Commit Graph

29436 Commits

Author SHA1 Message Date
Joffrey JAFFEUX
4fee0fc333
UX: ensures cursor is pointer over custom sections (#21138) 2023-04-18 11:23:09 +02:00
chapoi
fbdafd712b
UX: improve contrast of overridden setting indicator dot (#21128) 2023-04-18 09:09:38 +02:00
Ted Johansson
f3f30d6865
SECURITY: Encode embed url (#21133)
The embed_url in "This is a companion discussion..." could be used for
XSS.

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
2023-04-18 15:05:29 +08:00
Ted Johansson
437b73e322
SECURITY: Ensure site setting being updated is a configurable site setting (#21131) 2023-04-18 14:32:18 +08:00
Penar Musaraj
b869d35f94
FIX: Dismiss modal when "Keep Editing" is used (#21117)
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2023-04-17 17:44:21 -04:00
Keegan George
d3f3914ade
DEV: Add an offset mobile devices (#21119) 2023-04-17 13:35:11 -07:00
Arpit Jalan
8405ae7733
FEATURE: add a setting to allowlist DiscourseConnect return path domains (#21110)
* FEATURE: add a setting to allowlist DiscourseConnect return path domains

This commit adds a site setting to allowlist DiscourseConnect return
path domains. The setting needs supports exact domain or wildcard
character (*) to allow for any domain as return path.

* Add more specs to clarify what is allowed in site setting

* Update setting description to explain what is allowed
2023-04-17 22:53:50 +05:30
Meghna
68549fe54e
UX: Vertical alignment issues on mobile (#21118)
Vertical alignment fixes for topic closed small message and poll info.
2023-04-17 22:51:13 +05:30
Loïc Guitaut
a5235f7d16
DEV: Refactor STI/polymorphic associations in chat (#20789) 2023-04-17 15:41:56 +02:00
Kris
87515b1aa0
FIX: composer collapse position while uploading (#21101) 2023-04-17 09:21:32 -04:00
Mark VanLandingham
ae5aa0c79f
DEV: Plugin API addQuickAccessProfileItem adds to revamped user menu (#21084) 2023-04-17 06:15:16 -05:00
Joffrey JAFFEUX
2535381f44
FIX: ensures tag notification level is changed (#21106)
Following a change in e9f7262813 which prevents the notification level to be returned from the update endpoint, the model couldn't update itself. This commit makes the update manually and adds a test to prevent future regressions.

Note we could also change the backend endpoint, but this should work correctly with minimum risk.
2023-04-17 10:48:41 +02:00
Jarek Radosz
dd98ecb7d1
DEV: Remove unnecessary getURL("/") (#21103)
Our `ajax()` prepends the protocol/host/subfolder path.
2023-04-15 14:34:25 +02:00
Jarek Radosz
b8cf79895e
DEV: Set QUnit per-test timeout (#21102)
60s is a lot, and I'd prefer 15s, but the first test in a suite can take up to 40s. 60s is still better than `Infinity` 😌
2023-04-15 14:34:13 +02:00
dependabot[bot]
d6b6041ae2
Build(deps): Bump webpack in /app/assets/javascripts (#21089)
Bumps [webpack](https://github.com/webpack/webpack) from 5.78.0 to 5.79.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.78.0...v5.79.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-14 13:22:33 +02:00
Krzysztof Kotlarek
933d276b7d
FIX: decrease reorder sidebar delay for desktop (#21098)
Delay to reorder links in custom sidebar section doesn't have to be that long for desktop compared to touch screen.
2023-04-14 12:31:21 +10:00
Canapin
4b9061ae3f
UX: Remove color attribute from <kbd> tag (#20429)
As a single example, if a `<kbd>` tag is wrapped by a `<a>` link, it doesn't inherit the link color:

`[<kbd> **Support**</kbd>](https://meta.discourse.org)`

It's because the `<kbd>` tag has a `color: var(--primary);` CSS rule which seems superfluous.

If we disable it, the `<kbd>` tag inherits all the normal colors (including the link color 👌).

The direct `<kbd>` parent that assigns the text color is `<html>` (can't go higher!) which has an identical `color: var(--primary);`. 

WCAG palettes don't seem to assign specific colors in this context.

It seems fairly safe to remove `color: var(--primary);` from `<kbd>` so it won't interfere anymore with its content.
2023-04-14 10:06:12 +08:00
Canapin
b328ada667
UX: Prevents letters from being partially cut off on the profile summary page (#20715) 2023-04-14 10:04:05 +08:00
Canapin
b9ca4c9031
UX: fix anchor z-index (#21002) 2023-04-14 10:02:57 +08:00
David Battersby
967010e545
FEATURE: Add an emoji deny list site setting (#20929)
This feature will allow sites to define which emoji are not allowed. Emoji in this list should be excluded from the set we show in the core emoji picker used in the composer for posts when emoji are enabled. And they should not be allowed to be chosen to be added to messages or as reactions in chat.

This feature prevents denied emoji from appearing in the following scenarios:
- topic title and page title
- private messages (topic title and body)
- inserting emojis into a chat
- reacting to chat messages
- using the emoji picker (composer, user status etc)
- using search within emoji picker

It also takes into account the various ways that emojis can be accessed, such as:
- emoji autocomplete suggestions
- emoji favourites (auto populates when adding to emoji deny list for example)
- emoji inline translations
- emoji skintones (ie. for certain hand gestures)
2023-04-13 15:38:54 +08:00
Jarek Radosz
cb1e95cd3d
FIX: Educational composer messages regressed in 788dc0a (#21082)
Tests coming in another PR
2023-04-12 20:05:52 +02:00
David Taylor
93c33e02f0
PERF: Avoid full posts table scans during anonymisation (#21081)
2e78045a fixed the anonymization job so that it correctly updated self-mentions, which are not logged in the post_actions table. The solution was to scan the entire `posts` table with an `raw ILIKE` query. On sites with many posts, this can take a very long time.

This commit updates the job to take a two-pass approach:

First, we update posts based on the post_actions table. This is much more efficient than a full table scan, and takes care of all 'non-self' mentions.

Then, we make a second pass using the `raw ILIKE` approach. Since we already took care of most posts, we can scope this down to self-mentions only. By filtering the query to a specific posts.user_id, it is significantly more performant than a full table scan.
2023-04-12 18:39:10 +01:00
David Taylor
fa5a423681
Revert "DEV: Support modifyClass for native class fields on EmberObjects (#20987)" (#21080)
This reverts commit a19efc4304.

This is causing issues in production - reverting while we investigate
2023-04-12 17:38:44 +01:00
David Taylor
a19efc4304
DEV: Support modifyClass for native class fields on EmberObjects (#20987)
EmberObject's `reopen` feature allows changes to be made to the prototype of the class, but it does not work with native class fields. Native class field values are set on the instance in the constructor, and therefore override any values from the prototype.

This commit implements a workaround which detects possible field overrides and then sets the values during the `init()` function of the EmberObject. This isn't perfect - old field values will still be present while any constructor function is running. But in the vast majority of cases, it should provide parity with old non-native-class EmberObject properties.

This commit also adds a warning when trying to override fields on non-EmberObject classes. There is no change in behavior here - we're just warning about the fact it doesn't work.
2023-04-12 16:49:57 +01:00
Jarek Radosz
788dc0a096
DEV: Refactor ComposerMessages (#21077)
Co-authored-by: David Taylor <david@taylorhq.com>
2023-04-12 17:02:37 +02:00
David Taylor
db16700355
PERF: Memoize element references for dockCheck (#21079)
This is run frequently in a scroll listener. Removing the need for repeated `querySelector` calls makes those scroll handlers much faster.
2023-04-12 14:17:43 +01:00
David Taylor
a328153ec2
DEV: Enable patch-package in production and in javascripts/discourse (#21078)
When running `yarn install` in a yarn workspace, the lifecycle hooks in the root package.json are not triggered. https://github.com/yarnpkg/yarn/issues/5790

As a workaround, we can additionally run `patch-package` from the `javascripts/discourse/package.json` `postinstall` hook. `patch-package` is idempotent, so it doesn't matter if it is triggered multiple times.

Longer term we intend to move to pnpm, which has built-in patch support.
2023-04-12 13:15:53 +01:00
David Battersby
7d34ba38a2
FIX: all staff_counters should be pluralized strings (#21048)
Make all staff_counters pluralized strings
2023-04-12 17:13:37 +08:00
Alan Guo Xiang Tan
2eb60c9713
DEV: Switch sidebar section link identifier to data attribute (#21051)
Data attribute is less restrictive than relying on the class attribute
2023-04-12 15:52:10 +08:00
Loïc Guitaut
d151f4ee9d
FIX: Don’t assume post is available in UserEmail job (#21054)
Currently, we’re performing a check when a user is suspended in the
`UserEmail` job and we’re assuming a `post` is always available, which
is not the case. The code indeed breaks when the job is called with the
`account_suspended` type option.

This patch fixes this issue by making the check use the safe navigation
operator, thus making it working when `post` is not provided.
2023-04-12 12:34:22 +10:00
dependabot[bot]
f0435844df
Build(deps): Bump sass from 1.61.0 to 1.62.0 in /app/assets/javascripts (#21063)
Bumps [sass](https://github.com/sass/dart-sass) from 1.61.0 to 1.62.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.61.0...1.62.0)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-12 09:08:49 +08:00
Kris
ce601ac84c
UX: improve composer control spacing on mobile (#21021) 2023-04-11 14:11:00 -05:00
Rafael dos Santos Silva
087ee8c5e2
DEV: Experimental JS plugin API for topic summary HTML (#20963) 2023-04-11 11:22:34 -04:00
Jan Cernik
a3801a9e16
DEV: Stop event propagation in DTooltip (#20897) 2023-04-11 12:07:03 -03:00
Jan Cernik
352bd35bf6
Add RenderGlimmer support for embedded posts (#21046) 2023-04-11 06:22:42 -03:00
David Taylor
9238767f7e
FEATURE: Persist password hashing algorithm/params in database (#20980)
Previously, Discourse's password hashing was hard-coded to a specific algorithm and parameters. Any changes to the algorithm or parameters would essentially invalidate all existing user passwords.

This commit introduces a new `password_algorithm` column on the `users` table. This persists the algorithm/parameters which were use to generate the hash for a given user. All existing rows in the users table are assumed to be using Discourse's current algorithm/parameters. With this data stored per-user in the database, we'll be able to keep existing passwords working while adjusting the algorithm/parameters for newly hashed passwords.

Passwords which were hashed with an old algorithm will be automatically re-hashed with the new algorithm when the user next logs in.

