Commit Graph

9372 Commits

Author SHA1 Message Date
Discourse Translator Bot
ec3d29a1fa
Update translations (#26136) 2024-03-12 15:40:11 +01:00
Carson Chang
d7a504b3ec
UX: Change default action label from "Message" to "Send Message" in composer when sending a message (#26109) 2024-03-11 09:40:57 +08:00
Blake Erickson
f71e9aad60
FEATURE: Silence Close Notifications User Setting (#26072)
This change creates a user setting that they can toggle if
they don't want to receive unread notifications when someone closes a
topic they have read and are watching/tracking it.
2024-03-08 15:14:46 -07:00
Penar Musaraj
32e1eda3fa
A11Y: Update bulk selection keyboard shortcuts (#26069)
* A11Y: Update bulk selection keyboard shortcuts

Still a draft, but in current state this:

- adds `shift+b` as a keyboard shortcut to toggle bulk select
- adds `shift+d` as a keyboard shortcut to dismiss selected topic(s) (this
replaces `x r` and `x t` shortcuts)
- adds `x` as a keyboard shortcut to toggle selection (while in bulk select mode)
- fixes a bug with the `shift+a` shortcut, which was not working properly

Note that there is a breaking change here. Previously we had:

- `x r` to dismiss new topics
- `x t` to dismiss unread topics

However, this meant that we couldn't use `x` for selection, because the
itsatrap library does not allow the same character to be used both as a
single character shortcut and as the start of a sequence. The proposed
solution here is more consistent with other apps (Gmail, Github) that use
`x` to toggle selection.

Also, we never show both "Dismiss New" and "Dismiss Unread" in the same
screen, hence it makes sense to consolidate both actions under `shift+d`.

* Address review
2024-03-08 09:54:10 -05:00
David Taylor
92d357f91a
FEATURE: Enable strict-dynamic Content-Security-Policy by default (#26051)
Ref https://meta.discourse.org/t/298172 and https://meta.discourse.org/t/295603
2024-03-07 15:20:31 +00:00
Bianca Nenciu
e89bdea830
FEATURE: Show remaining count in category-drop (#25938)
When "lazy load categories" is enabled, the CategoryDrop component will
render at most 15 categories. If there are more categories, a "Show
more" link pointing to the categories page will be displayed.
2024-03-07 16:14:50 +02:00
Bianca Nenciu
8dbcfef3fd
FEATURE: Add "+ subcategories" option back (#26035)
This option was introduced at some point in the past, but was removed
during the work necessary to make Discourse work with a large number of
categories.

Follow up to commit 2e68ead45b.
2024-03-06 20:14:36 +02:00
Alan Guo Xiang Tan
3491642f98
DEV: Make discourse_narrative_bot use Rails autoload (#26044)
Why this change?

Instead of manually loading files, we should just structure the plugin
so that it relies on Rails autoload strategy and avoid all the manual
`require_relative`s.

What does this change do?

1. Structure the plugin to use Rails autoloading convention
2. Remove onceff jobs that were added 5-6 years ago. There is no need to
   carry these jobs anymore after such a long time.
3. Move setting of `SiteSetting.discourse_narrative_bot_enabled` to
   `false` in the test environment from core into the plugin.
2024-03-06 11:14:53 +08:00
Alan Guo Xiang Tan
94b09f3331
DEV: Open theme settings objects editor from admin customize theme page (#26006)
Why this change?

The `/admin/customize/themes/:id/schema/name` route is a work in
progress but we want to be able to start navigating to it from the
`/admin/customize/themes/:id` route.

What does this change do?

1. Move `adminCustomizeThemes.schema` to a child route of
   `adminCustomizeThemes.show`. This is because we need the model
   from the parent route and if it isn't a child route we end up
   having to load the theme model again from the server.

