Neil Lalonde
86012ac579
Fix a case when the wrong topic is loaded because the slug starts with a number
2013-08-22 16:23:46 -04:00
Sam
d7596840e5
only staff should be able to see bookmarks and favs of other users
...
ensure that when they click on them they see the correct topics (topics for user they are looking at, not current user)
2013-08-22 09:18:54 +10:00
Neil Lalonde
47add6da70
Log when a site customization is deleted
2013-08-21 12:33:24 -04:00
Neil Lalonde
a95303fcd8
Log site customization changes. Use a modal to show staff action log details for site customizations.
2013-08-21 12:33:24 -04:00
Einar Jonsson
916a3f33f2
Refactored user activation business logic out of UsersController and
...
into a UserActivator class.
2013-08-21 09:22:34 +00:00
Neil Lalonde
3abeb5f793
Staff action logs can be filtered to changes of one site setting
2013-08-20 13:50:51 -04:00
Sam
df2b0b47bd
Merge pull request #1360 from michaelkirk/feature/oauth2
...
not recording Oauth2 user email
2013-08-19 14:57:05 -07:00
Neil Lalonde
1d030666d8
Log site setting changes and show in admin
2013-08-19 16:58:38 -04:00
Michael Kirk
9e8d8870f5
fixed: record Oauth2 user email
2013-08-19 11:21:27 -07:00
Sam
a9393e4a7a
paging for flag list
...
corrected reload behavior on flag list
refactored post actions ... extracted flag queries
2013-08-19 21:14:26 +10:00
Michael Kirk
4af8a9102e
Authenticate with Discourse via OAuth2
...
See https://github.com/michaelkirk/discourse_oauth2_example for an
example of how you might integrate your existing oauth2 provider's
authentication via a Discourse plugin.
2013-08-17 21:45:20 -07:00
Régis Hanol
ea6e73076b
change your avatar in a modal
2013-08-17 00:35:29 +02:00
Neil Lalonde
b6285b85d2
Add reject option to pending users page
2013-08-16 11:42:43 -04:00
Neil Lalonde
293361dcd3
Screened URLs list in admin
2013-08-15 10:52:26 -04:00
Sam
11dca1fd92
make code climate a bit happier
2013-08-06 06:25:44 +10:00
Neil Lalonde
86647f0a54
Add ScreenedUrl. Rename BlockedEmail to ScreenedEmail.
2013-08-14 16:08:23 -04:00
Robin Ward
aec929b184
Screw it, don't choose columns.
2013-08-14 12:26:31 -04:00
Robin Ward
a05ffafd4c
FIX: Direct link to Avatar
2013-08-14 12:22:44 -04:00
Robin Ward
479ca86713
FIX: Don't select columns if we don't have to.
2013-08-14 12:18:54 -04:00
Robin Ward
6793cba4ae
FIX: Displaying actions
2013-08-14 12:04:35 -04:00
Régis Hanol
4866f4d8f5
FIX: N+1 query for avatars
2013-08-14 15:25:05 +02:00
Régis Hanol
3524b90d6a
FIX: avatars in quotes/oneboxes
...
Avatars in quotes/oneboxes are still pointing to the old
`/users/:username/avatar(/:size)` route.
So, this adds back the old avatar route for the transition period.
2013-08-14 12:20:05 +02:00
Régis Hanol
c867b67a0b
custom avatar support
2013-08-13 22:08:29 +02:00
Neil Lalonde
b36c6d7b78
Users cannot change their own username after 3 days since registering. Site setting username_change_period allows you to change the number of days.