Values in the `password_algorithm` column are based on the PHC string format (https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md). Discourse's existing algorithm is described by the string `$pbkdf2-sha256$i=64000,l=32$`

To introduce a new algorithm and start using it, make sure it's implemented in the `PasswordHasher` library, then update `User::TARGET_PASSWORD_ALGORITHM`.
2023-04-11 10:16:28 +01:00
Jarek Radosz
b6cfcdfbb3
DEV: Force an upgrade of watch-detector (#21053)
Fixes the unnecessary message when starting ember server:

```
Invalid watchman found, version: [2023.04.03.00] did not satisfy [>= 3.0.0].
Visit https://ember-cli.com/user-guide/#watchman for more info.
```
2023-04-11 11:14:57 +02:00
NullVoxPopuli
c320c286f9
DEV: Use patch-package to apply ember-jquery workaround
Co-authored-by: David Taylor <david@taylorhq.com>
2023-04-11 10:12:30 +01:00
dependabot[bot]
47eced2050
Build(deps): Bump terser in /app/assets/javascripts (#21042)
Bumps [terser](https://github.com/terser/terser) from 5.16.8 to 5.16.9.
- [Release notes](https://github.com/terser/terser/releases)
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.16.8...v5.16.9)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-11 10:38:49 +02:00
Alan Guo Xiang Tan
90172e5a9e
FIX: Incorrect message inbox displayed due to username case sensitivity (#21049) 2023-04-11 11:31:10 +08:00
Krzysztof Kotlarek
63a0466548
FIX: improve performance of UserStat.ensure_consistency (#21044)
Optimize `UserStatpost_read_count` calculation.

In addition, tests were updated to fail when code is not evaluated. Creation of PostTiming was updating `post_read_count`. Count it has to be reset to ensure that ensure_consitency correctly calculates result.

Extracting users seen in the last hour to separate Common Table Expression reduces the amount of processed rows.

Before
```
Update on user_stats  (cost=267492.07..270822.95 rows=2900 width=174) (actual time=12606.121..12606.127 rows=0 loops=1)
  ->  Hash Join  (cost=267492.07..270822.95 rows=2900 width=174) (actual time=12561.814..12603.689 rows=10 loops=1)
        Hash Cond: (user_stats.user_id = x.user_id)
        Join Filter: (x.c <> user_stats.posts_read_count)
        Rows Removed by Join Filter: 67
        ->  Seq Scan on user_stats  (cost=0.00..3125.34 rows=75534 width=134) (actual time=0.014..39.173 rows=75534 loops=1)
        ->  Hash  (cost=267455.80..267455.80 rows=2901 width=48) (actual time=12558.613..12558.617 rows=77 loops=1)
              Buckets: 4096  Batches: 1  Memory Usage: 39kB
              ->  Subquery Scan on x  (cost=267376.03..267455.80 rows=2901 width=48) (actual time=12168.601..12558.572 rows=77 loops=1)
                    ->  GroupAggregate  (cost=267376.03..267426.79 rows=2901 width=12) (actual time=12168.595..12558.525 rows=77 loops=1)
                          Group Key: pt.user_id
                          ->  Sort  (cost=267376.03..267383.28 rows=2901 width=4) (actual time=12100.490..12352.106 rows=2072830 loops=1)
                                Sort Key: pt.user_id
                                Sort Method: external merge  Disk: 28488kB
                                ->  Nested Loop  (cost=1.28..267209.18 rows=2901 width=4) (actual time=0.040..11528.680 rows=2072830 loops=1)
                                      ->  Nested Loop  (cost=0.86..261390.02 rows=13159 width=8) (actual time=0.030..3492.887 rows=3581648 loops=1)
                                            ->  Index Scan using index_users_on_last_seen_at on users u  (cost=0.42..89.71 rows=28 width=4) (actual time=0.010..0.201 rows=78 loops=1)
                                                  Index Cond: (last_seen_at > '2023-04-11 00:22:49.555537'::timestamp without time zone)
                                            ->  Index Scan using index_post_timings_on_user_id on post_timings pt  (cost=0.44..9287.60 rows=4455 width=8) (actual time=0.081..38.542 rows=45919 loops=78)
                                                  Index Cond: (user_id = u.id)
                                      ->  Index Scan using forum_threads_pkey on topics t  (cost=0.42..0.44 rows=1 width=4) (actual time=0.002..0.002 rows=1 loops=3581648)
                                            Index Cond: (id = pt.topic_id)
                                            Filter: ((deleted_at IS NULL) AND ((archetype)::text = 'regular'::text))
                                            Rows Removed by Filter: 0
Planning Time: 0.692 ms
Execution Time: 12612.587 ms
```
After
```
Update on user_stats  (cost=9473.60..12804.30 rows=2828 width=174) (actual time=677.724..677.729 rows=0 loops=1)
  ->  Hash Join  (cost=9473.60..12804.30 rows=2828 width=174) (actual time=672.536..677.706 rows=1 loops=1)
        Hash Cond: (user_stats.user_id = x.user_id)
        Join Filter: (x.c <> user_stats.posts_read_count)
        Rows Removed by Join Filter: 54
        ->  Seq Scan on user_stats  (cost=0.00..3125.34 rows=75534 width=134) (actual time=0.012..23.977 rows=75534 loops=1)
        ->  Hash  (cost=9438.24..9438.24 rows=2829 width=48) (actual time=647.818..647.822 rows=55 loops=1)
              Buckets: 4096  Batches: 1  Memory Usage: 37kB
              ->  Subquery Scan on x  (cost=9381.66..9438.24 rows=2829 width=48) (actual time=647.409..647.805 rows=55 loops=1)
                    ->  HashAggregate  (cost=9381.66..9409.95 rows=2829 width=12) (actual time=647.403..647.786 rows=55 loops=1)
                          Group Key: pt.user_id
                          Batches: 1  Memory Usage: 121kB
                          ->  Nested Loop  (cost=1.86..9367.51 rows=2829 width=4) (actual time=0.056..625.245 rows=120022 loops=1)
                                ->  Nested Loop  (cost=1.44..3692.96 rows=12832 width=8) (actual time=0.047..171.754 rows=217440 loops=1)
                                      ->  Nested Loop  (cost=1.00..254.63 rows=25 width=12) (actual time=0.030..1.407 rows=56 loops=1)
                                            Join Filter: (u.id = user_stats_1.user_id)
                                            ->  Nested Loop  (cost=0.71..243.08 rows=25 width=8) (actual time=0.018..1.207 rows=87 loops=1)
                                                  ->  Index Scan using index_users_on_last_seen_at on users u  (cost=0.42..86.71 rows=27 width=4) (actual time=0.009..0.156 rows=87 loops=1)
                                                        Index Cond: (last_seen_at > '2023-04-11 00:47:07.437568'::timestamp without time zone)
                                                  ->  Index Only Scan using user_stats_pkey on user_stats us  (cost=0.29..5.79 rows=1 width=4) (actual time=0.011..0.011 rows=1 loops=87)
                                                        Index Cond: (user_id = u.id)
                                                        Heap Fetches: 87
                                            ->  Index Scan using user_stats_pkey on user_stats user_stats_1  (cost=0.29..0.45 rows=1 width=4) (actual time=0.002..0.002 rows=1 loops=87)
                                                  Index Cond: (user_id = us.user_id)
                                                  Filter: (posts_read_count < 10000)
                                                  Rows Removed by Filter: 0
                                      ->  Index Scan using index_post_timings_on_user_id on post_timings pt  (cost=0.44..92.98 rows=4455 width=8) (actual time=0.036..2.492 rows=3883 loops=56)
                                            Index Cond: (user_id = user_stats_1.user_id)
                                ->  Index Scan using forum_threads_pkey on topics t  (cost=0.42..0.44 rows=1 width=4) (actual time=0.002..0.002 rows=1 loops=217440)
                                      Index Cond: (id = pt.topic_id)
                                      Filter: ((deleted_at IS NULL) AND ((archetype)::text = 'regular'::text))
                                      Rows Removed by Filter: 0
Planning Time: 1.406 ms
Execution Time: 677.817 ms
```
2023-04-11 12:28:08 +10:00
Daniel Waterworth
fcc73b441d
FIX: Make emoji cache store marshalled objects (#21029)
We only marshal arrays, hashes and sets, which meant that the emojis
here were just getting `to_s`ed.

This is a hack.
2023-04-10 10:44:11 -05:00
David Battersby
569b923fb6
FIX: staff_counters should be pluralized strings (#21039)
Small change to format the staff counter template to apply the correct pluralization for flagged posts/topics.
2023-04-10 17:00:31 +08:00
dependabot[bot]
bb94cc0251
Build(deps): Bump eslint from 8.37.0 to 8.38.0 in /app/assets/javascripts (#21033)
Bumps [eslint](https://github.com/eslint/eslint) from 8.37.0 to 8.38.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.37.0...v8.38.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-10 08:09:09 +08:00
Kris
e823ac7ff8
UX: truncate theme toggle text to avoid overflow (#21022) 2023-04-07 17:16:44 -04:00
Kris
ba119555fe
A11Y: increase contrast of elements in wcag scheme (#21025) 2023-04-07 17:16:27 -04:00
Kris
1f0aff2719
UX: remove extra space from emoji in notifications (#21024) 2023-04-07 13:55:11 -04:00
Kris
18470c9195
UX: fix solo preference page layout (#21012) 2023-04-07 08:55:32 -04:00
Jarek Radosz
584a3a4237
DEV: Remove unneeded optional chaining operators (#21019)
(and fix a typo, and remove an unnecessary `this.element` check)
2023-04-07 14:10:49 +02:00
dependabot[bot]
92420bad6f
Build(deps): Bump sass from 1.60.0 to 1.61.0 in /app/assets/javascripts (#21014)
Bumps [sass](https://github.com/sass/dart-sass) from 1.60.0 to 1.61.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.60.0...1.61.0)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-07 09:53:32 +02:00
Vinoth Kannan
7cedb911a7
FEATURE: add category name in articleSection meta tag for schema. (#21004)
https://schema.org/DiscussionForumPosting
2023-04-06 23:30:19 +05:30
Daniel Waterworth
0ff86feb96
DEV: Rely on helpers for ajax error handling to reduce repetition (#20988) 2023-04-06 11:25:24 -05:00
Daniel Waterworth
355b44472b
DEV: Allow HTML errors whenever a popup is generated (#20989)
Follow-up-to: 6bbf832400
2023-04-06 10:00:54 -05:00
dependabot[bot]
cee06bdc77
Build(deps): Bump @uppy/aws-s3 in /app/assets/javascripts (#20996)
Bumps [@uppy/aws-s3](https://github.com/transloadit/uppy) from 3.0.5 to 3.0.6.
- [Release notes](https://github.com/transloadit/uppy/releases)
- [Changelog](https://github.com/transloadit/uppy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/transloadit/uppy/compare/@uppy/aws-s3@3.0.5...@uppy/aws-s3@3.0.6)