1. Add the `objects_schema` attribute to `ThemeSettingsSerializer`

1. Refactor `SiteSettingComponent` to be able to render a button
   so that we don't have to hardcode the button rendering into the
   `SiteSettings::String` component
2024-03-06 08:24:29 +08:00
Discourse Translator Bot
6791eb1a94
Update translations (#26030) 2024-03-05 16:47:46 +01:00
Blake Erickson
6702babd5e
DEV: More bulk select modal enhancements (#25979)
* Add cancel button

* Add loading spinner

* Add toast message
2024-03-05 08:30:26 -07:00
Jeff Wong
00e76efb7c
FEATURE: site setting to include post in penalty messages (#26025)
Adds a site setting to include a post's content in penalty message.
When silencing/suspending a user from a post, or a reviewable with
a post, adds an option to include a post's content in the email
message by default.
2024-03-04 18:35:21 -08:00
Martin Brennan
718a91c297
UX: Site setting descriptions initial pass (#25829)
This commit changes the wording of the 50 site settings that
previously had the shortest descriptions (e.g. City for Disputes
was described as City for Disputes...) using AI-generated and then
human curated descriptions based on the Forum Helper persona
on Discourse Meta.

In future we may want to do more of these, this is only a first pass.

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2024-03-04 13:48:39 +10:00
Martin Brennan
eca10e56b8
FEATURE: Allow specific groups to view raw email (#26003)
When a post is created by an incoming email, we show
an envelope icon on it which then opens a modal with the
raw email contents. Previously this was staff (admin+mod)
only, but now this commit adds the `view_raw_email_allowed_groups`
site setting, so any group can be added to give users permission
to see this.
2024-03-04 13:48:16 +10:00
Martin Brennan
fef52c2ab7
DEV: Delete old enable_bookmarks_with_reminders setting (#25982)
This setting has not been used for a long time, get rid
of it and also update the historical migration to not
rely on the SiteSetting model.
2024-03-04 13:48:04 +10:00
Lilly
b5199eac80
Update a typographer markdown settings text on server.en.yml (#25996)
Remove (c) from enable_markdown_typographer_settings text
2024-03-03 02:48:44 -08:00
Martin Brennan
0b60086ff8
DEV: Hide min_trust_level_to_allow_profile_background setting (#25980)
Followup to a57280cb17,
it was an oversight
2024-03-01 13:32:19 +10:00
Blake Erickson
2d890d73a2
FEATURE: Add recover api scopes (#25978)
This commit adds two new api scopes. One for recovering topics, and the
other for recovering posts.
2024-02-29 15:49:29 -07:00
Krzysztof Kotlarek
8b5204579c
FEATURE: filter admin sidebar (#25853)
Ability to filter admin sidebar. The filter can be cleared. In addition, it can be accessed with ctrl+/ shortcut
2024-02-28 12:15:02 +11:00
Discourse Translator Bot
eea7af09fd
Update translations (#25914) 2024-02-27 20:50:30 +01:00
Alan Guo Xiang Tan
52a4912475
DEV: Support topic, post, group, upload and tag type for theme objects setting (#25907)
Why this change?

Previously in cac60a2c6b, I added support
for `type: "category"` for a property in the theme objects schema. This
commit extend the work previously to add support for types `topic`,
`post`, `group`, `upload` and `tag`.
2024-02-27 14:27:10 +08:00
Alan Guo Xiang Tan
7bcfe60a76
DEV: Validate default value for type: objects theme settings (#25833)
Why this change?

This change adds validation for the default value for `type: objects` theme
settings when a setting theme field is uploaded. This helps the theme
author to ensure that the objects which they specifc in the default
value adhere to the schema which they have declared.

When an error is encountered in one of the objects, the error
message will look something like:

`"The property at JSON Pointer '/0/title' must be at least 5 characters
long."`

We use a JSON Pointer to reference the property in the object which is
something most json-schema validator uses as well.

What does this change do?

1. This commit once again changes the shape of hash returned by
   `ThemeSettingsObjectValidator.validate`. Instead of using the
   property name as the key previously, we have decided to avoid
   multiple levels of nesting and instead use a JSON Pointer as the key
   which helps to simplify the implementation.

2 Introduces `ThemeSettingsObjectValidator.validate_objects` which
  returns an array of validation error messages for all the objects
  passed to the method.
2024-02-27 09:16:37 +08:00
Blake Erickson
52d357c1d1
DEV: Add loading spinner to install theme modal (#25888)
This commit adds a loading spinner when installing a theme as sometimes
installing a theme can take quite a bit of time this way we have some
indication that things are still working as the theme is being
installed.
2024-02-26 14:14:21 -07:00
David Taylor
542cb22fd4 DEV: Drop Ember 3 feature flag 2024-02-26 12:22:05 +00:00
Ted Johansson
ed2496c59d
FEATURE: Add scheduled Twitter login problem check - Part 1 (#25830)
This PR adds a new scheduled problem check that simply tries to connect to Twitter OAuth endpoint to check that it's working. It is using the default retry strategy of 2 retries 30 seconds apart.
2024-02-26 12:08:12 +08:00
Isaac Janzen
21f23cc032
DEV: Convert header to glimmer (#25214)
Here is a breakdown of the changes that will be implemented in this PR.

