43ddf60cdf introduced a new method for dismissing new topics in topic-tracking-state, which works on a per-category basis.
This commit removes the old mechanism, which was to delete all 'new' topics from the local tracking state, regardless of category.
Page used to jitter when oneboxes loaded images lazily.
Previously we inserted the the "shadow" loading image before the "real" image.
This meant that certain styling with `firstChild` CSS selectors would apply
incorrectly to the shadow image.
Additionally we had special case code for onebox and quoted images that was
not really needed due to this fix.
We had an old fix that used computed style for image height and width in
specific scenarios, we now run it all the time.
On slow devices there was a possibility that the cache fetch after amending
src at the end of the process would cause a flash, this is avoided using a
new onload handler.
Plugins like https://github.com/discourse/discourse-calendar add extra HTML (e.g. icons) to user/group mentions. Clicking on those extra elements used to only flash a blank card. Now, the card opens properly.
- Refactor source_url to avoid using eval in development
- Precompile handlebars in development
- Include template compilers when running qunit
- Remove unsafe-eval in development CSP
- Include unsafe-eval only for qunit routes in development
`highlight` was called from `didInsertElement` which technically doesn't ensure the list is rendered. By wrapping the highlighting code in `afterRender` we ensure it works more consistently.
Our current topic admin menu is not always fully visible on a mobile
device, therefore some options are difficult to click.
To solve this issue, we can display the admin menu on the bottom of the
screen on mobile devices.
- Ensure that the 'notify_moderators' flag is always the last flag when using custom flags.
- Support passign a custom FlagSettings object when replacing flags to reuse existing ones.
* FEATURE: allows plugins to add a global notice
Usage:
```
api.addGlobalNotice(id, text, options = {});
```
Options can be:
```
dismissable // Will display a button to hide the notice if true
html // will prepend html to the next if present
level // alert level, will usee css class of alert component
persistentDismiss // if true won't show notice again on reload
onDismiss // execute a custom action on dismiss
visibility // defines custom logic for notice visibility
```
Co-authored-by: Robin Ward <robin.ward@gmail.com>
* FIX: category routes model params should decode their URL parts
Ember's route star globbing does not uri decode by default. This is
problematic for subcategory globs with encoded URL site settings enabled.
Subcategories with encoded URLs will 404 without this decode.
I found this https://github.com/tildeio/route-recognizer/pull/91
which explicitly explains that globbing does not decode automatically.
This was re-encoding the search slug each loop - if the category list was not
the first category in the list, it'd continually search with a re-encoded search
term from the previous iteration. This results in ember 404ing when navigating
to raw encoded category slugs of the form /c/encoded-slug-with-non-ascii
that have no ID attached.
This commit fe9293b8b5 created a regression.
The problem is that dom changed a little bit.
Before it was
```
<tr class="instructions create-account-email">
<td></td>
<div id="account-email-validation" class="tip bad ember-view"></div>
<td><label>Never shown to the public.</label></td>
</tr>
```
And after we got
```
<tr class="instructions create-account-email">
<td></td>
<div id="account-email-validation" class="tip bad ember-view"> </div>
<td><label>Never shown to the public.</label></td>
</tr>
```
That small space may look like not important change.
However, now helpers are hitting that CSS rule:
```
.login-form {
.tip {
&:not(:empty) + td {
display: none;
}
}
```
To fix it, we should render template only if there is a reason - like it was before
```
if (reason) {
buffer.push(iconHTML(this.good ? "check" : "times") + " " + reason);
}
```
* FIX: remove rerenderTriggers
- Using h4 instead of h3 for sub-categories.
- Show category description if it does not have subcategories.
- Implemented equivalent for mobile-view.
- Include description_excerpt in basic serializer. This is needed for
displaying second-level categories in category list.
Follow-up to 9253cb79e3.
The maximum level used to be one, which meant that a category could be
either a parent or a child. If it was a parent, the subcategories were
shown; if it was a child then the parent selector was shown.
With multiple levels of nesting, a category can be both a parent and a
child.
There is a problem that if you read all messages, even when a new one
arrives, the button on the top is not showing.
This is because once the button got `hidden` class, a label under is
properly updated, however, the class is not removed.
Therefore, I added computed isHidden function which is recalculated when
`count` change.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: 006e5904be in this
series.
This commit affects the icons next to the topic title that indicate if
it is closed, unlisted, pinned, etc. It is just a refactor and should
not change any functionality.
Originally I was going to continue to use the existing
topic-status-icons arrayProxy helper but this would require using
observers, so I opted instead to use computed properties and have a bit
larger hbs template.
Adds a custom bookmark-clock icon to discourse-additional.svg for use with the new bookmarks with reminder functionality.
Also add some code to correctly refresh the post-stream icon for bookmark to show the clock after save.
The trouble with having:
/tags/:tag_id/...
and:
/tags/intersection/*tag_ids
for example, is: what happens if you want a tag called intersection?
Under this new scheme. Routes referring to a single tag are unambiguous
because they are prefixed with:
/tag/:tag_id
Routes referring to the collection of tags still start with:
/tags/
This commit just adds the new routes. It doesn't remove the old ones or
cause the new ones to be used.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: ea6326c860 in this
series.
