FEATURE: Add basic support for Safe Mode

In Safe Mode all JS extensions and site customizations are disabled. To access Safe Mode visit `sitename.org/safe-mode`
2025-01-18 16:52:45 +08:00 · 2016-11-21 16:46:02 +11:00 · 2016-11-21 16:46:02 +11:00 · e2c87da42a
commit e2c87da42a
parent 6397d935ce
9 changed files with 86 additions and 1 deletions
--- a/app/assets/javascripts/discourse/components/global-notice.js.es6
+++ b/app/assets/javascripts/discourse/components/global-notice.js.es6
@ -9,6 +9,10 @@ export default Ember.Component.extend(bufferedRender({
  buildBuffer(buffer) {
    let notices = [];

+    if (this.session.get('safe_mode')) {
+      notices.push([I18n.t("safe_mode.enabled"), 'safe-mode']);
+    }
+
    if (this.site.get("isReadOnly")) {
      notices.push([I18n.t("read_only_mode.enabled"), 'alert-read-only']);
    }
--- a/app/controllers/safe_mode_controller.rb
+++ b/app/controllers/safe_mode_controller.rb
@ -0,0 +1,20 @@
+class SafeModeController < ApplicationController
+  layout 'no_ember'
+  skip_before_filter :preload_json, :check_xhr
+
+  def index
+  end
+
+  def enter
+    safe_mode = []
+    safe_mode << "no_custom" if params["no_customizations"] == "true"
+    safe_mode << "no_plugins" if params["no_plugins"] == "true"
+    safe_mode << "only_official" if params["only_official"] == "true"
+
+    if safe_mode.length > 0
+      redirect_to path("/?safe_mode=#{safe_mode.join("%2C")}")
+    else
+      redirect_to :index
+    end
+  end
+end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -241,7 +241,18 @@ module ApplicationHelper
  end

  def customization_disabled?
-    session[:disable_customization]
+    safe_mode = params["safe_mode"]
+    session[:disable_customization] || (safe_mode && safe_mode.include?("no_custom"))
+  end
+
+  def allow_plugins?
+    safe_mode = params["safe_mode"]
+    !(safe_mode && safe_mode.include?("no_plugins"))
+  end
+
+  def allow_third_party_plugins?
+    safe_mode = params["safe_mode"]
+    !(safe_mode && (safe_mode.include?("no_plugins") || safe_mode.include?("only_official")))
  end

  def loading_admin?
--- a/app/views/common/_discourse_javascript.html.erb
+++ b/app/views/common/_discourse_javascript.html.erb
@ -52,6 +52,9 @@
    Discourse.start();
    Discourse.set('assetVersion','<%= Discourse.assets_digest %>');
    Discourse.Session.currentProp("disableCustomCSS", <%= loading_admin? %>);
+    <%- if params["safe_mode"] %>
+        Discourse.Session.currentProp("safe_mode", <%= params["safe_mode"].inspect.html_safe %>);
+    <%- end %>
    Discourse.HighlightJSPath = <%= HighlightJs.path.inspect.html_safe %>;
    <%- if SiteSetting.enable_s3_uploads %>
      <%- if SiteSetting.s3_cdn_url.present? %>
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@ -28,8 +28,12 @@
    <%= script "vendor" %>
    <%= script "pretty-text-bundle" %>
    <%= script "application" %>
+    <%- if allow_plugins? %>
    <%= script "plugin" %>
+    <%- end %>
+    <%- if allow_third_party_plugins? %>
    <%= script "plugin-third-party" %>
+    <%- end %>

    <%- if staff? %>
      <script src="<%= Discourse.base_uri %>/extra-locales/admin"></script>
--- a/app/views/safe_mode/index.html.erb
+++ b/app/views/safe_mode/index.html.erb
@ -0,0 +1,29 @@
+<div class='container safe-mode'>
+  <h2><%= t 'safe_mode.title'%></h2>
+  <%= form_tag(safe_mode_enter_path) do %>
+    <p>
+      <%= t 'safe_mode.description' %>
+    </p>
+    <p>
+    <label>
+    <%= check_box_tag 'no_customizations', true, true %>
+    <%= t 'safe_mode.no_customizations' %>
+    </label>
+    </p>
+    <p>
+    <label>
+    <%= check_box_tag 'only_official', true, true %>
+    <%= t 'safe_mode.only_official' %>
+    </label>
+    </p>
+    <p>
+    <label>
+    <%= check_box_tag 'no_plugins', true, true %>
+    <%= t 'safe_mode.no_plugins' %>
+    </label>
+    </p>
+    <p>
+      <%= submit_tag t('safe_mode.enter'), class: 'btn btn-danger' %>
+    </p>
+  <% end %>
+</div>
--- a/config/locales/client.en.yml
+++ b/config/locales/client.en.yml
@ -2308,6 +2308,10 @@ en:
      custom_message_template_forum: "Hey, you should join this forum!"
      custom_message_template_topic: "Hey, I thought you might enjoy this topic!"

+    safe_mode:
+      enabled: "Safe mode is enabled, to exit safe mode close this browser window"
+
+
  # This section is exported to the javascript for i18n in the admin section
  admin_js:
    type_to_filter: "type to filter..."
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@ -3222,6 +3222,13 @@ en:
      title: "Resend Activation Email"
      message: "<p>We've re-sent the activation email to <b>%{email}</b>"

+  safe_mode:
+    title: "Enter safe mode"
+    description: "Safe mode allows you to test your site without loading plugins or site customizations."
+    no_customizations: "Disable all site customizations"
+    only_official: "Disable unofficial plugins"
+    no_plugins: "Disable all plugins"
+    enter: "Enter Safe Mode"
  wizard:
    title: "Discourse Setup"
    step:
--- a/config/routes.rb
+++ b/config/routes.rb
@ -699,6 +699,9 @@ Discourse::Application.routes.draw do
  post "/user-api-key/revoke" => "user_api_keys#revoke"
  post "/user-api-key/undo-revoke" => "user_api_keys#undo_revoke"

+  get "/safe-mode" => "safe_mode#index"
+  post "/safe-mode" => "safe_mode#enter", as: "safe_mode_enter"
+
  get "*url", to: 'permalinks#show', constraints: PermalinkConstraint.new

 end