Commit Graph

2987 Commits

Author SHA1 Message Date
Sam Saffron cbd4d06da0 PERF: only check for totp record on current user at when needed
Previously the check was done a bit too early causing one extra query
per page unconditionally for logged on users
2019-06-07 16:25:04 +10:00
Penar Musaraj f00275ded3 FEATURE: Support private attachments when using S3 storage (#7677)
* Support private uploads in S3
* Use localStore for local avatars
* Add job to update private upload ACL on S3
* Test multisite paths
* update ACL for private uploads in migrate_to_s3 task
2019-06-06 13:27:24 +10:00
Bianca Nenciu e0c821ebb0 FEATURE: Make staff action logs page support infinite loading 2019-06-06 13:02:53 +10:00
Saurabh Patel b510006ca8 FEATURE: show tags in crawler view of tags page for static site
Previously tags page would have an empty page in crawler view
2019-06-06 12:55:37 +10:00
Roman Rizzi c3a38d2304 DEV: Make groups/new extensible by plugins (#7642)
* Expose a new plugin outlet. Pass group model to the group-member-dropdown so it can be accessed by plugins

* Added controller tests for group custom fields. update custom fields when updating a group
2019-06-06 12:05:33 +10:00
Robin Ward d902c4eb9f FEATURE: Can sort reviewable queue
Choices are Priority / Created At (and desc versions.)
2019-06-05 13:21:05 -04:00
Joffrey JAFFEUX ce79a71c5d
typo s/faivcon/favicon (#7697) 2019-06-05 09:46:07 +02:00
Sam Saffron b9df7a2257 FIX: if favicon is missing due to bad url we would return a 500 on favicons
This ensures that the error logging does not corrupt the cache
2019-06-05 16:43:40 +10:00
Arpit Jalan e7fe7010b8
FIX: use hijack for processing bulk invites (#7679)
FIX: do not store bulk invite CSV file on server
2019-06-04 20:19:46 +05:30
Régis Hanol 33bc8c276d FIX: default top timeframe was overriding best_periods_for 2019-06-04 10:57:50 +02:00
Régis Hanol d7ff640778 fix the build 2019-06-03 20:42:46 +02:00
Maja Komel 42809f4d69 FIX: use crawler layout when saving url in Wayback Machine (#7667) 2019-06-03 12:13:32 +10:00
Sam Saffron e302c0af8b DEV: by default disable anon impersonation in dev environments
The impersonate any user by anonymous feature in dev should require a
deliberate opt-in. This way developers are better aware of the security
implications of this development only feature.
2019-06-03 10:02:27 +10:00
Robin Ward 2e0a40007b FIX: Category topics should not be deletable via review queue 2019-05-30 16:43:23 -04:00
romanrizzi e7ee556e87 Support multi-group user search 2019-05-30 08:45:20 +08:00
Guo Xiang Tan a3938f98f8 Revert changes to `FileStore::S3Store#path_for` in f0620e7118.
There are some places in the code base that assumes the method should
return nil.
2019-05-29 18:39:07 +08:00
Guo Xiang Tan f0620e7118 FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2.
Previous attempt was missing `post_uploads` records.
2019-05-29 09:26:32 +08:00
Penar Musaraj 7c9fb95c15 Temporarily revert "FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD. (#7603)"
This reverts commit b1d3c678ca.

