Commit Graph

8741 Commits

Author SHA1 Message Date
Alan Guo Xiang Tan
f1ea2a2509
DEV: Add validator for search_ranking_weights site setting (#20088)
Follow-up to 6934edd97c
2023-02-01 06:43:41 +08:00
Kris
85971a8b67
A11Y: embedded posts need disclosure widget attributes (#20048) 2023-01-31 13:01:49 -05:00
Blake Erickson
64986244d7
DEV: Change default bootstrap min users for private sites (#19810)
* DEV: Change default bootstrap min users for private sites

Private sites should have a lower min users to escape bootstrap mode.

* reset back to 50 if site is changed to public, added some tests

* fix formatting

* Remove comment

* Move constant declaration

* Update config/initializers/014-track-setting-changes.rb

Shaving a bit of repetition

Co-authored-by: Jarek Radosz <jradosz@gmail.com>

* Remove commented out code

* stree

---------

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2023-01-31 09:09:03 -07:00
Discourse Translator Bot
a5c2146dc0
Update translations (#20101) 2023-01-31 15:21:00 +01:00
Michael Brown
8959b43c17
FIX: reword generic site policy defaults (#19359)
Reword the default Terms of Service and Privacy Policy to more strongly
denote they are templates which must be customised by the forum admin.
2023-01-31 10:23:24 +01:00
Sam
c5345d0e54
FEATURE: prioritize_exact_search_title_match hidden setting (#20089)
The new `prioritize_exact_search_match` can be used to force the search
algorithm to prioritize exact term matches in title when ranking results.

This is scoped narrowly to titles for cases such as a topic titled:

"organisation chart" and a search of "org chart".

If we scoped this wider, all discussion about "org chart" would float to
the top and leave a very common title de-prioritized.

This is a hidden site setting and it has some performance impact due
to double ranking.

That said, performance impact is somewhat mitigated cause ranking on
title alone is a very cheap operation.
2023-01-31 16:34:01 +11:00
Alan Guo Xiang Tan
f31f0b70f8
SECURITY: Hide PM count for tags by default (#20061)
Currently `Topic#pm_topic_count` is a count of all personal messages tagged for a given tag. As a result, any user with access to PM tags can poll a sensitive tag to determine if a new personal message has been created using that tag even if the user does not have access to the personal message. We classify this as a minor leak in sensitive information.

With this commit, `Topic#pm_topic_count` is hidden from users by default unless the `display_personal_messages_tag_counts` site setting is enabled.
2023-01-31 12:08:23 +08:00
Sam
07679888c8
FEATURE: allow restricting duplication in search index (#20062)
* FEATURE: allow restricting duplication in search index

This introduces the site setting `max_duplicate_search_index_terms`.
Using this number we limit the amount of duplication in our search index.

This allows us to more correctly weight title searches, so bloated posts
don't unfairly bump to the top of search results.

This feature is completely disabled by default and behind a site setting

We will experiment with it first. Note entire search index must be rebuilt
for it to take effect.


---------

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2023-01-31 12:41:31 +11:00
Alan Guo Xiang Tan
6934edd97c
DEV: Add hidden site setting to configure search ranking weights (#20086)
This site setting is mostly experimental at this point.
2023-01-31 08:57:13 +08:00
Martin Brennan
33e6140179
FIX: Update bookmark topic copy (#20059)
The topic-level bookmark button copy was inaccurate
since we changed to allow topic-level bookmarks.
2023-01-31 10:05:44 +10:00
Sam
5d669d8aa2
Revert "FEATURE: hidden site setting to disable search prefix matching (#20058)" (#20073)
This reverts commit 64f7b97d08.

Too many side effects for this setting, we have decided to remove it
2023-01-31 07:39:23 +08:00
Natalie Tay
58234246ff
DEV: Remove elder from codebase and also update 'regular' to 'member' (#20065)
A while back the definition of TL was changed but many
areas in the codebase still use the term 'Regular user'
despite it having some implicit meaning (TL2).

See 20140905055251_rename_trust_level_badges.rb
2023-01-31 01:41:25 +08:00
Sam
64f7b97d08
FEATURE: hidden site setting to disable search prefix matching (#20058)
Many users seems surprised by prefix matching in search leading to
unexpected results.

Over the years we always would return results starting with a search term
and not expect exact matches.

Meaning a search for `abra` would find `abracadabra`

This introduces the Site Setting `enable_search_prefix_matching` which
defaults to true. (behavior unchanged)

We plan to experiment on select sites with exact matches to see if the
results are less surprising
2023-01-30 12:44:40 +08:00
Sam
2c8dfc3dbc
FEATURE: rate limit anon searches per second (#19708) 2023-01-27 10:05:27 -08:00
Blake Erickson
4ecfac39a6
FEATURE: Add separate api scope for topic status (#19978)
This will allow us more granular control over changing a topic status.
For example you can now force the scope to only allow closing topics in
a specific category. This means that the same scope can't be used to
re-open topics, or close topics in a different category.
2023-01-27 08:05:29 -07:00
chapoi
e03f6057ec
UX: Highlight var refactor (#20026)
* Add new color vars

* Select-kit > use new color vars

* update all color schemes with values for new hover/select vars

* Add variable yml names
2023-01-27 15:50:36 +01:00
Martin Brennan
c8f8d9dbb6
DEV: Change slugs/generate endpoint from GET to POST (#19984)
Followup on feedback on PR #19928
https://github.com/discourse/discourse/pull/19928#discussion_r1083687839,
it makes more sense to have this endpoint as a POST rather than
a GET.
2023-01-27 10:58:33 +10:00
Kris
0c967e6aa3
A11Y: add accessible label for bookmark name input (#20036) 2023-01-26 17:35:19 -05:00
Isaac Janzen
7cb686ec3f
UX: Add staff action log text for permanently_delete_post_revisions (#20025) 2023-01-26 10:40:20 -06:00
Natalie Tay
f91ac52a22
SECURITY: Limit the length of drafts (#19989)
Co-authored-by: Loïc Guitaut <loic@discourse.org>
2023-01-25 13:50:21 +02:00
Discourse Translator Bot
8b72f489e1
Update translations (#19974) 2023-01-24 16:32:34 +01:00
Kris
a57d6a0f75
A11Y: add aria-labels for flagging textareas (#19938) 2023-01-24 09:49:15 -05:00
David Taylor
eee97ad29a
DEV: Patch capybara to ignore client-triggered errors (#19972)
In dev/prod, these are absorbed by unicorn. Most commonly, they occur when a client interrupts a message-bus long-polling request.

