Commit Graph

323 Commits

Author SHA1 Message Date
Neil Lalonde 9ae8813a53 FIX: admin user page should show count of all posts, including private messages, so admins can delete them. This bug was making it impossible to delete users. 2017-03-17 17:01:45 -04:00
Guo Xiang Tan bf78c228f4 FIX: User created web hook being enqueued before record has been saved.
* Improve web hook tests as well.
2017-03-16 14:44:09 +08:00
Sam 16593ae8bf FEATURE: log reason staff auto blocks a user 2017-03-10 15:45:48 -05:00
Arpit Jalan d5bcc70e9c FIX: grant trust level when bulk adding users to group 2017-03-06 14:39:53 +05:30
Neil Lalonde 262016604d FEATURE: each category can control how many topics to show on categories page 2017-03-01 15:12:57 -05:00
Arpit Jalan e27b1b98d1 FIX: handle new user when logging name change 2017-03-01 13:43:57 +05:30
Guo Xiang Tan 76dd6933d2 Revert "Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."""
This reverts commit e6d75f6844.

This is why we should not be pushing directly to master.
2017-03-01 10:16:59 +08:00
Guo Xiang Tan e6d75f6844 Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email.""
This reverts commit 0e3def7d2b.
2017-02-28 11:27:14 +08:00
Arpit Jalan 6661cebff8 FIX: do not log duplicate username changes 2017-02-28 01:32:00 +05:30
Arpit Jalan b32d3d66e5 FEATURE: log all username and name changes 2017-02-28 00:23:27 +05:30
Robin Ward 0e3def7d2b Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."
This reverts commit 1060239e2d.
2017-02-27 13:19:26 -05:00
Guo Xiang Tan 1060239e2d SECURITY: Ensure oAuth authenticated email is the same as created user's email. 2017-02-24 13:13:10 +08:00
Guo Xiang Tan 0847b4258a Revert "SECURITY: Ensure that user has been authenticated."
This reverts commit fbe51d68a7.

Changing the commit message to correctly reflect what we're actually
fixing.
2017-02-24 13:12:29 +08:00
Guo Xiang Tan fbe51d68a7 SECURITY: Ensure that user has been authenticated. 2017-02-24 10:47:48 +08:00
Robin Ward 496682c442 Merge pull request #4662 from tgxworld/fix_localized_group_name_change
Fix localized group name change
2017-01-26 10:50:00 -05:00
Neil Lalonde 6b93b09404 FIX: when blocking a user results in hiding their posts, only hide posts made in the last 24 hours 2017-01-19 15:56:22 -05:00
Guo Xiang Tan 706b4f6b9f FEATURE: Remap group mentions when group name has been changed. 2017-01-18 13:39:34 +08:00
Régis Hanol fbf9172db8 FIX: log backups download/destroy staff action
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
Guo Xiang Tan 515f50e42e FEATURE: Log admin action when readonly mode is changed. 2017-01-12 09:41:02 +08:00
Robin Ward 6c3426d266 Let's not notify for trust levels on Staff, either 2017-01-11 11:25:04 -05:00
Neil Lalonde 98bd58df61 Don't show email of deleted users in staff action logs 2017-01-10 17:25:36 -05:00
Neil Lalonde fc0a0a76a4 Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user 2017-01-10 17:25:36 -05:00
Robin Ward 7341b0d03c Don't give notifications to admins for trust level notifications 2017-01-10 12:18:48 -05:00
Guo Xiang Tan d10fe51b72 Fix broken specs since all urls will be oneboxed. 2017-01-06 10:05:51 +08:00
Régis Hanol cbcb9363f4 fix the build 2017-01-04 14:23:21 +01:00
Sam c531f4ded5 remove rails-observers
Rails yanked out observers many many years ago, instead the functionality
was yanked out to a gem that is very lightly maintained.

For example: if we want to upgrade to rails 5 there is no published gem

Internally the usage of observers had quite a few problem.

The series of refactors renamed a bunch of classes to give us more clarity
and removed some magic.
2016-12-22 16:46:53 +11:00
Sam 019f1a1d06 UserEmailObserver is now removed
no big surprises here was pretty straightforward

after_commit semantics sure are weird though
2016-12-22 16:46:53 +11:00
Sam 2f6a4cc6de remove UserActionObserver, replace with after_save and service
interestingly there was some left over dead code from when stars
existed in the topic_users table
2016-12-22 16:46:53 +11:00
Sam 0a78ae739d Remove SearchObserver, aim is to remove all observers
rails-observers gem is mostly unmaintained and is a pain to carry forward
new implementation contains significantly less magic as a bonus
2016-12-22 13:13:14 +11:00
Guo Xiang Tan 69330f8bc2 Add user_updated event to webhooks. 2016-12-13 11:26:26 +08:00
Guo Xiang Tan 05f55dbc10 FEATURE: Group logs. 2016-12-12 17:29:54 +08:00
Régis Hanol 6edd3c347c FIX: automatically disable digests when enabling mailing list mode 2016-11-28 15:52:35 +01:00
Guo Xiang Tan f824afb4d3 FEATURE: Allow date_of_field column to be updated. 2016-11-17 15:16:58 +08:00
Guo Xiang Tan 95c6e97587 Ensure we don't run `$redis.keys` in production. 2016-11-15 23:23:41 +08:00
Sam aaf947356b correct regression where notifications scope is not pushing to push server 2016-10-14 22:52:39 +11:00
Sam f4f5524190 FEATURE: user API now contains scopes so permission is granular
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
Sam 3ad8616f44 Merge pull request #4476 from xfalcox/localize-badge-notifications
FIX: Properly localize badge notification on batch grant
2016-10-12 15:16:35 +11:00
Rafael dos Santos Silva c5b94878ac We need this variable later 2016-10-11 19:14:32 -03:00
Sam 89daa43754 FEATURE: remap emojis back for push notifications and desktop alerts 2016-10-11 13:03:48 +11:00
cpradio 6f1c31d777 Add notification level user preference when replying to a topic 2016-09-30 14:58:07 -04:00
Rafael dos Santos Silva 9a502c73c9 FIX: Properly localize badge notification on batch grant 2016-09-29 18:55:41 -03:00
Robin Ward 29cf47cfb2 Track steps the user has completed, nag them to finish it. 2016-09-22 09:52:19 -04:00
Robin Ward c94e6f1b96 Add locale step 2016-09-22 09:52:19 -04:00
Neil Lalonde 06eb256d0a FIX: blocking users should never hide all posts if they are trust level 1 or higher 2016-09-12 11:58:10 -04:00
Robin Ward 9609a47016 Ability to skip email validation via a plugin 2016-09-07 14:05:46 -04:00
Sam 4fe52c8cbe FEATURE: backend support for pushing notifications to clients 2016-08-26 12:47:10 +10:00
Robin Ward 4061725a95 FIX: Don't ever grant badges when they're disabled 2016-08-19 15:16:37 -04:00
Arpit Jalan a590f35982 FEATURE: allow changing post owners without creating post revision 2016-08-19 23:34:21 +05:30
Régis Hanol e55e2aff94 FIX: FirstReplyByEmail badge wasn't granted
DEPRECATED: PostProcess badge trigger
2016-08-10 19:24:01 +02:00
Robin Ward 3d62e5dd98 SECURITY: XSS issue on Admin users list 2016-08-05 12:01:16 -04:00