e9ea0102a5
FIX: Consistency about our response for invalid user id in `Admin::UsersController`.
2018-12-15 08:01:35 +08:00
03014b0d05
FEATURE: adds security tab to dashboard ( #6768 )
...
This commit also includes the new staff_logins report
2018-12-14 13:47:59 +01:00
9f89aadd33
FIX: delete all posts in batches without hijack ( #6747 )
2018-12-14 11:04:18 +01:00
f7ce607e5d
FIX: Return 422 instead of 500 for invalid SSO signature ( #6738 )
2018-12-07 15:01:44 +00:00
56890efd7a
FEATURE: Add 'Advanced Test' for admin panel.
2018-12-05 21:56:18 +01:00
d33d031742
FEATURE: Filter topic and post web hook events by tags ( #6726 )
...
* FEATURE: Filter topic and post web hook events by tags
* Add a spec test with unmatched tags
2018-12-05 14:44:06 +05:30
851ef14096
Revert "FIX: do not agree flags by default when deleting posts"
...
This reverts commit cb6fc8057b
2018-11-28 10:21:11 +05:30
cb6fc8057b
FIX: do not agree flags by default when deleting posts
2018-11-27 10:57:20 +05:30
b5bf182ad5
FIX: validate topic deletion when acting on a flag
2018-11-25 23:24:03 +05:30
8e32aa1483
FEATURE: show post approvals in Moderation History ( #6643 )
2018-11-22 10:22:23 +08:00
e860c8b844
FIX: adds support for missing reports from old dashboard ( #6624 )
2018-11-19 12:20:05 +01:00
44391ee8ab
FEATURE: Upload Site Settings. ( #6573 )
2018-11-14 15:03:02 +08:00
5af9a69a3b
FIX: Do not check for suspicious login when impersonating. ( #6534 )
...
* FIX: Do not check for suspicious login when impersonating.
* DEV: Add 'impersonate' parameter to log_on_user.
2018-11-12 15:34:12 +01:00
9c616e0679
FIX: handles not found reports in bulk loading ( #6582 )
2018-11-12 13:47:24 +01:00
7c4d4331bc
FEATURE: Better handling of quotation marks in site text search
...
It also matches 3 dots with the ellipsis symbol.
2018-11-12 13:26:41 +01:00
242a5fc5ef
Add DiscourseEvents for when users as unsuspended/unsilenced
2018-11-08 16:33:38 -05:00
32b1f34910
PERF: avoid DNS lookups when getting IP info
...
Also cleans up interface in DiscourseIpInfo
grew cache to 2000 entries
2018-10-31 12:38:57 +11:00
e1e392f15b
DEV: Use DiscourseIpInfo for all IP queries. ( #6482 )
...
* DEV: Use DiscourseIpInfo for all IP queries.
* UX: Use latitude and longitude for more precision.
2018-10-30 22:08:57 +00:00
4b7ab97a01
FIX: Add 'log in via link' to email templates. ( #6545 )
2018-10-30 19:15:05 +00:00
6a3767cde7
FEATURE: Warn users via email about suspicious logins. ( #6520 )
...
* FEATURE: Warn users via email about suspicious logins.
* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
84d4c81a26
FEATURE: Support backup uploads/downloads directly to/from S3.
...
This reverts commit 3c59106bac
2018-10-15 09:43:31 +08:00
3c59106bac
Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
...
This reverts commit c29a4dddc1
2018-10-11 11:08:23 +08:00
c29a4dddc1
FEATURE: Support backup uploads/downloads directly to/from S3.
2018-10-11 10:38:43 +08:00
51aba32651
FEATURE: add branch option to remote theme import
...
* FEATURE: add branch option to remote theme import
* FIX: Add missing variable in params
* FIX: Add missing param for import_theme method
* SPEC: Add test methods for branch support in git import
* FIX: Add missing space to scss style
* Do not assume default branch as master
* Change branch field placeholder
* FIX: add missing div start tag
2018-10-09 17:01:08 +11:00
0e9841b995
SECURITY: remove admin memory diagnostics routes
2018-09-18 08:35:09 +10:00
d1984a0b4d
FIX: display a correct error when attempting to agree on a deferred flag
...
Previously we would raise a 500 error if a moderator tried to agree on a
flag another moderator deferred.
This can happen cause the UX for flags does not live refresh as flags
are handled
2018-09-12 13:16:59 +10:00
72ffabf619
UX: Improve email testing admin tool. ( #6308 )
2018-08-29 23:14:16 +02:00
82dcc5cbfa
FEATURE: makes reports loadable in bulk ( #6309 )
2018-08-24 15:28:01 +02:00
e0cc29d658
FEATURE: themes and components split
...
