ReviewableScore#types extend the PostActionTypes with their own, storing the result inside a class variable. To avoid overwriting an existing flag, we need to calculate the next flag ID using these types instead of the PostAction ones. Since we first call the score types to calculate the id, this list gets memoized, leaving us with an outdated list.
To fix this, we now reload ReviewableScore#types after replacing flags.
* When we refactored away the admin-login route we introduced a bug where admins could not log into an SSO enabled site, because of a check in the email_login route that disallowed this.
* Allow admin to get around this check.
* DEV: Fix the function prototype observers deprecation
DEPRECATION: Function prototype extensions have been deprecated, please migrate from function(){}.observes('foo') to observer('foo', function() {}). [deprecation id: function-prototype-extensions.observes] See https://deprecations.emberjs.com/v3.x/#toc_function-prototype-extensions-observes for more details.
* DEV: Fix the function prototype event listeners deprecation
DEPRECATION: Function prototype extensions have been deprecated, please migrate from function(){}.on('foo') to on('foo', function() {}). [deprecation id: function-prototype-extensions.on] See https://deprecations.emberjs.com/v3.x/#toc_function-prototype-extensions-on for more details.
* DEV: Simplify `default as` imports
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
This breaking change was originally a deprecation fix for overriding a computed property `none`.
There are 4 uses of `rootNone` in core and "all-the-plugins":
1. in discourse-chat-integration, admin-plugins-chat-edit-rule.hbs - changed behavior, that I'd consider a fix - `rootNoneLabel` is now used regardless of `siteSettings.allow_uncategorized_topics` value, which I believe was an originally intended behavior (i.e. it most likely hasn't been tested with disabled uncategorized topics)
2. in discourse-slack-official, plugins-slack.hbs - the same as 1.
3. in core, edit-category-general.hbs (in this PR) - no change in behavior
4. in discourse-googlebooks, edit-category-general.hbs - no change in behavior (since `allowUncategorized="true"` is also passed as an argument)
* when we dragged the topic-timeline handle past the last post
in a topic we were not closing the timeline as we would if
scrolling to a specific post
* this also fixes the issue where when scrolling past the end of
the topic with a massive last post, none of the post could be
seen
### General Changes and Duplication
* We now consider a post `with_secure_media?` if it is in a read-restricted category.
* When uploading we now set an upload's secure status straight away.
* When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file.
* Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is).
* When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload.
### Viewing Secure Media
* The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions
* If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor`
### Removed
We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled.
* We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context.
* We no longer have to set `secure: false` for uploads when uploading for a theme component.
FIX: raised a proper NotFound exception when filtering groups by username with invalid username.
FIX: properly filter the groups based on current user visibility when viewing another user's groups.
DEV: Guardian.can_see_group?(group) is now using Guardian.can_see_groups(groups) instead of duplicating the same code.
FIX: spec for groups_controller#index when group directory is disabled for logged in user.
FIX: groups_controller.sortable specs to actually test all sorting combinations.
DEV: s/response_body/body/g for slightly shorter spec code.
FIX: rewrote the "view another user's groups" specs to test all group_visibility and members_group_visibility combinations.
DEV: Various refactoring for cleaner and more consistent code.
* UI: Mass grant a badge from the admin ui
* Send the uploaded CSV and badge ID to the backend
* Read the CSV and grant badge in batches
* UX: Communicate the result to the user
* Don't award if badge is disabled
* Create a 'send_notification' method to remove duplicated code, slightly shrink badge image. Replace router transition with href.
* Dynamically discover current route
Now that the spec is finished use the unprefixed API, which was also moved
from window to navigator.
Still uses feature detection so it fail gracefully when not available in
the user agent.
The previous concurrency-safe implementation relied on catching an
index conflict and following through appropriately. Unfortunately
those conflicts were logged to Postgres and there is no easy way
to turn them off.
This solution approaches the problem differently. It should still
be safe under concurrency and not log errors.
When using the login confirmation screen, the referrer URL is `/auth/{provider}`. That means that the user is redirected back to the confirmation screen after logging in, even though login was successful. This is very confusing. Instead, they should be redirected to the homepage.
This can be used for themes/plugins to specify additional URL parameters to be used when starting authentication. Example usage:
```
LoginMethod.findAll()[0].doLogin({params: {mydata: "myvalue"}});
```
Using the rails `form_tag` helper generates a form with the action attribute set to the current URL (without parameters). In this case, we want to include any GET parameters, so it is better to exclude the action attribute from the form tag, and allow browsers to submit to the current URL.
