[2.x] Fix realtime extender load order for tags & sticky (TypeError: …

…not a constructor) (#4699)

* [2.x] Fix realtime extender load order for tags and sticky

flarum/realtime registers its Realtime JS extender on the export registry
at module-evaluation time, and consumers read it back via flarum.reg.get().
The combined forum.js concatenates extensions in resolveExtensionOrder()
order, so realtime must be ordered before any consumer — otherwise the
consumer's reg.get runs before realtime's reg.add and instantiates
undefined (TypeError: mt(...) is not a constructor).

Without a dependency edge that order is reverse-alphabetical by id, so
consumers whose id sorts after flarum-realtime (tags, sticky) are emitted
before it. flags/likes/lock/messages already declare flarum/realtime as an
optional dependency; declare it on tags and sticky too (and normalise
sticky's flarum-tags to flarum/tags).

Fixes https://discuss.flarum.org/d/39359

* Add changelog entry for realtime ordering fix

chore: prep rc2 (#4676)

chore: prep rc.1 (#4581)

fix(tags): use forum description for meta description on tags homepag…

…e (#4557)

[1.x] fix(tags): exclude bypassTagCounts from DiscussionPolicy catch-…

…all (#4538)

* fix(tags): exclude bypassTagCounts from DiscussionPolicy catch-all

The catch-all `can()` method in DiscussionPolicy intercepted every
discussion ability, including the `bypassTagCounts` meta-permission,
and checked for a per-tag variant (e.g. `tag6.discussion.bypassTagCounts`)
that never exists. This caused the permission check to always deny
non-admin users, even when they had been explicitly granted
`bypassTagCounts`, whenever the discussion was in a restricted tag.

Fixes #4537

* Apply fixes from StyleCI

---------

Co-authored-by: StyleCI Bot <bot@styleci.io>

[2.x][tags] fix: tag restricted discussion own abilities (#4379)

* fix(tags): authors can rename/hide own discussions in restricted tags

Fixes #3692. When a discussion is in a restricted tag, `can()` in tags'
DiscussionPolicy would deny ALL abilities (including rename and hide) for
users who lack the explicit tag-specific permission — even when core
DiscussionPolicy would allow the action as an "own-discussion" right.

The fix adds `rename()` and `hide()` methods to tags' DiscussionPolicy.
Because `checkAbility()` dispatches to named methods before the `can()`
catch-all, these methods short-circuit for the author case and return
`allow()` before the erroneous tag-restriction deny is ever reached.

The methods use `$actor->hasPermission('discussion.reply')` rather than
`$actor->can('reply', $discussion)` to avoid a circular denial: calling
`can('reply', $discussion)` would re-enter `can()` in the tags policy,
which would deny reply for the same restricted-tag reason.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Apply fixes from StyleCI

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: StyleCI Bot <bot@styleci.io>

chore: prep for beta.6 (#4343)

[1.x] chore: prep 1.8.12 release (#4335)

* chore: prep 1.8.12 release

* chore: update LICENSE.md to current year

chore: prep for beta.5 (#4313)