* refactor: socket posts delete/restore/purge so tid is not necessary
* refactor: stop trying to be fancy
* fix: tests to not pass in tid into posts.deletePosts
* fix: some more unnecessary tid passing
* feat: privileges save button, #8537, WIP
* fix: disable firefox autocomplete on privilege form fields
* feat: closes#8537 privilege changes commit on save
- new language strings for confirmation and success modals/toasts
- indeterminate privilege handling (/cc @psychobunny)
- added new discard button
- both discard and save buttons now have confirmation dialogs
* fix(tests): remove duplicate template helper test
* fix(tests): broken template helper test
* feat: confirm dialogs for all privilege copy actions
Also, ability to add user to a privilege table without needing
to refresh the privilege table.
* feat: group row addition w/o table refresh
breaking: helpers.getUserPrivileges and helpers.getGroupPrivileges
no longer make socket calls to the following hooks:
- filter:privileges.list, filter:privileges.admin.list,
filter:privileges.global.list, filter:privileges.groups.list,
filter:privileges.admin.groups.list,
filter:privileges.gloval.groups.list
The filters are still called, but done before the helper method
is called, and the results are passed in instead. This change
should only affect you if you directly call the helper methods,
otherwise the change is transparent.
* fix: stale ajaxify data on privilege category switch
* fix: implicit privileges not showing for user privs
* fix: groups, not group, also fix tests
* fix(tests): again
* fix: wrong tpl rendered when adding group to global priv table
make isPrimary and isCluster always booleans
they were strings when using ./nodebb start and boolean if they were in config.json and started with node app.js
allow selecting main topic to merge into
allow specifying a new title for merge topic
upon merge go to correct topic
new tests for merging with options
* feat: add privilege give/rescind hooks
action:privileges.categories.give/rescind
action:privileges.global.give/rescind
breaking change, privileges.categories.give/rescind and privileges.global.give/rescind use full privilege name for groups ie `groups:find` instead of `find`
* fix: tests, privileges renamed
* feat: testing suite integration for openapi spec
The testing suite now takes the openapi spec into account. It will
check each route defined, make a call to it, and compare the
response with the defined schema. Any mismatches will cause the
test to fail.
* fix(openapi): removed debug stuff from tests
* fix(openapi): fixed some tests
* fix(openapi): added additional check to tests, test fixes
* fix(openapi): better tests, fixed spec errors
* fix(openapi): bad conditional in test
* fix: oops
* fix(openapi): more tests fixing
* fix(openapi): more tests
* fix(openapi): fix some more tests
* fix: verbose'd an info log
* fix: topic pagination route returns schema-optimized pagination block
* fix(openapi): more test/spec fixes
* fix(openapi): accidentally sending in authenticated jar for anon routes
* fix(openapi): more test/spec fixes
* fix(openapi): more spec fixes
* fix: timestampReadable Invalid Date
* fix(openapi): more tests... almost there
* fix(openapi): more tests fixing
* fix(openapi): finally all tests passing
* fix(openapi): added reverse test to compare response to spec
... and fixed all the tests that broke
* fix: remove tests related to group covers, as route is gone
* fix(openapi): broken test on travis
* fix(openapi): broken test on travis
* fix(openapi): broken test on travis
* fix(openapi): object cache is not present for psql
* fix: tests
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
* fix: #8142, broken site if no server-side session
During the `addHeader` middleware, a check is now done to see if
`req.session.meta` is present. This value is only present if the user
has a valid server-side session. If it is missing, then it is probably
safe to assume that the server-side session was deleted (either
intentionally or accidentally). In that scenario, the client-side cookie
should be cleared.
Also, there was an issue where the sessionRefresh flag was never cleared
after a successful login, so that was fixed too.
* feat: exported method to get cookie config
* fix: don't clear cookie if cookie is being set
* fix: socket.io tests
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
* feat: add assignee checking when updating flag
Prior to this, it was possible to update the assignee to any value (or
any user. This commit adds checking to allow only admins, global
moderators, or in the case of flagged posts, moderators.
Also some prep work was added for value checking `state`.
* feat: value checking `state` on flag update
The state should be one of the constants defined earlier in the file.
Barış Soner Uşaklı
Julian Lam
Peter Jaszkowiak
Andrew Rodrigues