Commit Graph

12417 Commits

Author SHA1 Message Date
zogstrip
6e54696003 FIX: corrently handle hidden tags when checking for edit conflicts
In 806e37aaec, I improved the conflict handling when editing a post to account for title and tags.

This fixes an edge cases when a topic has a hidden tag the current editor can't see. When they submit their edit, we automatically add the hidden tags before checking with the tags stored in the database.

Reported in https://meta.discourse.org/t/341375
2024-12-09 19:17:16 +01:00
zogstrip
61f23b2d65 DEV: remove unnecessary line 2024-12-09 19:17:16 +01:00
Osama Sayegh
acc180611f
FEATURE: Add an option to block IPs and emails to bulk user delete (#29993)
This commit adds an option for blocking the IP and email addresses when bulk-deleting users.

Internal topic: t/140321/11.
2024-12-09 14:25:31 +03:00
Osama Sayegh
976aca68f6
FEATURE: Restrict profile visibility of low-trust users (#29981)
We've seen in some communities abuse of user profile where bios and other fields are used in malicious ways, such as malware distribution. A common pattern between all the abuse cases we've seen is that the malicious actors tend to have 0 posts and have a low trust level.

To eliminate this abuse vector, or at least make it much less effective, we're making the following changes to user profiles:

1. Anonymous, TL0 and TL1 users cannot see any user profiles for users with 0 posts except for staff users
2. Anonymous and TL0 users can only see profiles of TL1 users and above

Users can always see their own profile, and they can still hide their profiles via the "Hide my public profile" preference. Staff can always see any user's profile.

Internal topic: t/142853.
2024-12-09 13:07:59 +03:00
Martin Brennan
4ddf7e61f9
UX: Move "What's new?" link in admin sidebar to root section (#30144)
This is so the link is more visible, instead of being
buried in the Account section.
2024-12-09 10:01:09 +10:00
Krzysztof Kotlarek
5759d80091
FIX: correct breadcrumb for admin users page (#30173)
Omission and instead of `permlinks`, `users` title should be used.
2024-12-09 10:52:50 +11:00
Sérgio Saquetim
b8325f2190
FIX: Recover user deleted post (#30145)
This commit fixes an issue where the recover button would not be displayed for a user delete post.
2024-12-06 15:47:57 -03:00
Mark VanLandingham
07f4e56658
FIX: freeze_original for moved_post notifications for OP moves, link to destination topic (#30147)
Currently when copy an OP to another topic, the link is to the topic that wasn't moved. The notification should instead be to the new topic the OP was moved to -- we have duplicate logic already for this but first post creation get special treatment, and this applies the same treatment.
2024-12-06 09:50:53 -06:00
Mark VanLandingham
71bec686a2
DEV: Add user_id and post_user_id to MovedPost records (#30130)
Follow-up from this commit - 9b8af0ea9f

Adds helpful data into MovedPost records for later lookup. ALSO fixes notifications for freeze_original to point to the newly created post, not the moved post.
2024-12-05 17:10:32 -06:00
Blake Erickson
2d8a62aec1
DEV: Update create user w/ custom fields api docs (#30133)
Since the example specifies json use a json formatted example instead of
form-data.

https://meta.discourse.org/t/161413/5
2024-12-05 12:28:48 -07:00
Mark VanLandingham
68e57190df
DEV: Allow freeze_original argument in topics controller & JS transformer (#30120)
PostMover has a new option called freeze_original implemented in this commit. It was previously unexposed in the controller. This PR permits the param in the controller, and passes it into PostMover.

Also, this applies a value transformer for move/merge payload options. In addition a plugin outlet in the move post modal. This allows plugins to add content to the modal, which can modify the payload (and use the freeze_original argument for example)
2024-12-05 08:31:05 -06:00
Kelv
1ca90c3070
DEV: update more deprecated font awesome icon names (#30123)
* update more deprecated font awesome icon names

* add migration to remove deprecated default for badges.icon
2024-12-05 15:20:02 +08:00
Martin Brennan
8a89a77248
FIX: Discard empty bundles for reviewables (#30121)
Followup c7e471d35a

It is currently possible to add a bundle (which is a collection
of actions used for a dropdown on the client) for a reviewable
via actions.add_bundle and then never add any actions to it.

