closes#3468
- added rate limit to deny more than 5 attempt every hour
- updated spam prevention to be configurable
- added config values spamTimeout, ratePeriod, rateAttempts
- added ratePeriod:1 to config.example.js to prevent functional tests
from hitting the rate limit
- commented spam test, I’ll fix it tomorrow
Basic notifications are unnecessarily verbose and, in some instances, even cause line-wrapping to occur. This change shortens them to short, concsise statements to indicate what action has taken place.
* Add titleize utility function.
* Capitalizes first word.
* Capitalizes all words not contained in simple article/conjunction
list.
* Enable shortcuts for `uppercase`, `lowercase`, and `titlecase`.
* Fix header shortcuts
* Ensure that header shortcuts do not duplicate text.
* Make headers idempotent (pressing `ctrl+alt+1` then
`ctrl+alt+2` does not make `# # # blah`.
Closes#3029, Ref #3469
- Editor shortcuts are now built in a separate file, which uses `ctrlOrCmd` to correctly set OS specific shortcuts.
- Removed `newLine` and `selectWord` shortcuts
Closes#3466
- Transferring the owner role is now done via a separate
endpoint and not through Ember-Data. As a result the
user role data needs to be updated manually.
- Updated the owner endpoint to return a response body
containing the updated user objects.
- Updated tests.
closes#3401
- modifying slug-generator to be more generic
- adding slugging capabilities for /settings/users/:slug
- modified posts to use the updated slug-generator
closes#3400
- The user view has been extended to have properties indicating whether
the user has rights to make the displayed user an owner or delete
him/her
- Handlebar conditionals decide whether or not to display the cog
* Ensures that posts listing only shows posts that the current user
authored, if they only have the Author role.
* Do not transition into the posts.post route if the current user is
not the author (but has the Author role). This is needed because
the API server will always return the post (regardless of the current
user).
Closes#3015
- Added stepThroughPosts method to PostsRouter, takes a integer, goes that far, wraps around the array.
- PostsPostRoute notifies the PostsController of which model it currently has, to help stepThroughPosts know who's selected
Closes#3402, Closes#3428
-------------------
### Components
- Added GhostSelectComponent to handle async select creation (h/t @rwjblue)
- Added GhostRolesSelector (extends GhostSelect) for displaying user role options
- Created StoreInjector for surgically inserting the store into things that normally wouldn't have them.
### Users Settings
- InviteNewUserModal now uses GhostRolesSelector & defaults to Author
- The role dropdown for user settings has permissions set per 3402
### User Model
- Added `role` property as an interface to getting and setting `roles`
- Refactored anything that set `roles` to set `role`
- isAdmin, isAuthor, isOwner and isEditor are all keyed off of `role` now
### Tests
- Added functional tests for Settings.Users
- updated settings.users and settings.users.user screens
- fix spacing on screens
### Server Fixtures
- Fixed owner fixture's roles
When a using the forgottenRoute if you enter an incorrectly formatted
email address you would see the error message 'Invalid Email', however
if you entered an email address that was correctly formatted but missing
the error message would be 'Invalid email address'.
This fixes the discrepancy.
closes#3426
- added transfer ownership endpoint
- added owner to roles.permissible
- manually removed owner from roles.browse
- removed hard coded author role
- fixed tests that were passing due to hard coded author role
- added testUtils.setup(‚roles‘)
