Sam
650ec9c73f
minor test the developer cache first before digging into email
2018-01-17 15:50:41 +11:00
Guo Xiang Tan
f2565f6c7e
SECURITY: Any group can be invited into a PM.
2017-12-14 14:57:48 +08:00
Robin Ward
1f14350220
Rename "Blocked" to "Silenced"
2017-11-10 14:10:27 -05:00
Neil Lalonde
4452d67a23
Revert "FIX: TL0 users' messages to moderators were not being posted when flagging private messages"
2017-10-23 18:17:53 -04:00
Guo Xiang Tan
79de10b212
FEATURE: Allow users to disable new PMs.
...
https://meta.discourse.org/t/is-it-possible-to-disable-private-messaging-for-a-specific-user/46391
2017-10-19 12:32:55 +08:00
Neil Lalonde
b124e5f19f
FIX: TL0 users' messages to moderators were not being posted when flagging private messages
2017-10-13 11:55:49 -04:00
Robin Ward
db929e58fc
FIX: Don't allow staff to approve users with unverified emails
2017-09-04 12:55:39 -04:00
Bianca Nenciu
bb3a5910d7
Support for sending PMs to email addresses ( #4988 )
...
* Added support for sending PMs to email addresses.
* Made changes after review.
* Added settings validator.
* Fixed tests.
2017-08-28 12:07:30 -04:00
Guo Xiang Tan
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
Guo Xiang Tan
2a17f1ccd7
FIX: Group owners should be able to invite users to their groups.
...
https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12
2017-07-21 23:48:25 +09:00
Robin Ward
f1a6449e4b
SECURITY: Remove disposable invite feature
2017-07-07 20:24:39 -04:00
Arpit Jalan
c243861b17
FIX: do not show "Send Activation Email" button if `must_approve_users` setting is enabled
...
https://meta.discourse.org/t/error-when-pressing-send-activitation-email-when-must-approve-users-setting-is-enabled/65408
2017-07-04 14:00:50 +05:30
Sam
845170bd6b
FEATURE: add support for group visibility level
...
There are 4 visibility levels
- public (default)
- members only
- staff
- owners
Note, admins and group owners ALWAYS have visibility to groups
Migration treated old "non public" as "members only"
2017-07-03 15:26:57 -04:00
Arpit Jalan
e7b9b1312e
FEATURE: remove all invites
...
https://meta.discourse.org/t/remove-all-invitations-button-for-the-admin-panel/65207
2017-06-29 22:30:10 +05:30
Robin Ward
908433a7a0
SECURITY: Validate the `entity` when downloading a CSV
2017-05-19 16:00:51 -04:00
Robin Ward
28f486cb7a
FIX: Regular users shouldn't be able to invite to PMs if disabled
2017-05-19 12:57:21 -04:00
Arpit Jalan
5d9d2cf287
FIX: do not explicitly show email of flagger / flagged user
2017-04-20 22:09:30 +05:30
David Taylor
96f2335c09
FIX: Corrects typo to avoid error 500 on theme change
2017-04-15 01:21:53 +01:00
Sam
def7348777
FIX: display custom sections with default theme
...
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
Arpit Jalan
213a496203
FIX: show all staff events related to the target user
2017-02-22 13:31:40 +05:30
Arpit Jalan
b32f33b3f0
FIX: allow staff members to send PMs when enable_private_messages is disabled
2017-02-22 11:32:09 +05:30
Arpit Jalan
046cbad10b
FEATURE: add a button on admin user page that links to action log
2017-02-21 21:38:37 +05:30
Arpit Jalan
dc2171960b
FIX: allow existing users to be invited to topic/message when must_approve_users is enabled
2017-02-03 13:01:23 +05:30
Guo Xiang Tan
c7b151683d
FIX: Do not allow admins to meddle with admin and moderation access of non real users.
2016-12-29 11:11:33 +08:00
Sam
ab68e0c9db
FEATURE: allow "developer" account flagging via developers table
...