---
updated-dependencies:
- dependency-name: "@uppy/aws-s3"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-06 13:39:31 +02:00
Jarek Radosz
d6bf5f40fb
DEV: Change the params for categoryNone redirect (#20944)
Makes the params (`router.currentRoute.params`) the same in this codepath as in the regular flow. (issue originally reported in: https://meta.discourse.org/t/category-banners/86241/174)

See also https://github.com/discourse/discourse-category-banners/pull/31 for the first stab at the bug.
2023-04-06 12:26:19 +02:00
dependabot[bot]
3485936517
Build(deps): Bump @uppy/aws-s3-multipart in /app/assets/javascripts (#20998)
Bumps [@uppy/aws-s3-multipart](https://github.com/transloadit/uppy) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/transloadit/uppy/releases)
- [Changelog](https://github.com/transloadit/uppy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/transloadit/uppy/compare/@uppy/aws-s3-multipart@3.1.2...@uppy/aws-s3-multipart@3.1.3)

---
updated-dependencies:
- dependency-name: "@uppy/aws-s3-multipart"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-06 12:24:20 +02:00
dependabot[bot]
38adfca295
Build(deps): Bump @uppy/xhr-upload in /app/assets/javascripts (#20993)
Bumps [@uppy/xhr-upload](https://github.com/transloadit/uppy) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/transloadit/uppy/releases)
- [Changelog](https://github.com/transloadit/uppy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/transloadit/uppy/compare/@uppy/xhr-upload@3.1.0...@uppy/xhr-upload@3.1.1)

---
updated-dependencies:
- dependency-name: "@uppy/xhr-upload"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-06 12:21:00 +02:00
NullVoxPopuli
97d8614811
DEV: Extract global compat code into module (#20901)
Moves a couple things from discourse-boot.js to a different JS file imported from app/app.js.

This is a forwards compatible technique to import and throw data on the window.

One thing to make note of, though, is that if the virtual-dom and discourse-widget-hbs/helpers were previously included in the build elsewhere, they will now become part of the app bundle.
Later, when using embroider, all bundles will be chunks, and webpack will optimize which chunk contains which modules appropriately.
2023-04-06 10:09:12 +01:00
dependabot[bot]
9014cd6a6f
Build(deps): Bump @uppy/utils in /app/assets/javascripts (#20992)
Bumps [@uppy/utils](https://github.com/transloadit/uppy) from 5.1.3 to 5.2.0.
- [Release notes](https://github.com/transloadit/uppy/releases)
- [Changelog](https://github.com/transloadit/uppy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/transloadit/uppy/compare/@uppy/utils@5.1.3...@uppy/utils@5.2.0)

---
updated-dependencies:
- dependency-name: "@uppy/utils"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-06 10:57:41 +02:00
dependabot[bot]
718a8d1164
Build(deps): Bump webpack in /app/assets/javascripts (#20999)
Bumps [webpack](https://github.com/webpack/webpack) from 5.77.0 to 5.78.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.77.0...v5.78.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-06 10:55:24 +02:00
Ted Johansson
1b132dad0d
FIX: Correctly pre-select first option in bookmark notification drop-down (#20976)
When selecting the "Keep bookmark" in the user preference for what to do after a bookmark reminder is sent, it does not propagate to the drop-down in the "Create bookmark" modal. Instead it defaults to "Keep bookmark and clear reminder". All other options work fine.

We set a default ("Keep bookmark and clear reminder") if no user preference is found, However, this uses the index of the option, and the index of the first option ("Keep bookmark") is 0, which is treated as falsey in JavaScript, thus causing the default to be selected.

This change switches from logical "or" conditional `||` operator to nullish coalescing `??` operator.
2023-04-06 14:58:40 +08:00
Krzysztof Kotlarek
e586f6052f
FEATURE: public custom sidebar sections visible to anonymous (#20931)
Previously, public custom sections were only visible to logged-in users. In this PR, we are making them visible to anonymous as well.

The reason is that Community Section will be moved into custom section model to be easily editable by admins.
2023-04-06 08:55:47 +10:00
Daniel Waterworth
cd6d47e012
FIX: Handle errors when we show the edit user directory columns modal (#20986) 2023-04-05 14:31:32 -05:00
Daniel Waterworth
79c87b5003
FIX: Show better default error when failing to delete all user posts (#20985) 2023-04-05 14:26:00 -05:00
Keegan George
3d7833d67e
FIX: <QuoteButton/> shifts when content is added to header (#20878) 2023-04-05 12:08:38 -07:00
Bianca Nenciu
e1a5f36d52
UX: Do not show bootstrap mode button on mobile (#20984)
It took too much place in the header.
2023-04-05 21:50:27 +03:00
dependabot[bot]
81566949f5
Build(deps): Bump ember-auto-import in /app/assets/javascripts (#20970)
Bumps [ember-auto-import](https://github.com/ef4/ember-auto-import/tree/HEAD/packages/ember-auto-import) from 2.6.1 to 2.6.2.
- [Release notes](https://github.com/ef4/ember-auto-import/releases)
- [Changelog](https://github.com/ef4/ember-auto-import/blob/main/packages/ember-auto-import/CHANGELOG.md)
- [Commits](https://github.com/ef4/ember-auto-import/commits/v2.6.2/packages/ember-auto-import)

---
updated-dependencies:
- dependency-name: ember-auto-import
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-05 12:43:21 +02:00
Martin Brennan
c63783cf30
FIX: Error in CSS generation for anon on login_required (#20978)
Followup to 6ad9e4ad06,
I was not aware that `site.categories` is undefined if
the user is anon and the site is login_required, this
handles that scenario and does not continue trying to
generate CSS.
2023-04-05 19:08:44 +10:00
Martin Brennan
6ad9e4ad06
FEATURE: Add CSS class generation for category colors and hashtags (#20951)
This commit adds a system to generate CSS variables and classes for categories
and hashtags, which will be used in an effort to remove baked icons for hashtags
and add color to those icons.

This is in two parts. First I added an initializer generate a category color CSS
variable style tag in the head tag that looks like this:

```css
:root {
--category-1-color: #0088CC;
--category-2-color: #808281;
--category-3-color: #E45735;
--category-4-color: #A461EF;
--category-5-color: #ee56c9;
--category-6-color: #da28c2;
--category-7-color: #ab8b0a;
--category-8-color: #45da37;
...
}
```

The number is the category ID. This only generates CSS variables for categories
the user can access based on `site.categories`. If you need the parent color variable
you can just use the `category.parentCategory.id` to get it.

Then, I added an initializer to generate a hashtag CSS style tag using these variables.
Only the category and channel hashtags need this, the category one generates the
background-gradient needed for the swatch, and the channel just generates a color
for the icon. This is done in an extendable way using the new `api.registerHashtagType`
JS plugin API:

```css
hashtag-color--category-1 {
  background: linear-gradient(90deg, var(--category-1-color) 50%, var(--category-1-color) 50%);
}
hashtag-color--category-2 {
  background: linear-gradient(90deg, var(--category-2-color) 50%, var(--category-2-color) 50%);
}
hashtag-color--category-5 {
  background: linear-gradient(90deg, var(--category-5-color) 50%, var(--category-4-color) 50%);
}
...
.hashtag-color--channel-4 {
  color: var(--category-12-color);
}
.hashtag-color--channel-92 {
  color: var(--category-24-color);
}
```

Note if a category has a parent, its color is used in the gradient correctly. The numbers
here are again IDs (e.g. channel ID, category ID) and the channel’s chatable ID is used
to find the category color variable.
2023-04-05 13:02:35 +10:00
Krzysztof Kotlarek
b72282123b
FIX: public sidebar sections belong to system user (#20972)
Before, public sidebar sections were belonging to admin. However, a better choice is system user.
2023-04-05 10:52:18 +10:00
Kris
56f2fdf430
UX: fix spacing between assign tags (#20967) 2023-04-04 17:26:06 -04:00
Bianca Nenciu
e9cd74a9e7
FIX: Show correct status for user reviewables (#20959)
The status should use the word "user" instead of "flag", for example
"approved user" instead of "approved flag". The problem was caused by
a mismatched type.
2023-04-04 19:53:04 +03:00
Mark VanLandingham
73325c6c35
FEATURE: SiteSetting to default user path to different routes (#20962) 2023-04-04 11:48:48 -05:00
Penar Musaraj
17ba00c395
FIX: icon toggles saerch menu display on click (#20950)
Using the `mouseDownOutside` event was problematic here because two
events were being triggered consecutively: `mouseDown`
would toggle the menu off and `click` would then toggle it back on. This
switches the logic to use `clickOutside` again, but with two changes:
- it limits the action to the `search-menu` key (so that theme component
overrides can do their own handling)
- it does not trigger the event when there is an active text selection
 (this was the original reason for switching to `mouseDownOutside`, see
https://github.com/discourse/discourse/pull/14788)
2023-04-04 09:49:55 -04:00
Kris
7658341b0b
UX: use relative units to prevent timeline crop (#20943) 2023-04-04 09:40:43 -04:00
Bianca Nenciu
6da2fbbf76
FIX: Use correct translation key (#20958)
The translation key is built using the name of the reviewable as it was
defined in Ruby. The chat plugin uses the `Chat` namespace and defines
`Chat::ReviewableMessage`. This was then transformed to
`chat::reviewable_message`, but it should be `chat_reviewable_message`
to resemble the other translation keys.
2023-04-04 16:28:04 +03:00
David Taylor
2386ad12f2
Update default ga_version to v4 and add warning message for v3 (#20936)
Sites which are already using ga3 will stay on that version, and will be shown a warning in the admin panel until they update.

https://meta.discourse.org/t/upgrade-to-google-analytics-4-before-july-2023/260498
2023-04-04 13:14:20 +01:00
Joffrey JAFFEUX
8de45602ff
DEV: allows <UserStatusMessage /> to accept custom css class (#20954)
This will now allow:

```
<UserStatusMessage @status={{@message.user.status}} @class="foo" />
```
2023-04-04 10:04:40 +02:00
Alan Guo Xiang Tan
e792f779d0
UX: Make input on /filter route full width (#20952) 2023-04-04 14:10:39 +10:00
Alan Guo Xiang Tan
b82cd6c148
DEV: Nuke plugin related code from core (#20928)
Plugin related code should be not polluting core's code base.
2023-04-04 07:33:31 +08:00
Alan Guo Xiang Tan
e54359c135
DEV: Drop plugin related index from core (#20930)
The migration of the index has since been moved into the
discourse-akismet plugin where it should have always been.
2023-04-04 07:31:09 +08:00
Jarek Radosz
3b28d03780
DEV: Fix a use-after-destroy issue (#20948) 2023-04-04 01:29:27 +02:00
Roman Rizzi
cbc5b2febc
DEV: Get headline excerpt config from GroupedSearchResult in serializer. (#20942)
Follow-up to #20939
2023-04-03 15:02:42 -03:00
Jarek Radosz
29e2e3ff3b
DEV: Fix random typos (#20937) 2023-04-03 19:27:32 +02:00
Alan Guo Xiang Tan
fd34032db2
DEV: Support filter for topics in specific subcategories on /filter (#20927)
This commit adds support for filtering for topics in specific
subcategories via the categories filter query language.

