Commit Graph

267 Commits

Author SHA1 Message Date
Robin Ward 1363988cd7 Support for an HTML builder that can create dynamic HTML 2017-04-17 17:32:55 -04:00
Guo Xiang Tan 04016f0dec Support Ruby 2.4. 2017-04-15 12:29:00 +08:00
Sam ed2e62f845 correct environment handling for test mode 2017-04-14 14:00:46 -04:00
Sam def7348777 FIX: display custom sections with default theme
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
Sam a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Sam Saffron 0013a23dc1 SECURITY: prefer render plain/html to render text where possible 2017-04-10 08:01:42 -04:00
Robin Ward 3839206317 FIX: Return JSON errors for `by-external` if JSON requested 2017-04-04 16:22:14 -04:00
Guo Xiang Tan 1d4993a185 FIX: Sync user's notification channel before preloaded current user data.
This is to fix the problem where a newly created user would not
receive live updates for the first notification if the notification
is published before the client has subscribed to the channel.
2017-03-20 17:17:21 +08:00
Victor van Poppelen 9e60f9f093 JSON API parsing error on CSRF exception: single quotes in ['BAD CSRF'] is invalid JSON:
https://meta.discourse.org/t/json-api-parsing-error-single-quotes-used-for-errors-like-bad-csrf/58869
2017-03-16 16:47:18 -07:00
Régis Hanol fdf749770b remove unecessary '.limit(1)' 2017-02-24 12:56:13 +01:00
Sam f15f61da0a FEATURE: add immutable caching to rails site of things 2017-02-23 13:05:00 -05:00
Sam 1935f624b8 FEATURE: reset active record cache in sidekiq if needed
This can happen in multisite environments after restores
2017-02-17 12:09:53 -05:00
Sam e0ff57ca75 SECURITY: prevent reuse of password reset 2016-12-19 18:00:22 +11:00
Sam 6ff309aa80 SECURITY: don't grant same privileges to user_api and api access
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Guo Xiang Tan 81d333289e FIX: Return 503 when in readonly mode. 2016-12-07 14:04:42 +08:00
Sam 1db9d17756 Make removal of topic columns more resilient to deploys 2016-12-05 12:11:46 +11:00
Sam c04d4171ff FIX: whisper no longer experimental
- Regular users are not notified of whispers
- Regular users no longer have "stuck" topics in unread
- Additional tracking for staff highest post number
- Remove a bunch of unused columns in topics table
2016-12-02 17:03:31 +11:00
Guo Xiang Tan d95fbd89d0 Enable miniprofiler in development automatically. 2016-11-29 10:59:10 +08:00
Sam 63d9d4f301 FIX: properly specify default on no cache on all resources 2016-11-15 17:00:44 +11:00
Sam 6031e692f0 Merge pull request #4366 from xfalcox/print
Print Support
2016-10-11 11:47:20 +11:00
Neil Lalonde 600b23c0a4 FIX: permalink redirects should work on tag paths 2016-10-04 12:01:42 -04:00
Rafael dos Santos Silva c12e533273 Feature: Adds a button to print a topic 2016-09-26 20:44:50 -03:00
Robin Ward 7f66cf618c FIX: You should be an admin to do the wizard 2016-09-22 11:12:51 -04:00
Robin Ward 29cf47cfb2 Track steps the user has completed, nag them to finish it. 2016-09-22 09:52:19 -04:00
Sam 75f3f7fcbd FEATURE: clean API method for reading a single notification 2016-09-16 16:14:15 +10:00
Sam eaf87f0770 FIX: correctly handle api key so it uses current user provider 2016-08-26 10:39:13 +10:00
Sam df535c6346 FEATURE: refresh session cookie at most once an hour
This feature ensures session cookie lifespan is extended
when user is online.

Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Guo Xiang Tan 5fed886c8f FIX: Update post replies when we move posts. (#4324) 2016-07-13 17:34:21 +02:00
Guo Xiang Tan e221414935
PERF: Remove N+1 queries on user messages page. 2016-06-29 09:30:54 +08:00
James Cook c0e25b5a9a Replace certain uses of 'gsub' with 'tr' or 'chomp' for a speed
improvement
2016-06-10 22:08:37 -05:00
Robin Ward 4180e207c3 FIX: Crazy large ids should not raise exceptions 2016-03-23 12:13:47 -04:00
Sam 84d234a98a Merge pull request #4076 from scossar/locale-from-header-setting
FEATURE: add site setting for setting locale from header
2016-03-17 07:53:20 +11:00
Robin Ward 06591022fe FEATURE: Generous badge 2016-03-15 16:08:29 -04:00
scossar 0cbeda8414 add site setting for setting locale from header 2016-03-14 16:18:19 -07:00
Sam Saffron 7598037080 Only pull in gem if it is being used, remove middleware 2016-03-04 23:17:14 +11:00
Régis Hanol 1135d2094a Merge pull request #4006 from scossar/set-locale-from-header
Feature: (WIP) Set locale from Accept-Language header
2016-03-04 09:12:30 +01:00
Sam 610954ecce Merge pull request #4035 from tgxworld/dont_return_500_when_plugin_is_disabled
Return 404 instead 500 when plugin is disabled.
2016-02-27 16:55:50 +11:00
scossar 0a396583ed set locale for anonymous from header
set locale on signup

update spec

add locale option
2016-02-26 13:45:00 -08:00
Guo Xiang Tan a3fa80847e Return 404 instead 500 when plugin is disabled. 2016-02-24 17:09:30 +08:00
Arpit Jalan d77511319e show monthly top topics on 404 page 2016-02-24 13:46:55 +05:30
Sam 4c0a40f2b0 FIX: publish notification state when notifications are read
(this clears green and blue bubbles)
2016-02-22 12:24:51 +11:00
Sam dd6ebde824 FIX: Always ensure notifications are treated as read once clicked
UX: improve messaging so notifications list is far more stable
PERF: improve performance of notifcation lookup queries

- Add feature "SetTransientHeader" that allows shipping info to server
   in the next Ajax request
- remove local storage hack used for notifications
- amend lookupStale to return hydrated objects, move logic into store
- stop magically clearing various notifications (likes, invitee accepted, group_summary, granted badge)
2016-02-15 19:29:47 +11:00
Régis Hanol 825a01cec3 fix the build 2016-01-15 12:34:28 +01:00
Régis Hanol c9c6b09f36 FIX: allow staff members to edit staged users preferences 2016-01-15 12:16:00 +01:00
Faisal Abbas f2480aa81f FIX: When 410 is received, display proper error message instead of generic. 2015-12-30 17:18:32 +05:00
Robin Ward d1ebb9d0b5 FIX: I18n Fallbacks were not applying correctly 2015-12-23 12:09:18 -05:00
Robin Ward de88be2fbc Support for "Only show overridden" in site text customization 2015-11-30 15:25:08 -05:00
Régis Hanol 16b3d26d7b allow staff members to view staged accounts user card/profile 2015-11-27 20:02:24 +01:00
Robin Ward 1506eba28d Support for overriding client side translation keys 2015-11-20 17:14:01 -05:00
Robin Ward 3720783c1b Refactor to our own Discourse I18n backend
This removes some monkey patches and makes testing easier.
It will also support database backed I18n changes.
2015-11-13 16:35:02 -05:00
Arpit Jalan 106cb9874a FIX: show 404 page when user is logged out and navigates to private message 2015-10-30 17:41:55 +05:30
Robin Ward db5379508e FIX: Don't show an anonymous cache if there is a flash 2015-10-28 15:12:05 -04:00
Sam 6f43b575a8 FEATURE: no need to cap new and unread together anymore
- leave unread alone
- cap new at 500 per site, with a site setting
2015-10-01 17:17:15 +10:00
Robin Ward 3620c8c85e Move descriptions for rate limiting errors into the exception 2015-09-24 13:52:46 -04:00
Sam 335be272ff FEATURE: implement capping of new/unread
We cap new and unread at 2/5th of SiteSetting.max_tracked_new_unread