We need to make sure post_upload records are correctly stored.
2019-05-28 16:37:01 -04:00
Guo Xiang Tan b1d3c678ca FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD. (#7603) 2019-05-28 11:18:21 -04:00
Bianca Nenciu 07b80d491b FIX: Refresh automatic groups after inviting moderators. 2019-05-28 17:19:34 +08:00
Sam Saffron 7429700389 FIX: ensure we can download maxmind without redis or db config
This also corrects FileHelper.download so it supports "follow_redirect"
correctly (it used to always follow 1 redirect) and adds a `validate_url`
param that will bypass all uri validation if set to false (default is true)
2019-05-28 10:28:57 +10:00
Robin Ward d26c4509ea FIX: Adding a user to a group twice under concurrency
This prevents an error from being raised / logged.
2019-05-27 15:42:40 -04:00
Penar Musaraj dfcc2e7ad8 Revert "FEATURE: Send notification when member was accepted to group. (#7503)"
This reverts commit 42c82d544e.
2019-05-27 15:19:59 -04:00
Robin Ward d95a68b837 FEATURE: When suspending a user, allow the Delete + Replies action
Previously you could only delete the post
2019-05-27 12:27:16 -04:00
Bianca Nenciu 42c82d544e
FEATURE: Send notification when member was accepted to group. (#7503) 2019-05-27 17:28:41 +03:00
Gerhard Schlager f4a471f0eb FIX: Correctly cache hash of extra translations 2019-05-24 11:38:26 +02:00
Gerhard Schlager c1e9a70d59 FIX: Fallback locale was not available for extra translations
Translations from fallback locales were not sent to the client
for admin_js and wizard_js.
2019-05-24 11:38:26 +02:00
Robin Ward e74cd54fc6 REFACTOR: Replace score bonuses with low/med/high priorities
We removed score from the UX so it makes more sense to have sites set
priorities instead of score bonuses.
2019-05-23 11:54:45 -04:00
Gerhard Schlager b788948985 FEATURE: English locale with international date formats
Makes en_US the new default locale
2019-05-20 13:47:20 +02:00
Guo Xiang Tan 148bfc9be5 DEV: Simplify client and server side code to support removing tags.
Follow up to 834c86678f.
2019-05-17 16:39:20 +08:00
Guo Xiang Tan 834c86678f FIX: Missing post revision when editing the first post. 2019-05-17 12:54:27 +08:00
Guo Xiang Tan e2444e0d31 DEV: Fix another frozen string error. 2019-05-17 10:07:37 +08:00
Guo Xiang Tan 227bedebf7 DEV: Fix modifying a frozen string. 2019-05-16 11:30:31 +08:00
David Taylor 1299c94a52 FIX: Make serverside and clientside omniauth origin redirects consistent
Previously external domains were allowed in the client-side redirects, but not the server-side redirects. Now the behavior is to only allow local origins.
2019-05-15 12:40:51 +01:00
Vinoth Kannan 42b10a646d FIX: return 404 only if upload url also not internal. 2019-05-15 02:06:54 +05:30
Penar Musaraj 607c671003 Fix string literal when switching theme in dev env 2019-05-13 10:25:51 -04:00
Guo Xiang Tan 64c117519e Fix modifying frozen strings errors take 3. 2019-05-13 16:45:23 +08:00
Guo Xiang Tan 74989783da Fix modifying frozen strings error in `OneboxController`. 2019-05-13 16:25:52 +08:00
Gerhard Schlager 81c329fbb8 FIX: Customizing missing pluralized translations didn't work 2019-05-13 09:36:05 +02:00
Guo Xiang Tan 8165ceb320 Make rubocop happy. 2019-05-13 09:55:44 +08:00
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Robin Ward b380ed5282 FEATURE: Claim Reviewables by Topic
This is a feature that used to be present in discourse-assign but is
much easier to implement in core. It also allows a topic to be assigned
without it claiming for review and vice versa and allows it to work with
category group reviewers.
2019-05-09 13:40:36 -04:00
Robin Ward 5af7c90bab FEATURE: Hide Reviewable scores, change score filter to Priority
We found score hard to understand. It is still there behind the scenes
for sorting purposes, but it is no longer shown.

You can now filter by minimum priority (low, med, high) instead of
score.
2019-05-07 14:05:23 -04:00
Blake Erickson 5b5b5a5931 FIX: return an error if a user tries to whisper
This commit fixes a bug where a user creates a whisper post via the api
but is posted as a regular message because they don't have access to
whisper. Now a 403 unauthorized will be returned instead of the whisper
param just being ignored for regular users. Staff users should not be
affected by this change.

https://meta.discourse.org/t/a-whisper-is-posted-as-a-message-if-the-user-is-not-staff-moderator-admin-when-using-the-api/116601
2019-05-07 11:42:26 -06:00
Bianca Nenciu 4ff1195537 FEATURE: Use Beacon API for tracking clicks. (#7483) 2019-05-07 16:37:43 +10:00
Sam Saffron cac80cdc3b DEV: more send -> public_send changes
This is a work in progress commit for more send to public_send conversions