For example: `category:documentation:admins` will filter for topics and
subcategory topics in
the category with slug "admins" whose parent category has the slug
"documentation".

The `=` prefix can also be used such that
`=category:documentation:admins` will exclude subcategory topics of the
category with slug "admins" whose parent category has the slug
"documentation".
2023-04-03 18:36:59 +08:00
dependabot[bot]
b042e1cbf7
Build(deps): Bump eslint in /app/assets/javascripts (#20883)
Bumps [eslint](https://github.com/eslint/eslint) from 8.36.0 to 8.37.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.36.0...v8.37.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-03 11:37:48 +02:00
dependabot[bot]
5ec169725b
Build(deps): Bump @babel/standalone in /app/assets/javascripts (#20920)
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone) from 7.21.3 to 7.21.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.21.4/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/standalone"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-03 11:37:16 +02:00
dependabot[bot]
42a6d0c5b1
Build(deps): Bump webpack in /app/assets/javascripts (#20885)
Bumps [webpack](https://github.com/webpack/webpack) from 5.76.3 to 5.77.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.76.3...v5.77.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-03 11:36:53 +02:00
Vinoth Kannan
8405ec2831
FEATURE: use "Comment" schema type for post replies. (#20932)
Previously, we used the schema type "DiscussionForumPosting" for all the posts including replies. This is not recommended as per Google search experts. This commit changes the schema type to "Comment" for replies.
2023-04-03 14:36:47 +05:30
dependabot[bot]
0e04404e6b
Build(deps): Bump @babel/core in /app/assets/javascripts (#20923)
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.21.3 to 7.21.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.21.4/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-03 11:01:24 +02:00
chapoi
df31b8dd2e
UX: reviewq flagging (#20913)
* DEV: add context question to flagged chat messages too

* UX: added -ai-flagged badge colour + grey fallback

* UX: add one more badge name
2023-04-02 12:16:26 +02:00
Roman Rizzi
ea4f7fb660
FEATURE: Experimental API for custom full-page search types. (#20915)
This change adds an experimental API tagged as "Do not use", only intended to conduct a PoC to test semantic search in the AI plugin.
2023-03-31 15:13:24 -03:00
Krzysztof Kotlarek
c86d772277
FIX: Drop internal URL validation for paths in sidebar (#20891)
`Rails.application.routes.recognize_path(value)` was not working for /admin paths because StaffConstraint.new requires user to check permission.

This validation is not bringing much value, and the easiest way is to drop it. In the worse case scenario, a user will have an incorrect link in their sidebar.

Bug reported: https://meta.discourse.org/t/custom-sidebar-sections-being-tested-on-meta/255303/66
2023-03-31 13:26:56 +08:00
Martin Brennan
ef1b781ced
FIX: Prevent errors from uppy performance logging (#20910)
Back in d0e1c222f7 we added
performance measuring for uppy uploads using the Performance
API in the browser. However we recently discovered that
sometimes performance.measure can fail if for whatever reason
one of the marks passed to it does not exist:

> Failed to upload ... Performance.measure: Given mark name, upload-uppy-....-create-multipart-success, is unknown

This would cause the entire upload to fail, which is unnecessary
for a debugger. Improve the situation so if this happens again
the error does not stop the upload.
2023-03-31 14:29:07 +10:00
Kris
1ff9bc6e55
UX: onebox site icon needs a right margin (#20902) 2023-03-31 11:06:46 +11:00
Krzysztof Kotlarek
fd718c1a42
FIX: use unselectable mixin in sidebar drag and drop (#20886)
7dcaaec90c/app/assets/stylesheets/common/foundation/mixins.scss (L122)
2023-03-31 09:28:22 +11:00
Natalie Tay
068a36d354
UX: Improve error message when a topic cannot be moved due to category restrictions (#20900) 2023-03-31 02:18:57 +08:00
Canapin
58270954b6
Fix keyboard shortcut button hover color for WCAG color schemes (#20431) 2023-03-30 14:18:20 -04:00
Mark VanLandingham
9518e47204
FEATURE: ability to bulk_remove users from a group (#20876) 2023-03-30 08:06:36 -05:00
Martin Brennan
84ff96bd07
FIX: Do not validate email in TL promotion (#20892)
There is no need to validate the user's emails when
promoting/demoting their trust level, this can cause
issues in things like Jobs::Tl3Promotions, we don't
need to fail in that case when all we are doing is changing
trust level.
2023-03-30 13:52:10 +10:00
Alan Guo Xiang Tan
49e7e639cc
DEV: Update experimental /filter route with tags support (#20874)
The following are the changes being introduced in this commit:

1. Instead of mapping the query language to various query params on the
client side, we've decided that the benefits of having a more robust
query language far outweighs the benefits of having a more human readable query params in the URL.
As such, the `/filter` route will just accept a single `q` query param
and the query string will be parsed on the server side.

1. On the `/filter` route, the tags filtering query language is now
   supported in the input per the example provided below:

   ```
   tags:bug+feature tagged both bug and feature
   tags:bug,feature tagged either bug or feature
   -tags:bug+feature excluding topics tagged bug and feature
   -tags:bug,feature excluding topics tagged bug or feature
   ```

   The `tags` filter can also be specified multiple
times in the query string like so `tags:bug tags:feature` which will
filter topics that contain both the `bug` tag and `feature` tag. More
complex query like `tags:bug+feature -tags:experimental` will also work.
2023-03-30 09:00:42 +08:00
Jan Cernik
afe3e36363
DEV: Remove lazy-yt and replace with lazy-videos (#20722)
- Refactors the old plugin to remove jquery usage
- Adds support for Vimeo videos (default on) and Tiktok (experimental and default off)
2023-03-29 11:54:25 -04:00
Osama Sayegh
78befbc53e
DEV: Remove {{user-selector}} (#17753)
`{{user-selector}}` was deprecated in 293fd1f743 more than 2 years ago and it's time we deleted it.
2023-03-29 11:49:47 +03:00
Krzysztof Kotlarek
b854fa8cdb
FIX: disable text select on sidebar (#20871)
To make drag&drop links reliable, we have to disable user-select option on whole sidebar.

https://developer.mozilla.org/en-US/docs/Web/CSS/user-select
2023-03-29 14:32:28 +11:00
Krzysztof Kotlarek
f5fadc3149
FIX: reorder custom sidebar links on touch screen (#20856)
Previously, reorder on touch screens was disabled https://github.com/discourse/discourse/pull/20769.

This PR enables it again. However, link has to be hold for 300 ms to enable drag&drop. Otherwise, normal scroll is performed.
2023-03-29 08:57:04 +11:00
Blake Erickson
aa09a78d14
DEV: Remove diffhtml_preview for video thumbnails (#20865)
Video thumbnail generation is no longer dependent on
`enable_diffhtml_preview` being enabled.
2023-03-28 12:38:50 -06:00
Rafael dos Santos Silva
2a7bdb2d66
FIX: Push notification delay should not be longer than specified (#20864)
When user.last_seen was less than push_notification_time_window_mins we
where delaying the notification for the whole
push_notification_time_window_mins PLUS the time the user was away from.

Originally reported in https://meta.discourse.org/t/-/259688
2023-03-28 13:22:54 -03:00
Penar Musaraj
f8720a20f9
Revert "UX: Take sticky header into account when spacebar scrolling (#20848)" (#20863)
This reverts commit cb92ea3c2b.

Was causing unexpected scrolling when interacting with the header. Will
investigate.
2023-03-28 11:13:51 -04:00
Vinoth Kannan
08ff6eebad
FIX: skip category preference update if already set by group. (#20823)
`default_categories_*` site settings will update the category preferences on user creation. But it shouldn't update the user's category preference if a group's setting already updated it for that user.
2023-03-28 19:43:01 +05:30
Ella E
0b05fa71ca
UX: Improve login required page (#20847)
* UX: improve static login page

* DEV: separate welcome header to its own translation line

* Define waving_hand_url helper

* Remove redundant copy

* Update translations for welcome_message

* DEV: remove unused imported getURL

---------

Co-authored-by: Bianca Nenciu <nenciu.bianca@gmail.com>
2023-03-28 07:09:44 -05:00
Sam
49f0cc16ba
PERF: optimise serialization for topic tracking state (#20860)
This corrects two issues:

1. We were double serializing topic tracking state (as_json calls were not cached)
2. We were inefficiently serializing items by instantiating extra objects
2023-03-28 18:09:22 +11:00
Sam
7038540af6
PERF: ensure sidebar section link index is correctly ordered (#20854)
We perform lookups on sidebar section links based on sidebar_section_id
totally ignoring user. This ensures we have an index to work with.

This removes the previous index `links_user_id_section_id_position` which
partially doubled up `idx_unique_sidebar_section_links`
2023-03-28 15:13:44 +11:00
Penar Musaraj
cb92ea3c2b
UX: Take sticky header into account when spacebar scrolling (#20848) 2023-03-27 20:37:01 -04:00
Krzysztof Kotlarek
326a7a47e7
FIX: global sidebar section icon not moving on scroll (#20851)
Global section icon is using absolute position. To make it move on scroll, the parent element has to be relative.

https://meta.discourse.org/t/globe-icon-at-sidebar-behaves-badly/259382
2023-03-28 10:13:27 +11:00
Canapin
2dba3ab7c9
UX: Improve the "install theme/component" modal on mobile (#20777) 2023-03-27 14:11:31 -04:00
NullVoxPopuli
e988628186
DEV: Update browserslist (#20846)
Silences some verbose logging while booting the UI
2023-03-27 19:15:04 +02:00
Jarek Radosz
cbabc01e0e
DEV: Make capabilities into a service (#18678) 2023-03-27 19:06:36 +02:00
Daniel Waterworth
d563b73202
DEV: Make category topic_ids cache work like other caches (#20814) 2023-03-27 09:23:29 -05:00
Daniel Waterworth
3e80ab3143
DEV: Make category subcategory_ids cache work like other caches (#20815) 2023-03-27 09:23:23 -05:00
Daniel Waterworth
b2554e1490
DEV: Make hex cache work like other caches (#20816) 2023-03-27 09:22:53 -05:00
Daniel Waterworth
0f4bb19524
DEV: make developer cache work like other caches (#20817) 2023-03-27 09:22:33 -05:00
dependabot[bot]
3d0b67372f
Build(deps): Bump @uppy/aws-s3-multipart in /app/assets/javascripts (#20032)
Bumps [@uppy/aws-s3-multipart](https://github.com/transloadit/uppy) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/transloadit/uppy/releases)
- [Changelog](https://github.com/transloadit/uppy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/transloadit/uppy/compare/@uppy/aws-s3-multipart@3.1.1...@uppy/aws-s3-multipart@3.1.2)

