Commit Graph

31547 Commits

Author SHA1 Message Date
dependabot[bot]
385401d75c
Build(deps-dev): Bump webpack from 5.90.2 to 5.90.3 in /app/assets/javascripts (#25746)
* Build(deps-dev): Bump webpack in /app/assets/javascripts

Bumps [webpack](https://github.com/webpack/webpack) from 5.90.2 to 5.90.3.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.90.2...v5.90.3)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-19 23:13:34 +01:00
dependabot[bot]
9e4e085666
Build(deps): Bump @uppy/drop-target from 2.0.1 to 2.0.3 in /app/assets/javascripts (#25747)
* Build(deps): Bump @uppy/drop-target in /app/assets/javascripts

Bumps [@uppy/drop-target](https://github.com/transloadit/uppy) from 2.0.1 to 2.0.3.
- [Release notes](https://github.com/transloadit/uppy/releases)
- [Changelog](https://github.com/transloadit/uppy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/transloadit/uppy/compare/@uppy/drop-target@2.0.1...@uppy/drop-target@2.0.3)

---
updated-dependencies:
- dependency-name: "@uppy/drop-target"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-19 23:13:12 +01:00
Krzysztof Kotlarek
b215aac317
DEV: remove unused isInAnyGroups function (#25741)
Recently we changed the code to check permission in the backend. Example PR https://github.com/discourse/discourse/pull/25735

After those changes, `isInAnyGroups` and `userInAnyGroups` functions are not used anymore.
2024-02-20 09:08:46 +11:00
Blake Erickson
5ebe91a9a4
FIX: Set the video background to be black (#25744)
If you upload a portrait video or just a video that doesn't fit in the
normal video dimensions we want it to have a black background instead of
trying to render parts of the placeholder image as the video background.

This change removes the placeholder image for the video background when
the play button is clicked and replaces it with an all black background.
2024-02-19 12:46:45 -07:00
Krzysztof Kotlarek
fc9648578b
DEV: Make more group-based settings client: false (#25735)
Affects the following settings:

delete_all_posts_and_topics_allowed_groups
experimental_new_new_view_groups
enable_experimental_admin_ui_groups
custom_summarization_allowed_groups
pm_tags_allowed_for_groups
chat_allowed_groups
direct_message_enabled_groups
chat_message_flag_allowed_groups

This turns off client: true for these group-based settings,
because there is no guarantee that the current user gets all
their group memberships serialized to the client. Better to check
server-side first.
2024-02-19 13:25:59 +11:00
dependabot[bot]
4462635dff
Build(deps-dev): Bump sass from 1.70.0 to 1.71.0 in /app/assets/javascripts (#25729)
* Build(deps-dev): Bump sass in /app/assets/javascripts

Bumps [sass](https://github.com/sass/dart-sass) from 1.70.0 to 1.71.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.70.0...1.71.0)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-19 09:13:04 +08:00
dependabot[bot]
700045b449
Build(deps-dev): Bump qunit from 2.20.0 to 2.20.1 in /app/assets/javascripts (#25730)
* Build(deps-dev): Bump qunit in /app/assets/javascripts

Bumps [qunit](https://github.com/qunitjs/qunit) from 2.20.0 to 2.20.1.
- [Release notes](https://github.com/qunitjs/qunit/releases)
- [Changelog](https://github.com/qunitjs/qunit/blob/main/History.md)
- [Commits](https://github.com/qunitjs/qunit/compare/2.20.0...2.20.1)

---
updated-dependencies:
- dependency-name: qunit
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-19 09:12:42 +08:00
Sam
9372404a31
FIX: full post jump not working (#25734)
Full post jump "SHIFT+K/J" not working if related topics are displayed

Amended logic so we unconditionally use full post jump on topic pages by
checking for .post-stream
2024-02-19 09:16:46 +11:00
Ella E
e4b6142d6a
UX: Tweaks on the admin sidebar (#25717) 2024-02-16 14:28:25 -07:00
Blake Erickson
ffac012bbc
FIX: Add a boarder around the video placeholder play button (#25727)
The video placeholder play button is white, so on a video placeholder
that is also white it is very hard to see where the play button is, so
this change adds a dark grey transparent background to the play button
so that it stands out. This is similar to how we have done the
play/pause button on animated gifs.
2024-02-16 13:48:57 -07:00
Penar Musaraj
e497f6bf9b
UX: Allow resetting password when confirming session (#25708)
This is particularly useful in scenarios where 2FA is enforced and users have forgotten their password.
2024-02-16 12:18:07 -05:00
Bianca Nenciu
a24d110258
FIX: Preload parent categories for sidebar (#25726)
When "lazy load categories" is enabled, only the categories present in
the sidebar are preloaded. This is insufficient because the parent
categories are necessary too for the sidebar to be rendered properly.
2024-02-16 16:39:18 +02:00
David Taylor
1672a24490
DEV: Memoize CSP nonce placeholder on response (#25724)
That way, the same value is used even if the helper is called in the context of different controllers

