1
0
mirror of https://github.com/flarum/core.git synced 2025-10-11 15:04:25 +02:00
Commit Graph

99 Commits

Author SHA1 Message Date
Franz Liedke
27f159f6b8 Remove unnecessary use statement 2020-01-26 20:21:19 +01:00
ozzzzzzzam
499f33fbb6 Remove forum title from confirmation email subject (#1613)
The forum title is already used as the display name for the sender email address, so having it in the subject is just a duplication and waste of space.
2020-01-25 14:35:47 +01:00
Matt Kilgore
d7a5a6ad14 Change Zend namespace to Laminas (#1963)
Also ensure backwards compatibility for extensions that use the Zend framework but don't explicitly require it.
2020-01-06 22:29:34 +01:00
Franz Liedke
d492579638 Apply fixes from StyleCI
[ci skip] [skip ci]
2019-11-28 00:16:50 +00:00
Franz Liedke
538136153c Send a HTTP 401 for incorrect login credentials
This fixes a regression from #1843 and #1854. Now, the frontend again
shows the proper "Incorrect login details" message instead of "You
do not have permission to do that".
2019-09-13 15:03:03 +02:00
Franz Liedke
b60617b849 Move authentication check into assertCan() method
This will cause the right error (HTTP 401) to be thrown whenever
we're checking for a specific permission, but the user is not even
logged in. Authenticated users will still get HTTP 403.
2019-08-21 23:48:03 +02:00
Franz Liedke
04bcf1eef6 Fix inconsistent status codes
HTTP 401 should be used when logging in (i.e. authenticating) would make
a difference; HTTP 403 is reserved for requests that fail because the
already authenticated user is not authorized (i.e. lacking permissions)
to do something.
2019-08-21 00:06:31 +02:00
Franz Liedke
646bd40bca Use Laravel's class-based Str and Arr helpers
Starting with version 5.9, the global funtions will be deprecated.

* https://laravel-news.com/laravel-5-8-deprecates-string-and-array-helpers
* https://github.com/laravel/framework/pull/26898
2019-07-06 01:30:58 +02:00
Franz Liedke
ef57b443c1 Apply fixes from StyleCI (#1761)
[ci skip] [skip ci]
2019-03-19 09:59:09 +01:00
Franz Liedke
5154d7e5a6 Allow configuring all drivers via frontend (#1169)
This includes an API endpoint for fetching the list of possible
drivers and their configuration fields. In the future, this can
be extended to include more meta information about each field.
2019-03-19 09:56:20 +01:00
Toby Zerner
0ab9facc4b Make the Request available to the Formatter\Rendering event (#1721)
This is important because extensions may wish to render post content
differently depending on Request factors such as the actor. For example,
an attachments extension might wish to hide attachments from guests.

This solution is a bit of a hack-job for now, but soon when we refactor
the API layer to use tobscure/json-api-server, and also refactor the
Formatter layer, it can be revised.
2019-01-22 23:33:49 +01:00
David Sevilla Martín
c761802900 Fix DELETE /api/extensions/* returning 500 (#1580)
* Use extension string as parameter for ::disable & ::uninstall

* Remove repeated 'ExtensionManager::disable' call

* Fix StyleCI
2018-12-13 00:16:03 +01:00
Toby Zerner
f3a5a89e12 Apply fixes from StyleCI (#1651)
[ci skip] [skip ci]
2018-11-22 08:04:41 +10:30
Toby Zerner
2ef66ac716 Add "clear cache" button to admin 2018-11-22 08:03:43 +10:30
Toby Zerner
6d14d0c39b Perform visibility checks on notification subjects at the query level
This will prevent a notification from being seen by a user if its
subject is deleted or undergoes some kind of permission change (eg.
a discussion is moved into a private tag)