Also adds some comments for cases where we need to keep send
2019-05-07 11:58:06 +10:00
Guo Xiang Tan 152238b4cf DEV: Prefer `public_send` over `send`. 2019-05-07 09:33:21 +08:00
Sam Saffron 9be70a22cd DEV: introduce new API to look up dynamic site setting
This removes all uses of both `send` and `public_send` from consumers of
SiteSetting and instead introduces a `get` helper for dynamic lookup

This leads to much cleaner and safer code long term as we are always explicit
to test that a site setting is really there before sending an arbitrary
string to the class

It also removes a couple of risky stubs from the auth provider test
2019-05-07 11:00:30 +10:00
Robin Ward 31e100530f FEATURE: Flag count in post menu
This change shows a notification number besides the flag icon in the
post menu if there is reviewable content associated with the post.
Additionally, if there is pending stuff to review, the icon has a red
background.

We have also removed the list of links below a post with the flag
status. A reviewer is meant to click the number beside the flag icon to
view the flags. As a consequence of losing those links, we've removed
the ability to undo or ignore flags below a post.
2019-05-06 16:13:31 -04:00
Régis Hanol e2e72f4e8e DEV: rename ReadOnly module to ReadOnlyHeader 2019-05-06 16:07:49 +02:00
David Taylor d82da69c2c FIX: Fail gracefully if username parameter is missing when creating user 2019-05-03 17:17:06 +01:00
Régis Hanol 0d41d58d27 FIX: add ReadOnly hear to /srv/status 2019-05-03 12:21:07 +02:00
Sam Saffron 16ef060a76 DEV: correct Rails 6 deprecation
render template is backwards compatible with Rails 5, code is simpler.

Thanks @jhawthorn, this is our last Rails 6 deprecation
2019-05-03 16:20:18 +10:00
Penar Musaraj b948d97c8f
FEATURE: Show diff of local changes before updating remote theme (#7443) 2019-05-02 21:43:54 -04:00
Guo Xiang Tan 24347ace10 FIX: Properly associate user_profiles background urls via upload id.
`Upload#url` is more likely and can change from time to time. When it
does changes, we don't want to have to look through multiple tables to
ensure that the URLs are all up to date. Instead, we simply associate
uploads properly to `UserProfile` so that it does not have to replicate
the URLs in the table.
2019-05-02 14:58:24 +08:00
Sam Saffron 96360a779f DEV: add a few frozen string literals 2019-05-02 16:57:12 +10:00
Sam Saffron 1be01f8dd4 DEV: Add support for Rails 6
Minor fixes to add Rails 6 support to Discourse, we now will boot
with RAILS_MASTER=1, all specs pass

Only one tiny deprecation left

Largest change was the way ActiveModel:Errors changed interface a
bit but there is a simple backwards compat way of working it
2019-05-02 16:23:25 +10:00
David Taylor 0e303c7f5d
FEATURE: Automatically generate optimized site metadata icons (#7372)
This change automatically resizes icons for various purposes. Admins can now upload `logo` and `logo_small`, and everything else will be auto-generated. Specific icons can still be uploaded separately if required.

## Core

- Adds an SiteIconManager module which manages automatic resizing and fallback

- Icons are looked up in the OptimizedImage table at runtime, and then cached in Redis. If the resized version is missing for some reason, then most icons will fall back to the original files. Some icons (e.g. PWA Manifest) will return `nil` (because an incorrectly sized icon is worse than a missing icon). 

- `SiteSetting.site_large_icon_url` will return the optimized version, including any fallback. `SiteSetting.large_icon` continues to return the upload object. This means that (almost) no changes are required in core/plugins to support this new system.

- Icons are resized whenever a relevant site setting is changed, and during post-deploy migrations

## Wizard

- Allows `requiresRefresh` wizard steps to reload data via AJAX instead of a full page reload

- Add placeholders to the **icons** step of the wizard, which automatically update from the "Square Logo"

- Various copy updates to support the changes

- Remove the "upload-time" resizing for `large_icon`. This is no longer required.

## Site Settings UX

- Move logo/icon settings under a new "Branding" tab

- Various copy changes to support the changes

- Adds placeholder support to the `image-uploader` component

- Automatically reloads site settings after saving. This allows setting placeholders to change based on changes to other settings

- Upload site settings will be assigned a placeholder if SiteIconManager `responds_to?` an icon of the same name

## Dashboard Warnings

- Remove PWA icon and PWA title warnings. Both are now handled automatically.

