Commit Graph

20883 Commits

Author SHA1 Message Date
Penar Musaraj
102909edb3 FEATURE: Add support for secure media (#7888)
This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. 

A few notes: 

- the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads
- the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured
- upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status
- when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error
- when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 11:25:42 +10:00
Vinoth Kannan
56b19ba740 UX: instead of total user count display only the count of users going to be affected.
edec922803
2019-11-18 00:09:38 +05:30
Penar Musaraj
99b4f79a90 FIX: Include 5 participants in topic summary 2019-11-15 15:11:09 -05:00
Roman Rizzi
4cf3c9cccb
FEATURE: Filter reviewables by date range (#8354) 2019-11-15 15:29:59 -03:00
Penar Musaraj
6e74350f18 Fix Prettier again
Not sure how I missed a few files in the last commit
2019-11-15 10:52:06 -05:00
Penar Musaraj
cc8baa1a7c Fix Prettier using correct version (1.19.1) 2019-11-15 10:34:26 -05:00
Daniel Waterworth
676a1c8749 FIX: Use this.content.category instead of this.category on navigation-item
this.category isn't always available.
2019-11-15 13:47:55 +00:00
Daniel Waterworth
337fdccfeb DEV: Make context available to ExtraNavItems
This context is available to other NavItems so this makes things more
consistent.
2019-11-15 13:46:49 +00:00
Jeff Wong
786fcceb62 Return full URLs in review serializer for both post and topic
Return full URLs, this fixes reviewable links to support subfolder
2019-11-14 15:58:21 -08:00
Blake Erickson
3b16eb7abb FIX: Confirm new email with backup codes enabled
This is a fix for this bug:

https://meta.discourse.org/t/-/133185?u=blake

where rails would throw a missing template error when trying to confirm
a new email address when you had two factor backup codes enabled.

Apparently this feature broke during this commit:

68d35b14f4

when a partial that contained a lot of javascript was removed most
likely because it didn't comply with our Content Security Policy, so as
a fix I rewrote the previous js functionality without using any
javascript and then added a spec to verify that the correct backup code
form is displayed when that page is loaded.
2019-11-14 16:27:42 -07:00
romanrizzi
ff355ad204 FIX: Don't show bots as post readers 2019-11-14 17:53:52 -03:00
Penar Musaraj
067696df8f DEV: Apply Rubocop redundant return style 2019-11-14 15:10:51 -05:00
Penar Musaraj
6c16d5762c No need for return in last statement of method 2019-11-14 14:32:22 -05:00
Penar Musaraj
59ee89f0b7
UX: Adds +n indicator in PM topic list (#8353)
Shows the number of additional PM recipients in list when there are more than 5.
2019-11-14 14:14:23 -05:00
Robin Ward
d4b7c028fa REFACTOR: Move upload utilities to their own file 2019-11-14 12:51:08 -05:00
Penar Musaraj
f175afa0d9 FIX: Revert mobile jump to last post behaviour
Disables jumping to bottom of the page (added in 87f0b56) for mobile devices.

Fixes a regression with the mobile jump tool, and avoids users having to scroll up lots on mobile, since suggested topics and site footers can be lengthy.
2019-11-14 11:15:11 -05:00
Daniel Waterworth
0bb6b64747 DEV: Run prettier 2019-11-14 11:01:22 +00:00
Daniel Waterworth
7b63c92f47 DEV: Remove path building indirection
Tags are now handled just like other context information.
2019-11-14 10:47:14 +00:00
Daniel Waterworth
126b9bd16d FIX: Tag topic lists should pass on noSubcategories when building the top menu 2019-11-14 10:40:14 +00:00
Daniel Waterworth
a1cf0b88a8 DEV: Make NavItem.fromText take a filterType instead of a URL
This is step one of removing filterMode URLs entirely.
2019-11-14 09:43:15 +00:00
Krzysztof Kotlarek
f434de2536
FIX: Tracking Topic State know about category_seen_at (#8351)
If category got last_seen_at is set TrackingTopicState should know about it and exclude those topics from marking them as new
2019-11-14 16:11:34 +11:00
Sam Saffron
03efbad932 DEV: lint files 2019-11-14 11:52:29 +11:00
Martin Brennan
e7226a8c84
FEATURE: Allow scoping search to tag (#8345)
* When viewing a tag, the search widget will now show a checkbox to scope the search by tag, which will limit search results to that tag on desktop and mobile
2019-11-14 10:40:26 +10:00
Krzysztof Kotlarek
6e1fe22a9d
FEATURE: Dismiss new per category (#8330)
Ability to dismiss new topics per category.
2019-11-14 11:16:13 +11:00
Robin Ward
bc2067898e FIX: Missing User objects in Utilities 2019-11-13 15:55:32 -05:00
Robin Ward
f5ed0dc2e6 FIX: Failing tests 2019-11-13 15:34:30 -05:00
Mark VanLandingham
4843414de6 WIP - set Discourse.currentUser 2019-11-13 15:34:30 -05:00
Mark VanLandingham
38cc1962e7 WIP - discourse/models/user not defined 2019-11-13 15:34:30 -05:00
Mark VanLandingham
f9894aec97 DEV: Remove Discourse.User and import instead 2019-11-13 15:34:30 -05:00
David Taylor
0a14b9b42a FEATURE: Automatically redirect to authenticator when there is only one
This brings the behavior in line with native Discourse SSO. If login is required, and a user tries to visit the forum, they will be directed straight to the external login page without requiring any clicks.
2019-11-13 17:28:12 +00:00
Mark VanLandingham
3c5df82590 DEV: Remove Discourse.Site in favor of import (#8344)
* DEV: Remove Discourse.Site in favor of importing Site

