Commit Graph

2077 Commits

Author SHA1 Message Date
Robin Ward 0f7aaf5ab1 Revert "FIX: paginated category and topic pages should not have canonical tag"
This reverts commit ecd93f7efb.
2015-09-29 17:22:28 -04:00
Arpit Jalan ecd93f7efb FIX: paginated category and topic pages should not have canonical tag 2015-09-29 17:23:49 +05:30
Arpit Jalan 193f04842e FIX: permalinks should work for Discourse categories 2015-09-27 12:14:04 +05:30
Sam 8da8999aa1 Revert "FIX: properly filter badges when they're on a whisper"
This reverts commit 6b07575632.
2015-09-25 10:20:47 +10:00
Sam 2422289c8b FIX: whispers should not be revealed in reply to, or reply expansion
FEATURE: mark whisper as experimental
FIX: badges should never apply to whispers
2015-09-25 10:16:19 +10:00
Régis Hanol 6b07575632 FIX: properly filter badges when they're on a whisper 2015-09-25 00:30:29 +02:00
Robin Ward 3620c8c85e Move descriptions for rate limiting errors into the exception 2015-09-24 13:52:46 -04:00
Régis Hanol 36309e50cc Merge pull request #3767 from tgxworld/track_user_profile_views
Track user profile views
2015-09-23 11:38:18 +02:00
Régis Hanol ed717ccb6e Merge pull request #3794 from tgxworld/add_web_manifes
FEATURE: Add web manifest for Chrome users.
2015-09-23 11:35:14 +02:00
Régis Hanol 1aad58b642 Merge pull request #3781 from tgxworld/feature_log_category_settings
Feature log category settings
2015-09-23 11:34:08 +02:00
Sam a0524ea4d1 FIX: render canonical URLs 2015-09-22 09:37:52 +10:00
Guo Xiang Tan 71eab8f4df FEATURE: Add web manifest for Chrome users. 2015-09-21 10:34:03 +08:00
Régis Hanol a3831a7003 FIX: uploading an animated user card/profile background was converted to a still image 2015-09-20 22:01:03 +02:00
Robin Ward e7af8d2239 FIX: Queued Posts should be ordered by `created_at` 2015-09-18 13:11:57 -04:00
Robin Ward cc516d3be0 Merge pull request #3743 from sitepoint/topic-embed-info
Add embed/info endpoint for TopicEmbed queries
2015-09-18 11:00:01 -04:00
Kane York c9e4745fe8 FIX: Return 410 Gone for deleted topics you could otherwise see 2015-09-18 00:14:43 -07:00
Guo Xiang Tan f39b9124b6 FEATURE: Log staff actions for Category changes. 2015-09-18 10:53:08 +08:00
Régis Hanol 07e7b07b63 FIX: refreshing gravatar wasn't working 2015-09-17 19:42:44 +02:00
Arpit Jalan f2c1dbaa68 FIX: return 422 if the invite is already redeemed 2015-09-16 17:30:00 +05:30
Guo Xiang Tan 7acc93b2a0 FEATURE: Track user profile views. 2015-09-16 14:48:31 +08:00
Jude Aakjaer 9cca510944 Add embed/info endpoint for TopicEmbed queries 2015-09-16 03:22:24 +00:00
Sam 8cb9c348f6 live posts counts is only available to logged in users 2015-09-16 12:27:05 +10:00
Neil Lalonde b4a724e80a FEATURE: export dashboard reports to csv file 2015-09-15 16:45:10 -04:00
Robin Ward 91f3e8e724 For now, restrict whispering to staff only. 2015-09-15 12:29:32 -04:00
Arpit Jalan 607265fc28 FEATURE: add users to group via email 2015-09-15 12:36:44 +05:30
Robin Ward 5af0f5f80e FEATURE: Whisper posts 2015-09-11 14:05:21 -04:00
Régis Hanol 18d7c1c75d fix the build - take 2 2015-09-11 15:47:48 +02:00
Régis Hanol 93f9dcfcec FIX: don't overwrite custom uploaded avatar when selecting gravatar
FIX: remove unecessary serialized fields
2015-09-11 15:10:56 +02:00
Régis Hanol 0c58f08207 FIX: profile picture selector 2015-09-11 15:10:56 +02:00
Sam 6437cd0341 FEATURE: add support for generic external avatar services
This changes it so we only ship an avatar template down to the client
it has no magic, all it knows is how to plug in size
2015-09-11 15:10:56 +02:00
Régis Hanol 2742602254 FEATURE: support for external letter avatars service 2015-09-11 02:12:40 +02:00
Régis Hanol e43034f08f Revert "FEATURE: SVG letter avatars (based on @eviltrout's spike)"
This reverts commit cd77465788.
2015-09-11 00:23:52 +02:00
Régis Hanol cd77465788 FEATURE: SVG letter avatars (based on @eviltrout's spike) 2015-09-11 00:11:48 +02:00
Sam e13ed24122 FEATURE: on mobile take users to full page search
UX: improve styling on full page search page
FEATURE: allow search context in full page search
FEATURE: visited color link for full page search
FIX: broken search help on fulls page search page
FEATURE: allow preload store to return a null
FEATURE: "mobileAction" for the header buttons
2015-09-08 11:04:03 +10:00
Régis Hanol 5dca462b5a Merge pull request #3721 from riking/patch-1
FEATURE: Include topic title, category in posts.json
2015-09-07 10:22:25 +02:00
Sam 335be272ff FEATURE: implement capping of new/unread
We cap new and unread at 2/5th of SiteSetting.max_tracked_new_unread

This dynamic capping is applied under 2 conditions:

1. New capping is applied once every 15 minutes in the periodical job, this effectively ensures that usually even super active sites are capped at 200 new items

2. Unread capping is applied if a user hits max_tracked_new_unread,
  meaning if new + unread == 500, we defer a job that runs within 15 minutes that will cap user at 200 unread

This logic ensures that at worst case a user gets "bad" numbers for 15 minutes and then the system goes ahead and fixes itself up
2015-09-07 12:03:17 +10:00
Kane York 342eba4374 FEATURE: Category reordering dialog 2015-09-06 16:53:52 -07:00
Robin Ward 32e2d7963a FEATURE: Show FAQ at top of the hamburger until the user reads it 2015-09-04 16:56:02 -04:00
Kane York 27ee8bea95 FIX: Remove N+1 queries in posts.json 2015-09-04 13:36:47 -07:00
Robin Ward 73dba5af38 FIX: Notifications when no limit is provided 2015-09-02 15:48:41 -04:00
Robin Ward e624b7198d Try to estimate the amount of notifications to return based on height 2015-09-02 14:30:18 -04:00
Régis Hanol a501947d67 FEATURE: suppress categories from the homepage 2015-09-02 20:25:18 +02:00
Kane York 32e5016dbb FEATURE: Include topic title, category in posts.json 2015-09-01 17:46:06 -07:00
Sam 0a46ec9c50 Merge pull request #3519 from fullfatthings/fix_sso_redirect_when_login_required
Respect cookie[:destination_url] in Single Sign On
2015-09-02 10:32:18 +10:00
Neil Lalonde 1bd0f5b015 FEATURE: group can grant a trust level when a user is added 2015-09-01 16:52:12 -04:00
Robin Ward 9f50f70670 UX: Return more notifications in the user menu 2015-09-01 16:23:23 -04:00
Arpit Jalan eb96016043 FEATURE: copy invite link for topic invites 2015-08-31 21:15:15 +05:30
Neil Lalonde 43c62d413c FIX: similar topics api shouldn't return error if params are below minimum lengths 2015-08-31 10:54:45 -04:00
Arpit Jalan 4ad07b8c09 FEATURE: generate invite token 2015-08-28 18:29:31 +05:30
Neil Lalonde cc2dc4d550 FEATURE: the notice asking admins to get discussion started will update with live counts of topics and posts 2015-08-27 17:28:40 -04:00
Régis Hanol 96c23d51a2 FIX: don't break the message bus when restoring a backup 2015-08-27 20:02:13 +02:00
Sam 4e37bcc3e2 Add extra safety 2015-08-25 12:05:15 +10:00
Sam 2c59ad3dd3 FIX: favicon update broken when favicon lived on a CDN 2015-08-25 11:54:23 +10:00
Arpit Jalan 99edcddafb FEATURE: show pending/redeemed invite count in tabs 2015-08-25 01:12:46 +05:30
Régis Hanol 73624e63c5 FIX: revoke any api keys when suspending an user 2015-08-23 22:33:37 +02:00
Arpit Jalan 91519fdfe7 FIX: do not persist error message 2015-08-24 00:29:58 +05:30
Sam 2b9ca0de8b Merge pull request #3678 from tgxworld/allow_admin_to_change_timestamp
FEATURE: Allow admin to change timestamp of topic.
2015-08-21 10:34:37 +10:00
Robin Ward 146f2eab7f Can edit settings on the embedding page 2015-08-20 15:56:05 -04:00
Robin Ward d1c69189f3 FEATURE: Can edit category/host relationships for embedding 2015-08-20 15:56:04 -04:00
Régis Hanol eafeec51a5 FIX: don't show current topic when moving posts to another topic 2015-08-19 21:40:43 +02:00
Kane York 94439ebddd FIX: Tighter rate-limit for post self-deletions 2015-08-18 12:50:45 -07:00
Régis Hanol 4c2df814de FIX: ensure a file is present when creating an upload 2015-08-18 11:39:51 +02:00
Robin Ward 9f75870d99 Merge pull request #3661 from b-studios/preserve-user-field-options
Preserve user-field options when updating user-fields
2015-08-17 13:43:35 -04:00
Jonathan Brachthaeuser c0e88724c2 Preserve user-field options when updating user-fields
Avoid deleting options of the user-field when no options are
transmitted.
2015-08-17 19:01:20 +02:00
Régis Hanol 827ea641b0 FIX: Use File.size instead of IO.size 2015-08-17 18:57:28 +02:00
Guo Xiang Tan c7a21b7c23 FEATURE: Allow admin to change timestamp of topic. 2015-08-17 00:00:05 +08:00
Régis Hanol 23a5c6444a FIX: move topic links and quoted posts extraction to the PostRevisor 2015-08-14 19:33:32 +02:00
Guo Xiang Tan 1a245656e0 FIX: HTML not being stripped in description meta tag. 2015-08-14 10:00:07 +08:00
Régis Hanol 6669a2d94d FEATURE: per-topic unsubscribe option in emails 2015-08-12 23:00:16 +02:00
Régis Hanol ffbaf8c542 FEATURE: automatically downsize large images 2015-08-12 18:33:13 +02:00
Dan Singerman 8055d065f2 Refactor ApplicationController#redirect_to_login_if_required to use session for SSO 2015-08-11 16:48:55 +01:00
Dan Singerman 7056db26e6 Respect cookie[:destination_url] in Single Sign On
When the login_required setting is true, the destination URL is dropped. This change means it will be
respected at login time
2015-08-11 16:31:28 +01:00
Robin Ward 7fffd483f8 Fix deprecations with site text, upgrade to ES6 / store 2015-08-10 10:21:04 -04:00
Robin Ward bd631e343a FEATURE: Can create stylesheets for embedded comments 2015-08-10 10:21:04 -04:00
Robin Ward 0932e82508 Refactor Customizations to have deeper URLs 2015-08-10 10:21:04 -04:00
Sam bafdf9290d FIX: don't let blocked users reach post creator or new post queue
correct broken spec
2015-08-06 10:32:53 +10:00
Sam 01ad88f1ed FEATURE: min_first_post_typing_time
If a user spends less than 3 seconds typing
first post they will automatically enter the approval queue
2015-08-04 10:57:34 +10:00
Sam 7b8b96446e FEATURE: track statistics around post creation
- how long were people typing?
- how long was composer open?
- how many drafts were created?
- correct, draft saved to go away after you continue typing

store in Post.find(xyz).post_stat
2015-08-03 14:29:15 +10:00
Robin Ward cf91bca0cd FIX: Small actions should show descriptions on the user stream 2015-07-31 14:25:49 -04:00
Robin Ward aa6f792ce1 FEATURE: Custom orders for user fields 2015-07-30 14:53:13 -04:00
Robin Ward 9911e92e24 Merge pull request #3609 from riking/patch-7
FEATURE: Localization fallbacks
2015-07-30 10:44:29 -04:00
Régis Hanol faf4f44776 FEATURE: make pin expiration mandatory 2015-07-29 16:34:21 +02:00
Régis Hanol 9e2632badd FIX: title translation for crawlers 2015-07-29 15:39:20 +02:00
Robin Ward 5f45e5361f FIX: Moderation actions can have their messages removed 2015-07-28 16:58:56 -04:00
Robin Ward dc8a68fd29 FEATURE: New "Dropdown" user field type 2015-07-28 12:30:21 -04:00
Arpit Jalan d6069e8c90 UX: fix container layout 2015-07-28 13:58:30 +05:30
Sam 41ceff8430 UX: move search to its own route
previously search was bundled with discovery, something that makes stuff confusing internally
2015-07-27 16:47:06 +10:00
Sam 0c267e5952 maintain exact old behavior 2015-07-24 09:44:16 +10:00
Sam 719f558746 multisite fix, allow show through (security is handled in the controller) 2015-07-24 09:41:46 +10:00
Sam 3a54923116 FIX: permalink normalization not applied at constraint
implement permalink import for lithium
2015-07-22 13:40:45 +10:00
Sam 4491813d22 Revert "Revert "PERF: optimise query that gathers topic tracking state""
This reverts commit 909be09f1a.
2015-07-21 21:48:07 +10:00
Sam 909be09f1a Revert "PERF: optimise query that gathers topic tracking state"
This reverts commit 343e417a55.
2015-07-21 17:35:50 +10:00
Sam 343e417a55 PERF: optimise query that gathers topic tracking state
(this query runs on the front page to figure out new and unread topics)
2015-07-21 17:14:30 +10:00
Arpit Jalan 5fc7545c01 UX: include more details on Permalinks page 2015-07-17 21:39:23 +05:30
Arpit Jalan dc90c396f2 FEATURE: manage Permalinks 2015-07-17 01:26:02 +05:30
Kane York ecfa17b5a7 FEATURE: Localization fallbacks (server-side)
The FallbackLocaleList object tells I18n::Backend::Fallbacks what order the
languages should be attempted in. Because of the translate_accelerator patch,
the SiteSetting.default_locale is *not* guaranteed to be fully loaded after the
server starts, so a call to ensure_loaded! is added after the locale is set for
the current user.

