From 127b4a7607dad08a550bac4c4245e52714e42ec6 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Thu, 3 Dec 2015 15:04:55 +1030
Subject: [PATCH] Fuzzy-match global forum permissions

This means that the "Start a Discussion" button will still be enabled if the user is not allowed to start globally, but only in certain tags.

Also add some other stuff to the changelog.

closes #640
---
 framework/core/CHANGELOG.md                        | 14 ++++++++++++++
 .../core/src/Api/Serializer/ForumSerializer.php    |  4 ++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/framework/core/CHANGELOG.md b/framework/core/CHANGELOG.md
index d1597dd7f..e286550fb 100644
--- a/framework/core/CHANGELOG.md
+++ b/framework/core/CHANGELOG.md
@@ -3,8 +3,22 @@ All notable changes to Flarum and its bundled extensions will be documented in t
 This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## Unreleased
+### Added
+- Allow social auth extensions to upload an avatar via URL for new users
+- Improve security by using HTTP-only cookie + CSRF token for API authentication
+- Require user to re-enter password after 30 mins when performing sensitive/destructive actions
+- Add `onhide` hook to Modal component
+- i18n: Extract some leftover hardcoded strings
+
+### Changed
+- i18n: Rename `core.lib.deleted_user_text` to `core.lib.username.deleted_text`
+
 ### Fixed
 - Fix error when sorting discussions by "oldest" (#627)
+- Fix composer preview button on mobile (#196)
+- Enable "Start a Discussion" button if global permissions are restricted but tag-specific permissions are granted (#640)
+- Improve composer appearance/usability on mobile
+- Show "reply" action in discussion menu on mobile
 - Fix some issues with dropdown positioning
 - Various user interface tweaks
 
diff --git a/framework/core/src/Api/Serializer/ForumSerializer.php b/framework/core/src/Api/Serializer/ForumSerializer.php
index 4d14f6691..0820f75c2 100644
--- a/framework/core/src/Api/Serializer/ForumSerializer.php
+++ b/framework/core/src/Api/Serializer/ForumSerializer.php
@@ -75,8 +75,8 @@ class ForumSerializer extends AbstractSerializer
             'themePrimaryColor'  => $this->settings->get('theme_primary_color'),
             'allowSignUp'        => (bool) $this->settings->get('allow_sign_up'),
             'defaultRoute'       => $this->settings->get('default_route'),
-            'canViewDiscussions' => $gate->allows('viewDiscussions'),
-            'canStartDiscussion' => $gate->allows('startDiscussion')
+            'canViewDiscussions' => $gate->allows('viewDiscussions') || $this->actor->hasPermissionLike('viewDiscussions'),
+            'canStartDiscussion' => $gate->allows('startDiscussion') || $this->actor->hasPermissionLike('startDiscussion')
         ];
 
         if ($gate->allows('administrate')) {