---
updated-dependencies:
- dependency-name: "@uppy/aws-s3-multipart"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-27 13:38:11 +02:00
dependabot[bot]
f425e9c66c
Build(deps): Bump @uppy/utils in /app/assets/javascripts (#20567)
Bumps [@uppy/utils](https://github.com/transloadit/uppy) from 5.1.2 to 5.1.3.
- [Release notes](https://github.com/transloadit/uppy/releases)
- [Changelog](https://github.com/transloadit/uppy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/transloadit/uppy/compare/@uppy/utils@5.1.2...@uppy/utils@5.1.3)

---
updated-dependencies:
- dependency-name: "@uppy/utils"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-27 13:35:34 +02:00
dependabot[bot]
142ef6088c
Build(deps): Bump @uppy/aws-s3 in /app/assets/javascripts (#20033)
Bumps [@uppy/aws-s3](https://github.com/transloadit/uppy) from 3.0.4 to 3.0.5.
- [Release notes](https://github.com/transloadit/uppy/releases)
- [Changelog](https://github.com/transloadit/uppy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/transloadit/uppy/compare/@uppy/aws-s3@3.0.4...@uppy/aws-s3@3.0.5)

---
updated-dependencies:
- dependency-name: "@uppy/aws-s3"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-27 12:50:56 +02:00
dependabot[bot]
dd0c9a96b9
Build(deps): Bump @popperjs/core in /app/assets/javascripts (#20831)
Bumps [@popperjs/core](https://github.com/popperjs/popper-core) from 2.11.6 to 2.11.7.
- [Release notes](https://github.com/popperjs/popper-core/releases)
- [Commits](https://github.com/popperjs/popper-core/compare/v2.11.6...v2.11.7)

---
updated-dependencies:
- dependency-name: "@popperjs/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-27 11:52:53 +02:00
dependabot[bot]
f56a6a1c28
Build(deps): Bump sinon from 15.0.2 to 15.0.3 in /app/assets/javascripts (#20829)
Bumps [sinon](https://github.com/sinonjs/sinon) from 15.0.2 to 15.0.3.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md)
- [Commits](https://github.com/sinonjs/sinon/compare/v15.0.2...v15.0.3)

---
updated-dependencies:
- dependency-name: sinon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-27 11:51:33 +02:00
dependabot[bot]
e7ef5afb1b
Build(deps): Bump sass from 1.59.3 to 1.60.0 in /app/assets/javascripts (#20830)
Bumps [sass](https://github.com/sass/dart-sass) from 1.59.3 to 1.60.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.59.3...1.60.0)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-27 11:50:55 +02:00
dependabot[bot]
30417b7f18
Build(deps): Bump terser in /app/assets/javascripts (#20832)
Bumps [terser](https://github.com/terser/terser) from 5.16.6 to 5.16.8.
- [Release notes](https://github.com/terser/terser/releases)
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.16.6...v5.16.8)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-27 11:50:06 +02:00
Ted Johansson
392cea5852
DEV: Only show plugin tab for admin (#20841)
As part of another regression, we realized that the plugins tab is visible to moderators, but they cannot interact with anything inside without triggering authorization errors.

This change hides the plugin tab for non-admin users.
2023-03-27 16:08:16 +08:00
Krzysztof Kotlarek
e0cf2849fd
FIX: admin always see configure default sidebar categories (#20836)
When an admin removes all the categories from their personal sidebar configuration, the section should remain visible to them with the “Configure default categories” prompt.

Similar solution for tags.

/t/95036
2023-03-27 15:46:39 +11:00
Alan Guo Xiang Tan
e0155b6955
DEV: Introduce dedicated controller and route for discovery.filter (#20837)
Instead of being tied to the old implementation and constraints, a
dedicated route and controller for the `discovery.filter` app route will
allow us to iterate on changes much faster.
2023-03-27 10:08:11 +08:00
Krzysztof Kotlarek
4047073292
FIX: display validation under custom sidebar fields (#20772)
Before, incorrectly filled fields were marked with red border. Now, additional information under the field is displayed to notify the user what is incorrect.

/t/93696
2023-03-27 13:03:16 +11:00
Keegan George
c66323f964
UX: Make table wrapper popup button icon only (#20820) 2023-03-24 13:23:05 -07:00
David Taylor
e47af9bb72
FIX: Check for staff without triggering anonymous user error (#20819)
Followup to 142d2ab65e
2023-03-24 19:11:57 +00:00
Keegan George
83db0bf41a
FIX: Post height issues with Expand Table button (#18810) 2023-03-24 11:55:49 -07:00
Daniel Waterworth
0728fa055b
DEV: Make theme cache work like other caches (#20813) 2023-03-24 12:37:16 -05:00
Daniel Waterworth
7e23e6c1e8
DEV: Make banner cache work like other caches (#20811) 2023-03-24 12:36:55 -05:00
Kris
88004873ec
A11Y: usernames aren't a meaningful heading (#20623) 2023-03-24 13:22:22 -04:00
Andrei Prigorshnev
19b0dbe59d
UX: Show titles on site settings navigation menu items (#20794)
In some languages, labels on the site settings navigation menu 
get truncated. This adds titles to menu items, so users can see 
untruncated labels on hover.
2023-03-24 20:46:10 +04:00
David Taylor
fc3c737a7f
UX: Restore reviewable counts on hamburger for legacy navigation (#20807)
Previously we disabled the hamburger reviewable count badge when the redesigned user menu was enabled. This commit updates the logic so that the hamburger reviewable count is tied the legacy navigation mode instead. This ensures that there is always a persistent reviewable count visible. (in the non-legacy navigation modes, the total reviewable count is shown in the sidebar)
2023-03-24 14:34:32 +00:00
David Taylor
9b41700f87
DEV: Use component class instead of string in user-menu API (#20806)
In the future we'll be looking at things like tree-shaking and code-splitting. Using 'magic strings' to resolve components is not compatible with those techniques. It makes sense to switch to a more modern pattern now, before the new user-tab API is used too widely.

This commit is backwards-compatible. API consumers which pass a string will see a deprecation message asking them to pass a component class instead.

This commit also turns some unneeded getters into simple class properties (no need to use a getter when it just returns a constant).
2023-03-24 14:26:30 +00:00
Bianca Nenciu
142d2ab65e
FEATURE: Move bootstrap mode indicator to header (#20663)
The information about bootstrap mode has been moved from the notice to
the README topic for admins.
2023-03-24 15:59:03 +02:00
Jarek Radosz
a39a7028ab
DEV: Remove server-side-only entry for /upgrade (#20804)
After the docker_manager upgrade (https://github.com/discourse/docker_manager/pull/167) this is no longer needed.
2023-03-24 13:11:25 +01:00
dependabot[bot]
75cd3821c6
Build(deps): Bump webpack in /app/assets/javascripts (#20798)
Bumps [webpack](https://github.com/webpack/webpack) from 5.76.2 to 5.76.3.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.76.2...v5.76.3)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-24 13:10:34 +01:00
Jordan Vidrine
d533f316e8
UX: Fix mobile grippie being hidden (#20803) 2023-03-24 07:04:09 -05:00
David Taylor
d2617c4904
UX: Allow opening user-menu tabs in new tab/window (#20792)
This commit turns the new user menu tabs into `<a href` elements. This means that the tab's associated URL is shown on mouseover, and also allows the browser to handle navigation when a modifier key is pressed (e.g. ctrl, shift, mod).
2023-03-24 08:18:23 +00:00
Krzysztof Kotlarek
4929288bdd
FIX: delay custom section reorder (#20799)
Reorder should start after 300ms.
In addition, pointer events should be blocked to not open link after reorder is finished.
2023-03-24 13:58:05 +11:00
dependabot[bot]
a6166c5b32
Build(deps): Bump @glimmer/syntax in /app/assets/javascripts (#20797)
Bumps [@glimmer/syntax](https://github.com/glimmerjs/glimmer-vm) from 0.84.2 to 0.84.3.
- [Release notes](https://github.com/glimmerjs/glimmer-vm/releases)
- [Changelog](https://github.com/glimmerjs/glimmer-vm/blob/master/CHANGELOG.md)
- [Commits](https://github.com/glimmerjs/glimmer-vm/compare/v0.84.2...v0.84.3)

---
updated-dependencies:
- dependency-name: "@glimmer/syntax"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-23 23:20:33 +01:00
Mark VanLandingham
ebada4a6b0
DEV: More specific API to including extra associations in CategoryList (#20790) 2023-03-23 12:39:38 -05:00
David Taylor
fe127b166d
DEV: Add {{yield}} to user-stream-item for plugins/themes (#20791)
This means that plugins/themes can re-use the core component and also introduce their own footer
2023-03-23 15:32:00 +00:00
Jordan Vidrine
5238e96377
FIX: Avoid double-encoding featured topic title in user profile (#20740) 2023-03-23 13:36:37 +00:00
David Taylor
bee61d4faf
DEV: Convert composer controller to native class syntax (#20723)
Actions are moved from actions: {} to top-level functions with @action decorator. Previously we had a save() action and a top-level function of the same name, so this commit renames the action to avoid a clash.
2023-03-23 13:36:03 +00:00
David Taylor
b81767c1b1
SECURITY: Limit URL length for theme remote (#20787) 2023-03-23 12:01:04 +00:00
Joffrey JAFFEUX
165a3217c8
Revert "FIX: delay custom section reorder (#20781)" (#20786)
This reverts commit 4fe79ccc79.
2023-03-23 11:27:12 +01:00
Alan Guo Xiang Tan
2d46824a87
DEV: Switch to data attributes to represent sidebar section name (#20771)
Data attributes are less restrictive than the class attribute.
2023-03-23 13:09:45 +08:00
Krzysztof Kotlarek
4fe79ccc79
FIX: delay custom section reorder (#20781)
Reorder should start after 300ms.
In addition, pointer events should be blocked to not open link after reorder is finished.
2023-03-23 15:05:36 +11:00
Alan Guo Xiang Tan
4cb79ce8be
UX: Styling adjustments for filters page (#20768)
Change styling of filter input & remove button.

This follows the same pattern of design we use for search. In the search dropdown we do not have a button to search. We rely on pressing enter. I've also provided an example of Github's PR filter UI at the bottom of this comment.

We also do not have buttons like this on any other topic-list header. On tag and category dropdowns, we also rely on pressing enter to filter the topic list by chosen categories & tags.