The declarations of config.i18n.fallbacks = true in the environment files were
actually garbage, because the I18n.default_locale was
SiteSetting.default_locale, so there was nothing to fall back to. *derp*
2015-07-15 10:17:36 -07:00
Régis Hanol b0802abae2 FIX: crop & optimize user background profile/card images 2015-07-15 17:15:43 +02:00
Kane York 2a897a8a6b SECURITY: Remove email validation check bypass
- Increase size of email column to varchar(513)
 - Give error message on signup when email is too large

Overall impact: Low, allows signups from blocked domains. Main risk is increased spam.
2015-07-13 15:36:17 -07:00
Arpit Jalan e0c9054748 FEATURE: invite page tabs 2015-07-13 09:42:51 +05:30
Neil Lalonde 782dd13e78 FEATURE: track user visits on mobile and display on admin dashboard in a new Mobile section 2015-07-07 14:06:42 -04:00
Doug 5e615ef26e Fixed bug that caused substrings of reserved usernames to be treated as reserved. 2015-07-06 23:54:25 -07:00
Robin Ward be664857be Merge pull request #3585 from riking/patch-3
FEATURE: Reserved usernames
2015-07-03 10:02:24 -04:00
Robin Ward 7676c5dfe7 Can add topic templates to categories, prepopulated on compose 2015-07-03 10:01:46 -04:00
Kane York df988a20eb FEATURE: Reserved usernames
A list of usernames that will be blocked from being used to sign up.
2015-07-01 13:50:55 -07:00
Robin Ward 6422d5efbd Use the same component for similar topics as search results. 2015-06-24 15:08:22 -04:00
Robin Ward b4960d48b4 Better support for passing up errors when OmniAuth fails after auth 2015-06-24 12:12:43 -04:00
Régis Hanol f18098fd9b FEATURE: category dropdown in admin reports 2015-06-24 15:19:39 +02:00
Sam b052179ae6 Merge pull request #3163 from rcfox/fix-by-external
Allow periods in the external_id value used in the /users/by-external route.
2015-06-24 13:07:12 +10:00
Sam 65ac5b6475 Merge pull request #3562 from riking/no-index
Add noindex directive on unlisted topics
2015-06-23 15:50:53 +10:00
Robin Ward 76bfd723f6 Merge pull request #3482 from riking/patch-3
Import/Export site customizations
2015-06-22 14:03:07 -04:00
Kane York 2f0bd6294c Add noindex directive on unlisted topics 2015-06-22 11:00:39 -07:00
Régis Hanol efb02ae561 FIX: take into account unlisted banners 2015-06-22 14:08:30 +02:00
Sam 41e427bd2e Work in progress, full page search 2015-06-22 18:09:08 +10:00
Konstantin Ilchenko 131cf643ce FIX: Allow api to send uploads with :url 2015-06-21 14:54:59 +03:00
Robin Ward 4e898c604e UX: Update suggested topics to include topic status + category 2015-06-18 15:53:10 -04:00
Sam f26eee8431 FEATURE: add username to NGINX logs 2015-06-16 17:43:53 +10:00
Arpit Jalan d37c2a2c98 Merge pull request #3550 from techAPJ/patch-1
FIX: new-topic URL should survive login redirection
2015-06-16 07:19:42 +05:30
Sam 690f4a4c37 add X so it shows up at the end of chrome 2015-06-16 10:27:42 +10:00
Sam 9b8b1d0034 FEATURE: add special header that names the action for the request 2015-06-16 09:54:44 +10:00
Régis Hanol 1ac3941130 FEATURE: allow API to upload files synchronously 2015-06-15 16:12:15 +02:00
Arpit Jalan d1632c1dbd FIX: new-topic URL should survive login redirection 2015-06-14 20:24:47 +05:30
Régis Hanol 189cb3ff12 FEATURE: move migrate_to_new_scheme into a background job
- new hidden site setting 'migrate_to_new_scheme' (defaults to false)
- new rake tasks to toggle migration to new scheme
- FIX: migrate_to_new_scheme also works with CDN
- PERF: improve perf of the DbHelper.remap method
- REFACTOR: UrlHelper is now a class
2015-06-12 12:07:57 +02:00
Sam Saffron c58b495e15 SECURITY: Query @usernames in bulk
Otherwise you could add many requests at once while composing.
2015-06-11 13:03:49 -04:00
Robin Ward ae277e28a6 FEATURE: Allow embedding topics without creating them, by id 2015-06-09 16:24:20 -04:00
Sam Saffron e3fa27a01c FEATURE: serialize and update category custom_fields
- send to client
- update from client
2015-06-10 06:13:36 +10:00
Robin Ward 7b6d6b76eb FEATURE: Multiple embeddable hosts
- Also refactors two site settings components into one, with tests
2015-06-09 13:25:43 -04:00
Arpit Jalan 71ee84f848 FEATURE: latest posts RSS feed 2015-06-09 21:45:06 +05:30
Robin Ward 5da5269652 FIX: Bad page title for categories view by google crawler 2015-06-08 12:07:35 -04:00
Arpit Jalan 74141cc475 FIX: send 404 error when unauthorized user tries to download user archive 2015-06-08 11:32:31 +05:30
Sam Saffron 4409a3072d FEATURE: we need admin login always 2015-06-05 18:43:59 +10:00
Régis Hanol 81a699e2b0 better support for mixed content 2015-06-01 17:49:58 +02:00
Sam Saffron 9787cb07aa FIX: when missing a static topic we were returning an error 2015-06-01 11:40:52 +10:00
Sam fc2a08731a FIX: sso_not_approved_url not working correctly 2015-05-30 13:19:07 +10:00
Régis Hanol 80a108e3cf FIX: don't break user avatars route 2015-05-29 19:19:41 +02:00
Régis Hanol acafa491b2 user avatar urls/templates refactor 2015-05-29 18:51:17 +02:00
Régis Hanol 0483f05154 make sure we pass in the user_id when creating avatar thumbnails 2015-05-29 18:11:19 +02:00
Régis Hanol cb025a65e0 FIX: make sure we also save the user_avatar.custom_upload_id 2015-05-29 10:21:41 +02:00
Régis Hanol c3227b69fa FIX: proper support for pixel ratios up to 3 2015-05-29 09:57:54 +02:00
Sam bddbf70697 FIX: order post_actions by date 2015-05-28 16:16:36 +10:00
Sam bb3fb37650 FIX: when uploading same file was pasted into multiple composers 2015-05-28 15:08:54 +10:00
Neil Lalonde ea8cf1a208 FIX: topic auto-close uses the client's time zone 2015-05-27 18:01:46 -04:00
Sam 02fa7448ca FEATURE: custom url to redirect to on account pending approval for sso 2015-05-27 14:06:45 +10:00
Sam a988cd5abe FIX: redirect to CDN avatar for s3 avatars 2015-05-27 12:02:57 +10:00
Sam 918034aa7b remove less useful error reporting 2015-05-27 11:17:28 +10:00
Régis Hanol 992154533f remove debugging letfovers 2015-05-26 20:08:19 +02:00
Régis Hanol 7b03c7dbc4 Merge pull request #3504 from techAPJ/patch-4
FIX: add missing translation keys
2015-05-26 16:08:39 +02:00
Régis Hanol 85d4d3223c FIX: crop avatars on the server instead of the client
FIX: support for dots in S3 bucket names
2015-05-26 15:54:25 +02:00
Arpit Jalan d21944a0b6 FIX: add missing translation keys 2015-05-26 19:11:37 +05:30
Sam 147ea002f7 FIX: allow handling for avatars that are not in the set of "resized sizes" 2015-05-26 15:41:50 +10:00
Sam eeda367e70 FIX: should be able to serve optimized image from local if its ... local... 2015-05-26 12:32:52 +10:00
Neil Lalonde eaa1afeaf5 remove Google OpenID auth, since Google doesn't support it anymore 2015-05-25 15:13:44 -04:00
Régis Hanol bb0c2813ac FEATURE: generate (avatar) thumbnails in a background task
FIX: keep the "uploading..." indicator until the server replies via the MessageBus
FIX: text was disapearing when uploading an avatar

