Lint/DisjunctiveAssignmentInConstructor
Lint/EmptyConditionalBody
Lint/EmptyEnsure
Lint/LiteralInInterpolation
Lint/NonLocalExitFromIterator
Lint/ParenthesesAsGroupedExpression
Lint/RedundantCopDisableDirective
Lint/RedundantRequireStatement
Lint/RedundantSafeNavigation
Lint/RedundantStringCoercion
Lint/RedundantWithIndex
Lint/RedundantWithObject
Lint/SafeNavigationChain
Lint/SafeNavigationConsistency
Lint/SelfAssignment
Lint/UnreachableCode
Lint/UselessMethodDefinition
Lint/Void

Previous PRs:
Lint/ShadowedArgument
Lint/DuplicateMethods
Lint/BooleanSymbol
RSpec/SpecFilePathSuffix
2023-12-06 23:25:00 +01:00
Martin Brennan 30d5e752d7
DEV: Revert guardian changes (#24742)
I took the wrong approach here, need to rethink.

* Revert "FIX: Use Guardian.basic_user instead of new (anon) (#24705)"

This reverts commit 9057272ee2.

* Revert "DEV: Remove unnecessary method_missing from GuardianUser (#24735)"

This reverts commit a5d4bf6dd2.

* Revert "DEV: Improve Guardian devex (#24706)"

This reverts commit 77b6a038ba.

* Revert "FIX: Introduce Guardian::BasicUser for oneboxing checks (#24681)"

This reverts commit de983796e1.
2023-12-06 16:37:32 +10:00
Martin Brennan 9057272ee2
FIX: Use Guardian.basic_user instead of new (anon) (#24705)
c.f. de983796e1

There will soon be additional login_required checks
for Guardian, and the intent of many checks by automated
systems is better fulfilled by using BasicUser, which
simulates a logged in TL0 forum user, rather than an
anon user.

In some cases the use of anon still makes sense (e.g.
anonymous_cache), and in that case the more explicit
`Guardian.anon_user` is used
2023-12-06 11:56:21 +10:00
Kelvin Tan ee084b754e
SECURITY: Prevent unauthorized access to grouped poll results
This adds access controls for the `/polls/grouped_poll_results`
endpoint, such that only users with appropriate permissions can read
the grouped results of a given poll.
2023-10-16 10:34:37 -04:00
Selase Krakani 55bdab2b3b
FIX: Ensure poll extraction is not attempted if post body is absent (#19718)
Since the poll post handler runs very early in the post creation
process, it's possible to run the handler on an obiviously invalid post.

This change ensures the post's `raw` value is present  before
proceeding.
2023-01-13 01:47:44 +00:00
David Taylor 055310cea4
DEV: Apply syntax_tree formatting to `plugins/*` 2023-01-07 11:11:37 +00:00
Daniel Waterworth 167181f4b7
DEV: Quote values when constructing SQL (#18827)
All of these cases should already be safe, but still good to quote for
"defense in depth".
2022-11-01 14:05:13 -05:00
Bianca Nenciu 62cbb766cd
FIX: Validate post's polls as acting user (#16638)
It used to validate the post from the perspective of the user who
created the post. That did not work well when an admin attempted to
add a poll to a post created by a user who cannot create posts because
it said the user cannot create polls.

The problem was that it used post.user for the validation process
instead of post.acting_user.
2022-05-05 09:54:10 +03:00
Vinoth Kannan 461936f211
FIX: don't validate and render the polls inside a quoted post. (#15019)
Previously, we had issues while approving posts since we validated the polls inside quotes.
2022-04-15 16:33:07 +05:30
Alan Guo Xiang Tan 21822cf0b7 FIX: Error when voting on a multiple poll without the min/max attrs. 2022-01-05 11:31:18 +08:00
Alan Guo Xiang Tan 1d0faedfbc
FIX: Validate number of votes allowed per poll per user. (#15001)
* DEV: Remove spec that we no longer need.

