c531f4ded5
remove rails-observers
...
Rails yanked out observers many many years ago, instead the functionality
was yanked out to a gem that is very lightly maintained.
For example: if we want to upgrade to rails 5 there is no published gem
Internally the usage of observers had quite a few problem.
The series of refactors renamed a bunch of classes to give us more clarity
and removed some magic.
2016-12-22 16:46:53 +11:00
2f6a4cc6de
remove UserActionObserver, replace with after_save and service
...
interestingly there was some left over dead code from when stars
existed in the topic_users table
2016-12-22 16:46:53 +11:00
0a78ae739d
Remove SearchObserver, aim is to remove all observers
...
rails-observers gem is mostly unmaintained and is a pain to carry forward
new implementation contains significantly less magic as a bonus
2016-12-22 13:13:14 +11:00
5d7f3223f0
SECURITY: Users can only bookmark posts which they can see.
2016-12-21 12:01:26 +08:00
7c7c233c1c
FIX: Can't update Groups#allow_membership_requests in admin.
2016-12-20 15:14:35 +08:00
52cd9972bb
FIX: prevent DDoS with lots of _oneboxable_ links
...
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
a2096a01fb
add test case for handling uploads without extension
2016-12-20 00:46:47 +05:30
eb2db23b40
FEATURE: remove email_token_grace_period_hours
...
The site setting email_token_grace_period_hours just causes confusion and
should not be used anyway.
Out of the box, tokens stop working once confirmed, no need to add complexity here
2016-12-19 17:15:20 +11:00
0599bd0154
FEATURE: add referrer never tag to password reset page
2016-12-19 11:01:58 +11:00
15b5fddd49
SECURITY: protect upload params, only allow very strict filenames
2016-12-19 10:16:18 +11:00
61eb134181
FEATURE: setting to allow arbitrary redirects from sso origin
...
if sso_allows_all_return_paths is set to true you can redirect off-site from sso success
2016-12-16 13:37:44 +11:00
98f4a2adcb
FIX: on 404 from brotli asset path return a correctly encoded doc
...
old implementation would cache the 404 for 1 year with incorrect encoding
hilarity would ensue
2016-12-15 16:05:20 +11:00
2d61d7d644
update embed_controller_spec
2016-12-13 16:29:51 -05:00
43ee9f884e
FEATURE: Add Group#full_name.
2016-12-13 16:16:26 +08:00
da7009a968
FEATURE: Add request membership button for allowed groups.
2016-12-12 22:48:08 +08:00
05f55dbc10
FEATURE: Group logs.
2016-12-12 17:29:54 +08:00
be5b5f6bea
FEATURE: Public groups.
2016-12-12 17:00:30 +08:00
a2da2971af
FEATURE: Allow columns on group members page to be sortable.
2016-12-08 10:49:12 +08:00
1135e00c83
FIX: regression unable to dismiss unread
2016-12-06 08:49:40 +11:00
52763f5115
FEATURE: Allow posting a link with topics
2016-12-05 17:20:54 +01:00
37b256e7f2
Fix specs.
2016-12-05 17:13:58 +08:00
431aa79bb3
Merge pull request #4587 from techAPJ/invite-upload
...
FIX: simplify CSV file upload
2016-12-05 14:30:13 +05:30
ce974da9e5
FIX: simplify CSV file upload
2016-12-05 14:09:08 +05:30
31acd311e5
FEATURE: Allow group owners to edit group name and avatar flair.
2016-12-05 14:27:46 +08:00
b45fd21ed9
FIX: Clean up specs.
2016-12-05 13:37:33 +08:00
dc66f6681a
add spec for brotli controller, ensure cached correctly
2016-12-05 16:08:36 +11:00
dafd1453d6
FIX: topic list filters for bookmarked, posted, and read now work with tag filter
2016-12-02 15:58:14 -05:00
bc0a8142fe
PERF: Only show members count on group page.
2016-12-02 16:28:54 +08:00
b8dc58be90
got to be careful with integrity specs
2016-11-29 18:01:09 +11:00
266322ce2e
FEATURE: add help text for no bookmarks in user page
2016-11-29 17:56:00 +11:00
5794f1619d
PERF: Fix N+1 queries when loading groups.
2016-11-26 02:20:26 +08:00
88a46be051
FEATURE: display text excerpts when scrolling on mobile
2016-11-25 11:35:29 +11:00
bfd0418f07
added a test for safe mode
2016-11-23 13:31:05 +11:00
32a8d5ed1f
Merge pull request #4550 from cpradio/cannot-see-mention
...
FEATURE: Notify user when mention can't see the reply they were mentioned in
2016-11-15 16:40:47 -05:00
63d9d4f301
FIX: properly specify default on no cache on all resources
2016-11-15 17:00:44 +11:00
824c235760
FEATURE: Notify user when mention can't see the reply they were mentioned in
...
FIX: Group Mention Notifications
2016-11-14 22:03:16 -05:00
764a572070
FIX: when subcategories with the same name exist, filtering by tags might use the wrong subcategory
2016-11-02 15:29:33 -04:00
71f940d478
FIX: use metadata to hold the message_id with sparkpost
2016-10-27 19:35:50 +02:00
81e2a0099f
FIX: ensure the group 'everyone' is never shown when using a different locale
2016-10-24 10:53:31 +02:00
ee9946388c
Merge pull request #4507 from ming-relax/feat-delete-by-email
...
Remove user from a group by user email
2016-10-24 11:28:27 +08:00
7803a06e50
Use expect change for groups_controller_spec.rb
2016-10-24 10:32:21 +08:00
19e2eec219
Allow step 0 to resend the confirmation email
2016-10-21 11:34:19 -04:00
c03d25f170
FEATURE: Configure Admin Account
...
Adds a "Step 0" to the wizard if the site has no admin accounts where
the user is prompted to finish setting up their admin account from the
list of acceptable email addresses.
Once confirmed, the wizard begins.
2016-10-19 11:27:56 -04:00
dffd8baa91
Remove user from a group by user email
2016-10-18 17:10:47 +08:00
3949c24f80
FIX: sparkpost webhooks support
2016-10-17 11:26:49 +02:00
f4f5524190
FEATURE: user API now contains scopes so permission is granular
...
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
ddcc084d22
Revert "FEATURE: Use the top period default for users who have been inactive or are new"
2016-10-11 17:56:46 +02:00
2de50a616d
FEATURE: Use the top period default for users who have been inactive or are new
2016-10-11 09:55:15 -04:00
6031e692f0
Merge pull request #4366 from xfalcox/print
...
Print Support
2016-10-11 11:47:20 +11:00
3e513f5c05
Merge pull request #4459 from vibol/master
...
FEATURE: sparkpost webhook
2016-10-10 17:17:17 +11:00
