Commit graph

900 commits

Author SHA1 Message Date
Neil Lalonde
ca5f361d0a FEATURE: restrict admin access based on IP address 2014-09-05 12:06:01 -04:00
Sam
59d04c0695 Internal renaming of elder,leader,regular,basic to numbers
Changed internals so trust levels are referred to with

TrustLevel[1], TrustLevel[2] etc.

This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
Robin Ward
1e281a909e FIX: Prevent duplicate flags after undoing on the server side too. 2014-09-03 14:43:07 -04:00
Sam
c6aab831ed Merge pull request #2741 from riking/badges_create_checks
FIX: Apply contract checks when first creating a badge
2014-09-03 22:19:09 +10:00
Sam
4f09d552ed FEATURE: increase search expansion to 50 results
refactor search code to deal with proper objects
use proper serializers, test the controllers
2014-09-03 12:13:25 +10:00
riking
3cf493eb4f FIX: Apply contract checks when first creating a badge 2014-09-02 19:09:51 -07:00
Robin Ward
b04a52676e FIX: Don't show wrong flag choices after undo 2014-09-02 17:37:54 -04:00
Robin Ward
abd84cd2a1 FIX: Redirect to Top was showing "latest" content because it was in the
preload store.
2014-09-02 12:29:22 -04:00
riking
1833b43ae2 FEATURE: Badge query validation, preview results, and EXPLAIN
Upon saving a badge or requesting a badge result preview,
BadgeGranter.contract_checks! will examine the provided badge SQL for
some contractual obligations - namely, the returned columns and use of
trigger parameters.

Saving the badge is wrapped in a transaction to make this easier, by
raising ActiveRecord::Rollback on a detected violation.

On the client, a modal view is added for the badge query sample run
results, named admin-badge-preview.
The preview action is moved up to the route.
The save action, on failure, triggers a 'saveError' action (also in the
route).

The preview action gains a new parameter, 'explain', which will give the
output of an EXPLAIN query for the badge sql, which can be used by forum
admins to estimate the cost of their badge queries.
The preview link is replaced by two links, one which omits (false) and
includes (true) the EXPLAIN query.

The Badge.save() method is amended to propogate errors.

Badge::Trigger gets some utility methods for use in the
BadgeGranter.contract_checks! method.

Additionally, extra checks outside of BadgeGranter.contract_checks! are
added in the preview() method, to cover cases of null granted_at
columns.

An uninitialized variable path is removed in the backfill() method.

