* feat: add privilege give/rescind hooks
action:privileges.categories.give/rescind
action:privileges.global.give/rescind
breaking change, privileges.categories.give/rescind and privileges.global.give/rescind use full privilege name for groups ie `groups:find` instead of `find`
* fix: tests, privileges renamed
* feat: testing suite integration for openapi spec
The testing suite now takes the openapi spec into account. It will
check each route defined, make a call to it, and compare the
response with the defined schema. Any mismatches will cause the
test to fail.
* fix(openapi): removed debug stuff from tests
* fix(openapi): fixed some tests
* fix(openapi): added additional check to tests, test fixes
* fix(openapi): better tests, fixed spec errors
* fix(openapi): bad conditional in test
* fix: oops
* fix(openapi): more tests fixing
* fix(openapi): more tests
* fix(openapi): fix some more tests
* fix: verbose'd an info log
* fix: topic pagination route returns schema-optimized pagination block
* fix(openapi): more test/spec fixes
* fix(openapi): accidentally sending in authenticated jar for anon routes
* fix(openapi): more test/spec fixes
* fix(openapi): more spec fixes
* fix: timestampReadable Invalid Date
* fix(openapi): more tests... almost there
* fix(openapi): more tests fixing
* fix(openapi): finally all tests passing
* fix(openapi): added reverse test to compare response to spec
... and fixed all the tests that broke
* fix: remove tests related to group covers, as route is gone
* fix(openapi): broken test on travis
* fix(openapi): broken test on travis
* fix(openapi): broken test on travis
* fix(openapi): object cache is not present for psql
* fix: tests
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
* fix: #8142, broken site if no server-side session
During the `addHeader` middleware, a check is now done to see if
`req.session.meta` is present. This value is only present if the user
has a valid server-side session. If it is missing, then it is probably
safe to assume that the server-side session was deleted (either
intentionally or accidentally). In that scenario, the client-side cookie
should be cleared.
Also, there was an issue where the sessionRefresh flag was never cleared
after a successful login, so that was fixed too.
* feat: exported method to get cookie config
* fix: don't clear cookie if cookie is being set
* fix: socket.io tests
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
* feat: add assignee checking when updating flag
Prior to this, it was possible to update the assignee to any value (or
any user. This commit adds checking to allow only admins, global
moderators, or in the case of flagged posts, moderators.
Also some prep work was added for value checking `state`.
* feat: value checking `state` on flag update
The state should be one of the constants defined earlier in the file.
* feat: add failing test for pagination
* feat: test
* fix: redis tests
* refactor: remove logs
* fix: add new test
* feat: make sortedSetRangeByScore work with keys on redis
* fix: hardcoded set name
* feat: show topics from readable categories on recent/popular/top
* feat: rewrite unread topics
respect watched categories and followed topics
* fix: term + watched
* Add view users info global privilege
* Show user ip only to global mods and admins
* fix missing comma
* Hide link for users without correct privilege
* move getting privilege information to getAllData
* Hide the link from Global Moderators as well
* Give Global Moderator view:users:info privilege
* Restrict ip in post menu to view:users:info
* add some trailing commas....
* Add privilege to categories test
* Add group privilege to categories test
* add upgrade script
* fix style for TravisCI
* more styling - change spaces to tabs
* some more styling fixes (hopefully final one)
* fix style for Travis CI
* hide ip in chat messages
* Don't show even hidden ips on user profile page
* fix: removed duplicate checkContent call in addMessage
addMessage is called in one place (sendMessage), and the checks
are already contained there. addMessage is the lower level call
and so should be called only from within core itself.
* feat: #7330 chat system messages for join, leave, rename
* fix: add back content checking in .addMessage();
* fix: tests, and added .addSystemMessage() method
Tests were relying on message indices that changed due to the
new system messages.
* feat: add tests for system chat messages
* refactor: rewrite half of src/messaging/rooms.js, fix tests
* feat: #7743 messaging/room.js
* fix: tests for messaging/room.js, #7743
* fix: trying to fix tests
* fix: omg :rage2:
* feat: added new admin option newbiePostEditDuration
Also:
- Grammar-checked a couple language strings
- Moved a couple form inputs around in new user restrictions
- Added a test for the new option
- fix: 'defore' typo
* feat: add upgrade script to give mods privs
* feat: give all privileges when making a moderator
* feat: remove implicit privs
* feat: give global mods default privs
* feat: more priv fixes
* feat: use lodash
* fix: remove implicit mod priv from topic delete
* fix: more privs
* fix: posts.canEdit
* fix: canDelete and canEdit
* fix: tests, remove console.log
* feat: shorter functions
* feat: add tests
* fix: uids
* fix: redis random test fail
sets.groupNames is an array that contains other arrays of groupnames so passing it to getMembersOfGroups returned wrong results when there were more than 1 element in it.
* feat: ability to copy a groups privileges
ability to copy a group's privileges to all categories, or children of current category
* feat: switch to dropdown
added copy from category to groups
* fix: indents
* fix: cache refactor
db.getObjectField no longer loads entire object
db.getObjectsFields only clones data once
more tests
* feat: add back cache to redis
db.getObjectField no longer loads entire object
* auto unban when User.getUsersFields is called and the user is banned but has expired
* cleanups and removal of expiry_readable
* expiry_readable make an alias for backward compatibility
* User.bans.func vs User.*ban*Func
* console.log cleanups, plus todo message added
* use code util.deprecate
* fix: remove ununsed winston require
* fix: display proper site logo or og-image with sizes in head
* fix: refactor og:image logic, #7444
- Updated logic to set additional og:image tags based on more
factors
- logo.png fallback
* feat: save image sizes on post upload, re: #7444
* fix: awaiting addTags in topic controller
* fix: pass strings to meta tags object
* fix: sending absolute image url to meta tag
* fix: removed unneeded async and requiring sync db
* feat: upgrade to calculate image sizes for all post uploads tracked
* fix: tests
* fix: removal of timeago fallback middleware
Instead of loading English fallback on missing language, we opt
to not send a script tag for a missing language to begin with.
Timeago already loads with English as default, so it will just
continue to use English.
* fix: check userLang against supported language codes
* fix: cleaned up code as per @pitaj
* fix: added comments
* fix: more fixes as per @pitaj
* feat: added addl. test for timeago locales, fixed broken test
* feat: wip, category watch change
* feat: pass data to client
* feat: allow changing state
* fix: account page categories
* fix: show in unread if topic is followed or category is watched
* feat: add default watch state to acp
* feat: save user category watch state
* feat: update unread recent pages
* fix: remove dupe code
* fix: flip conditions
* fix: handle empty arrays
* fix: ignore/watch on others profile
* feat: upgrade script for category states
if there are any users ignoring categories set their state in new zset and delete cid:<cid>:ignorers
* fix: upgrade
* fix: tests
* fix: redis count
* fix: more tests
Barış Soner Uşaklı
Julian Lam
Andrew Rodrigues
Opliko
Aziz Khoury
renovate[bot]