* FEATURE: themes and components split
* two seperate methods to switch theme type
* use strict equality operator
2018-08-24 11:30:00 +10:00
dc5fddbfe6
FIX: Do not show an empty modal when an IP address is allowed or blocked. ( #6265 )
2018-08-20 17:37:30 +02:00
37d4f27c44
FIX: quality/bugfix dashboard/reports pass ( #6283 )
2018-08-17 16:19:25 +02:00
0b7ed8ffaf
FEATURE: backend support for user-selectable components
...
* FEATURE: backend support for user-selectable components
* fix problems with previewing default theme
* rename preview_key => preview_theme_id
* omit default theme from child themes dropdown and try a different fix
* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
67ec81babf
FIX: fixes last backup/last_update dates ( #6242 )
2018-08-07 08:19:52 -04:00
6797395bd0
FIX: staff should be allowed to agree and keep post
2018-08-07 10:05:43 +10:00
7f2f3b8b22
FIX: improves reports resilience ( #6239 )
...
This commit makes most of the reports now lazy loaded, and making them benefits from graceful failures.
2018-08-06 16:57:40 -04:00
535732bdc1
FIX: ensure the 'email_revoked' PM template is customizable
2018-08-03 17:10:20 +02:00
c12a9279f6
post deleted notification regression because controller was agreeing with all flags too early
2018-07-30 16:45:46 -04:00
87537b679c
Drop `reply_key`, `skipped` and `skipped_reason` from `email_logs`.
2018-07-30 11:39:28 +08:00
330cf78c83
FIX: don’t break browser history on dashboard visit ( #6186 )
2018-07-26 14:59:28 -04:00
9989c8179d
FIX: Translation for default (light) color scheme was missing
2018-07-25 11:28:14 +02:00
1ac643d71c
FIX: Email template for "Queued Posts Reminder" was not found
2018-07-24 17:26:52 +02:00
fad9c2b971
PERF: Move `EmailLog#reply_key` into new `post_reply_keys` table.
2018-07-24 13:51:53 +08:00
ae8b0a517f
PERF: Split skipped email logs into a seperate table.
2018-07-24 13:14:37 +08:00
37b726982d
Fix silence and unsilenced response bodies
...
Both response bodies had a typo that included suspended_at, so I renamed
it to silenced_at.
2018-07-22 16:08:36 -06:00
1d5096eb46
FIX: lazy load more reports in dashboard
2018-07-20 23:35:53 -04:00
1a78e12f4e
FEATURE: part 2 of dashboard improvements
...
- moderation tab
- sorting/pagination
- improved third party reports support
- trending charts
- better perf
- many fixes
- refactoring
- new reports
Co-Authored-By: Simon Cossar <scossar@users.noreply.github.com>
2018-07-19 14:33:11 -04:00
decf1f27cf
FEATURE: Groundwork for user-selectable theme components
...
* Phase 0 for user-selectable theme components
- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
ec3e6a81a4
FEATURE: Second factor backup
2018-06-28 10:12:32 +02:00
95d99de7b4
FIX: hides durability section in dashboard if backups are disabled
2018-06-20 22:26:37 +02:00
5f64fd0a21
DEV: remove exec_sql and replace with mini_sql
...
Introduce new patterns for direct sql that are safe and fast.
MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API
- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder
See more at: https://github.com/discourse/mini_sql
2018-06-19 16:13:36 +10:00
f2dbe66367
FEATURE: adds a /admin/reports route to list all reports
2018-06-18 12:31:56 +02:00
f9ab3848ed
FEATURE: support disabling emails for non-staff users
2018-06-07 18:31:08 +05:30
ad5082d969
Make rubocop happy again.
2018-06-07 13:28:18 +08:00
4195c7c9ea
FEATURE: Ability to clear a user's penalty history
...
You can do this manually if you want to allow them to reach TL3 without
their penalty history counting against them.
2018-05-25 12:54:22 -04:00
3edca8b104
Return a 403 instead of 200 when trying to delete a user with posts
...
See [this commit][1] for more info
[1]: bd352a17bf
2018-05-22 17:02:02 -06:00
9f422c93f6
FIX: restrict updates on `confirm_old_email` email templates
2018-05-19 12:19:59 +05:30
53f8f6095d
FEATURE: staff action logs when creating/updating/deleting badges
2018-05-17 18:09:27 +02:00
21e0b7c818
avoid async report pattern and replace with simpler hijack
2018-05-16 16:05:03 +10:00
193b6d5651
UX: improve new dashboard
...
- top referred topics
- limit search logs to 8 results
2018-05-15 15:08:36 +10:00
6332d5040d
UX: switch dashboard to be the new dashboard
...
Also:
- add pageviews
- add problems and version sections
2018-05-14 13:07:59 +10:00
bc9e0d46af
PERF: use cached reports for dashboard if available
2018-05-14 12:01:44 +10:00
8a783412b7
UX: improvements to new dashboard
...