This commit affects the top menu buttons. It is just a refactor and
should not change any functionality.
When using api.decorateWidget("topic-admin-menu:adminMenuButtons") in plugins, an empty button is added if the helper only returns attributes based on a condition (for example, if the admin action is limited to public topics.) In that case, we need to exclude the button from rendering.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: f5cca4930d in this
series.
This commit affects the display of some of the unread, new, and unseen
badges in topic lists like when then "show subcategory list above topics
in this category" option is checked.
API keys are now only visible when first created. After that, only the first four characters are stored in the database for identification, along with an sha256 hash of the full key. This makes key usage easier to audit, and ensures attackers would not have access to the live site in the event of a database leak.
This makes the merge lower risk, because we have some time to revert if needed. Once the change is confirmed to be working, we will add a second commit to drop the `key` column.
Hide old bookmark post-menu item if the site setting for the new bookmark reminders is enabled and change icon for the new bookmark functionality to the same as the old bookmark button
Fix null @topic_view error in post serializer for post_bookmark, as new posts do not have a @topic_view
* i was incorrectly toggling the transformed post property
instead of the actual property in the emberjs post model
which broke the bookmark/unbookmark functionality
Note: All of this functionality is hidden behind a hidden, default false, site setting called `enable_bookmarks_with_reminders`. Also, any feedback on Ember code would be greatly appreciated!
This is part 1 of the bookmark improvements. The next PR will address the backend logic to send reminder notifications for bookmarked posts to users. This PR adds the following functionality:
* We are adding a new `bookmarks` table and `Bookmark` model to make the bookmarks a first-class citizen and to allow attaching reminders to them.
* Posts now have a new button in their actions menu that has the icon of an actual book
* Clicking the button opens the new bookmark modal.
* Both name and the reminder type are optional.
* If you close the modal without doing anything, the bookmark is saved with no reminder.
* If you click the Cancel button, no bookmark is saved at all.
* All of the reminder type tiles are dynamic and the times they show will be based on your user timezone set in your profile (this should already be set for you).
* If for some reason a user does not have their timezone set they will not be able to set a reminder, but they will still be able to create a bookmark.
* A bookmark can be deleted by clicking on the book icon again which will be red if the post is bookmarked.
This PR does NOT do anything to migrate or change existing bookmarks in the form of `PostActions`, the two features live side-by-side here. Also this does nothing to the topic bookmarking.
But the "synonyms" can't use the TagSerializer yet. We still have some
code from the discourse-tagging plugin that uses "text" instead of
"name", "count" instead of "topic_count", etc. We should make the js
consistent with the TagSerializer and then stop using tag_counts_json.
Ember was throwing this error preventing the reorder categories feature
from working:
```
access theidproperty (of <(unknown):ember1803>). ... the object in question
is a special kind of Ember object (a proxy). Therefore, it is still necessary
to use.get('id')in this case.
```
So I updated it to use the `get` method
https://api.emberjs.com/ember/3.14/functions/@ember%2Fobject/get
Follow up to: 6e5fedb312
When the tag is muted and topic contains that tag, we should not mark that message as NEW.
There are 3 possible settings which site admin can set.
remove_muted_tags_from_latest - always
It means that if the topic got at least one muted tag, we should not mark that topic as NEW
remove_muted_tags_from_latest - only muted
Similar to above, however, if at least one tag is not muted, the topic is marked as NEW
remove_muted_tags_from_latest - never
Basically, mute tag setting is ignored and all topics are set as NEW
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: da66950cf5 in this
series.
This commit affects the display of the backup logs. It is just a
refactor and does not change any functionality.
When a component is installed and not assigned to any theme and the user is changing page, we should display a warning.
If the user decides to skip warning or come back later, a warning should not be shown anymore.
Also, when the user clicks "delete" button right after installation, warning about forgotten themes should not be shown.
Fixes an issue where updates to the first post in a topic would be visible only for staff.
Before, because the empty tag would find its way to `PostRevisor`, `TopicsController#update` would create a hidden revision, and later `PostsController#update` would only update that revision.
After this change, `TopicsController` doesn't create a revision at all (unless necessary), so `PostsController` can create it (and correctly decide whether the revision should be hidden or not).
* DEV: Add API to alter uploads Markdown
* DEV: Extract data attributes from image / download Markdown
For example '[test|attachment|hello=world]' will generate an 'a' element
with a data attribute: 'data-hello=world'.
This commit also makes MarkdownIt to transform '|attachment' into
'class="attachment"'. This transformation used to be a part of the
process which resolves short URLs (i.e. upload://).
* DEV: Export imageNameFromFileName
This reapplies commit b643526d9a after
being reverted in commit f65c453555.
Unlike the original commit, this does a single pass and does not take
into account unfinished code blocks.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: 54e4559aea in this
series.
This commit affects the display of the backup upload progress bar. It is
just a refactor and does not change any functionality.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: f269e45978 in this
series.
This commit affects the display of topic timers. It is just a refactor
and does not change any functionality.