PERF: always use a region for S3 (defaults to 'us-east-1')
FEATURE: ApplyCDN middleware when using S3
FIX: use the same pattern to store files on S3 and locally
PERF: keep a local cache of uploads when generating thumbnails
FEATURE: migrate_to_s3 rake task
2015-05-25 17:59:00 +02:00
Sam bcaed90744 fix missing rtl stylesheets 2015-05-23 15:25:05 +10:00
Sam fe46d1dd3b PERF: avoid cookies for all static, public, cached forever assets 2015-05-22 16:15:46 +10:00
Sam 96dbeb8608 fix stylesheet cache to recover if file is on disk 2015-05-22 11:22:12 +10:00
Robin Ward 0ed1c8011c FIX: About page error when `login_required` 2015-05-21 14:37:49 -04:00
Sam a0090a4585 fix incorrect handling of date on "globally enabled" stylesheet. 2015-05-21 17:23:54 +10:00
Sam 44fc8e42dc nginx is stripping ETags, just use last modified instead 2015-05-21 17:05:22 +10:00
Sam 4fbfc6ddbc PERF: missing caching on CSS and Site Customizations 2015-05-21 16:09:23 +10:00
Régis Hanol b7f8680618 fix build (:fired:) 2015-05-20 17:51:33 +02:00
Régis Hanol bcd98c8f0f FIX: API can provide a URL to create an upload 2015-05-20 17:38:06 +02:00
Régis Hanol c91634c09a FIX: support for async uploads of emojis 2015-05-20 16:45:48 +02:00
Régis Hanol 8d967d9065 FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-20 16:45:48 +02:00
Robin Ward 7d23826cee FIX: Keep around the page when redirecting 2015-05-20 10:16:17 -04:00
Régis Hanol 7d3b7a5657 fix the build 2015-05-20 15:32:31 +02:00
Régis Hanol b44488b618 FIX: keep to old attachment route 2015-05-20 14:55:42 +02:00
Sam e5888cf090 PERF: avoid preloading json in cases where it is not needed
(uploads / avatars / non GET requests)
2015-05-20 17:12:16 +10:00
Sam 14ab9c45b6 Merge pull request #3470 from ahuling13/expired-nonce-return-status
In the case of an expired nonce, return a 400 status code instead of 500
2015-05-20 12:08:17 +10:00
Sam d1d703718a Merge pull request #3476 from paulkaplan/sso-distrust-email
Add SSO setting to not trust emails automatically
2015-05-20 12:07:14 +10:00
riking d112f39031 Change extension back to .dcstyle.json 2015-05-19 18:35:16 -07:00
Andrew Huling e44ddff9bb Change the expired nonce return status code from 400 to 419. 2015-05-19 13:13:14 -04:00
Régis Hanol 9ded21e4c6 FIX: consistent and future-proof upload storage pattern 2015-05-19 12:31:12 +02:00
riking fbc06d044f Use .dcstylejson instead of .dcstyle.json 2015-05-16 20:41:35 -07:00
riking 1e53c179a3 FEATURE: Export customizations as JSON files 2015-05-16 20:24:13 -07:00
Ryan Fox 14d2b76354 Merge branch 'master' into fix-by-external
Conflicts:
	app/controllers/users_controller.rb
2015-05-15 19:54:11 -04:00
Paul Kaplan b8a43e153c Use session controller to prevent inactive SSO users 2015-05-15 12:15:06 -05:00
Régis Hanol 93273cd17a Merge pull request #3451 from ossobv/sso_login_unapproved_account
Stop sso login processing after rendering error
2015-05-15 14:33:19 +02:00
Antonin Hildebrand 11852056a8 Add missing events for discourse-hipchat-plugin
https://github.com/binaryage/discourse-hipchat-plugin
2015-05-15 15:52:12 +08:00
Andrew Huling e1d2ecef10 In the case of an expired nonce, return a 400 status code instead of a 500.
500 status codes are for unexpected server-side error scenarios. When an expired nonce is used by the client, a 4XX-level error is more appropriate because the client has submitted a bad request (by using an expired nonce). A 500 also causes Internet Explorer to show its default 500 page which does not show the error message and leads to a bad end user experience. I am choosing 400 for the new status rather than 401 or 403 because 401 requires a WWW-Authenticate header which would be difficult to generate in an SSO scenario and a 403 implies that no re-authentication will address the failure.
2015-05-14 16:03:02 -04:00
Robin Ward 0b65c88003 Upgrade Notifications to fix deprecations and use store 2015-05-11 11:20:45 -04:00
Harm Geerts d9a3e82516 Stop sso login processing after rendering error
This prevents a DoubleRenderError triggered on the redirect_to.
2015-05-11 14:17:32 +02:00
Arpit Jalan fc30b771cf FIX: reply count is off by one 2015-05-11 13:58:53 +05:30
Sam 8277a586bb usage of raise corrected 2015-05-07 11:00:51 +10:00
Sam 77cc087b13 FIX: proper error message when account created is hit with no session 2015-05-07 11:00:22 +10:00
Sam 376b28b0ed FIX: raise a 404 if click tracker gets no url 2015-05-06 11:27:41 +10:00
Sam 0f53fc8328 correct emergency regeneration in the controller 2015-05-06 07:33:32 +10:00
Sam ea670118c1 Add better error handling, correct the location on disk of stylesheet 2015-05-05 23:28:40 +10:00
Sam f58d85edea FEATURE: move stylesheet cache out of the uploads directory 2015-05-05 15:50:13 +10:00
Sam 803feefd54 MessageBus handles readonly redis now, no need to wrap it 2015-05-04 12:21:00 +10:00
Arpit Jalan 23fd16850a FIX: include youtube link in embedded comments 2015-05-01 18:34:45 +05:30
Robin Ward 16408cee06 Allow Postgres to trigger readonly mode for the site. 2015-04-29 11:49:58 -04:00
Sam 729aaa826b Merge pull request #3404 from techAPJ/patch-1
FEATURE: magic login route for admin when SSO is enabled
2015-04-28 07:47:50 +10:00
Robin Ward ecafbb0a63 Can delete users via the moderation queue 2015-04-27 15:06:20 -04:00
Robin Ward 3cb4554bbb Can refresh queued posts via button 2015-04-27 13:52:54 -04:00
Neil Lalonde cce8693354 FIX: canonical link tag when using relative_url_root 2015-04-27 13:34:22 -04:00
Arpit Jalan 2932284293 FEATURE: magic login route for admin when SSO is enabled 2015-04-27 22:54:48 +05:30
Robin Ward 3a6efa25f0 Allow ReadOnly to propogate up to the Ember app via Response Header 2015-04-24 14:37:16 -04:00
Robin Ward 5b3f99aa50 Don't blow up if Redis switches to READONLY 2015-04-24 14:37:16 -04:00
Neil Lalonde ae028a5bb1 FIX: support for redirects to external url in permalinks table was broken 2015-04-23 16:45:28 -04:00
Régis Hanol a737090442 - FEATURE: revamped poll plugin
- add User.staff scope
- inject MessageBus into Ember views (so it can be used by the poll plugin)
- REFACTOR: use more accurate is_first_post? method instead of post_number == 1
- FEATURE: add support for JSON-typed custom fields
- FEATURE: allow plugins to add validation
- FEATURE: add post_custom_fields to PostSerializer
- FEATURE: allow plugins to whitelist post_custom_fields
- FIX: don't bump when post did not save successfully
- FEATURE: polls are supported in any post
- FEATURE: allow for multiple polls in the same post
- FEATURE: multiple choice polls
- FEATURE: rating polls
- FEATURE: new dialect allowing users to preview polls in the composer
2015-04-23 19:33:29 +02:00
Robin Ward 53ca51654d FIX: Avoid cookie overflows by truncating the referer we store in flash 2015-04-22 12:41:49 -04:00
Robin Ward 5bf8c31af4 Users can see their pending posts 2015-04-21 16:44:47 -04:00
Robin Ward 2cdd967188 Adds support for invisible approval queues, which we'll need for Akismet 2015-04-20 17:19:05 -04:00
Neil Lalonde a3b6e3cb97 FIX: permalinks redirects with relative_url_root 2015-04-19 23:36:09 -04:00
Sam Saffron 6d2e651862 Revert "FIX: Missing letter avatars"
This reverts commit 03943554c6.
2015-04-20 06:41:08 +10:00
Sam 72ab1b9714 Merge pull request #3385 from tancnle/each-key-refactor
Replace Hash#keys.each with Hash#each_key for some perf boost
2015-04-20 06:17:27 +10:00
Robin Ward 03943554c6 FIX: Missing letter avatars
cc @zogstrip

It seems that the version string was ammended to return the ImageMagick
version. This caused the guard in the user avatars method to fail as the
versions weren't the same.

I changed it so it is comparing the right version, but I wonder if this
is bad as the controller is no longer using the ImageMagick version. Can
you please review?
2015-04-19 10:48:53 -04:00
Tan Le 9fbc763902 Replace Hash#keys.each with Hash#each_key for some perf boost 2015-04-18 21:53:53 +10:00
Robin Ward 2459f52c71 Merge pull request #3375 from techAPJ/patch-2
FEATURE: invite existing users to private topic
2015-04-16 11:13:42 -04:00
Arpit Jalan 866d1cd8e3 FIX: handle error for duplicate email_in address 2015-04-16 16:23:22 +05:30
Robin Ward 08b4b7b7ff Moderators can edit posts that are queued before they approve/reject 2015-04-15 17:20:34 -04:00
Arpit Jalan d491d4f997 FEATURE: invite existing users to private topic 2015-04-16 00:52:54 +05:30
Robin Ward 0c233e4e25 Interface is wired up for Approving/Rejecting posts 2015-04-15 14:54:37 -04:00
Robin Ward 96d2c5069b Interface for reviewing queued posts 2015-04-15 14:54:37 -04:00
Robin Ward 22ffcba8e6 Convert `Discourse.Post` to ES6 and use Store model
- Includes acceptance tests for composer (post, edit)
- Supports acceptance testing of bootbox
2015-04-15 14:54:36 -04:00
Robin Ward 19a9a8b408 `NewPostManager` determines whether to queue a post or not 2015-04-15 14:54:36 -04:00
Arpit Jalan 499bed69e2 FIX: show error message if user already exist in group 2015-04-15 14:15:58 +05:30
Sam 2a3f71a9a1 SECURITY: log off all existing sessions when resetting password 2015-04-15 08:57:43 +10:00
Robin Ward db4c04d606 FIX: Moderators shouldn't be able to see secure deleted posts 2015-04-13 11:48:31 -04:00
Sam 75890aed26 FEATURE: allow admins to choose a group as a primary group
FEATURE: allow admins to set a default title for a group
2015-04-10 12:17:28 +10:00
Régis Hanol babbbc06d1 FIX: add support for .tgz and .gz backup files 2015-04-07 15:26:47 +02:00
Sam f5d89169e2 FEATURE: initial implemenation of anonymous posting mode 2015-04-07 18:05:31 +10:00
Sam 5d31290dbc FIX: cleanup old letter avatars if needed
FEATURE: use image magick version as a key for letter avatars
2015-04-07 13:03:43 +10:00
Régis Hanol 33879e1311 Merge pull request #3199 from fantasticfears/seo
FEATURE: add microdata prop and more links for crawler
2015-04-06 11:18:34 +02:00
Robin Ward 82124b3222 UX: Login to decide when to show you near the top of the directory
Don't show yourself there if you are close to the top already.
2015-04-02 14:51:49 -04:00
Régis Hanol 1ec73b5ba0 FIX: use 'request.remote_ip' instead of 'request.ip' for better consistency 2015-04-02 16:24:27 +02:00
Robin Ward 28864e74bc FIX: Don't show the filter title on the default route 2015-03-30 11:40:44 -04:00
Sam 586cca352d move memory diagnostics into lib, so it can be reused elsewhere 2015-03-30 10:14:42 +11:00
Robin Ward 2cc5858163 Add site setting to disable User Directory, include restricted info 2015-03-26 11:26:19 -04:00
Robin Ward 33e35930b0 FIX: Server error when no results on user directory while logged in 2015-03-25 11:18:46 -04:00
Robin Ward 8fd339b994 Include the current user at the top AND in the user directory 2015-03-24 16:19:15 -04:00
Robin Ward e3eaa7fa75 FIX: In long topics, filtering button was not always showing in card 2015-03-24 12:33:50 -04:00
Sam bb20f64cb2 use standard error so its easier to catch 2015-03-23 12:20:50 +11:00
Robin Ward 6d38005a22 Allow staff to change uneditable user fields 2015-03-20 15:18:43 -04:00
Robin Ward 051a2a3d14 FEATURE: Can search the user directory by name 2015-03-19 18:07:48 -04:00
Robin Ward 1931850151 UX: Always show the current user at the top of the directory 2015-03-19 15:32:23 -04:00
Robin Ward ae695d6438 UX: Show two lines per user on directory 2015-03-19 14:53:52 -04:00
Robin Ward 7ef306cd3b A bunch of tweaks to the Users directory
- Move user directory from `/directory` to `/users/`
- Defaults to 'weekly' time period
- Don't include deleted topics/posts in the results
- Move heart icon to header instead of on each row
- "Users" instead of "Users found"
2015-03-19 12:29:38 -04:00
Régis Hanol df3b1f6968 FIX: editing a post wasn't showing error messages from the server 2015-03-19 12:25:15 +01:00
Robin Ward 3d2d224312 FEATURE: User Directory, with sorting and time period filter 2015-03-18 15:20:34 -04:00
Erick Guan c955907f60 FEATURE: add microdata prop and more links for crawler
- add microdata based on schema.org
- add breadcrumb on the top of topic
- add navigations link on the bottom of every pages
- add category description on the category list
2015-03-16 22:52:10 +08:00
Régis Hanol 424a3b042a FEATURE: unified UI for pinning/banner topics
REFACTOR: ES6ified all the modals
2015-03-14 01:18:05 +01:00
Sam a82530012a FEATURE: Allow selection of highlight js languages
PERF: stop loading highlight js on load

To get latest highlight js run bin/rake highlightjs:update
2015-03-13 16:18:59 +11:00
Régis Hanol 6cd4330335 FIX: show all deleted posts 2015-03-11 18:07:47 +01:00
Neil Lalonde 608647d02f FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-10 11:59:08 -04:00
Robin Ward 3ad12d44f3 Use a mixin for the `path` function to DRY it up 2015-03-09 15:24:16 -04:00
Régis Hanol fc962eb378 FEATURE: automatic daily roll-up for screened IP addresses 2015-03-09 18:55:17 +01:00
Sam f5af4768eb FEATURE: add clean support for running Discourse in a subfolder
To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish
2015-03-09 13:14:29 +11:00
riking cab92f947c FEATURE: All preload data available under /site/
This will be essential for entirely local Discourse clients.
2015-03-04 20:49:03 -08:00
Robin Ward 84b84a9d7c Support for `url_list` site setting. 2015-03-03 16:19:29 -05:00
Neil Lalonde 7c14db44cc UX: improve message when admin login is blocked because of admin ip address whitelisting 2015-03-02 12:13:22 -05:00
Neil Lalonde 1bf4f34049 FIX: topic and post counts are not updated when ownership of a post is changed 2015-03-02 12:13:21 -05:00
Sam f555bbb416 FEATURE: long descriptions for badges to help teach people 2015-02-27 17:19:18 +11:00
Sam 71d6266f98 REGRESSION: exceptions are handled natively by logster 2015-02-27 13:05:51 +11:00
Robin Ward 3e2ba5b30b FIX: If an IP is blocked, don't allow people to login using it 2015-02-25 16:02:40 -05:00
Robin Ward 005b8bf7c3 FIX: When creating a SSO user via sync, do not user the IP address. 2015-02-25 14:41:23 -05:00
Régis Hanol cf00e73ed8 Merge pull request #3234 from fullfatthings/add_remove_group_members_by_id_or_name
Allow adding and removing members of groups by username or id
2015-02-25 17:30:25 +01:00
Arpit Jalan a8b927da91 FEATURE: add canonical tag to category latest page 2015-02-25 20:46:45 +05:30
Dan Singerman 1c545d4c1e Allow adding and removing members of groups by username or id
As discussed here: https://meta.discourse.org/t/discourse-gem-group-add/25668/2.
2015-02-25 14:52:13 +00:00
Sam fe578f9944 FEATURE: Allow manual assignment of related post to badge
PERF: clean up performance of user badges admin when large number of badges exist
2015-02-25 12:53:01 +11:00
Sam 130dbf7358 PERF: don't run stats query in user card 2015-02-24 13:31:23 +11:00
Sigurður Guðbrandsson 96e6fd3449 Cleaned up the sso codefix, thanks @SamSaffron
@SamSaffron showed me a cleaner way to use the if statements in the sso redirect code.

Thanks sam ;)
2015-02-23 22:10:44 +00:00
Sigurður Guðbrandsson 334a357363 FIX: Forward to SSO login automatically
Forward to SSO login URL automatically if SSO is enabled and login is required.