This causes the client to explode, as seen in the referenced
commit, because of the way our store expects to resolve objects
referenced by ID that are passed down by the serializer, which
then causes Ember to have an unrecoverable render error.

Fixing this on the serializer level is not really possible because
of all the ActiveModel::Serializer magic that serializes
objects by ID reference when doing things like has_many.
`Reviewable#actions_for` is a better place to do this anyway,
because this is the main location where the bundles and actions
are built for every action via the serializer.
2024-12-05 15:41:13 +10:00
Kelv
dd0b4e26a7
DEV: update fa6 icons to drop fa prefix (#30100)
* remove fa- part of prefix from font awesome icon names
2024-12-05 10:00:41 +08:00
Martin Brennan
ad7a64b983
DEV: Remove backtrace warning (#30093)
Followup aca6c462a6

Remove the warning message if DISCOURSE_INCLUDE_GEMS_IN_RSPEC_BACKTRACE
is not set for now while we decide whether we want to include
this or not, it's a little in-your-face.
2024-12-04 14:14:36 +10:00
Krzysztof Kotlarek
28b4ff6cb6
FIX: update flag reason message with default value (#30026)
Currently only system flags are translated. When we send message to the user that their post was deleted because of custom flag, we should default to custom flag name.
2024-12-04 14:46:52 +11:00
Martin Brennan
9c5eb7952e
UX: Improve error when trying to edit globally shadowed setting (#30092)
Previously when attempting to edit a globally shadowed setting, the
error message was not very helpful, it said "You are not allowed to
change hidden settings". This commit changes the error message to
reflect the actual problem, which is that the setting is shadowed by
a global setting via ENV var.
2024-12-04 13:41:32 +10:00
Juan David Martínez Cubillos
7b70905326
FIX: Sanitization issue when replacing default emoji with custom emoji that contains or ~/Discourse/discourse symbols (#30053) 2024-12-03 19:27:12 -05:00
Martin Brennan
aca6c462a6
DEV: Improve rspec gem backtrace exclusion ENV vars (#30056)
Followup:

* https://github.com/discourse/discourse/pull/28160
* https://github.com/discourse/discourse/pull/25921

In the previous PRs we added 2 environent variables
to control backtrace output for errors in rspec,
`RSPEC_EXCLUDE_NOISE_IN_BACKTRACE`, and
`RSPEC_EXCLUDE_GEMS_IN_BACKTRACE`

These largely do the same thing, and we want to enable
that behaviour by default.

This commit consolidates them into one env var,
`DISCOURSE_INCLUDE_GEMS_IN_RSPEC_BACKTRACE`, which is
disabled by default, meaning gem backtraces will not
be shown in rspec backtraces by default.

Also for the request spec use case with `RspecErrorTracker`,
we now show an indicator of how many lines were hidden from
the backtrace e.g. "...(21 framework line(s) excluded)",
and for this and the normal rspec backtrace exclusion we
show a warning if `DISCOURSE_INCLUDE_GEMS_IN_RSPEC_BACKTRACE`
is not enabled.
2024-12-04 09:54:11 +10:00
Mark VanLandingham
a5636afb08
DEV: Add posts_moved DiscourseEvent in PostMover (#30066) 2024-12-03 13:16:20 -06:00
Kelv
685dc4b9b9
FIX: font awesome remapping migration should not drop unmapped names from svg_icon_subset (#30058)
* FIX: font awesome remapping migration should not drop unmapped names
2024-12-03 18:30:08 +08:00
Régis Hanol
806e37aaec
FIX: better edit conflict handling (#29789)
* FIX: better edit conflict handling

Properly keep track of the original title and tags when dealing with edit conflicts.

Internal ref - t/141218
2024-12-03 10:12:04 +01:00
Gary Pendergast
2513339955
FEATURE: Show when a badge has been granted for a post (#29696)
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2024-12-03 13:43:27 +11:00
Gabriel Grubba
706987ce76
FIX: Rate limiting when moving posts with freeze option (#30041)
before this commit, when moving posts with freeze option, the rate limit was being applied leading to errors. This commit fixes that.

and also adds tests for the scenarios of moving posts with freeze option.
2024-12-02 15:48:13 -03:00
Loïc Guitaut
cf2b4d9934 DEV: Apply new Rubocop linting on services 2024-12-02 17:31:36 +01:00
Régis Hanol
9bdd97db42
FIX: editing post while replying (#29985)
BEFORE: if you click the "reply" button on a post and then decided that you want to "edit" the same post, clicking the "edit" button would do nothing. Clicking "edit" on another post works, but editing the same post would appear broken.