Followup to c8a1b49ddd
2024-02-16 12:15:55 +00:00
David Taylor
b1f74ab59e
FEATURE: Add experimental option for strict-dynamic CSP (#25664)
The strict-dynamic CSP directive is supported in all our target browsers, and makes for a much simpler configuration. Instead of allowlisting paths, we use a per-request nonce to authorize `<script>` tags, and then those scripts are allowed to load additional scripts (or add additional inline scripts) without restriction.

This becomes especially useful when admins want to add external scripts like Google Tag Manager, or advertising scripts, which then go on to load a ton of other scripts.

All script tags introduced via themes will automatically have the nonce attribute applied, so it should be zero-effort for theme developers. Plugins *may* need some changes if they are inserting their own script tags.

This commit introduces a strict-dynamic-based CSP behind an experimental `content_security_policy_strict_dynamic` site setting.
2024-02-16 11:16:54 +00:00
Osama Sayegh
9329a5395a
FEATURE: Groundwork for schema theme settings UI (#25673)
This commit is the first of a series of commits that will allow themes to define complex settings types by declaring a schema of the setting structure that Discourse core will use to build a UI for the setting automatically. We implement the navigation logic and support for multiple levels of nesting in this commit and we'll continue building this new system gradually in future commits.

Internal topic: t/116870.
2024-02-16 09:31:49 +03:00
Martin Brennan
5935148bd8
FIX: Respect homepage prefs on admin sidebar Back to Forum link (#25642) 2024-02-16 14:31:42 +10:00
Martin Brennan
ae24e04a5e
DEV: Add a plugin modifier for user_action_stream_builder (#25691)
Reactions needs this to be able to filter out likes received
actions, where there is also an associated reaction, since
now most reactions also count as a like.
2024-02-16 10:24:39 +10:00
Alan Guo Xiang Tan
cc9480b24a
PERF: Use -ping option to ImageMagick identify command (#25713)
Why this change?

This adds the `-ping` option to the spots we missed in
cfdb461e9a.
2024-02-16 07:39:49 +08:00
Sam
9e5e5d4078
FEATURE: shift+j and shift+k will scroll entire posts (#25684)
* FEATURE: shift+j and shift+k will scroll entire posts

When scrolling through topics with very long posts we would like to use
`shift+j` and `shift+k` to quickly move between posts.

This allows users to bypass the scroll within post behavior when zooming
through topics with keyboard shortcuts

This overloads the behavior of shift+k and j which can be used to scroll
through sections (new/latest/etc...)

* remove useless tests

These tests are testing nothing, no point carrying them around
2024-02-16 08:50:29 +11:00
dependabot[bot]
ef59fcea68
Build(deps): Bump terser from 5.27.0 to 5.27.1 in /app/assets/javascripts (#25711)
* Build(deps): Bump terser in /app/assets/javascripts

Bumps [terser](https://github.com/terser/terser) from 5.27.0 to 5.27.1.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.27.0...v5.27.1)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-15 22:34:05 +01:00
dependabot[bot]
fe0a36eee0
Build(deps-dev): Bump webpack from 5.90.1 to 5.90.2 in /app/assets/javascripts (#25710)
* Build(deps-dev): Bump webpack in /app/assets/javascripts

Bumps [webpack](https://github.com/webpack/webpack) from 5.90.1 to 5.90.2.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.90.1...v5.90.2)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-02-15 22:33:45 +01:00
Kris
5e59f1f22f
DEV: add matching plugin outlet to mobile template (#25706) 2024-02-15 16:01:56 -05:00
Isaac Janzen
5a67c8f0ca
UX: Show search history for more contexts (#25705)
Add search history to 👇 contexts:

  - "topic",
  - "category",
  - "tag",
  - "tagIntersection",
  - "user",
  
  We display the search history when no search term is present.
  
