Commit Graph

2991 Commits

Author SHA1 Message Date
Hannah Wolfe
49660ff703 Test for invite users error
refs #3433
2014-07-29 10:19:02 +01:00
Hannah Wolfe
f5a3a05951 Merge pull request #3439 from morficus/issue-3427
Removing "author" role-label
2014-07-29 08:40:56 +01:00
Hannah Wolfe
48a562d1ce Merge pull request #3421 from morficus/issue-3082
Implementing HTML emails
2014-07-29 08:40:00 +01:00
Maurice Williams
de1dc4d0d0 Removing "author" role-label
closes #3427
- adding conditional statement to now display users with role "author"
2014-07-29 01:50:34 -04:00
Maurice Williams
e30e29bf5d Implementing HTML emails
closes #3082
- no more in-line HTML strings
- adding files for "welcome", "reset password", and "invite user" emails
- added mail.generateContent() to create HTML and plain-text email content
- refactored methods that trigger emails to send both HTML and plain-text emails
2014-07-29 00:55:14 -04:00
Hannah Wolfe
9343bccb1f Merge pull request #3437 from morficus/issue-3433
Error when inviting users
2014-07-29 05:36:28 +01:00
Maurice Williams
e15fb9ed57 Error when inviting users
fixes #3433
- passing only the role ID when creating a user
- uncommenting test cases
2014-07-29 00:06:40 -04:00
Hannah Wolfe
e8bb8e2c11 Merge pull request #3435 from jaswilli/issue-3133
Preserve order of tags as entered by the user.
2014-07-29 04:36:25 +01:00
Hannah Wolfe
37399b30db Merge pull request #3430 from sebgie/refresh-token-expiry
Change refresh token expiry
2014-07-29 04:19:46 +01:00
Hannah Wolfe
407133df27 Merge pull request #3434 from gleneivey/3431-run-with-latest-casperjs
Change casperjs helper used to get RSS page content.
2014-07-29 04:18:51 +01:00
Jason Williams
7a7138e534 Preserve order of tags as entered by the user.
Closes #3133
- Implement an ordered set for the tags property of the tag
  input controller.  Set order is by order added to the post.
2014-07-29 02:16:21 +00:00
Sebastian Gierlinger
b3112a4349 Reset/Signin while signed in
no issue
- added redirect and notification to reset route
- added notification to signup route
2014-07-28 18:00:08 +02:00
Glen E. Ivey
8826d4e663 Change casperjs helper used to get RSS page content.
closes #3431
- change feed_test.js to call casperjs getHTML() instead of
  getPageContent(), because the latter now strips markup

Alternative fix would be to use .page.frameContent directly
instead of using a casperjs wrapper.

Change runs cleanly on Travis (old casperjs tag) and locally
in the Ghost-Vagrant setup with both the old casperjs tag
and the current HEAD SHA (29bbd03f7cdc9fc1e70f0fe1400635dd7d3537ad)
2014-07-28 07:58:24 -07:00
Sebastian Gierlinger
e1c0c5ce98 Change refresh token expiry
no issue
- acquiring a new access token using a refresh token sets the
expiration time of the refresh token to now + 24 hrs.
- moved all occurrences of ONE_HOUR, ONE_DAY and ONE_YEAR to
`core/server/utils`
2014-07-28 15:19:49 +02:00
Sebastian Gierlinger
cc471aedcb Merge pull request #3395 from ErisDS/issue-3096
User Permissions: Edit, Add, Destroy & Role management
2014-07-28 12:04:07 +02:00
Hannah Wolfe
6adc6efb3b Merge pull request #3423 from jaswilli/issue-3403
Add a mixin for saving a subset of a model.
2014-07-28 09:49:19 +01:00
Hannah Wolfe
64766de8d6 Merge pull request #3422 from sebgie/issue#3177
Hide Access Token
2014-07-28 09:18:42 +01:00
Hannah Wolfe
129fa4cb8c Merge pull request #3405 from sebgie/issue#3387
Add XSS prevention
2014-07-28 09:17:41 +01:00
Hannah Wolfe
987e9277dc User edit, add & destroy perms restricted by role
closes #3096, closes #3378, refs #3100

- user.permissible updated to reflect proper permissions
- small amount of API refactoring to handle extra cases
- extensive integration testing
2014-07-28 08:32:04 +01:00
Hannah Wolfe
7714dc6ab1 Adding role API tests & fixing browse
refs #3083, refs #3196
2014-07-28 07:22:06 +01:00
Hannah Wolfe
e7dc51dc66 Improving error handling 2014-07-28 06:30:01 +01:00
Hannah Wolfe
4e3b21b7da Permissions Improvements
refs #3083, #3096

In order to implement advanced permissions based on roles for specific
actions, we need to know
what role the current context user has and also what action we are
granting permissions for:
- Permissible gets passed the action type
- Effective permissions keeps the user role and eventually passes it to
  permissible
- Fixed spelling
- Still needs tests
2014-07-28 06:29:59 +01:00
Jason Williams
d59edf1806 Add a mixin for saving a subset of a model.
Closes #3403
- Add SelectiveSaveMixin so that a DS.Model can save one or more
  properties at a time while preserving other outstanding changes.
2014-07-27 21:04:35 +00:00
Sebastian Gierlinger
d895238571 Add XSS prevention
closes #3387
- added placeholder for <script> and <iframe>
- added google-caja sanitizer
- changed title in posts overview to ‚double-stash‘
2014-07-27 23:03:01 +02:00
Sebastian Gierlinger
f0d38aa66d Hide Access Token
closes #3177
- uses an iFrame to initiate the download to hide the access token

