Commit Graph

140 Commits

Author SHA1 Message Date
Kelvin Tan
ee084b754e
SECURITY: Prevent unauthorized access to grouped poll results
This adds access controls for the `/polls/grouped_poll_results`
endpoint, such that only users with appropriate permissions can read
the grouped results of a given poll.
2023-10-16 10:34:37 -04:00
Natalie Tay
64dec1368c
DEV: Cleanup an old spec (#22503)
Introduced in #22297, now clear to remove since we don't have a habit of keeping migration specs.
2023-07-10 11:34:17 +08:00
Kris
4cec091f1a
REFACTOR: improve poll info layout (#22353) 2023-07-05 12:20:18 -04:00
Natalie Tay
1384ba5a4e
FIX: Cater for polls that can have multiple votes per user (#22297)
Cater for polls that can have multiple votes per user.

This fixes an older UserMerge and migration which was intended to
de-duplicate poll votes but did not account for "multiple" type polls.
2023-06-27 18:58:16 +08:00
Loïc Guitaut
0f4beab0fb DEV: Update the rubocop-discourse gem
This enables cops related to RSpec `subject`.

See https://github.com/discourse/rubocop-discourse/pull/32
2023-06-26 11:41:52 +02:00
Sam
9e241e82e9
DEV: use HTML5 version of loofah (#21522)
https://meta.discourse.org/t/markdown-preview-and-result-differ/263878

The result of this markdown had different results in the composer preview and the post. This is solved by updating Loofah to the latest version and using html5 fragments like our user had reported. While the change was only needed in cooked_post_processor.rb for this fix, other areas also had to be updated due to various side effects.
2023-06-20 09:49:22 +08:00
Natalie Tay
fcaefc9f2f
FIX: De-duplicate poll vote on user merge (#22107)
When merging users, polls may error out if the source and target users have both voted on the same poll before. 😢 

There is no constraint on the `poll_votes` table either to support this. Ideally a composite primary key can be used `(poll_id, user_id)`, but alas there is no support yet, which is probably why it wasn't created in the first place.

This fix ensures that merging is successful by only keeping the target poll votes if duplicates exist.

This fix also runs a migration on older poll votes where failed merges would have caused a single user to have voted twice on a single poll. e.g. this weird edge case
2023-06-15 11:18:51 +08:00
Penar Musaraj
3e197deec9
FEATURE: Add in:polls filter to search (#19885)
Allows users to filter search results to posts with polls (if the plugin is enabled).
2023-01-18 14:55:20 -05:00
Selase Krakani
55bdab2b3b
FIX: Ensure poll extraction is not attempted if post body is absent (#19718)
Since the poll post handler runs very early in the post creation
process, it's possible to run the handler on an obiviously invalid post.

This change ensures the post's `raw` value is present  before
proceeding.
2023-01-13 01:47:44 +00:00
David Taylor
055310cea4
DEV: Apply syntax_tree formatting to plugins/* 2023-01-07 11:11:37 +00:00
Loïc Guitaut
3eaac56797 DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
Phil Pirozhkov
493d437e79
Add RSpec 4 compatibility (#17652)
* Remove outdated option

04078317ba

* Use the non-globally exposed RSpec syntax

https://github.com/rspec/rspec-core/pull/2803

* Use the non-globally exposed RSpec syntax, cont

https://github.com/rspec/rspec-core/pull/2803

* Comply to strict predicate matchers

See:
 - https://github.com/rspec/rspec-expectations/pull/1195
 - https://github.com/rspec/rspec-expectations/pull/1196
 - https://github.com/rspec/rspec-expectations/pull/1277
2022-07-28 10:27:38 +08:00
Bianca Nenciu
62cbb766cd
FIX: Validate post's polls as acting user (#16638)
It used to validate the post from the perspective of the user who
created the post. That did not work well when an admin attempted to
add a poll to a post created by a user who cannot create posts because
it said the user cannot create polls.

The problem was that it used post.user for the validation process
instead of post.acting_user.
2022-05-05 09:54:10 +03:00
Vinoth Kannan
461936f211
FIX: don't validate and render the polls inside a quoted post. (#15019)
Previously, we had issues while approving posts since we validated the polls inside quotes.
2022-04-15 16:33:07 +05:30
David Taylor
c9dab6fd08
DEV: Automatically require 'rails_helper' in all specs (#16077)
It's very easy to forget to add `require 'rails_helper'` at the top of every core/plugin spec file, and omissions can cause some very confusing/sporadic errors.

