Commit Graph

3369 Commits

Author SHA1 Message Date
Régis Hanol
34d04e7507
SECURITY: add pagination to post replies
When a post has some replies, and the user click on the button to show them, we would load ALL the replies. This could lead to DoS if there were a very large number of replies.

This adds support for pagination to these post replies.

Internal ref t/129773

FIX: Duplicated parent posts

DEV: Query refactor
2024-10-07 11:48:48 +08:00
Natalie Tay
d984646c97
DEV: Update warning when deleting associated accounts (#29053) 2024-10-03 19:50:29 +08:00
marstall
23fbaf7ee3
UX: change twitter share link to X (#29056) 2024-10-02 14:43:40 -04:00
Martin Brennan
8fc34e9323
DEV: Add a skeleton for section landing page & items (#28477)
We are going to start making section landing pages
for admin for each sidebar section. This lays the framework
with routes and simple components that can be further
refined by a designer, but I have taken the base CSS from
AI which Kris made.

The initial section landing items will be used in AI to replace
the placeholders added in this commit b8b3c61451
2024-10-02 12:19:38 +10:00
Linca
a1e5796ba1
FEAT: Allow admin delete user's associated accounts (#29018)
This commit introduces a feature that allows an admin to delete a user's
associated account. After deletion, a log will be recorded in staff
actions.

ref=t/136675
2024-09-27 20:08:05 +08:00
Ted Johansson
be33363f13
FEATURE: Add ability to dismiss admin notices (#28916)
his is a new feature that lets admins dismiss notices from the dashboard. This helps with self-service in cases where a notice is "stuck", while we work on provisions to prevent "sticking" in the first place.
2024-09-17 14:43:34 +08:00
Ella E.
fa83e7b07d
FIX: Regression in short description in admin badges page (#28884) 2024-09-12 12:21:42 -06:00
Tobias Eigen
451572cf0d
updated sidebar links to security settings and spam settings (#27993)
made sidebar links to "security settings" and "spam settings" unambiguous.
2024-09-12 09:03:04 -07:00
Tobias Eigen
ca232d834b
removed periods from one-liner instructions on signup form (#27902)
* removed periods from one-liner instructions on signup form

we want to skip periods and unnecessary punctuation on single sentence instructions in the UI, to make them easier to scan for users

* Update client.en.yml
2024-09-12 09:01:52 -07:00
Krzysztof Kotlarek
1f1709d249
FIX: use a custom prefix for custom flags (#28839)
Currently, when the custom flag has the same name as the system flag (which is disabled) then it is not displayed. To fix the problem, `custom_` prefix as `name_key` is used to distinguish between the system and the custom flag.

I considered writing a migration to fix existing custom flags name key. However, at the end of migration I would need to run rails code to reset cache `Flag.reset_flag_settings!`. I decided to skip that step as it is a very edge case. If someone has the same flag name as the system flag, then all they have to do is edit the flag and click save.

In addition, I made 2 small fixes:
- edit flag title was missing translation;
- flag form UI was not showing that description is the required field.
2024-09-11 15:30:20 +10:00
Ella E.
19ba7c944b
UX: Add a description on the about config area (#28790)
* UX: Add a description on the about config area

---------

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2024-09-09 20:31:13 -06:00
Guhyoun Nam
aacd354de5
FEATURE: Added Category Experts unapproved post WebHook Event (#28802)
This PR is adding a Category Experts unapproved WebHook event type.
2024-09-10 07:56:35 +09:00
Guhyoun Nam
5102f964ce
DEV: Changed text for approved post webhook event (#28745)
This PR is for changing text for the approved post webhook event.
2024-09-09 12:06:02 +09:00
Linca
aab2987438
FEATURE: Log tag group changes in staff action log (#28787)
* FEATURE: Log tag group changes in staff action log

This commit records every change (add, change, delete) to a tag group in
the staff action log.

It uses a modal that was originally called ThemeChangeModal to display
changes, allowing staffs to see the specific changes clearly. The modal
is renamed to StaffActionLogChangeModal in this PR.

ref: https://meta.discourse.org/t/-/325011/14

Co-authored-by: Keegan George <kgeorge13@gmail.com>
2024-09-09 10:50:48 +08:00
Osama Sayegh
722c008adb
FEATURE: Add 'Edit this page' link at the top of the new /about page (#28766)
This commit adds a link to the top of the new /about page, shown to admins only, to allow them to easily navigate to `/admin/config/about` where they can edit the /about page.

