Commit Graph

159 Commits

Author SHA1 Message Date
Neil Lalonde fd853e0776 FIX: error when sending a private message to a group in some cases 2016-03-23 16:20:31 -04:00
Arpit Jalan 3e32393ab6 FIX: do not allow normal users to wiki edit-expired posts 2016-03-15 15:05:57 +05:30
Régis Hanol 415efd0f5b FIX: staged user doesn't get notified for replies in topics they created in secured categories 2016-02-24 11:30:17 +01:00
Sam 3829c78526 PERF: shift most user options out of the user table
As it stands we load up user records quite frequently on the topic pages,
this in turn pulls all the columns for the users being selected, just to
discard them after they are loaded

New structure keeps all options in a discrete table, this is better organised
and allows us to easily add more column without worrying about bloating the
user table
2016-02-17 18:08:25 +11:00
Arpit Jalan 106e3c897f FIX: TL3 users should not be able to edit title of archived topics 2016-01-29 01:16:41 +05:30
Neil Lalonde 685ba1eb7f FEATURE: blocked users can send and reply to private messages from staff 2016-01-22 12:54:24 -05:00
Arpit Jalan 06bac23e5f FEATURE: allow users to wikify their own posts based on trust level 2016-01-12 08:44:25 +05:30
Andy Waite 3e50313fdc Prepare for separation of RSpec helper files
Since rspec-rails 3, the default installation creates two helper files:
* `spec_helper.rb`
* `rails_helper.rb`

`spec_helper.rb` is intended as a way of running specs that do not
require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's
current `spec_helper.rb` does).

For more information:

https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files

In this commit, I've simply replaced all instances of `spec_helper` with
`rails_helper`, and renamed the original `spec_helper.rb`.

This brings the Discourse project closer to the standard usage of RSpec
in a Rails app.

At present, every spec relies on loading Rails, but there are likely
many that don't need to. In a future pull request, I hope to introduce a
separate, minimal `spec_helper.rb` which can be used in tests which
don't rely on Rails.
2015-12-01 20:39:42 +00:00
Sam Saffron 6dd4bc7d57 FEATURE: support group owner, capable of controlling group membership
Group owners are regular users that can add or remove users to a group
The Admin UX allows admins to appoint group owners
The public group UX will display group owners first and unlock UI to
add and remove members

Group owners can only be appointed on non automatic groups
Group owners may not appoint another group owner
2015-11-10 00:56:57 +11:00
Arpit Jalan 9f8d6b6088 FIX: allow exisiting users to be invited to topic/message when enable_local_logins is disabled 2015-10-30 11:28:05 +05:30
Sam e29fe77b45 FEATURE: make trust level for message sending configurable
- add min_trust_to_send_messages site setting (default 1) to allow admins
 to configure when messages can be sent between members
2015-10-12 11:15:48 +11:00
Robin Ward 5af0f5f80e FEATURE: Whisper posts 2015-09-11 14:05:21 -04:00
Arpit Jalan 4d593d1c18 FIX: staff should be immune to max_invites_per_day setting 2015-06-05 10:22:41 +05:30
Sam dd91d5b02f FEATURE: disable invites by setting max_invites_per_day to 0 2015-05-19 16:51:21 +10:00
Robin Ward f9069c350f FIX: Permission issues when editing topics
If a user can't create a topic in a category, they should'be be
able to edit topics.
2015-04-30 17:08:12 -04:00
Arthur Neves b8cbe51026
Convert specs to RSpec 2.99.2 syntax with Transpec
This conversion is done by Transpec 3.1.0 with the following command:
    transpec

* 424 conversions
    from: obj.should
      to: expect(obj).to

* 325 conversions
    from: == expected
      to: eq(expected)

* 38 conversions
    from: obj.should_not
      to: expect(obj).not_to

* 15 conversions
    from: =~ /pattern/
      to: match(/pattern/)

* 9 conversions
    from: it { should ... }
      to: it { is_expected.to ... }

* 5 conversions
    from: lambda { }.should_not
      to: expect { }.not_to

* 4 conversions
    from: lambda { }.should
      to: expect { }.to

* 2 conversions
    from: -> { }.should
      to: expect { }.to

* 2 conversions
    from: -> { }.should_not
      to: expect { }.not_to

* 1 conversion
    from: === expected
      to: be === expected

* 1 conversion
    from: =~ [1, 2]
      to: match_array([1, 2])