Also reverts the EPIPE workaround introduced in 011c9b9973
2023-01-24 11:07:29 +00:00
David Taylor
e2db764cdd
DEV: Remove older ruby version logic (#19971)
Discourse no longer boots on anything less than 3.1, so these code paths will never be used
2023-01-24 10:42:56 +00:00
Vinoth Kannan
799202d50b
FIX: skip email if blank while syncing SSO attributes. (#19939)
Also, return email blank error in `EmailValidator`  when the email is blank.
2023-01-24 09:10:24 +05:30
Blake Erickson
a6291cd854
FEATURE: Add api scope for suspending users (#19965)
See: https://meta.discourse.org/t/request-separate-api-granular-api-scope-for-suspend-user/249928/5
2023-01-23 16:20:49 -07:00
Blake Erickson
774feb6614
FEATURE: Add api scope for create invite endpoint (#19964)
Adds an api scope for the POST /invite endpoint.
2023-01-23 16:20:22 -07:00
Blake Erickson
09f5235538
FEATURE: Add api scope for search endpoint (#19955)
Adds two new api scopes for the /search endpoints:

- `/search.json?q=term`
- `/search/query.json?term=term`

see: https://meta.discourse.org/t/search-api-key-permissions/227244
2023-01-23 14:06:57 -07:00
Martin Brennan
641e94fc3c
FEATURE: Allow changing slug on create channel (#19928)
This commit allows us to set the channel slug when creating new chat
channels. As well as this, it introduces a new `SlugsController` which can
generate a slug using `Slug.for` and a name string for input. We call this
after the user finishes typing the channel name (debounced) and fill in
the autogenerated slug in the background, and update the slug input
placeholder.

This autogenerated slug is used by default, but if the user writes anything
else in the input it will be used instead.
2023-01-23 14:48:33 +10:00
Kris
1521bace4f
A11Y: add secondary skip link to user profiles (#19926) 2023-01-20 10:30:57 -05:00
Krzysztof Kotlarek
019ec74076
FEATURE: setting which allows TL4 users to deleted posts (#19766)
New setting which allows TL4 users to delete/view/recover posts and topics
2023-01-20 13:31:51 +11:00
Alan Guo Xiang Tan
f122f24b35
SECURITY: Default tags to show count of topics in unrestricted categories (#19916)
Currently, `Tag#topic_count` is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user has not excess to. We classify this as a minor leak in sensitive information.

The following changes are introduced in this commit:

1. Introduce `Tag#public_topic_count` which only count topics which have been tagged with a given tag in public categories.
2. Rename `Tag#topic_count` to `Tag#staff_topic_count` which counts the same way as `Tag#topic_count`. In other words, it counts all topics tagged with a given tag regardless of the category the topic is in. The rename is also done so that we indicate that this column contains sensitive information. 
3. Change all previous spots which relied on `Topic#topic_count` to rely on `Tag.topic_column_count(guardian)` which will return the right "topic count" column to use based on the current scope. 
4. Introduce `SiteSetting.include_secure_categories_in_tag_counts` site setting to allow site administrators to always display the tag topics count using `Tag#staff_topic_count` instead.
2023-01-20 09:50:24 +08:00
Isaac Janzen
292d3677e9
FEATURE: Allow admins to permanently delete revisions (#19913)
# Context
This PR introduces the ability to permanently delete revisions from a post while maintaining the changes implemented by the revisions.
Additional Context: /t/90301

# Functionality
In the case a staff member wants to _remove the visual cue_ that a post has been edited eg.

<img width="86" alt="Screenshot 2023-01-18 at 2 59 12 PM" src="https://user-images.githubusercontent.com/50783505/213293333-9c881229-ab18-4591-b39b-e3419a67907d.png">

while maintaining the changes made in the edits, they can enable the (hidden) site setting of `can_permanently_delete`.
When this is enabled, after _hiding_ the revisions

<img width="149" alt="Screenshot 2023-01-19 at 1 53 35 PM" src="https://user-images.githubusercontent.com/50783505/213546080-2a9e9c55-b3ef-428e-a93d-1b6ba287dfae.png">

there will be an additional button in the history modal to <kbd>Delete revisions</kbd> on a post.

<img width="997" alt="Screenshot 2023-01-19 at 1 49 51 PM" src="https://user-images.githubusercontent.com/50783505/213546333-49042558-50ab-4724-9da7-08bacc68d38d.png">

Since this action is permanent, we display a confirmation dialog prior to triggering the destroy call

<img width="722" alt="Screenshot 2023-01-19 at 1 55 59 PM" src="https://user-images.githubusercontent.com/50783505/213546487-96ea6e89-ac49-4892-b4b0-28996e3c867f.png">

Once confirmed the history modal will close and the post will `rebake` to display an _unedited_ post.

<img width="868" alt="Screenshot 2023-01-19 at 1 56 35 PM" src="https://user-images.githubusercontent.com/50783505/213546608-d6436717-8484-4132-a1a8-b7a348d92728.png">
 
see that there is not a visual que for _revision have been made on this post_ for a post that **HAS** been edited. In addition to this, a user history log for `purge_post_revisions` will be added for each action completed.

# Limits
- Admins are rate limited to 20 posts per minute
2023-01-19 15:09:01 -06:00
Selase Krakani
cc39effe0e
FIX: Switch email domain site settings type to host_list (#19922)
Specifying wildcard characters which also happen to be regex
meta characters for `auto_approve_email_domains`, `allowed_email_domains`
and `blocked_email_domains` site settings currently breaks email
validation.

This change prevents these characters from being specified for these
site settings. It does this by switching the site setting type
from `list` to `host_list`. The `host_list` validator checks for these
characters.

