Commit Graph

153 Commits

Author SHA1 Message Date
riking 4c8850108a SECURITY: Don't leak topic title in the redirect 2015-02-04 11:55:39 -08:00
Sam a6ce188f35 Merge pull request #3126 from riking/latest-posts
Latest posts endpoint at /posts.json
2015-01-30 08:55:45 +11:00
Robin Ward f028b51620 Add post parameters so plugins like akismet can use it for spam
prevention.
2015-01-29 13:09:35 -05:00
Robin Ward 1f40807001 Add extensibility point for whenever a post is created 2015-01-29 12:46:29 -05:00
Robin Ward 8fc477ab07 More refactoring to support extensibility of history 2015-01-28 13:37:06 -05:00
Robin Ward d43944b3ed Extensibility for tracking changes to a topic 2015-01-28 13:37:06 -05:00
riking 9e9119d1c1 FEATURE: Enable pagination of /posts.json 2015-01-23 21:22:19 -08:00
riking 1d24d8471e FEATURE: Latest posts endpoint at /posts.json 2015-01-23 21:16:03 -08:00
Régis Hanol c681b353f2 FEATURE: bookmark topic button 2015-01-12 12:10:15 +01:00
Robin Ward 0bc0bd7a21 Pass the `current_user` to the topic saved event 2015-01-08 17:29:11 -05:00
Robin Ward 704ac91a22 FIX: Broken spec 2015-01-06 17:06:24 -05:00
Robin Ward 5667478b4d A common, extensible interface for sending topic columns across the wire
This allows plugins to specify topic columns to serialize and save in
the database via the composer when creating topics and editing their
first posts.
2015-01-06 14:53:12 -05:00
Régis Hanol a036ac7bdc FIX: users can see the raw email source of their own posts 2014-11-12 14:49:42 +01:00
Régis Hanol e7f251c105 LOTS of changes to properly handle post/topic revisions
FIX: history revision can now properly be hidden
FIX: PostRevision serializer is now entirely dynamic to properly handle
hidden revisions
FIX: default history modal to "side by side" view on mobile
FIX: properly hiden which revision has been hidden
UX: inline category/user/wiki/post_type changes with the revision
details
FEATURE: new '/posts/:post_id/revisions/latest' endpoint to retrieve
latest revision
UX: do not show the hide/show revision button on mobile (no room for
them)
UX: remove CSS transitions on the buttons in the history modal
FIX: PostRevisor now handles all the changes that might create new
revisions
FIX: PostRevision.ensure_consistency! was wrong due to off by 1
mistake...
refactored topic's callbacks for better readability
extracted 'PostRevisionGuardian'
2014-10-27 22:06:43 +01:00
Sam 1cc37e32b9 FEATURE: add max_reply_history to limit number of replies
that can be expanded, when clicking "in-reply-to"
2014-10-27 09:44:42 +11:00
Arpit Jalan 72873b8368 further optimize raw email feature 2014-10-18 00:50:02 +05:30
David McClure 19d5362c6b FEATURE: ability to hide or show specific post revisions 2014-10-14 07:19:45 -07:00
Régis Hanol 5754e8dd0f FEATURE: auto-close topics based on last post 2014-10-10 18:21:44 +02:00
Régis Hanol 7e8c4b63f4 FIX: only show agreed abd deferred flags on user's profile 2014-10-09 16:10:16 +02:00
Régis Hanol 98b6b9821a FEATURE: log topic/post deletions from staff members 2014-10-01 17:40:13 +02:00
Régis Hanol 0b13f6572f FEATURE: staff option to unhide a post 2014-09-22 18:55:13 +02:00
Régis Hanol e56fcf0c43 FEATURE: add 'rebake post' in post wrench menu 2014-09-11 16:04:40 +02:00
riking b62699707d FIX: Unknown /posts/id.json should 404 2014-09-10 18:10:27 -07:00
Régis Hanol 18f8038015 FEATURE: add new 'convert to staff message' in post wrench menu 2014-09-10 23:08:33 +02:00
Robin Ward 334e21a03a Revert "Revert "FEATURE: Can create warnings for users via PM""
This reverts commit 1c7559380c.
2014-09-08 11:11:56 -04:00