This mechanism for flagging developer accounts will eventually replace
DISCOURSE_DEVELOPER_EMAILS
2016-07-28 10:14:06 +10:00
Sam
d61df21d69
FEATURE: allow people to send messages to themselves (for notes etc)
2016-07-04 11:36:43 +10:00
Régis Hanol
800081f606
FIX: staged users weren't able to reply in restricted categories
2016-06-26 19:25:45 +02:00
Guo Xiang Tan
dfdc54957c
FIX: A blocked user should not be able to moderate anything.
2016-06-20 15:51:26 +08:00
Arpit Jalan
b1a94049e0
FIX: only staff can access 'resend all invites' feature
2016-06-07 10:57:08 +05:30
Neil Lalonde
f3f6c2f98f
FEATURE: tag groups
2016-06-06 14:18:48 -04:00
Arpit Jalan
22d7ea1192
FIX: user can't export entity unless they are logged in
2016-05-05 19:12:37 +05:30
Neil Lalonde
e5918c7d00
FEATURE: Merge tagging plugin into core
2016-04-27 11:58:53 -04:00
Robin Ward
de82bd946d
FIX: Group members should be able to see their groups even if private
2016-04-26 14:17:53 -04:00
Régis Hanol
415efd0f5b
FIX: staged user doesn't get notified for replies in topics they created in secured categories
2016-02-24 11:30:17 +01:00
Neil Lalonde
685ba1eb7f
FEATURE: blocked users can send and reply to private messages from staff
2016-01-22 12:54:24 -05:00
Arpit Jalan
9f8d6b6088
FIX: allow exisiting users to be invited to topic/message when enable_local_logins is disabled
2015-10-30 11:28:05 +05:30
Sam
e29fe77b45
FEATURE: make trust level for message sending configurable
...
- add min_trust_to_send_messages site setting (default 1) to allow admins
to configure when messages can be sent between members
2015-10-12 11:15:48 +11:00
Arpit Jalan
4d593d1c18
FIX: staff should be immune to max_invites_per_day setting
2015-06-05 10:22:41 +05:30
Sam
dd91d5b02f
FEATURE: disable invites by setting max_invites_per_day to 0
2015-05-19 16:51:21 +10:00
Arpit Jalan
d491d4f997
FEATURE: invite existing users to private topic
2015-04-16 00:52:54 +05:30
Régis Hanol
23e8e1b6c1
Merge pull request #3303 from riking/patch-6
...
FIX: Don't fail topic auto-close if privledges are lost
2015-04-06 11:12:37 +02:00
Arpit Jalan
e8dd5592c6
FEATURE: support inviting existing users to topic and message when SSO is enabled
2015-04-05 14:31:35 +05:30
riking
03b971c3e3
FIX: Don't fail topic auto-close if privledges are lost
2015-03-27 15:31:04 -07:00
Sam
1601211617
Revert "FEATURE: allow end users to opt out of getting any private messages"
...
This reverts commit 229ecc4f8a
.
2015-03-23 17:21:58 +11:00
Sam
229ecc4f8a
FEATURE: allow end users to opt out of getting any private messages
2015-03-23 15:50:45 +11:00
Jason W. May
0f36774246
group manager can invite members into the group from any restricted topic
2015-03-03 12:18:42 -08:00
Jason W. May
a2b284a0a4
table & model changes for group managers with permission to edit membership
2015-01-15 11:44:42 -08:00
Arpit Jalan
78537aad39
FIX: rate limit user posts export
2014-12-31 00:54:23 +05:30
Arpit Jalan
bb152a5b3f
FEATURE: download user posts archive
2014-12-24 15:13:48 +05:30
Régis Hanol
b09ad87098
FIX: add 'show emails' button from moderators in user admin section
2014-11-03 12:46:08 +01:00
Régis Hanol
e7f251c105
LOTS of changes to properly handle post/topic revisions
...
