* Extender docblocks cleanup
* Excplicit type hinting in extenders
* Bring method under constructor
* Mark some classes and methods as internal
* Remove beta references
Co-authored-by: Clark Winkelmann <clark.winkelmann@gmail.com>
This naming is clearer as to the intended effect. Changes include:
- A migration to rename all permissions
- Updating the seed migration to use the original naming from the start
- Replacing usage of the old names with new names in code
- Throwing warnings when the old names are used.
* WIP: Use Laravel filesystem interface where possible
* Drop vendorFilesystem
* Support getting URL of cloud-based logo and favicon
* FilesystemAdapter should always be cloud
* Get base avatar URL from filesystem adapter
* Restore deleted getAsset method
Co-authored-by: Alexander Skvortsov <askvortsov1@users.noreply.github.com>
- Adds a field to QueryCriteria that determines whether the sort provided is the controller's default sort
- Set this field to true iff sort not in query params. Default it to false
- Override $sort if a new default sort has been set on search state, and the param is true.
- Add tests!
* Add AccountActivationMailerTrait and use in AccountActivationMailer and SendConfirmationEmailController
* Remove prefix
Co-authored-by: Alexander Skvortsov <38059171+askvortsov1@users.noreply.github.com>
- update actions ci
- include json for 4 spaces tab
- provide output int for process code exit
- adhere to parent type hint of builder
- mailer instance now needs a name, multiple can be instantiated
- getOriginal now uses mutators in the model
- Temporarily loosen MailableInterface requirements. This avoids an immediate BC break for classes in extensions that implement this interface.
- Temporarily provide (and autoload) old symfony translator interface
- make queue exception handler compatible with the contract of L8
- Update phpunit schema for newer version
- Update phpunit assert calls for newer version
- Make session token-based instead of user-based
- Clear current session access tokens on logout
- Introduce increment ID so we can show tokens to moderators in the future without exposing secrets
- Switch to type classes to manage the different token types. New implementation fixes#2075
- Drop ability to customize lifetime per-token
- Add developer access keys that don't expire. These must be created from the database for now
- Add title in preparation for the developer token UI
- Add IP and user agent logging
- Delete all non-remember tokens in migration
- Support slug drivers for core's sluggable models, easily extends to other models
- Add automated testing for affected single-model API routes
- Fix nickname selection UI
- Serialize slugs as `slug` attribute
- Make min search length a constant
Only users that have the new `viewHiddenGroups` permissions will be able to see these groups.
You might want this when you want to give certain users special permissions, but don't want to make your authorization scheme public to regular users.
Co-authored-by: luceos <daniel+github@klabbers.email>
This avoids injecting the Application god class and assembling default
file locations in multiple places.
In addition, we no longer use the `MountManager` for these uploads. It
only added complexity (by moving tmp files around) and will not be
available in the next major release of Flysystem.
Note: Passing PSR upload streams to Intervention Image requires an
explicit upgrade of the library. (Very likely, users have already
updated to the newer versions, as the old constraint allowed it, but
we should be explicit for correctness' sake.)
The forum title is already used as the display name for the sender email address, so having it in the subject is just a duplication and waste of space.
By commenting out the new methods on the `DriverInterface` and checking
for these methods' existence before calling them, old implementations in
extensions will not break right away.
This will be removed after beta.12 is released, giving extension authors
about two months time to update their extensions.
This fixes a regression from #1843 and #1854. Now, the frontend again
shows the proper "Incorrect login details" message instead of "You
do not have permission to do that".
This will cause the right error (HTTP 401) to be thrown whenever
we're checking for a specific permission, but the user is not even
logged in. Authenticated users will still get HTTP 403.
HTTP 401 should be used when logging in (i.e. authenticating) would make
a difference; HTTP 403 is reserved for requests that fail because the
already authenticated user is not authorized (i.e. lacking permissions)
to do something.