TODO - it would be nice to be able to get the actual names of all
columns the provided query returns, so we could give more errors
2014-08-31 11:25:44 -07:00
Robin Ward
9062719480 Merge pull request #2720 from techAPJ/patch-3
FIX: do not redirect topic for JSON request
2014-08-29 13:59:45 -04:00
Robin Ward
926e45d030 SECURITY: User action route was returning too much data 2014-08-29 13:46:50 -04:00
Arpit Jalan
84d0b599a4 FIX: do not redirect topic for JSON request 2014-08-29 23:09:02 +05:30
Robin Ward
85c6eb9b08 SECURITY: Only redirect to our host by path on the login action 2014-08-28 17:45:13 -04:00
Neil Lalonde
14890a6002 FEATURE: add a way to map arbitrary urls to a topic, post, or category. Useful for sites that have migrated to Discourse and want to redirect from their old site to Discourse with 301 redirects. 2014-08-28 15:58:24 -04:00
Robin Ward
8a6c4234fc FIX: Re-enable searching for topic by id when using the split topic
interface.
2014-08-28 15:42:29 -04:00
Robin Ward
69cb5bc425 FIX: Centralize Top rendering, remove old code paths. Fix some bugs. 2014-08-28 14:34:31 -04:00
Robin Ward
c9262a8390 FIX: Resend activation email was busted 2014-08-28 12:07:13 -04:00
Sam
a1244043d3 FIX: when search finds a deep link in a topic it takes you to it 2014-08-28 17:16:39 +10:00
Robin Ward
f10d6ed88a FIX: RSS feeds should use created_at not bumped_at 2014-08-27 12:42:54 -04:00
Robin Ward
c820c65172 Merge pull request #2692 from riking/sorted_badges
Sort the badges on the user profile page
2014-08-25 15:56:27 -04:00
riking
99c11e2184 Sort the badges on the user profile page
Also clean up UserBadgesController so it isn't doing two things in one
method
2014-08-25 12:40:51 -07:00
Robin Ward
ed125975a1 SECURITY: Prefix session key and validate token format. 2014-08-25 15:31:49 -04:00
Sam
bcbe36a834 Merge pull request #2675 from amalagaura/patch-1
Fix min_trust_level for wordpress
2014-08-22 10:25:39 +10:00
Robin Ward
c1aa2458f8 UX: Add drop down for top lists, big refactor of repeated code. 2014-08-21 16:08:47 -04:00
Régis Hanol
8a20d05ba5 FEATURE: backup without uploads 2014-08-20 18:53:58 +02:00
Ankur Sethi
43b5292303 Fix min_trust_level for wordpress
min_trust_level in the wordpress method was being set to 1 always, the order of the ternary operator was reversed.
2014-08-19 20:15:24 -04:00
Régis Hanol
f2b0228164 FIX: unhide post when a moderator undos the flag on which s/he took action 2014-08-19 16:14:17 +02:00
Régis Hanol
5b3a758ba9 FIX: redirect old avatars to proper user_avatar route 2014-08-18 17:45:07 +02:00
Sam
8737ffb272 Merge pull request #2658 from akshaymohite/optimization-fixes
Not initializing variable for looping if unused in loop
2014-08-18 14:42:52 +10:00
Sam
baaa3e0f9f FIX: #2664 it should be validates not validate
Thanks @chancancode
2014-08-18 14:40:54 +10:00
Sam
b82726b029 FIX: incorrect redirection code 2014-08-18 12:35:31 +10:00
Sam
e0a82d3088 FIX: rate limit password reset email 2014-08-18 10:55:30 +10:00
Akshay
6301a43d57 Not initializing variable for looping if unused in loop 2014-08-15 03:24:55 +05:30
Robin Ward
167f393a03 Merge pull request #2655 from techAPJ/patch-3
FEATURE: export user list
2014-08-14 17:19:49 -04:00
Arpit Jalan
d0736a06b6 FEATURE: export user list 2014-08-15 01:46:57 +05:30
Akshay
7ef61144e7 Avoid using to_s when performing String Interpolation 2014-08-14 23:55:27 +05:30
Régis Hanol
6201b82a67 FIX: keep the post_number parameter when redirecting to proper slug 2014-08-13 22:19:41 +02:00
Robin Ward
9a1580244a FIX: Don't show profile pages for inactive users and don't show them in
search results.
2014-08-13 13:30:25 -04:00
Robin Ward
c103398e9a First stab at About page 2014-08-11 16:59:15 -04:00
Robin Ward
21185617b0 Show the reason the topic couldn't be split rather than a generic error. 2014-08-11 14:43:19 -04:00
Régis Hanol
e64d3b8a42 FIX: disagree flag should unhide hidden post 2014-08-11 10:48:00 +02:00
Sam
7d5c0ae28e FIX: broken and uneeded code 2014-08-08 09:07:51 +10:00
Régis Hanol
3ae1ebdfc3 FIX: use PostDestroyer when deleting/recovering a topic 2014-08-07 19:12:35 +02:00
Arpit Jalan
b3926efebc convert space to plus for invite email parameter 2014-08-06 14:02:00 +05:30
Sam
0b01310c84 FIX: system badges where created under id 100 2014-08-06 10:51:39 +10:00
Robin Ward
06c681b0de Merge pull request #2617 from techAPJ/patch-2
FEATURE: dynamically load more invites
2014-08-05 12:54:06 -04:00
Arpit Jalan
4cd8abc905 FEATURE: dynamically load invites 2014-08-05 22:20:23 +05:30
Régis Hanol
ec30086dea FEATURE: agree all the flags 2014-08-04 22:48:04 +02:00
Sam
cb0ecd9ff1 PERF: store topic views in a topic view table
* cut down on storage of the work Topic, 3 times per row (in 2 indexes)
* only store one view per user per topic
* only store one view per ip per topic
2014-08-04 19:07:55 +10:00
Sam
03c8f09be8 PERF: finalize porting to new incoming links structure 2014-08-04 16:43:57 +10:00