Makes it simpler for users to log in automatically.
2015-02-23 21:20:36 +00:00
Robin Ward ca5730018a FIX: SSO code should respect IP address filters 2015-02-23 16:01:46 -05:00
Robin Ward 8186d86f38 FIX: Enforce max length for custom user fields 2015-02-23 13:02:30 -05:00
Sam 5266ad4539 Merge pull request #3183 from riking/json-errors-2
Consolidate custom exception handling
2015-02-23 16:58:05 +11:00
riking ecb911285d Fix the render_json_error api 2015-02-22 21:28:50 -08:00
Sam 6960639c58 Merge pull request #3190 from riking/thrown_logging
Delete old ErrorLog, use Logster for 500 errors
2015-02-23 14:19:16 +11:00
Régis Hanol 20c9a312c7 FIX: clicks counter on attachments wasn't always working 2015-02-22 20:47:18 +01:00
Sam 17927b2e8b FIX: don't use flash cause we are not redirecting
(we should probably change that though)
2015-02-20 10:28:58 +11:00
Sam 67f404d281 FIX: remove notifications on deleted topics from the stream 2015-02-19 12:40:00 +11:00
Sam 59a28bf5c1 regression: bookmarked may be missing, do not fail 2015-02-19 11:42:01 +11:00
Sam b041b3f67f FIX: bookmark topic was not working intuitively
- explicitly call out "clear bookmarks"
- correct keyboard shortcuts
- properly remove bookmarks when toggeling
2015-02-19 10:58:57 +11:00
Loïc Guitaut 395654bf24 Fix regression on editing private messages
v1.2.0beta9 has introduced a regression in edit of a private topic
(first post). Previously a check for no change in TopicsController was
made but it has been changed without considering that the topic could
be private.

By simply forcing a conversion of `topic.category_id` to integer, the case
where its value is nil is handled correctly as it was previously.
2015-02-18 00:41:16 +01:00
Sam 6c09b6739d BUG: minor, do not send access origin if not set 2015-02-17 09:58:43 +11:00
Régis Hanol 0b45054e2b FIX: couldn't uncategorize a topic 2015-02-16 10:31:36 +01:00
Robin Ward 3ce2077aa8 Migrate unsubscribe keys to the database.
This should reduce a lot of the keys in redis.
2015-02-13 14:24:15 -05:00
Sam ca915e8ad7 correct issue under 2.0.0 2015-02-11 17:41:24 +11:00
Sam 9a59caf800 add regexp to reporting 2015-02-11 17:23:54 +11:00
Sam e427d54191 FEATURE: show large objects in admin/memory_stats 2015-02-11 17:18:47 +11:00
Régis Hanol c4e427cf73 FEATURE: filter screened IP addresses 2015-02-10 19:38:59 +01:00
Robin Ward 8d46de4819 Add a spec for the new plugins controller 2015-02-10 12:35:53 -05:00
Sam 39e828dee4 improve formatting 2015-02-10 15:59:08 +11:00
Sam d5405eebde Add basic snapshot comparison for tracking memory leaks 2015-02-10 15:54:16 +11:00
Sam 1d99f5c9c0 FEATURE: add process stats to memory report 2015-02-10 12:34:01 +11:00
Sam 3aea00473b FEATURE: improve memory reporting of /admin/memory_stats 2015-02-10 11:48:30 +11:00
riking 68ccd2d664 FEATURE: All 500 errors now show up in Logster
Added Discourse.handle_request_exception()
2015-02-09 12:48:33 -08:00
riking 5657006aca Rename handle_exception to handle_job_exception 2015-02-09 12:47:46 -08:00
riking 8d39480831 use symbols for error types (squash me) 2015-02-09 10:20:00 -08:00
Régis Hanol 1e6f886886 FIX: use distributed mutex to prevent errors when uploading emojis in batches 2015-02-09 18:54:57 +01:00
Lincoln Lee 02f3f8c1b3 Fix customize HTML/CSS only show desktop code
custom_top and custom_footer method in SiteCustomization is setting
:desktop as default argument for `target`

It output the desktop version of the custom_top, custom_footer even
user in mobile_view.

This fix is adding the missing target into method argument.
2015-02-10 00:48:42 +08:00
Sam e8323fa534 FIX: removing a group from a user was not removing primary group 2015-02-09 16:03:09 +11:00
riking a16aa9fde8 HACK: Keep old behavior for topics#show 2015-02-08 13:56:56 -08:00
riking 8cf21f2363 FEATURE: Refactor error returns in application_controller 2015-02-08 13:40:38 -08:00
Robin Ward 3d7b534564 FEATURE: New "Plugins" admin section with extensibility support 2015-02-06 17:33:24 -05:00
Régis Hanol 8e2d84ee27 Merge pull request #3174 from riking/patch-poll
FIX: Allow closing polls in multi-locale sites
2015-02-06 09:44:44 +01:00
Sam 95f8b3ed4c FIX: status route should be served as text not html 2015-02-06 15:56:21 +11:00
riking 06f02ce9fc FIX: 🈂️ Allow closing polls in multi-locale sites 2015-02-05 19:55:03 -08:00
Sam 3a0cd0b760 make custom fields a bit more permissive input wise 2015-02-06 09:03:23 +11:00
Robin Ward 4e64d16a47 FEATURE: Allow plugins to log staff actions 2015-02-05 15:26:34 -05:00
Régis Hanol f1403206ca Merge pull request #3169 from riking/patch-3
SECURITY: Don't leak topic title in the redirect
2015-02-05 12:47:58 +01:00
Arpit Jalan 026df5185e FIX: subcategory url was incorrect in rss 2015-02-05 13:22:28 +05:30
Robin Ward 25daca8f23 Helpers for plugins to support enabling/disabling 2015-02-04 16:23:56 -05:00
riking 4c8850108a SECURITY: Don't leak topic title in the redirect 2015-02-04 11:55:39 -08:00
Sam 67eccee990 FEATURE: basic disk space usage stats 2015-02-04 18:05:17 +11:00
Arpit Jalan 68377ba4ab add class for container div on 404 page 2015-02-04 00:40:21 +05:30
Régis Hanol 0e5c9b2590 small upload code refactor 2015-02-03 18:44:18 +01:00
Ryan Fox c3f21dcdfc Remove the .json part from the external_id value when using it to lookup a user. 2015-02-02 12:58:02 -05:00
Ryan Fox 1f0915bf83 Allow periods in the external_id value used in the /users/by-external route. 2015-02-02 12:55:32 -05:00
Sam b1f81c0dca Merge pull request #3080 from riking/misc
Miscellaneous fixes from PR#3000
2015-01-30 10:23:17 +11:00
Sam ea7af7a83b Merge pull request #3135 from longhotsummer/fix-no-user-params
FIX: creating a user shouldn't error when optional fields aren't given
2015-01-30 10:12:57 +11:00
Neil Lalonde 67b262b93e Merge branch 'master' of github.com:discourse/discourse 2015-01-29 17:39:52 -05:00
Neil Lalonde 644c7a4675 FEATURE: Add an option to show custom user fields on profiles. Default is to not show them. 2015-01-29 17:38:39 -05:00
riking 85a7b925c7 Miscellaneous fixes from PR#3000
FIX: Don't require login to view post raw
FIX: Don't submit read-guidelines for anonymous users (causes
unnecessary 403 errors from ensure_logged_in)
FIX: Don't pass nil to an array serializer
2015-01-29 13:56:32 -08:00
Sam a6ce188f35 Merge pull request #3126 from riking/latest-posts
Latest posts endpoint at /posts.json
2015-01-30 08:55:45 +11:00
Robin Ward f028b51620 Add post parameters so plugins like akismet can use it for spam
prevention.
2015-01-29 13:09:35 -05:00
Robin Ward 1f40807001 Add extensibility point for whenever a post is created 2015-01-29 12:46:29 -05:00
Arpit Jalan 4e4bb736a8 build is failing :fired: 2015-01-29 15:18:38 +05:30
Arpit Jalan e8db47a1fe FIX: PMs were not allowed to be edited in some cases 2015-01-29 15:00:11 +05:30
Régis Hanol cd2c9edb46 FIX: 🐛 upload on IE9 wasn't working :'(
- FIX: make sure we set a default name to a pasted image only on Chrome (the only browser that supports it)
- FIX: use ".json" extension to uploads endpoints since IE9 doesn't pass the correct header
- FIX: pass the CSRF token in a query parameter since IE9 doesn't pass it in the headers
- FIX: display error messages comming from the server when there is one over the default error message
- FIX: HACK around IE9 security issue when clicking a file input via JavaScript (use a label and set `visibility:hidden` on the input)
- FIX: hide the "cancel" upload on IE9 since it's not supported
- FIX: return "text/plain" content-type when uploading a file for IE9 in order to prevent it from displaying the save dialog
- FIX: check the maximum file size on the server 💥
- update jQuery File Upload Plugin to v. 5.42.2
- update JQuery IFram Transport Plugin to v. 1.8.5
- update jQuery UI Widget to v. 1.11.1
2015-01-28 19:43:20 +01:00
Robin Ward 8fc477ab07 More refactoring to support extensibility of history 2015-01-28 13:37:06 -05:00
Robin Ward d43944b3ed Extensibility for tracking changes to a topic 2015-01-28 13:37:06 -05:00
Greg Kempe d99ccf6d27 FIX: creating a user shouldn't error when optional fields aren't provided
This fixes a bug where the server would 500 if the only user fields
where optional ones, and the create_user call didn't provide any
values so that params[:user_fields] was nil.

Additionally, don't bother double-checked for required fields, since we
iterate over all fields and will catch any that are required and blank.
2015-01-27 11:48:27 +02:00
Sam 497042ddf2 FIX: don't restrict to local filesystem for df check
FIX: check correct directory when looking at backup limits
2015-01-27 08:25:57 +11:00
riking 9e9119d1c1 FEATURE: Enable pagination of /posts.json 2015-01-23 21:22:19 -08:00
riking 1d24d8471e FEATURE: Latest posts endpoint at /posts.json 2015-01-23 21:16:03 -08:00
riking fb72e2665f PERF 🐎 Don't calculate preload data for non-xhr json requests
This will help out anyone querying as API instead of through a
browser.
2015-01-23 21:14:58 -08:00
Régis Hanol f7f5e39f75 FIX: Minor Admin bug with a setting when creating a new group 2015-01-23 20:31:48 +01:00
Régis Hanol 256519dddf FEATURE: automatic group membership based on email address 2015-01-23 18:25:43 +01:00
Robin Ward b3a2c0c45b SECURITY: The SSO `return_path` was an open redirect
This security fix needs SSO to be configured, and the user has to go
through the entire auth process before being redirected to the wrong host so
it is probably lower priority for most installs.
2015-01-22 12:20:17 -05:00
Régis Hanol e300945879 FEATURE: split group admin in 2 tabs (custom & automatic)
FIX: clear the user-selector when adding new members
2015-01-21 20:52:48 +01:00
Neil Lalonde 7412ff4da7 FIX: suspended users are logged out when they are suspended. Show a reason for suspension when they try to log in. 2015-01-19 12:37:02 -05:00
riking 1ab0d6bd82 FEATURE: Log username changes by staff
Also fix the tests for changing username
2015-01-17 02:26:12 -08:00
Régis Hanol 7a86abd105 Merge pull request #3084 from jmay/group-managers
table & model changes for group managers with permission to edit members
2015-01-16 12:02:38 +01:00
Robin Ward 987504c6ab Rename `no_js` layout to `no_ember`
While *sometimes* `no_js` was used for visitors without js (for example
disabling it on your browser) it was also used for some pages that were
disabled to JS capable browsers, including the 404 page.