When uploading an image file with dots in the filename we were splitting the string on dots and getting the last of the split items as the extension-less filename. However this did not work with filenames that have dots. We now just remove the extension using substr.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: fe9293b8b5 in this
series.
This commit affects the display of popup input tips, like in the
composer when the title is too short or too long. It is just a refactor
and does not change any functionality.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: 2290ec9e87 in this
series.
This commit affects the display of input tips. It is just a refactor and
does not change any functionality.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: 80f4b9e227 in this
series.
This commit affects the display of translated counts that is used in
multiple places like showing how many posts are selected using the
select posts feature on a topic. It is just a refactor and does not
change any functionality.
This feature adds the ability to define synonyms for tags, and the ability to merge one tag into another while keeping it as a synonym. For example, tags named "js" and "java-script" can be synonyms of "javascript". When searching and creating topics using synonyms, they will be mapped to the base tag.
Along with this change is a new UI found on each tag's page (for example, `/tags/javascript`) where more information about the tag can be shown. It will list the synonyms, which categories it's restricted to (if any), and which tag groups it belongs to (if tag group names are public on the `/tags` page by enabling the "tags listed by group" setting). Staff users will be able to manage tags in this UI, merge tags, and add/remove synonyms.
* FEATURE: ability to add all active components to theme
* FIX: add a component to all themes takes only active ones
* FIX: move select components/themes to top
* FIX: improve defaultIsAvailable
* FIX: Add filter(Boolean) and remove btn class
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: bb31e7f5b6 in the series.
This commit affects the display of the Webhooks Deliver Status column. It
is just a refactor and does not change any functionality.
The tag-drop component uses the passed in categories to calculate paths,
but only the last category is relevant, since, from a category we can
calculate its ancestors.
* Support for custom messages and redirects when creating posts
When a post/topic is created Discourse serializes a `NewPostResult`
object. Normally this contains a status like `created_post` or
errors describing why the post could not be created.
There are times when a plugin might want to take the inputted post
and do something in the background. In this case, the plugin
can return a custom `message` and `route_to` attribute in the
`NewPostResult`.
If present, the message will be displayed in an alert, and when "Ok" is
clicked the user will be routed to the new URL.
* Destroy the draft in parallel
This reverts commit 700bd280e4.
Oops looks like this breaks tests:
```
Module Failed: widget:quick-access-item
Test Failed: escapedContent attribute is not escaped
Assertion Failed: TypeError: Cannot read property 'match' of undefined
Expected: true, Actual: false
Test Failed: anonymous
Assertion Failed: failed, expected argument to be truthy, was: 0
Expected: true, Actual: 0
Assertion Failed: Element .enable-anonymous not found.
Test Failed: anonymous - switch back
Assertion Failed: failed, expected argument to be truthy, was: 0
Expected: true, Actual: 0
Assertion Failed: Element .disable-anonymous not found.
Test Failed: log out
Assertion Failed: failed, expected argument to be truthy, was: 0
Expected: true, Actual: 0
Assertion Failed: Element .logout not found.
Test Failed: content attribute is escaped
Assertion Failed: TypeError: Cannot read property 'match' of undefined
Expected: true, Actual: false
```
* FEATURE: Ability to add components to all themes
This is the first and functional step from that topic https://dev.discourse.org/t/adding-a-theme-component-is-too-much-work/15398/16
The idea here is that when a new component is added, the user can easily assign it to all themes (parents).
To achieve that, I needed to change a site-setting component to accept `setDefaultValues` action and `setDefaultValuesLabel` translated label.
Also, I needed to add `allowAny` option to disable that for theme selector.
I also refactored backend to accept both parent and child ids with one method to avoid duplication (Renamed `add_child_theme!` to more general `add_relative_theme!`)
* FIX: Improvement after code review
* FIX: Improvement after code review2
* FIX: use mapBy and filterBy directly
I could not replicate the failure locally, but it was consistently
failing on CI with:
```
Assertion Failed: it should escape watched words
Expected: <img src="x">, Actual: <img src="x">
```
This commit removes an extra space that was added originally, but I
don't think it is really needed after double checking how it displays in
the UI. The `x` icon and the word have sufficient spacing between them.
If we need to we can tweak it in css instead.
Follow up to: bb31e7f5b6
This commit fixes this failing test:
`Assertion Failed: it should escape watched words`
Now that we have a handlebars template we can us it for escaping because
it does that for us.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: 2673cad142 in this
series.
This commit affects the display of watched words on the admin watched
word page. It is just a refactor and does not change any functionality.
This affects login_required sites which use SSO or have only one authenticator enabled. Previously, logging out would redirect to the homepage, which would then redirect to the identity provider. Now, users will be redirected to the Discourse login page. This avoids the confusing situation where a user appears to remain logged in after clicking logout.
Sites which have explicitly defined a logout_redirect url are not affected by this change.
For context, see https://meta.discourse.org/t/134138/2
This commit mostly get rid of the later() call and encapsulate all pie chart display logic inside discourse-poll-pie-canvas widget instead of sharing it between discourse-poll-pie-chart and discourse-poll-pie-canvas
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: e0199e8094 in this
series.