Co-authored-by: Jordan Vidrine <jordan@jordanvidrine.com>
2023-03-23 06:28:47 +08:00
Mark VanLandingham
32aa821f12
DEV: Add preload API to CategoryList (#20778) 2023-03-22 15:12:08 -05:00
Bianca Nenciu
f12e77d500
FIX: Do not allow anonymous users to be anonymized (#20776) 2023-03-22 20:51:42 +02:00
dependabot[bot]
16b0db77b5
Build(deps): Bump webpack in /app/assets/javascripts (#20695)
Bumps [webpack](https://github.com/webpack/webpack) from 5.76.1 to 5.76.2.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.76.1...v5.76.2)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-22 11:59:35 +01:00
Krzysztof Kotlarek
3eaf48aa37
FIX: disable reorder links on touch screens (#20769)
This feature causes troubles on touch screens like phones and tablets. Right now, we would like to limit it to mouse and touchpads.

/t/94351
2023-03-22 13:34:19 +11:00
Alan Guo Xiang Tan
b06e31f8e7
DEV: Remove experimental support for query string on /filter route (#20632) 2023-03-22 10:04:57 +08:00
Martin Brennan
520d4f504b
FEATURE: Auto-remove users without permission from channel (#20344)
There are many situations that may cause users to lose permission to
send messages in a chat channel. Until now we have relied on security
checks in `Chat::ChatChannelFetcher` to remove channels which the
user may have a `UserChatChannelMembership` record for but which
they do not have access to.

This commit takes a more proactive approach. Now any of these following
`DiscourseEvent` triggers may cause `UserChatChannelMembership`
records to be deleted:

* `category_updated` - Permissions of the category changed
   (i.e. CategoryGroup records changed)
* `user_removed_from_group` - Means the user may not be able to access the
   channel based on `GroupUser` or also `chat_allowed_groups`
* `site_setting_changed` - The `chat_allowed_groups` was updated, some
   users may no longer be in groups that can access chat.
* `group_destroyed` - Means the user may not be able to access the
   channel based on `GroupUser` or also `chat_allowed_groups`

All of these are handled in a distinct service run in a background
job. Users removed are logged via `StaffActionLog` and then we
publish messages on a per-channel basis to users who had their
memberships deleted.

When the user has a channel they are kicked from open, we show
a dialog saying "You no longer have access to this channel".

When they click OK we redirect them either:

* To their first other public channel, if they have any followed
* The chat browse page if they don't

This is to save on tons of requests from kicked out users getting messages
from other channels.

When the user does not have the kicked channel open, we can just
silently yoink it out of their sidebar and turn off subscriptions.
2023-03-22 10:19:59 +10:00
Kris
d4c6511d31
UX: improve directory user fields on small screens (#20765) 2023-03-21 14:09:02 -04:00
Kris
1ed70d17ed
UX: allow profile menu tabs to scroll if needed (#20619) 2023-03-21 13:49:19 -04:00
Daniel Waterworth
7b01576c8d
DEV: Remove emoji cache dead code (#20764)
The cache is already not shared between app servers that have different
app_versions, so this check was redundant.
2023-03-21 12:33:12 -05:00
Daniel Waterworth
a0a6f6d71b
FIX: Fix the emoji toned regexes (#20763) 2023-03-21 11:48:55 -05:00
Kris
147941a5d7
UX: update chat icon to d-chat (#20744) 2023-03-21 10:40:42 -04:00
Kris
5d03ddfbc8
UX: clarify descriptions for watched words, style (#20678) 2023-03-21 10:40:26 -04:00
Régis Hanol
37609897e8
FEATURE: log manual bounce reset (#20758)
DEV: rename the route "/admin/users/:id/reset_bounce_score" to use dashes instead of underscores
2023-03-21 15:26:26 +01:00
Krzysztof Kotlarek
1859025228
FIX: my links in sidebar section (#20754)
Links like `/my/preferences` were invalid in custom section. The reason is that `/my` links are just redirects from backend, and they are not recognized as valid Ember paths.

https://github.com/discourse/discourse/blob/main/config/routes.rb#L433

Therefore, regex match allowlist was added - similar to backend check:

https://github.com/discourse/discourse/blob/main/app/controllers/users_controller.rb#L471

/safe-mode is same case
2023-03-21 15:58:42 +11:00
Penar Musaraj
ae939f4111
UX: Fix menu panel padding on non-safe-area contexts (#20746)
Followup to 32ad46c. Only picks the `safe-area-inset-bottom` if it is
greater than the default padding value for the element.
2023-03-20 21:46:13 -04:00
Krzysztof Kotlarek
db74e9484b
FEATURE: ability to reorder links in custom sidebar sections (#20626)
Drag and drop to reorder custom sidebar sections
2023-03-21 12:23:28 +11:00
David Taylor
d5c7b9f8df
FIX: Badge granting recursion error (#20750)
Moving the `grantBadge` action out of the actions hash caused it to clash with a method of the same name from the GrantBadgeController mixin. This commit renames the action.
2023-03-20 21:07:21 +00:00
Joffrey JAFFEUX
c37dd63ac3
DEV: fixes linting (#20748)
Followup to 54eaae4326
2023-03-20 20:59:27 +00:00
Dominik Schlipper
54eaae4326
FIX: replace unitless 0 in CSS calc() with '0px' (#20689)
Using the unitless number 0 in CSS calc() functions is recognized as invalid (tested in Chrome 110 & Firefox 111).
In this code, this would disable the style definition for the 'height' property when one of the custom properties is undefined and the fallback '0' is used.
For more insight on this topic. see https://stackoverflow.com/questions/55406001/why-doesnt-css-calc-work-when-using-0-inside-the-equation
2023-03-20 16:06:49 -04:00
Blake Erickson
62e7c72126
DEV: Generate video thumbnails from the File object instead of the DOM (#20696)
In order to avoid built in browser CORS issues and sites that are using
CDNs this change allows us to generate thumbnail images from videos
directly from the File uploaded instead of reading the already uploaded
file via the `video` tag.

Follow-up to: f144c64e13
2023-03-20 13:40:14 -06:00
Penar Musaraj
5b0d300b8a
DEV: Set containing block for Popper dropdowns (#20745)
Popper dropdowns used `position: fixed` or `position: absolute`. But in
tables, we want the content to use auto overflow horizontally, and that
causes the dropdowns to be hidden vertically in some scenarios.

Setting a containing block on the parent container fixes both placement
and overflow issues.
2023-03-20 15:26:20 -04:00
Isaac Janzen
ca4b73d20c
FIX: Support tag query param on /tag/{name} routes (#20742) 2023-03-20 13:51:39 -05:00
Penar Musaraj
f0569db49d
UX: Some very minor WCAG scheme fixes (#20726) 2023-03-20 13:23:10 -04:00
Bianca Nenciu
fa96569ef2
FIX: Do not show user tips over composer (#20708) 2023-03-20 18:17:04 +02:00
David Taylor
4782c34dce
DEV: Move user/group cards from named outlet to component (#20718)
Named outlets are deprecated and will be removed in Ember 4.x.
2023-03-20 14:23:15 +00:00
David Taylor
597316125f
FIX: Avoid double-encoding featured topic title in user card (#20739)
a373bf2a updated the behavior of `replace-emoji` so that the input is treated as unsafe-by-default. `fancy_title` is already escaped, so we need to mark it as html-safe to avoid it being double-escaped.

There is no need to html-safe the result of replace-emoji - it's already done as part of the helper.
2023-03-20 12:47:53 +00:00
dependabot[bot]
80367b827a
Build(deps): Bump deepmerge in /app/assets/javascripts (#20732)
Bumps [deepmerge](https://github.com/TehShrike/deepmerge) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/TehShrike/deepmerge/releases)
- [Changelog](https://github.com/TehShrike/deepmerge/blob/master/changelog.md)
- [Commits](https://github.com/TehShrike/deepmerge/compare/v4.3.0...v4.3.1)

---
updated-dependencies:
- dependency-name: deepmerge
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-20 13:02:44 +01:00
dependabot[bot]
4ecd7204de
Build(deps): Bump @babel/standalone in /app/assets/javascripts (#20680)
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone) from 7.21.2 to 7.21.3.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.21.3/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/standalone"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-20 12:32:48 +01:00
David Taylor
faf2a8ada2
FIX: Error for admin-panel incoming email logs (#20738)
Followup to 64557c4076
2023-03-20 10:49:01 +00:00
Martin Brennan
2f6987a241
DEV: Minor refactor for bookmark polymorphic changes (#20733)
Followup to 184ce647ea,
this just implements Bianca's suggestion on the original
PR and catches the NameError, which was not necessary
before as we were not actually resolving any class from
bookmarkable_type.
2023-03-20 10:19:28 +01:00
Sam
4a3c13a37b
FIX: search index failing on certain posts (#20736)
During search indexing we "stuff" the index with additional keywords for
entities that look like domain names.

This allows searches for `cnn` to find URLs for `www.cnn.com`

The search stuffing attempted to keep indexes aligned at the correct positions
by remapping the indexed terms. However under certain edge cases a single
word can stem into 2 different lexemes. If this happened we had an off by
one which caused the entire indexing to fail.

We work around this edge case (and carry incorrect index positions) for cases
like this. It is unlikely to impact search quality at all given index position
makes almost no difference in the search algorithm.
2023-03-20 15:43:08 +11:00
Joffrey JAFFEUX
184ce647ea
FIX: correctly infer polymorphic class from bookmarkable type (#20719)
Prior to this change `registered_bookmarkable` would return `nil` as  `type` in `Bookmark.registered_bookmarkable_from_type(type)` would be `ChatMessage` and we registered a `Chat::Message` class.

This commit will now properly rely on each model `polymorphic_class_for(name)` to help us infer the proper type from a a `bookmarkable_type`.

Tests have also been added to ensure that creating/destroying chat message bookmarks is working correctly.

---

Longer explanation

Currently when you save a bookmark in the database, it's associated to another object through a polymorphic relationship, which will is represented by two columns: `bookmarkable_id` and `bookmarkable_type`. The `bookmarkable_id` contains the id of the relationship (a post ID for example) and the `bookmarkable_type` contains the type of the object as a string by default, (`"Post"` for example).

Chat plugin just started namespacing objects, as a result a model named `ChatMessage` is now named `Chat::Message`, to avoid complex and risky migrations we rely on methods provided by rails to alter the `bookmarkable_type` when we save it: we want to still save it as `"ChatMessage"` and not `"Chat::Message"`. And, to retrieve the correct model when we load the bookmark from the database: we want `"ChatMessage"` to load the `Chat::Message` model and not the `ChatMessage`model which doesn't exist anymore.