2013-08-12 14:55:09 -04:00
Neil Lalonde
bb492eb8bf
Add filtering to staff logs page
2013-08-09 16:59:05 -04:00
Neil Lalonde
90a3bcf6ff
Add filter by action to staff logs page
2013-08-09 10:06:59 -04:00
Neil Lalonde
33bddbff85
Use Ember.ListView for staff action logs page
2013-08-09 10:06:58 -04:00
Neil Lalonde
0d44313a4b
Use Ember.ListView for blocked emails list
2013-08-09 10:06:58 -04:00
Neil Lalonde
5c8c52482a
Add a way to view staff action logs in admin
2013-08-07 16:27:34 -04:00
Neil Lalonde
d2fb6ec53f
Blocked Emails list in admin
2013-08-07 16:27:34 -04:00
Robin Ward
1c3804934e
Show the entire history of replies above a post when you expend "in reply to"
2013-08-06 17:43:10 -04:00
Neil Lalonde
c74da0d262
Admins who haven't been approved can log in when must_approve_users is enabled
2013-08-06 16:51:29 -04:00
Neil Lalonde
98b58150bb
Dashboard calculations are done with an async job now
2013-08-02 18:32:33 -04:00
Sam
803d023e23
Fixed GitHub auth, GitHub can provide us with a valid email - so automatically log in for those cases
2013-08-02 12:16:44 +10:00
Sam
160107a712
working plugin interface for custom openid auth, custom css and custom js
2013-08-01 16:02:43 +10:00
Neil Lalonde
16cd3e2a53
Fix to allow admins to change the case of a someone's username
2013-07-30 16:48:45 -04:00
Neil Lalonde
06140740d0
Version checks: tolerate old version check data that can happen immediately after upgrading but forgetting to restart sidekiq/clockwork. Don't cache version check data along with other dashboard data.
2013-07-30 12:12:04 -04:00
Neil Lalonde
4fd5087f91
Add button to delete a spammer in the flag modal
...
Add SiteSettings: delete_user_max_age, delete_all_posts_max. Add delete spammer button to admin flags UI
Moderators can delete users too
2013-07-29 15:29:44 -04:00
Neil Lalonde
e076158789
Add ip_address, email, and context to staff_action_logs table. Context should usually be the url from which the staff member performed the action, but could be any string that describes what the staff member was doing when the action was performed.
2013-07-29 15:29:43 -04:00
Neil Lalonde
5f3e9131ed
Deleting a user from admin user page has the option to also block signups from the same email address
2013-07-29 15:29:43 -04:00
Neil Lalonde
5f8a130277
Add BlockedEmail, to block signups based on email. Track stats of how many times each email address is blocked, and last time it was blocked. Move email validation out of User model and into EmailValidator. Signup form remembers which email addresses have failed and shows validation error on email field.
2013-07-29 15:29:43 -04:00
Neil Lalonde
e25638dab0
add a way to delete posts and topics when deleting a user with UserDestroyer
2013-07-29 15:29:43 -04:00
Neil Lalonde
a8df9778b5
Rename AdminLog to StaffActionLog
2013-07-29 15:29:43 -04:00
Sam
22893e203a
Merge pull request #1260 from sir-pinecone/reactivate-admin-refresh-btn
...
Fix auto-group refresh response so that ajax callback runs
2013-07-28 22:22:55 -07:00
Sam
aa6c92922d
SECURITY: correct our CSRF implementation to be much more aggressive
2013-07-29 15:13:13 +10:00
Sam
4a20d09523
distributed memoizer added to ensure absolute duplicate posts don't get through
...
in case of an absolute dupe just return the memoized post
This works around issues with wordpress being crazy
2013-07-29 12:25:19 +10:00
Michael Campagnaro
aa7e96c0fa
Fix auto-group refresh response so that ajax callback runs
2013-07-26 19:47:32 -04:00
Robin Ward
c28b377494
Don't redirect to arbitrary URLs via link tracker
2013-07-26 12:14:11 -04:00
Robin Ward
0317cf9608
Show topics as a list of topics on the User Stream.
2013-07-25 15:56:20 -04:00
Sam
cb5ce3aab9
Merge pull request #1247 from sir-pinecone/strip-spaces-from-login
...
Strip leading/trailing spaces from login
2013-07-24 00:16:55 -07:00
Sam
880dd53f48
Merge pull request #1249 from sir-pinecone/strip-spaces-from-group
...
