This adds the Silence Reason column to silenced user lists.
This feature helps combat large spam attacks cause you can quickly see
why a user was silenced and then bulk act on all the silenced users
Meta topic: https://meta.discourse.org/t/full-name-at-sign-up-went-missing/345662/17?u=osama
The preloaded `site` object for anons on login-required sites is a stripped down version of the full object with just a specific set of attributes and doesn't use the site serializer. This results in the `full_name_required_for_signup` and `full_name_visible_in_signup` attributes not making it to the client app when a login-required site is accessed by an anon, causing the name field in the signup form to not be rendered, even when it's required.
This commit includes those attributes in the stripped down version of the `site` object that's used for anons on login-required sites.
This commit introduces a workaround for a behavior observed in Safari for iOS / iPadOS where the feedback message wasn't being displayed after clicking on the copy button in the Glimmer post menu
Nokogiri/libxml is now more strict in terms of params it receives.
It uses kwargs vs options object (I fixed an issue there in #30545) doesn't accept nil/blank html (fixed here) and most importantly handles encoding in a different way. It seems to require explicitly specifying UTF8.
* Build(deps): Bump nokogiri from 1.16.8 to 1.18.1
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.8 to 1.18.1.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.16.8...v1.18.1)
---
updated-dependencies:
- dependency-name: nokogiri
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* FIX: Wizard improvements post-merge part 1
Followup 3135f472e2
Fixes the following:
* On mobile, the Styling step was very narrow
* When clicking Next on the Styling step after previously
selecting Hot, we got an error
Also makes the following UX improvements for the preview:
* Use different topic titles for Latest and Hot
* Also make Hot view and reply numbers higher
This helps differentiate the two previews.
* DEV: Review fixes
Followup c2282439b3
Make the Files and Other config pages reached from the sidebar
use our consistent site setting page rules.
Also slightly improves AdminAreaSettings so we don't show
"Settings not found" when still loading settings.
Create a basic config page that only contains Onebox-related settings, to replace the "onebox" category view linked to from "Onebox" in the admin sidebar.
Create a basic config page that only contains user API-related settings, to replace the "user_api" category view linked to from "User API" in the admin sidebar.
Create a basic config page that only contains rate limiting-related settings, to replace the "rate_limits" category view linked to from "Rate limits" in the admin sidebar.
Create a basic config page that only contains developer-related settings, to replace the "developer" category view linked to from "Developer" in the admin sidebar.
Create a basic config page that only contains security-related settings, to replace the "security" category view linked to from "Security settings" in the admin sidebar.
Create a basic config page that only contains security-related settings, to replace the "security" category view linked to from "Security settings" in the admin sidebar.
Experimental "What's new?" feature feed items previously calculated
a boolean for experimentEnabled on the client based on the siteSettings
service, and this would control the initial state of the experiment
toggle.
However this requires the person who creates the site setting for the
experiment to remember to set it to `client: true`. This commit removes
that manual step by calculating whether the experiment is enabled
server-side, where we have access to all the site settings.
* UX: Admin setting page consistency - Group permissions (#30528)
Followup c2282439b3 and
21470e4afd
Adds a new "Group permissions" page and group_permissions site
setting area, which shows every single group-based site setting
in the app and core plugins.
Also adds a "trust_levels" area to show on the already moved
admin "Trust level" settings page, since that previously was
showing a mix of trust level settings and allowed group settings.
* DEV: Review fixes
This version number is a technical detail that controls
what items show up on certain sites, most admins don't
need this level of detail. Remove it here, maybe we can
add it back in some hidden way later if needed.
topic-navigation and topic-map appear in the DOM before the post stream, and are then rearranged with CSS grid. That means that, if they are entirely within the viewport, and does not have a fixed/sticky position, then they will be chosen as the browser's scroll anchor point.
We never want these elements to be used as the anchor, so we can set `overflow-anchor: none`.
https://meta.discourse.org/t/344386/16
Create a basic config page that only contains navigation-related settings, to replace the setting filtered view linked to from "Navigation" in the admin sidebar.