## Bonus

- Updated the sketch logos to use @awesomerobot's new high-res designs
2019-05-01 14:44:45 +01:00
Robin Ward 404b35bd04 FEATURE: Category Reviewable by Group
Allow a group to review content in a particular category.
2019-04-30 15:23:06 -04:00
David Taylor 5edb5c8b03
FIX: Mark invited admins as 'approved' (#7459)
This prevents invited admins appearing as no-op reviewables in the queue when invite_only or require_approval is enabled.
2019-04-30 17:26:39 +01:00
Guo Xiang Tan dca7f8ecf2 FIX: Loading more broken on groups page.
Regressed in 1f17d52f55.
2019-04-30 10:35:17 +08:00
Sam Saffron ac3dab93f5 DEV: lint the files 2019-04-29 17:40:53 +10:00
Sam Saffron 45285f1477 DEV: remove update_attributes which is deprecated in Rails 6
See: https://github.com/rails/rails/pull/31998

update_attributes is a relic of the past, it should no longer be used.
2019-04-29 17:32:25 +10:00
Saurabh Patel 1b1cfd4507 add no_subcategories query param in url only if its true (#7439) 2019-04-29 15:10:59 +08:00
Joffrey JAFFEUX fe86941cb6 FIX: prevents exception when search q params is a hash (#7437)
* FIX: prevents exception when searh q params is a hash

* raise when invalid format
2019-04-29 15:09:25 +08:00
Joffrey JAFFEUX bcca2b5d73
FEATURE: initial implementation of generic filters for reports 2019-04-26 12:17:10 +02:00
Gerhard Schlager 03f9564804 FIX: Handle missing letter avatar 2019-04-24 23:20:46 +02:00
Chris Butler 8673bd832a FEATURE: use failed_to_login for SSO error (#7394)
The error displayed when logging into suspended accounts via SSO never includes
the suspension reason, unlike non-SSO logins. By re-using the failed_to_login
method when generating the error message for SSO we can ensure the message is
consistent between the SSO and non-SSO paths.
2019-04-24 16:38:56 +10:00
Robin Ward 6f56fba016 UX: Update post actions to "Approve Post" and "Reject Post"
This should be more clear.
2019-04-23 12:19:11 -04:00
Gerhard Schlager a7bc1ecbae FEATURE: Add support for Unicode usernames and group names
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2019-04-23 13:00:27 +02:00
Bianca Nenciu 1867f2dda0
FEATURE: Always track clicks using AJAX. (#7373) 2019-04-23 12:41:36 +03:00
Guo Xiang Tan 87cca0fb80 FIX: Return the right response code for invalid theme id. 2019-04-23 14:57:14 +08:00
Bianca Nenciu 9050b1bf5a FIX: Add unique index on group_requests(group_id, user_id). (#7399) 2019-04-23 12:51:30 +10:00
Dan Ungureanu 57d1dea8a2
FEATURE: Let staff add custom post notices. (#7377) 2019-04-19 17:53:58 +03:00
Maja Komel 1f17d52f55 UX: new layout for groups page, allow changes to automatic group bio (#7350) 2019-04-17 22:44:30 -04:00
Penar Musaraj 7cd621778d FEATURE: Native app banner improvements
This commit adds some improvements to native app banners for iOS and Android

- iOS and Android now have separate settings for native app banners

- app banners will now only show for users on TL1 and up

- app ids are now in a hidden site setting to allow sites to switch to their own app, if desired

- iOS only: the site URL is passed to the app arguments
2019-04-17 12:25:13 -04:00
Robin Ward 14f9d40e48 FEATURE: Clarify Reviewable User Actions
"Approve" is now "Approve User" and "Delete" is a dropdown with a choice
that allows you to block.
2019-04-17 11:44:17 -04:00
Roman Rizzi 12a5c69abd
FEATURE: Allow users to tone down digest emails (#7353)
* FEATURE: Allow user to tone down email digest insteand of only unsubscribing

* Reordered options and select the next slowest frequency by default
2019-04-17 12:14:40 -03:00
Robin Ward ba6d4b2a8d FIX: Better handling for toggling `must_approve_users`
If you turn it on now, default all users to approved since they were
previously. Also support approving a user that doesn't have a reviewable
record (it will be created first.)