As far as we know, the migration has been successful for a number of
years.

* FIX: Validate number of votes allowed per poll per user.
2021-11-19 09:50:08 +08:00
Bianca Nenciu 6a143030f8
FEATURE: Allow users to remove their vote (#14459)
They can use the remove vote button or select the same option again for
single choice polls.

This commit refactor the plugin to properly organize code and make it
easier to follow.
2021-10-05 11:38:49 +03:00
Jarek Radosz babbebfb35
FEATURE: Add the title attribute to polls (#10759)
Adds an optional title attribute to polls. The rationale for this addition is that polls themselves didn't contain context/question and relied on post body to explain them. That context wasn't always obvious (e.g. when there are multiple polls in a single post) or available (e.g. when you display the poll breakdown - you see the answers, but not the question)

As a side note, here's a word on how the poll plugin works:

> We have a markdown poll renderer, which we use in the builder UI and the composer preview, but… when you submit a post, raw markdown is cooked into html (twice), then we extract data from the generated html and save it to the database. When it's render time, we first display the cooked html poll, and then extract some data from that html, get the data from the post's JSON (and identify that poll using the extracted html stuff) to then render the poll using widgets and the JSON data.
2020-10-02 09:21:24 +02:00
Kane York 330102fd20 FEATURE: Show votes in an "on voted" poll to the creator
This required properly plumbing the guardian into the serializer.

Notably, the default state in the client was not changed - if you haven't voted in
the poll, you need to click the button to view the results instead of the results
being immediately visible on page load.

Implements https://meta.discourse.org/t/-/138108
2020-03-20 13:36:42 -07:00
Dan Ungureanu c62d5b139b
FIX: Allow users to create polls in PMs with non human users (#9055) 2020-03-02 14:29:40 -05:00
Mark VanLandingham 5d97286fa7
FEATURE: Allow single option polls (#8853) 2020-02-05 08:03:27 -06:00
Bianca Nenciu 07222af7ab
FEATURE: Add 'groups' option to polls (#8469)
This options can be used to restrict polls to certain groups.
2020-01-28 14:30:04 +02:00
Jarek Radosz 9e3fc1111d
FIX: Add a blank poll options validation (#8652)
Before, saving a post with a blank poll option resulted in error 500.
2020-01-03 15:09:36 +01:00
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Guo Xiang Tan 152238b4cf DEV: Prefer `public_send` over `send`. 2019-05-07 09:33:21 +08:00
Bianca Nenciu e49bcebb35 FIX: Validate poll arguments. (#6740)
* FIX: Validate number poll.
* FEATURE: Poll's min can be 0.
* FIX: Fix URL to user profile.
2018-12-31 10:48:30 +01:00
Bianca Nenciu c928386c3e FIX: Copy old status to new poll. (#6788) 2018-12-19 11:29:13 +01:00
Régis Hanol aea2d8bbeb FIX: properly secure poll message bus
Co-authored-by: Sam <sam.saffron@gmail.com>
2018-12-05 21:27:49 +01:00
Régis Hanol 4459665dee
REFACTOR: use tables instead of custom fields for polls (#6359)
Co-authored-by: Guo Xiang Tan <tgx_world@hotmail.com>
2018-11-19 14:50:00 +01:00
Régis Hanol f05ca02f13 FIX: unable to add new poll to post with a public poll 2018-06-05 15:49:21 +02:00
Régis Hanol 9ff2d540ba fix the build 2018-05-03 10:32:01 +02:00
Régis Hanol ba14c80b9c FEATURE: automatically close a poll on a given date and time 2018-05-03 02:12:19 +02:00
Guo Xiang Tan 51657d3426 Allow polls to be added/renamed/removed as long as user can edit posts. 2018-03-14 11:00:57 +08:00
Guo Xiang Tan b77553a635 FIX: Staff should be able to updates polls when edit window expires.
https://meta.discourse.org/t/moderators-cannot-remove-polls-from-posts/81804/7?u=tgxworld
2018-03-08 16:45:06 +08:00
Guo Xiang Tan d02e2cbcca PERF: Avoid fetching a bunch of ids in polls updater. 2018-03-07 14:18:56 +08:00
Gerhard Schlager 7a2183e8ab FEATURE: rake task for merging users 2018-03-01 12:28:12 +01:00
Joffrey JAFFEUX 316d814130
FIX: staff should always be allowed to create polls if they are enabled 2017-12-05 00:03:56 +01:00
Joffrey JAFFEUX 76bc173d47
FEATURE: adds poll_allow_staff_to_create
This setting will bypass poll_minimum_trust_level_to_create if set to true
2017-12-04 18:12:17 +01:00
Joffrey JAFFEUX 63bab32816 FEATURE: introduces minimum trust level for polls (#5391)
* FEATURE: introduces minimum trust level for polls