ref #1380
2018-11-11 16:58:08 +10:30
Franz Liedke
e99f7fcdac Fix leak of private information when updating users
Fixes #1628.
2018-11-09 12:02:26 +01:00
Toby Zerner
9792576464 Rename notification.sender 2018-08-24 22:13:06 +09:30
Toby Zerner
ca93c8c609 Rename post.hideUser 2018-08-24 22:13:05 +09:30
Toby Zerner
8248ba2f7a Rename post.editUser 2018-08-24 22:13:05 +09:30
Toby Zerner
a7ffed6778 Rename discussion.readNumber 2018-08-24 22:13:05 +09:30
Toby Zerner
4756bf1daf Rename discussion.lastPostedUser 2018-08-24 22:13:05 +09:30
Toby Zerner
8ecb67d49d Rename discussion.startUser 2018-08-24 22:13:05 +09:30
Toby Zerner
e241518506 Rename discussion.startPost 2018-08-24 22:13:05 +09:30
Toby Zerner
677a7dd2d3 Merge branch 'master' into 1236-database-changes
# Conflicts:
#	src/Forum/Controller/IndexController.php
#	src/User/UserMetadataUpdater.php
2018-07-21 21:37:49 +09:30
Toby Zerner
d42f33971a Fix user list sorting 2018-07-21 18:39:32 +09:30
Toby Zerner
ff7f7681c7 Use Eloquent's latest and oldest 2018-07-21 17:21:08 +09:30
Toby Zerner
6f3eb3f335 Fix discussion and post list sorting 2018-07-21 17:10:02 +09:30
Toby Zerner
2d667d885d Fix email confirmation links 2018-07-21 17:08:11 +09:30
Toby Zerner
0e73785498 Frontend refactor (#1471)
Refactor Frontend + Asset code

- Use Laravel's Filesystem component for asset IO, meaning theoretically
  assets should be storable on S3 etc.

- More reliable checking for asset recompilation when debug mode is on,
  so you don't have to constantly delete the compiled assets to force
  a recompile. Should also fix issues with locale JS files being
  recompiled with the same name and cached.

- Remove JavaScript minification, because it will be done by Webpack
  (exception is for the TextFormatter JS).

- Add support for JS sourcemaps.

- Separate frontend view and assets completely. This is an important
  distinction because frontend assets are compiled independent of a
  request, whereas putting together a view depends on a request.

- Bind frontend view/asset factory instances to the container (in
  service providers) rather than subclassing. Asset and content
  populators can be added to these factories – these are simply objects
  that populate the asset compilers or the view with information.

- Add RouteHandlerFactory functions that make it easy to hook up a
  frontend controller with a frontend instance ± some content.

- Remove the need for "nojs"

- Fix cache:clear command

- Recompile assets when settings/enabled extensions change
2018-06-30 12:31:12 +09:30
Daniel Klabbers
2cd77e231f Merge branch 'master' into 1236-database-changes 2018-06-19 09:57:47 +02:00
Toby Zerner
c498e68530 Use imported class name 2018-06-15 19:18:47 +09:30
Sajjad Hashemian
22f2df3670 rename TokenController to CreateTokenController 2018-06-06 09:40:29 +04:30
Daniël Klabbers
26b02adc9d Merge branch 'master' into 1236-database-changes 2018-06-03 21:51:01 +02:00
Franz Liedke
b3d45fd6f8 Replace ControllerInterface with PSR-15 interface
The custom interface already had the same signature as the
one from the standard (except for the return type hint), so
why not use that one now? :)
2018-05-30 09:49:47 +02:00
Daniel Klabbers
68d1edb8fd new api tests uncovered more issues, fixed tokens and discussion posts 2018-05-16 09:36:04 +02:00
Daniel Klabbers
3e3e1cbde5 fixed more attributes to match beta 8 2018-05-14 13:49:52 +02:00
Daniel Klabbers
a2927b725f went over most of the changed attributes from the other pr 2018-04-17 14:22:38 +02:00
Franz Liedke
fdbf0c86a1 Return empty response
Without this, the new version of Stratigility complained about no
response being returned. Old versions were more graceful here, but
this is certainly more correct.
2018-03-19 23:06:27 +01:00
Toby Zerner
160493e725 fire -> dispatch
As per Illuminate\Contracts\Events\Dispatcher
2018-02-10 12:09:35 +10:30
Toby Zerner
0ab1f2cfe7 Fix regression: set actor before eager loading user state 2018-02-08 07:08:39 +10:30
Toby Zerner
322a84f516 Improve search performance (#1339)
* Improve fulltext gambit

* Only search in visible posts

This change relies on the `visibility-scoping` branch to be merged.

