Commit graph

96 commits

Author SHA1 Message Date
Ian Christian Myers
0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Chris Hunt
24da1ab07e Add 'invite only' site setting 2013-06-05 11:06:05 -07:00
Sam
21b3359ea4 Merge pull request #957 from chrishunt/chrishunt/lock-down-the-base
Add 'login required' site setting
2013-06-04 17:22:08 -07:00
Chris Hunt
85ceb5efa7 Add 'login required' site setting 2013-06-04 16:10:10 -07:00
Régis Hanol
e3e55d4dad fix image uploads on s3/imgur 2013-06-05 00:35:42 +02:00
Neil Lalonde
2465c9c724 Add min_private_message_title_length site setting so private messages can have short titles 2013-06-04 17:59:23 -04:00
Neil Lalonde
c4904aacc0 Automatically flag someone as a spammer if their posts get at least X spam flags from N users while their trust level is 'new user'. Staff can clear and set this status from the user record in admin. 2013-06-03 16:37:40 -04:00
Régis Hanol
6cc0f8f2d4 added more file uploads test for better coverage 2013-05-31 03:13:37 +02:00
Sam
73834370a5 work in progress, live unread and new counts 2013-05-30 16:49:57 +10:00
Sam
46389754d6 Merge pull request #892 from eriko/cas_support
Cas support
2013-05-28 16:13:29 -07:00
Erik Ordway
9a409d9440 fix comment and remove url setting as it is not used. 2013-05-28 08:06:18 -07:00
Robin Ward
197909246c Weigh staff likes higher when calculating scores. New site setting: staff_like_weight
can set the factor (default is 3)
2013-05-27 12:46:08 -04:00
Neil Lalonde
d26b87bd3c Add Site Setting allow_uncategorized_topics. Uncheck it to force people to choose a category for all new topics. 2013-05-24 16:56:43 -04:00
Sam
ca2dee52db moved comments to the bottom, they are way less intrusive there 2013-05-24 12:48:32 +10:00
Sam
2cd95bc649 lets try out annotations 2013-05-24 12:35:14 +10:00
Sam
fc3c93d237 almost fixed the regression of not allowing top level filters 2013-05-24 09:54:39 +10:00
Erik Ordway
0bdee973a0 allow disabling of local logins. In the instance where an .edu is using cas they may not want a user to be able to log in once the users credentials have been revoked in the system that feeds the CAS authentication server. This is very optional 2013-05-23 13:44:14 -07:00
Erik Ordway
1575ce7b10 add cas support with a few tests 2013-05-23 13:40:50 -07:00
Robin Ward
d554a59102 Support for a new site setting: newuser_spam_host_threshold. If a new user posts a link
to the same host enough tiles, they will not be able to post the same link again.

Additionally, the site will flag all their previous posts with links as spam and they will
be instantly hidden via the auto hide workflow.
2013-05-16 12:19:50 -04:00
Sam
4f328e3e45 +x on files makes no sense unless they really are executable
rails in the script dir makes no sense, use binstubs or bundler instead
2013-05-09 17:35:15 +10:00
Neil Lalonde
b944157d88 Fix edit uncategorized when on the /category/uncategorized page 2013-05-06 11:22:58 -04:00
Neil Lalonde
52942d2de6 Merge pull request #813 from slainer68/ga_domain_name
Google Analytics Domain name site setting
2013-05-03 14:57:01 -07:00
Neil Lalonde
c6370a3479 Add ability to edit the uncategorized category name, color, and text_color in a modal 2013-05-03 17:55:04 -04:00
slainer68
ac66f25043 Google Analytics Domain name site setting 2013-05-03 21:58:10 +02:00
David Celis
6be26f5316 Update to Imgur API v3
Version 2 of Imgur's API is deprecated. Their documentation for v2 is no
longer online, and applications can only be registered under version 3.
Version 3 of their API has a slightly different endpoint but, more
importantly, uses a Client ID/Secret pair instead of an API Key.

This PR updates Discourse to use the new version of Imgur's API.

Signed-off-by: David Celis <me@davidcel.is>
2013-05-01 21:39:10 -07:00
Jeff Atwood
51f16333be increase default max_likes to 50
WE LIKE LIKES MAN
2013-04-30 12:45:27 -07:00
Neil Lalonde
bbf982984d Add TOS and Privacy Policy site settings that can link to external sites. 2013-04-26 18:46:36 -04:00
Neil Lalonde
db2de1eff0 Add contact_email to site settings 2013-04-24 11:15:47 -04:00
Sam
37867af1bb track incoming links, amend share link to include user
fix pm styling
2013-04-24 18:05:35 +10:00
Neil Lalonde
72508d459b Use heat map on views column in topic lists 2013-04-23 15:06:13 -04:00
Jeff Atwood
b644509c28 reduce auto track default from 5m to 4m 2013-04-19 15:11:38 -07:00
Jeff Atwood
6948d2cbf3 increase email notify delay to 10 mins 2013-04-19 14:59:11 -07:00
Jeff Atwood
b64a4100fa change "visitor" trust level to "new user"
I blame me for this mistake.. visitor means other stuff in practice. New
User is correct meaning.
2013-04-17 16:11:24 -07:00
Neil Lalonde
48d5cb02c2 Add email as a sharing option 2013-04-12 18:06:36 -04:00
Régis Hanol
c5cf8be864 auto replace rules in titles 2013-04-10 11:00:50 +02:00
Sam
4fbf017272 get regular trust level going, self heal inconsistent topic timings 2013-04-05 15:30:28 +11:00
Sam
86cf7b1524 trust level 0 is highlighted in light gray as opposed to having special semantics around account age. 2013-04-04 12:24:23 +11:00
Jeff Atwood
533936f3a2 increase max_mentions to 10 2013-04-01 14:31:07 -07:00
Régis Hanol
1668b5eab2 FIX: allows the selection of the default landing tab 2013-03-28 14:01:13 +01:00
Robin Ward
36269cfbaa Rename 'popular' to 'latest'. First stab at 'Hot' tab. 2013-03-27 16:21:23 -04:00
Neil Lalonde
5961ffc0e4 Add site setting to choose which share links to show and in what order 2013-03-26 17:17:37 -04:00
Sam
c57ec611e1 basic api support 2013-03-25 18:04:46 -07:00
Robin Ward
6568b4aaa9 Better error messages when hitting max mentions/images/links 2013-03-25 12:27:09 -04:00
Sam
36a069488e Merge pull request #492 from sbauch/email-whitelist
added email whitelist SiteSetting feature to replicate email blacklist S...
2013-03-24 16:35:24 -07:00
Jeff Atwood
f14cf4c97e reduce read time required for basic user to 15m 2013-03-23 23:52:34 -07:00
Robin Ward
842760e50e Bump up best of to top 20% 2013-03-23 11:14:07 -04:00
Jeff Atwood
f0b57d5e4a reduce basic user time required from 25m to 20m 2013-03-22 15:33:40 -07:00
Robin Ward
9c38c13ac5 The "Best Of" mode uses a percentage ranking of posts. 2013-03-22 15:44:39 -04:00
Sam Bauch
77e3434d81 added email whitelist SiteSetting feature to replicate email blacklist. email_validator method now also uses the regex method for both the whitelist and blacklist. 2013-03-22 14:49:42 -04:00
Jeff Atwood
002fab358b slightly reduce read time req for trust level 1 2013-03-20 16:49:32 -07:00