Robin Ward 1c7559380c Revert "FEATURE: Can create warnings for users via PM"
This reverts commit b0bfc1f93f.
2014-09-08 10:38:59 -04:00
Robin Ward b0bfc1f93f FEATURE: Can create warnings for users via PM 2014-09-08 10:27:06 -04:00
Robin Ward b04a52676e FIX: Don't show wrong flag choices after undo 2014-09-02 17:37:54 -04:00
Sam 7d5c0ae28e FIX: broken and uneeded code 2014-08-08 09:07:51 +10:00
Sam 03c8f09be8 PERF: finalize porting to new incoming links structure 2014-08-04 16:43:57 +10:00
Robin Ward fb8dda7f42 FIX: We should use `category_id` instead of `category_name` to perform
operations, now that the subcategory names are not unique.
2014-07-16 15:40:35 -04:00
Régis Hanol 7dcf2a2c4f FEATURE: show the user's flagged/deleted posts 2014-07-16 21:04:55 +02:00
Sam 2d0def9940 FIX: First Quote badge bust
Feature: track quoted posts
2014-07-15 17:47:24 +10:00
Sam 6618358586 FIX: dupe protection is API only now
make optional later on (was introduced for wordpress plugin)
2014-07-14 15:59:58 +10:00
riking 783454ebe1 Fix /p/post/user route not saving referrals
Make user id optional for /p/id/uid
Add /posts/id/raw route for debugging failed post processing
2014-07-11 14:44:07 -07:00
Robin Ward 8a4e96645c FEATURE: Can click to expand hidden posts to see the good stuff! 2014-06-20 17:07:12 -04:00
Régis Hanol 0df666277d BUGFIXES: properly deal with bookmarks and deleted posts
BUGFIX: removing a bookmark from the activity feed was busted for deleted posts
BUGFIX: delete associated user actions when deleting a post
2014-06-04 17:41:11 +02:00
riking 41332ab7ad Allow anonymous to see raw posts 2014-05-19 23:33:27 -07:00
Wojciech Zawistowski 960d64930c Wiki Post 2014-05-13 08:53:11 -04:00
Régis Hanol fca6738212 BUGFIX: could not see the revisions of a post in a deleted topic 2014-05-12 16:30:10 +02:00
Régis Hanol bc3de84ebf FEATURE: remove bookmark button in activity feed 2014-05-12 09:33:26 +02:00
Louis Rose 1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Sam 05efc8df16 BUGFIX: likes would cause whole post to re-render 2014-04-24 12:42:04 +10:00
Robin Ward dbab628e16 Support for creating embedded topics via API 2014-04-03 14:42:44 -04:00
Robin Ward 10d0320532 FIX: Allow expanding posts when anonymous, add specs 2014-04-03 11:30:43 -04:00
Robin Ward d1e7fa1c47 Minor tweaks to importing first posts 2014-04-02 15:54:21 -04:00
Robin Ward 558a06a117 Adds better reusable error message support. Added to fetching remote
posts. /cc @riking
2014-04-02 13:22:10 -04:00
Robin Ward b250aa36a0 Remote fetching of blog contents 2014-04-02 10:26:46 -04:00
Robin Ward 50fb048b99 Interface for expanding OP contents 2014-04-02 10:26:46 -04:00
Sam 1cd32ced33 FEATURE: update likes and flags live. 2014-03-24 13:22:03 +11:00
Neil Lalonde 283dc7dd2d Trust level 4: add ability to edit any post and see edit history 2014-03-13 10:47:49 -04:00
Wojciech Zawistowski 227c0af20b Removes unnecessary instance vars. 2014-02-24 18:03:29 +01:00
Wojciech Zawistowski ed311eb65a PostsController refactoring. 2014-02-21 17:12:43 +01:00
Wojciech Zawistowski cfbeba84d2 Adds tests for PostsController#replies. 2014-02-20 17:38:13 +01:00
Wojciech Zawistowski 5e8db5ce14 Adds specs for PostsController#by_number. 2014-02-19 17:41:17 +01:00
Wojciech Zawistowski 5b9a4d3581 Refactors PostsController and adds unit tests. 2014-02-18 17:19:38 +01:00
Régis Hanol 4fb274fb9d BUGFIX: history link doesn't work on deleted posts 2014-02-04 20:05:50 +01:00
Neil Lalonde 259295d865 Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year. 2014-01-09 11:55:04 -05:00
Sam eeb83adf71 BUGFIX: staff can now edit delted posts
fixes #1343