- remove inactive user report and replace with posts
- clean up internals so grouping by week happens on client
- when switching periods old report was not destroyed leading to bugs
- calculate trend based on previous interval ... not previous 30 days
- show percentages for mau/dau
- be more careful about utc date usage
- show uniqu and click through rate on search panel
- publish key of report with report so we only load the correct one
- subscribe earlier in channel in case of concurrency issues
2018-05-11 13:30:32 +10:00
bd352a17bf
FIX: Show a json api response when deleting a user with posts
...
A 500 error was actually caused with no response when using the api, so
it wasn't very clear that you need to delete the posts first when using
the api.
2018-05-10 13:04:36 -06:00
bbc85258c9
Rename `display_plugins` -> `visible_plugins`.
2018-05-09 07:52:45 +08:00
c6f45fcfdb
Expose an API for plugins to be hidden on the admin plugin page.
2018-05-08 13:24:58 +08:00
3a6e137e70
FIX: add context for deactivated user logs
2018-05-08 08:18:04 +05:30
aa0d32231c
FIX: Incorrect query when removing a group owner.
...
https://meta.discourse.org/t/group-rename-and-group-owners-removal-problems/85596
2018-05-07 13:57:00 +08:00
a0447b47e0
UX: when deleting a user, show a modal indicating that the delete is happening. User hijack so requests don't time out.
2018-05-03 16:18:19 -04:00
980972182f
dashboard next: caching, mobile support and new charts
2018-05-03 15:41:41 +02:00
0e414d0890
dashboard next: trending search report
...
This commit also improves how data is loaded sync and async
2018-04-19 18:19:21 +02:00
01c061d20d
dashboard next: perf and UI tweaks
...
* cache CORE reports
* adds backups/uploads section
* few css tweaks
2018-04-18 21:30:41 +02:00
0e15a575f4
EXPERIMENTAL: new dashboard UI
...
This is the first iteration of an effort towards making a very good dashboard.
Until we feel confident this is good, this dashboard will only be accessible through /admin/dashboard_next
2018-04-16 10:42:06 +02:00
c82b2dcc24
Remove admin group management pages.
2018-04-09 15:14:50 +08:00
cd6a99a027
FEATURE: Send a different PM when a post has been hidden more than once
2018-04-05 14:03:21 +02:00
16341219ab
Log exception if remote theme importing failed
2018-04-02 20:10:18 +05:30
142571bba0
Remove use of `rescue nil`.
...
* `rescue nil` is a really bad pattern to use in our code base.
We should rescue errors that we expect the code to throw and
not rescue everything because we're unsure of what errors the
code would throw. This would reduce the amount of pain we face
when debugging why something isn't working as expexted. I've
been bitten countless of times by errors being swallowed as a
result during debugging sessions.
2018-04-02 13:52:51 +08:00
efb19dbdaf
Merge pull request #5705 from discourse/new_webhooks
...
FEATURE: Webhook for group and category events
2018-04-02 10:53:21 +05:30
22b631510c
FIX: Silenced user wasn't being linked properly
2018-03-29 17:07:09 -04:00
e7407d0adc
FEATURE: Webhook for group and category events
2018-03-27 11:53:35 +05:30
dcd1d422d1
UX: Allow admins to set users as owners while adding users.
...
https://meta.discourse.org/t/adding-owners-members-ux-is-inconsistent-and-misleading/58084/9
2018-03-26 17:33:50 +08:00
ba15273d3f
FEATURE: maintain preview theme, while previewing
...
This means you can browse around in preview mode without losing the theme.
At any point you can refresh page and maintain the preview theme.
2018-03-15 16:17:22 +11:00
d31dfe0e84
FIX: Silencing / Suspending a user should not send a hidden message
2018-03-14 14:39:52 -04:00
65ac80b014
FEATURE: Log Staff edits in Staff Action Logs
...
Why? Some edits by staff are not tracked. For example, during the grace
period, or via the flags/silence dialog.
If a staff member is editing someone else's post, it now goes into the
Staff Action Logs so it can be audited by other staff members.
2018-03-12 13:51:40 -04:00
758b9a7dda
FEATURE: prototype of local theme directory watcher
...
(note this will be documented a bit late)
2018-03-12 18:36:06 +11:00
7c0e6b820e
move key so it does not interfere with other errors
2018-03-09 16:42:11 +11:00
39e679d3cb
FEATURE: allow themes to live in private git repos
...
This feature allows themes sourced from git to live on private
servers, it automatically generates key pairs.
2018-03-09 16:14:38 +11:00
282f53f0cd
FEATURE: Theme settings (2) ( #5611 )
...
Allows theme authors to specify custom theme settings for the theme.
Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
a94dc0c731
Revert "FIX: preview theme not working consistently"
...
This reverts commit 845cec3ba0
2018-02-23 17:59:00 +11:00
845cec3ba0
FIX: preview theme not working consistently
...