In addition, this change also improves the site setting descriptions and
introduces a migration to  fix existing records.
2023-01-19 16:07:59 +00:00
David Taylor
5406e24acb
FEATURE: Introduce pg_force_readonly_mode GlobalSetting (#19612)
This allows the entire cluster to be forced into pg readonly mode. Equivalent to running `Discourse.enable_pg_force_readonly_mode` on the console.
2023-01-19 13:59:11 +00:00
Discourse Translator Bot
4ac37bbe0f
Update translations (#19897) 2023-01-18 11:42:54 +01:00
David Taylor
011c9b9973
DEV: Use message-bus chunked encoding in development (#19878)
This was previously disabled because of incompatibility with the ember-cli proxy. This commit fixes that incompatibility, and restores the development behaviour to match production.

There were three issues at play:

1. Our bootstrap-js addon handles the forwarding of most requests in the ember-cli proxy. This is not built to handle streaming responses. Solution: skip our custom request processing for `/message-bus/*` and use ember-cli's default `http-proxy`.

2. The request/response size-limiting middleware (`rawMiddleware`) would apply even to unhandled paths, causing request and response bodies to be buffered. Solution: skip it for any paths which are not handled by our custom addon.

3. Expressjs servers will buffer/compress responses. Solution: add `Cache-Control: no-transform` to message-bus responses. For now I've done this in development only, but it may be useful to add it to message-bus's default headers in future
2023-01-17 09:54:33 +00:00
David Taylor
624f4a7de9
Drop support for iOS < 15.7 (#19847)
https://meta.discourse.org/t/224747
2023-01-16 17:28:59 +00:00
Bianca Nenciu
c3070288ea
FEATURE: Verify email webhook signatures (#19690)
* FEATURE: Verify Sendgrid webhook signature

* FEATURE: Verify more webhook signatures

* DEV: Add test for AWS webhook

* FEATURE: Implement algorithm for Mandrill

* FEATURE: Add warning if webhooks are unsafe
2023-01-16 19:16:17 +02:00
Martin Brennan
553b4888ba
DEV: Revert syntax-tree line change in unicorn.conf.rb listen (#19874)
Some internal tooling expects this to be one line, see /t/90198/13
2023-01-16 13:17:23 +10:00
Alan Guo Xiang Tan
f72875c729
DEV: Introduce enable_new_notifications_menu site setting (#19860)
The `enable_new_notifications_menu` site setting allows sites that have
`navigation_menu` set to `legacy` to use the redesigned notifications
menu before switching to the new sidebar navigation menu.
2023-01-16 06:04:53 +08:00
Selase Krakani
73ec80893d
FEATURE: Extend topic update API scope to allow status updates (#19654)
Allow an API key created with topic:update API scope to make updates to
topic status. This change also introduces an optional category_id scope
param.
2023-01-13 01:21:04 +00:00
David Taylor
ab9ea50917
Bump minimum Ruby version to 3.1 (#19848) 2023-01-12 13:52:50 +00:00
Loïc Guitaut
4093fc6074 Revert "DEV: Migrate existing cookies to Rails 7 format"
This reverts commit 66e8fe9cc6 as it
unexpectedly caused some users to be logged out. We are investigating
the problem.
2023-01-12 12:07:49 +01:00
Loïc Guitaut
66e8fe9cc6 DEV: Migrate existing cookies to Rails 7 format
This patch introduces a cookies rotator as indicated in the Rails
upgrade guide. This allows to migrate from the old SHA1 digest to the
new SHA256 digest.
2023-01-12 11:09:07 +01:00
Ted Johansson
d2e9ea6193
FEATURE: Allow group owners promote more owners (#19768)
This change allows group owners (in addition to admins) to promote other members to owners.
2023-01-11 16:43:18 +08:00
Discourse Translator Bot
9b321b98a5
Update translations (#19813) 2023-01-10 20:53:34 +01:00
Andrei Prigorshnev
baccf7e5c9
UX: Change language from "Do Not Disturb" to "Pause Notifications" (#19800)
We renamed "Do Not Disturb" to "Pause Notifications" in UI in 2d628c8. This renames one more instance that I forgot to address.
2023-01-09 21:51:04 +04:00
David Taylor
7c77cc6a58
DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
Martin Brennan
c31772879b
FIX: Disable image optimization in iOS Safari (#19790)
There are various performance issues with the Canvas in iOS Safari
that are causing crashes when processing images with spikes of over 100%
CPU usage. The cause of this is unknown, but profiling points to
CanvasRenderingContext2D.getImageData() and
CanvasRenderingContext2D.drawImage().

Until Safari makes some progress with OffscreenCanvas or other
alternatives we cannot support this workflow. We will revisit in 6
months.

This is gated behind the hidden `composer_ios_media_optimisation_image_enabled`
site setting for people who really still want to try using this.
2023-01-09 12:16:02 +10:00
Keegan George
12f843068d DEV: Remove unused locale 2023-01-06 07:35:03 +08:00
Keegan George
80164322e0
DEV: Remove unused locale (#19764) 2023-01-05 13:35:10 -08:00
Alan Guo Xiang Tan
cf862e7365
SECURITY: Convert send_digest to a post request (#19746)
Co-authored-by: Isaac Janzen <isaac.janzen@discourse.org>
2023-01-05 06:57:12 +08:00
Martin Brennan
c2013865d7
FEATURE: Make experimental hashtag autocomplete default for new sites (#19681)
This feature is stable enough now to make it the default going forward
for new sites. Existing sites that have not yet set enable_experimental_hashtag_autocomplete
to `true` will have it set to `false` for their site settings, which was the old default.

c.f https://meta.discourse.org/t/hashtags-are-getting-a-makeover/248866
2023-01-05 08:44:58 +10:00
Kris
dedf19803b
UX: more descriptive sidebar titles, casing (#19717) 2023-01-04 13:40:35 -05:00
Gerhard Schlager
8dfe7a68e6
UX: Remove unused strings (#19701)
* Remove unused strings
* Remove trailing quote from string
* Remove even more unused strings (they were removed in c4e10f2a9d)
* Don't use translations in tests which are only available on server
* Use more specific translation (and fix missing translation)
2023-01-04 10:32:53 +01:00
Discourse Translator Bot
8a0bac7bec
Update translations (#19692) 2023-01-03 14:46:19 +01:00
Roman Rizzi
2f61d26e3d
PERF: Make chat mention notifications async. (#19666)
This PR removes the limit added to max_users_notified_per_group_mention during #19034 and improve the performance when expanding mentions for large channel or groups by removing some N+1 queries and making the whole process async.