For more details: https://github.com/yujinakayama/transpec#supported-conversions
2015-04-25 11:18:35 -04:00
Régis Hanol 3a40875e0b Merge pull request #3247 from jmay/group-manager-invites
group manager can issue invitations from restricted topics
2015-03-16 09:53:04 +01:00
Neil Lalonde 608647d02f FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-10 11:59:08 -04:00
Jason W. May 0f36774246 group manager can invite members into the group from any restricted topic 2015-03-03 12:18:42 -08:00
Régis Hanol 1a070b16e4 FIX: use the 'post edit time limit' for topics too 2015-02-25 20:53:21 +01:00
Régis Hanol 3cad4824d7 FEATURE: allow moderators to see flagged private messages 2015-02-16 13:03:04 +01:00
Robin Ward e207ca36ee Easier helper for filtering secured categories 2015-02-12 11:52:59 -05:00
Luciano Sousa 0fd98b56d8 few components with rspec3 syntax 2015-01-09 13:34:37 -03:00
Régis Hanol 6cec925f26 FIX: all PMs should be flaggable 2015-01-08 16:06:43 +01:00
Neil Lalonde 3cb25b019e FIX: when private messages are disabled in settings, flag modal shouldn't show private message options 2014-12-19 16:47:39 -05:00
Régis Hanol de76b512c1 fix most deprecations in the specs (still some left) 2014-09-25 17:44:48 +02:00
Robin Ward 309b67add4 FIX: If a post has been hidden due to flagging, don't use the absolute
edit window for edit prevention.
2014-09-16 11:21:14 -04:00
Sam 0f585bcdbe FIX: PM should never be allowed to have a category
FIX: TL3 should not be allowed to muck with PM titles
2014-09-11 17:39:34 +10:00
Sam e3f7d2a3ac remove elder terminology in specs 2014-09-05 16:55:48 +10:00
Sam 59d04c0695 Internal renaming of elder,leader,regular,basic to numbers
Changed internals so trust levels are referred to with

TrustLevel[1], TrustLevel[2] etc.

This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
Neil Lalonde 2f32af3941 FIX: staff should be able to edit topics that have been archived 2014-08-15 12:45:05 -04:00
Sam 347aa343b0 fix spec, I don't agree with allowing mods and staff to edit this 2014-08-15 12:56:03 +10:00
Neil Lalonde 5caf72510c Prevent deleting the static page doc topics 2014-08-13 17:03:45 -04:00
Régis Hanol 3ae1ebdfc3 FIX: use PostDestroyer when deleting/recovering a topic 2014-08-07 19:12:35 +02:00
Sam e7e70d14da Merge pull request #2591 from BenLubar/benlubar-edit-history-public
add profile option for edit history visibility
2014-07-30 14:09:10 +10:00
Neil Lalonde fc22127726 FIX: only admin can edit faq, tos, and privacy policy 2014-07-29 10:40:09 -04:00
Ben Lubar 93ea940a4d add spec for public edit history 2014-07-29 01:00:39 -05:00
Régis Hanol bddffa7f9a FEATURE: flag dispositions normalization
All flags should end up in one of the three dispositions
  - Agree
  - Disagree
  - Defer

In the administration area, the *active* flags section displays 4 buttons
  - Agree (hide post + send PM)
  - Disagree
  - Defer
  - Delete

Clicking "Delete" will open a modal that offer to
  - Delete Post & Defer Flags
  - Delete Post & Agree with Flags
  - Delete Spammer (if available)

When the flag has a list associated, the list will now display 1
response and 1 reply and a "show more..." link if there are more in the
conversation. Replying to the conversation will NOT give a disposition.
Moderators must click the buttons that does that.

If someone clicks one buttons, this will add a default moderator message
from that moderator saying what happened.

The *old* flags section now displays the proper dispositions and is
super duper fast (no more N+9999 queries).