By setting this flag in `.rspec`, we can remove the need for `require 'rails_helper'` entirely.
2022-03-01 17:50:50 +00:00
Jarek Radosz
2fc70c5572
DEV: Correctly tag heredocs (#16061)
This allows text editors to use correct syntax coloring for the heredoc sections.

Heredoc tag names we use:

languages: SQL, JS, RUBY, LUA, HTML, CSS, SCSS, SH, HBS, XML, YAML/YML, MF, ICS
other: MD, TEXT/TXT, RAW, EMAIL
2022-02-28 20:50:55 +01:00
Ayke Halder
5ff3a9c4bb
DEV: add native lazy loading for emojis (#15830) 2022-02-09 12:18:59 +01:00
Alan Guo Xiang Tan
21822cf0b7 FIX: Error when voting on a multiple poll without the min/max attrs. 2022-01-05 11:31:18 +08:00
Jarek Radosz
5a8e6de42c
FIX: Don't publish polls on message bus when there are no polls (#15041)
`poll` plugin was publishing on `/polls/[topic_id]` every time a non-first post was created. I can't imagine this being needed. It regressed 3 years ago in https://github.com/discourse/discourse/pull/6359
2021-11-22 12:31:53 +01:00
Alan Guo Xiang Tan
1d0faedfbc
FIX: Validate number of votes allowed per poll per user. (#15001)
* DEV: Remove spec that we no longer need.

As far as we know, the migration has been successful for a number of
years.

* FIX: Validate number of votes allowed per poll per user.
2021-11-19 09:50:08 +08:00
Bianca Nenciu
6a143030f8
FEATURE: Allow users to remove their vote (#14459)
They can use the remove vote button or select the same option again for
single choice polls.

This commit refactor the plugin to properly organize code and make it
easier to follow.
2021-10-05 11:38:49 +03:00
Joffrey JAFFEUX
5eb6e9281a
FIX: manually adds frowning_face_with_open_mouth for apple (#13528) 2021-07-21 23:27:20 +02:00
Roman Rizzi
7925a76d93
DEV: An endpoint to check if the current user voted in a poll. (#13648)
The endpoint the existence of the poll and if the current user can see it. It
will facilitate using a poll programmatically, especially if we'd like to create an external poll through a theme component.
2021-07-06 14:46:34 -03:00
David Taylor
5968dc07a5 DEV: Promote historic post_deploy migrations
This commit promotes all post_deploy migrations which existed in Discourse v2.6.7 (timestamp <= 20201110110952)
2021-06-23 17:43:38 +01:00
Krzysztof Kotlarek
942b9126a1
FIX: no error when double save post with poll (#13111)
Some plugins hook into Post after save to set custom fields and save again.

For example: https://github.com/discourse/discourse-category-experts/blob/main/lib/category_experts/post_handler.rb#L27

Problem is that in case like that `raw_changed?` is false but all callback are triggered. `extracted_polls` is class atribute therefore that should be reset with each attempt.

That was causing an error:
```
#<ActiveRecord::RecordNotUnique: PG::UniqueViolation: ERROR:  duplicate key value violates unique constraint 
"index_polls_on_post_id_and_name" DETAIL:  Key (post_id, name)=(8967, poll) already exists.
```
2021-05-27 08:39:51 +10:00
Josh Soref
59097b207f
DEV: Correct typos and spelling mistakes (#12812)
Over the years we accrued many spelling mistakes in the code base. 

This PR attempts to fix spelling mistakes and typos in all areas of the code that are extremely safe to change 

- comments
- test descriptions
- other low risk areas
2021-05-21 11:43:47 +10:00
Bianca Nenciu
96a16123d8
FIX: Generate unique HTML heading names (#12705)
Headings with the exact same name generated exactly the same heading
names, which was invalid. This replaces the old code for generating
names for non-English headings which were using URI encode and resulted
in unreadable headings.
2021-04-16 10:54:19 +03:00
Bianca Nenciu
2ad9b3f432
FEATURE: Add anchor links to headings (#12379) 2021-03-23 10:45:06 +02:00
Joffrey JAFFEUX
ad1a10e6e9
FIX: hides votes from regular users when poll is staff only (#11342) 2020-11-24 22:19:06 +01:00
chenyxuan
defbae4007
FIX: Force string conversions to UTF-8 "bytes" (#11315)
https://meta.discourse.org/t/cant-create-poll-with-some-chinese-options/170836
2020-11-23 17:51:05 +01:00
Jarek Radosz
5c3f1202cf
FIX: Handle poll titles when headings are present (#10832)
Poll markdown processing failed when there were any heading elements preceding a poll.