* Fully async chat message notifications

* Remove mention setting limit and get rid of N+1 queries
2023-01-02 11:54:52 -03:00
Discourse Translator Bot
6f570752ab
Update translations (#19663) 2022-12-30 17:49:48 +01:00
David Taylor
584a6e3552
FIX: Update nginx config for v1.23 (#19651)
NGINX v1.23 concatenates duplicate headers into a single comma-separated string. We were doing an equality check on `x-forwarded-proto`. If the request includes multiple `x-forwarded-proto` headers then this check would fail under NGINX v1.23, and our config assumed an `http` connection.

This commit updates the config to check for `https` at the end of the header, thereby restoring the old behavior when multiple `x-forwarded-proto` request headers are sent.
2022-12-30 12:35:26 +00:00
Gerhard Schlager
7e33cb3665
FIX: Add missing email template for user_watching_category_or_tag (#19653)
Adds a spec to hopefully prevent this in the future.

Follow-up to aa3a9b6fea
2022-12-29 15:36:53 +01:00
Discourse Translator Bot
ebe8b868bf
Update translations (#19633) 2022-12-28 13:32:29 +01:00
David Taylor
d24dfe8f96
DEV: Update minimum and recommended ruby versions (#19615)
Minimum: 2.7.0
Recommended: 3.1.3
2022-12-28 10:09:15 +00:00
Rafael dos Santos Silva
7b53973bd8
DEV: Use WebPush fork for OpenSSL 3 compat (#19627)
* DEV: Use WebPush fork for OpenSSL 3 compat

* add some context on gemfile changes
2022-12-27 15:28:13 -03:00
Vinoth Kannan
598233456d
FEATURE: Warn admins about private group name's exposure to anonymous users. (#19557)
Group names will be used as CSS classes in some components while rendering the public HTML output. It will happen when a group is set as the default primary for users. Or when a group has either a flair icon or flair upload. So we should warn the admins when they restrict the group's visibility level.

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2022-12-27 13:17:13 +05:30
Tobias Eigen
982adb1c65
UX: Improve copy for contact email and url description (#19621)
The admin settings for contact email and contact url did not explicitly indicate that they are visible to anons on /about page, and that when present the contact url replaces the contact email address. This change makes it so.
2022-12-27 05:53:28 +08:00
Jan Cernik
d633467c60
FIX: Whisper tooltip shows the allowed groups (#19509) 2022-12-23 15:42:46 -03:00
Ella E
3c0a4b37d0
UX: Setup wizard copy changes and vertically stack logo fields (#19583)
* copy changes to setup wizard step title
* make logo upload stacking; tweaks on medium size screen view
2022-12-22 10:15:09 -07:00
Discourse Translator Bot
1baaf6b5f1
Update translations (#19533) 2022-12-20 15:22:28 +01:00
Blake Erickson
ae2153b330
UX: Wizard Step Enhancements (#19487)
* UX: Wizard Step Enhancements

- Remove illustrations
- Add Emoji graphic to top of steps
- Add description below step title
- Move point of contact to last step

* Move step count to header, plus some button navigation tweaks

* add remaining emoji to step headers

* fix button logic on steps

* Update Point of Contact

* remove automated messages field

* adjust styling for counter, title, and emoji

* Update wording for logos

* Fix tests

* fix prettier

* fix specs

* set same with for steps except for styling screen

* use sentence case; remove duplicate copy under your organization fields

* fix missing buttons on small screens

* add spacing to buttons; adjust font weight to labels

* adjust styling for community logo step; use sentence case for button

* update copy for point of contact text helper

* use sentence case for field labels

* fix ui tests

* use btn-back class to fix ui tests

* reduce bottom margin for toggle fields

* clean up

Co-authored-by: Ella <ella.estigoy@gmail.com>
2022-12-19 17:24:09 -07:00
Kris
bd5f57e90c
FEATURE: add user toggle to mask/unmask passwords (#19306) 2022-12-19 18:56:51 -05:00
Selase Krakani
7ba115769a
DEV: Skip push notifications for active online users (#19502)
* DEV: Skip push notifications for active online users

Currently, users with active push subscriptions get push notifications
regardless of their "presence" on the site.

This change introduces a `push_notification_time_window_mins`
site setting which is used in conjunction with a user's `last_seen_at` to
determine if push notifications should be sent. A user is considered to
be actively online if their `last_seen_at` is within `push_notification_time_window_mins`
minutes. `push_notification_time_window_mins` is set to 10 by default.

* DEV: Remove client param for push_notification_time_window_mins site setting

Co-authored-by: Bianca Nenciu <nbianca@users.noreply.github.com>

Co-authored-by: Bianca Nenciu <nbianca@users.noreply.github.com>
2022-12-19 20:17:40 +00:00
Bianca Nenciu
1ad06eb764
UX: Redesign and refactor penalty modals (#19458)
This merges the two modals code to remove duplication and implements
a more consistent design.
2022-12-19 19:36:03 +02:00
Bianca Nenciu
b80765f1f4
DEV: Remove enable_whispers site setting (#19196)
* DEV: Remove enable_whispers site setting

Whispers are enabled as long as there is at least one group allowed to
whisper, see whispers_allowed_groups site setting.

* DEV: Always enable whispers for admins if at least one group is allowed.
2022-12-16 18:42:51 +02:00
Andrei Prigorshnev
2d628c80a1
UX: rename "Do Not Disturb" to "Pause Notifications" (#19483)
We decided to rename the "Do Not Disturb" mode to "Pause Notifications". I am starting from changing strings on the client, that will update user interface. And I'm going to do renamings in frontend and backend code after some time.
2022-12-16 17:10:59 +04:00
Andrei Prigorshnev
4908a669e0
FEATURE: integrate DnD with user status (#19410)
This PR adds a new "Pause notifications" checkbox to the user status modal. This checkbox allows enabling the Do-Not-Disturb mode together with user status. Note that we don't remove and don't rename the existing DnD menu item in this PR, so the old way of entering the DnD mode is still available.