Strip spaces from group names upon creation
2013-07-24 00:15:53 -07:00
Michael Campagnaro
867ce0310c
display group validation errors in alert modal
2013-07-24 00:42:44 -04:00
Michael Campagnaro
b223cdb493
Strip spaces from group names upon creation
2013-07-24 00:00:17 -04:00
Michael Campagnaro
25f8692a79
Strip leading/trailing spaces from login
2013-07-23 23:03:38 -04:00
Régis Hanol
be9217d4c8
add server-side filesize check on uploads
2013-07-24 00:54:41 +02:00
Robin Ward
3ee6e42016
FIX: Server side errors with Topic.similar_to
2013-07-23 10:02:58 -04:00
Sam
9ac6c6e2e9
Merge pull request #1233 from sir-pinecone/improve-group-deletion
...
Add confirmation modal to admin group deletion
2013-07-23 00:43:06 -07:00
Stephan Kaag
0e3b8fbb24
Remove some calls to all
. They are not required, and Rails4 raises warnings about them.
2013-07-22 20:44:11 +02:00
Sam
1f3c5cb656
allow end user to recover a post they delete
...
automatically delete stubs after 1 day
2013-07-22 17:48:47 +10:00
Michael Campagnaro
9616767bff
Add confirmation modal to admin group deletion
2013-07-22 02:48:23 -04:00
Sam
0ec1438b9a
correct auto track param parsing for WordPress
2013-07-22 15:07:20 +10:00
Sam
acba0ea41e
add auto track to permitted params
2013-07-22 15:07:20 +10:00
Sam
c2be81a76e
Merge pull request #1199 from ZogStriP/uploads
...
adds the `max_attachment_size_kb` setting
2013-07-16 23:03:42 -07:00
Sam
06bd9e3234
allow login required screen to be customized
2013-07-16 20:49:04 +10:00
Sam
352ac9e60c
Finalize read only and post only categories, finished off UI work
2013-07-16 15:46:11 +10:00
Sam
ecf17cfebb
work in progress, add fidelity to category group permissions (full, create posts, readonly)
2013-07-16 15:46:11 +10:00
Sam
c7697bbae2
remove duplicate code
2013-07-16 15:44:38 +10:00
Régis Hanol
5ce05ff5cb
adds the max_attachment_size_kb
setting
...
so that we can specify a different max upload size for attachments and images.
2013-07-16 02:01:36 +02:00
Robin Ward
0e504aac9b
FIX: You can reset your password even if logins are required.
2013-07-15 12:12:54 -04:00
Robin Ward
6ca5df0a09
Can recover deleted topics. Deleted topics show the first post as deleted in the UI.
2013-07-12 12:09:17 -04:00
Robin Ward
5eaae063f0
Discourse Macro Helpers + Minor Fix to Admin User View
2013-07-11 19:35:52 -04:00
Robin Ward
19c169540c
Staff can enter and view deleted topics
2013-07-11 16:39:35 -04:00
Robin Ward
7fd8bb75d9
Merge pull request #1177 from ZogStriP/attachments
...
Attachments
2013-07-11 06:49:20 -07:00
Sam
1aef6de4b0
automatically approve invited users on forum where moderators must approve (keep in mind only moderators can invite)
...
speed up specs a touch
allow invite controller to accept an email in absence of user (cleans up API)
2013-07-11 11:22:00 +10:00
Régis Hanol
27ab5f471c
support arbitrary attachments
2013-07-10 22:59:53 +02:00
Robin Ward
b7327942af
Add deleted_by
to Trashable
tables
2013-07-09 15:46:36 -04:00
Neil Lalonde
ba7a4e9845
Merge pull request #1165 from novemberkilo/feature/log-trust-level-boosts
...
Log all changes of user trust level by an admin
2013-07-09 12:16:08 -07:00
Robin Ward
d98f288aa4
FIX: Recovering a deleted post was not updating a topic's statistics
2013-07-09 12:15:55 -04:00
Navin
d77ce23de2
Log all changes of user trust level by an admin
2013-07-08 11:53:22 +02:00
Sam
085e094497
404 if a category does not exist ....