Even worse, sometimes it was used on pages that *had* Javascript, such
as our `/activate-account` route. It has been renamed to `no_ember` to
indicate what it really is, a layout for the site that doesn't load our
Ember.js application.
2015-01-15 15:56:53 -05:00
Arpit Jalan c619aed8f9 💄 add username and date-time in exported file name 2015-01-16 01:39:46 +05:30
Jason W. May a2b284a0a4 table & model changes for group managers with permission to edit membership 2015-01-15 11:44:42 -08:00
Régis Hanol 6734a51b6a move SiteText.{head,top,bottom} to SiteCustomization 2015-01-14 12:15:53 +01:00
Robin Ward f3b72f5d96 Revert "move SiteText.{head,bottom} to SiteCustomization and remove redundant SiteText.top"
This reverts commit 6ee2849df6.
2015-01-12 20:21:22 -05:00
Régis Hanol 6ee2849df6 move SiteText.{head,bottom} to SiteCustomization and remove redundant SiteText.top 2015-01-12 19:59:43 +01:00
Régis Hanol c681b353f2 FEATURE: bookmark topic button 2015-01-12 12:10:15 +01:00
Robin Ward 0bc0bd7a21 Pass the `current_user` to the topic saved event 2015-01-08 17:29:11 -05:00
Robin Ward 74051a2df4 Allow plugins to build topic lists 2015-01-08 16:44:27 -05:00
Sam ea87f5fd8a FEATURE: support for filter=bookmarked and filter=liked in topic list 2015-01-07 18:20:10 +11:00
Sam 95f9788a77 FEATURE: add ?bookmarked=true for topic lists 2015-01-07 13:58:34 +11:00
Sam efc717c14a FEATURE: remove star concept from Discourse 2015-01-07 13:43:27 +11:00
Jeff Atwood 86c13ada44 fix a few places we were using /category vs /c 2015-01-06 15:56:07 -08:00
Robin Ward 704ac91a22 FIX: Broken spec 2015-01-06 17:06:24 -05:00
Robin Ward 5667478b4d A common, extensible interface for sending topic columns across the wire
This allows plugins to specify topic columns to serialize and save in
the database via the composer when creating topics and editing their
first posts.
2015-01-06 14:53:12 -05:00
Sam a99c3c3df9 FEATURE: allow users to persist customization with &sticky=true 2015-01-06 17:39:08 +11:00
Sam e6dba8adc2 SECURITY: don't echo the "strategy" param returned by auto provider 2015-01-06 16:28:45 +11:00
Régis Hanol e20078a9dc PERF: fix performance issue when displaying the user card for admins 2015-01-05 19:49:32 +01:00
Régis Hanol 060cda7772 FIX: proper handling of group memberships 2015-01-05 18:51:45 +01:00
Robin Ward 6f72f265cb A trigger when a topic is updated, adds a couple of custom field tests 2015-01-02 15:57:08 -05:00
Neil Lalonde 4c166942ad FEATURE: Invite admin api has an optional param send_email which can prevent sending an email to the invited user. The api will return the password reset url so that the caller can send an email with it instead. 2015-01-02 15:48:54 -05:00
Régis Hanol 9fcaf090ec Merge pull request #3068 from fantasticfears/category_slug
support setting category slug
2015-01-02 11:55:27 +01:00
Arpit Jalan bfe95966b4 better filenames for export 2015-01-02 15:30:50 +05:30
Robin Ward 35edfb5b91 FIX: Don't truncate groups. @ZogStrIP we need to create a better fix for
this in the new year.
2014-12-31 12:58:50 -05:00
Arpit Jalan 78537aad39 FIX: rate limit user posts export 2014-12-31 00:54:23 +05:30
Erick Guan 1e166d89ff support setting category slug 2014-12-30 03:14:54 +08:00
Robin Ward 1055fc0919 Merge pull request #3021 from jmay/custom-category-slug
optional custom value for category slug (create and update)
2014-12-29 10:34:23 -05:00
Arpit Jalan 68e66f3a25 Rename CsvExportLog to UserExport 2014-12-28 22:31:12 +05:30
Régis Hanol 9932bea7ce FEATURE: default emoji override 2014-12-25 17:58:15 +01:00
Arpit Jalan 7c7474aa10 create a new table to maintain csv export log 2014-12-24 16:25:36 +05:30
Arpit Jalan bb152a5b3f FEATURE: download user posts archive 2014-12-24 15:13:48 +05:30
Sam 5b844f5320 FEATURE: more than 1 site customization can be enabled at once
FIX: more robust site customizations

Rewrote site customization to use distributed cache and a much cleaner
css delivery mechanism
2014-12-23 13:03:48 +11:00
Sam ba68eee20b FIX: stable ordering for site customisations 2014-12-23 13:03:48 +11:00
Sam f23eb475a4 FEATURE: remove override stylesheet option, too confusing 2014-12-23 13:03:48 +11:00
Régis Hanol 45dbdb6896 FEATURE: custom emojis 2014-12-23 01:12:26 +01:00
Robin Ward 9bb2ab6265 Merge pull request #3034 from fantasticfears/filter_system_user
disable sending email or show presence when forgot system user password
2014-12-19 16:52:01 -05:00
Erick Guan ceca85c9eb use system user helper and constant when it's referred 2014-12-18 18:21:14 +08:00
Régis Hanol f5317a519f Merge pull request #3035 from oblakeerickson/update_username_return_json
Update username should return a json response
2014-12-17 11:23:33 +01:00
Régis Hanol cdbee4f5d9 Merge pull request #3045 from techAPJ/patch-2
FIX: redirect client to the original url after logging in for private in...
2014-12-17 11:21:56 +01:00
Arpit Jalan 9f8e73303a FIX: redirect client to the original url after logging in for private instances 2014-12-16 13:19:26 +05:30
Robin Ward b1bc4741b1 FEATURE: Load fewer topics in the topic list on slow platforms (Android) 2014-12-15 11:54:26 -05:00
Robin Ward 2d6b15a34d Load fewer posts when the android platform is detected 2014-12-12 11:47:39 -05:00
Arpit Jalan 42cbe6ef2a FEATURE: export csv for all the logs 2014-12-11 23:33:26 +05:30
Blake Erickson 02ade72ceb Update username should return a json response
- Have update username return json response that contains the updated
  username and id. I figured this would be better than just return "OK".
- Add test to verify that the new username is returned.
2014-12-10 09:43:16 -07:00
Erick Guan 9937af7ac4 disable sending email or show presence when forgot system user password 2014-12-10 14:17:56 +08:00
Blake Erickson 1d0eccf710 Have activate user return json
- Change activate user from admin controller to return json
- Test that it returns json
- Remove unnessary test from log_out spec

This commit was created so that when you activate a user through the api
it returns a json response.
2014-12-08 11:16:57 -07:00
Sam fdecd69228 Merge pull request #3026 from oblakeerickson/legacy_avatar
Remove legacy avatar code
2014-12-08 11:03:55 +11:00
Lourens Naudé fb60daa867 Introduce support for dumping Rails process heap at the end of a benchmark run 2014-12-07 22:55:37 +00:00
Blake Erickson e9e88c9b82 Remove legacy avatar code
- Remove method that was only left around because the
  [api](https://github.com/discourse/discourse_api/pull/53) called it
- Modify test to use new route instead of legacy route

https://meta.discourse.org/t/legacy-route-for-avatars/22838/2
2014-12-07 06:13:14 -07:00
Régis Hanol dec881ac9d Merge pull request #3024 from oblakeerickson/avatar_return_json
Have pick_avatar return json.
2014-12-06 18:20:42 +01:00
Blake Erickson a61519eebf Have pick_avatar return json.
I'm working on writing a test in the discourse_api gem for uploading
avatars and the pick method needs to return a json response.

I also added a test to make sure json is returned.
2014-12-06 09:26:32 -07:00
Neil Lalonde 917a91eb40 FIX: permalink redirect support for url's with extensions in them, like .html and .php 2014-12-04 16:39:10 -05:00
Sam 4aa0d88c6c FEATURE: search private messages option 2014-12-04 13:50:36 +11:00
Jason W. May efa872e426 optional custom value for category slug (create and update) 2014-12-03 16:23:59 -08:00
Sam a8ff5fe97c Merge pull request #3002 from jmay/group-membership-api
use limit & offset for pagination of group members
2014-12-03 11:11:10 +11:00
Régis Hanol f226e4efc0 FIX: don't error out when updating a topic with no changes 2014-12-02 02:16:30 +01:00
Blake Erickson bdc92eec70 Have log_out method return json.
This commit helps improve the discourse_api experience so that we can
check the json response if it was a success or not. This commit also
checks that a 404 is sent instead of a 500 if a bad user_id is passed
in.
2014-12-01 06:03:25 -07:00
Régis Hanol 07211489f0 FIX: hide restricted profile info from TL0 users to anonymous in 'JS-off' page 2014-11-27 19:51:13 +01:00
Régis Hanol 5b90ceb71d FEATURE: rolls up 1.2.*.* IP ranges when number of entries > 10 2014-11-27 19:29:30 +01:00
Sam 800ae5265f Add admin and moderator state to sso provider 2014-11-27 12:24:37 +11:00
Robin Ward 257bde8e2b FEATURE: "Suspect" users list in admin. 2014-11-26 13:58:16 -05:00
Sam c10e3df012 FEATURE: implement SSO provider on Discourse so Auth can be farmed to it
FEATURE: pass return_sso_url to SSO endpoints, for easier return
2014-11-26 17:26:27 +11:00
Jason W. May adb570fe53 use limit & offset for pagination of group members 2014-11-24 12:12:48 -08:00
Robin Ward d3510bff04 Merge pull request #3001 from techAPJ/patch-1
FEATURE: add topic status namespace in RSS feed
2014-11-24 14:45:59 -05:00
Arpit Jalan 55e2126b1e FEATURE: add topic status namespace in RSS feed 2014-11-25 00:52:26 +05:30
Régis Hanol 7b0ae702e7 FEATURE: log a new staff action when rolling up banned IP addresses 2014-11-24 19:48:54 +01:00
Régis Hanol d3d517108d FIX: display total number of other accounts with the same IP address in the IP lookup dialog 2014-11-24 19:34:04 +01:00
Régis Hanol 7b1c001932 FIX: limit other accounts deletion to 50 accounts otherwise it'll feel too slow 2014-11-24 18:05:40 +01:00
Régis Hanol 1023191315 FEATURE: roll up function for 123.456.789.* ranges 2014-11-24 17:25:48 +01:00
Sam 1c498eb491 FEATURE: API endpoint for inviting an admin 2014-11-24 15:42:56 +11:00
Sam 9e1e3df6c9 FEATURE: Localize SSO error messages 2014-11-24 12:16:23 +11:00
Sam 490cd6f539 Merge pull request #2989 from jmay/group-admin-incremental
API addition: HTTP PATCH support for /groups/xxx: incremental membership changes
2014-11-24 11:50:51 +11:00
Sam d3b24b625b Add more SSO logging for failure conditions 2014-11-24 10:02:22 +11:00
Arpit Jalan 7455e81b31 sort screened IPs by match_count 2014-11-22 01:41:59 +05:30
Arpit Jalan 515882d224 FEATURE: export screened IPs list in a CSV file 2014-11-22 00:59:48 +05:30
Jason W. May 6f8119ebb8 Merge branch 'master' into group-admin-incremental 2014-11-21 10:04:05 -08:00
Jason W. May 98404d19c5 check that `changes` param is present 2014-11-21 10:03:29 -08:00
Sam d53b4ab5bc Merge pull request #2979 from techAPJ/patch-1
FEATURE: log out user everywhere and refresh/redirect
2014-11-21 16:59:44 +11:00
Régis Hanol b8d806ee07 FEATURE: delete all accounts from this IP in the IP lookup modal 2014-11-20 19:59:20 +01:00
Jason W. May 50de22801f API addition: HTTP PATCH support for /groups/xxx: incremental membership changes 2014-11-20 09:29:56 -08:00
Sam 6b10c4dc54 add support for hidden api keys, used in hosting scenarios 2014-11-20 15:38:20 +11:00
Robin Ward 87cd5dbcb7 Merge pull request #2985 from techAPJ/patch-3
remove /download from csv file url
2014-11-19 14:10:34 -05:00
Arpit Jalan aebf36c356 remove /download from csv file url 2014-11-20 00:34:38 +05:30
Arpit Jalan c84b51d4ae FEATURE: show exact error for test email 2014-11-19 22:58:59 +05:30
Arpit Jalan eb9eada894 FEATURE: log out user everywhere and refresh/redirect 2014-11-19 12:34:34 +05:30
Régis Hanol 9c1341b554 FIX: limit the number of group members returned for automatic groups 2014-11-18 12:13:45 +01:00
Régis Hanol f18d30f1d7 FIX: don't limit the number of group members returned to the front-end (UI needs some work for large groups) 2014-11-18 12:09:37 +01:00
Jeff Atwood 75b5b27f78 we don't need this /popular redirect any more 2014-11-17 16:40:23 -08:00
Régis Hanol 7bb9a839e5 fix the build (again) 2014-11-17 16:06:43 +01:00
Régis Hanol dd9c475ea0 FIX: changing category within edit grace period as TL3 pops up an error 2014-11-17 15:57:45 +01:00
Régis Hanol 7641d88224 FEATURE: new 'maximum new user accounts per registration IP' site setting 2014-11-17 12:04:29 +01:00
Sam c7bc692f40 PERF: stop querying banner topic on every page hit 2014-11-14 15:39:17 +11:00
Sam 4fc3834dd6 FEATURE: allow inline disposition on uploads
when linking an upload allow ?inline=1 to display upload inline
2014-11-13 08:50:55 +11:00
Régis Hanol a036ac7bdc FIX: users can see the raw email source of their own posts 2014-11-12 14:49:42 +01:00
Régis Hanol ec76be964e UX: better footer handling 2014-11-10 21:51:55 +01:00
riking d7a4e39e1d FEATURE: ?include_raw parameter for /t/id/posts.json
include_raw is not added for the wordpress view because it uses the
BasicPostSerializer, and is not a one-line change.