This commit affects the table header sorting on the user directory page.
It is just a refactor and should not change any functionality.
This commit corresponds to d84c34ad which applies the same changes to
the server-side. This changes the category routes, except for the routes
that contain tags.
This amends our API so we provide it with the draft key when saving a post
this means post creator can clean up the draft consistently even if we are
doing fancy stuff like replying to a new topic or new pm or whatever.
There will be some followup work to clean it up so client never calls destroy
on draft during normal operation and the #create/#update endpoints takes care of it
every time
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: d0ad5ecc6d in this
series.
This commit affects the table header sorting on the admin directory page.
It is just a refactor and should not change any functionality.
* DEV: Remove buffered rendering from group-index-toggle
This is the first step in a refactor to remove all uses of our Buffered
Renderer:
01e2d5a670/app/assets/javascripts/discourse-common/lib/buffered-render.js.es6 (L3)
This commit affects the header sorting on the group member and the group
requests pages. It is a refactor only with no change in functionality.
When we receive a list of categories, we should store them so that we
are able to query them in the browser without a page refresh.
This removes a previous fix for the same issue that was much less
general.
This commit attempts to fix two issues that affect quoted images.
The first issue is observed while loading. The 'position: absolute' CSS
property makes 'width' and 'height' behave differently. Instead of using
the known image size, this makes it use the computed width and height of
the image, which should be the right size, as shown to the user.
The second issue is caused by 'object-fit: cover' property which trimmed
the left and right sides of wide pictures to make them fit inside the
quote.
* instead of using encodeURIComponent in imageNameFromFileName,
we just replace the bad characters that we wanted to get rid
of in the first place where we introduced encodeURIComponent.
as per review
Meta: https://meta.discourse.org/t/image-name-has-20-in-file-name/134136
We were ending up with [file%20name](url) in the markdown preview, which looked weird and
affected the alt text. this is because we were calling encodeURIComponent, which has been left in place because this is a valid thing to do for some cases. (e.g. f674b9e)
* Add timezone to user_options table
* Also migrate existing timezone values from UserCustomField,
which is where the discourse-calendar plugin is storing them
* Allow user to change their core timezone from Profile
* Auto guess & set timezone on login & invite accept & signup
* Serialize user_options.timezone for group members. this is so discourse-group-timezones can access the core user timezone, as it is being removed in discourse-calendar.
* Annotate user_option with timezone
* Validate timezone values
When category is dismissed, `dismiss_new` message is sent to fronted to clean state.
In addition, I noticed that when old dismiss new button is clicked, no message is sent so I decided to kill two birds with one stone.
The plan is to switch over all cases where filterMode is set, but, to
prevent breaking plugins and themes, the category and noSubcategories
need to be inferred from any given filterMode before that can happen.
The group card and group members page were affecting each other and were
leaking members list and the query parameters which led to bad UX
experience and sub-optimal performance (client made more queries because
it was loading fewer members).
This commit refactors the group model to make it more consistent, remove
dead code, move error handling outside of model.
isPrivateMessages represents that the tag list is shown in the context
of private messages and pmOnly represents that the tag is used only in
private messages.
This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access.
A few notes:
- the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads
- the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured
- upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status
- when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error
- when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
Disables jumping to bottom of the page (added in 87f0b56) for mobile devices.
Fixes a regression with the mobile jump tool, and avoids users having to scroll up lots on mobile, since suggested topics and site footers can be lengthy.
* When viewing a tag, the search widget will now show a checkbox to scope the search by tag, which will limit search results to that tag on desktop and mobile
According to eviltrout, commas and pipes were the delimiters of a
Discourse specific microformat, but this is no longer the case and
hasn't been for some time.
Code should decide when to do something with the event value, and maybe cause a re-rerender but it shouldn't be automatic. This is currently a gigantic waste of resources.
If there is any other whitespace in the container, then Firefox will add a leading/trailing space when double clicking the key. This commit wraps the key in a div with no whitespace, to work around the problem.
* DEV: Provide radix 10 argument to parseInt
* DEV: Provide radix 16 argument to parseInt
* DEV: Remove unnecessary parseInt calls
* Fix year formatting
parseInt was used here to convert decimals to ints
Instead of enabling `suppress_from_latest` setting on many categories now we can enable `mute_all_categories_by_default` site setting. Then users should opt-in to categories for them to appear in the latest and categories pages.
- Allow revoking keys without deleting them
- Auto-revoke keys after a period of no use (default 6 months)
- Allow multiple keys per user
- Allow attaching a description to each key, for easier auditing
- Log changes to keys in the staff action log
- Move all key management to one place, and improve the UI
Previously we could not place extra nav items in a particular order.
This change introduces a new `before` attribute to addNavigationBarItem
with this attribute we can place a nav item before "top" or any other place.
Additionally this allows navigation items to force active state. In some
cases we may want an items that is simply a "filter" on latest using `?query_params`
when we do that we can "force" the filter active.
