NoosferoGov / noosfero

22 Apr, 2016

4 commits

097861a1 Merge branch 'plugin-test-api' into 'master' ... Browse Dir »
```
Run api tests in plugins



See merge request !870
```
Braulio Bhavamitra
2016-04-22 20:01:35 +0000

8df1c088 Merge branch 'new_security' into 'master' ... Browse Dir »

Fixing html_safe for noosfero

This MR treats of Noosfero's safe strings (with html_safe), because at the moment Noosfero treats all strings as safe, which allows users to inject malicious code.

See merge request !859

2016-04-22 19:46:42 +0000

ba2022b9 Run api tests in plugins Browse Dir »

Victor Costa
2016-04-22 16:01:11 -0300
1676500e Use ApplicationRecord pattern ... Browse Dir »
```
Anticipating a pattern from Rails 5
```
Braulio Bhavamitra
2016-04-22 14:25:15 -0300

20 Apr, 2016

1 commit

2647f313 ci: support testing when bundle --path was used ... Browse Dir »

Rename BUNDLE_OPTS to NOOSFERO_BUNDLE_OPTS as it replaced
and reserved to bundler, see
https://github.com/bundler/bundler/blob/61f1c2313f5cc07fe389a2ec5d1931f8cc61b004/lib/bundler.rb#L218

2016-04-20 22:15:37 -0300

19 Apr, 2016

5 commits

464f8ef6 api: fix validation of inactive users in login Browse Dir »

Victor Costa
2016-04-19 16:23:10 -0300
a1c29241 isolate proxy settings among multiple environments Browse Dir »

Joenio Costa
2016-04-19 13:05:38 -0300

218cf0a5 Set feed configurations as Environment attributes ... Browse Dir »

As ENV vars are not the settings implementation choice through the,
project, this is should turn this aspect of the feed fetching proxy
functionality compliant with Noosfero's design choices.

2016-04-19 13:05:38 -0300

01fecce0 Disable ssl verification for feed handler" Browse Dir »

Victor Costa
2016-04-19 13:05:38 -0300
732da2a8 Added a way to set a proxy for feed handler ... Browse Dir »
```
This has commit 4ebcbe31 squashed in which added SSL support.
```
Victor Costa
2016-04-19 13:05:38 -0300

18 Apr, 2016

1 commit

dab58951 Fixing html_safe for noosfero core ... Browse Dir »

Signed-off-by: Alexandre Barbosa <alexandreab@live.com>
Signed-off-by: Arthur Jahn <stutrzbecher@gmail.com>
Signed-off-by: David Carlos <ddavidcarlos1392@gmail.com>
Signed-off-by: Marcos Ronaldo <marcos.rpj2@gmail.com>
Signed-off-by: Victor Costa <vfcosta@gmail.com>

2016-04-18 07:50:07 -0300

15 Apr, 2016

2 commits

b4d35439 api: not return comments marked as spam Browse Dir »

Victor Costa
2016-04-15 13:53:38 -0300
b31129ac api: filter unavailable comments Browse Dir »

Victor Costa
2016-04-15 13:53:30 -0300

14 Apr, 2016

1 commit

08165b71 Removing search controller vulnabilities ... Browse Dir »
```
Signed-off-by: Lucas Kanashiro <kanashiro.duarte@gmail.com>
Signed-off-by: Macartur Sousa <macartur.sc@gmail.com>
```
Francisco Júnior
2016-04-14 13:15:46 -0300

12 Apr, 2016

1 commit

e58c017a Merge branch 'comments_api_reply' into 'master' ... Browse Dir »

API: Add the replies field in comment entity

Also add pagination to comments and add an option to return root comments only.

See merge request !842

2016-04-12 16:51:14 +0000

08 Apr, 2016

1 commit

9f4a8f6a Drop deprecated finders Browse Dir »

Braulio Bhavamitra
2016-04-08 19:16:18 -0300

07 Apr, 2016

4 commits

e7aecdac api: add filter option to return only root comments Browse Dir »

Victor Costa
2016-04-07 09:37:44 -0300
bac4c761 api: paginate comments Browse Dir »

Victor Costa
2016-04-07 09:37:43 -0300
055920fc api: expose replies of a comment Browse Dir »

Victor Costa
2016-04-07 09:37:37 -0300
043be0b1 Separate api tests Browse Dir »

Braulio Bhavamitra
2016-04-07 06:57:39 -0300

06 Apr, 2016

1 commit

1f93b07d cucumber.yml: support slicing features Browse Dir »

Braulio Bhavamitra
2016-04-06 16:58:48 -0300

05 Apr, 2016

1 commit

b113016a Add "*" to identifier format ... Browse Dir »
```
signed-off-by: Joenio Costa <joenio@colivre.coop.br>
```
Braulio Bhavamitra
2016-04-05 20:46:50 -0300

01 Apr, 2016

1 commit

f8be4d99 Add method to resend activation code ... Browse Dir »

Signed-off-by: Alexandre Barbosa <alexandreab@live.com>
Signed-off-by: Macartur Sousa <macartur.sc@gmail.com>
Signed-off-by: Marcos Ronaldo <marcos.rpj2@gmail.com>

2016-04-01 16:45:53 -0300

31 Mar, 2016

1 commit

d578209b fix to sql injections vulnerabilities identified using brakeman ... Browse Dir »
```
Signed-off-by: Lucas Kanashiro <kanashiro.duarte@gmail.com>
Sign-off-by: Macartur Sousa <macartur.sc@gmail.com>
```
Ábner Silva de Oliveira
2016-03-31 17:47:41 -0300