AFTER: if you click the "edit" button, it will properly load the content of the post you're trying to edit. No matter which one it is.

This was somewhat tricky to track down as the system specs seemed to contradict the qunit tests until I realized that the qunit tests were only testing the edit on the 1st post and the system specs were testing on replies.

I improved the qunit tests to test both editing OP and a reply and (hopefully) made the system specs a little bit clearer.

This is a follow up to bbe62d88d2.
2024-12-02 16:06:36 +01:00
Kelv
87f1d507f5
DEV: add db migration to remap icon names to fontawesome 6 (#29958)
* DEV: add irreversible db migration to remap icon names to fontawesome 6
2024-12-02 12:41:43 +08:00
Jarek Radosz
b3423c40b0
DEV: Fix random typos (#30023)
(late) Nov 2024 edition
2024-12-02 07:34:05 +08:00
Krzysztof Kotlarek
6d4c6ee154
UX: admins users page follows admin ux guideline (#29873)
Conversion of `/admin/users` page to follow admin UX guidelines.

In addition, add the username to the title on the user admin page.
2024-12-02 10:11:23 +11:00
Régis Hanol
7d58793759
DEV: deduplicate inline styles in emails (#30015)
In order to limit issues with duplicate inline CSS definitions, this will now deduplicate inline CSS styles with the "last-to-be-defined-wins" strategy.

Also removes unecessary whitespaces in inline styles.

Context - https://meta.discourse.org/t/resolve-final-styles-in-email-notifications/310219

Co-authored-by: Thomas Kalka <thomas.kalka@gmail.com>
2024-11-30 16:38:45 +01:00
Jarek Radosz
85ead5ac7a
Revert "FIX: deduplicate css in mails (#30003)" (#30013)
This reverts commit 6e726d436f.

The specs were failing in the original PR but the CI didn't run.
2024-11-30 15:32:32 +01:00
Thomas Kalka
6e726d436f
FIX: deduplicate css in mails (#30003)
Feature: Resolve final styles in email notifications

Context - https://meta.discourse.org/t/resolve-final-styles-in-email-notifications/310219
2024-11-30 14:51:02 +01:00
Osama Sayegh
1497b298d2
DEV: Include controller namespace in X-Discourse-Route (#29783)
* DEV: Include controller namespace in X-Discourse-Route

* use same separator
2024-11-29 17:11:17 +11:00
Bianca Nenciu
5b19e2ca0f
FIX: Filter out secured categories first (#29916)
The hierarchical search for categories is composed of several complex
nested queries. This change ensures that the secured categories are
filtered out as soon as possible to ensure that the default limit of 5
categories is reached.

Without this fix, the search can return less than 5 categories if any
of the first 5 categories cannot be displayed due to permissions.
2024-11-28 17:09:16 +02:00
Penar Musaraj
cd4de88e4a
FIX: Correctly toggle bulk select checkboxes for regular users (#29984)
Non-admin/moderator users can bulk select items in new/unread, but not in
latest/top/hot. This commit ensures that when the user can no longer
bulk select items in a list, the bulk select checkboxes in the topic list
rows are hidden.
2024-11-28 09:39:17 -05:00
Sam
07813ba83c
DEV: fix hanging spec (#29974) 2024-11-28 11:06:19 +08:00
Ted Johansson
2d945e2373
DEV: Enable the normalize_emails site setting by default (#29952) 2024-11-28 10:23:00 +08:00
Sam
72132c35fb
DEV: fix flaky spec (#29972)
Spec was flaky cause work could still be in pipeline after the defer
length is 0. Our length denotes the backlog, not the in progress
count.