  # Demo

https://github.com/discourse/discourse/assets/50783505/c720f70e-0c4c-4dbd-9f28-8b046deef674
  
  ## Topic
<img width="1003" alt="Screenshot 2024-02-15 at 12 36 37 PM" src="https://github.com/discourse/discourse/assets/50783505/5a254d94-2489-4c0f-976d-0eb1e2d6d775">


  ## Category
<img width="1003" alt="Screenshot 2024-02-15 at 12 36 23 PM" src="https://github.com/discourse/discourse/assets/50783505/247ec625-0bc2-431b-ae4f-b4e664647cfe">


  ## Tag  
<img width="1020" alt="Screenshot 2024-02-15 at 12 35 50 PM" src="https://github.com/discourse/discourse/assets/50783505/e416a935-00c2-4e8a-aef4-8de6903864bf">


  ## Tag Intersection
<img width="1004" alt="Screenshot 2024-02-15 at 12 35 28 PM" src="https://github.com/discourse/discourse/assets/50783505/d06cb287-52dd-4df4-ade8-75f30f67f07e">

  
  ## User
  <img width="1001" alt="Screenshot 2024-02-15 at 12 34 51 PM" src="https://github.com/discourse/discourse/assets/50783505/85a7a682-46f5-404c-a441-affb6bad05b6">
2024-02-15 13:25:50 -07:00
Isaac Janzen
45a130e696
FIX: Make recent search items populate input with value (#25704)
- Make clicking a recent search item populate the search input with said value
- Don't add empty search strings to recent search history.
2024-02-15 12:18:35 -07:00
Penar Musaraj
974b3a2a6f
DEV: Do not require session confirmation for new users (#24799)
When making sensitive changes to an account (adding 2FA or passkeys), we
require users to confirm their password. This is to prevent an attacker
from adding 2FA to an account they have access to.

However, on newly created accounts, we should not require this, it's an
extra step and it doesn't provide extra security (since the account was
just created). This commit makes it so that we don't require session
confirmation for accounts created less than 5 minutes ago.
2024-02-15 12:29:16 -05:00
Kris
9374baab93
UX: clean up some label and form inconsistencies, reduce excess bolding (#25701) 2024-02-15 11:27:51 -05:00
Osama Sayegh
cfdb461e9a
PERF: Pass the -ping option to the identify ImageMagick command to speed it up (#25697)
The `-ping` option significantly speeds up the ImageMagick `identify` command per our testing and the [documentation](https://imagemagick.org/script/command-line-options.php#ping):

> -ping
Efficiently determine these image characteristics: image number, the file name, the width and height of the image, whether the image is colormapped or not, the number of colors in the image, the number of bytes in the image, the format of the image (JPEG, PNM, etc.). Use +ping to ensure accurate image properties.

We already pass the `-ping` option in other places where the `identify` command is used, so it makes sense to use the option everywhere.

Internal topic: t/121431.
2024-02-15 18:55:39 +03:00
Jarek Radosz
368551da2f
FIX: A regression in b797434 (#25694)
This resulted in showing the unread count on the "Latest" nav item on desktop.
2024-02-15 11:45:36 +01:00
Sam
4346abe260
FEATURE: apply pinning to hot topic lists (#25690)
pinned topics should be pinned even on hot lists so it can be used as a
home page
2024-02-15 18:27:54 +11:00
Penar Musaraj
c1577019c8
DEV: Add post_id parameter to reset_bump_date route (#25372)
This would allow a theme component (or an API call) to reset the bump
date of a topic to a given post's created_at date.

I picked `post_id` as the parameter here because it provides a bit of
extra protection against accidentally resetting the bump date to a date
that doesn't make sense.
2024-02-15 16:42:42 +11:00
Isaac Janzen
e54c07cf49
FIX: Make similar topics selectable (#25682)
I attempted to add a test for related topics, as they are untested. This was a massive challenge as related topics are only rendered after 
- a user has stopped typing
- there is a timeout after typing

Between system tests, acceptance tests, and stubbing requests, this was difficult. So here is the pr san test.
2024-02-14 16:01:30 -07:00
Kris
41cd01c83a
UX: fix group search result alignment and styles (#25681) 2024-02-14 17:51:44 -05:00
Alan Guo Xiang Tan
a8b4d2e82c
DEV: Drop distributed mutex fromSidebarSiteSettingsBackfiller#backfill! (#25674)
Why this change?

Backfilling can take a long time on a site with many users. As a
result, the `DistriburedMutex` will warn in the logs when the block takes
more than 60 seconds to complete. We can increase the lock validity but
the method is currently only called from a job which has a
`cluster_concurrency` set to `1`. Therefore, it is actually not
necessary for us to hold a `DistributedMutex` here.