This dynamic capping is applied under 2 conditions:

1. New capping is applied once every 15 minutes in the periodical job, this effectively ensures that usually even super active sites are capped at 200 new items

2. Unread capping is applied if a user hits max_tracked_new_unread,
  meaning if new + unread == 500, we defer a job that runs within 15 minutes that will cap user at 200 unread

This logic ensures that at worst case a user gets "bad" numbers for 15 minutes and then the system goes ahead and fixes itself up
2015-09-07 12:03:17 +10:00
Dan Singerman 8055d065f2 Refactor ApplicationController#redirect_to_login_if_required to use session for SSO 2015-08-11 16:48:55 +01:00
Robin Ward 9911e92e24 Merge pull request #3609 from riking/patch-7
FEATURE: Localization fallbacks
2015-07-30 10:44:29 -04:00
Arpit Jalan d6069e8c90 UX: fix container layout 2015-07-28 13:58:30 +05:30
Sam 4491813d22 Revert "Revert "PERF: optimise query that gathers topic tracking state""
This reverts commit 909be09f1a.
2015-07-21 21:48:07 +10:00
Sam 909be09f1a Revert "PERF: optimise query that gathers topic tracking state"
This reverts commit 343e417a55.
2015-07-21 17:35:50 +10:00
Sam 343e417a55 PERF: optimise query that gathers topic tracking state
(this query runs on the front page to figure out new and unread topics)
2015-07-21 17:14:30 +10:00
Kane York ecfa17b5a7 FEATURE: Localization fallbacks (server-side)
The FallbackLocaleList object tells I18n::Backend::Fallbacks what order the
languages should be attempted in. Because of the translate_accelerator patch,
the SiteSetting.default_locale is *not* guaranteed to be fully loaded after the
server starts, so a call to ensure_loaded! is added after the locale is set for
the current user.

The declarations of config.i18n.fallbacks = true in the environment files were
actually garbage, because the I18n.default_locale was
SiteSetting.default_locale, so there was nothing to fall back to. *derp*
2015-07-15 10:17:36 -07:00
Sam b052179ae6 Merge pull request #3163 from rcfox/fix-by-external
Allow periods in the external_id value used in the /users/by-external route.
2015-06-24 13:07:12 +10:00
Sam f26eee8431 FEATURE: add username to NGINX logs 2015-06-16 17:43:53 +10:00
Sam 690f4a4c37 add X so it shows up at the end of chrome 2015-06-16 10:27:42 +10:00
Sam 9b8b1d0034 FEATURE: add special header that names the action for the request 2015-06-16 09:54:44 +10:00
Robin Ward 5da5269652 FIX: Bad page title for categories view by google crawler 2015-06-08 12:07:35 -04:00
Sam fe46d1dd3b PERF: avoid cookies for all static, public, cached forever assets 2015-05-22 16:15:46 +10:00
Robin Ward 0ed1c8011c FIX: About page error when `login_required` 2015-05-21 14:37:49 -04:00
Sam e5888cf090 PERF: avoid preloading json in cases where it is not needed
(uploads / avatars / non GET requests)
2015-05-20 17:12:16 +10:00
Ryan Fox 14d2b76354 Merge branch 'master' into fix-by-external
Conflicts:
	app/controllers/users_controller.rb
2015-05-15 19:54:11 -04:00
Sam 8277a586bb usage of raise corrected 2015-05-07 11:00:51 +10:00
Robin Ward 16408cee06 Allow Postgres to trigger readonly mode for the site. 2015-04-29 11:49:58 -04:00
Robin Ward 3cb4554bbb Can refresh queued posts via button 2015-04-27 13:52:54 -04:00
Robin Ward 3a6efa25f0 Allow ReadOnly to propogate up to the Ember app via Response Header 2015-04-24 14:37:16 -04:00
Robin Ward 0c233e4e25 Interface is wired up for Approving/Rejecting posts 2015-04-15 14:54:37 -04:00
Robin Ward 96d2c5069b Interface for reviewing queued posts 2015-04-15 14:54:37 -04:00
Robin Ward 19a9a8b408 `NewPostManager` determines whether to queue a post or not 2015-04-15 14:54:36 -04:00
Sam bb20f64cb2 use standard error so its easier to catch 2015-03-23 12:20:50 +11:00
Régis Hanol df3b1f6968 FIX: editing a post wasn't showing error messages from the server 2015-03-19 12:25:15 +01:00
Robin Ward 3ad12d44f3 Use a mixin for the `path` function to DRY it up 2015-03-09 15:24:16 -04:00
Sam f5af4768eb FEATURE: add clean support for running Discourse in a subfolder
To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish
2015-03-09 13:14:29 +11:00
Sam 71d6266f98 REGRESSION: exceptions are handled natively by logster 2015-02-27 13:05:51 +11:00
Sigurður Guðbrandsson 96e6fd3449 Cleaned up the sso codefix, thanks @SamSaffron
@SamSaffron showed me a cleaner way to use the if statements in the sso redirect code.