A concrete example is the assign plugin that adds a nav item for
Unassigned => `/c/cat-slug/l/latest?assigned=nobody&status=open`
If we did not force then latest would be selected even though the filter
is clicked.
In a category's settings, the Tags tab has two new fields to
specify the number of tags that must be added to a topic
from a tag group. When creating a new topic, an error will be
shown to the user if the requirement isn't met.
* FIX: move attachment_css_class constant out of upload-short-url for discourse-markdown-it
* Use setTimeout instead of ember later
* WIP. Not sure if this worked.
* oneboxer cache in separate file
* Reset onebox cache still
* set functions for oneboxers cache
This is a major change to draft internals. Previously there were quite a
few cases where the draft system would say "draft saved", when in fact
we just skipped saving.
This commit ensures the draft system deals with draft ownership handover in
a predictable way.
For example:
- Window 1 editing draft
- Window 2 editing same draft at the same time
Previously we would allow window 1 and 2 to just fight on the same draft
each window overwriting the same draft over an over.
This commit introduces an ownership concept where either window 1 or 2 win
and user is prompted on the loser window to reload screen to correct the issue
This also corrects edge cases where a user could have multiple browser windows
open and posts in 1 window, later to post in the second window. Previously
drafts would break in the second window, this corrects it.
* DEV: Add the actual "tag_groups/new" route
Allows refreshing the "new" page without an error.
* DEV: Prevent attempts to create group tags if tagging is disabled
* DEV: Refactor the tag-groups controller
Gets rid of `selectedItem`, `selected`, and `selectTagGroup` action.
* DEV: Rename tag-groups-show to tag-groups-edit
* DEV: Refactor tag-groups form
* Extracted the tag-groups-form that's used by tag-groups-new and tag-groups-edit
* The model is now a buffered property
* Serialization relies more heavily on RestAdapter now
* Data is sent as JSON
* Payload is now namespaced ("tag_group")
* Update app/assets/javascripts/discourse/controllers/tag-groups-new.js.es6
Co-Authored-By: Joffrey JAFFEUX <j.jaffeux@gmail.com>
* Update app/assets/javascripts/discourse/components/tag-groups-form.js.es6
Co-Authored-By: Joffrey JAFFEUX <j.jaffeux@gmail.com>
* Update app/assets/javascripts/discourse/controllers/tag-groups-edit.js.es6
Co-Authored-By: Joffrey JAFFEUX <j.jaffeux@gmail.com>
* DEV: Refactor setting component save callback
* refactor site-setting component around new callback
* add callback to theme-translation component
* remove the save callback altogether
Anonymous users are only possible if allow_anonymous_posting is true,
which means that 'user.is_anonymous' check implies that
allow_anonymous_posting is true.
The server already ensures it advances draft keys when a post is created
this means this code that used to delete drafts is simply introducing
composer delays with no benefit.
Defer placing scale buttons causes "scale image" buttons to be missing if
you manage to scroll mouse to the area where the image is prior to image
rendering.
This fix ensures scale buttons are always rendered leaving all the hiding
and styling entirely to CSS.
This also corrects a bug where scaling toolbar was missing on mobile
* FEATURE: Site setting/ui to allow users to set their primary group
* prettier and remove logic from account template
* added 1 to 43 to make web_hook_user_serializer_spec pass
* FEATURE: Add remembering topic list for group pms
* added findOrResetCachedBy helper in topic-list
* Created cached-topic-list.js
* Update app/assets/javascripts/discourse/routes/build-private-messages-route.js.es6
Co-Authored-By: Robin Ward <robin.ward@gmail.com>
When autocompleting mentions in secure categories, we immediately populate the list with users which have permission to view the category. This logic is applied to unsecured categories as well, but the server returns an empty list of users. This commit teaches the autocomplete to understand empty lists of users without terminating the autocomplete dropdown.
- destroyDraft which is called when we cancel a draft is now async,
removing race conditions when you click "reply" to a post and are
already editing. We used to trigger double dialogs for cancelling
drafts which was confusing.
- Remove reply as new topic / reply as pm keys, they are no longer
used and only caused confustion. For example we used to pop up a
warning when you are composing a reply and flick to reply as
new topic
- Remove createTopic key, this was a bug that proliferated. Whenever
creating a topic via the C shortcut or clicking on new topic on full
screen search the correct new topic draft key will be used
consistently
- When abandoning an edit we now say "Are you sure you want to discard
your changes" (instead of abandon your post which is confusing)
* DEV: Remove badge-select-controller
1. The `selectableUserBadges` computed property of `badge-title` was being incorrectly overwritten, which triggered computed-property.override deprecation.
2. The `badge-select-controller` mixin contained properties that were used either by `badge-title` component or `badges/show` controller, but none were being used by both. This change moves properties where they belong, and removes the mixin.
* Update app/assets/javascripts/discourse/controllers/badges/show.js.es6
Co-Authored-By: Robin Ward <robin.ward@gmail.com>
* Improve code brevity
The 'automatically set primary group' checkbox looked like it was associated with the email membership. In fact, it applies to all members who join the group. This commit moves it next to the 'automatic trust level' setting, and puts them both under an 'Effects' heading
* FIX: Do not encode the URL twice
Now that we encode slugs in the server we don't need this anymore.