Internal topic: t/137546.
2024-09-06 13:35:30 +03:00
Osama Sayegh
f273e84c26
DEV: Change recommended banner dimensions to 1100x300 (#28749)
This makes the recommended width match the actual page width.
2024-09-05 08:55:08 +03:00
Ella E.
be5c37a6d4
UX: Apply admin UI to Badges (#28724)
* UX: Add a description about badges

* WIP: Apply admin UI guidelines

* FIX: Add routeModels to dbutton

Allows routeModels to be passed to a DButton along
with route, so we can use them as a LinkTo replacement
in more places.

Also fix up badges admin page header.

* UX: Reorder action buttons

* UX: Change header hierarchy to better align page's content structure

* UX: Update copy and remove unnecessary UI elements

* UX: Adjust header's icon spacing

* UX: Fix the header action buttons on mobile

* Apply prettier

---------

Co-authored-by: Martin Brennan <martin@discourse.org>
2024-09-04 20:18:23 -06:00
Guhyoun Nam
93564bfa7d
DEV: Approved Post Webhook Event Category Update (#28725)
'Post approved by category experts' is moved to the post category
2024-09-04 13:58:17 +09:00
Martin Brennan
361e954c55
UX: Change admin plugins list to follow UI guidelines (#28478)
This commit introduces a little bit of duplication
since the old plugin UIs not using the new plugin show
page look different from ones like AI and Gamification
which have been converted. We can use the new admin
header component on the plugins list, but for the other
pages we are manually rendering a breadcrumb trail and
the list of plugin tabs.

Over time as we convert more plugins to use the new UI
guidelines and show page we can get rid of this duplication.
2024-08-30 14:53:36 +10:00
Martin Brennan
ca26099a8d
UX: Add descriptions to auto groups and auto group indicator (#28630)
This commit adds a description for all the auto groups
which will be shown in the group list and show group
pages, which will help admins understand their purpose
better.

Also adds an indicator with a tooltip to explain what
the auto groups are on the group show page.
2024-08-30 10:52:34 +10:00
Jan Cernik
b092ccbdc5
UX: Add progress bar to the registration flow (#27694) 2024-08-28 08:43:39 -03:00
Gabriel Grubba
c8f5445030
Revert "DEV: Removal of create_post_for_category_and_tag_changes setting (#28…" (#28587)
This reverts commit fc33826dc5.
2024-08-27 16:19:51 -03:00
Krzysztof Kotlarek
df6c152fa1
UX: flag settings tab to follow UI guidelines (#28479)
Add settings tab to flags moderation page.
2024-08-27 09:47:19 +10:00
Martin Brennan
a16faa27cd
FEATURE: Allow showing site text search in selected locale (#28453)
When searching for site texts for admin using the english
version of the text, previously we would show the english
version in the results _even if_ there was another locale
translated version available when a locale was selected
from the dropdown.

This commit adds a "Only show results in selected locale"
checkbox option which will instead make it so the results
shown are in the target locale, making it easier for translators
to tell when there is actually translations vs. missing tranlsations.
2024-08-26 11:25:36 +10:00
Osama Sayegh
bb04a1e0d3
DEV: Small copyedit to visitors stats notice (#28514) 2024-08-23 15:07:07 +03:00
Martin Brennan
e60b808f49
UX: Apply new admin UI guidelines to What's New (#28454) 2024-08-22 10:28:29 +10:00
Martin Brennan
9dd47ca755
UX: Fix restore info link on admin backups page (#28452)
Followup 1446596089

The link to inform admins that restore is disabled
was not correct. This fixes it and also changes it
to go to /admin/backups/settings
2024-08-21 13:23:24 +10:00
Osama Sayegh
10ae7ef44a
FEATURE: Add estimated number of global and EU visitors to the about page (#28382)
This commit implements 2 new metrics/stats in the /about page for the _estimated_ numbers of unique visitors from the EU and the rest of the world. This new feature is currently off by default, but it can be enabled by turning on the hidden `display_eu_visitor_stats` site settings via the rails console.