This was way easier than mucking with the UI
2014-01-06 18:12:51 +11:00
Régis Hanol 06dd7ffe3c better revision history 2013-12-12 03:41:34 +01:00
Neil Lalonde a9ab98ef9e Auto-close time can be entered in 3 ways, so a topic can close at any time 2013-11-27 09:52:35 -05:00
Sam 3fa48f8d76 Style fix: https://twitter.com/andrzejkrzywda/status/404943844896423937 2013-11-26 10:21:41 +11:00
Régis Hanol 482b752046 add edit reason when editing a post 2013-11-15 23:28:49 +01:00
Régis Hanol af96ef2994 FIX: deleting a flagged post issue
cf. http://meta.discourse.org/t/deleting-a-flagged-post-issue/10061

The bug was only happening when you were about the delete the first post, which means deleting the entire topic.
2013-10-02 16:59:57 +02:00
Régis Hanol cd4cda5b4c allow users to specify thumbnail size 2013-09-27 10:57:31 +02:00
Robin Ward 7d9a84b496 New User Education goes through a server side ComposerMessages check. Composer message for users
who don't have avatars.
2013-09-13 12:23:53 -04:00
Robin Ward 71c1b8b9b9 When deleting a post as staff, ask if you want to delete direct replies too 2013-09-05 11:03:34 -04:00
Robin Ward f157ec1f91 Select +Replies for bulk operations 2013-09-05 11:03:29 -04:00
Robin Ward 1c3804934e Show the entire history of replies above a post when you expend "in reply to" 2013-08-06 17:43:10 -04:00
Sam 4a20d09523 distributed memoizer added to ensure absolute duplicate posts don't get through
in case of an absolute dupe just return the memoized post

This works around issues with wordpress being crazy
2013-07-29 12:25:19 +10:00
Sam 1f3c5cb656 allow end user to recover a post they delete
automatically delete stubs after 1 day
2013-07-22 17:48:47 +10:00
Sam 0ec1438b9a correct auto track param parsing for WordPress 2013-07-22 15:07:20 +10:00
Sam acba0ea41e add auto track to permitted params 2013-07-22 15:07:20 +10:00
Robin Ward 5eaae063f0 Discourse Macro Helpers + Minor Fix to Admin User View 2013-07-11 19:35:52 -04:00
Robin Ward d98f288aa4 FIX: Recovering a deleted post was not updating a topic's statistics 2013-07-09 12:15:55 -04:00
Sam f6b850e7a4 allow skipping the validations on creation if its an api call AND skip_validations is specified
this allows wordpress plugin to post very very short titles or titles that would otherwise be disallowed
2013-07-02 12:23:19 +10:00
Neil Lalonde e263bb3c0a Anons should be able to see post history 2013-06-19 16:43:16 -04:00
Ian Christian Myers b61e10f9ad All parameters for #create in PostsController pass through strong_parameters.
We are now explicitly whitelisting all parameters for Post creation. A nice side-effect is that it cleans up the #create action in PostsController. We can now trust that all parameters entering PostCreator are of a safe scalar type.
2013-06-07 01:29:25 -07:00
Ian Christian Myers 0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Sam 870e59883b secure the links on the topic pages, eliminated deleted topics as well. 2013-06-05 16:10:26 +10:00
Robin Ward d554a59102 Support for a new site setting: `newuser_spam_host_threshold`. If a new user posts a link
to the same host enough tiles, they will not be able to post the same link again.

Additionally, the site will flag all their previous posts with links as spam and they will
be instantly hidden via the auto hide workflow.
2013-05-16 12:19:50 -04:00
Neil Lalonde 9828c87525 Topic Auto-Close: admins and mods can set a topic to automatically close after a number of days 2013-05-13 12:53:52 -04:00
Sam 942f168ab6 UI still a tad rough, but we have a first pass of secure categories 2013-05-10 16:47:47 +10:00
Sam 20493106cd fix post trashing 2013-05-07 17:56:56 +10:00
Sam e9fc272db7 remove acts_as_paranoid, use .trash! , .recover! and .with_deleted as needed
makes upgrading to rails 4 possible
2013-05-07 14:39:01 +10:00
Sam cef9a74053 route for markdown /md/topic_id/post_number 2013-04-30 16:30:41 +10:00
Sam f9e33ec6b8 store ip address and current user with incoming links
make links long an readable in share dialog
2013-04-26 16:18:55 +10:00
Sam 37867af1bb track incoming links, amend share link to include user
fix pm styling
2013-04-24 18:05:35 +10:00
Régis Hanol c5cf8be864 auto replace rules in titles 2013-04-10 11:00:50 +02:00
Sam 2295290383 added best=N option to get N best comment on a post 2013-03-27 22:53:11 -07:00
Sam fc94d3e551 match the create api with the update api ... so api is more consistent 2013-03-26 23:49:35 -07:00
Sarah Vessels 54c7b1ab63 Use consistent new-style hashes in render calls *twitch* 2013-03-22 14:08:11 -04:00
Sam 62c60540be pull moderator into own column, rename trust levels 2013-03-19 21:06:11 -07:00
Robin Ward 59fc3bfac4 PostDestroyer to replace callbacks for destroying 2013-03-18 17:55:11 -04:00
Gosha Arinich 0c99dea153 introduce Enum 2013-03-01 21:16:36 +03:00
Gosha Arinich cafc75b238 remove trailing whitespaces ❤️ 2013-02-26 07:31:35 +03:00
Robin Ward 532b1f5450 Can edit category descriptions, they show up in a `title` attribute 2013-02-22 13:43:47 -05:00
Robin Ward b9457197c0 First stab at new user education - configurable messages that pop up on a user's first
few posts/topics.
2013-02-14 15:33:51 -05:00
Robin Ward 03a798b202 Can clear flags on deleted posts if you're a moderator 2013-02-08 19:07:29 -05:00
Robin Ward 7c11c3fe0f Can edit deleted posts. 2013-02-08 17:49:15 -05:00