| Age | Commit message (Collapse) | Author |
|---|
|
|
|
* Add ability to mark statuses as sensitive from reports in admin UI
* Allow mark as sensitive action on statuses with preview cards
|
|
* Change old moderation strikes to be displayed in a separate page
Fixes #17552
This changes the moderation strikes displayed on `/auth/edit` to be those from
the past 3 months, and make all moderation strikes targeting the current user
available in `/disputes`.
* Add short description of what the strikes page is for
* Move link to list of strikes to “Account status” instead of navigation item
* Normalize i18n file
* Fix layout and styling of strikes link
* Revert highlights_on regexp
* Reintroduce account status summary
- this way, “Account status” is never empty
- account status is not necessarily bound to strikes, or recent strikes
|
|
* Change authorized applications page
* Hide revoke button for superapps and suspended accounts
* Clean up db/schema.rb
|
|
|
|
|
|
|
|
Conflicts:
- `app/models/account.rb`:
Not a real conflict, just upstream getting rid of unused constants too close
to glitch-soc-specific contents.
Removed unused constants like upstream did.
- `app/models/trends.rb`:
Conflict because glitch-soc disabled email notifications for trending links.
Upstream has refactored this quite a bit and added trending posts.
Took upstream code, but disabling the extra trending stuff will come in
another commit.
- `app/views/admin/trends/links/index.html.haml`:
Conflict due to glitch-soc's theming system.
Ported upstream changes accordingly.
|
|
* Add trending statuses
* Fix dangling items with stale scores in localized sets
* Various fixes and improvements
- Change approve_all/reject_all to approve_accounts/reject_accounts
- Change Trends::Query methods to not mutate the original query
- Change Trends::Query#skip to offset
- Change follow recommendations to be refreshed in a transaction
* Add tests for trending statuses filtering behaviour
* Fix not applying filtering scope in controller
|
|
* Change e-mail domain blocks to block IPs dynamically
* Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
* Update app/workers/scheduler/email_domain_block_refresh_scheduler.rb
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
|
|
Conflicts:
- `.github/workflows/build-image.yml`:
Upstream changed the workflow a bit.
Conflict comes from us pushing to ghcr while upstream pushes to dockerhub.
Ported the upstream changes while still pushing to ghcr.
|
|
|
|
|
|
* Bump pundit from 2.1.1 to 2.2.0
Bumps [pundit](https://github.com/varvet/pundit) from 2.1.1 to 2.2.0.
- [Release notes](https://github.com/varvet/pundit/releases)
- [Changelog](https://github.com/varvet/pundit/blob/main/CHANGELOG.md)
- [Commits](https://github.com/varvet/pundit/compare/v2.1.1...v2.2.0)
---
updated-dependencies:
- dependency-name: pundit
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* `include Pundit` is deprecated
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
|
|
|
|
|
|
Conflicts:
- `db/schema.rb`:
Conflict due to glitch-soc adding the `content_type` column on status edits
and thus having a different schema version number.
Solved by taking upstream's schema version number, as it is higher than
glitch-soc's.
|
|
* Display an error when an appeal could not be submitted
* Do not offer users to appeal old strikes
* Fix 500 error when trying to appeal a strike that is too old
* Avoid using an extra translatable string
|
|
* Add appeals
* Add ability to reject appeals and ability to browse pending appeals in admin UI
* Add strikes to account page in settings
* Various fixes and improvements
- Add separate notification setting for appeals, separate from reports
- Fix style of links in report/strike header
- Change approving an appeal to not restore statuses (due to federation complexities)
- Change style of successfully appealed strikes on account settings page
- Change account settings page to only show unappealed or recently appealed strikes
* Change appealed_at to overruled_at
* Fix missing method error
|
|
|
|
* Fix empty batch statuses selection causing a 500 error
* Simplify current_params
|
|
|
|
|
|
* Add notifications when a reblogged status has been updated
* Change wording to say "edit" instead of "update" and add missing controls
* Replace previous update notifications with the most up-to-date one
|
|
|
|
|
|
Content-type defaults to edited toot's content-type to avoid surprising
behaviors when using clients that do not support this feature.
|
|
Conflicts:
- `app/controllers/api/v1/statuses_controller.rb`:
Upstream moved things around in a place where glitch-soc had support for
an extra parameter (`content_type`).
Follow upstream but reintroduce `content_type`.
|
|
* Add editing for published statuses
* Fix change of multiple-choice boolean in poll not resetting votes
* Remove the ability to update existing media attachments for now
|
|
|
|
Conflicts:
- `app/views/settings/preferences/appearance/show.html.haml`:
Upstream renamed some helper functions that were used in a part of the
settings page which glitch-soc slightly changed the layout of.
Ported the change.
|
|
* Add edit history to web UI
* Change history reducer to store items per status
* Fix missing loading prop
|
|
|
|
- Remove the session-based locale stickyness
|
|
* Refactor tests
* Add tests
* Fix replies collection incorrectly looping
|
|
Conflicts:
- `CHANGELOG.md`:
Upstream added newlines.
Conflicts are because the CHANGELOG was independently merged from 3.4.6 on
last security update.
Took upstream's version.
- `app/helpers/context_helper.rb`:
Conflicts because of extra vocabulary in glitch-soc. The conflicts were
actually handled in last security merge.
Kept our version.
|
|
* Add tests
* Fix instance actor not being dereferenceable
* Fix tests
* Fix tests for real
|
|
|
|
|
|
|
|
|
|
Fixes #17382
Note that unconfirmed and unapproved accounts can still be searched for
and their (empty) account retrieved using the REST API.
|
|
Conflicts:
- `Gemfile.lock`:
Upstream-updated lib textually too close to glitch-soc-only dep.
Updated like upstream.
|
|
* Fix Sidekiq warnings about JSON serialization
This occurs on every symbol argument we pass, and every symbol key in hashes,
because Sidekiq expects strings instead.
See https://github.com/mperham/sidekiq/pull/5071
We do not need to change how workers parse their arguments because this has
not changed and we were already converting to symbols adequately or using
`with_indifferent_access`.
* Set Sidekiq to raise on unsafe arguments in test mode
In order to more easily catch issues that would produce warnings in production
code.
|
|
This simplifies the implementation considerably, and while not providing
ideal UX, it's the most flexible approach.
|
|
Upshot of CAPTCHA on e-mail validation is it does not need to break the in-band
registration API.
|
|
|
|
|
|
|
|
Fixes #1649
This requires setting `HCAPTCHA_SECRET_KEY` and `HCAPTCHA_SITE_KEY`, then
enabling the admin setting at
`/admin/settings/edit#form_admin_settings_captcha_enabled`
Subsequently, a hCaptcha widget will be displayed on `/about` and
`/auth/sign_up` unless:
- the user is already signed-up already
- the user has used an invite link
- the user has already solved the captcha (and registration failed for another
reason)
The Content-Security-Policy headers are altered automatically to allow the
third-party hCaptcha scripts on `/about` and `/auth/sign_up` following the same
rules as above.
|