There are a number of assumptions that we're making here in order to estimate the number of unique visitors, specifically:

1. we're assuming that the average of page views per anonymous visitor is similar to the average number of page views that a logged-in visitor makes, and
2. we're assuming that the ratio of logged in visitors from the EU is similar to the ratio of anonymous visitors from the EU

Discourse keeps track of the number of both logged-in and anonymous page views, and also the number of unique logged-in visitors and where they're from. So with those numbers and the assumptions above, we can estimate the number of unique anonymous visitors from the EU and the rest of the world.

Internal topic: t/128480.
2024-08-21 00:03:42 +03:00
Tobias Eigen
5916eaac13
Update client.en.yml (#28442)
changed "contact us at email" to "contact email", which is shorter and reads well even if site is run by an individual.
2024-08-20 10:26:03 -07:00
Martin Brennan
1446596089
UX: Apply admin interface guidelines to Backups page (#28051)
This commit converts the Backups page in the admin interface
to follow our new admin interface guidelines.

As part of this work, I've also made `AdminPageHeader` and `AdminPageSubheader`
components that can be reused on any admin page for consistency, that handle
the title and action buttons and also breadcrumbs.

Also renamed `AdminPluginFilteredSiteSettings` to `AdminFilteredSiteSettings` since
it can be used generally to show a subset of filtered site settings, not only
settings for a plugin. Not sure if it's ideal to have to define a new route for this
for every config area, but not sure how else to do it right now.
2024-08-20 09:59:43 +10:00
Osama Sayegh
a92cf019db
FIX: Make cancel and reset buttons work for file_size_restriction settings (#28347)
This commit fixes a number of bugs in `file_size_restriction` settings and does a little of refactoring to reduce duplicated code in site setting types (the refactoring is necessary to fix one of the bugs).

The bugs in `file_size_restriction` settings that are fixed in this commit:

1. Save/cancel buttons next to a `file_size_restriction` setting are shown upon navigating to the settings page without changes being made to the setting
2. Cancel button that discards changes made to the setting doesn't work
3. Reset button that resets the setting to its default doesn't work
4. Validation error message isn't cleared when resetting/cancelling changes

To repro those bugs, navigate to `/admin/site_settings/category/files` and observe the top 2 settings in the page (`max image size kb` and `max attachment size kb`).

Internal topic: t/134726.
2024-08-15 19:38:47 +03:00
Gabriel Grubba
fc33826dc5
DEV: Removal of create_post_for_category_and_tag_changes setting (#28321)
* DEV: Removal of create_post_for_category_and_tag_changes setting

reverting commit: #65f35e1
and adding a migration to remove the setting
ref: t/132320

* DEV: change checks for zeros to check for nils

* DEV: remove create_post_for_category_and_tag_changes migration file

If anything goes wrong, we can always revert back to the previous state.
2024-08-14 12:12:21 -03:00
Jan Cernik
5b78bbd138
DEV: Convert account activation pages to use Ember (#28206) 2024-08-12 18:02:00 -03:00
Osama Sayegh
1d6e54e54c
DEV: Add admins and moderators sections to the redesigned /about page (#28273)
This commit continues on work laid out by 6039b513fe to redesign the /about page. In this commit, we add sections for showing the site admins and moderators.

