github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-25 09:42:07 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

FEATURE: Warn admins about private group name's exposure to anonymous users. (#19557)

Browse Source 
Group names will be used as CSS classes in some components while rendering the public HTML output. It will happen when a group is set as the default primary for users. Or when a group has either a flair icon or flair upload. So we should warn the admins when they restrict the group's visibility level.

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
This commit is contained in:
Vinoth Kannan 2022-12-27 13:17:13 +05:30 committed by GitHub
parent 1fd0e82da7
commit 598233456d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
app/assets/javascripts/discourse/app/components/group-manage-save-button.js
View File

@ -4,17 +4,40 @@ import discourseComputed from "discourse-common/utils/decorators";
import { popupAjaxError } from "discourse/lib/ajax-error"; import { popupAjaxError } from "discourse/lib/ajax-error";
import { popupAutomaticMembershipAlert } from "discourse/controllers/groups-new"; import { popupAutomaticMembershipAlert } from "discourse/controllers/groups-new";
import showModal from "discourse/lib/show-modal"; import showModal from "discourse/lib/show-modal";
import { or } from "@ember/object/computed";
export default Component.extend({ export default Component.extend({
saving: null, saving: null,
disabled: false, disabled: false,
updateExistingUsers: null, updateExistingUsers: null,
hasFlair: or("model.flair_icon", "model.flair_upload_id"),
@discourseComputed("saving") @discourseComputed("saving")
savingText(saving) { savingText(saving) {
return saving ? I18n.t("saving") : I18n.t("save"); return saving ? I18n.t("saving") : I18n.t("save");
}, },
@discourseComputed(
"model.visibility_level",
"model.primary_group",
"hasFlair"
)
privateGroupNameNotice(visibilityLevel, isPrimaryGroup, hasFlair) {
if (visibilityLevel === 0) {
return;
}
if (isPrimaryGroup) {
return I18n.t("admin.groups.manage.alert.primary_group", {
group_name: this.model.name,
});
} else if (hasFlair) {
return I18n.t("admin.groups.manage.alert.flair_group", {
group_name: this.model.name,
});
}
},
actions: { actions: {
save() { save() {
if (this.beforeSave) { if (this.beforeSave) {

7
app/assets/javascripts/discourse/app/templates/components/group-manage-save-button.hbs
View File

@ -1,3 +1,10 @@
{{#if this.privateGroupNameNotice}}
<div class="row">
<div class="alert alert-warning alert-private-group-name">
{{this.privateGroupNameNotice}}
</div>
</div>
{{/if}}
<div class="control-group buttons group-manage-save-button"> <div class="control-group buttons group-manage-save-button">
<DButton @action={{action "save"}} @disabled={{or this.disabled this.saving}} @class="btn btn-primary group-manage-save" @translatedLabel={{this.savingText}} /> <DButton @action={{action "save"}} @disabled={{or this.disabled this.saving}} @class="btn btn-primary group-manage-save" @translatedLabel={{this.savingText}} />
{{#if this.saved}} {{#if this.saved}}

29
app/assets/javascripts/discourse/tests/acceptance/group-manage-save-button-test.js Normal file
View File

@ -0,0 +1,29 @@
import { acceptance, exists } from "discourse/tests/helpers/qunit-helpers";
import selectKit from "discourse/tests/helpers/select-kit-helper";
import { click, visit } from "@ember/test-helpers";
import { test } from "qunit";
acceptance("Managing Group - Save Button", function (needs) {
needs.user();
test("restricting visibility and selecting primary group checkbox", async function (assert) {
await visit("/g/alternative-group/manage/membership");
await click(".groups-form-primary-group");
await click('a[href="/g/alternative-group/manage/interaction"]');
const visibilitySelector = selectKit(
".select-kit.groups-form-visibility-level"
);
await visibilitySelector.expand();
await visibilitySelector.selectRowByValue("1");
assert.ok(exists(".alert-private-group-name"), "alert is shown");
await visibilitySelector.expand();
await visibilitySelector.selectRowByValue("0");
assert.notOk(exists(".alert-private-group-name"), "alert is hidden");
});
});

3
config/locales/client.en.yml
View File

@ -4587,6 +4587,9 @@ en:
other: "%{count} users have the new email domains and will be added to the group." other: "%{count} users have the new email domains and will be added to the group."
automatic_membership_associated_groups: "Users who are members of a group on a service listed here will be automatically added to this group when they log in with the service." automatic_membership_associated_groups: "Users who are members of a group on a service listed here will be automatically added to this group when they log in with the service."
primary_group: "Automatically set as primary group" primary_group: "Automatically set as primary group"
alert:
primary_group: "Since this is a primary group, the name '%{group_name}' will be used in CSS classes which can be viewed by anyone."
flair_group: "Since this group has flair for its members, the name '%{group_name}' will be visible to anyone."
name_placeholder: "Group name, no spaces, same as username rule" name_placeholder: "Group name, no spaces, same as username rule"
primary: "Primary Group" primary: "Primary Group"
no_primary: "(no primary group)" no_primary: "(no primary group)"