This also includes a refactor to move class method calls to
`DiscourseEvent` into an initializer. Otherwise the load order of
classes makes a difference in the test environment and some settings
might be triggered and others not, randomly.
2019-04-16 15:56:35 -04:00
Guo Xiang Tan 8cb1890245 FIX: Missing topic edited web hook when publishing a topic. 2019-04-16 14:28:23 +08:00
Arpit Jalan 95ada3f190 FIX: save registration IP address for invited users 2019-04-13 13:04:25 +05:30
Robin Ward ef1af53e05 FIX: If creating an active user via the API, create reviewables 2019-04-12 15:25:02 -04:00
Robin Ward a5d9afe397 FEATURE: Include a user's pending posts in the topic view
Also includes a refactor to TopicView's serializer which was not
building our attributes using serializers properly.
2019-04-12 14:25:12 -04:00
Roman Rizzi 536b90e0ef
FEATURE: Support searching custom staff actions (#7346) 2019-04-10 09:53:17 -03:00
Tarek Khalil 442fb2facb FEATURE: Remove ignore feature SiteSetting and enable ignore by default (#7349) 2019-04-10 12:54:59 +02:00
Robin Ward 9ebfdaa356 UX: Unify reviewable scores + history 2019-04-09 16:43:08 -04:00
Robin Ward 9bcd7aacc8 Remove deprecation, the admin controller can approve just fine 2019-04-09 11:19:19 -04:00
Sam Saffron f6db30a5da FEATURE: mark last notification unread when removing timings
This calls a bit more attention to the deferred topic by amending the "read"
state of the last notification on the topic.
2019-04-09 12:42:21 +10:00
Robin Ward cbc311e4ed UX: Update the reviewable count before the message bus
In certain edge cases, the message bus won't send the message to the
user about the updated review count and it can go out of sync.

This patch synchronizes the review count every time:

1. The user visits the "Needs Review" page

2. Every time the user performs an action
2019-04-05 10:35:38 -04:00
Neil Lalonde 83996fc8ea FEATURE: ability to restrict some tags to a category while allowing all others
A new checkbox has been added to the Tags tab of the category settings modal
which is used when some tags and/or tag groups are restricted to the category,
and all other unrestricted tags should also be allowed.
Default is the same as the previous behaviour: only allow the specified set of
tags and tag groups in the category.
2019-04-04 16:40:15 -04:00
Robin Ward c1ea63bdc1 FIX: Reviewables should not be created for users until they are active
Conversely, if a user is deactivated the reviewable should automatically
be rejected.

Before this fix, if a user was not active they'd still show in the
review queue but without an "Approve" button which was confusing.
2019-04-03 15:25:00 -04:00
Robin Ward 62956003c3 FEATURE: Allow users to customize bonuses for reviewable types
A new settings section in the review queue allows admins to specify that
certain types of flags should be weighted higher than others.
2019-04-03 11:18:34 -04:00
venarius c185109380 FIX: Restricted site text better error 2019-04-02 11:16:27 -04:00
Arpit Jalan d68d29f37a FIX: only staff can banner topics 2019-04-02 12:46:55 +05:30
Penar Musaraj 1c0f885a5b FIX: double render error with delegated authentication
Makes sure delegated authentication is checked before other login redirects

Updates specs to cover login_required = true cases
2019-04-01 22:13:53 -04:00
Penar Musaraj fdf4145d4b
FEATURE: Delegated authentication via user api keys (#7272) 2019-04-01 13:18:53 -04:00
Joffrey JAFFEUX e986e96227
DEV: removes old dashboard (#7295) 2019-04-01 12:39:49 +02:00
Robin Ward 86349abfea FIX: Apply `min_score_default_visibility` to reviewable topics list 2019-03-29 15:42:49 -04:00
Maja Komel 4a3daacb1b FIX: reset embedding settings when no embeddable host, log host changes (#7264) 2019-03-29 17:05:51 +01:00
Tarek Khalil b1cb95fc23
FEATURE: Introduce ignore duration selection (#7266)
* FEATURE: Introducing new UI for tracking User's ignored or muted states
2019-03-29 10:14:53 +00:00
Robin Ward b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Bianca Nenciu a9798f0c47
FEATURE: Add page for all group membership requests. (#6909) 2019-03-27 13:30:59 +02:00
Tarek Khalil ef2362a30f
FEATURE: Introducing new UI for changing User's notification levels (#7248)
* FEATURE: Introducing new UI for tracking User's ignored or muted states
2019-03-27 09:41:50 +00:00
Gerhard Schlager 4f04ae5692 FIX: Failed to show details about some bounced emails
Bounces sent to reply_by_email_address could not be found.
2019-03-26 18:00:27 +01:00
Sam Saffron 40ac895ef7 SECURITY: properly validate return URL for SSO
Previously carefully crafted URLs could redirect off site
2019-03-25 09:02:42 +11:00
David Taylor a9d5ffbe3d FIX: Prevent critical emails bypassing disable, and improve email test logic
- The test_email job is removed, because it was always being run synchronously (not in sidekiq)
- 34b29f62 added a bypass for critical emails, to match the spec. This removes the bypass, and removes the spec.
- This adapts the specs for 72ffabf6, so that they check for emails being sent
- This reimplements c2797921, allowing test emails to be sent even when emails are disabled
2019-03-22 17:28:43 +08:00
David Taylor 3f9e7eb326 FIX: Respect the disable_emails=non-staff site setting correctly
This reverts commit c279792130.