Reverts fe5na33
* FIX: More places do deal with encoded slugs
* the param is a string now, not a hash
* FIX: Handle the nil slug on /categories
* DEV: Add seeded? method to identity default categories
* DEV: Use SiteSetting to keep track of seeded categories
This feature amends it so instead of using one challenge and honeypot
statically per site we have a rotating honeypot and challenge value which
changes every hour.
This means you must grab a fresh copy of honeypot and challenge value once
an hour or account registration will be rejected.
We also now cycle the value of the challenge when after successful account
registration forcing an extra call to hp.json between account registrations
Client has been made aware of these changes.
Additionally this contains a JavaScript workaround for:
https://bugs.chromium.org/p/chromium/issues/detail?id=987293
This is client side code that is specific to Chrome user agent and swaps
a PASSWORD type honeypot with a TEXT type honeypot.
* DEV: allow serializing data for drafts
* Various fixes
* added an alias method for 'serializeToDraft' to plugin-api
* fixed linting issues
* changed single quotes to double quotes to fix linting issue
* fixed linting issues
* fixed composer model file via prettier
* fixed composer controller file via prettier
* fixed plugin-api file via prettier
A modal's primary action (blue button in the default theme) can now be invoked
by hitting Enter on the keyboard. This applies to all modals that aren't strict
forms as long as the focus is not on a textarea element.
This addresses the following issues:
- on iPad, with keyboard attached, the composer is no longer forced to full screen
- on iPad, with keyboard attached, the topic no longer scrolls when starting a
reply and then cancelling it
- switching between inputs and buttons (formatting, emojis, categories/tags, etc.) no longer
causes layout to bounce around
If the setting is turned on, then the user will receive information
about the subject: if it was deleted or requires some special access to
a group (only if the group is public). Otherwise, the user will receive
a generic #404 error message. For now, this change affects only the
topics and categories controller.
This commit also tries to refactor some of the code related to error
handling. To make error pages more consistent (design-wise), the actual
error page will be rendered server-side.
Using popups is becoming increasingly rare. Full page redirects are already used on mobile, and for some providers. This commit removes all logic related to popup authentication, leaving only the full page redirect method.
For more info, see https://meta.discourse.org/t/do-we-need-popups-for-login/127988
Removes setting for iOS devices that support Visual Viewport API.
On devices where it was previously enabled, it was causing some scrolling drift when invoking the composer.
This is useful by analytics libraries or other code that wants to track
when replies are begun. A new event: `page:compose-reply` is fired with
the topic.
If we are interested in page events (say analytics), they are reported
when the route changes, which does not wait for any promises in
`setupController` to finish.
A plugin might want to know when a topic has fully loaded, so this event
is triggered when that happens.
* FEATURE: Added input for name when creating a new authenticator in user preferences
* FEATURE: Added placeholders to authenticator inputs
* Ran prettier on second-factor-add-totp.js.es6
AppEvents was always a service object in disguise, so we should move it
to the correct place in the application. Doing this allows other service
objects to inject it easily without container access.
In the future we should also deprecate `this.appEvents` without an
explicit injection too.
This fix is needed due to what feels like an iOS Safari bug. The CSS rule `margin-bottom: env(safe-area-inset-bottom);` should not apply to the topic progress element when the composer is visible, because the element is not near the bottom of the viewport.
* Fix broken security key 2FA on mobile login.hbs
* Show nicer error message when a security key already exists
* [COPY] Disable -> Delete for security key editing
* Standardize UI elements in 2FA prefs password confirmation
* Minor fixes to label location for resetPasswordProgress
Partially reverts 94ab48c by using Safari hacks on iPad again.
This brings parity in the composer UI between iPhones and iPads
Hides grippie and fullscreen toggle button when the keyboard is visible on iPads
Clicking fast on the "top", "unread", or "latest" button when browsing a parent category page with subcategories and the setting `Show subcategory list above topics in this category` enabled would cause an exception:
```
Uncaught Error: Nothing handled the action 'triggerRefresh'. If you did handle the action, this error can be caused by returning true from an action handler in a controller, causing the action to bubble.
```
Adds 2 factor authentication method via second factor security keys over [web authn](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API).
Allows a user to authenticate a second factor on login, login-via-email, admin-login, and change password routes. Adds registration area within existing user second factor preferences to register multiple security keys. Supports both external (yubikey) and built-in (macOS/android fingerprint readers).
Keeps element 1em away from the right edge of screen
Takes DiscourseHub app nav position into account on iPad
Uses outerHeight to calculate element height including padding/borders
Per new lifecycle https://developers.google.com/web/updates/2018/07/page-lifecycle-api
On Android and latest Chrome when an app transitions from "frozen" to
active the new "resume" event fires with no accompanying "visibilitychange"
event.
This means that often background tabs may be stuck thinking that discourse
has no focus when, indeed, it has.
This leads to cases where no posts are marked read anymore.
This applies to iPhones running iOS 13+.