FIX: the old list includes deleted topics
FIX: the lists now properly display the topic states (deleted, closed,
archived, hidden, PM)
FIX: flagging a topic that you've already flagged the first post
2014-07-28 19:28:07 +02:00
riking 19b757b058 FEATURE: Hide deleted posts by default for staff 2014-07-17 10:40:15 -07:00
Arpit Jalan 48f86181bf REFACTOR: move all conditions to guardian 2014-07-04 23:04:19 +05:30
Robin Ward a2fec165d5 Disable editing of hidden posts within a timeframe from when the post
was initially hidden.
2014-06-20 15:38:03 -04:00
Neil Lalonde 4f523ae1b9 Don't allow invites if local logins are disabled, since it provides a way to bypass external auth 2014-06-18 16:46:20 -04:00
Neil Lalonde faed17aa18 Moderators should always be able to create topics too 2014-06-09 15:28:03 -04:00
Neil Lalonde 4d50d0d109 FIX: admins should be able to create topics, even if min_trust_to_create_topic is higher than their trust level 2014-06-09 11:03:21 -04:00
Wojciech Zawistowski 960d64930c Wiki Post 2014-05-13 08:53:11 -04:00
Neil Lalonde e68e97d986 FIX: moderators can't see private topics that they aren't invited to see. 2014-05-12 15:26:46 -04:00
Neil Lalonde f44bd4ec28 Don't allow sending private messages to suspended users. Emails to suspended users should tell them how to respond, since they can't. 2014-05-06 15:01:27 -04:00
Neil Lalonde 7993c27ce5 Also allow system_user to send pm's even if enable_private_messages is disabled 2014-04-25 14:52:57 -04:00
Neil Lalonde ee8bbadfe8 Allow contact user to send private messages even if enable_private_messages is false 2014-04-23 17:00:22 -04:00
Robin Ward 84da39f5dc FIX: Admins should always be able to see groups so they can edit them. 2014-04-23 15:15:46 -04:00
Robin Ward af877781b7 Allow admins to choose if groups are visible or not. 2014-04-22 16:43:46 -04:00
Robin Ward 539890afdf Let's not show tons of extra information about invites unless you're the
person who invited them.
2014-03-21 14:16:11 -04:00
Neil Lalonde 2c725e2779 FEATURE: Trust level 4 abilities: pin/unpin, close, archive, make invisible, split/merge topic 2014-03-17 14:50:28 -04:00
Forest Carlisle e904b2faad Adding name to the list of uneditable items in preferences UI
* If enable_names,  enable_sso, and sso_overrides_name settings are true.
  * Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 13:26:40 -07:00
Régis Hanol fd1c824187 Revert "Merge pull request #2116 from LessonPlanet/disable-name-edit-for-sso"
This reverts commit 91aa21671a, reversing
changes made to f19596af0d.
2014-03-13 18:17:59 +01:00
Neil Lalonde 283dc7dd2d Trust level 4: add ability to edit any post and see edit history 2014-03-13 10:47:49 -04:00
Forest Carlisle e8c7c6fab7 Adding name to the list of uneditable items in preferences UI
* If enable_names,  enable_sso, and sso_overrides_name settings are true.
2014-03-12 17:09:53 -07:00
Neil Lalonde 2838e1c3b5 FIX: don't show option to flag with notify_user to trust level 0 users. they can't send private messages. 2014-03-10 11:48:40 -04:00
Douglas Browne a1e70ac57e Added spec for SSO override username/email changes 2014-03-09 21:38:36 -04:00
Neil Lalonde b696c96a19 Look at the age of a user's first post to determine if the user can be nuked, instead of looking at when the user registered. 2014-02-20 12:29:40 -05:00
Neil Lalonde 8711762143 Users who have made no more than one post can delete their own accounts from their user preferences page. 2014-02-13 13:52:06 -05:00
Sam 81a4b4d97e Merge pull request #1939 from lukemelia/patch-1
Fixed typo in test name
2014-02-13 17:15:49 +11:00
Robin Ward f73a3f252a FIX: Don't allow parent categories to be deleted. Also, remove
duplicated logic and rely on the server response for `can_delete`
status.
2014-02-12 17:24:25 -05:00
Luke Melia e4ff06baad Fixed typo in test name 2014-02-12 15:24:44 -05:00
Sam 93434be16d SECURITY: reduce moderator rights
You can now hide particular categories from certain moderators
2014-02-07 14:11:52 +11:00
Robin Ward 8c29ed870e Non-staff users may not delete their posts in archived topics. 2014-01-17 17:42:12 -05:00
Neil Lalonde 7c8ea8c166 Trust level 3 users can edit topic titles and change category 2014-01-16 11:59:26 -05:00
Neil Lalonde 259295d865 Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year. 2014-01-09 11:55:04 -05:00
verg 8a830fb8e3 Prevent deleting 'uncategorized' category 2013-12-31 11:22:44 -06:00
Jithu Gopal 9584ecb295 fixing gender sensitive pronouns 2013-12-03 10:19:54 +05:30