This commit inadvertently removed all of the non-staff email logic, rather than just for the 'test email' button. 

https://meta.discourse.org/t/112231/5
2019-03-21 21:44:14 +00:00
Neil Lalonde 1812a38f0a FIX: upload watched words should use UTF-8 2019-03-21 13:46:16 -04:00
Maja Komel 34730a0b16 UX: show if webhook is disabled (#7217)
+ show in staff logs when webhook is created/updated/destroyed
2019-03-21 16:13:09 +01:00
Tarek Khalil 3b59ff0d02 [FEATURE] Disallow ignoring self, admins or moderators users (#7202) 2019-03-20 11:18:46 +01:00
Leo McArdle b084750953 FIX: don't redirect incorrectly after full screen login (#7170)
Fixes two issues:
1. Redirecting to an external origin's path after login did not work
2. User would be erroneously redirected to the external origin after logout

https://meta.discourse.org/t/109755
2019-03-19 12:39:13 +00:00
Gerhard Schlager 8a99d59422 FIX: seed data classes couldn't always be found 2019-03-18 23:13:47 +01:00
Gerhard Schlager 3fd04df781
FEATURE: Locale support for seeded categories and topics (#7110) 2019-03-18 21:09:13 +01:00
Penar Musaraj 2506acae80
FIX: Respect permalinks starting with "/category" (#7171) 2019-03-18 10:24:46 -04:00
Guo Xiang Tan 5e410dc5e0
FEATURE: Ability to exclude category from search results. (#7194)
This commit also adds `Category#search_priority` which sets the ground
work to enable prioritizing of posts for certain categories when searching.
2019-03-18 15:25:45 +08:00
Rafael dos Santos Silva 8ce20090f7 FEATURE: Allow users to fetch a customized manifest on PWA install
This will allow users installing a Discourse PWA to use their active
theme colors on the generated app. Thanks for @mgiuca for the tip.

Also makes the share_target config explicit to silence Chrome warnings
2019-03-15 17:10:05 -03:00
Penar Musaraj 9334d2f4f7
FEATURE: add more granular user option levels for email notifications (#7143)
Migrates email user options to a new data structure, where `email_always`, `email_direct` and `email_private_messages` are replace by

* `email_messages_level`, with options: `always`, `only_when_away` and `never` (defaults to `always`)
* `email_level`, with options: `always`, `only_when_away` and `never` (defaults to `only_when_away`)
2019-03-15 10:55:11 -04:00
Tarek Khalil f8480ed911
FEATURE: Exposing a way to add a generic report filter (#6816)
* FEATURE: Exposing a way to add a generic report filter

## Why do we need this change?

Part of the work discussed [here](https://meta.discourse.org/t/gain-understanding-of-file-uploads-usage/104994), and implemented a first spike [here](https://github.com/discourse/discourse/pull/6809), I am trying to expose a single generic filter selector per report.

## How does this work?

We basically expose a simple, single generic filter that is computed and displayed based on backend values passed into the report.

This would be a simple contract between the frontend and the backend.

**Backend changes:** we simply need to return a list of dropdown / select options, and enable the report's newly introduced `custom_filtering` property.