FIX: history revision can now properly be hidden
FIX: PostRevision serializer is now entirely dynamic to properly handle
hidden revisions
FIX: default history modal to "side by side" view on mobile
FIX: properly hiden which revision has been hidden
UX: inline category/user/wiki/post_type changes with the revision
details
FEATURE: new '/posts/:post_id/revisions/latest' endpoint to retrieve
latest revision
UX: do not show the hide/show revision button on mobile (no room for
them)
UX: remove CSS transitions on the buttons in the history modal
FIX: PostRevisor now handles all the changes that might create new
revisions
FIX: PostRevision.ensure_consistency! was wrong due to off by 1
mistake...
refactored topic's callbacks for better readability
extracted 'PostRevisionGuardian'
2014-10-27 22:06:43 +01:00
Sam
59d04c0695
Internal renaming of elder,leader,regular,basic to numbers
...
Changed internals so trust levels are referred to with
TrustLevel[1], TrustLevel[2] etc.
This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
riking
ee812eb447
FIX: Do not perform grants if badges are disabled
2014-09-02 13:12:27 -07:00
Arpit Jalan
f571abfaaf
FEATURE: allow staff to send multiple invites to same email
2014-07-30 00:13:11 +05:30
Arpit Jalan
575b5e3d13
FEATURE: disposable invite tokens
2014-07-14 21:30:46 +05:30
Sam
d99a9b6735
FIX: invite security check broke PM viewing for all admins
2014-07-05 16:56:26 +10:00
Arpit Jalan
48f86181bf
REFACTOR: move all conditions to guardian
2014-07-04 23:04:19 +05:30
Neil Lalonde
4f523ae1b9
Don't allow invites if local logins are disabled, since it provides a way to bypass external auth
2014-06-18 16:46:20 -04:00
Arpit Jalan
727184641e
FEATURE: Bulk Invite
2014-06-09 01:43:39 +05:30
Régis Hanol
fca6738212
BUGFIX: could not see the revisions of a post in a deleted topic
2014-05-12 16:30:10 +02:00
Sam
084ec87850
FEATURE: admins can invite users to groups via the web UI
2014-05-09 18:22:36 +10:00
Sam
3f07c1d0a1
Backend support for group invites
2014-05-09 18:22:35 +10:00
Neil Lalonde
f44bd4ec28
Don't allow sending private messages to suspended users. Emails to suspended users should tell them how to respond, since they can't.
2014-05-06 15:01:27 -04:00
Neil Lalonde
1da59e7e2e
FIX: deactivated users shouldn't be able to log in
2014-04-28 13:46:28 -04:00
Neil Lalonde
7993c27ce5
Also allow system_user to send pm's even if enable_private_messages is disabled
2014-04-25 14:52:57 -04:00
Neil Lalonde
ee8bbadfe8
Allow contact user to send private messages even if enable_private_messages is false
2014-04-23 17:00:22 -04:00
Robin Ward
84da39f5dc
FIX: Admins should always be able to see groups so they can edit them.
2014-04-23 15:15:46 -04:00
Robin Ward
af877781b7
Allow admins to choose if groups are visible or not.
2014-04-22 16:43:46 -04:00
Sam
25860622b7
BUGFIX: if SSO is enabled invite system is disabled
2014-04-22 09:17:37 +10:00
Thomas Cioppettini
38882eb1a7
Remove threequals from ruby files
2014-03-26 12:20:41 -07:00
Robin Ward
539890afdf
Let's not show tons of extra information about invites unless you're the
...
person who invited them.
2014-03-21 14:16:11 -04:00
Neil Lalonde
2c725e2779
FEATURE: Trust level 4 abilities: pin/unpin, close, archive, make invisible, split/merge topic
2014-03-17 14:50:28 -04:00
Vikhyat Korrapati
9b26c8584e
Initial badge system implementation.
2014-03-14 21:49:26 +05:30
Régis Hanol
831ad524e6
added some comments
2014-02-13 13:31:13 -08:00
Neil Lalonde
8711762143
Users who have made no more than one post can delete their own accounts from their user preferences page.
