diff --git a/CHANGELOG.md b/CHANGELOG.md index d1597dd7f..e286550fb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,8 +3,22 @@ All notable changes to Flarum and its bundled extensions will be documented in t This project adheres to [Semantic Versioning](http://semver.org/). ## Unreleased +### Added +- Allow social auth extensions to upload an avatar via URL for new users +- Improve security by using HTTP-only cookie + CSRF token for API authentication +- Require user to re-enter password after 30 mins when performing sensitive/destructive actions +- Add `onhide` hook to Modal component +- i18n: Extract some leftover hardcoded strings + +### Changed +- i18n: Rename `core.lib.deleted_user_text` to `core.lib.username.deleted_text` + ### Fixed - Fix error when sorting discussions by "oldest" (#627) +- Fix composer preview button on mobile (#196) +- Enable "Start a Discussion" button if global permissions are restricted but tag-specific permissions are granted (#640) +- Improve composer appearance/usability on mobile +- Show "reply" action in discussion menu on mobile - Fix some issues with dropdown positioning - Various user interface tweaks diff --git a/src/Api/Serializer/ForumSerializer.php b/src/Api/Serializer/ForumSerializer.php index 4d14f6691..0820f75c2 100644 --- a/src/Api/Serializer/ForumSerializer.php +++ b/src/Api/Serializer/ForumSerializer.php @@ -75,8 +75,8 @@ class ForumSerializer extends AbstractSerializer 'themePrimaryColor' => $this->settings->get('theme_primary_color'), 'allowSignUp' => (bool) $this->settings->get('allow_sign_up'), 'defaultRoute' => $this->settings->get('default_route'), - 'canViewDiscussions' => $gate->allows('viewDiscussions'), - 'canStartDiscussion' => $gate->allows('startDiscussion') + 'canViewDiscussions' => $gate->allows('viewDiscussions') || $this->actor->hasPermissionLike('viewDiscussions'), + 'canStartDiscussion' => $gate->allows('startDiscussion') || $this->actor->hasPermissionLike('startDiscussion') ]; if ($gate->allows('administrate')) {