For example, for our [Top Uploads](https://github.com/discourse/discourse/pull/6809/files#diff-3f97cbb8726f3310e0b0c386dbe89e22R1423) report, it can look like this on the backend:

```ruby
report.custom_filtering = true
report.custom_filter_options = [{ id: "any", name: "Any" }, { id: "jpg", name: "JPEG" } ]
```

In our javascript report HTTP call, it will look like:

```js
{
  "custom_filtering": true,
  "custom_filter_options": [
    {
      "id": "any",
      "name": "Any"
    },
    {
      "id": "jpg",
      "name": "JPG"
    }
  ]
}
```

**Frontend changes:** We introduced a generic `filter` param and a `combo-box` which hooks up into the existing framework for fetching a report.

This works alright, with the limitation of being a single custom filter per report. If we wanted to add, for an instance a `filesize filter`, this will not work for us. _I went through with this approach because it is hard to predict and build abstractions for requirements or problems we don't have yet, or might not have._

## How does it look like?

![a1ktg1odde](https://user-images.githubusercontent.com/45508821/50485875-f17edb80-09ee-11e9-92dd-1454ab041fbb.gif)

## More on the bigger picture

The major concern here I have is the solution I introduced might serve the `think small` version of the reporting work, but I don't think it serves the `think big`, I will try to shed some light into why.

Within the current design, It is hard to maintain QueryParams for dynamically generated params (based on the idea of introducing more than one custom filter per report).

To allow ourselves to have more than one generic filter, we will need to:

a. Use the Route's model to retrieve the report's payload (we are now dependent on changes of the QueryParams via computed properties)
b. After retrieving the payload, we can use the `setupController` to define our dynamic QueryParams based on the custom filters definitions we received from the backend
c. Load a custom filter specific Ember component based on the definitions we received from the backend
2019-03-15 12:15:38 +00:00
Bianca Nenciu d352baa1a2
FEATURE: Enforce two-factor authentication. (#6348) 2019-03-15 13:09:37 +02:00
Penar Musaraj d6d4a5ba4a FEATURE: support custom icons in themes (#7155)
* First take

* Add support for sprites in themes

Automatically register any custom icons added via themes or plugins

* Fix theme sprite caching

* Simplify test

* Update lib/svg_sprite/svg_sprite.rb

Co-Authored-By: pmusaraj <pmusaraj@gmail.com>

* Fix /svg-sprite/search request
2019-03-15 17:16:15 +11:00
Guo Xiang Tan b9ab393d70 Fix favicon not updating on the client side when changed.
Regression from 1c6a2262b3.

Documented the rational for include the url since we can't really test
this properly.
2019-03-14 15:37:43 +08:00
Guo Xiang Tan 1c6a2262b3
FIX: `StaticController#favicon` reads from disk when using local store. (#7160)
Since uploads site settings are now backed by an actual upload, we don't
have to reach over the network just to fetch the favicon. Instead, we
can just read the upload directly from disk.
2019-03-14 04:17:36 +08:00
Guo Xiang Tan b0c8fdd7da FIX: Properly support defaults for upload site settings. 2019-03-13 16:36:57 +08:00
Bianca Nenciu e6c2faf186 FIX: Disable 'Create Topic' button if tag is staff-only. (#6984)
* FIX: Disable 'Create Topic' button if tag is staff-only.

* FIX: Staff-only tags should always return 404.
2019-03-12 19:23:36 +11:00
venarius dc4541a95c FIX: Text content search warning if more than 50 results 2019-03-11 12:56:15 -04:00
Joffrey JAFFEUX 7ae1afa7d9
FIX: ensures tag-groups are used to allow category edit on topics (#7141) 2019-03-11 15:02:27 +01:00
Arpit Jalan 2c8e1d3578 FEATURE: remove all expired invitations by default 2019-03-07 15:28:39 +05:30
Gerhard Schlager 4000978452 FIX: Failed to save email template with pluralized subject 2019-03-06 16:51:04 +01:00
Tarek Khalil 0a9a11094d
FEATURE: Save ignored usernames in user preferences (#7117)
* FEATURE: Save ignored usernames in user preferences
2019-03-06 11:21:58 +00:00
Arpit Jalan 05ebb52ec4
FEATURE: defer flags when deleting child replies (#7111) 2019-03-06 14:32:25 +05:30
Tarek Khalil f19d36cbba
REFACTOR: Change `watch` wording to `unignore` (#7112)
* REFACTOR: Change `watch` wording to `unignore`
2019-03-05 14:40:31 +00:00
David Taylor 35275c137b PERF: Remove final N+1 from theme admin page
The rails bug previously mentioned only causes an issue when using `pluck`, so this controller is not affected.