* Make scrolling to bottom post in topic more consistent
* when using the slider to scroll past the bottom post,
we now scroll to the bottom of the post/page IF the
post height is > the window height (e.g. really long
posts). if the post height is smaller, then we lock
onto and jump to the top of the post
* this also removes the mobile hack that would always jump
to the top of the last post on mobile
* Prettier lint
* Reapply "Rename 'target usernames' with 'target recipients' in Composer"
This reverts commit 9fe11d0fc3 which
reverted ebb288dc2c.
* DEV: Add test for replying to PM
I was playing with groups locally and saw this line. I suspect this method isn't needed at all because I don't see any reference to it anywhere in the code, and as far as I know ActiveRecord objects don't have an `id!` method so if this method is called dynamically somewhere it's most likely failing.
if SiteSetting.secure_media is disabled we still want to
redirect to the signed url for uploads that are marked as
secure because their ACLs are probably still private
* Add a rake task to disable secure media. This sets all uploads to `secure: false`, changes the upload ACL to public, and rebakes all the posts using the uploads to make sure they point to the correct URLs. This is in a transaction for each upload with the upload being updated the last step, so if the task fails it can be resumed.
* Also allow viewing media via the secure url if secure media is disabled, redirecting to the normal CDN url, because otherwise media links will be broken while we go and rebake all the posts + update ACLs
* DEV: Remove buffered rendering from topic-list-item
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: 1c7305c0f1 in this
series.
This is just a refactor and should not change any functionality.
* apply prettier fix
* update syntax
* Use computed properties where possible
* switch to using didReceiveAttrs
* Simplify topic.pinned observer
43ddf60cdf introduced a new method for dismissing new topics in topic-tracking-state, which works on a per-category basis.
This commit removes the old mechanism, which was to delete all 'new' topics from the local tracking state, regardless of category.
6e1fe22 introduced the possiblity for category_users to have a NULL notification_level, so that we can store `last_seen_at` dates without locking the notification level. At the time, this did not affect the topic-tracking-state query. However, the query changes in f434de2 introduced a slight change in behavior.
Previously, a subquery would look for a category_user with notification_level=mute. f434de2 refactored this to remove the subquery, and inverted some of the logic to suit.
The new query checked for `notification_level <> :muted`. If `notification_level` is NULL, this comparison will return NULL. In this scenario, notification_level=NULL means that we should fall back to the default tracking level (regular), and so we want the expression to resolve as true, not false. There was already a check for the existence of the category_users row, but it did not check for the existence of a NOT NULL notification_level.
This commit amends the expression so that the notification_level will only be compared if it is non-null.
Providing invalid dates as the end_date or start_date param causes a 500 error and creates noise in the logs. This will handle the error and returns a proper 400 response to the client with a message that explains what the problem is.
Page used to jitter when oneboxes loaded images lazily.
Previously we inserted the the "shadow" loading image before the "real" image.
This meant that certain styling with `firstChild` CSS selectors would apply
incorrectly to the shadow image.
Additionally we had special case code for onebox and quoted images that was
not really needed due to this fix.
We had an old fix that used computed style for image height and width in
specific scenarios, we now run it all the time.
On slow devices there was a possibility that the cache fetch after amending
src at the end of the process would cause a flash, this is avoided using a
new onload handler.
This is required for people using apps with custom protocols. We still verify the entire URL (including protocol) against the site setting value.
Refactored wildcard_url_checker so that it always returns a boolean, rather than sometimes returning a regex match.
Under rare conditions due to bad HTTP timing and so on a draft could be
set at the exact same time from 2 unicorn workers.
When this happened and all the stars aligned, one of the sets would win
and the other would raise an error.
This transparently handles the situation without adding any cost to the
draft system.
The alternative is to add a distributed mutex, tricky DB transaction or handle
the error in the controller. However this seems like a reasonable way to
work around a pretty big edge case.
Plugins like https://github.com/discourse/discourse-calendar add extra HTML (e.g. icons) to user/group mentions. Clicking on those extra elements used to only flash a blank card. Now, the card opens properly.
- Refactor source_url to avoid using eval in development
- Precompile handlebars in development
- Include template compilers when running qunit
- Remove unsafe-eval in development CSP
- Include unsafe-eval only for qunit routes in development
Previously, categories without any topics were being excluded from the UPDATE query. This means the counter gets stuck, and the category cannot be deleted. This change ensures that the counters get correctly set to zero.
`highlight` was called from `didInsertElement` which technically doesn't ensure the list is rendered. By wrapping the highlighting code in `afterRender` we ensure it works more consistently.
Our current topic admin menu is not always fully visible on a mobile
device, therefore some options are difficult to click.