This is the only use of the TopicViewPostsSerializer class, and the
previous change covered the only use of the TopicViewSerializer class.
No other locations include the PostStreamSerializerMixin. Therefore,
this feature is most likely complete.
2014-11-07 07:28:07 -08:00
Régis Hanol bb2d538194 FEATURE: log impersonations 2014-11-06 10:58:47 +01:00
Robin Ward fde5e739c9 Work in progress (up till about?) 2014-11-05 12:39:25 -05:00
Robin Ward c9eb809dad FIX: The text to users who signed up when approval was required was
misleading.
2014-11-04 15:48:03 -05:00
Sam 8432acf0af Merge pull request #2938 from riking/include_raw
Add ?include_raw parameter to topic views
2014-11-04 14:26:35 +11:00
Régis Hanol fd5677808c SPEC: make sure digest doesn't pick any topics in categories that are muted 2014-11-03 16:57:50 +01:00
Régis Hanol b09ad87098 FIX: add 'show emails' button from moderators in user admin section 2014-11-03 12:46:08 +01:00
riking 6a946712b3 Add ?include_raw parameter to topic views 2014-11-01 14:32:18 -07:00
Sam bd78fca121 Merge pull request #2908 from cpradio/pr-dismiss-posts-topics-on-category
FEATURE: Show dismiss posts/topics buttons on category filtered lists
2014-10-31 11:34:53 +11:00
Robin Ward 572842721d FIX: Better page titles for SEO 2014-10-30 14:26:56 -04:00
Robin Ward 316f1bea04 SECURITY: Don't allow redirects with periods in case you don't control
other tlds on the same domain.
2014-10-30 11:31:44 -04:00
cpradio 50f7fbc361 Apply comment from @sam to consolidate logic 2014-10-30 10:19:49 -04:00
Sam 59cc2476a1 Merge pull request #2933 from techAPJ/patch-1
trivial update to allow api endpoint for sync_sso
2014-10-30 21:39:54 +11:00
Arpit Jalan fb750af659 trivial update to allow api endpoint for sync_sso 2014-10-30 15:30:44 +05:30
Régis Hanol 6e053942a4 FIX: moderators should be able to search users by email 2014-10-29 22:08:41 +01:00
Régis Hanol 865194f409 FIX: cannot show email for pending/inactive users 2014-10-29 01:07:27 +01:00
Sam 7d6d8bd0a3 FEATURE: admin end point to sync sso /admin/users/sync_sso
Must be admin to invoke (api is fine too), uses same sso payload nonce is ignored
2014-10-28 11:25:21 +11:00
Régis Hanol e7f251c105 LOTS of changes to properly handle post/topic revisions
FIX: history revision can now properly be hidden
FIX: PostRevision serializer is now entirely dynamic to properly handle
hidden revisions
FIX: default history modal to "side by side" view on mobile
FIX: properly hiden which revision has been hidden
UX: inline category/user/wiki/post_type changes with the revision
details
FEATURE: new '/posts/:post_id/revisions/latest' endpoint to retrieve
latest revision
UX: do not show the hide/show revision button on mobile (no room for
them)
UX: remove CSS transitions on the buttons in the history modal
FIX: PostRevisor now handles all the changes that might create new
revisions
FIX: PostRevision.ensure_consistency! was wrong due to off by 1
mistake...
refactored topic's callbacks for better readability
extracted 'PostRevisionGuardian'
2014-10-27 22:06:43 +01:00
Sam 1cc37e32b9 FEATURE: add max_reply_history to limit number of replies
that can be expanded, when clicking "in-reply-to"
2014-10-27 09:44:42 +11:00
cpradio c6e54741bb Apply comments from eviltrout, using this.get('category.id'), and use snake case for category_id 2014-10-24 17:01:28 -04:00
cpradio 439f393d89 Show dismiss posts/topics buttons on category filtered lists 2014-10-23 17:41:39 -04:00
Régis Hanol de415b804c FIX: add 'Content-Length' header for avatars 2014-10-22 15:39:51 +02:00
Sam 832655df14 attempt to get content length through 2014-10-21 16:17:13 +11:00
Sam 4e7057efb1 Clean up content type and add Expires header when serving CDN assets 2014-10-21 15:59:34 +11:00
Robin Ward 71f211f0b3 FEATURE: Allow users to select a badge with an image to appear on their
user card
2014-10-20 16:35:38 -04:00
Robin Ward 1cf4a0d604 Rename "User Expansion" to the much clearer "User Card" 2014-10-20 12:11:59 -04:00
Régis Hanol 10094a0bcd FIX: resolve flags as good when deleting a spam user 2014-10-20 16:59:06 +02:00
Sam 8efee0d03d don't use Markdown 2014-10-18 17:17:38 +11:00
Jeff Atwood 92b615b503 reorganize site settings a bit 2014-10-19 23:14:50 -07:00
Sam 742c5e29c9 FEATURE: advanced search help 2014-10-18 14:27:33 +11:00
Régis Hanol c59e56ec63 Merge pull request #2882 from techAPJ/patch-1
FEATURE: show raw email for replies/topics created via email
2014-10-18 21:16:17 +02:00
Arpit Jalan 72873b8368 further optimize raw email feature 2014-10-18 00:50:02 +05:30
Robin Ward 0cbdf6f5bb FIX: Many bugs with admin badges interface
* Editing a badge's title would show it as changed in the side even if
  you didn't hit save

* Clicking a badge would not scroll to the top

* If there was an error saving a badge there was a missing i18n key

* URLs were using queryParams instead of paths

* User `label` tags for checkboxes for larger click targets

* Saved! text would persist when viewing another badge

* After creating a new badge it would show nothing

* Validation errors were not being properly released to the client

* Query errors were surrounded by an extra array
2014-10-17 16:14:49 -04:00
Robin Ward f3a67a48a3 Merge pull request #2874 from cpradio/clear-notifications
FEATURE: Mark All as Read button for Notifications page
2014-10-16 15:57:19 -04:00
Robin Ward 4d465362b5 FEATURE: Allow a user to upload an image for their expansion background. 2014-10-16 15:05:36 -04:00
Robin Ward d2ac5a9ac6 Rename `/category/xyz` paths to `/c/xyz` -- @SamSaffron did most of the
work even though I'm merging the patch!
2014-10-16 12:15:31 -04:00
cpradio 8f390c979b FEATURE: Mark All as Read button for Notifications page
Added a Mark All as Read button to the top/bottom of the notifications user page
https://meta.discourse.org/t/possibility-to-selectively-or-completely-mark-notifications-as-read/20227

Remove notifications property (no longer used)
2014-10-13 06:31:27 -04:00
Robin Ward 2322586131 FIX: Saving a field as not required was actually making it required
until you edited it.
2014-10-14 17:21:34 -04:00
David McClure 19d5362c6b FEATURE: ability to hide or show specific post revisions 2014-10-14 07:19:45 -07:00
Régis Hanol 5504622c1b rename export/import in favor of backup/restore for better consistency 2014-10-10 20:04:07 +02:00
Régis Hanol 5754e8dd0f FEATURE: auto-close topics based on last post 2014-10-10 18:21:44 +02:00
Régis Hanol 7e8c4b63f4 FIX: only show agreed abd deferred flags on user's profile 2014-10-09 16:10:16 +02:00
Robin Ward f9a8f6d6ce FEATURE: Support for a `required` setting on user fields. 2014-10-08 15:10:19 -04:00
Robin Ward 1f26a79899 FIX: Category latest pages were not preloading properly, causing weird
refreshes when clicking the home logo.
2014-10-08 12:45:18 -04:00
Sam 0e7be81e60 FIX: badge granted titles were not being revoked when badge was revoked 2014-10-08 10:26:18 +11:00
Robin Ward 2fbfc9dffa FIX: Editing a topic's title should be rate limited too. 2014-10-07 16:46:01 -04:00
Robin Ward 1252e7324f Added easy impersonate route while in development mode 2014-10-07 12:25:50 -04:00
Régis Hanol c46b9c0ac3 FIX: allow admins to search users by email 2014-10-07 12:05:38 +02:00
Arpit Jalan 78fd99fc40 Feature: resend invites 2014-10-07 01:43:17 +05:30
Neil Lalonde 90771937f0 FIX: broken external auth 2014-10-03 16:15:00 -04:00
Neil Lalonde ebf46450bc Refactor omniauth_callbacks_controller for extensibility 2014-10-03 11:02:04 -04:00
Robin Ward 381814fd5d Adds support for a description to user fields. 2014-10-02 15:56:52 -04:00
Sam 29bb9eaa89 Merge pull request #2835 from techAPJ/patch-2
add user email on account created page
2014-10-02 17:29:26 +10:00
Arpit Jalan 41af2d79b5 add user email on account created page 2014-10-02 12:43:44 +05:30
Régis Hanol 98b6b9821a FEATURE: log topic/post deletions from staff members 2014-10-01 17:40:13 +02:00
Robin Ward be93f224a6 Revert "add user email on account created page"
This reverts commit 164fc1108a.
2014-10-01 10:30:26 -04:00
Arpit Jalan 164fc1108a add user email on account created page 2014-10-01 13:53:50 +05:30
Robin Ward 8b5a1cd20f Migrate `tosAccepted` to new user fields 2014-09-30 10:45:18 -04:00
Robin Ward edb34c178a FEATURE: Show user fields when the user is signing up 2014-09-30 10:45:18 -04:00
Sam 0fc6c751cb FEATURE: implement lock/unlock trust level mechanics 2014-09-30 13:16:34 +10:00
riking bff95a6a97 Rename 'leader' -> 'tl3' 2014-09-30 13:16:34 +10:00
riking c8111ada6e FEATURE: Allow admins to lock users from TL3 promotion/demotion
Also, update the display logic for the leader promotion screen to
account for the demotion grace period.
2014-09-30 13:15:13 +10:00
Régis Hanol 7e309a21cf FEATURE: hide emails behind a button for staff members 2014-09-29 22:31:05 +02:00
Régis Hanol 652cc3efba FEATURE: new rake task to clean up uploads & thumbnails 2014-09-29 18:31:53 +02:00
Robin Ward 0fc0533134 FEATURE: Admin interface for adding custom fields for users 2014-09-25 16:17:51 -04:00
Sam a901d682fe raise not found if user is not found 2014-09-25 17:45:45 +10:00
Sam 8f8ea735ee FIX: allow retry activation of account by username or password 2014-09-25 17:42:48 +10:00
Sam e14e8f64bc FIX: don't stop youtube when liking a post
Also fixes post action create/destroy api not to include post raw.
2014-09-25 12:02:41 +10:00
Sam d53e01619f SECURITY: rate limit user/password login 2014-09-25 10:06:44 +10:00
Régis Hanol bfdbb70b3b FIX: automatic backup uploads to S3 when using a region 2014-09-24 22:52:09 +02:00
Robin Ward bc53d48bd7 Renaming site contents to site text 2014-09-24 16:08:14 -04:00
Robin Ward d073b908a9 Merge pull request #2818 from techAPJ/patch-4
Trigger browser password manager after signing up
2014-09-23 15:43:31 -04:00
Arpit Jalan b3838c2c1c Trigger browser password manager after sigining up 2014-09-24 01:04:36 +05:30
Sam 58eabb03e5 FEATURE: api support for arbitrary unlinked assets
admins can set retain periods for assets
2014-09-23 16:50:17 +10:00
Sam 9428ad779f FIX: send content length with backups 2014-09-23 09:25:53 +10:00
Sam 7a4082cbad FIX: allow API to create users when invite_only is true 2014-09-23 09:06:19 +10:00
Régis Hanol 0b13f6572f FEATURE: staff option to unhide a post 2014-09-22 18:55:13 +02:00
Sam f625500792 lower band check as well 2014-09-22 17:11:04 +10:00
Sam 8c74255cbb FIX: 404 if we try to navigate to a non-existant page 2014-09-22 17:08:11 +10:00
Neil Lalonde c4e285f3ec SECURITY: rate limit change email requests 2014-09-18 10:48:56 -04:00
Robin Ward c16b8364ab FIX: Support ember app routing to topics with only slugs 2014-09-17 11:18:59 -04:00
riking 2c6d03f87f SECURITY: Limit passwords to 200 characters
Prevents layer 8 attack.
2014-09-12 12:07:11 -04:00
Robin Ward eb512f07a7 FIX: Spec failures for feeds related to enabling categories as default
page for anons when latest is deleted.
2014-09-11 15:30:41 -04:00
Régis Hanol e56fcf0c43 FEATURE: add 'rebake post' in post wrench menu 2014-09-11 16:04:40 +02:00
Sam 0f585bcdbe FIX: PM should never be allowed to have a category
FIX: TL3 should not be allowed to muck with PM titles
2014-09-11 17:39:34 +10:00
Sam 45e8337a29 FEATURE: renames forgot_password_verbose, forgot_password_strict 2014-09-11 15:53:29 +10:00
Sam 61bcde6284 FEATURE: inform users if forgot password works or not
FIX: flash dialog in forgot password often had wrong color

(this can be disabled by setting forgot_password_verbose to false)
2014-09-11 12:04:44 +10:00
riking b62699707d FIX: Unknown /posts/id.json should 404 2014-09-10 18:10:27 -07:00
Régis Hanol 18f8038015 FEATURE: add new 'convert to staff message' in post wrench menu 2014-09-10 23:08:33 +02:00
Neil Lalonde d15b609e0a FIX: support Permalink urls with query string 2014-09-10 13:58:52 -04:00
riking 69bc552054 FEATURE: Actually show more notifications
The "Show more notifications..." link in the notifications dropdown now
links to /my/notifications, which is a historical view of all
notifications you have recieved.

Notification history is loaded in blocks of 60 at a time.

Admins can see others' notification history. (This was requested for
'debugging purposes', though that's what impersonation is for, IMO.)
2014-09-09 16:29:08 -07:00
Régis Hanol 79030c874e FIX: allow staff members to restore withdrawn posts that are flagged 2014-09-09 20:26:40 +02:00
Régis Hanol eb34ecfc0c FEATURE: new 'prevent anons from download files' site setting 2014-09-09 18:41:13 +02:00
Robin Ward 56eda5abf9 FIX: Don't allow profile bios longer than 3k chars 2014-09-08 15:23:21 -04:00
Robin Ward 334e21a03a Revert "Revert "FEATURE: Can create warnings for users via PM""
This reverts commit 1c7559380c.
2014-09-08 11:11:56 -04:00
Robin Ward 1c7559380c Revert "FEATURE: Can create warnings for users via PM"
This reverts commit b0bfc1f93f.
2014-09-08 10:38:59 -04:00
Robin Ward b0bfc1f93f FEATURE: Can create warnings for users via PM 2014-09-08 10:27:06 -04:00
Arpit Jalan a597f1fa30 FEATURE: hide google search on 404 page for private instance 2014-09-06 15:26:46 +05:30
Neil Lalonde ca5f361d0a FEATURE: restrict admin access based on IP address 2014-09-05 12:06:01 -04:00
Sam 59d04c0695 Internal renaming of elder,leader,regular,basic to numbers
Changed internals so trust levels are referred to with

TrustLevel[1], TrustLevel[2] etc.