Avoid flash, this makes debugging much simpler as well.
Additionally URL now clearly shows you are previewing a theme.
2018-02-23 15:25:35 +11:00
14f3594f9f
Review Changes for f4f8a293e7.
2018-02-21 14:55:49 +08:00
f4f8a293e7
FEATURE: Implement 2factor login TOTP
...
implemented review items.
Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator
add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests
add qunit tests - password reset, preferences
fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.
Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP
add two factor to email signin link
rate limit if second factor token present
add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
7348513848
FIX: Include post in staff action logs when silencing a user
2018-02-13 15:59:10 -05:00
8765279c90
FIX: Customizing site texts ignored current locale for _MF keys
2018-02-07 16:57:08 +01:00
8ff4104555
Many enhancements to the flagging / suspending interface.
2018-02-01 17:13:02 -05:00
9fa71e198e
FIX: admin reports charts should use same time of day as dashboard numbers
2018-02-01 15:59:39 -05:00
41986cdb2f
Refactor requires login logic, reduce duplicate code
...
This also corrects the positioning in the chain of the check
and removes misuse of prepend_before_action
2018-02-01 15:17:59 +11:00
f2e7b74d88
FIX: don't return 200s when login is required to paths
...
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
2018-02-01 12:26:45 +11:00
34ed6088b9
FEATURE: New modal to show flags received for a user
2018-01-17 15:08:08 -05:00
e04fb9a877
fix the build
2018-01-17 12:57:33 +05:30
79eb9d7086
FEATURE: show header search results on search log term details page
2018-01-17 12:47:16 +05:30
6177fb80eb
UX: switch to quartlerly period view for search log term graphs
2018-01-16 07:53:22 +05:30
dd33050e10
Add discourse events for when a user is suspended/silenced
2018-01-11 12:56:45 -05:00
e904d92b98
FIX: Suspension / Silence reasons were incorrect on save
2018-01-11 10:54:47 -05:00
b96ae14261
FEATURE: Display force_https warning in admin problems dashboard
2018-01-11 12:16:10 +05:30
ed4b845930
FIX: render error message when backup download fails
2018-01-05 19:46:43 +05:30
69a90f31fb
FEATURE: Allow Forums to disable the Backups feature
2017-12-21 15:22:04 -05:00
eab66065d1
FEATURE: search log term details page ( #5445 )
2017-12-20 13:41:31 +11:00
97ceebb570
SECURITY: Don't pass email backup token to sidekiq as a parameter.
...
* This exposes the token in the Sidekiq dashboard which can be
viewed by an admin and defeats the purpose of using a token
in the download backup email ink.
2017-12-18 11:25:22 +08:00
433ef4513b
FEATURE: upload images and fonts in themes via hijack
2017-12-18 10:40:10 +11:00
5e90abfaea
FIX: use hijack for emoji uploads
2017-12-18 10:31:19 +11:00
001abfc4cb
Revert "FIX: not permitted theme params when importing theme"
...
This reverts commit 813df1a3fb
2017-12-14 11:40:14 +01:00
041deac67a
Revert "FIX: constant lookup error when exporting theme"
...
This reverts commit 1eda8c50f0
2017-12-14 11:40:08 +01:00
813df1a3fb
FIX: not permitted theme params when importing theme
2017-12-14 11:25:58 +01:00
1eda8c50f0
FIX: constant lookup error when exporting theme
2017-12-14 11:25:11 +01:00
410994b7f5
FEATURE: Show a button to Staff for "Moderation History" on posts/topics
...
When clicked, it pops up a modal showing a history of moderation actions
taken on the post or topic.
2017-12-05 15:20:20 -05:00
e3925278e2
FEATURE: support search click through tracking for user, category and tags
...
https://meta.discourse.org/t/search-logs-page/73281/11?u=techapj
This commit adds following features:
- support for tracking click through to user, tag and category
- new filter for search type (header, full page)
This commit also removes "most viewed topic" field from search logs page because we are now tracking multiple click through entities, so topic is not a special entity anymore. This also improves query perf. The query now takes `20.5ms` to runs, as opposed to `655.9ms` previously.
2017-12-01 12:04:55 +05:30
77f90876d3
REFACTOR: Track manual locked user levels separately from groups
2017-11-27 11:23:44 -05:00
4addc5e329
Add missing contexts when destroying users
2017-11-22 15:43:54 +01:00
2d48caffdf
FIX: be more lenient when deleting a custom emoji
2017-11-20 23:50:23 +01:00
0a9daba627
FIX: Support for long suspension emails
2017-11-20 12:45:46 -05:00
3831663fea
FEATURE: search logs page ( #5313 )
2017-11-15 11:13:50 +11:00
971e302ff2
FEATURE: Support an end date for user silencing
2017-11-14 13:20:19 -05:00
47e4c9bb46
FIX: import/export theme should work with uploads
2017-11-14 16:30:23 +11:00
1f14350220
Rename "Blocked" to "Silenced"
2017-11-10 14:10:27 -05:00
5bb326a452
Add specs for EmailTemplatesController
2017-10-02 14:53:27 +02:00
6a7920ad75
FIX: wasn't able to change default theme
2017-09-27 20:05:31 +02:00
1a37812625
FIX: show error message when keys are missing in email template
...