Previous technique remains in place for iOS 12 and below.
Note that this does not apply to iPads on iOS 13 due to Apple no longer
identifying iPads in the user agent string.
We were counting all the oneboxes in the DOM instead of just the ones in the preview.
Also refactored the logic to count up to 'max_oneboxes_per_post` instead of down to 0.
That also ensured we don't load 11 oneboxes when the setting is limiting to 10.
The dollar sign (`$`) is a special replace pattern, and `$&` inserts the
matched string. Thus dollars signs need to be escaped with the special
pattern `$$`, which inserts a single `$`.
To demonstrate the issue:
- Visit https://meta.discourse.org/#somethingHere while logged in
- Click "log out"
- You will be logged out, but the page will not be reloaded
Setting `window.location.pathname = "/"` will not reload the page if there is a hash present. Using `window.location = "/"` gives us the desired behavior.
In IE11, the browser returns the cached HTML response, rather than the JSON formatted response. A better solution may be to add a `Vary: Accept` header to all of our HTML responses, but this commit should solve the immediate issue.
`fancy_title` is already escaped by Rails. Escaping it again would print
the HTML entity as-is, e.g. `"` instead of `"`.
This fixes the issue by introducing a new `escapedContent` attribute on
the `QuickAccessItem` widget.
* FIX: Cast all numerical values in reports
The backend can return some numerical values in report as strings. That results in unexpected order of values when sorting report tables.
* Create `toNumber()` helper
The `typeof` and `parseFloat` seem to be the fastest path: https://jsperf.com/number-vs-typeof-vs-parsefloat#results
* Extract QuickAccessPanel from UserNotifications.
* FEATURE: Quick access panels in user menu.
This feature adds quick access panels for bookmarks and personal
messages. It allows uses to browse recent items directly in the user
menu, without being redirected to the full pages.
* REFACTOR: Use QuickAccessItem for messages.
Reusing `DefaultNotificationItem` feels nice but it actually requires a
lot of extra work that is not needed for a quick access item.
Also, `DefaultNotificationItem` shows an incorrect tooptip ("unread
private message"), and it is not trivial to remove / override that.
* Use a plain JS object instead.
An Ember object was required when `DefaultNotificationItem` was used.
* Prefix instead suffix `_` for private helpers.
* Set to null instead of deleting object keys.
JavaScript engines can optimize object property access based on the
object’s shape. https://mathiasbynens.be/notes/shapes-ics
* Change trivial try/catch to one-liners.
* Return the promise in case needs to be waited on.
* Refactor showAll to a link with href
* Store `emptyStatePlaceholderItemText` in state.
* Store items in Session singleton instead.
We can drop `staleItems` (and `findStaleItems`) altogether. Because
`(old) items === staleItems` when switching back to a quick access
panel.
* Add `limit` parameter to the `user_actions` API.
* Explicitly import Session instead.
This reverts commit 310a8ac242.
It seems this breaks google authentication. My suspicion is opening
the URL twice invalidates the CSRF after the first access.
If you click a (?) icon beside the reviewable status a pop up will
appear with expanded informatio that explains how the reviewable got its
score, and how it compares to system thresholds.
- prevents keyboard from being invoked when textarea is disabled
- avoids scrolling up when switching focus from title to textarea on new topic creation
This was primarily an issue on mobile, where after clicking the "Messsage" button in the user card, the composer would load behind the user card overlay.
When opening authentication popup, start with an on-site URL. Opening "about:blank", and then POSTing the form does not send same-site=Lax cookies. Opening the popup to a page on the site domain, and then POSTing the form, works successfully.
We refactored some code to avoid app event leak in tests at c462c2f2
Unfortunately this broke all background notifications in title and they
were broken for the past multiple months.
* The read indicator now shows up when no member has read the last post of the topic (written by a non-member)
* The read indicator works on mobile and receives live updates from message bus
* The icon we display in the topic list was changed
* Added a title to the indicator to indicate its purpose when hovering over it
The client-side theme-selector would always apply the first in a series of file change notifications. This has been fixed, so it now applies the most recent notification.
Duplicate notifications were being sent because
- The remote_theme autosave was causing every change notification to be doubled
- Color scheme change notifications were being sent every time a theme was uploaded, even if the colors were unchanged
These duplicate notifications have been fixed, and a spec added to ensure it does not regress in future
* Removes unused styles
This commit only removes unnecessary / duplicate styles. It does not cause any visual changes.
* adds class to `<h1>` tag in header topic info.
This is much better to target than `h1`
* removes unused styles
* header title margin adjustment
* minor header-title margin adjustments
* One more header-title margin adjustment
This minor refactor extracts `UserMenuLinks#profileLink` &
`UserMenuLinks#linkHtml` to allow plugins / themes to control the
profile link definition, and more importantly, how it is rendered.
* Revert "Revert "FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)""
This reverts commit 36425eb9f0.
* Fix: Show who read only if the attribute is enabled
* PERF: Precalculate the last post readed by a group member
* Use book-reader icon instear of far-eye
* FIX: update topic groups correctly
* DEV: Tidy up read indicator update on write
This is useful when changing the category in the composer for example. When opening mini-tag-chooser after, tags will be correctly updated for the selected category.
