Commit Graph

50 Commits

Author SHA1 Message Date
Ted Johansson 928a6cd143
FIX: Delete fast typer reviewable when deleting user (#23162)
In most cases, deleting a user from outside the review UI will also delete any pending reviewables for that user. This was not working in some cases, e.g. for reviewables created due to "fast typer" violations.

This was happening because UserDestroyer only automatically resolves flagged posts.

After this change, in addition to existing checks, look for ReviewablePost where the post was created by the user and reject them if present.
2023-08-21 18:03:03 +08:00
David Taylor 5a003715d3
DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
David Taylor 45435cbbd5
PERF: Use user-specific channel for message-bus logout (#19719)
Using a shared channel means that every user receives an update to the 'last_id' when *any* other user is logged out. If many users are being programmatically logged out at the same time, this can cause a very large number of message-bus polls.

This commit switches to use a user-specific channel, which means that each user has its own 'last id' which will only increment when they are logged out
2023-01-04 19:55:52 +00:00
Roman Rizzi 07a9163ea8
FEATURE: Deleting a user with their posts also deletes chat messages. (#19194)
This commit introduce a new API for registering callbacks, which we'll execute when a user gets destroyed, and the `delete_posts` opt is true. The chat plugin registers one callback and queues a job to destroy every message from that user in batches.
2022-11-28 13:32:57 -03:00
David Taylor 67b23c0e22
PERF: Update all user_histories with one query in UserDestroyer (#16717)
7a284164 previously switched the UserDestroyer to use find_each when iterating over UserHistory records. Unfortunately, since this logic is wrapped in a transaction, this didn't actually solve the memory usage problem. ActiveRecord maintains references to all modified models within a transaction.

This commit updates the logic to use a single SQL query, rather than updating models one-by-one
2022-05-11 13:39:31 +01:00
Alan Guo Xiang Tan 6fc52d95de DEV: Remove scoped order warning in PostDestroyer.
`Scoped order is ignored, it's forced to be batch order.`

`find_each` ignores the `order` scope and triggers a warning in
production which is noisy.

Follow-up to 7a284164ce
2022-04-13 09:34:36 +08:00
David Taylor 7a284164ce
PERF: Update UserDestroyer to fetch histories and actions in batch (#16316)
This is much more memory-efficient when there are 1000s of rows
2022-03-29 16:56:55 +01:00
Vinoth Kannan 0c777825b3
FIX: perform `agree_and_keep` action only if possible. (#13967)
While deleting spammers from flag modal it's trying to perform `agree_and_keep` action where it's not possible (or already performed).
2021-09-06 11:41:44 +05:30
Roman Rizzi 4dc8c3c409
FEATURE: Blocking is optional when deleting a user from the review queue. (#13375)
Subclasses must call #delete_user_actions inside build_actions to support user deletion. The method adds a delete user bundle, which has a delete and a delete + block option. Every subclass is responsible for implementing these actions.
2021-06-15 12:35:45 -03:00
Vinoth Kannan cd6ab7bdd7
UX: improve user delete error message & return correct post count. (#13282)
Post count was incorrect on admin page causing confusion when admins attempted to delete users.
2021-06-11 15:07:34 +10:00
Hariraj Venkatesan b81c740fc7
FIX: remove invite based associated object (#12927) 2021-05-03 12:49:53 -04:00
Arpit Jalan 73fa4263fb
FIX: log warning when context is missing when a user is destroyed (#12182) 2021-02-23 16:47:54 +05:30
Roman Rizzi e040de0c2c
DEV: New option to always destroy posts. (#11898) 2021-02-01 16:57:31 -05:00
Krzysztof Kotlarek 32ff52dd42
FIX: when the user is deleted anonymise category post (#11551)
Fix for a bug when deleting a user who was an admin and created a category.

The first post with instruction about category should not be deleted but rather anonymise.

The bug was mentioned here: https://meta.discourse.org/t/cant-undelete-category-description-posts-created-by-deleted-user/173696/10
2020-12-23 14:19:30 +11:00
Krzysztof Kotlarek e0d9232259
FIX: use allowlist and blocklist terminology (#10209)
This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 10:23:54 +10:00
Martin Brennan 793f39139a
FEATURE: Send notifications for time-based and At Desktop bookmark reminders (#9071)
* This PR implements the scheduling and notification system for bookmark reminders. Every 5 minutes a schedule runs to check any reminders that need to be sent before now, limited to **300** reminders at a time. Any leftover reminders will be sent in the next run. This is to avoid having to deal with fickle sidekiq and reminders in the far-flung future, which would necessitate having a background job anyway to clean up any missing `enqueue_at` reminders.

* If a reminder is sent its `reminder_at` time is cleared and the `reminder_last_sent_at` time is filled in. Notifications are only user-level notifications for now.

* All JavaScript and frontend code related to displaying the bookmark reminder notification is contained here. The reminder functionality is now re-enabled in the bookmark modal as well.

* This PR also implements the "Remind me next time I am at my desktop" bookmark reminder functionality. When the user is on a mobile device they are able to select this option. When they choose this option we set a key in Redis saying they have a pending at desktop reminder. The next time they change devices we check if the new device is desktop, and if it is we send reminders using a DistributedMutex. There is also a job to ensure consistency of these reminders in Redis (in case Redis drops the ball) and the at desktop reminders expire after 20 days.