FIX: log email template changes in the Staff Log
2017-09-27 13:50:04 +02:00
d1ebc62065
The ability to display errors on flagging actions.
2017-09-25 12:28:01 -04:00
09ed2ed749
Add Suspend User to flags page
2017-09-25 12:28:00 -04:00
6bce3004d9
UX: Nicer selection of suspend duration
2017-09-25 12:28:00 -04:00
677b016387
Send a suspension message via email to a user
2017-09-25 12:26:41 -04:00
2a56cf8bb6
Tests + Refactoring for Suspension Modal
2017-09-25 12:26:06 -04:00
d7c37d9369
Add front end service for staff controls
2017-09-25 12:25:14 -04:00
5cf50f0034
Adjust flagged posts to use the store
2017-09-25 12:25:14 -04:00
5e69217793
Add filtering support to flags
2017-09-25 12:25:14 -04:00
40eba8cd93
FEATURE: View flags grouped by topic
2017-09-25 12:25:14 -04:00
77d4c4d8dc
Fix all the errors to get our tests green on Rails 5.1.
2017-09-25 13:48:58 +08:00
6bc74ceb50
Split alias levels in mentionable and messageable levels. ( #5065 )
...
* Split alias levels in mentionable and messageable levels.
* Fixed some tests.
* Set messageable level to everyone by default.
* By defaults, groups are not mentionable or messageable.
* Made staff groups messageable by the system.
2017-08-28 12:32:08 -04:00
2f0c6c99e0
FIX: ip lookup not working
...
Also add a powered by line so it is clear this makes an external service call
2017-08-21 14:18:49 -04:00
b77aa29e71
Merge pull request #5013 from LeoMcA/alternate-emails-phase-1.5
...
FIX: add additional email to tests and clean up resulting mess
2017-08-16 16:19:28 +09:00
a9613163b5
FEATURE: Force user to enter reason when requesting for group membership.
2017-08-09 15:45:28 +09:00
3f24ed2b3e
Can't revert due to incompatibility of new site setting types.
...
Revert "Revert "FEATURE: Site settings defaults per locale""
This reverts commit 439fe8ba24
2017-08-07 10:43:09 +09:00
439fe8ba24
Revert "FEATURE: Site settings defaults per locale"
...
This reverts commit 468a8fcd20
2017-08-07 10:31:50 +09:00
3c0de22bf0
FIX: wasn't able to remove a user's primary group
2017-08-04 18:13:20 +02:00
468a8fcd20
FEATURE: Site settings defaults per locale
...
This change-set allows setting different defaults for different locales.
It also:
- Adds extensive testing around site setting validation
- raises deprecation error if site setting has the default property based on env
- relocated site settings for dev and tests in the initializer
- deprecated client_setting in the site setting's loading process
- ensure it raises when a enum site setting being set
- default_locale is promoted to `required` category.
- fixes incorrect default setting and validation
- fixes ensure type check for site settings
- creates a benchmark for site setting
- sets reasonable defaults for Chinese
2017-08-02 12:24:19 -04:00
33e22cf598
Add back `Admin::GroupsController#index` route for now.
...
* The endpoint is being used by discourse_api.
2017-08-03 00:24:23 +09:00
836dee1120
FIX: add additional email to tests and clean up resulting mess
2017-07-31 22:27:29 +00:00
0b01d0e95d
FIX: staff cannot manually activate accounts after 48 hours has elapsed
...
https://meta.discourse.org/t/staff-cannot-manually-activate-invited-accounts-after-48-hours-has-elapsed/66292/14?u=techapj
2017-07-31 22:24:09 +05:30
4620dfe92d
FEATURE: Add group settngs to allow users to leave a group freely.
...
https://meta.discourse.org/t/split-join-leave-freely-setting-on-groups/65565
2017-07-28 15:00:25 +09:00
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
2442bba131
UX: Better group creation workflow.
...
* Owners and users can now be added to a group during creation.
https://meta.discourse.org/t/you-cannot-allow-membership-requests-without-any-owners/64760/3
2017-07-27 16:12:42 +09:00
24cb950432
FEATURE: Watched Words: when posts contain words, do one of flag, require approval, censor, or block
2017-07-26 11:01:09 -04:00
b59dfb86f4
UX: Include group name in email when group is invited to a PM.