# Widgets -> Glimmer

Obviously, the intention of the todo here is to convert the header from widgets to glimmer. This PR splits the respective widgets as so:

### widgets/site-header.js
```mermaid height=200
flowchart TB
    A[widgets/site-header.js] 
    A-->B[components/glimmer-site-header.gjs]
```

### widgets/header.js and children
```mermaid height=200
flowchart TB
    A[widgets/header.js] 
    A-->B[components/glimmer-header.gjs]
    B-->C[glimmer-header/contents.gjs]
    C-->D[./auth-buttons.gjs]
    C-->E[./icons.gjs]
    C-->F[./user-menu-wrapper.gjs]
    C-->G[./hamburger-dropdown-wrapper.gjs]
    C-->H[./user-menu-wrapper.gjs]
    C-->I[./sidebar-toggle.gjs]
    C-->J[./topic/info.gjs]
```

There are additional components rendered within the `glimmer-header/*` components, but I will leave those out for now. From this view you can see that we split apart the logic of `widgets/header.js` into 10+ components. Breaking apart these mega files has many benefits (readability, etc).

# Services

I have introduced a [header](cdb42caa04/app/assets/javascripts/discourse/app/services/header.js) service. This simplifies how we pass around data in the header, as well as fixes a bug we have with "swiping" menu panels.


# Modifiers
Added a [close-on-click-outside](cdb42caa04/app/assets/javascripts/discourse/app/modifiers/close-on-click-outside.js) modifier that is built upon the [close-on-click-outside modifier](https://github.com/discourse/discourse/blob/main/app/assets/javascripts/float-kit/addon/modifiers/close-on-click-outside.js) that @jjaffeux built for float-kit. I think we could replace float-kit's implementation with mine and have it in a centralized location as they are extremely similar.

# Tests
Rewrote the existing header tests ([1](https://github.com/discourse/discourse/blob/main/app/assets/javascripts/discourse/tests/integration/components/widgets/header-test.js), [2](https://github.com/discourse/discourse/blob/main/app/assets/javascripts/discourse/tests/integration/components/site-header-test.js)) as system tests. 

# Other
- Converted `widgets/user-status-bubble.js` to a gjs component
- Converted `widgets/sidebar-toggle.js` to a gjs component
- Converted `topicFeaturedLinkNode()` to a gjs component
- Deprecated the [docking mixin](https://github.com/discourse/discourse/blob/main/app/assets/javascripts/discourse/app/mixins/docking.js)
2024-02-23 11:08:15 -07:00
David Taylor
20a36f0b8f
DEV: Include deprecation link in warning banner (#25839) 2024-02-23 14:28:23 +00:00
Alan Guo Xiang Tan
ad0824b7e3
DEV: Fix connections timeout in system test (#25835)
Why this change?

This regressed in 6e9fbb5bab because we
had a `request.xhr?` check before we decide to block requests. However,
there could not none-xhr requests which we need to block as well at the
end of each system test when `@@block_requests` is true.

This also reverts commit 6437f27f90.
2024-02-23 16:03:46 +08:00
Sam
207cb2052f
FIX: muted tags breaking hot page when filtered to tags (#25824)
Also, remove experimental setting and simply use top_menu for feature detection

This means that when people eventually enable the hot top menu, there will
be topics in it


Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2024-02-23 17:11:39 +11:00
Alan Guo Xiang Tan
b64a58071d
DEV: Ensure that BlockRequestsMiddleware cookie is always set (#25826)
Why this change?

