* feat: add privilege give/rescind hooks
action:privileges.categories.give/rescind
action:privileges.global.give/rescind
breaking change, privileges.categories.give/rescind and privileges.global.give/rescind use full privilege name for groups ie `groups:find` instead of `find`
* fix: tests, privileges renamed
* feat: testing suite integration for openapi spec
The testing suite now takes the openapi spec into account. It will
check each route defined, make a call to it, and compare the
response with the defined schema. Any mismatches will cause the
test to fail.
* fix(openapi): removed debug stuff from tests
* fix(openapi): fixed some tests
* fix(openapi): added additional check to tests, test fixes
* fix(openapi): better tests, fixed spec errors
* fix(openapi): bad conditional in test
* fix: oops
* fix(openapi): more tests fixing
* fix(openapi): more tests
* fix(openapi): fix some more tests
* fix: verbose'd an info log
* fix: topic pagination route returns schema-optimized pagination block
* fix(openapi): more test/spec fixes
* fix(openapi): accidentally sending in authenticated jar for anon routes
* fix(openapi): more test/spec fixes
* fix(openapi): more spec fixes
* fix: timestampReadable Invalid Date
* fix(openapi): more tests... almost there
* fix(openapi): more tests fixing
* fix(openapi): finally all tests passing
* fix(openapi): added reverse test to compare response to spec
... and fixed all the tests that broke
* fix: remove tests related to group covers, as route is gone
* fix(openapi): broken test on travis
* fix(openapi): broken test on travis
* fix(openapi): broken test on travis
* fix(openapi): object cache is not present for psql
* fix: tests
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
* fix: #8142, broken site if no server-side session
During the `addHeader` middleware, a check is now done to see if
`req.session.meta` is present. This value is only present if the user
has a valid server-side session. If it is missing, then it is probably
safe to assume that the server-side session was deleted (either
intentionally or accidentally). In that scenario, the client-side cookie
should be cleared.
Also, there was an issue where the sessionRefresh flag was never cleared
after a successful login, so that was fixed too.
* feat: exported method to get cookie config
* fix: don't clear cookie if cookie is being set
* fix: socket.io tests
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
* feat: add assignee checking when updating flag
Prior to this, it was possible to update the assignee to any value (or
any user. This commit adds checking to allow only admins, global
moderators, or in the case of flagged posts, moderators.
Also some prep work was added for value checking `state`.
* feat: value checking `state` on flag update
The state should be one of the constants defined earlier in the file.