...
https://meta.discourse.org/t/xyz-invited-you-to-a-message-but-really-invited-a-group-im-in/65996
2017-07-26 15:51:44 +09:00
1b0750d7ef
Merge pull request #4983 from tgxworld/group_owners_can_invite_users_to_groups
...
Group owners can invite users to groups
2017-07-24 16:21:19 +09:00
407a23663d
FEATURE: send rejection email for unrecognized errors
2017-07-21 18:26:52 +01:00
2a17f1ccd7
FIX: Group owners should be able to invite users to their groups.
...
https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12
2017-07-21 23:48:25 +09:00
d0b027d88d
FEATURE: phase 1 of supporting multiple email addresses
2017-07-20 11:22:27 +09:00
340a3ee5cb
correct spec to handle not null visibility_level
2017-07-03 16:03:26 -04:00
845170bd6b
FEATURE: add support for group visibility level
...
There are 4 visibility levels
- public (default)
- members only
- staff
- owners
Note, admins and group owners ALWAYS have visibility to groups
Migration treated old "non public" as "members only"
2017-07-03 15:26:57 -04:00
b5ec241716
FIX: Validate interpolation keys used in translation overrides.
...
https://meta.discourse.org/t/discobot-translation-missing-error/64429/6?u=tgxworld
2017-06-16 08:54:48 +09:00
607998af33
FEATURE: dropdown to filter staff action logs
2017-05-30 11:25:42 -04:00
2a5a01af2e
improve error on theme upload, add gif to allowed uploads
2017-05-17 16:29:09 -04:00
a0f03936ff
FIX: saving invisible primary group field that you don't belong to
2017-05-17 12:46:50 -04:00
4bf8548dc5
Add embed class name setup for embeddable hosts
2017-05-11 15:16:16 -04:00
9641d2413d
REFACTOR: upload workflow creation into UploadCreator
...
- Automatically convert large-ish PNG/BMP to JPEG
- Updated fast_image to latest version
2017-05-11 00:16:57 +02:00
04b5516bf2
improve upload functionality
2017-05-10 15:47:11 -04:00
bc0b9af576
FEATURE: support uploads for themes
...
This allows themes to bundle various assets
2017-05-10 15:47:11 -04:00
c2829dce22
FIX: base sql vanishes after badge creation
2017-05-09 09:25:57 -04:00
e89d0a6b20
FIX: importing a theme via file was broken
2017-05-08 12:03:24 +05:30
3eb920e2b0
Merge pull request #4841 from fantasticfears/webhook-ping
...
add event name for ping webhooks in the header
2017-05-04 04:54:40 +08:00
946f25098f
Refactor theme fields so they support custom theme defined vars
...
This paves the way to allowing themes to specify uploads and so on.
2017-05-02 16:02:14 -04:00
9f8a917d65
add event name for ping webhooks in the header
2017-05-02 08:13:23 +02:00
e4b9f72f9e
FIX: Force the right encoding when handling email.
2017-04-27 16:51:54 +08:00
b755279cf0
remove unneeded code
2017-04-27 08:47:47 +05:30
e3f82140d8
more readable code for filtering username/email when bulk adding to group
2017-04-27 08:43:28 +05:30
b41d96fac1
FIX: properly initialize hashes
2017-04-27 02:56:14 +05:30
285c167fae
FEATURE: provide more details when performing a bulk add to group
2017-04-27 01:37:51 +05:30
423f2ab228
FIX: Processing incoming email should be done in a background job.
2017-04-24 13:57:28 +08:00
7a9eee1b71
FEATURE: default notification level for group messages
...
also fixes it so staff can amend other user's group notification level
2017-04-20 15:47:35 -04:00
86904e9cd6
FIX: better error handling for theme import
2017-04-17 16:55:53 -04:00
def7348777
FIX: display custom sections with default theme
...
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
3d76fb9c2c
FIX: Don't show category options for reports that can't be scoped to a category.
2017-04-13 17:10:55 +08:00
a3e8c3cd7b
FEATURE: Native theme support
...
This feature introduces the concept of themes. Themes are an evolution
of site customizations.
Themes introduce two very big conceptual changes:
- A theme may include other "child themes", children can include grand
children and so on.
- A theme may specify a color scheme
The change does away with the idea of "enabled" color schemes.
It also adds a bunch of big niceties like
- You can source a theme from a git repo
- History for themes is much improved
- You can only have a single enabled theme. Themes can be selected by
users, if you opt for it.
On a technical level this change comes with a whole bunch of goodies
- All CSS is now compiled using a custom pipeline that uses libsass
see /lib/stylesheet
- There is a single pipeline for css compilation (in the past we used
one for customizations and another one for the rest of the app
- The stylesheet pipeline is now divorced of sprockets, there is no
reliance on sprockets for CSS bundling
- CSS is generated with source maps everywhere (including themes) this
makes debugging much easier
- Our "live reloader" is smarter and avoid a flash of unstyled content
we run a file watcher in "puma" in dev so you no longer need to run
rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
0013a23dc1
SECURITY: prefer render plain/html to render text where possible
2017-04-10 08:01:42 -04:00
888d1512ec
Corrected indentation.