This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
Robin Ward 1e281a909e FIX: Prevent duplicate flags after undoing on the server side too. 2014-09-03 14:43:07 -04:00
Sam c6aab831ed Merge pull request #2741 from riking/badges_create_checks
FIX: Apply contract checks when first creating a badge
2014-09-03 22:19:09 +10:00
Sam 4f09d552ed FEATURE: increase search expansion to 50 results
refactor search code to deal with proper objects
use proper serializers, test the controllers
2014-09-03 12:13:25 +10:00
riking 3cf493eb4f FIX: Apply contract checks when first creating a badge 2014-09-02 19:09:51 -07:00
Robin Ward b04a52676e FIX: Don't show wrong flag choices after undo 2014-09-02 17:37:54 -04:00
Robin Ward abd84cd2a1 FIX: Redirect to Top was showing "latest" content because it was in the
preload store.
2014-09-02 12:29:22 -04:00
riking 1833b43ae2 FEATURE: Badge query validation, preview results, and EXPLAIN
Upon saving a badge or requesting a badge result preview,
BadgeGranter.contract_checks! will examine the provided badge SQL for
some contractual obligations - namely, the returned columns and use of
trigger parameters.

Saving the badge is wrapped in a transaction to make this easier, by
raising ActiveRecord::Rollback on a detected violation.

On the client, a modal view is added for the badge query sample run
results, named admin-badge-preview.
The preview action is moved up to the route.
The save action, on failure, triggers a 'saveError' action (also in the
route).

The preview action gains a new parameter, 'explain', which will give the
output of an EXPLAIN query for the badge sql, which can be used by forum
admins to estimate the cost of their badge queries.
The preview link is replaced by two links, one which omits (false) and
includes (true) the EXPLAIN query.

The Badge.save() method is amended to propogate errors.

Badge::Trigger gets some utility methods for use in the
BadgeGranter.contract_checks! method.

Additionally, extra checks outside of BadgeGranter.contract_checks! are
added in the preview() method, to cover cases of null granted_at
columns.

An uninitialized variable path is removed in the backfill() method.

TODO - it would be nice to be able to get the actual names of all
columns the provided query returns, so we could give more errors
2014-08-31 11:25:44 -07:00
Robin Ward 9062719480 Merge pull request #2720 from techAPJ/patch-3
FIX: do not redirect topic for JSON request
2014-08-29 13:59:45 -04:00
Robin Ward 926e45d030 SECURITY: User action route was returning too much data 2014-08-29 13:46:50 -04:00
Arpit Jalan 84d0b599a4 FIX: do not redirect topic for JSON request 2014-08-29 23:09:02 +05:30
Robin Ward 85c6eb9b08 SECURITY: Only redirect to our host by path on the login action 2014-08-28 17:45:13 -04:00
Neil Lalonde 14890a6002 FEATURE: add a way to map arbitrary urls to a topic, post, or category. Useful for sites that have migrated to Discourse and want to redirect from their old site to Discourse with 301 redirects. 2014-08-28 15:58:24 -04:00
Robin Ward 8a6c4234fc FIX: Re-enable searching for topic by id when using the split topic
interface.
2014-08-28 15:42:29 -04:00
Robin Ward 69cb5bc425 FIX: Centralize Top rendering, remove old code paths. Fix some bugs. 2014-08-28 14:34:31 -04:00
Robin Ward c9262a8390 FIX: Resend activation email was busted 2014-08-28 12:07:13 -04:00
Sam a1244043d3 FIX: when search finds a deep link in a topic it takes you to it 2014-08-28 17:16:39 +10:00
Robin Ward f10d6ed88a FIX: RSS feeds should use `created_at` not `bumped_at` 2014-08-27 12:42:54 -04:00
Robin Ward c820c65172 Merge pull request #2692 from riking/sorted_badges
Sort the badges on the user profile page
2014-08-25 15:56:27 -04:00
riking 99c11e2184 Sort the badges on the user profile page
Also clean up UserBadgesController so it isn't doing two things in one
method
2014-08-25 12:40:51 -07:00
Robin Ward ed125975a1 SECURITY: Prefix session key and validate token format. 2014-08-25 15:31:49 -04:00
Sam bcbe36a834 Merge pull request #2675 from amalagaura/patch-1
Fix min_trust_level for wordpress
2014-08-22 10:25:39 +10:00
Robin Ward c1aa2458f8 UX: Add drop down for top lists, big refactor of repeated code. 2014-08-21 16:08:47 -04:00
Régis Hanol 8a20d05ba5 FEATURE: backup without uploads 2014-08-20 18:53:58 +02:00
Ankur Sethi 43b5292303 Fix min_trust_level for wordpress
min_trust_level in the wordpress method was being set to 1 always, the order of the ternary operator was reversed.
2014-08-19 20:15:24 -04:00
Régis Hanol f2b0228164 FIX: unhide post when a moderator undos the flag on which s/he took action 2014-08-19 16:14:17 +02:00
Régis Hanol 5b3a758ba9 FIX: redirect old avatars to proper user_avatar route 2014-08-18 17:45:07 +02:00
Sam 8737ffb272 Merge pull request #2658 from akshaymohite/optimization-fixes
Not initializing variable for looping if unused in loop
2014-08-18 14:42:52 +10:00
Sam baaa3e0f9f FIX: #2664 it should be validates not validate
Thanks @chancancode
2014-08-18 14:40:54 +10:00
Sam b82726b029 FIX: incorrect redirection code 2014-08-18 12:35:31 +10:00
Sam e0a82d3088 FIX: rate limit password reset email 2014-08-18 10:55:30 +10:00
Akshay 6301a43d57 Not initializing variable for looping if unused in loop 2014-08-15 03:24:55 +05:30
Robin Ward 167f393a03 Merge pull request #2655 from techAPJ/patch-3
FEATURE: export user list
2014-08-14 17:19:49 -04:00
Arpit Jalan d0736a06b6 FEATURE: export user list 2014-08-15 01:46:57 +05:30
Akshay 7ef61144e7 Avoid using to_s when performing String Interpolation 2014-08-14 23:55:27 +05:30
Régis Hanol 6201b82a67 FIX: keep the post_number parameter when redirecting to proper slug 2014-08-13 22:19:41 +02:00
Robin Ward 9a1580244a FIX: Don't show profile pages for inactive users and don't show them in
search results.
2014-08-13 13:30:25 -04:00
Robin Ward c103398e9a First stab at About page 2014-08-11 16:59:15 -04:00
Robin Ward 21185617b0 Show the reason the topic couldn't be split rather than a generic error. 2014-08-11 14:43:19 -04:00
Régis Hanol e64d3b8a42 FIX: disagree flag should unhide hidden post 2014-08-11 10:48:00 +02:00
Sam 7d5c0ae28e FIX: broken and uneeded code 2014-08-08 09:07:51 +10:00
Régis Hanol 3ae1ebdfc3 FIX: use PostDestroyer when deleting/recovering a topic 2014-08-07 19:12:35 +02:00
Arpit Jalan b3926efebc convert space to plus for invite email parameter 2014-08-06 14:02:00 +05:30
Sam 0b01310c84 FIX: system badges where created under id 100 2014-08-06 10:51:39 +10:00
Robin Ward 06c681b0de Merge pull request #2617 from techAPJ/patch-2
FEATURE: dynamically load more invites
2014-08-05 12:54:06 -04:00
Arpit Jalan 4cd8abc905 FEATURE: dynamically load invites 2014-08-05 22:20:23 +05:30
Régis Hanol ec30086dea FEATURE: agree all the flags 2014-08-04 22:48:04 +02:00
Sam cb0ecd9ff1 PERF: store topic views in a topic view table
* cut down on storage of the work Topic, 3 times per row (in 2 indexes)
* only store one view per user per topic
* only store one view per ip per topic
2014-08-04 19:07:55 +10:00
Sam 03c8f09be8 PERF: finalize porting to new incoming links structure 2014-08-04 16:43:57 +10:00
Sam 0920c4bea6 PERF: reduce storage requirements for incoming links
Only store incoming links for topics.
2014-08-04 11:06:48 +10:00
Sam 6dbd6f7428 FIX: redirect to preserve json 2014-07-30 15:25:49 +10:00
Sam 5a3466a6c3 FIX: keep correct ordering on admin badges 2014-07-30 08:46:59 +10:00
Robin Ward ac4a33a656 FIX: Display proper error message when changing a trust level fails 2014-07-29 15:54:20 -04:00
Robin Ward 7cc4a157f6 Merge pull request #2603 from techAPJ/patch-1
FEATURE: allow staff to send multiple invites to same email
2014-07-29 14:58:39 -04:00
Arpit Jalan f571abfaaf FEATURE: allow staff to send multiple invites to same email 2014-07-30 00:13:11 +05:30
Sam 49d03cf14e FEATURE: support for /t/1234 2014-07-29 16:04:28 +10:00
Régis Hanol bddffa7f9a FEATURE: flag dispositions normalization
All flags should end up in one of the three dispositions
  - Agree
  - Disagree
  - Defer

In the administration area, the *active* flags section displays 4 buttons
  - Agree (hide post + send PM)
  - Disagree
  - Defer
  - Delete

Clicking "Delete" will open a modal that offer to
  - Delete Post & Defer Flags
  - Delete Post & Agree with Flags
  - Delete Spammer (if available)

When the flag has a list associated, the list will now display 1
response and 1 reply and a "show more..." link if there are more in the
conversation. Replying to the conversation will NOT give a disposition.
Moderators must click the buttons that does that.

If someone clicks one buttons, this will add a default moderator message
from that moderator saying what happened.

The *old* flags section now displays the proper dispositions and is
super duper fast (no more N+9999 queries).