The lists of admins and moderators display the 10 most recently seen admins/moderators, with a button to display the rest of admins or moderators. Admins or moderators that have not logged in to the site in the last year will not be shown. Clicking on an admin's or moderator's name/avatar will show their user card.
2024-08-12 16:23:44 +03:00
Kris
0c0f9e4a0d
UX: smaller modal headings, shorter flag mdoal title (#28278) 2024-08-08 12:18:20 -04:00
Penar Musaraj
9d00871a67
UX: Change bookmark menu label from "Custom..." to "More options…" (#28266) 2024-08-07 17:57:18 -04:00
Osama Sayegh
5dbf812d32
DEV: Add site age and site activities section to the redesigned about page (#28214)
This commit continues on work laid out by 6039b513fe to redesign the /about page. In this commit, we add the site age and a section on the right hand side to show site activities/statistics such as topics, posts, sign-ups, likes etc.
2024-08-07 11:11:41 +03:00
Krzysztof Kotlarek
300ef67481
UX: move admin flag form to form-kit (#28187)
Rewrite the admin flag form to use FormKit. This is a draft because waiting for Checkbox improvements.
2024-08-05 11:01:25 +10:00
Sérgio Saquetim
4167862a05
DEV: Catch transformer errors and improve warnings (#28205) 2024-08-02 15:58:13 -03:00
Joffrey JAFFEUX
9383143bc6
FIX: system badges can be disabled (#28169)
A previous commit mistakenly assumed system badges couldn't be disabled.
2024-07-31 15:28:59 +02:00
Natalie Tay
188cb58daa
SECURITY: Fixes for main (#28137)
* SECURITY: Update default allowed iframes list

Change the default iframe url list to all include 3 slashes.

* SECURITY: limit group tag's name length

Limit the size of a group tag's name to 100 characters.

Internal ref - t/130059

* SECURITY: Improve sanitization of SVGs in Onebox

---------

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
Co-authored-by: Régis Hanol <regis@hanol.fr>
Co-authored-by: David Taylor <david@taylorhq.com>
2024-07-30 14:19:01 +08:00
Loïc Guitaut
fbf6bf6243 FIX: Don't escape MF variables in HTML links
We have some MF strings that are outputting HTML tags (typically links)
and their attributes are using single quotes. The problem is that with
the current implementation of MessageFormat, single quotes act as an
escaping mechanism for special characters like `{`. This then prevents
from interpolating some variables in the strings.

This patch addresses that issue by using double quotes instead,
restoring the expected behavior.
2024-07-29 15:30:52 +02:00
Krzysztof Kotlarek
2a9dcade0a
UX: group admin new features by month (#28106)
Display new features grouped by month and show additional information about the version.
2024-07-29 14:20:12 +10:00
Osama Sayegh
7cc0f26292
DEV: Migrate about config area to Form Kit (#28021)
Form Kit is our new form library/framework for unifying the way forms look across Discourse. The admin config area for the /about page is a new form that isn't currently used, so it makes sense for it to be one of the first forms to be migrated to Form Kit to test the library.

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-07-25 19:07:38 +03:00
David McClure
45f6bc0093
DEV: Add missing comma to warning string (#28081)
@discourse-translator-bot keep_translations
2024-07-25 10:43:31 -04:00
Joffrey JAFFEUX
eec1b39baf
FIX: better copy for one entry (#28082)
If only one badge has not been awarded, the rest of the string doesn’t make sense:

> Due to the large number of unmatched entries, only the first 100 are shown:

As we are going to show only 1 anyways.
2024-07-25 16:12:13 +02:00
Joffrey JAFFEUX
e3f03c74c4
FIX: missing ? in plural translation (#28079) 2024-07-25 16:05:19 +02:00
Jan Cernik
f7d1b9cf67
UX: Allow adding content inline to the topic map (#28053) 2024-07-25 10:46:52 -03:00
锦心
a749387c80
FEATURE: Clean up previously logged information after permanently deleting posts (#28033)
* FEATURE: Clean up previously logged information after permanently deleting posts

When soft deleteing a topic or post, we will log some details in the
staff log, including the raw content of the post. Before this commit, we
will not clear the information in these records. Therefore, after
permanently deleting the post, `UserHistory` still retains copy of the
permanently deleted post. This is an unexpected behaviour and may raise
some potential legal issues.

This commit adds a behavior that when a post is permanently deleted, the
details column of the `UserHistory` associated with the post will be
overwritten to "(permanently deleted)". At the same time, for permanent
deletion, a new `action_id` is introduced to distinguish it from soft
deletion.

Related meta topic: https://meta.discourse.org/t/introduce-a-way-to-also-permanently-delete-the-sensitive-info-from-the-staff-logs/292546
2024-07-23 15:27:11 +08:00
Martin Brennan
fc09236c0c
UX: FormKit error message followup (#28009)
We don't need this extra description, whole number
should be enough
2024-07-23 11:40:20 +10:00