29 Mar, 2016

1 commit

44a3c877 Allow other Profile types to use blocks ... Browse Dir »
```
Signed-off-by: Rodrigo Souto <rodrigo@colivre.coop.br>
```
Marcos Pereira
2016-03-29 13:56:22 -0300

24 Mar, 2016

4 commits

87cde6f4 refactoring boxes routes for environment Browse Dir »

Leandro Santos
2016-03-24 13:22:51 -0300
05ad922f fix unit test and refatoring get environment enpoint Browse Dir »

Leandro Santos
2016-03-24 13:22:50 -0300
9e53cbea Added boxes support for environment Browse Dir »

Carlos Purificação
2016-03-24 13:22:50 -0300
415e0656 Added environment api tests and endpoints Browse Dir »

Carlos Purificação
2016-03-24 13:22:50 -0300

23 Mar, 2016

1 commit

3e94afa3 api: expose the article type Browse Dir »

Victor Costa
2016-03-23 08:54:33 -0300

22 Mar, 2016

3 commits

67e5eb05 plugins_tests: report broken and skip separately Browse Dir »

Braulio Bhavamitra
2016-03-22 18:03:10 -0300
1bed10f7 plugins_tests: Add environment to slice tests Browse Dir »

Braulio Bhavamitra
2016-03-22 17:48:22 -0300

068f8f46 Merge branch 'dynamic-callbacks' into 'master' ... Browse Dir »

plugin-hotspot: dinamic hotspot for models callbacks

With this, every model that includes Noosfero::Plugin::HotSpot will
provide callbacks hotspots for plugins to answer. The current callbacks
included are {after,before}_{create,destroy,save}.

So if a plugin wants to do something on a comment after_save, it should
define a hotspot somewhat like this:

  def comment_after_save_callback(comment)
    <code-goes-here>
  end

Obviously, the callback provides the object in context as parameter.

This will replace the problematic common practice of creating a
lib/ext/my_model.rb and injecting the callbacks inside the class which
bypass the enabled plugins logic.

Signed-off-by: Rodrigo Souto <rodrigo@colivre.coop.br>
Signed-off-by: Marcos Ronaldo <marcos.rpj2@gmail.com>

See merge request !810

2016-03-22 17:46:05 +0000

21 Mar, 2016

2 commits

541e9495 Merge branch 'master' into serpro_api Browse Dir »

Joenio Costa
2016-03-21 18:19:52 -0300

3ca0b153 plugin-hotspot: dinamic hotspot for models callbacks ... Browse Dir »

With this, every model that includes Noosfero::Plugin::HotSpot will
provide callbacks hotspots for plugins to answer. The current callbacks
included are {after,before}_{create,destroy,save}.

So if a plugin wants to do something on a comment after_save, it should
define a hotspot somewhat like this:

  def comment_after_save_callback(comment)
    <code-goes-here>
  end

Obviously, the callback provides the object in context as parameter.

This will replace the problematic common practice of creating a
lib/ext/my_model.rb and injecting the callbacks inside the class which
bypass the enabled plugins logic.

Signed-off-by: Rodrigo Souto <rodrigo@colivre.coop.br>
Signed-off-by: Marcos Ronaldo <marcos.rpj2@gmail.com>

2016-03-21 13:11:26 -0300

12 Mar, 2016

2 commits

8ff27f82 Revert server args for plugins' features ... Browse Dir »
```
If is weirdly failing (https://gitlab.com/noosfero/noosfero/builds/852331)
```
Braulio Bhavamitra
2016-03-12 12:54:06 -0300
85f6dcca Set resolution for xvfb-run ... Browse Dir »
```
This avoid unexpected failures with different environments defaults
```
Braulio Bhavamitra
2016-03-12 12:21:00 -0300

26 Feb, 2016

2 commits

5f06c747 api: accept a comma separated string to represent partial fields ... Browse Dir »
```
(cherry picked from commit 5d2a4bc5ab9e11db0e77539cac0fa49ef1ae66c3)
```
Victor Costa
2016-02-26 16:56:02 -0300

100df357 API improvements ... Browse Dir »

  - changes pagination to use api-pagination gem
  - new endpoints to boxes, activities, and profiles
  - new exposed attributes for some entities
  - other minor changes

  Signed-off-by: Leandro Nunes dos Santos <leandronunes@gmail.com>
  Signed-off-by: Marcos Ronaldo <marcos.rpj2@gmail.com>
  Signed-off-by: Michel Felipe de Oliveira Ferreira <michel.ferreira@serpro.gov.br>
  Signed-off-by: Victor Costa <vfcosta@gmail.com>

2016-02-26 16:55:51 -0300

23 Feb, 2016

1 commit

3af4b045 private-articles: creating dbm files do filter private files access thorugh web server ... Browse Dir »

Also rewriting the file visualization to work consistently with every
file type. Here is the overall basic behavior now:

  * If the request is passed with view=true, content is displayed
    as an article content.
    * If the file has an inline visualization (like images) it's already
      displayed.
    * If not, a download link is displayed.
  * If the request is passed with view=false, the file is provided
    straight, without any noosfero layout being loaded.

  * If the file is private:
    * And the user accesses its public filesystem path, apache (this is
      done by noosfero-apache) will redirect the request to rails
      path so that the rails server will provide it considering
      appropriate permissions.
    * And the user accesses its rails path, rails server will provide as
      well.
  * If the file is public:
    * And the user accesses its public filesystem path, apache will
      provide the file.
    * And the user accesses its rails path, rails server will redirect
      to its public filesystem path so that apache provides the file.

2016-02-23 12:38:09 -0300