* Ran prettier
2019-11-13 12:13:47 -05:00
Robin Ward
d2b3ac1282 FIX: Missing braces 2019-11-13 12:04:40 -05:00
Robin Ward
f518065654 FIX: computed is part of @ember/object not @ember/object/computed 2019-11-13 11:58:09 -05:00
Daniel Waterworth
e98d94f17f DEV: Commas in top_menu items are no longer used
According to eviltrout, commas and pipes were the delimiters of a
Discourse specific microformat, but this is no longer the case and
hasn't been for some time.
2019-11-13 16:21:34 +00:00
Joffrey JAFFEUX
d2d846a88e
DEV: prevents input/change events to cause a full rerender (#8339)
Code should decide when to do something with the event value, and maybe cause a re-rerender but it shouldn't be automatic. This is currently a gigantic waste of resources.
2019-11-13 15:49:01 +01:00
Daniel Waterworth
a7dd31496e DEV: Defer creation of extraNavItems until they are required
This also means that each list view gets a fresh set of ExtraNavItems.
2019-11-13 14:04:37 +00:00
Daniel Waterworth
e00ec22582 DEV: Remove extraneous intermediates 2019-11-13 14:03:47 +00:00
Daniel Waterworth
13c5381027 DEV: Don't return navigation item from addNavigationBarItem
No plugin or theme that I could find used the return value. Not
providing this to plugins affords us leeway to change the internals.
2019-11-13 13:07:09 +00:00
Daniel Waterworth
58b5d1434b FIX: Allow forceActive without a customHref 2019-11-13 12:17:57 +00:00
Daniel Waterworth
60e804ad5c DEV: No need to use call to call these callbacks
This is safe because addNavigationBarItem decorates these callbacks,
throwing away the context.
2019-11-13 11:50:40 +00:00
Joffrey JAFFEUX
e4df3792f6
DEV: provides a way to hook into createWidget constructor (#8340) 2019-11-13 09:29:12 +01:00
Joffrey JAFFEUX
38a18b7aa0
DEV: call destroy() on widget when glue is cleaned up (#8338) 2019-11-13 09:28:43 +01:00
Jeff Wong
3b36326cb7 Add plugin outlet after flagged post bodies 2019-11-12 17:47:56 -08:00
Roman Rizzi
1c179177e7
REFACTOR: Attach resize controls to images from the markdown pipeline (#8314) 2019-11-12 17:32:37 -03:00
Neil Lalonde
7711df40e6
REFACTOR: redo DiscourseTagging.filter_allowed_tags (#8328)
This method had grown into a monster. Its query had bugs
that I couldn't fix, and new features would be hard to add.
Also I don't understand how it all works anymore...
Replace it with common table expressions that can be queried
to generate the results we need, instead of subtracting
results using lots of "NOT IN" clauses.

Fixed are bugs with tag schemas that use combinations of
tag groups, parent tags, and one-tag-per-topic restrictions.
For example: https://meta.discourse.org/t/130991/6
2019-11-12 14:28:44 -05:00
Robin Ward
4422d9a4bf DEV: Provide a nicer error when JSON is malformed
This is very useful for development. It will give a much nicer error if
the JSON that comes back from the server is missing a required key.
2019-11-12 13:04:52 -05:00
romanrizzi
c9bd463e9d DEV: Let is not supported, use var instead 2019-11-12 14:58:16 -03:00
David Taylor
836b3f4d82
FIX: Do not deactivate admin accounts with recent posts or api keys (#8342)
This prevents 'bot' users being deactivated
2019-11-12 16:56:01 +00:00
Mark VanLandingham
213ebc3b32
DEV: Deprecation warning for aliased module usage (#8341) 2019-11-12 10:20:14 -06:00
David Taylor
cf4356cd81 UX: Do not add leading/trailing spaces when copying API key in Firefox
If there is any other whitespace in the container, then Firefox will add a leading/trailing space when double clicking the key. This commit wraps the key in a div with no whitespace, to work around the problem.
2019-11-12 16:00:57 +00:00