To solve this issue, we can display the admin menu on the bottom of the
screen on mobile devices.
- Ensure that the 'notify_moderators' flag is always the last flag when using custom flags.
- Support passign a custom FlagSettings object when replacing flags to reuse existing ones.
* FEATURE: allows plugins to add a global notice
Usage:
```
api.addGlobalNotice(id, text, options = {});
```
Options can be:
```
dismissable // Will display a button to hide the notice if true
html // will prepend html to the next if present
level // alert level, will usee css class of alert component
persistentDismiss // if true won't show notice again on reload
onDismiss // execute a custom action on dismiss
visibility // defines custom logic for notice visibility
```
Co-authored-by: Robin Ward <robin.ward@gmail.com>
Changelog is available here - https://github.com/necolas/normalize.css/blob/master/CHANGELOG.md
I decided that the easiest way to ensure it works would be checking different browsers. It looked good to me on Chrome, Firefox, Edge and IE 11. In addition, I checked 3 random themes.
The bug mentioned here
https://meta.discourse.org/t/badge-not-triggering/135896/8
Basically, descriptions for 3 badges: "Out of Love", "Higher Love" and
"Crazy in Love" are granted based on on "max_likes_per_day" and the
description should reflect that.
* FIX: category routes model params should decode their URL parts
Ember's route star globbing does not uri decode by default. This is
problematic for subcategory globs with encoded URL site settings enabled.
Subcategories with encoded URLs will 404 without this decode.
I found this https://github.com/tildeio/route-recognizer/pull/91
which explicitly explains that globbing does not decode automatically.
This was re-encoding the search slug each loop - if the category list was not
the first category in the list, it'd continually search with a re-encoded search
term from the previous iteration. This results in ember 404ing when navigating
to raw encoded category slugs of the form /c/encoded-slug-with-non-ascii
that have no ID attached.
Restore tl3 reachability by calculating penalty counts vs unsuspend/unsilence.
Only count unsuspend or unsilences that have been made by a user other than
the Discourse system user.
This commit fe9293b8b5 created a regression.
The problem is that dom changed a little bit.
Before it was
```
<tr class="instructions create-account-email">
<td></td>
<div id="account-email-validation" class="tip bad ember-view"></div>
<td><label>Never shown to the public.</label></td>
</tr>
```
And after we got
```
<tr class="instructions create-account-email">
<td></td>
<div id="account-email-validation" class="tip bad ember-view"> </div>
<td><label>Never shown to the public.</label></td>
</tr>
```
That small space may look like not important change.
However, now helpers are hitting that CSS rule:
```
.login-form {
.tip {
&:not(:empty) + td {
display: none;
}
}
```
To fix it, we should render template only if there is a reason - like it was before
```
if (reason) {
buffer.push(iconHTML(this.good ? "check" : "times") + " " + reason);
}
```
* FIX: remove rerenderTriggers
A small fix for Basic User Serializers where some downstream serializers do not correctly set user objects. This caused some issues in certain plugins that depend on the user method to return a user.
- Using h4 instead of h3 for sub-categories.
- Show category description if it does not have subcategories.
- Implemented equivalent for mobile-view.
- Include description_excerpt in basic serializer. This is needed for
displaying second-level categories in category list.
Follow-up to 9253cb79e3.
The maximum level used to be one, which meant that a category could be
either a parent or a child. If it was a parent, the subcategories were
shown; if it was a child then the parent selector was shown.
With multiple levels of nesting, a category can be both a parent and a
child.
There is a problem that if you read all messages, even when a new one
arrives, the button on the top is not showing.
This is because once the button got `hidden` class, a label under is
properly updated, however, the class is not removed.
Therefore, I added computed isHidden function which is recalculated when
`count` change.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: 006e5904be in this
series.
This commit affects the icons next to the topic title that indicate if
it is closed, unlisted, pinned, etc. It is just a refactor and should
not change any functionality.
Originally I was going to continue to use the existing
topic-status-icons arrayProxy helper but this would require using
observers, so I opted instead to use computed properties and have a bit
larger hbs template.
The ROTP gem is only used in a very small amount of places in the app, we don't need to globally require it.
Also set the Addressable gem to not have a specific version range, as it has not been a problem yet.
Some slight refactoring of UserSecondFactor here too to use SecondFactorManager to avoid code repetition
SingleSignOnProvider is expecting a sso param later in the chain. If sso param is not found it will cause a 500 with the following exception: `NoMethodError (undefined method `unpack1' for nil:NilClass)` as `set_return_sso_url` is attempting to decode it: https://github.com/discourse/discourse/blob/master/lib/single_sign_on_provider.rb#L19
Adds a custom bookmark-clock icon to discourse-additional.svg for use with the new bookmarks with reminder functionality.