This adds a mechanism for gracefully stopping the queue and avoids
wait_for callse
2024-11-28 11:21:35 +11:00
Angus McLeod
6acf673f8d
FIX: topic post counts for webhook post_destroyed event (#29853)
* FIX: topic post counts for webhook post_destroyed event

- Generate webhook data after posts are destroyed
- Don't count user_deleted posts

* Remove unnecessary conditional
2024-11-27 11:36:51 -08:00
Mark VanLandingham
8c311dcbd5
FEATURE: Allow add group member endpoint to skip invite emails (#29962) 2024-11-27 11:33:09 -06:00
Guhyoun Nam
f186e3e80b
DEV: Add categories_and_hot Route (#29948)
This PR adds a route to categories_and_hot and methods in categories_controller.
2024-11-27 11:11:33 -06:00
Penar Musaraj
43ae59bb9c
FIX: Do not ignore redirects containing "/login" in the path (#29960) 2024-11-27 11:22:45 -05:00
Loïc Guitaut
d6bec460a8 DEV: Upgrade Rails to version 7.2 2024-11-27 10:48:47 +01:00
Ted Johansson
f4d0a77d5f
DEV: Add "delete user" options to illegal flag review (#29956)
We already add the "delete user" and "delete and block user" options to the drop-down for potential spam, but we should do this for potentially illegal posts as well.

This is entirely based on the implementation for the potential spam one, including caching the status on the reviewable record.

Also note that just as for potential spam, the user must be "deletable" for the option to appear.

I also took the liberty to move the options in the drop-down to what I think is a more intuitive place. (Between delete post and suspend/silence user.)
2024-11-27 17:23:57 +08:00
Martin Brennan
2ef9d6ac47
FEATURE: Allow admins to force refresh "What's new?" (#29911)
Sometimes changes to "What's new?" feed items are made or the feed items are
removed altogether, and the polling interval to check for new features is 1 day.

This is quite long, so this commit introduces a "Check for updates"
button for admins to click on the "What's new?" page which will bust
the cache for the feed and check again at the new features endpoint.
This is limited to 5 times per minute to avoid rapid sending of
requests.
2024-11-27 09:40:55 +10:00
Gabriel Grubba
51aa5ac43f
FIX: Solve flaky tests in PostMover (#29943)
* FEATURE: Add `freeze_original` option to `PostMover`

This option will allow the api user to specify if the original topic should be `frozen`(locked and posts not deleted neither moved)

With this option when moving topic posts your posts will be `copied` to the new topic and the original topic will be kept there.

* DEV: update tests to check raw instead of ids

* DEV: Implement `freeze_original` option for `PostMover`

update specs to use `*array` matcher

* DEV: add tests to `MovedPost` model in post mover

* DEV: Update `MovedPost` model rspec

* DEV: add back empty line to `post_mover.rb`

* FIX: Solve flaky tests in `PostMover`
2024-11-26 16:30:25 -03:00
Gabriel Grubba
1c03a9f078
Revert "FEATURE: Add freeze_original option to PostMover (#29880)" (#29940)
This reverts commit b6ec07c3ef.
2024-11-26 14:47:39 -03:00
Gabriel Grubba
b6ec07c3ef
FEATURE: Add freeze_original option to PostMover (#29880)
* FEATURE: Add `freeze_original` option to `PostMover`

This option will allow the api user to specify if the original topic should be `frozen`(locked and posts not deleted neither moved)

With this option when moving topic posts your posts will be `copied` to the new topic and the original topic will be kept there.

* DEV: update tests to check raw instead of ids

* DEV: Implement `freeze_original` option for `PostMover`

update specs to use `*array` matcher

* DEV: add tests to `MovedPost` model in post mover

* DEV: Update `MovedPost` model rspec

* DEV: add back empty line to `post_mover.rb`
2024-11-26 14:25:55 -03:00
Jan Cernik
93443adf22
DEV: Remove the experimental_ prefix for fullpage login (#29546) 2024-11-26 11:08:27 -03:00
Martin Brennan
c7e471d35a
FIX: Empty post reviewable ignore bundle causing client errors (#29932)
We ran into an edge case where it was possible for a
ReviewableFlaggedPost to end up in a state where it was hidden
and the topic was already deleted. This meant that the Ignore
action bundle for the reviewable ended up empty, with no associated
actions.

This commit fixes the server-side issue where this was ending up
empty. A further commit will aim to make the client more resilient
to these issues by gracefully failing if a reviewable action bundle
is detected with no associated actions.
2024-11-26 16:18:32 +10:00