2017-04-06 01:49:34 -04:00
c51af13338
smtp_should_reject API: use better approach to find user email.
2017-04-05 23:10:36 -04:00
a51c191a66
Make Email::Receiver.check_address() into a class method.
2017-04-05 23:10:36 -04:00
e15d11df18
Added an API to ask if an incoming email should be dropped at the SMTP level.
...
This lets an SMTP server optionally decide if it should reject a mail without
passing it on to Discourse at all, possibly before even reading the
email's payload, to prevent spam-induced backscatter and save resources.
This just does the bare minimum sanity checking that could prevent obvious
backscatter. For legit errors from legit users, Discourse will still send a
much more pleasant reply email.
2017-04-05 23:10:36 -04:00
17f2974d0a
SECURITY: Confirm new administrator accounts via email
2017-04-04 15:59:01 -04:00
14410b71fb
Convert server side paths to use `/u/`
2017-03-30 10:23:24 -04:00
a818fa9831
FIX: Show stats of the last 30 days be default for admin reports.
...
* `1.month.ago + 1.month` uses the calendar month for calculations
such that `1.month.ago` from the 30th of March 2017 will give
us the 28th of February 2017. Adding one month ahead from
28th February 2017 will be 28th of March 2017.
2017-03-30 09:48:10 +08:00
1a7e954e09
FIX: Store custom emojis as uploads.
...
* Depending on a hardcoded directory was a flawed design
which made it impossible to debug when custom emojis go
missing.
2017-03-14 13:07:18 +08:00
00380d84c5
UX: display text & html parts alongside raw email in incoming email modal
2017-03-08 23:15:42 +01:00
c3477cd40d
Merge pull request #4716 from discourse/bounced_emails_details
...
FEATURE: Allow checking the raw response of a bounced email
2017-03-06 13:30:19 -03:00
aac4a4ed94
Handle invalid parameters and missing bounced emails
2017-03-02 20:37:28 -03:00
80858bae2c
FEATURE: further restrict downloading of backups
...
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
5296f00c28
FEATURE: Allow checking the raw response of a bounced email
2017-02-22 14:51:33 -03:00
f51e3b2131
FIX: should not be able to rename a system badge
2017-02-20 14:35:05 +01:00
cb99f59ec3
reset bounce score when email is successfully changed
2017-02-20 10:37:01 +01:00
ff49f72ad9
FEATURE: per client user tokens
...
Revamped system for managing authentication tokens.
- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes
New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.
Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
2dec731da3
SECURITY: correctly validate input when admin searches for screened ips
2017-02-06 16:11:16 -05:00
fbf9172db8
FIX: log backups download/destroy staff action
...
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
515f50e42e
FEATURE: Log admin action when readonly mode is changed.
2017-01-12 09:41:02 +08:00
cdd550e947
Use a different Redis key when PG failover sets site to readonly mode.
2017-01-11 16:38:49 +08:00
fc0a0a76a4
Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user
2017-01-10 17:25:36 -05:00
bec10ada2a
Remove unused email templates from controller
2017-01-05 15:31:14 +01:00
5098baee2f
FIX: Undefined variable.
2017-01-04 17:37:23 +08:00
7c7c233c1c
FIX: Can't update `Groups#allow_membership_requests` in admin.
2016-12-20 15:14:35 +08:00
43ee9f884e
FEATURE: Add `Group#full_name`.
2016-12-13 16:16:26 +08:00
da7009a968
FEATURE: Add request membership button for allowed groups.
2016-12-12 22:48:08 +08:00
05f55dbc10
FEATURE: Group logs.
2016-12-12 17:29:54 +08:00
790f1ef9f3
FIX: Permit missing params.
2016-12-12 17:00:30 +08:00
31acd311e5
FEATURE: Allow group owners to edit group name and avatar flair.
2016-12-05 14:27:46 +08:00
5794f1619d
PERF: Fix N+1 queries when loading groups.
2016-11-26 02:20:26 +08:00
712ff01f38
PERF: Remove eager load.
2016-11-25 11:21:08 +08:00
f885e5b5e6
fix success response handling of sending digest preview email
2016-11-24 15:05:33 -05:00
84914c5e1f
PERF: Fix N+1 query.
2016-11-24 17:47:14 +08:00
47aa3d94aa
FEATURE: send digest preview to an email address
2016-11-23 17:51:57 -05:00
81e2a0099f
FIX: ensure the group 'everyone' is never shown when using a different locale
2016-10-24 10:53:31 +02:00
9a94d1b212
FIX: everyone is not a visible group
2016-10-24 13:03:22 +11:00
547750e9dd
Unify API keys and web hooks into a single admin nav header.