Every time we type a letter the composer issues a reply length check.
This is due to the interconnecting components, the title one depends on the
body which means that this decision making is passed along each time, even
if the title does not need it strictly.
Anyway...
This optimisation has 3 parts:
1. If the composer string is super long (10000 chars) we will bypass, quote
stripping and space squashing.
2. Quote stripping is now done much more efficiently, we strip them all in
one go
3. Space squashing eg: `hello world` to `hello world` is done in an
efficient loop to avoid needing to generate superflous strings that need
GC
* Reenable: "FEATURE: Publish read state on group messages. (#7989)"
This reverts commit 67f5cc1ce8.
* FIX: Read indicator only appears when the group setting is enabled
* Enable or disable read state based on group attribute
* When read state needs to be published, the minimum unread count is calculated in the topic query. This way, we can know if someone reads the last post
* The option can be enabled/disabled from the UI
* The read indicator will live-updated using message bus
* Show read indicator on every post
* The read indicator now shows read count and can be expanded to see user avatars
* Read count gets updated everytime someone reads a message
* Simplify topic-list read indicator logic
* Unsubscribe from message bus on willDestroyElement, removed unnecesarry values from post-menu, and added a comment to explain where does minimum_unread_count comes from
This adds a 1 minute rate limit to all JS error reporting per IP. Previously
we would only use the global rate limit.
This also introduces DISCOURSE_ENABLE_JS_ERROR_REPORTING, if it is set to
false then no JS error reporting will be allowed on the site.
* FEATURE: Incorporate PWA install prompt into Discourse UI
This is mainly done so Discourse forums stop nagging people to install
on the very first visits to a website.
We will prevent the native install "mini-info" bar from ever appearing,
capture the event that pops with it, and delay it until the user meets
our criteria, which currently is trust_level 1.
If the event happens and the user meets our criteria we show a Discourse
alert banner proposing the install to the user. Dismissal of the banner
is recorded so the user ins't bothered anymore on the same device.
Co-Authored-By: Gerhard Schlager <mail@gerhard-schlager.at>
Co-Authored-By: Joffrey JAFFEUX <j.jaffeux@gmail.com>
THe main advantage of this solution is that it will be called on each rerendered whereas the other is not once href has been set.
Example API:
```
api.addNavigationBarItem({
name: "foo",
displayName: "Foo",
customHref: function(category, args) {
const router = api.container.lookup("service:router");
const queryParams = { bar: "1" };
return router.urlFor(router.currentRouteName, category, {
queryParams
});
}
});
```
Sometimes, when keeping J or K pressed and scrolling fast, the current
selection would go out of the viewport for a few moments and the
algorithm would try selecting the "best" element that is in viewport.
This bug is reproducible only on certain machines. For example, Linux
machines seem to be passing key events faster to the browser.
This adds support for a `<d-topics-list>` tag you can embed in your site
that will be rendered as a list of discourse topics. Any attributes on
the tag will be passed as filters. For example:
`<d-topics-list discourse-url="URL" category="1234">` will filter to category 1234.
To use this feature, enable the `embed topics list` site setting. Then
on the site you want to embed, include the following javascript:
`<script
src="http://URL/javascripts/embed-topics.js"></script>`
Where `URL` is your discourse forum's URL.
Then include the `<d-topics-list discourse-url="URL">` tag in your HTML document and it will
be replaced with the list of topics.
This commit will for example allow this:
```
api.addDiscoveryQueryParam("my_param", { persist: true });
```
If you page is forum.foo.bar/?my_param=1, when clicking on an "unread" link for example this query string will be kept.
There are 5 visibility levels (similar to group visibility)
public (default)
logged-in users
members only
staff
owners
Admins & group owners always have visibility to group members.
Theme developers can now add any of the transformed color variables to their color scheme in about.json. For example
```
"color_schemes": {
"Light": {
"primary": "333333",
"secondary": "ffffff",
"primary-low": "ff0000"
}
},
```
would override the primary-low variable when compiling SCSS for the color scheme. The primary-low variable will also be visible in administrator color palette UI.
This feature (when enabled) will allow for invite_only sites to require
external authentication before they can redeem an invite.
- Created hidden site setting to toggle this
- Enables sending invites with local logins disabled
- OAuth button added to invite form
- Requires OAuth email address to match invite email address
- Prevents redeeming invite if OAuth authentication fails
All posts created by the user are counted unless they are deleted,
belong to a PM sent between a non-human user and the user or belong
to a PM created by the user which doesn't have any other recipients.
It also makes the guardian prevent self-deletes when SSO is enabled.
This feature allows @ mentions to prioritize showing members of a group who
have explicit permission to a category.
This makes it far easier to @ mention group member when composing topics in
categories where only the group has access.
For example:
If Sam, Jane an Joan have access to bugs category.
Then `@` will auto complete to (jane,joan,sam) ordered on last seen at
This feature works on new topics and existing topics. There is an explicit
exclusion of trust level 0,1,2 groups cause they get too big.