On top of this the bookmark codepath is allowing plugins to register types and will check against these types, so we alter this code path to be able to do a similar ChatMessage <-> Chat::Message dance and allow to check the type is valid. In the specific case of this commit, we were retrieving a `"ChatMessage"` bookmarkable_type from the DB and looking for it in the registered bookmarkable types which contain `Chat::Message` and not `ChatMessage`.
2023-03-17 17:20:24 +01:00
TheJammiestDodger
f57ba758ce
UX: Update Install Popular items and links (#20688)
* UX: Update 'Install Popular' items and links

* Update popular-themes.js

* Update popular-themes.js

* Update popular-themes.js

* Lint

---------

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2023-03-17 16:05:36 +00:00
Joffrey JAFFEUX
12a18d4d55
DEV: properly namespace chat (#20690)
This commit main goal was to comply with Zeitwerk and properly rely on autoloading. To achieve this, most resources have been namespaced under the `Chat` module.

- Given all models are now namespaced with `Chat::` and would change the stored types in DB when using polymorphism or STI (single table inheritance), this commit uses various Rails methods to ensure proper class is loaded and the stored name in DB is unchanged, eg: `Chat::Message` model will be stored as `"ChatMessage"`, and `"ChatMessage"` will correctly load `Chat::Message` model.
- Jobs are now using constants only, eg: `Jobs::Chat::Foo` and should only be enqueued this way

Notes:
- This commit also used this opportunity to limit the number of registered css files in plugin.rb
- `discourse_dev` support has been removed within this commit and will be reintroduced later

<!-- NOTE: All pull requests should have tests (rspec in Ruby, qunit in JavaScript). If your code does not include test coverage, please include an explanation of why it was omitted. -->
2023-03-17 14:24:38 +01:00
David Taylor
74349e17c9
DEV: Migrate remaining admin classes to native syntax (#20717)
This commit was generated using the ember-native-class-codemod along with a handful of manual updates
2023-03-17 12:25:05 +00:00
David Taylor
1161c980f2
DEV: Resolve and unsilence ember.built-in-components deprecation (#20716)
- Install `@ember/legacy-built-in-components` and update our import statements to use it
- Remove our custom attributeBinding extensions of `TextField` and `TextArea`. Modern ember 'angle bracket syntax' allows us to apply html attributes to a component's element without needing attributeBindings
2023-03-17 11:55:29 +00:00
David Taylor
5e5024d3e7
DEV: Resolve and unsilence ember-global deprecation (#20702)
One of the problems here was coming from the ember-jquery addon. This commit skips the problematic shim from the addon and re-implements in Discourse. This hack will only be required short-term - we'll be totally dropping the ember-jquery integration as part of our upgrade to Ember 4.x.

Removing this shim means we can also remove our `discourse-ensure-deprecation-order` dummy addon which was ensuring that the ember-jquery-triggered deprecation was covered by ember-cli-deprecation-workflow.
2023-03-17 11:22:12 +00:00
David Taylor
64557c4076
DEV: Update admin models to native class syntax (#20704)
This commit was generated using the ember-native-class-codemod along with a handful of manual updates
2023-03-17 10:18:42 +00:00
David Taylor
303f97ce89
PERF: Use native postgres upsert for ApplicationRequest (#20706)
Using `create_or_find_by!`, followed by `update_all!` requires two or three queries (two when the row doesn't already exist, three when it does). Instead, we can use postgres's native `INSERT ... ON CONFLICT ... DO UPDATE SET` feature to do the logic in a single atomic call.
2023-03-17 09:35:29 +00:00
Penar Musaraj
32ad46c551
UX: Adjust menu panels on iOS (#20703) 2023-03-16 19:23:15 -04:00
Blake Erickson
a373bf2a01 SECURITY: XSS on chat excerpts
Non-markdown tags weren't being escaped in chat excerpts. This could be
triggered by editing a chat message containing a tag (self XSS), or by
replying to a chat message with a tag (XSS).

Co-authored-by: Jan Cernik <jancernik12@gmail.com>
2023-03-16 15:27:09 -06:00
Blake Erickson
d89b537d8f SECURITY: Fix XSS in full name composer reply
We are using htmlSafe when rendering the name field so we need to escape
any html being passed in.
2023-03-16 15:27:09 -06:00
Penar Musaraj
c213cc7211
DEV: Fix tag route fixture param (#20693)
This tag route is /tag/important/l/latest.json so the tag name should also be important.
2023-03-16 11:27:04 -04:00
Loïc Guitaut
0bd64788d2 SECURITY: Rate limit the creation of backups 2023-03-16 16:09:22 +01:00
David Taylor
9d1423b5aa
DEV: Drop impossible conditional from admin-logs-staff-action-logs (#20687)
`Object.keys(filters)` will never return 0
2023-03-16 12:27:27 +00:00
David Taylor
c190994046
DEV: Update admin modal controllers to native class syntax (#20685)
This commit was generated using the ember-native-class-codemod along with a handful of manual updates
2023-03-15 17:39:33 +00:00
dependabot[bot]
62bbdd25ab
Build(deps): Bump @babel/core in /app/assets/javascripts (#20681)
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.21.0 to 7.21.3.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.21.3/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-15 14:29:16 +01:00
dependabot[bot]
2ea6675671
Build(deps): Bump sass from 1.59.2 to 1.59.3 in /app/assets/javascripts (#20682)
Bumps [sass](https://github.com/sass/dart-sass) from 1.59.2 to 1.59.3.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.59.2...1.59.3)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-15 14:27:17 +01:00
David Taylor
e700f0af93
DEV: Update admin routes to native class syntax (#20686) 2023-03-15 13:17:51 +00:00
David Taylor
be354e7950
DEV: Update admin controllers to native class syntax (#20674)
This commit was generated using the ember-native-class-codemod along with a handful of manual updates
2023-03-15 09:42:12 +00:00
Daniel Waterworth
84f590ab83
DEV: Store theme sprites in the DB (#20501)
Let's avoid fetching sprites from the CDN during page rendering.
2023-03-14 13:11:45 -05:00
Isaac Janzen
dfd6d6b999
FIX: Latest post created_at on topic-timeline not updating (#20665)
# Context
https://meta.discourse.org/t/timeline-timestamp-not-updating/256447/1

During the upgrade of the topic-timeline to glimmer the "latest post" timestamp was not updating on the timeline in relation to the relative age of the post. It was only updating on a hard refresh.

# Fix
Use the `age-with-tooltip` helper to update the created_at date automatically as time passes.

# Additional
Add the ability to pass params to `age-with-tooltip` so that we can include options like `addAgo` and `defaultFormat`
2023-03-14 11:08:23 -05:00
Kris
22a7818399
FIX: update LoadMore selector for user tables (#20676) 2023-03-14 11:10:51 -04:00
Penar Musaraj
a208ed0925
UX: Improve menu panel height fallback for older browsers (#20673)
Tested with Chrome <100, Firefox <100 and Samsung Internet 20, using
percentage-based height here works better for these browsers.

This was especially a problem for the Samsung Internet browser, because
it previously was hiding the "Dismiss" button on the user profile menu.
2023-03-14 10:41:38 -04:00
David Taylor
b5721b7b4f
FIX: default_list_filter = none navigation and preloading (#20641)
When a category has default_list_filter=none, there were a number of issues which this commit resolves:

1. When using the breadcrumbs to navigate a `default_list_filter=none` category, adding a tag filter would not apply the no-subcategories filter, but the subcategories dropdown would still say 'none'. This commit adjusts `getCategoryAndTagUrl` so that `/none` is added to the URL

2. When landing on `/tags/c/{slug}/{id}/{tag}`, for a default_list_filter=none category, it would include subcategories. This commit introduces a client-side redirect to match the behavior of `/c/{slug}/{id}`

3. When directly navigating to `/c/{slug}/{id}`, it was correctly redirecting to `/c/{slug}/{id}/none`, BUT it was still using the preloaded data for the old route. This has been happening since e7a84948. Prior to that, the preloaded data was discarded and a new JSON request was made to the server. This commit restores that discarding behavior. In future we may want to look into making this more efficient.

System specs are introduced to provide end-end testing of this functionality
2023-03-14 10:46:05 +00:00
Loïc Guitaut
8a8f2758d5 DEV: Refactor Jobs::UserEmail a little 2023-03-14 09:23:06 +01:00
Isaac Janzen
ab442058c0
FIX: Broken topic-timeline summarize topic button (#20661)
# Context
During the octane upgrade of the Topic Timeline the `summarize-topic` button was neglected, leaving it in a broken state. 

# Fix
Update the button to replicate the original functionality


<img width="351" alt="Screenshot 2023-03-13 at 12 41 25 PM" src="https://user-images.githubusercontent.com/50783505/224785657-fc8124fe-f1d9-4cc8-917b-9cd859517da3.png">

_updated timeline with summarize button_
2023-03-13 13:12:33 -05:00
Andrei Prigorshnev
72726830b5
FIX: anonymous users cannot load topics with mentions with a user status that has an end date (#20660)
Steps to reproduce:
1. Create a post with a mention of a user that has user status with an end date
2. Try to load the topic with that post as an anonymous user

You'll see a topic with blank content.
2023-03-13 19:57:09 +04:00
David Taylor
f91af69ec4
FIX: Avatar upload error (#20658)
Followup to 4f9afabf87
2023-03-13 10:59:42 +00:00
dependabot[bot]
59e5485408
Build(deps): Bump sass from 1.58.3 to 1.59.2 in /app/assets/javascripts (#20656)
Bumps [sass](https://github.com/sass/dart-sass) from 1.58.3 to 1.59.2.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.58.3...1.59.2)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-13 11:01:41 +01:00
dependabot[bot]
05e713d098
Build(deps): Bump node-fetch from 3.3.0 to 3.3.1 in /app/assets/javascripts (#20655)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-13 08:45:43 +08:00
dependabot[bot]
b5bb41493a
Build(deps): Bump eslint from 8.35.0 to 8.36.0 in /app/assets/javascripts (#20652)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-13 08:45:24 +08:00
dependabot[bot]
8c653cbc91
Build(deps): Bump sinon from 15.0.1 to 15.0.2 in /app/assets/javascripts (#20653)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-13 08:12:35 +08:00
dependabot[bot]
ad6edfc08a
Build(deps): Bump jsdom from 21.1.0 to 21.1.1 in /app/assets/javascripts (#20651)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-13 08:12:19 +08:00
dependabot[bot]
173a3b4d02
Build(deps): Bump webpack from 5.76.0 to 5.76.1 in /app/assets/javascripts (#20654)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-13 08:10:09 +08:00
Alan Guo Xiang Tan
e4b11e7643
FEATURE: Only list watching group messages in messages notifications panel (#20630)
Why is this change required?