FIX: the old list includes deleted topics
FIX: the lists now properly display the topic states (deleted, closed,
archived, hidden, PM)
FIX: flagging a topic that you've already flagged the first post
2014-07-28 19:28:07 +02:00
Sam 1a6aa07611 FEATURE: editable badge groups 2014-07-27 18:22:01 +10:00
Régis Hanol 3d6e2713d1 BUGFIX: login was broken when login was required 2014-07-26 23:16:08 +02:00
Neil Lalonde 5a33e6f00c Move FAQ, Terms of Service, and Privacy Policy into topics in the Staff category. First post of those topics will be rendered on their respective pages. Site settings and content are not used for these documents anymore. Translations of the default text is moved into the standard YML files. 2014-07-25 14:41:20 -04:00
Sam d47d323f29 FIX: corrupt avatar record causing 404 2014-07-25 15:26:43 +10:00
Sam 40af9ce612 FIX: do not store incoming links on avatars or uploads 2014-07-25 15:10:06 +10:00
Sam ec03d135fa FEATURE: allow advanced badge options in admin screen
clean up serializer, allow simplistic preview
2014-07-24 18:28:23 +10:00
Sam b9a7d945c3 Improve badge grouping UI
Start work on triggers
2014-07-23 11:43:17 +10:00
Sam c8284170ad FEATURE: badge grouping UI
FIX: not loading more badges on badge show page
2014-07-18 15:46:36 +10:00
Sam 1359a02128 Merge pull request #2532 from riking/sidekiq
Pass more context from Sidekiq jobs to Logster
2014-07-18 10:24:51 +10:00
riking 12cb682548 Start passing more context to Discourse.handle_exception 2014-07-17 14:11:56 -07:00
riking 19b757b058 FEATURE: Hide deleted posts by default for staff 2014-07-17 10:40:15 -07:00
Robin Ward f06f8abedd Merge pull request #2537 from ligthyear/group-member-management-on-user
Improved Group Member Management on User Administration
2014-07-17 11:00:05 -04:00
Sam bfb37054e8 Badge Grouping work in progress 2014-07-17 16:11:10 +10:00
Sam 189b1c729a FEATURE: query param for topic state 2014-07-17 09:29:09 +10:00
Sam 9468ebeb2e CHANGE: Mini Profiler only enabled for developers in prd 2014-07-17 08:34:41 +10:00
Robin Ward fb8dda7f42 FIX: We should use `category_id` instead of `category_name` to perform
operations, now that the subcategory names are not unique.
2014-07-16 15:40:35 -04:00
Régis Hanol 7dcf2a2c4f FEATURE: show the user's flagged/deleted posts 2014-07-16 21:04:55 +02:00
Neil Lalonde 939e8505a9 Remove hub username integration 2014-07-16 12:25:24 -04:00
Neil Lalonde 01a68f8cc7 Emails are case insensitive 2014-07-16 10:22:01 -04:00
Sam e347eea629 FEATURE: show user what badges they have 2014-07-16 17:55:08 +10:00
Robin Ward f2dd35ab08 Improve the unsubscribe to digest experience. Give a link in case it
fails, provide a different message if you are logged in as a different
user, increase expiry to 2 months from 1 week.
2014-07-15 17:20:59 -04:00
Robin Ward e20a8e6dea FIX: Allow users to unsubscribe to digests while not logged in if
`login_required` is set to true.
2014-07-15 16:47:26 -04:00
Robin Ward 6d7531f690 Merge pull request #2542 from techAPJ/patch-1
FEATURE: topic support in disposable invites
2014-07-15 15:15:19 -04:00
Robin Ward 4f416bf6ce Check honeypot/challenge value on activation too 2014-07-15 14:07:35 -04:00
riking 915f60b0fc Don't redirect to login when activating account... 2014-07-15 10:50:28 -07:00
Arpit Jalan 8862a881f8 FEATURE: topic support in disposable invites 2014-07-15 23:11:06 +05:30
Sam 2d0def9940 FIX: First Quote badge bust
Feature: track quoted posts
2014-07-15 17:47:24 +10:00
Neil Lalonde 766196af87 FEATURE: add site setting allow_new_registrations which can be used to block all new account registrations 2014-07-14 15:42:22 -04:00
Robin Ward cce7cf8c85 FEATURE: Require Javascript to activate an account via email link 2014-07-14 12:26:10 -04:00
Robin Ward c12780eb2b Merge pull request #2538 from techAPJ/patch-1
FEATURE: disposable invite tokens
2014-07-14 12:13:44 -04:00
Arpit Jalan 575b5e3d13 FEATURE: disposable invite tokens 2014-07-14 21:30:46 +05:30
Sam 4a2cc269ab FIX: allow selection of no title 2014-07-14 18:07:07 +10:00
Sam 88469721b9 FEATURE: Allow admins to disable specific badges 2014-07-14 17:40:36 +10:00
Sam 6618358586 FIX: dupe protection is API only now
make optional later on (was introduced for wordpress plugin)
2014-07-14 15:59:58 +10:00
Benjamin Kampmann ac3f1ba3d6 Improved Group Member Management on User Administration
Allows for a quick and easy group membership management on the
user-administration page. Uses the select2 UI component to
autosuggest other groups, remove existing ones and lock in automatic
groups.
2014-07-13 20:11:38 +02:00
riking 783454ebe1 Fix /p/post/user route not saving referrals
Make user id optional for /p/id/uid
Add /posts/id/raw route for debugging failed post processing
2014-07-11 14:44:07 -07:00
Sam 833c50c460 FEATURE: Read Faq badge 2014-07-11 17:32:29 +10:00
Neil Lalonde e565ae2528 FEATURE: /guidelines route will always show our FAQ, ignoring the faq_url site setting 2014-07-10 12:58:41 -04:00
Sam 27f85e5451 FIX: allow for subdirectorys for cdn assets 2014-07-10 17:29:38 +10:00
Sam 6019e3f257 FIX: remove hardcoding from middleware stack so we can control it 2014-07-10 17:01:21 +10:00
Sam 5032c96486 FIX: disable x accl redirect for CDN assets
We need to keep headers in tact
2014-07-10 16:32:46 +10:00
Sam 2f8d139ec0 BUGFIX: incorrect ordering in category permissions
FEATURE: UI for categories that we allow badges on
2014-07-10 12:02:16 +10:00
Sam 9ee93aad5b FIX: letter avatars to live in uploads directory, add last modified 2014-07-08 17:20:27 +10:00
Sam aca0aa8e56 FIX: missing last modified on avatars 2014-07-08 17:16:29 +10:00
Sam efd6bf1490 FIX: set last modified date on CDN assets 2014-07-08 14:48:20 +10:00
Régis Hanol 59b5ba7c0f BUGFIX: IP lookup wasn't working when using HTTPS
REFACTOR: the ip locator into a ip-lookup component
2014-07-07 22:18:18 +02:00
Neil Lalonde 5bcfb6ee38 FIX: don't show 'About category' topics on the 404 page 2014-07-04 16:18:17 -04:00
Régis Hanol 609d1e05cd FEATURE: optimize the hell out of letter avatars 2014-07-04 13:27:17 +02:00
riking 0d4163e0a2 FEATURE: Nice error handling page 2014-07-03 07:52:14 -07:00
Sam 5a28609afc FIX: listable badges need more logic 2014-07-03 20:34:26 +10:00
Sam 6bbb083d47 FEATURE: support "unlisted" badges. 2014-07-03 17:44:36 +10:00
Sam db34b534e6 Merge pull request #2494 from techAPJ/bulk-invite-4
FEATURE: support txt file to be uploaded for bulk invite
2014-07-03 17:33:16 +10:00
Sam 9a9ad9bda8 FEATURE: Badge progress
- Refactor model so it stores backfill query
- Implement autobiographer
- Remove sample badge
- Correct featured badges to only include a badge once
2014-07-03 17:29:44 +10:00
Robin Ward 462dcadd01 FEATURE: Subcategory list on parent subcategory page. 2014-07-02 16:47:43 -04:00
Arpit Jalan 85ba55dc26 FEATURE: support txt file to be uploaded for bulk invite 2014-07-02 19:21:15 +05:30
Sam 5a0aed2bfa FIX: regression, forgot password broken
also... mocks were invented by the devil
2014-07-02 13:06:55 +10:00
Robin Ward e22688a204 FEATURE: Can upload images to categories 2014-06-30 14:14:00 -04:00
Robin Ward 9000c358d1 REFACTOR: Use common path for RESTful `DELETE` action from upload image
component
2014-06-30 14:13:59 -04:00
Robin Ward 4088fba4f2 REFACTOR: Convert profile background uploader to be an ember component 2014-06-30 14:13:59 -04:00
Sam 90d7718103 add search filter 2014-06-30 17:18:08 +10:00
Vikhyat Korrapati 2e52f795ea Backend changes to support improved badge pages. 2014-06-28 01:24:00 +05:30
Régis Hanol c0cd109e9d TRIVIAL: code formatting 2014-06-26 19:50:29 +02:00
Andrew Bezzub 386d1e231a move profile_background from User to UserProfile 2014-06-26 12:30:07 -04:00
Sam 39b5539ba8 BUGFIX: downcase slugs 2014-06-25 11:36:17 +10:00
Robin Ward 8a4e96645c FEATURE: Can click to expand hidden posts to see the good stuff! 2014-06-20 17:07:12 -04:00
riking 2d5f667160 Make ?preview-style make sense
New behavior:
?preview-style=(sha) -- see that stylesheet
?preview-style= -- see the currently selected stylesheet
?preview-style=default -- see the default stylesheet ("rescue mode")
2014-06-20 09:06:36 -07:00
Vikhyat Korrapati 41ecba1b77 Mark badge notification as read when the notification is clicked. 2014-06-19 16:56:19 +05:30
Vikhyat Korrapati e0fd1f6f5e Add ability to specify custom font awesome icon for badges. 2014-06-19 16:56:18 +05:30
Vikhyat Korrapati 67a2b2598d Cosmetic changes. 2014-06-19 16:56:18 +05:30
Robin Ward 42c7ad4670 FIX: build broke, also escaping issue on poster name 2014-06-18 17:47:31 -04:00
Robin Ward 60cb5ea6a9 FIX: If a user is deleted, don't break embedded comments for admins. 2014-06-18 17:39:36 -04:00
Neil Lalonde ad2bd11d6e Add a way to get user based on sso external id 2014-06-18 14:40:25 -04:00
Régis Hanol 00117c18c3 FEATURE: dismissable banner topic 2014-06-18 20:05:19 +02:00
Régis Hanol 30611c343c ensures only one banner topic at all time 2014-06-18 20:05:18 +02:00
Régis Hanol 5238a95efb add make/remove banner topic actions 2014-06-18 20:05:18 +02:00
Sam 9007d96466 Merge pull request #2425 from vikhyat/read-notifications-silently
Allow reading notifications without marking them as read
2014-06-18 08:09:07 +10:00
Vikhyat Korrapati 9b89b1466f Allow reading notifications without marking them as read. 2014-06-17 23:34:04 +05:30
Sam 56dcd00570 BUGFIX: trust_level_0 group not including trust_level_1
BUGFIX: manual trust level change not adding user to groups
BUGFIX: system not in correct trust level groups
2014-06-17 10:52:02 +10:00
riking 6e698315d6 Allow all /my URLs
Previously, URLs like /my/activity/posts were denied. This change allows those URLs.
2014-06-14 10:58:20 -07:00
Sam 76166567fb Use the cheap Defer queue as opposed to sidekiq for view tracking. 2014-06-12 11:29:29 +10:00
Sam 8c7363bdd5 BUGFIX: not clearing blue notifications correctly when you have a PM 2014-06-12 10:50:41 +10:00
Régis Hanol 0781531e3c Merge pull request #2415 from techAPJ/bulk-invite-users-5
FEATURE: Bulk Invite
2014-06-10 19:11:11 +02:00
Neil Lalonde c61462662b Add ability to run validation on site settings. notification_email and other email address settings are now validated. 2014-06-09 16:59:20 -04:00
Arpit Jalan 727184641e FEATURE: Bulk Invite 2014-06-09 01:43:39 +05:30
Sam Saffron d97ceb1d72 FEATURE: log_out endpoint for admins 2014-06-06 13:02:52 +10:00
Benjamin Kampmann 6b3d5c7348 add min_posts, max_posts to filter the topic list queries
superseeds #2412
2014-06-05 15:30:24 +02:00
Sam f1a28d62a3 FEATURE: support registration of custom html by plugins 2014-06-05 11:39:33 +10:00
Régis Hanol 0df666277d BUGFIXES: properly deal with bookmarks and deleted posts
BUGFIX: removing a bookmark from the activity feed was busted for deleted posts
BUGFIX: delete associated user actions when deleting a post
2014-06-04 17:41:11 +02:00
Sam 9e9c41ac52 FEATURE: admins can clear screend emails if needed 2014-06-02 16:53:00 +10:00
Sam 7312ee699b BUGFIX: allow static assets (avatars) for sites that require login 2014-06-02 13:13:06 +10:00
Sam 91b6459f2b BUGFIX: allow users to pick no avatar 2014-05-30 14:45:55 +10:00
Sam fa6f22dd39 Move letter avatars out of upload system
FIX: S3 issues around system avatars
FIX: reduced backup file size
2014-05-30 14:45:55 +10:00
Sam fe594f5d1e Merge pull request #2372 from vikhyat/badge-system
Multiple grant badges
2014-05-30 10:18:00 +10:00
Catrin 772a304fc2 dropdown on categorypage 2014-05-29 18:18:27 -04:00
Sam 5adc486cef BUGFIX: missing avatars in topic map
Cleanup uneeded column
2014-05-29 14:59:14 +10:00
Sam 50a0c1a751 BUGFIX: fix redirect, correct multisite 2014-05-28 00:15:09 +10:00
Sam 0c86d9ed9e BUGFIX: proper multisite support for origin pull CDNs 2014-05-27 23:13:42 +10:00
Sam 18bdc4e63e Add DoS protection to action 2014-05-27 22:29:27 +10:00
Sam Saffron 252e93d0f2 BUGFIX: support CDN for avatars
Correct broken spec
Implement S3 support
2014-05-27 14:40:46 +10:00
Sam 504cfcff96 Fix specs for avatars
Implement avatar picker
Correct avatar related jobs
2014-05-27 10:08:03 +10:00
Sam 6c1c8be794 Work in progress, keeping avatars locally
This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom)

user can then pick which they want.
2014-05-27 10:08:03 +10:00
Robin Ward b1d2aba0f3 Clean up notifications if a user can't see a topic 2014-05-26 13:26:46 -04:00
Sam 7fbf162666 Logster update
cleans up a bunch of messed up context stuff with multisite
improves backtraces
adds request params
2014-05-25 13:54:52 +10:00
Neil Lalonde 742841ddce Add Google Oauth2 authenticator. The current Google OpenID authentication has been deprecated by Google and will NOT work for any new websites. 2014-05-21 18:35:10 -04:00
Vikhyat Korrapati d208e4d517 Multiple grant badges. 2014-05-21 12:54:55 +05:30
Robin Ward 6dd1880f1f FIX: More safety when displaying link counts on blogs 2014-05-20 15:20:33 -04:00
riking 41332ab7ad Allow anonymous to see raw posts 2014-05-19 23:33:27 -07:00
Sam c1776fa1ae Merge pull request #2360 from vikhyat/badge-system
Badge system updates
2014-05-20 08:24:26 +10:00
Vikhyat Korrapati 4de700b49b Change badge user list limit to 96 so that it is divisible by 8. 2014-05-19 10:32:59 +05:30
Sam 832a730e36 BUGFIX: re-enable CDN js debugging in a robust way
May be disabled if needed via site setting
2014-05-19 08:46:28 +10:00
Neil Lalonde 27cbc06563 Add fixed_category_positions site setting to handle whether categories are ordered by specified positions or by activity. 2014-05-16 11:33:52 -04:00
Neil Lalonde c4d3aa3d47 Theming: a UI to choose some base colors that are applied to all the site css. CSS compiled outside of asset pipeline. 2014-05-14 10:18:12 -04:00
Régis Hanol 3fde28e108 BUGFIX: correctly auto-select /top time range when filtering on a category 2014-05-14 11:49:50 +02:00
Sam ca4c72e648 BUGFIX: 500 error on some invalid uploads 2014-05-14 10:51:09 +10:00
Neil Lalonde 6e0eb89697 Don't show suspended users in autocomplete fields unless you are staff 2014-05-13 11:44:15 -04:00