Also add some code to correctly refresh the post-stream icon for bookmark to show the clock after save.
The trouble with having:
/tags/:tag_id/...
and:
/tags/intersection/*tag_ids
for example, is: what happens if you want a tag called intersection?
Under this new scheme. Routes referring to a single tag are unambiguous
because they are prefixed with:
/tag/:tag_id
Routes referring to the collection of tags still start with:
/tags/
This commit just adds the new routes. It doesn't remove the old ones or
cause the new ones to be used.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: ea6326c860 in this
series.
This commit affects the top menu buttons. It is just a refactor and
should not change any functionality.
When using api.decorateWidget("topic-admin-menu:adminMenuButtons") in plugins, an empty button is added if the helper only returns attributes based on a condition (for example, if the admin action is limited to public topics.) In that case, we need to exclude the button from rendering.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: f5cca4930d in this
series.
This commit affects the display of some of the unread, new, and unseen
badges in topic lists like when then "show subcategory list above topics
in this category" option is checked.
API keys are now only visible when first created. After that, only the first four characters are stored in the database for identification, along with an sha256 hash of the full key. This makes key usage easier to audit, and ensures attackers would not have access to the live site in the event of a database leak.
This makes the merge lower risk, because we have some time to revert if needed. Once the change is confirmed to be working, we will add a second commit to drop the `key` column.
Hide old bookmark post-menu item if the site setting for the new bookmark reminders is enabled and change icon for the new bookmark functionality to the same as the old bookmark button
Fix null @topic_view error in post serializer for post_bookmark, as new posts do not have a @topic_view
The following methods have long been deprecated in ruby due to flaws in their implementation per http://blade.nagaokaut.ac.jp/cgi-bin/vframe.rb/ruby/ruby-core/29293?29179-31097:
URI.escape
URI.unescape
URI.encode
URI.unencode
escape/encode are just aliases for one another. This PR uses the Addressable gem to replace these methods with its own encode, unencode, and encode_component methods where appropriate.
I have put all references to Addressable::URI here into the UrlHelper to keep them corralled in one place to make changes to this implementation easier.
Addressable is now also an explicit gem dependency.
* DEV: Remove unused omit_stats variable from user serializer
This was hard-coded to true in a8b5192efd, and is no longer used anywhere
* Remove attribute declarations
When uploading a theme/component, depending on the extension of the
file and the OS/Browser being used, the content type might differ.
This adds the "application/x-zip-compressed" content type that is being
sent by most Browsers on latest Windows when uploading a .zip file.
* i was incorrectly toggling the transformed post property
instead of the actual property in the emberjs post model
which broke the bookmark/unbookmark functionality
Note: All of this functionality is hidden behind a hidden, default false, site setting called `enable_bookmarks_with_reminders`. Also, any feedback on Ember code would be greatly appreciated!
This is part 1 of the bookmark improvements. The next PR will address the backend logic to send reminder notifications for bookmarked posts to users. This PR adds the following functionality:
* We are adding a new `bookmarks` table and `Bookmark` model to make the bookmarks a first-class citizen and to allow attaching reminders to them.
* Posts now have a new button in their actions menu that has the icon of an actual book
* Clicking the button opens the new bookmark modal.
* Both name and the reminder type are optional.
* If you close the modal without doing anything, the bookmark is saved with no reminder.
* If you click the Cancel button, no bookmark is saved at all.
* All of the reminder type tiles are dynamic and the times they show will be based on your user timezone set in your profile (this should already be set for you).
* If for some reason a user does not have their timezone set they will not be able to set a reminder, but they will still be able to create a bookmark.
* A bookmark can be deleted by clicking on the book icon again which will be red if the post is bookmarked.
This PR does NOT do anything to migrate or change existing bookmarks in the form of `PostActions`, the two features live side-by-side here. Also this does nothing to the topic bookmarking.
It's possibly that when trying to upload a backup the free space check
will output scientific notation resulting in an incorrect "There is not
enough space on disk" error.
The free space check uses the Linux `print` command which could return a
number using scientific notation like `1.60459e+10` and when ruby
converts it to an integer it will have the value of `1` instead of
`16045879296`. Which means even though you have 16GB of free space you
could not upload a 1GB backup file.
This commit uses the `printf` command instead which allows you to
specify that you do not want scientific notation.
I'm not sure why this hasn't been an issue before, but I was
experiencing it locally in development.