2013-07-08 15:56:13 +10:00
Sam
91238af6f1
correct failing specs
2013-07-08 12:25:38 +10:00
Neil Lalonde
25d2cbc33f
Merge branch 'master' of github.com:discourse/discourse
2013-07-05 16:52:27 -04:00
Neil Lalonde
1c0e0da683
Add rss feed for latest and hot
2013-07-05 16:49:06 -04:00
Robin Ward
6cd6484b5e
New mode for Wordpress: Filter ONLY posts liked by moderators
2013-07-05 16:07:24 -04:00
Robin Ward
7335f5fb7f
Merge pull request #1145 from abbat/yandex-workaround
...
Workaround solution to help Yandex crawler index discourse.
2013-07-05 10:04:40 -07:00
Anton Batenev
694a6f4970
Fix recommendations from #1145
2013-07-05 15:59:39 +04:00
Robin Ward
07ebd20776
Merge pull request #1143 from ahx/fix-cas-email-name-and-improve-authentication-specs
...
Improve the omniauth controller specs. Fix the email provided by CAS. Get name from CAS attributes.
2013-07-04 14:48:52 -07:00
Anton Batenev
af36d32f7f
Workaround solution to help Yandex crawler index discource.
...
Yandex search engine doesn't index noscript tag content. See also
http://meta.discourse.org/t/noscript-tag-and-some-search-engines/8078
2013-07-04 22:08:23 +04:00
Andreas Haller
661f2057f7
Improve the omniauth controller specs. Fix the email provided by CAS. Get name from CAS attributes.
...
* Make omniauth controller specs more robust by using shared examples for all authentication providers in controller spec. – Still passing. Yay!
* Return "casuser", instead of "casuser@" when no cas_domainname is configured.
* If no cas_domainname is configured, the CAS authentication would return "casuser@" for the users email field, because it tried to assume the email adress of the CAS user by it's username + cas_domainname.
Now it just returns the username instead of adding an "@" if cas_domainname is not configured.
This especially makes sense on CAS setups where the username equals the users email adress.
The old behaviour, if cas_domainname is configured, was not changed.
* Fetch the email from CAS attributes if provided
If the cas:authenticationSuccess (handled via omniauth-cas) response gives us an email use that.
If not, behave as before (username or username@cas_domainname).
* Fetch the (full) name from CAS attributes if provided
If the CAS response by omniauth provides a [:info][:name] field, prefer this over the uid, because we want the name to be a "Full Name", instead of just a "shortname"
2013-07-04 12:01:39 +02:00
Navin
3da37506da
Back end - temporary boosting of trust levels
2013-07-03 10:30:40 +02:00
Sam
4d4a5735d2
logic to bypass trust level filter for high scoring posts
2013-07-03 12:37:17 +10:00
Neil Lalonde
075ed1ab53
Refactor user blocking code; hide the Block button in admin
2013-07-02 14:42:53 -04:00
Robin Ward
5770879472
Refactor: Move Topic Details into better objects, identity map, tests, query string filters
2013-07-02 10:36:46 -04:00
Sam
c3f64f99b3
fix up messed up routes
2013-07-02 15:21:26 +10:00
Sam
f6b850e7a4
allow skipping the validations on creation if its an api call AND skip_validations is specified
...
this allows wordpress plugin to post very very short titles or titles that would otherwise be disallowed
2013-07-02 12:23:19 +10:00
Sam
46c6949b6e
Merge pull request #1123 from stephankaag/rails4-new
...
Refactor routes in order to be compatible with Rails 4
2013-07-01 16:07:22 -07:00
Stephan Kaag
e39cc464b1
Refactor routes in order to be compatible with Rails 4
2013-07-01 20:00:06 +02:00
Sam
b92e912ac9
add min replies, min score and min trust level params for wordpress
2013-07-01 21:29:45 +10:00
Neil Lalonde
c1a39b5a30
Show date with year in message to banned users who try to log in
2013-06-30 12:49:34 -04:00
Neil Lalonde
a352b70bfc
Permit changing my own username's case without an error saying it is already taken
2013-06-28 16:21:46 -04:00