2016-09-20 05:22:03 +08:00
00d5facf36
FEATURE: prompts new webhook events
2016-09-19 12:07:17 +08:00
2eddeab66b
Escape the hyphen
2016-09-16 19:07:46 -04:00
0d2d8797b6
FIX: Backup validation wasn't escaping hyphens
2016-09-16 15:20:42 -04:00
512922d776
SECURITY: Add filename validation for backup uploads.
2016-09-16 11:58:14 +08:00
19ddf95efa
FIX: add custom invite email templates
2016-09-08 00:54:48 +05:30
9ce61b4586
FEATURE: Webhooks.
2016-09-05 18:44:00 +08:00
2251104e32
FEATURE: avatar flair can be font awesome icons
2016-08-26 17:15:37 -04:00
c3a3aff120
FEATURE: Support for a whitelist for embeddable host paths
2016-08-23 14:56:12 -04:00
d079f69b7b
FEATURE: add flair to avatars using new settings in the groups admin UI
2016-08-17 15:13:15 -04:00
c6dbaca0dc
SECURITY: disable user entered badge SQL by default
...
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
7b6d946613
FIX: searching received emails for TO was broken
2016-07-13 22:43:25 +02:00
f256e3afb6
Merge pull request #4297 from tgxworld/handle_user_enabled_readonly_mode
...
Handle user enabled readonly mode
2016-07-05 19:54:32 +08:00
22ade1f811
FEATURE: Add event trigger when a user is logged out.
2016-07-04 17:20:30 +08:00
64858c10fe
FIX: Set a not expiring key for user enabled readonly mode.
2016-06-29 15:10:01 +08:00
ccf9b70671
When restoring a backup, disable emails.
...
This prevents accidental sending of emails after a restore before
the admin has had a chance to review everything.
2016-06-24 17:15:15 -04:00
2ecd0da59f
REFACTOR: use same code path for handling emails via API and POP
2016-06-22 15:50:49 +02:00
1e57bbf5c8
Lots bounce emails related fixes
...
- Show bounce score on user admin page
- Added reset bounce score button on user admin page
- Only whitelisted email types are sent to emails with high bounce score
- FIX: properly detect bounces even when there is no TO: header in the email
- Don't desactivate a user when reaching the bounce threshold
2016-05-06 19:34:33 +02:00
8e611ec7a1
FEATURE: handle bounced emails
2016-05-02 23:15:32 +02:00
74b3807f60
FEATURE: new bootstrap mode settings for brand new Discourse community ( #4193 )
...
* FEATURE: new bootstrap mode settings for brand new Discourse community
* new SiteSetting.set_and_log method
2016-04-26 13:08:19 -04:00
7d9f2265b9
FIX: improve support for handling emails coming from screened email addresses
2016-04-18 23:01:54 +02:00
983d64fd56
PERF: N+1 query on badges index.
2016-04-12 17:45:02 +08:00
cc25716e47
FIX: Allow message format translations to be overridden
2016-04-08 14:49:50 -04:00
cf8b3fbd56
FEATURE: add user custom fields to user card
...
The user's custom fields are now displayed on the user card. This has to be enabled for each custom field in the custom field settings. See https://meta.discourse.org/t/custom-user-fields-on-usercard/22662/
2016-04-08 14:35:41 +02:00
a130cb8305
FEATURE: move more urgent emails notifications to critical queue
...
Move signup, admin login and password change email notifications
to critical queue
2016-04-07 14:39:01 +10:00
79639e2dec
FIX: ensure group's users counters are kept in sync
2016-04-04 17:03:18 +02:00
9a5ded48cf
FIX: Return a proper error message when sync sso fails.
2016-03-26 13:30:15 +08:00
39863953cd
new 'enable_staged_users' site setting
2016-03-23 18:56:03 +01:00
5fcd5002c4
FIX: Saving a user field as `required` didn't work the first time
2016-03-09 15:34:48 -05:00
5771d2aee2
SECURITY: Support for confirm old as well as new email accounts
2016-03-08 14:52:22 -05:00
Guo Xiang Tan
Joffrey JAFFEUX
Maja Komel
David Taylor
Bianca Nenciu
Vinoth Kannan
Arpit Jalan
Kyle Zhao
Guo Xiang Tan
Bianca Nenciu
Gerhard Schlager
Robin Ward
Sam
Erin Kosewic
Osama Sayegh
Régis Hanol
Neil Lalonde
Blake Erickson
OsamaSayegh
Jeff Wong
Erick Guan
Leo McArdle
Pat David
Ryan C. Gordon
Rafael dos Santos Silva
Claas Augner
cpradio
Thorben Egberts