Also, we're not making DnD mode a part of user status on backend and in database. The reason is that the DnD mode should still be available on sites with disabled user status, having them separated helps keep the implementation simple.
2022-12-16 16:35:39 +04:00
Selase Krakani
382757d1bd
FEATURE: Add support for desktop push notifications in core (#19375)
* FEATURE: Add support for desktop push notifications in core

Default to push for live notifications on desktop if available and
`enable_desktop_push_notifications` site setting set to true.

This removes the need for desktop-push-notifications plugin.

* DEV: Ensure live notifications are enabled explicitly

Allow a user with push notification access who has directly
enabled notifications via the browser settings to trigger push subscription
flow.
2022-12-16 03:35:33 +00:00
Martin Brennan
624b1b3820
FIX: Remove user_option saving for bookmark auto delete pref (#19476)
We were changing the user's user_option.bookmark_auto_delete_preference
to whatever they changed it to in the bookmark modal to use as default
for future bookmarks. However this was leading to a lot of confusion
since if you wanted to set it for one bookmark you had to remember to
change it back on the next one.

This commit removes that automatic functionality, and instead moves
the bookmark auto delete preference to User Preferences > Interface
in an explicit dropdown.
2022-12-16 08:50:31 +10:00
Osama Sayegh
1c03d6f9b9
FEATURE: Send notifications to admins when new features are released (#19460)
This commit adds a new notification that gets sent to admins when the site gets new features after an upgrade/deploy. Clicking on the notification takes the admin to the admin dashboard at `/admin` where they can see the new features under the "New Features" section.

Internal topic: t/87166.
2022-12-15 20:12:53 +03:00
Kris
f01ecd1fb7
UX: update small action text to use sentence case (#19470) 2022-12-14 13:28:03 -05:00
Gerhard Schlager
4e42759caa
FIX: Use correct plural rules for Russian (#19467)
Previously this didn't work because Transifex didn't support "many".
2022-12-14 18:56:46 +01:00
Blake Erickson
5c925f2db3
FEATURE: Chat and Sidebar are now on by default (#19406)
FEATURE: Chat and Sidebar are now on by default

- Set the sidebar site setting to be enabled by default
- Set the chat site setting to be enabled by default
- Updated existing specs that assumed the original default
- Use a migration to keep old defaults for existing sites
2022-12-13 17:25:19 -07:00
Krzysztof Kotlarek
aa3a9b6fea
FEATURE: Differentiate notification type for directly vs indirectly watched topic (#19433)
When user is watching category or tag (watching or watching first post) notifications are moved to other tab.

To achieve that and distinguish between post create to directly watched topics and indirectly watched topics, new notification type called `watching_category_or_tag` was introduced.
2022-12-14 10:22:26 +11:00
Gerhard Schlager
4c20b54899
DEV: Remove unused English text (#19452) 2022-12-14 07:14:58 +08:00
Gerhard Schlager
c94401e024
DEV: Remove unused section from "Customize Theme" UI (#19449) 2022-12-13 20:13:35 +01:00
Penar Musaraj
f58eaf529f
FIX: Remove console warning for "nohighlight" (#19447) 2022-12-13 13:43:31 -05:00
Discourse Translator Bot
8b496824c3
Update translations (#19444) 2022-12-13 17:14:57 +01:00
Gerhard Schlager
f19d687f01
REFACTOR: Update Message Format strings to make them easier to read on Crowdin (#19443)
@discourse-translator-bot keep_translations_and_approvals
2022-12-13 13:30:07 +01:00
Gerhard Schlager
3f1508e72f
FIX: Restore missing text for read_more and read_more_in_category (#19440)
It was deleted by mistake while cleaning up other locale files in 3eafa39aeb
2022-12-13 11:31:12 +01:00
Jarek Radosz
f9bdda84ca
DEV: Admin webhooks interface issues (#19360)
1. The events table had broken styling, making each row overflow
2. It had confusing routes: `/:id` for "edit" and `/:id/events` for "show" (now it's `/:id/edit` and `/:id` respectively)
3. There previously was an unused backend action (`#edit`) - now it is used (and `web_hooks/:id/events` route has been removed)
4. There was outdated/misplaced/duplicated CSS
5. And more
2022-12-13 01:53:08 +01:00
Blake Erickson
de53cf7657
FEATURE: Add chat and sidebar toggles to the setup wizard (#19347)
* FEATURE: Add chat and sidebar toggles to the setup wizard

- Fix css alighnment
- Add Enable Chat Toggle
- Add Enable Sidebar Toggle

* Check for the chat plugin

* Account for new sidebar step

* update chat and sidebar description

* UI: add checkmark as a visual indicator that it is enabled

* use new navigation_memu site setting for enabling the sidebar

* fix tests

* Add tests

* Update lib/wizard/step_updater.rb

Use HEADER_DROPDOWN instead of LEGACY

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>

* Fix spec. Use HEADER_DROPDOWN instead of LEGACY

Co-authored-by: Ella <ella.estigoy@gmail.com>
Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2022-12-12 14:30:21 -07:00
Gerhard Schlager
3eafa39aeb REFACTOR: Remove updated strings from locale files and translation overrides 2022-12-12 17:01:04 +01:00
Gerhard Schlager
a13b7f36c8 REFACTOR: Reformat Message Format strings for better readability
@discourse-translator-bot keep_translations_and_approvals
2022-12-12 17:01:04 +01:00
Gerhard Schlager
15f98f727a REFACTOR: Replace unnecessary Message Format string 2022-12-12 17:01:04 +01:00
Gerhard Schlager
03f0b4f54b REFACTOR: Replace concatenated strings to simplify translation 2022-12-12 17:01:04 +01:00
Gerhard Schlager
d059c64485 REFACTOR: Update Message Format string to simplify translation 2022-12-12 17:01:04 +01:00
Gerhard Schlager
584abbda54 REFACTOR: Update Message Format string to simplify translation 2022-12-12 17:01:04 +01:00
David Taylor
2c6d6cf485
UX: Add lightbox information to max image width/height settings (#19422) 2022-12-12 11:43:27 +01:00
Tobias Eigen
1a0473e890
Make explicit that title and desc are public (#19403)
* Make explicit that title and desc are public

* also updated short_site_description 

the `short_site_description` setting is also visible to all visitors including anons so changed the description.
2022-12-10 09:58:56 -07:00
Discourse Translator Bot
5d1444e3ca
Update translations (#19401) 2022-12-09 12:01:05 +01:00
Penar Musaraj
0c50bacbc0
UX: Omit instruction note when email_time_window_mins is off (#19385)
A translator noted that this string is odd: "We'll email you immediately
if you haven't read the thing we're emailing you about." We show this
note in the user profile when the user has chosen to be emailed "only
when away" and the site has `email_time_window_mins` off. The message
essentially says that "only when away" in this particular site's config
means "Always".