2014-02-13 13:52:06 -05:00
Robin Ward
b61df08d1b
FEATURE: Admin selector to choose a primary group for a user, display it
...
and apply a CSS class to their posts.
2014-02-10 17:00:15 -05:00
Sam
d9c05fcfc8
SECURITY: dissalow mods from seeing PMs
2014-02-07 14:24:19 +11:00
Régis Hanol
4fb274fb9d
BUGFIX: history link doesn't work on deleted posts
2014-02-04 20:05:50 +01:00
Neil Lalonde
7c8ea8c166
Trust level 3 users can edit topic titles and change category
2014-01-16 11:59:26 -05:00
Patrick
ffb29dea77
Refactor guardian as dissused in this topic https://meta.discourse.org/t/so-you-want-to-help-out-with-discourse/3823/41?u=hunter
...
Creates a mixin for the ensure_* functions and creates seperate mixins for functions dealing with posts, categories, and topics.
2014-01-10 21:22:54 -06:00
Neil Lalonde
259295d865
Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year.
2014-01-09 11:55:04 -05:00
verg
8a830fb8e3
Prevent deleting 'uncategorized' category
2013-12-31 11:22:44 -06:00
Régis Hanol
06dd7ffe3c
better revision history
2013-12-12 03:41:34 +01:00
Robin Ward
309904ef8f
Revert "Merge pull request #1673 from aperrault/patch-04"
...
This reverts commit c9ea89bdd3
, reversing
changes made to 9ed49888fc
.
2013-11-19 14:08:45 -05:00
Autumn Perrault
d9c026bec5
Fixing neglect to determine whether a user has the permission to create a topic on a category (besides being able to create a post) in ListController, TopicList, and TopicListSerializer causing the "Create Topic" button to appear even if a user cannot actually create a topic in that category but can reply to a topic therein.
2013-11-19 05:09:58 -07:00
Neil Lalonde
0c6f794eb0
Used the term suspended instead of banned.
2013-11-07 13:53:49 -05:00
Robin Ward
de30af9302
Support for inviting to a forum from a user's invite page.
2013-11-06 12:56:50 -05:00
Neil Lalonde
4e46d91b8d
Refactor SpamRulesEnforcer so that each spam rule is in its own class
2013-10-25 13:25:02 -04:00
Sam
e18b93026a
defer view creation on so updates are not performed when people navigate to topics
2013-10-07 15:04:59 +11:00
Sam
5bf26ec34e
large refactor, ship a few columns from the user table into user_stats
2013-10-07 15:04:59 +11:00
Matthieu Guillemot
3ba1f20674
New site settings to enable/disable the possibility of editing user's nickname or email address
2013-09-14 21:34:21 +09:00
Sam
36f8c9c45b
improve logic and performance on front page to avoid massive query
2013-09-10 16:02:54 +10:00
Sam
41a1b6942d
notify moderators now goes to the "community" user, that saves our poor mods from a flood of pms
...
if any staff respond to a pm they are automatically added to the list of recipients and will start
getting email notifications
2013-09-06 14:07:23 +10:00
Sam
5b08f73561
give god rights of impersonation to developers, must be edited into the production.rb config file
2013-09-05 10:27:34 +10:00
Neil Lalonde
b47eedba00
Add min_trust_to_create_topic setting to require a certain trust level before users can start new topics
2013-09-03 19:12:22 -04:00
Neil Lalonde
663adde90e
Users can change their own username at any time if they have no posts
2013-08-23 11:23:00 -04:00
Giuseppe Capizzi
eaede108c7
Remove duplication from Guardian
2013-08-16 14:24:29 +02:00
Neil Lalonde
b8a1e21dbd
Delete all posts is allowed for the same amount of time as delete user
2013-08-13 11:11:05 -04:00
Neil Lalonde
b36c6d7b78
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:55:09 -04:00
Neil Lalonde
4fd5087f91
Add button to delete a spammer in the flag modal
...
Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI
Moderators can delete users too
2013-07-29 15:29:44 -04:00