This commit makes `poll_enabled` less misleading and introduces `poll_minimum_trust_level_to_create`. If poll are enabled they will always be cooked, and if you have the required trust level you can create polls. As a side effect, it also fixes a bug where rebaking a post created by staff member when `poll_enabled=false` would end up not cooking it.

It also adds more tests to ensure settings are respected.

* admins should be whitelisted

* checks for admin in post validation

* test for >= instead of == trust level
2017-12-04 14:47:11 +01:00
Sam 43c0111ca1 FIX: multichoice poll with more than 25 votes
In the past we would double up on avatars due to incorrect logic for
handling offset
2017-08-14 15:33:59 -04:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Sam Saffron 045a2abcec FEATURE: remove the timecop gem
We should only have one way of mocking time, misuse of timecop
was causing build stability issues
2017-07-24 12:11:10 -04:00
Guo Xiang Tan e80a1dfa43 FIX: Post with multiple polls containing votes can not be edited.
https://meta.discourse.org/t/500-internal-server-error-when-editing-specific-poll-in-a-post-with-votes-editing-other-polls-works-fine/59684
2017-07-14 12:33:22 +09:00
Guo Xiang Tan 8c4dfdfa40 FIX: Votes lost when editing a poll option with votes. 2017-01-16 22:51:57 +08:00
Guo Xiang Tan 8213da20f2 Extract polls edit window to a site settings. 2016-08-10 15:17:16 +08:00
Guo Xiang Tan c3cab98998 FEATURE: Admins should be able to create polls even when plugin is disabled. 2016-07-13 18:05:19 +08:00
Guo Xiang Tan f53494f102 FIX: Polls with votes cannot be made public. 2016-06-09 12:10:27 +08:00
Guo Xiang Tan 8ecde35df3
FEATURE: Add public type to polls. 2016-06-08 16:19:13 +08:00
Guo Xiang Tan 5f92de8ede
Remove unnecessary for loop. 2016-06-07 16:50:45 +08:00
Guo Xiang Tan 2f14a81fa4
FIX: `min` setting should be greater than 0 for multiple type polls. 2016-06-07 10:48:06 +08:00
Guo Xiang Tan a849fae5ee Add specs for polls (#4246)
* Extract validation logic into a service object.

* Extract logic for updating polls custom fields into a service object.

* Use `strip_heredoc` instead.

* FIX: Polls do not update when configuration has been changed.
2016-06-06 17:04:56 +02:00
Régis Hanol d889f05480 changed default 'poll maximum options' to 20 2015-05-19 14:33:27 +02:00
Régis Hanol 43755a6fab keep closed status when migrating poll to new style 2015-05-13 22:30:27 +02:00
Régis Hanol 06643fb625 add support for all types of unordered lists in migrate_old_polls 2015-05-13 22:10:02 +02:00
Régis Hanol 4df868a420 FIX: update 'migrate_old_polls' rake task to support more cases
FIX: support list that uses double newlines
FIX: support list that uses spaces before the '-'
FIX: don't break lamentably when a poll wasn't created
2015-05-13 19:56:09 +02:00