Prior to this change, we would list all group messages that a user
has access to in the user menu messages notifications panel dropdown.
However, this did not respect the topic's notification level setting and
group messages which the user has set to 'normal' notification level were
being displayed

What does this commit do?

With this commit, we no longer display all group messages that a user
has access to. Instead, we only display group messages that a user is
watching in the user menu messages notifications panel dropdown.

Internal Ref: /t/94392
2023-03-13 08:09:38 +08:00
Kris
44bc284e0f
UX: avoid overflow clipping descenders (#20643) 2023-03-10 16:49:06 -05:00
Kris
03e3fd742e
UX: some admin theme list style adjustments (#20625) 2023-03-10 15:15:31 -05:00
Blake Erickson
943068a634
FIX: Welcome topic banner showing after general category is deleted (#20639)
If you happen to delete the general category before editing the welcome
topic, the banner will still display. This fix adds a after destroy hook
that will clear the entries for the welcome topic banner in the redis
cache.
2023-03-10 12:33:12 -07:00
David Taylor
6bb89ffea8
DEV: Resolve d-button-action-string deprecation in exception.hbs (#20638) 2023-03-10 16:56:40 +00:00
David Taylor
3e8d349465
DEV: Correct core test run detection for theme-qunit (#20635)
Followup to 8f1a5c9392
2023-03-10 12:40:59 +00:00
David Taylor
8f1a5c9392
DEV: Fail core JS test runs if deprecations are triggered (#20614)
It's important to keep our core log output as clean as possible to avoid 'crying wolf', and so that any deprecations triggered by plugin/theme tests are indeed caused by that theme/plugin, and not core.

This commit will make the core test suite fail if any deprecations are triggered. If a new deprecation is introduced (e.g. as part of a dependency update) and we need more time to resolve it it can be silenced via ember-deprecation-workflow.

This does not affect plugin/theme test runs.
2023-03-10 10:39:42 +00:00
David Taylor
270e98e45f
DEV: Include ember deprecation messages in production builds (#20587)
By default, Ember uses a babel transformation to strip out calls to `deprecate()` in production builds. Given that Discourse is a development platform for third-party themes/plugins, having deprecation messages visible in production is essential - many themes/plugins do not have comprehensive test-suites, and rely on production feedback to prompt changes. This commit patches Ember to print its deprecation messages to the console in production. In future we intend to improve the visibility of these to hosting providers and/or site admins.

There are two main parts to this commit:

1. Use yarn's 'resolutions' feature to point `babel-plugin-debug-macros` to a discourse-owned fork. This fork prevents `deprecate()` calls from being stripped. Relevant change can be found at https://github.com/discourse/babel-plugin-debug-macros/commit/d179d613bf

2. Introduce a production shim for Ember's deprecation library, including the `registerDeprecationHandler` API. The default implementation is stripped out of production builds via an `if(DEBUG)` wrapper.

Long term we hope that this kind of functionality can be made available in Ember itself via a flag.
2023-03-10 10:37:28 +00:00
dependabot[bot]
29727408d6
Build(deps): Bump terser in /app/assets/javascripts (#20621)
Bumps [terser](https://github.com/terser/terser) from 5.16.5 to 5.16.6.
- [Release notes](https://github.com/terser/terser/releases)
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.16.5...v5.16.6)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-10 10:11:27 +00:00
Ted Johansson
87ec058b8b
FEATURE: Configurable auto-bump cooldown (#20507)
Currently the auto-bump cooldown is hard-coded to 24 hours.

This change makes the highlighted 24 hours part configurable (defaulting to 24 hours), and the rest of the process remains the same.

This uses the new CategorySetting model associated with Category. We decided to add this because we want to move away from custom fields due to the lack of type casting and validations, but we want to keep the loading of these optional as they are not needed for almost all of the flows.

Category settings will be back-filled to all categories as part of this change, and creating a new category will now also create a category setting.
2023-03-10 13:45:01 +08:00
Martin Brennan
168de52538
DEV: Change sidebar header dropdown to use wait_for_animation (#20627)
* DEV: Change sidebar header dropdown to use wait_for_animation

Introduced in 54351e1b8a, this
helper should remove the need to have to add the .animated
CSS class in JS for the sidebar.

* DEV: Revert spec change
2023-03-10 14:54:57 +10:00
Sam
5893ad46ba
Revert "FIX: tag dropdown not working with default_list_filter (#20608)" (#20631)
This reverts commit 0df7743d78.

This causes too much instability in the unit test system, reverting
2023-03-10 13:45:34 +11:00
Osama Sayegh
118ce348f4
DEV: Let unread topics come through to /new when new new view is enabled (#20628)
Currently, if a user has opted into the new new experiment (introduced in a509441) and they click on the "See # new or updated topics" banner (screenshot below) at the top of the /new topics list, only new topics are loaded even if there are tracked topics with new replies.

This is unexpected in the new new view experiment because /new in this experiment is supposed to show both new and unread topics so it should listen for both new topics and new replies for existing/tracked topics. This PR addresses this inconsistency and makes it so that clicking the banner load all new and updated topics.
2023-03-10 09:57:35 +08:00
Sam
0df7743d78
FIX: tag dropdown not working with default_list_filter (#20608)
If you set a category to `default_list_filter` none. Information
was not passed to the tag route and routing was incorrect.

This patch fails, cause on reload route does not point to the right place.


```
-- a/app/assets/javascripts/discourse/app/routes/tag-show.js
+++ b/app/assets/javascripts/discourse/app/routes/tag-show.js
@@ -89,6 +89,8 @@ export default DiscourseRoute.extend(FilterModeMixin, {
       filter = `tag/${tagId}/l/${topicFilter}`;
     }
     const list = await findTopicList(
       this.store,
       this.topicTrackingState,
@@ -123,7 +125,7 @@ export default DiscourseRoute.extend(FilterModeMixin, {
   },

   setupController(controller, model) {
-    const noSubcategories =
+    this.noSubcategories =
       this.noSubcategories === undefined
         ? model.category?.default_list_filter === NONE
         : this.noSubcategories;
@@ -133,7 +135,7 @@ export default DiscourseRoute.extend(FilterModeMixin, {
       ...model,
       period: model.list.for_period,
       navMode: this.navMode,
-      noSubcategories,
+      noSubcategories: this.noSubcategories,
       loading: false,
     });
 ```

Long term we don't want to hide this logic from the routing (even in
the category case) it just cause unneeded confusion and fragility.
2023-03-10 11:37:55 +11:00
Selase Krakani
0603bd57df
FIX: Ensure form_template_ids is defined on new category records (#20610)
Navigating to the topic template tab on a new category form resulted in
exceptions because the `form_template_ids` property was undefined.

This fix sets the `form_template_ids` property on new category records.
2023-03-09 23:34:08 +00:00
Blake Erickson
2d0ad48dd1
Revert "DEV: Add crossOrigin to video tag (#20617)" (#20624)
This reverts commit f6063c684b.

Videos on sites with a cdn enabled aren't playing w/ a default cdn
config. They are showing a "CORS request did not succeed" error.
2023-03-09 16:20:35 -07:00
Blake Erickson
f6063c684b
DEV: Add crossOrigin to video tag (#20617)
* DEV: Add crossOrigin to video tag

This is a follow-up commit to f144c64e13
which enables the ability to generate thumbnail images for video
uploads.

In order for the html5 canvas element to create an image or blob the
source video element needs to to have the crossOrigin attribute set to
"anonymous" because a cdn is likely being used in production
environments.

We are already doing something similar in
e292c45924/app/assets/javascripts/discourse/app/lib/update-tab-count.js (L63)
2023-03-09 13:19:19 -07:00
David Taylor
4f9afabf87
DEV: Resolve avatar-selector computed-property.override deprecation (#20616) 2023-03-09 18:05:46 +00:00
Blake Erickson
f144c64e13
Generate thumbnail images for video uploads (#19801)
* FEATURE: Generate thumbnail images for uploaded videos

Topics in Discourse have a topic thumbnail feature which allows themes
to show a preview image before viewing the actual Topic.

This PR allows for the ability to generate a thumbnail image from an
uploaded video that can be use for the topic preview.
2023-03-09 09:26:47 -07:00
chapoi
dd07e0dbd0
FIX: review q issues (#20558)
* DEV: specify type of flag in status

* FIX: passing missing parameter

* DEV: pass type for reviewable score table

* UX: add missing queued-topic styling

* UX: fix img overflow

* UX: add styling for queued user

* UX: fix user flag color

* UX: prevent overflow

* UX: add copy for filters

* FIX: fix typo in css for akismet flagging

* UX: copy change for flag something else

* UX: prevent overflow

* Fixing reviewable-status css classes

* Changes based on no longer using humanType

* Need to use type rather than humanType for reviewable-status

* FIX: linting

---------

Co-authored-by: Martin Brennan <martin@discourse.org>
2023-03-09 16:02:13 +01:00
Penar Musaraj
673cd4196f
FIX: Don't send image sizes for emojis/avatars (#20589)
When using the "review media unless trust level" setting, posts with emojis or quotes will end up in the review queue even though they don't have any uploaded media. That is because our heuristic for this in the new post manager relies on image_sizes. This commit skips sending image_sizes for emojis and avatars. 

Co-authored-by: Régis Hanol <regis@hanol.fr>
2023-03-09 09:53:27 -05:00
Kris
3cab9d5f80
UX: position of group user table dropdown, border (#20593) 2023-03-09 09:39:02 -05:00
David Taylor
b1727d9748
DEV: Resolve topic#details computed-property.override deprecation (#20612) 2023-03-09 13:44:50 +00:00
David Taylor
059ac3d31a
DEV: Unsilence and resolve setting-on-hash deprecation (#20611)
Select-kit was mutating a passed-in options hash to apply its own deprecations. This commit updates it to apply deprecated changes to the downstream `this.selectKit.options` object instead.
2023-03-09 13:44:31 +00:00
David Taylor
a99218677f
DEV: Unsilence two ember deprecations (#20609)
Neither of these are triggered in the core test suite. Unsilence so that plugins/themes receive deprecation notices.
2023-03-09 12:24:15 +00:00
Selase Krakani
ec40693f89
FIX: Ensure required_tag_group is defined on new category records (#20600)
Attaching required tag groups to new categories failed because
`required_tag_group` was undefined on the new category records

This fix sets an empty `required_tag_group` property on the new category
records.
2023-03-09 11:57:37 +00:00
Krzysztof Kotlarek
22bccef8f4
FIX: set external flag before validation (#20599)
Previously, `before_save` callback was used but `before_validation` has to be used to set external flag.
2023-03-09 10:44:54 +11:00
dependabot[bot]
2b5698a6ca
Build(deps): Bump webpack in /app/assets/javascripts (#20598)
Bumps [webpack](https://github.com/webpack/webpack) from 5.75.0 to 5.76.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-08 23:24:51 +01:00