This fix searches for users based on the downcased username so that if
you pass in usernames to add/remove from a group and you don't have the
casing just right it will still find the correct users.
I updated the tests to add a username that has a mix of upper and
lowercase letters to verify this functionality.
Also acquire a transaction per link instead of failing when
any of the links can't be processed.
This prevents ActiveRecord from rolling back the transaction
and the next SQL statement sent to PG will fail. This is
however hard to test as it only happens when there are
two competing process trying to process this method at the
same time.
In the past onceoff was forcing inline download of gravatars,
this can be so expensive that it will never finish
This fix ensures it only marks avatars stale which will be picked
up by regular schedules
There was some old code that restricted a percentage of a themes code from
admin, only when admin was refreshed, this leads to lots of confusion
Conditional is now removed
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.
This allows for better auditing of the SSO provider feature
This change maintains backwards compatibility to allow you to remove a
single user from a group but allows you to specify a comma separated list
of users for bulk removal from a group.
Also it extracts out common functionality for fetching users from params
used in bulk adding users so it can also be used for removing users.
This is how `loadScript(url)` currently deals with multiple concurrent requests
1. Check existing `<script>` tags, and mark existing scripts (other than the
input `url`) as loaded
2. Find "true" `url` of the requested resource (CDN, subfolder path, etc)
3. Check if we have loaded the resource with that "true" `url`, and resolve
immediately if we have
4. Otherwise insert a `<script>` tag with the "true" `url` to load it
For example, in a subfolder install:
- Input `url` = `/javascripts/script.js`
- "True" `url` = `/subfolder/javascript/script.js`
And the _very_ subtle bug here is that we should use also use the true `url`
for step (1), because:
- Since the input and true `url` are different, we mistakenly mark the true
`url` as loaded in step one
- After finding the true `url`, and setting `loaded[trueUrl] = true` in (1), we
resolve the promise prematurely, when the resource could still be loading
