Andrei Prigorshnev 5a2ad7e386 DEV: remove calls to guardian from GroupActionLogger (#13835) ... We shouldn't be checking if a user is allowed to do an action in the logger. We should be checking it just before we perform the action. In fact, guardians in the logger can make things even worse in case of a security bug. Let's say we forgot to check user's permissions before performing some action, but we still have a call to the guardian in the logger. In this case, a user would perform the action anyway, and this action wouldn't even be logged! I've checked all cases and I confirm that we're safe to delete this calls from the logger. I've added two calls to guardians in admin/user_controller. We didn't have security bugs there, because regular users can't access admin/... routes at all. But it's good to have calls to guardian in these methods anyway, neighboring methods have them.		2021-07-28 15:04:04 +04:00
..
spam_rule	FIX: use allowlist and blocklist terminology (#10209)	2020-07-27 10:23:54 +10:00
anonymous_shadow_creator.rb	FIX: ensures shadow has last_posted_at before comparing to site setting (#10374)	2020-08-05 13:20:51 +02:00
badge_granter.rb	FEATURE: Add option to grant badge multiple times to users using Bulk Award (#13571)	2021-07-15 05:53:26 +03:00
color_scheme_revisor.rb	FEATURE: User selectable color schemes (#10544)	2020-08-28 10:36:52 -04:00
destroy_task.rb	FIX: do not send rejection emails to auto-deleted reviewable users (#12160)	2021-02-22 18:37:47 +05:30
email_settings_exception_handler.rb	FEATURE: Improve group email settings UI (#13083)	2021-05-28 09:28:18 +10:00
email_settings_validator.rb	FEATURE: Improve group email settings UI (#13083)	2021-05-28 09:28:18 +10:00
email_style_updater.rb	FEATURE: support SCSS in custom email style	2019-10-23 15:42:37 -04:00
external_upload_manager.rb	FEATURE: Initial implementation of direct S3 uploads with uppy and stubs (#13787)	2021-07-28 08:42:25 +10:00
group_action_logger.rb	DEV: remove calls to guardian from GroupActionLogger (#13835)	2021-07-28 15:04:04 +04:00
group_mentions_updater.rb	FIX: Mentions updater should work regardless of .notify	2020-02-18 16:02:26 -05:00
group_message.rb	DEV: s/\$redis/Discourse\.redis (#8431)	2019-12-03 10:05:53 +01:00
handle_chunk_upload.rb	DEV: enable frozen string literal on all files	2019-05-13 09:31:32 +08:00
heat_settings_updater.rb	FIX: round the calculated heat values	2019-06-06 15:44:55 -04:00
inline_uploads.rb	FIX: Skip upload if HTML cannot be parsed (#12971)	2021-05-14 16:52:40 +03:00
notification_consolidator.rb	DEV: handle all notification consolidations in new 'NotificationConsolidator' class.	2019-12-05 14:36:06 +05:30
notification_emailer.rb	FEATURE: Send an email notification when a post is approved. (#12665)	2021-04-12 12:08:23 -03:00
post_action_notifier.rb	FEATURE: Category setting to allow unlimited first post edits by the owner of the topic (#12690)	2021-04-14 15:54:09 +10:00
post_alerter.rb	FEATURE: Add last visit indication to topic view page. (#13471)	2021-07-05 14:17:31 +08:00
post_owner_changer.rb	FIX: Changing the post owner didn't update the reply_to_user_id of replies (#13862)	2021-07-27 20:49:08 +02:00
push_notification_pusher.rb	FIX: Handle timeout errors when sending push notifications (#13312)	2021-06-07 20:46:07 +02:00
random_topic_selector.rb	FIX: Use Discourse.system_user when we need a placeholder admin (#9781)	2020-06-24 15:51:30 +10:00
search_indexer.rb	DEV: Correct typos and spelling mistakes (#12812)	2021-05-21 11:43:47 +10:00
site_settings_task.rb	FEATURE: Treat site settings as plain text and add a new HTML type. (#12618)	2021-04-07 12:51:19 -03:00
staff_action_logger.rb	FEATURE: add staff action logs for watched words (#13574)	2021-06-30 11:22:46 +05:30
themes_install_task.rb	DEV: Add an option to skip a theme update from the themes:install task. (#12905)	2021-04-30 09:31:41 -07:00
topic_status_updater.rb	FIX: Auto close topic from category settings based on topic created_at (#12082)	2021-02-17 07:51:39 +10:00
topic_timestamp_changer.rb	FIX: when updating timestamps on topic set a correct bump date (#13746)	2021-07-16 11:56:51 +04:00
tracked_topics_updater.rb	DEV: enable frozen string literal on all files	2019-05-13 09:31:32 +08:00
trust_level_granter.rb	DEV: enable frozen string literal on all files	2019-05-13 09:31:32 +08:00
user_action_manager.rb	DEV: enable frozen string literal on all files	2019-05-13 09:31:32 +08:00
user_activator.rb	FEATURE: Allow using invites when DiscourseConnect SSO is enabled (#12419)	2021-03-19 10:20:10 +10:00
user_anonymizer.rb	FIX: Destroy associated user api keys when making a user anonymous. (#11760)	2021-01-25 11:07:22 -03:00
user_authenticator.rb	FEATURE: Allow invites redemption with Omniauth providers.	2021-03-09 09:27:18 +08:00
user_destroyer.rb	FEATURE: Blocking is optional when deleting a user from the review queue. (#13375)	2021-06-15 12:35:45 -03:00
user_merger.rb	FEATURE: Treat site settings as plain text and add a new HTML type. (#12618)	2021-04-07 12:51:19 -03:00
user_notification_renderer.rb	DEV: Upgrade Rails to 6.1.3.1 (#12688)	2021-04-21 12:36:32 +03:00
user_notification_schedule_processor.rb	FEATURE: Create notification schedule to automatically set do not disturb time (#11665)	2021-01-20 10:31:52 -06:00
user_silencer.rb	FIX: Skip sending PM email for user silence (#12240)	2021-03-02 09:18:09 +10:00
user_updater.rb	FIX: User can change name when auth_overrides_name is enabled.	2021-07-28 14:40:57 +08:00
username_changer.rb	DEV: Upgrading Discourse to Zeitwerk (#8098)	2019-10-02 14:01:53 +10:00
username_checker_service.rb	DEV: enable frozen string literal on all files	2019-05-13 09:31:32 +08:00
wildcard_domain_checker.rb	SECURITY: vulnerability in WildcardUrlChecker	2019-12-13 09:29:09 -05:00
wildcard_url_checker.rb	FIX: Allow any protocol in wildcard url checker (#8651)	2020-01-02 16:03:13 +00:00
word_watcher.rb	FIX: Add word boundaries to replace and tag watched words (#13405)	2021-06-18 18:54:06 +03:00