Create a basic config page that only contains font-related settings, to replace the setting filtered view linked to from "Font style" in the admin sidebar.
This PR moves the logic from the setting-object mixin to a helper class. I've opted to maintain the interface of the previous classes (ThemeSettings / SiteSetting) that used the mixed-in methods through aliases so that we limit the amount of changes here (these are referenced in the string form and across classes/templates).
Another option we may consider in future if we want to optimize for performance is straight duplication which would trade off this overhead of aliasing/chaining calls through the helper for some duplicate code - only 2 models require these methods at the time of this PR.
We already had isIpadOS, but for some themes and components
we really need to do different things if the user is on
a tablet, including Android tablets.
isTablet and isTabletScreen have been introduced to the
capabilities service.
isTablet is true if the screen size is a tablet, touch
is detected, or we have already detected iPad OS, or
the device matches tablet UAs
isTabletScreen checks both portrait and landscape dimensions
of 1280x600 which should cover most cases.
Follow-up to 3187606d34
When the `enable_names` setting is false and the `full_name_requirement` setting is set to `required_at_signup`, the name field in the signup form should effectively be not required (and hidden). However, that is not actually the case at the moment because the `name-validation.js` mixin only checks for the `full_name_requirement` setting when determining whether the name field should block a new signup.
This commit fixes the issue by making the `full_name_required_for_signup` and `full_name_visible_in_signup` site attributes check for the `enable_names` setting themselves. This spares any consumers of these properties from having to remember to include a check for the `enable_names` setting.
With the previous logic, autocompletes were being opened mid-word, which was annoying and didn't properly work – selecting an option would generate an invalid format, mixing existing with new.
This PR makes a simple change: only ever trigger an autocomplete on word ends, and close them when arrow-navigating out of the word-end boundary.
ref /t/-/143169
It is not possible for an admin to generate a suspended user's archive now, disallowing SAR (subject access requests) under the GDPR.
This commit expands the export_user_archive job to allow specifying a requesting_user_id which will send the archive to an admin. When not specified, this defaults to the user itself.
Adds a new reviewables:populate rake task that works in a similar fashion to the existing *:populate rake tasks. The rake task creates pending reviewable of all core types, with possibility for plugins to extend the task to populate their own reviewable types.
This PR makes the secondary sidebar in the admin UI more consistent
navigation experience:
* Added a coloured background for links on hover
* Replaced the bold text and line style with a distinct background
highlight, ensuring it complements the admin sidebar while maintaining
its own identity
* Bringing in arrow indicators to match the active navigation state in
the category settings
### Before
<img width="488" alt="image"
src="https://github.com/user-attachments/assets/aa843766-0ed7-435a-8880-6f0598aa4782"
/>
### After
<img width="475" alt="image"
src="https://github.com/user-attachments/assets/ec31bab9-0f51-4757-ab06-95a961ae17ee"
/>
Refactors the Singleton mixin into a class decorator that directly mutates target classes with the same static property & functions as the mixin. This maintains the public interface of such singleton classes.
Classes refactored to use the singleton class decorator:
Session
User
Site
I removed singleton functionality from LogsNotice since services are already singletons and what we had previously defined in its customized createCurrent method could be replaced by directly injecting the relevant services into the class. This also allowed us to get rid of the logs-notice initializer.
We are adding a deprecation warning to the Singleton mixin instead of deleting since there are plugins that could still be using it.
Followup 3135f472e2
Fixes an issue where the wizard branding step would
error if SiteSetting.logo was null, this did not come
up during testing because in our testing discourse-logo-sketch-small.png
is used for the logo settings.
This commit contains various quality improvements to
our site setup wizard, along with some rearrangement of
steps to improve the admin setup experience and encourage
admins to customize the site early to avoid "all sites look the
same" sentiment.