I think it is best to show no description here. In an ideal world, the
"Only when away" option shouldn't be there when `email_time_window_mins`
is off. But it is rare to choose that override, and adding proper support
for that use case would be complicated.
2022-12-08 21:31:18 -05:00
Alan Guo Xiang Tan
b50d071307
DEV: Update copy for navigation_menu site setting (#19390) 2022-12-09 06:25:11 +08:00
Bianca Nenciu
187b0bfb43
FEATURE: Show similar users when penalizing a user (#19334)
* FEATURE: Show similar users when penalizing a user

Moderators will be notified if other users with the same IP address
exist before penalizing a user.

* FEATURE: Allow staff to penalize multiple users

This allows staff members to suspend or silence multiple users belonging
to the same person.
2022-12-08 14:42:33 +02:00
David Taylor
03fadf91f0
FEATURE: Optionally allow a separate s3_asset_cdn_url to be specified (#19284)
If configured, this will be used for static JS assets which are stored on S3. This can be useful if you want to use different CDN providers/configuration for Uploads and JS
2022-12-08 10:36:20 +00:00
Alan Guo Xiang Tan
fde9e6bc25
DEV: Migrate sidebar site settings (#19336)
This new site setting replaces the
`enable_experimental_sidebar_hamburger` and `enable_sidebar` site
settings as the sidebar feature exits the experimental phase.

Note that we're replacing this without depreciation since the previous
site setting was considered experimental.

Internal Ref: /t/86563
2022-12-08 09:44:29 +08:00
Michael Brown
02bfac1538
FIX: do not provide advice regarding GDPR compliance (#19358) 2022-12-08 08:37:53 +08:00
Penar Musaraj
61924b8a2a
DEV: Update error message string (#19366)
Clarifies what admin should do when permanently deleting a topic with
replies.
2022-12-08 08:34:35 +08:00
Martin Brennan
7bb5da55c6
FIX: Add translation for setting (#19372)
Followup to de080723b5
2022-12-08 10:30:19 +10:00
Martin Brennan
de080723b5
DEV: Unhide enable_experimental_hashtag_autocomplete (#19369)
This is in preparation for making this feature opt-in
2022-12-08 07:45:25 +08:00
Krzysztof Kotlarek
e313190fdb
FEATURE: better UI to manage 2fa (#19338)
In this PR, we introduced an option, that when all authenticators are disabled, but backup codes still exists, user can authenticate with those backup codes. This was reverted as this is not expected behavior.

https://github.com/discourse/discourse/pull/18982

Instead, when the last authenticator is deleted, backup codes should be deleted as well. Because this disables 2fa, user is asked to confirm that action by typing text.

In addition, UI for 2fa preferences was refreshed.
2022-12-08 09:41:22 +11:00
David Taylor
1db3a578e4
PERF: Improve Accept header handling for stylesheets and theme-js (#19357)
The default behavior for Rails is to vary the response of an endpoint based on the `Accept:` header, and therefore it returns a `Vary:` header on responses. This instructs browsers and intermediate proxies to key their caches based on the value of the request's `Accept` header. In some cases (e.g. Akamai), the presence of a `Vary` header is enough to prevent caching entirely.

This commit restructures the Rails route definitions so that:
1. The "format" segment of the route is 'required'
2. The "format" segment of the route is constrained to a single value (e.g. `js` or `css`)

Now that the routes are guaranteed to have a `:format` segment, Rails will always prioritize that over the `Accept` header, and will therefore omit the `Vary` header.

Request specs are also added to test this behaviour for both stylesheets and theme-javascripts.
2022-12-07 15:46:35 +00:00
GeckoLinux
5aaaf26636
Update server.en.yml (#19348)
Remove " on disk" from description of `maximum_backups`, because the setting also works for S3.
2022-12-07 09:38:47 +08:00
Isaac Janzen
5a40c31110
DEV: Update inappropriate flag text (#19344) 2022-12-06 12:43:46 -06:00
Roman Rizzi
9c8043a4d2
FEATURE: Enforce mention limits for chat messages (#19034)
* FEATURE: Enforce mention limits for chat messages

The first part of these changes adds a new setting called `max_mentions_per_chat_message`, which skips notifications when the message contains too many mentions. It also respects the `max_users_notified_per_group_mention` setting
and skips notifications if expanding a group mention would exceed it.

We also include a new component to display JIT warning for these limits to the user while composing a message.

* Simplify ignoring/muting filter in chat_notifier

* Post-send warnings for unsent warnings

* Improve pluralization

* Address review feedback

* Fix test

* Address second feedback round

* Third round of feedback

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2022-12-06 14:54:04 -03:00
Discourse Translator Bot
58ffa06d4a
Update translations (#19340) 2022-12-06 16:22:23 +01:00
Martin Brennan
e6f9504dd6
FEATURE: Allow user_status scope for UserApiKey (#19296)
Follow-up to 6357a3ce33
where we allowed a general API key scope for user status
GET/PUT/DELETE, this commit allows the same for the
UserApiKey system.
2022-12-06 08:56:03 +10:00
Bianca Nenciu
93859037ef
FEATURE: Improve composer warnings for mentions (#18796)
* FEATURE: Show warning if group cannot be mentioned

A similar warning is displayed when the user cannot be mentioned because
they have not been invited to the topic.

* FEATURE: Resolve mentions for new topic

This commit improves several improvements and refactors
/u/is_local_username route to a better /composer/mentions route that
can handle new topics too.

* FEATURE: Show warning if only some are notified

Sometimes users are still notified even if the group that was mentioned
was not invited to the message. This happens because its members were
invited directly or are members of other groups that were invited.