What does this change do?

1. Removes the distributed mutex and adds a comment about the risk of
   calling the `SidebarSiteSettingsBackfiller#backfill!` method.a

2. Delete old sidebar category section links in batches for all users
   to avoid a single long running query.
2024-02-15 06:21:03 +08:00
Kris
52fb523bbb
UX: show the full mobile read-state indicator (#25678) 2024-02-14 15:52:02 -05:00
Blake Erickson
bb261094cf
FEATURE: Auto generate and display video preview image (#25633)
This change will allow auto generated video thumbnails to be used
instead of the black video thumbnail that overlays videos.

Follow up to: 2443446e62
2024-02-14 13:43:53 -07:00
Keegan George
10b33bc601
DEV: API extra markup to image wrapper (#25575) 2024-02-14 12:20:53 -08:00
Shane Scanlon
53a198ad55
FIX: Hide timer info on topic status toggle (#25596)
Use topic.topic_status_update value to hide timer info after status
change.
2024-02-14 11:40:40 -05:00
Kris
2323f09eb0
A11Y: change composer role to dialog, improve aria-labels (#25666) 2024-02-14 11:09:54 -05:00
Ted Johansson
7522957aaa
FIX: Touch up illegal flag type translations (#25670)
When we launched the new illegal flag type, there were a few problems with the translations:

The translation for the message in the e-mail was missing and in the review queue, the message read: "Is this it's illegal?"

In this PR the missing translation key has been added. For the review queue there was a coupling of the name rendering to whether the flag is of "custom" type, but this is also used for deciding whether we render the textbox for additional details. I think these two things should not be coupled together. For now I have instead hard-coded the existing "custom" types when formatting the name. We can potentially improve this later.
2024-02-14 18:44:32 +08:00
David Taylor
915f7cdb27
FIX: Do not add "tag-" class to pages with no tag filter (#25677) 2024-02-14 10:24:02 +00:00
David Taylor
02177bb46d
UX: Add loading indicator to 'new or updated' PM banner (#25676)
Same as 9883e6a0c8, but for lists of PMs
2024-02-14 10:08:31 +00:00
Krzysztof Kotlarek
c03d22f633
FIX: serialize can_ignore_users (#25672)
Bug introduced in this PR https://github.com/discourse/discourse/pull/25585/files#diff-55dea7dea5b8655da575a2f23156240686c956d081d36ea9976d38b29b72b5d2R130

`can_ignore_users` method was created but not added to attributes and therefore it was not serialized.
2024-02-14 15:17:19 +11:00
Tobias Eigen
709bed5d1c
removed broken link and comments from no_index.erb (#25648)
We intend to move guidance about how to configure robots.txt to the admin interface and a documentation topic on meta.
2024-02-14 12:09:24 +08:00
Kris
037def8624
UX: clarify old dates with YYYY instead of 'YY (#25661)
* UX: clarify old dates with YYYY instead of 'YY

* update formatter test
2024-02-14 10:32:50 +11:00
Mark VanLandingham
4f75cee6d2
FIX: Don't unnecessarily scrub query params from homepage (#25665)
Seems like an accident that the homepage route will always strip all query params from the URL.. This fixes that :)
2024-02-13 14:50:27 -06:00
Daniel Waterworth
d1ebca90ff
DEV: Convert sidebar edit navigation modal/categories modal to gjs (#25662) 2024-02-13 13:22:31 -06:00
Bianca Nenciu
9a6406d4bb
FIX: Preload user-specific category fields (#25663)
This is used when lazy_load_categories is enabled to fetch more info
about the category.
2024-02-13 20:00:44 +02:00
Ella E
1f50e7e38f
UX: Set width for the new feature items (#25657) 2024-02-13 10:17:17 -07:00
David Taylor
061e79297f
DEV: Convert User model to native class syntax (#25628)
This commit was created with a combination of the ember-native-class-codemod and manual cleanup.

User-status-related functionality was previously encapsulated in its own `User.reopen` call, which is essentially an 'inline mixin'. This commit refactors it into a utility class, with an instance accessible on `User#statusManager`
2024-02-13 10:49:18 +00:00
David Taylor
9883e6a0c8
UX: Add loading indicator when loading 'new or updated topics' (#25649)
Also improves error handling so that the action can be retried if the network request fails
2024-02-13 10:41:22 +00:00