The access token is now hidden in the admin logic. If we would like to
completely hide the token it is possible to remove the access token and
use signed requests instead, but I think the effort isn’t worth the
benefit in this case.
2014-07-27 22:57:57 +02:00
Hannah Wolfe
6628127297 Merge pull request #3413 from halfdan/3407-meta-title
Correct meta_title for author pages.
2014-07-27 19:58:50 +01:00
Hannah Wolfe
77ae8394e0 Merge pull request #3393 from joeldrapper/sort-roles-dropdown
Fixed role sort order in the invite a new user drop down list
2014-07-27 19:39:06 +01:00
Hannah Wolfe
8c017de4d3 Merge pull request #3412 from novaugust/credentials-validation-convergance
Create new user validator to DRY up validators
2014-07-27 19:38:24 +01:00
Hannah Wolfe
f372ecddf0 Merge pull request #3411 from novaugust/signup-password
Rebind password to password input on signup page
2014-07-27 19:36:54 +01:00
Hannah Wolfe
c34b8fc6ff Merge pull request #3408 from jaswilli/issue-3399
Do not clear password until after leaving signin
2014-07-27 19:30:37 +01:00
Jason Williams
9dfef70d25 Do not clear password until after leaving signin
Closes #3399
- Provide our own authenticate action handler which does not
  clear the password input.
- Use the Signin route's deactivate hook to clear the password
  property on the controller after the user has transitioned
  away from the signin page.
2014-07-26 19:06:58 +00:00
Hannah Wolfe
1cff73f36c Merge pull request #3406 from simplabs/update-ember-simple-auth
Updated Ember Simple Auth to latest version
2014-07-26 17:24:18 +01:00
Fabian Becker
1cd2fa59bd Correct meta_title for author pages.
closes #3407
- Output correct meta_title for author pages
- Add test for meta_title for tag and author pages
2014-07-25 19:48:49 +00:00
Matt Enlow
0d7033f662 Create new user validator to DRY up validators
No issue
- Created NewUserValidator class to DRY up validation of a models name, email, and password
- Changed SignUpValidator to be an instance of NewUserValidator
- Changed SetUpValidator to extend NewUserValidator
2014-07-25 13:20:40 -06:00
Matt Enlow
698f5f6f6e Rebind name and password to inputs on signup page
Closes #3410, Ref #3392
- Removed setting name from user email address per issue #3392
2014-07-25 13:04:33 -06:00
Marco Otte-Witte
6406acef5c updated Ember Simple Auth to latest version 2014-07-25 16:04:19 +02:00
Hannah Wolfe
d2d25faa5c Merge pull request #3397 from morficus/issue-3392
Removing "full name" auto-popualtion during signup
2014-07-25 09:54:51 +01:00
joeldrapper
25b20bb2fe Roles drop down sorted by ID
closes #3391
- Changed sort order to ID instead of name
2014-07-25 09:41:12 +01:00
Hannah Wolfe
ce483a916a Merge pull request #3398 from morficus/issue-3396
Fixing resend user invitation
2014-07-25 08:53:13 +01:00
Hannah Wolfe
d1b84f0f7f Merge pull request #3394 from IanMitchell/settings-user-button
Hides <Users button for authors
2014-07-25 08:51:45 +01:00
Hannah Wolfe
85f3c192dd Merge pull request #3386 from felixrieseberg/iss3374
Signin: Proper notification if user not found
2014-07-25 08:48:49 +01:00
Hannah Wolfe
cc67f295ef Merge pull request #3385 from felixrieseberg/iss3375
Signin error notifications kept from stacking
2014-07-25 08:48:08 +01:00
Maurice Williams
a3da09b50f Removing "full name" auto-popualtion during signup
closes #3392
- removing data-binding attribute for "name" input box on signup screen
- removing data-binding attribute for "password" input box on signup screen
- making "email" the first input box and "name" the 2nd
- removing "autofocus" attribute for "email" input box on signup screen
2014-07-24 22:49:57 -04:00
Maurice Williams
69642e8e53 Fixing resend user invitation
closes #3396
- passing role when resending a users invitation
2014-07-24 22:42:55 -04:00
Ian Mitchell
ff3e68ec36 Hides <Users button for authors
closes #3295
- The <Users button visibility is now restricted by user role
2014-07-24 18:54:02 -07:00
Hannah Wolfe
a9a5acf2f2 Merge pull request #3377 from PaulAdamDavis/signout-button
Change signout link to button
2014-07-24 17:52:09 +01:00
Hannah Wolfe
81cd617741 Merge pull request #3376 from felixrieseberg/iss3292
Redirect authors and editors away from debug page
2014-07-24 17:51:16 +01:00
Hannah Wolfe
1d926787b3 Merge pull request #3368 from felixrieseberg/master
Show errors on reset page (Closes #3330)
2014-07-24 17:49:56 +01:00
Hannah Wolfe
6d7563986b Merge pull request #3354 from JohnONolan/ppp 2014-07-24 17:44:43 +01:00
John O'Nolan
b6b32ab570 Five posts per page 2014-07-24 17:43:48 +01:00