* DEV: Refactor _warnCannotSeeMention
2022-12-05 20:22:05 +02:00
Natalie Tay
d2c5c65e29
DEV: Remove unused i18n keys (#19312) 2022-12-05 22:01:54 +08:00
maiki
a72c9b96ab
UX: add target to start discussion link (#19291) 2022-12-02 13:52:40 -08:00
David Taylor
badd64ceee
PERF: Add GlobalSetting to redirect avatars instead of proxying (#19281)
When uploads are stored on S3, by default Discourse will fetch the avatars and proxy them through to the requesting client. This is simple, but it can lead to significant inbound/outbound network load in the hosting environment.

This commit adds an optional redirect_avatar_requests GlobalSetting. When enabled, requests for user avatars will be redirected to the S3 asset instead of being proxied. This adds an extra round-trip for clients, but it should significantly reduce server load. To mitigate that extra round-trip for clients, a CDN with 'follow redirect' capability could be used.
2022-12-02 10:07:25 +00:00
Penar Musaraj
4c037b9ba3
UX: Improve UI of group delete dialog (#19292) 2022-12-02 12:01:25 +08:00
Isaac Janzen
6ccc0227f3
DEV: Upgrade Topic Timeline to Glimmer (#17377)
In an effort to modernize our codebase to the latest Ember version we have selected the Topic Timeline as a candidate to be refactored. The topic timeline component was originally built with `Widgets` and this PR will upgrade it to `Glimmer Components`. 

The refactored timeline is hidden by default behind a group flag, `SiteSetting.enable_experimental_topic_timeline_groups`. Being part of a group included in this site setting will make the new timeline available for testing.

## Other points of interest

This PR introduces a `Draggable Modifier` available to all components, which will take the place of the existing _drag functionality_ exclusive to widgets. 

It can be included like so:
```
{{draggable didStartDrag=@didStartDrag didEndDrag=@didEndDrag dragMove=@dragMove }}
```
2022-12-01 13:50:44 -06:00
Selase Krakani
0ce38bd7bc
SECURITY: Restrict unlisted topic creation (#19259) 2022-12-01 10:26:35 +00:00
Osama Sayegh
23bd993164
FEATURE: Separate notification indicators for new PMs and reviewables (#19201)
This PR adds separate notification indicators for PMs and reviewables that have arrived since the last time the user opened the notifications menu.

The PM indicator is the strongest one of all three indicators followed by the reviewable indicator and then finally the blue indicator. This means that if there's a new PM and a new reviewable, then the PM indicator will be shown.

Meta topic: https://meta.discourse.org/t/no-green-or-red-notification-bubbles/242783?u=osama.

Internal topic: t/82995.
2022-12-01 07:05:32 +08:00
Roman Rizzi
9bb5cf1c46
FIX: Validate unsubscribe key has an associated user (#19262)
* FIX: Validate unsubscribe key has an associated user

* Improve error messages
2022-11-30 14:29:07 -03:00
Jan Cernik
93fcfa58d0
FIX: Improve message when posting a duplicate link (#19245)
If the duplicated link was posted by the user itself, it will display
a different JIT message.
2022-11-29 16:08:27 -03:00
Bianca Nenciu
0cc6e678bb
FIX: Show error message if no uploads are allowed (#19133)
It used to fail without displaying an error message if no upload
extensions were authorized. This also disables the button in the
first place to avoid displaying an error to the user (the error
will be displayed only when drag and dropping a file).
2022-11-29 16:58:50 +02:00
Discourse Translator Bot
cf347811c6
Update translations (#19238) 2022-11-29 15:36:51 +01:00
Bianca Nenciu
3048d3d07d
FEATURE: Track API and user API requests (#19186)
Adds stats for API and user API requests similar to regular page views.
This comes with a new report to visualize API requests per day like the
consolidated page views one.
2022-11-29 13:07:42 +02:00
Gerhard Schlager
0593e5f7c3
UX: Add instructions for multiple category emails (#19221) 2022-11-28 20:51:50 +01:00
Osama Sayegh
498fa14347
UX: Show educational messages for the likes tab when it's empty (#19180)
This commit adds some content to educate the user about the likes tab in the user menu when it's blank.
Internal topic: t/76879.
2022-11-24 22:13:21 +03:00
Andrei Prigorshnev
6357a3ce33
FEATURE: User Status API (#19149)
This adds API scope for the user status. This also adds a get method to the user status controller. We didn't need a dedicated method that returns status before because the server returns status with user objects, but I think we need to provide this method for API clients.
2022-11-24 19:16:28 +04:00
David Taylor
84bec1cbae
DEV: Cleanup legacy asset compilation gems and code (#19177)
We now use Ember CLI (core/plugins) and DiscourseJSProcessor (themes) for all Ember and template compilation. This commit removes the remnants of the legacy Sprockets-based Ember compilation system.

Sprockets, and its DiscourseJSProcess-based Babel transformations, is still in use for a few assets. Ideally that will be removed/replaced in the near future.
2022-11-24 12:13:59 +00:00
Martin Brennan
274b21663e
FIX: Experimental hashtag search result matching and limit fixes (#19144)
This changes the hashtag search to first do a lookup to find
results where the slug exactly matches the
search term. Now when we search for hashtags, the
exact matches will be found first and put at the top of
the results.

`ChatChannelFetcher` has also been modified here to allow
for more options for performance -- we do not need to
query DM channels for secured IDs when looking up or searching
channels for hashtags, since they should never show in
results there (they have no slugs). Nor do we need to include
the channel archive records.