* Also in this PR is a fix to delete all Bookmarks for a user via `UserDestroyer`
2020-03-12 10:16:00 +10:00
Joffrey JAFFEUX baba1cc02e
FIX: ensures destroying a user with security keys doesn't fail (#9042) 2020-02-25 14:07:57 -05:00
Krzysztof Kotlarek 427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Roman Rizzi 7a70fce584
FIX: :reject_user_delete action can only be handled by ReviewableUser (#8068) 2019-09-04 14:12:48 -03:00
Dan Ungureanu 34a76bf106 FIX: Do not set destination_url cookie after deleting own account. (#8028)
destination_url cookie is used to redirect the user to the a private
page after they have logged in. After deleting own account, a user's
pages would be refreshed which would set the destination_url, cookie
that can cause a redirect to an invalid page after logging in again.

Reproduction steps:

1. User is at `/u/:username/preferences/account` and deletes account by
requesting DELETE `/u/:username.json`.

2. User is being destroyed and a MessageBus message (`file-change`,
`['refresh']`) is published.

3. User receives response to DELETE request, but page may be or not
refreshed. Anyway, since they can no longer see the preferences page,
they are redirected to `/login` and `destination_url` cookie is set,
that will redirect on next login (but to the previous preferences page).
2019-08-22 17:42:45 +02:00
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Robin Ward 14f9d40e48 FEATURE: Clarify Reviewable User Actions
"Approve" is now "Approve User" and "Delete" is a dropdown with a choice
that allows you to block.
2019-04-17 11:44:17 -04:00
Robin Ward 5d99346740 FIX: Always allow us to reject users, even if they are deleted 2019-04-10 11:00:39 -04:00
Robin Ward a4ff593506 UX: Slightly improved reviewable user display, plus link to admin if possible 2019-04-03 17:07:48 -04:00
Robin Ward 111a502231 FIX: Deleting Users should work nicely with Reviewable Users
"Rejecting" a user in the queue is equivalent to deleting them, which
would then making it impossible to review rejected users. Now we store
information about the user in the payload so if they are deleted things
still display in the Rejected view.

Secondly, if a user is destroyed outside of the review queue, it will
now automatically "Reject" that queue item.
2019-04-03 16:42:39 -04:00
Robin Ward b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Maja Komel 45f66826ee PERF: delete potentially large associated tables before user_destroyer.destroy transaction 2019-01-18 16:10:03 +01:00
Sam 6079a3e4d0 FEATURE: allow calling user destroyer without a transaction
This additional option allows us to destroy a user in "pieces" in cases
where database is very big and stuff tends to time out
2019-01-17 07:56:17 +11:00
Neil Lalonde dc1e7bb645 UX: when admin is deleted, make it clear in staff action logs when records belong to a deleted user and show their username in the details 2018-10-02 13:46:54 -04:00
Arpit Jalan f1d1207725 FIX: improve context when user deletes self 2018-06-18 11:36:22 +05:30
Gerhard Schlager c0bb97b5cb FIX: delete staged users when the incoming email is rejected 2017-10-11 16:17:01 +02:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Régis Hanol d67fe4c674 FIX: block all emails associated to a user when destroying their record 2017-07-25 17:44:46 +02:00
Neil Lalonde 9ae8813a53 FIX: admin user page should show count of all posts, including private messages, so admins can delete them. This bug was making it impossible to delete users. 2017-03-17 17:01:45 -04:00
Guo Xiang Tan d10fe51b72 Fix broken specs since all urls will be oneboxed. 2017-01-06 10:05:51 +08:00
Sam 94f05a40de FIX: when destroying users we were leaving drafts behind 2015-08-24 16:05:08 +10:00
Sam 803feefd54 MessageBus handles readonly redis now, no need to wrap it 2015-05-04 12:21:00 +10:00
Robin Ward 151b559e4c FIX: If you delete a user, delete their queued posts as well. 2015-04-24 16:04:44 -04:00
Robin Ward 5b3f99aa50 Don't blow up if Redis switches to READONLY 2015-04-24 14:37:16 -04:00
Régis Hanol a737090442 - FEATURE: revamped poll plugin
- add User.staff scope
- inject MessageBus into Ember views (so it can be used by the poll plugin)
- REFACTOR: use more accurate is_first_post? method instead of post_number == 1
- FEATURE: add support for JSON-typed custom fields
- FEATURE: allow plugins to add validation
- FEATURE: add post_custom_fields to PostSerializer
- FEATURE: allow plugins to whitelist post_custom_fields
- FIX: don't bump when post did not save successfully
- FEATURE: polls are supported in any post
- FEATURE: allow for multiple polls in the same post
- FEATURE: multiple choice polls
- FEATURE: rating polls
- FEATURE: new dialect allowing users to preview polls in the composer
2015-04-23 19:33:29 +02:00
Régis Hanol 0398ab7514 FIX: when adding an IP to the spammer list, check the broader ban list
first

FEATURE: allow admins to search users using IP ranges
2014-11-21 18:16:06 +01:00
Régis Hanol 10094a0bcd FIX: resolve flags as good when deleting a spam user 2014-10-20 16:59:06 +02:00
Neil Lalonde d273374f1a FIX: before nuking a user, do a real count of posts instead of relying on user_stat record 2014-08-18 12:07:29 -04:00
Neil Lalonde 939e8505a9 Remove hub username integration 2014-07-16 12:25:24 -04:00
Louis Rose 1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Neil Lalonde f61f29439e Track the ip address where user was registered 2014-04-29 14:37:56 -04:00
Neil Lalonde 379f4a87d5 FIX: remove likes and other post actions before nuking a user 2014-03-31 14:06:35 -04:00
Neil Lalonde 9ca516e58d Rename nickname to username in the code. Use new hub routes. (Old routes still exist as aliases for old Discourse instances.) 2014-03-12 12:39:36 -04:00
Neil Lalonde 42fb9d4fb1 Avoid calling can_delete_account twice 2014-02-14 13:06:39 -05:00
Neil Lalonde 8711762143 Users who have made no more than one post can delete their own accounts from their user preferences page. 2014-02-13 13:52:06 -05:00