#### Step rearrangement
* “Your site is ready” from 3 → 4
* “Logos” from 4 → 5
* “Look and feel” from 5 → 3
#### Font selector improvements
Changes the wizard font selector dropdown to show
a preview of all fonts with a CSS class so you don't
have to choose the font to get a preview.
Also makes the fonts appear in alphabetical order.
#### Preview improvements
Placeholder text changed from lorem ipsum to actual topic titles,
category names, and post content. This makes it feel more "real".
Fixes "undefined" categories. Added a date to the topic timeline.
Fixes button rectangles and other UI elements not changing in
size when the font changed, leading to cut off text which looked super
messy. Also fixed some font color issues.
Fixed table header alignment for Latest topic list.
#### Homepage style selector improvements
Limited the big list of homepage styles to Latest, Hot, Categories with latest topics,
and Category boxes based on research into the most common options.
#### Preview header
Changed the preview header to move the hamburger to the left
and add a chat icon
#### And more!
Changed the background of the wizard to use our branded blob style.
For consistency, we are updating all sidebar links that
point to an /admin/customize/site_settings URL to their
own config pages, in preparation for more focused config
pages in future. This will mitigate the issue we have now,
which is that every sidebar link you click showing a different
UI to admins.
This commit moves admin/config/login-and-authentication to
establish the pattern.
The customize routes add CSS classes that make these admin
config pages look different from the ones under /admin/config.
We want all config routes to be under /admin/config as well.
This commit moves the emoji, user fields, and permalinks pages
out of customize and into config, updating all references and
adding more rails routes as needed.
Also renames admin emojis route to emoji, emoji is singular and plural.
This commit replaces the `full_name_required` setting with a new `full_name_requirement` setting to allow more flexibility with the name field in the signup form. The new setting has 2 options, "Required at signup" and "Optional at signup", which are equivalent to the true/false possibilities of the old setting, and a third option "Hidden at signup" that hides the name field from the signup form, making it effectively optional too.
New sites will have the "Hidden at signup" option as the default option, and existing site will continue to use the option that maps to their current configuration.
Internal topic: t/136746.
This commit adds `showLogin` as an available action to the post menu buttons. They can use this action to show the login form when there is no user logged in.
It also adds a small CSS tweak to prevent the content from the post menu to being user selectable. This was causing small UX issues in touch devices.
This will make the 'auto' glimmer-topic-list feature aware of these modifications, so that the new topic-list will not be enabled until they're resolved.
- Remove JS
- Remove "Loading..." text. This has been been broken for a while due to some conflicting discourse-ai CSS. Also, animating the `content:` property like this requires the browser to repaint/reflow, which cannot be done while JS is executing.
- Replace animated SVG with divs animated via CSS. When JS is executing, browsers pause animations of transform properties inside SVGs. This limitation does not exist on regular CSS animations. So with this change, the animation continues smoothly even you run an infinite loop in JS.
To ensure the splash screen remains "contentful" for LCP purposes, an SVG background-image is used
There is no change to the visual look of the animation
I think the log messages were used for initial production trials but the
log messages are actually not very useful in the grand scheme of things.
If the timing of the job is important information, one can get it by
enabling Sidekiq logging and obtain the information from there. There is
no need for us to flood the logs with these messages.
Also the messages will contain at most 100 ids so it is just alot of
noise in general.
We currently query the posts table without an order when notifying users of moved posts. Generally the query will return the lowest post number post (b/c ID correlates with post_number in most cases) but not always. This adds an order to the post query in notify_moved_posts job.
Also I removed some if statement nesting with early returns / guard clauses.
Admins and moderators can see a user's deleted posts via the `/u/:username/deleted-posts` route. Admins can always see any post on the site, but that's not always the case for moderators, e.g., they can't see all PMs. So, this route accounts for that and excludes posts that a moderator wouldn't be allowed to see if they were not deleted.
However, there's currently a problem with that logic where admins who also have moderation privileges, are treated the same way as moderators and prevented from seeing posts that pure moderators can't see. This commit fixes that problem and only applies the permission checks to moderators who don't have admin privileges.
Internal topic: t/143107.