Also changes the limit of hashtag results to 20 by default
with a hidden site setting, and makes it so the scroll for the
results is overflowed.
2022-11-24 10:07:59 +10:00
Jordan Vidrine
34e21525d0
UX: Style adjustments & addition of login button on admin invite page (#19073)
* user field label move
* more user field edits
* invite page adjustments
* caps lock adjustment


Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2022-11-23 12:06:19 +11:00
Discourse Translator Bot
3c1db9bcb6
Update translations (#19155) 2022-11-22 21:39:02 +01:00
Gerhard Schlager
c75b6cd999
UX: Update "education.dominating_topic" and raise default percentage (#19154)
See /t/82396
2022-11-22 21:11:53 +01:00
Discourse Translator Bot
2eee6fb644
Update translations (#19150) 2022-11-22 15:01:19 +01:00
Kris
69e55a0e1c
A11Y: Improve "my posts" sidebar link title (#19132) 2022-11-22 08:36:43 -05:00
TheJammiestDodger
91701d677f
FIX: Update link in group_in_subject site description (#19148)
Updates the Meta topic link in the `group_in_subject` site description
2022-11-22 10:37:09 +00:00
Kris
bb42016a72
A11Y: add title & aria-expanded for sidebar toggle (#19130) 2022-11-22 07:17:45 +08:00
Alan Guo Xiang Tan
59e02bd210
UX: Removed tracked section link from Community section in Sidebar (#19122)
Product has decided that the tracked section link provides very little
value at this moment in time so we're removing it.

See https://meta.discourse.org/t/245374 for more context.
2022-11-21 16:45:19 +08:00
Martin Brennan
d3f02a1270
FEATURE: Generic hashtag autocomplete lookup and markdown cooking (#18937)
This commit fleshes out and adds functionality for the new `#hashtag` search and
lookup system, still hidden behind the `enable_experimental_hashtag_autocomplete`
feature flag.

**Serverside**

We have two plugin API registration methods that are used to define data sources
(`register_hashtag_data_source`) and hashtag result type priorities depending on
the context (`register_hashtag_type_in_context`). Reading the comments in plugin.rb
should make it clear what these are doing. Reading the `HashtagAutocompleteService`
in full will likely help a lot as well.

Each data source is responsible for providing its own **lookup** and **search**
method that returns hashtag results based on the arguments provided. For example,
the category hashtag data source has to take into account parent categories and
how they relate, and each data source has to define their own icon to use for the
hashtag, and so on.

The `Site` serializer has two new attributes that source data from `HashtagAutocompleteService`.
There is `hashtag_icons` that is just a simple array of all the different icons that
can be used for allowlisting in our markdown pipeline, and there is `hashtag_context_configurations`
that is used to store the type priority orders for each registered context.

When sending emails, we cannot render the SVG icons for hashtags, so
we need to change the HTML hashtags to the normal `#hashtag` text.

**Markdown**

The `hashtag-autocomplete.js` file is where I have added the new `hashtag-autocomplete`
markdown rule, and like all of our rules this is used to cook the raw text on both the clientside
and on the serverside using MiniRacer. Only on the server side do we actually reach out to
the database with the `hashtagLookup` function, on the clientside we just render a plainer
version of the hashtag HTML. Only in the composer preview do we do further lookups based
on this.

This rule is the first one (that I can find) that uses the `currentUser` based on a passed
in `user_id` for guardian checks in markdown rendering code. This is the `last_editor_id`
for both the post and chat message. In some cases we need to cook without a user present,
so the `Discourse.system_user` is used in this case.

**Chat Channels**

This also contains the changes required for chat so that chat channels can be used
as a data source for hashtag searches and lookups. This data source will only be
used when `enable_experimental_hashtag_autocomplete` is `true`, so we don't have
to worry about channel results suddenly turning up.

------

**Known Rough Edges**

- Onebox excerpts will not render the icon svg/use tags, I plan to address that in a follow up PR
- Selecting a hashtag + pressing the Quote button will result in weird behaviour, I plan to address that in a follow up PR
- Mixed hashtag contexts for hashtags without a type suffix will not work correctly, e.g. #ux which is both a category and a channel slug will resolve to a category when used inside a post or within a [chat] transcript in that post. Users can get around this manually by adding the correct suffix, for example ::channel. We may get to this at some point in future
- Icons will not show for the hashtags in emails since SVG support is so terrible in email (this is not likely to be resolved, but still noting for posterity)
- Additional refinements and review fixes wil
2022-11-21 08:37:06 +10:00
Sam
4f63bc8ed2
FEATURE: hidden site setting to suppress unsecured categories from admins (#19098)
The hidden site setting `suppress_secured_categories_from_admin` will
suppress visibility of categories without explicit access from admins
in a few key areas (category drop downs and topic lists)

It is not intended to be a security wall since admins can amend any site
setting. Instead it is feature that allows hiding the categories from the
UI.

Admins will still be able to see topics in categories without explicit
access using direct URLs or flags.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2022-11-18 14:37:36 +11:00
Kris
a6c787345c
UX: reorganize user prefs for experimental user nav (#18764)
Trying out changes to reduce the number of nav items in the experimental horizontal user nav. These changes should only appear with the redesigned_user_page_nav_enabled feature flag.

1. Created a new "Tracking" route. This combines some tracking-related settings from Notifications and Category and Tag tracking (which were separate tabs previously). Don't love the layout yet, but it's something that we can work on.

2. Moved some user-related settings out of Notifications and to the
Users tab. These seem more user-related to me, and it's nice that we can
associate enabling messages with the setting to limit who can send
messages.

3. Moved the App tab (lists app permissions) to be within the Security tab. It's very similar to Recently Used Devices.
2022-11-18 09:09:04 +08:00
Meghna
040136675b
UX: better email login pages (#19058)
* UX: better email login pages

* Update error message for email login error
2022-11-17 13:09:39 +05:30
Martin Brennan
40e8912395
FIX: Invite redemption error if user had already redeemed (#19070)
When opening the invite acceptance page when the user
was already logged in, we were still showing the Accept
Invitation prompt even if the user had already redeemed
the invitation and was present in the `InvitedUser` table.

This would lead to errors when the user clicked on the button.

This commit fixes the issue by hiding the Accept Invitation
button and showing an error message instead indicating that
the user had already redeemed the invitation. This only applies
to multi-use invite links.
2022-11-17 15:51:58 +10:00
Penar Musaraj
19158cde53
Add search tip for @me shortcut (#19062) 2022-11-16 15:19:34 -05:00
Kris
a5f2099884
A11Y: add live area for search menu, labels (#19061) 2022-11-16 14:02:39 -05:00
Bianca Nenciu
9f3371f367
DEV: Remove old "first notification" tutorial (#19036)
It was replaced by the new "first notification" user tip.
2022-11-16 14:35:18 +02:00