Thanks sam ;)
2015-02-23 22:10:44 +00:00
Sigurður Guðbrandsson 334a357363 FIX: Forward to SSO login automatically
Forward to SSO login URL automatically if SSO is enabled and login is required.

Makes it simpler for users to log in automatically.
2015-02-23 21:20:36 +00:00
Sam 5266ad4539 Merge pull request #3183 from riking/json-errors-2
Consolidate custom exception handling
2015-02-23 16:58:05 +11:00
riking ecb911285d Fix the render_json_error api 2015-02-22 21:28:50 -08:00
riking 68ccd2d664 FEATURE: All 500 errors now show up in Logster
Added Discourse.handle_request_exception()
2015-02-09 12:48:33 -08:00
riking 8d39480831 use symbols for error types (squash me) 2015-02-09 10:20:00 -08:00
Lincoln Lee 02f3f8c1b3 Fix customize HTML/CSS only show desktop code
custom_top and custom_footer method in SiteCustomization is setting
:desktop as default argument for `target`

It output the desktop version of the custom_top, custom_footer even
user in mobile_view.

This fix is adding the missing target into method argument.
2015-02-10 00:48:42 +08:00
riking a16aa9fde8 HACK: Keep old behavior for topics#show 2015-02-08 13:56:56 -08:00
riking 8cf21f2363 FEATURE: Refactor error returns in application_controller 2015-02-08 13:40:38 -08:00
riking 06f02ce9fc FIX: 🈂️ Allow closing polls in multi-locale sites 2015-02-05 19:55:03 -08:00
Robin Ward 25daca8f23 Helpers for plugins to support enabling/disabling 2015-02-04 16:23:56 -05:00
Arpit Jalan 68377ba4ab add class for container div on 404 page 2015-02-04 00:40:21 +05:30
Ryan Fox c3f21dcdfc Remove the .json part from the external_id value when using it to lookup a user. 2015-02-02 12:58:02 -05:00
riking fb72e2665f PERF 🐎 Don't calculate preload data for non-xhr json requests
This will help out anyone querying as API instead of through a
browser.
2015-01-23 21:14:58 -08:00
Robin Ward 987504c6ab Rename `no_js` layout to `no_ember`
While *sometimes* `no_js` was used for visitors without js (for example
disabling it on your browser) it was also used for some pages that were
disabled to JS capable browsers, including the 404 page.

Even worse, sometimes it was used on pages that *had* Javascript, such
as our `/activate-account` route. It has been renamed to `no_ember` to
indicate what it really is, a layout for the site that doesn't load our
Ember.js application.
2015-01-15 15:56:53 -05:00
Régis Hanol 6734a51b6a move SiteText.{head,top,bottom} to SiteCustomization 2015-01-14 12:15:53 +01:00
Robin Ward f3b72f5d96 Revert "move SiteText.{head,bottom} to SiteCustomization and remove redundant SiteText.top"
This reverts commit 6ee2849df6.
2015-01-12 20:21:22 -05:00