(Issue originally reported in babbebfb35 (commitcomment-42983768))
2020-10-06 13:24:38 +02:00
Jarek Radosz
babbebfb35
FEATURE: Add the title attribute to polls (#10759)
Adds an optional title attribute to polls. The rationale for this addition is that polls themselves didn't contain context/question and relied on post body to explain them. That context wasn't always obvious (e.g. when there are multiple polls in a single post) or available (e.g. when you display the poll breakdown - you see the answers, but not the question)

As a side note, here's a word on how the poll plugin works:

> We have a markdown poll renderer, which we use in the builder UI and the composer preview, but… when you submit a post, raw markdown is cooked into html (twice), then we extract data from the generated html and save it to the database. When it's render time, we first display the cooked html poll, and then extract some data from that html, get the data from the post's JSON (and identify that poll using the extracted html stuff) to then render the poll using widgets and the JSON data.
2020-10-02 09:21:24 +02:00
Jarek Radosz
781e3f5e10
DEV: Use response.parsed_body in specs (#9615)
Most of it was autofixed with rubocop-discourse 2.1.1.
2020-05-07 17:04:12 +02:00
Krzysztof Kotlarek
9bff0882c3
FEATURE: Nokogumbo (#9577)
* FEATURE: Nokogumbo

Use Nokogumbo HTML parser.
2020-05-05 13:46:57 +10:00
David Taylor
84be92c067
FIX: Avoid exception when rendering a poll in a trashed post
Maintain the poll belongs_to post relation when a post is trashed
2020-04-28 14:43:09 +01:00
Kane York
330102fd20 FEATURE: Show votes in an "on voted" poll to the creator
This required properly plumbing the guardian into the serializer.

Notably, the default state in the client was not changed - if you haven't voted in
the poll, you need to click the button to view the results instead of the results
being immediately visible on page load.

Implements https://meta.discourse.org/t/-/138108
2020-03-20 13:36:42 -07:00
Jarek Radosz
29b35aa64c
DEV: Improve flaky time-sensitive specs (#9141) 2020-03-10 22:13:17 +01:00
Dan Ungureanu
c62d5b139b
FIX: Allow users to create polls in PMs with non human users (#9055) 2020-03-02 14:29:40 -05:00
Dan Ungureanu
82b307cd52
FIX: Use correct translation string 2020-02-17 13:49:43 +02:00
Mark VanLandingham
5d97286fa7
FEATURE: Allow single option polls (#8853) 2020-02-05 08:03:27 -06:00
Bianca Nenciu
07222af7ab
FEATURE: Add 'groups' option to polls (#8469)
This options can be used to restrict polls to certain groups.
2020-01-28 14:30:04 +02:00
Jarek Radosz
9e3fc1111d
FIX: Add a blank poll options validation (#8652)
Before, saving a post with a blank poll option resulted in error 500.
2020-01-03 15:09:36 +01:00
Krzysztof Kotlarek
8c2e27790c
FIX: everyone can see poll results when on_vote and closed (#8613)
The bug was mentioned here: https://meta.discourse.org/t/poll-name/136436

I added specs to cover existing behaviour and refactored can_see_results method.

Guard condition should apply only if the poll result setting is set to `staff_only`.

In other cases, user can see results when the poll result setting is set to `always` or user voted or poll is closed.
2019-12-24 08:04:35 +11:00
Mark VanLandingham
b92a8131c0
FEATURE: Pie chart option for poll results (#8352) 2019-11-25 11:51:01 -06:00
Roman Rizzi
79957706b1
FIX: Store custom attributes that are needed by plugins in queuedpost payload (#8009) 2019-08-14 15:02:59 -03:00
Guo Xiang Tan
70b73c2159 DEV: Use proper heredoc name. 2019-06-04 16:31:18 +08:00
Bianca Nenciu
63e3d49508 DEV: Add test for poll plugin reduce_excerpt. 2019-06-04 16:30:15 +08:00
Bianca Nenciu
227c45107d FEATURE: Implement Onebox for posts including polls. (#7539) 2019-05-29 17:05:52 +02:00
Sam Saffron
3c1fa3910f DEV: track the correct channel in specs
These tests are erratically failing due to distributed cache messages that
can land between tests

Ensure we are only looking for the correct messages
2019-05-20 18:27:09 +10:00
Sam Saffron
aeb7143aff DEV: correct flaky poll specs
They were relying on a pristine message bus, however current implementation
still uses redis, stuff can get held up and we can end up publishing
distributed cache messages in the middle invalidating the tests
2019-05-17 16:16:02 +10:00