Followup to a8ffc02d06
2019-03-05 12:10:53 +00:00
Arpit Jalan ad5f5b931d DEV: deprecate blank files for static modal pages 2019-03-04 15:05:33 +05:30
Tarek Khalil 986cc8a0fb FEATURE: Introduce Ignore user (#7072) 2019-02-27 14:49:07 +01:00
Maja Komel 6f427589b2 FIX: make it possible to use backup code everywhere where 2FA required (#7010) 2019-02-27 10:37:33 +01:00
Davide Porrovecchio 75aaae5d5c FEATURE: Allow wildcard in allowed_user_api_auth_redirects setting (#6779) 2019-02-26 17:03:20 +01:00
David Taylor a8ffc02d06 PERF: Reduce N+1s on theme admin page 2019-02-26 14:22:02 +00:00
Joffrey JAFFEUX 7ccb0b882f
FIX: ensures topic’s category allows topics tags (#7060) 2019-02-26 11:21:55 +01:00
Gerhard Schlager dc961fecb9 FIX: Outgoing emails were not disabled after restoring backup 2019-02-25 16:07:24 +01:00
Vinoth Kannan d1bad881ea
FEATURE: Allow moderators to change topic timestamps (#7053) 2019-02-22 14:33:52 +05:30
Sam 667d3a3fd6 PERF: include content-length header for CDN
Attempt to force NGINX to include content length when doing X-SendFile
This does not seem to be required when bypassing NGINX.

Without this header some CDNs may have issues caching
2019-02-22 11:21:07 +11:00
Sam 31d41f532e PERF: do not include suggested topics when loading new posts
When a new post is triggered via message bus post stream will attempt to load
it, previously the `/topic/TOPIC_ID/posts.json` would unconditionally include
suggested topics, this caused excessive load on the server.

New pattern defaults to exclude suggested and related topics from this API
unless people explicitly ask for suggested.
2019-02-22 10:37:18 +11:00
Guo Xiang Tan 58b0e945bd
UX: Lightbox support for image uploader. (#7034) 2019-02-21 10:13:37 +08:00
Gerhard Schlager 6a8007e5fb FEATURE: Improve handling of backup storage errors 2019-02-20 15:16:49 +01:00
Sam 33269c4172 FEATURE: do no search for groups unless a term is specified
Do not allow `/u/search/users.json` to list any group matches unless a
specific `term` is specified in the API call.

Adding groups should always be done when an actual search term exists,
blank search is only supported for users within a topic
2019-02-20 17:28:22 +11:00
Joffrey JAFFEUX 9ade04b709
FIX: removes legacy browsers-refresh button (#7028) 2019-02-19 16:38:21 +01:00
David Taylor f04471e422 REFACTOR: Proxy letter avatars in rails instead of nginx
Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
Co-authored-by: David Taylor <david@taylorhq.com>

This gives more control over the request. In particular we can easily
lookup DNS dynamically, instead of only upon NGINX startup.
Previously, NGINX was looking up IP for the letter avatar service and
caching the CDN IP address, this caused issues if CDN changed IP, in
which letter avatars would be broken till a container restarted.

NGINX config has been updated to add caching. This change will require
a container rebuild.

The proxy will now function in development environments, so the patch
for `letter_avatar_proxy` has been removed.
2019-02-18 08:46:56 +11:00
Sam ebd4140492 FIX: logspam due to 404s on CSS files
We had a missing formats: string on our render partial that caused logs to
spam when CSS files got 404s.

Due to magic discourse_public_exceptions.rb was actually returning the
correct 404 cause it switched format when rendering the error.
2019-02-14 17:58:16 +11:00
Maja Komel 39522659a6 FIX: validate parent category/subcategories permissions
See: https://meta.discourse.org/t/subcategories-do-not-inherit-permissions-from-parent-category/17174/23 for more details

This ensures users with access to child category can always at least see parent
2019-02-14 16:38:52 +11:00
Régis Hanol 4d674acc25 FEATURE: AWS SNS bounce notifications webhooks 2019-02-13 21:26:40 +01:00