This reverts 725561cf4b as it did not
address the root cause of the problem even though it fixed the failing tests we were seeing 
when running `bundle exec rspec --tag ~type:multisite --order random:776 spec/system/admin_customize_form_templates_spec.rb spec/system/admin_sidebar_navigation_spec.rb spec/system/admin_site_setting_search_spec.rb spec/system/composer/dont_feed_the_trolls_popup_spec.rb spec/system/composer/review_media_unless_trust_level_spec.rb spec/system/create_account_spec.rb spec/system/editing_sidebar_tags_navigation_spec.rb spec/system/email_change_spec.rb spec/system/emojis/emoji_deny_list_spec.rb spec/system/group_activity_spec.rb spec/system/hashtag_autocomplete_spec.rb spec/system/network_disconnected_spec.rb spec/system/post_menu_spec.rb spec/system/post_small_action_spec.rb spec/system/tags_intersection_spec.rb spec/system/topic_list_focus_spec.rb spec/system/topic_page_spec.rb spec/system/user_page/user_profile_info_panel_spec.rb spec/system/viewing_group_members_spec.rb spec/system/viewing_navigation_menu_preferences_spec.rb`.

The root cause here is that `before_action`s added to a controller is
order dependent. As such, some requests were not setting the cookie
because the `before_action` callback was not even hit as a prior
`before_action` callbacks has raised an error such as the `check_xhr`
`before_action` callback.

To resolve the problem, we need to add the `prepend: true` option in
our monkey patch of `ApplicationController` to ensure that the
`before_action` callback which we have added is always run first.

This change also makes a couple of changes:

1. Improve the response body when a request is blocked by the `BlockRequestsMiddleware` middleware
   so that it makes debugging easier.

2. Only set the cookies for non-xhr HTML format requests. Setting it for
   other formats is kind of pointless.
2024-02-23 07:51:51 +08:00
Selase Krakani
725561cf4b
DEV: Ensure rspec_current_example_location is actually present before blocking request (#25818) 2024-02-22 20:44:15 +00:00
Alan Guo Xiang Tan
6e9fbb5bab
DEV: Do not process requests initiated by browser in a different example (#25809)
Why this change?

We noticed that running `LOAD_PLUGINS=1 rspec --seed=38855 plugins/chat/spec/system/chat_new_message_spec.rb` locally
results in the system tests randomly failing. When we inspected the
request logs closely, we noticed that a `/presence/get` request from a
previous rspec example was being processed when a new rspec example is
already being run. We know it was from the previous rspec example
because inspecting the auth token showed the request using the auth
token of a user from the previous example. However, when a request using
an auth token from a previous example is used it ends up logging out the
same user on the server side because the user id in the cookie is the same
due to the use of `fab!`.

I did some research and there is apparently no way to wait until all
inflight requests by the browser has completed through capybara or
selenium. Therefore, we will add an identifier by attaching a cookie to all non-xhr requests so that
xhr requests which are triggered subsequently will contain the cookie in the request.

In the `BlockRequestsMiddleware` middleware, we will then reject any
requests when the value of the identifier in the cookie does not match the current rspec's example
location.

To see the problem locally, change `Auth::DefaultCurrentUserProvider.find_v1_auth_cookie` to the following:

```
  def self.find_v1_auth_cookie(env)
    return env[DECRYPTED_AUTH_COOKIE] if env.key?(DECRYPTED_AUTH_COOKIE)

    env[DECRYPTED_AUTH_COOKIE] = begin
      request = ActionDispatch::Request.new(env)
      cookie = request.cookies[TOKEN_COOKIE]

      # don't even initialize a cookie jar if we don't have a cookie at all
      if cookie&.valid_encoding? && cookie.present?
        puts "#{env["REQUEST_PATH"]} #{request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access}"
        request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access
      end
    end
  end
```

After which run the following command: `LOAD_PLUGINS=1 rspec --format documentation --seed=38855 plugins/chat/spec/system/chat_new_message_spec.rb`

It takes a few tries but the last spec should fail and you should see something like this:

```
assets/chunk.c16f6ba8b6824baa47ac.d41d8cd9.js {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
/assets/chunk.050148142e1d2dc992dd.d41d8cd9.js {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
/chat/api/channels/527/messages {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
/uploads/default/test_0/optimized/1X/_129430568242d1b7f853bb13ebea28b3f6af4e7_2_512x512.png {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
    redirects to existing chat channel
    redirects to chat channel if recipients param is missing (PENDING: Temporarily skipped with xit)
  with multiple users
/favicon.ico {"token"=>"9a75c114c4d3401509a23d240f0a46d4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591736}
/chat/new-message {"token"=>"9a75c114c4d3401509a23d240f0a46d4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591736}
/presence/get {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
 ```
 
 Note how the `/presence/get` request is using a token from the previous example. 