Neil Lalonde 0c6f794eb0 Used the term suspended instead of banned. 2013-11-07 13:53:49 -05:00
Robin Ward de30af9302 Support for inviting to a forum from a user's invite page. 2013-11-06 12:56:50 -05:00
Sam 666264879c change it so all topics MUST include a category, we store a special uncategorized category to compensate
this cleans up a bunch of internals and removes some settings
2013-10-24 12:08:02 +11:00
Matthieu Guillemot 3ba1f20674 New site settings to enable/disable the possibility of editing user's nickname or email address 2013-09-14 21:34:21 +09:00
Sam 5b08f73561 give god rights of impersonation to developers, must be edited into the production.rb config file 2013-09-05 10:27:34 +10:00
Neil Lalonde b47eedba00 Add min_trust_to_create_topic setting to require a certain trust level before users can start new topics 2013-09-03 19:12:22 -04:00
Neil Lalonde 663adde90e Users can change their own username at any time if they have no posts 2013-08-23 11:23:00 -04:00
Régis Hanol c867b67a0b custom avatar support 2013-08-13 22:08:29 +02:00
Neil Lalonde b8a1e21dbd Delete all posts is allowed for the same amount of time as delete user 2013-08-13 11:11:05 -04:00
Neil Lalonde b36c6d7b78 Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days. 2013-08-12 14:55:09 -04:00
Neil Lalonde 4fd5087f91 Add button to delete a spammer in the flag modal
Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI
Moderators can delete users too
2013-07-29 15:29:44 -04:00
Neil Lalonde e25638dab0 add a way to delete posts and topics when deleting a user with UserDestroyer 2013-07-29 15:29:43 -04:00
Sam 7b1f9928e4 staff can change trust levels 2013-07-23 09:13:48 +10:00
Sam 1f3c5cb656 allow end user to recover a post they delete
automatically delete stubs after 1 day
2013-07-22 17:48:47 +10:00
Sam 352ac9e60c Finalize read only and post only categories, finished off UI work 2013-07-16 15:46:11 +10:00
Sam ecf17cfebb work in progress, add fidelity to category group permissions (full, create posts, readonly) 2013-07-16 15:46:11 +10:00
Robin Ward 6ca5df0a09 Can recover deleted topics. Deleted topics show the first post as deleted in the UI. 2013-07-12 12:09:17 -04:00
Robin Ward 19c169540c Staff can enter and view deleted topics 2013-07-11 16:39:35 -04:00
Neil Lalonde 7977deb3bf Don't allow editing of title and category of an archived topic 2013-07-09 16:54:46 -04:00
Robin Ward b7327942af Add `deleted_by` to `Trashable` tables 2013-07-09 15:46:36 -04:00
Neil Lalonde b2d300fe0b Add ability to give users a title. Show them under usernames beside posts. Needs love from a designer. 2013-06-25 18:39:20 -04:00
Sam e53aa45f54 I think this is more correct, admins/mods should always be able to invite 2013-06-21 16:35:27 +10:00
Neil Lalonde c4904aacc0 Automatically flag someone as a spammer if their posts get at least X spam flags from N users while their trust level is 'new user'. Staff can clear and set this status from the user record in admin. 2013-06-03 16:37:40 -04:00
Matt Van Horn 872995db57 refactor guardian class for clarity & correctness
introduce NullUser to avoid type-checking
DRY up code
reduce number of multiple returns
remove some redundant/impossible logic branches
add pending test for possible bug
add test & fix for ability to flag archived posts
add #secure_category? method to topic class
Fix bug that prevented flagging of archived topics
Rename NullUser to AnonymousUser
DRY up can_<action>? methods
Fix some ownership logic, and a test, for Guardian
2013-05-22 01:09:34 -07:00
Sam b5eff93a9d update message bus to support per client filtering
start work on user_tracking_state
fix can_ban? in guardian
expose protected scopes on topic_query we need
move guardian spec to use build as opposed to creating topics / posts / users
start work on user tracking spec
2013-05-21 16:39:51 +10:00
Sam 4f328e3e45 +x on files makes no sense unless they really are executable
rails in the script dir makes no sense, use binstubs or bundler instead
2013-05-09 17:35:15 +10:00
Sam e9fc272db7 remove acts_as_paranoid, use .trash! , .recover! and .with_deleted as needed
makes upgrading to rails 4 possible
2013-05-07 14:39:01 +10:00
Sam 65cd00cf25 moderators now have teeth, more at http://meta.discourse.org/t/moderator-permission-set/6307/5
allow pms to be targetted at groups
2013-05-02 15:15:53 +10:00
Sam 5cfcdc7ef0 backend for secure categories mostly done (todo pm groups) 2013-04-29 16:33:43 +10:00
Neil Lalonde 651cfba93f Add ability to destroy a user with 0 posts 2013-04-12 16:53:00 -04:00