Follow-up to https://github.com/discourse/discourse/pull/31271
In the linked PR, we made `<GroupChooser />` use the site's preloaded
list of groups instead of fetching the list from the servers every time
the component is triggered. However, when a site has thousands of
groups, the performance issue has shifted from the server to the browser
— `<GroupChooser />` takes several seconds to render in the browser for
a site with thousands of groups and the sites becomes completely
unresponsive while the component is rendering.
This PR changes the `<GroupChooser />` so it limits the displayed groups
to 100, with ability to filter the list to show more groups when there
are more than 100 groups.
This uses the new `triggerComponent` functionality to implement a button
without the default `DButton` component classes, which helps themes
avoid applying unintentional styling.
A regression introduced in 32c8aa0aad880bcab372ffd75bce3c857060d721
incorrectly passes label to the trigger component, but also passes
translatedLabel instead of label to the menu.
The existing test was checking for the presence of "label", but it was
actually returning true because the test was showing "en.label". The
test has been modified in consequences.
In a few places throughout the app, when we render the `<GroupChooser
/>` component, we fetch the full groups list of the site from the
`/groups/search` endpoint. This is wasteful because the full groups list
is already included in the preloaded data that's sent to the client app
on the initial page load, so we can just use this preloaded list for
`<GroupChooser />` and we can avoid making an HTTP request.
Internal topic: t/147297.
This property allows to have a custom component for the DMenu trigger
instead of using a `DButton` which comes with its own css class for
example.
Example:
```gjs
const myComponent = <template><span ...attributes>test</span></template>;
<DMenu @triggerComponent={{myComponent}}>...</DMenu>
```
⚠️ It's important to pass the attributes otherwise your custom
trigger won't work.
Empty slugs for topics break Discourse. This makes sure that we always
fall back to "topic" as default. And it also uses the configured slug
generation method instead of always using ASCII.
A previous refactor of the `Service::Base::Step` class introduced a
non thread-safe behavior. `#call` mutates instance variables at runtime,
and since a step instance is the same for any given service class, this
can sometimes lead to `context` being the wrong one for the running
service.
This patch makes use of `Concurrent::ThreadLocalVar` to fix the issue.
The weekly job can take more than 2 hours to run on larger sites. It is
ideal for the jobs to be as small as possible and this is what this
commit attempts.
Adds a site setting confirmation to the following
settings, since they can be dangerous if changed
incorrectly:
* allowed_crawler_user_agents
* blocked_crawler_user_agents
* slow_down_crawler_user_agents
This reverts commit 91e9c1c81343990d5ebbb3a3bb7c68ec4445d610.
After feedback, for now we are reverting this change. This is not
permanent, the settings sidebar will be removed again, after we:
* Visually group the settings the same way as the sidebar does
on All Settings
* Add more settings pages to the main admin sidebar to cover the ~250
settings not yet represented there
While it is possible derive a topic published event from category id
changes in a `post_edited` or `before_post_publish_changes` event, there
are use cases when a dedicated event is more apposite.
This repo was archived in March 2024 and is no longer supported.
Commit also fixes up the plugin-gem-symlinking logic to support removing
plugins from the list
[Security
patch](5558e72f22)
(for this [CVE](https://nvd.nist.gov/vuln/detail/CVE-2024-54133)) from
rails actionpack was backported from [Rails
8.0.0.1](https://github.com/rails/rails/blob/v8.0.1/actionpack/CHANGELOG.md#rails-8001-december-10-2024)
to previous stable versions including `7-1-stable` / `7-2-stable`.
Any previous version of Discourse upgrading to v3.4.0.beta3 and above
would have observed their sites crashing if they had invalid sources in
their CSP directive extensions.
This fix removes such invalid sources during our build of the CSP, and
logs these at a warning level so devs are able to find out why their CSP
sources were filtered out of the extendable directives.
Currently, if creating an API key in "granular" mode, and not selecting any scopes, a globally scoped API key is created. This can be surprising and is not ideal. Having a key with no scopes isn't useful in the first place, so this PR adds client- and server side validations to check that at least one scope is selected if using "granular" mode.
This commit contains a couple of improvements for this
rake task.
* We no longer limit the uploads to only ones with Post
upload references, it doesn't matter what the secure uploads
are linked to, they should all be un-secured
* We now only get distinct uploads from the initial query,
multiple upload references on the same upload caused
double ups and confusing counts for the task
* We now also disable the secure_uploads_pm_only site
setting at the same time
This fixes an issue where the topic invitation rate limiter
for invites for the 1 minute period was incorrectly using
1 day as the length of time the limit should be applied over.
The default for `max_topic_invitations_per_minute` is 5,
so this would be very easy to exceed, then the user gets
a very confusing warning message saying they have to wait
23 hours to send more invites.
This commit also makes other `RateLimiter` period parameters
more consistent by always using the form `N.PERIOD` instead
of things like `86_400` hardcoded seconds per day.
After you've selected and deselected text, `selection.rangeCount` will
return `true` on future events. Checking for `selection.toString` is
more robust.
Followup to f1bdd86a8c9bec03b962167c37963b1d11d0e5ea
- Add `composer-service-cannot-submit-post` transformer to allow for disabling submit based on custom conditions
- Add tests for transformer
- Add a couple helpful appEvents, that plugins can use add custom error popups to plugin-defined fields.