But the "synonyms" can't use the TagSerializer yet. We still have some
code from the discourse-tagging plugin that uses "text" instead of
"name", "count" instead of "topic_count", etc. We should make the js
consistent with the TagSerializer and then stop using tag_counts_json.
Ember was throwing this error preventing the reorder categories feature
from working:
```
access theidproperty (of <(unknown):ember1803>). ... the object in question
is a special kind of Ember object (a proxy). Therefore, it is still necessary
to use.get('id')in this case.
```
So I updated it to use the `get` method
https://api.emberjs.com/ember/3.14/functions/@ember%2Fobject/get
Follow up to: 6e5fedb312
If for some reason an URL was create in this format:
```
?slug[]=foo&slug[]=bar
```
This would have create an exception of this kind:
```
NoMethodError (undefined method `tr' for ["foo", "bar"]:Array
Did you mean? try)
```
We like to stay as close as possible to latest with rubocop cause the cops
get better.
This update required some code changes, specifically the default is to avoid
explicit returns where implicit is done
Also this renames a few rules
When the tag is muted and topic contains that tag, we should not mark that message as NEW.
There are 3 possible settings which site admin can set.
remove_muted_tags_from_latest - always
It means that if the topic got at least one muted tag, we should not mark that topic as NEW
remove_muted_tags_from_latest - only muted
Similar to above, however, if at least one tag is not muted, the topic is marked as NEW
remove_muted_tags_from_latest - never
Basically, mute tag setting is ignored and all topics are set as NEW
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: da66950cf5 in this
series.
This commit affects the display of the backup logs. It is just a
refactor and does not change any functionality.
When a component is installed and not assigned to any theme and the user is changing page, we should display a warning.
If the user decides to skip warning or come back later, a warning should not be shown anymore.
Also, when the user clicks "delete" button right after installation, warning about forgotten themes should not be shown.
Fixes an issue where updates to the first post in a topic would be visible only for staff.
Before, because the empty tag would find its way to `PostRevisor`, `TopicsController#update` would create a hidden revision, and later `PostsController#update` would only update that revision.
After this change, `TopicsController` doesn't create a revision at all (unless necessary), so `PostsController` can create it (and correctly decide whether the revision should be hidden or not).
* DEV: Add API to alter uploads Markdown
* DEV: Extract data attributes from image / download Markdown
For example '[test|attachment|hello=world]' will generate an 'a' element
with a data attribute: 'data-hello=world'.
This commit also makes MarkdownIt to transform '|attachment' into
'class="attachment"'. This transformation used to be a part of the
process which resolves short URLs (i.e. upload://).
* DEV: Export imageNameFromFileName
This reapplies commit b643526d9a after
being reverted in commit f65c453555.
Unlike the original commit, this does a single pass and does not take
into account unfinished code blocks.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: 54e4559aea in this
series.
This commit affects the display of the backup upload progress bar. It is
just a refactor and does not change any functionality.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: f269e45978 in this
series.
This commit affects the display of topic timers. It is just a refactor
and does not change any functionality.
When uploading an image file with dots in the filename we were splitting the string on dots and getting the last of the split items as the extension-less filename. However this did not work with filenames that have dots. We now just remove the extension using substr.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: fe9293b8b5 in this
series.
This commit affects the display of popup input tips, like in the
composer when the title is too short or too long. It is just a refactor
and does not change any functionality.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: 2290ec9e87 in this
series.
This commit affects the display of input tips. It is just a refactor and
does not change any functionality.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: 80f4b9e227 in this
series.
This commit affects the display of translated counts that is used in
multiple places like showing how many posts are selected using the
select posts feature on a topic. It is just a refactor and does not
change any functionality.
This feature adds the ability to define synonyms for tags, and the ability to merge one tag into another while keeping it as a synonym. For example, tags named "js" and "java-script" can be synonyms of "javascript". When searching and creating topics using synonyms, they will be mapped to the base tag.
Along with this change is a new UI found on each tag's page (for example, `/tags/javascript`) where more information about the tag can be shown. It will list the synonyms, which categories it's restricted to (if any), and which tag groups it belongs to (if tag group names are public on the `/tags` page by enabling the "tags listed by group" setting). Staff users will be able to manage tags in this UI, merge tags, and add/remove synonyms.
* FEATURE: ability to add all active components to theme
* FIX: add a component to all themes takes only active ones
* FIX: move select components/themes to top
* FIX: improve defaultIsAvailable
* FIX: Add filter(Boolean) and remove btn class
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: bb31e7f5b6 in the series.
This commit affects the display of the Webhooks Deliver Status column. It
is just a refactor and does not change any functionality.
