discourse/spec
Dan Ungureanu 76a7b75d8a
DEV: Reuse can_invite_to_forum? in can_invite_to? (#14392)
This commit resolves refactors can_invite_to? to use
can_invite_to_forum? for checking the site-wide permissions and then
perform topic specific checkups.

Similarly, can_invite_to? is always used with a topic object and this is
now enforced.

There was another problem before when `must_approve_users` site setting
was not checked when inviting users to forum, but was checked when
inviting to a topic.

Another minor security issue was that group owners could invite to
group topics even if they did not have the minimum trust level to do
it.
2021-09-29 17:40:16 +03:00
..
components DEV: Reuse can_invite_to_forum? in can_invite_to? (#14392) 2021-09-29 17:40:16 +03:00
fabricators DEV: Ignore reminder_type for bookmarks (#14349) 2021-09-16 09:56:54 +10:00
fixtures FIX: Handle forwarded email quotes around Reply-To display name (#14384) 2021-09-20 16:26:18 +10:00
helpers FIX: Offer site_logo_dark_url as an option for dark mode themes (#14361) 2021-09-16 17:47:51 -04:00
import_export FEATURE: Rake task to export groups (#9450) 2020-04-17 14:59:54 -07:00
initializers FEATURE: A low priority filter for the review queue. (#12822) 2021-04-23 15:34:24 -03:00
integration SECURITY: Escape watched word in error message (#14434) 2021-09-24 11:55:15 +03:00
integrity DEV: Fix a flaky Onceoff spec (#13314) 2021-06-07 20:38:31 +02:00
jobs DEV: use upload id to save in theme setting instead of URL. (#14341) 2021-09-16 07:58:53 +05:30
lib PERF: Revert all inboxes from messages route. (#14445) 2021-09-28 11:58:04 +08:00
mailers FIX: add locales for group mention PM variants (#14358) 2021-09-16 23:07:45 +05:30
models DEV: Reuse can_invite_to_forum? in can_invite_to? (#14392) 2021-09-29 17:40:16 +03:00
multisite FIX: Use random file name for temporary uploads (#14250) 2021-09-06 10:21:20 +10:00
requests DEV: Reuse can_invite_to_forum? in can_invite_to? (#14392) 2021-09-29 17:40:16 +03:00
script/import_scripts DEV: If disabled do not change setting after import (#12142) 2021-02-19 09:33:35 -07:00
serializers FIX: Use unread post excerpt for topic-level bookmark excerpt (#14414) 2021-09-22 12:47:36 +10:00
services FEATURE: Humanize file size error messages (#14398) 2021-09-22 07:59:45 +10:00
support FIX: Make sure reset-new for tracked is not limited by per_page count (#13395) 2021-06-17 08:20:09 +10:00
tasks FIX: remove migrate_from_s3 task that silently corrupts data (#11703) 2021-01-17 22:33:29 +01:00
views/omniauth_callbacks FEATURE: Use full page redirection for all external auth methods (#8092) 2019-10-08 12:10:43 +01:00
rails_helper.rb Revert "DEV: Move rate limiter disable to after :each for tests (#13986)" (#13987) 2021-08-10 14:12:36 +10:00
swagger_helper.rb DEV: Refactor the api docs for the user endpoint (#14377) 2021-09-20 10:04:57 -06:00