* Change posts table to use InnoDB engine

Doing a JOIN between an InnoDB table (discussions) and a MyISAM table
(posts) is very very (very) bad for performance. FULLTEXT indexes are
fully supported in InnoDB now, and it is a superior engine in every
other way, so there is no longer any reason to be using MyISAM.

* Use ::class

* Only search for comment posts

* Add fulltext index to discussions.title

* Fix migration not working if there is a table prefix

* Update frontend appearance

* Apply fixes from StyleCI

[ci skip] [skip ci]

* Show search result excerpts on mobile
2018-02-08 06:38:08 +10:30
Toby Zerner
ad4bd3d001 Overhaul model visibility scoping (#1342)
* Overhaul the way model visibility scoping works

- Previously post visibility scoping required concrete knowledge of the
  parent discussion, ie. you needed a Discussion model on which you
  would call `postsVisibleTo($actor)`. This meant that to fetch posts
  from different discussions (eg. when listing user posts), it was a
  convoluted process, ultimately causing #1333.

  Now posts behave like any other model in terms of visibility scoping,
  and you simply call `whereVisibleTo($actor)` on a Post query. This
  scope will automatically apply a WHERE EXISTS clause that scopes the
  query to only include posts whose discussions are visible too. Thus,
  fetching posts from multiple discussions can now be done in a single
  query, simplifying things greatly and fixing #1333.

- As such, the ScopePostVisibility event has been removed. Also, the
  rest of the "Scope" events have been consolidated into a single event,
  ScopeModelVisibility. This event is called whenever a user must have
  a certain $ability in order to see a set of discussions. Typically
  this ability is just "view". But in the case of discussions which have
  been marked as `is_private`, it is "viewPrivate". And in the case of
  discussions which have been hidden, it is "hide". etc.

  The relevant API on AbstractPolicy has been refined, now providing
  `find`, `findPrivate`, `findEmpty`, and `findWithPermission` methods.
  This could probably do with further refinement and we can re-address
  it once we get around to implementing more Extenders.

- An additional change is that Discussion::comments() (the relation
  used to calculate the cached number of replies) now yields "comments
  that are not private", where before it meant "comments that are
  visible to Guests". This was flawed because eg. comments in non-public
  tags are technically not visible to Guests.

  Consequently, the Approval extension must adopt usage of `is_private`,
  so that posts which are not approved are not included in the replies
  count. Fundamentally, `is_private` now indicates that a discussion/
  post should be hidden by default and should only be visible if it
  meets certain criteria. This is in comparison to non-is_private
  entities, which are visible by default and may be hidden if they don't
  meet certain criteria.

Note that these changes have not been extensively tested, but I have
been over the logic multiple times and it seems to check out.

* Add event to determine whether a discussion `is_private`

See https://github.com/flarum/core/pull/1153#issuecomment-292693624

* Don't include hidden posts in the comments count

* Apply fixes from StyleCI (#1350)
2018-01-27 09:57:16 +10:30
Franz Liedke
936f67e953 Use ::class instead of some hardcoded class names
This gives us better refactoring functionality in IDEs like
PhpStorm, and also more quickly surfaces typos through errors
about undefined classes. :)
2018-01-03 09:41:46 +01:00
Toby Zerner
2b8c66354d Apply fixes from StyleCI
[ci skip] [skip ci]
2017-12-19 08:24:06 +00:00
Toby Zerner
4cf481355f Fix usage of UrlGenerator in notifications 2017-12-19 18:52:27 +10:30
Daniel Klabbers
2aba61668c - satisfying styleci
- cleared the merge conflict in the phpdoc
- changed some string class names to use ::class
2017-12-15 08:10:32 +01:00
Daniël Klabbers
f65e4dcba3 merges 5.5 and master into next-back 2017-12-14 01:00:16 +01:00
Toby Zerner
a0c95e6705 Filter out notifications with non-existent subjects
ref #1025 #1238. This should prevent the frontend from crashing when
opening the notifications menu, but we still need to make sure
notifications are deleted properly when subjects are deleted.
2017-12-13 15:54:16 +10:30
Toby Zerner
77c25ab725 Add infinite scrolling in the notifications list 2017-12-13 15:28:54 +10:30
Daniël Klabbers
6280fb2498 reverting translator contract 2017-11-29 06:26:48 +01:00