Co-authored-by: David Taylor <david@taylorhq.com>
2024-02-22 19:41:10 +08:00
Blake Erickson
368bd2697a
DEV: Add more bulk-select-dropdown options (#25574)
This change updates the experimental bulk-select-dropdown (that is
currently feature-flagged) with more options.
2024-02-21 20:56:27 -07:00
David Taylor
a30b54be87
DEV: Update deprecation banner to include id and remove Ember 5 link (#25786)
We're starting to use this system for non-ember-5 deprecations, so linking to the Ember 5 topic doesn't make sense. Instead, we can include the deprecation ID to help with identifying the issue.
2024-02-21 10:59:09 +00:00
Ted Johansson
533b91dec6
FEATURE: Add a checkbox for users to confirm before flagging as illegal (#25762)
The Digital Services Act requires a checkbox for any user who's flagging a post as illegal to confirm that they are flagging in good faith. This PR adds that.
2024-02-21 10:49:19 +08:00
Alan Guo Xiang Tan
cac60a2c6b
DEV: Support category type in theme setting object schema (#25760)
Why this change?

This change supports a property of `type: category` in the schema that
is declared for a theme setting object. Example:

```
sections:
  type: objects
  schema:
    name: section
    properties:
      category_property:
        type: category
```

The value of a property declared as `type: category` will have to be a
valid id of a row in the `categories` table.

What does this change do?

Adds a property value validation step for `type: category`. Care has
been taken to ensure that we do not spam the database with a ton of
requests if there are alot of category typed properties. This is done by
walking through the entire object and collecting all the values for
properties typed category. After which, a single database query is
executed to validate which values are valid.
2024-02-21 08:11:15 +08:00
Alan Guo Xiang Tan
3e331b1725
DEV: Set a bytesize limit for ThemeSetting#json_value (#25761)
Why this change?

Firstly, note that this is not a security commit because this feature is
still in development and should not be used anywhere.

The reason we want to set a limit here is to greatly reduce the
possibility of a DoS attack in the future via `ThemeSetting` where
someone would set an arbituary large json string in
`ThemeSetting#json_value` and causing the server to run out of resources
trying to serialize/deserialize the value.

What does this change do?

Adds an ActiveRecord validation to ensure that the bytesize of the json
string being stored is smaller than or equal to 0.5mb. We believe 0.5mb
is a decent limit for now but we can review the limit in the future if
we believe it is too small.
2024-02-21 08:09:37 +08:00
Alan Guo Xiang Tan
6ca2396b12
DEV: Centralise logic for validating a theme setting value (#25764)
Why this change?

The logic for validating a theme setting's value and default value was
not consistent as each part of the code would implement its own logic.
This is not ideal as the default value may be validated differently than
when we are setting a new value. Therefore, this commit seeks to
refactor all the validation logic for a theme setting's value into a
single service class.

What does this change do?

Introduce the `ThemeSettingsValidator` service class which holds all the
necessary helper methods required to validate a theme setting's value
2024-02-21 08:08:26 +08:00
Martin Brennan
ed47b55026
DEV: Increase default SMTP read timeout to 30s (#25763)
A while ago we increased group SMTP read and open timeouts
to address issues we were seeing with Gmail sometimes giving
really long timeouts for these values. The commit was:

3e639e4aa7

Now, we want to increase all SMTP read timeouts to 30s,
since the 5s is too low sometimes, and the ruby Net::SMTP
stdlib also defaults to 30s.

Also, we want to slightly tweak the group smtp email job
not to fail if the IncomingEmail log fails to create, or if
a ReadTimeout is encountered, to avoid retrying the job in sidekiq
again and sending the same email out.
2024-02-21 07:13:18 +10:00
Discourse Translator Bot
716e3a4dd5
Update translations (#25767) 2024-02-20 09:42:19 -05:00
Osama Sayegh
866193e8f3
FEATURE: Back button for schema theme settings (#25743)
Continue from https://github.com/discourse/discourse/pull/25673.

This commit adds a back button to the navigation tree of the schema.
2024-02-20 13:43:18 +03:00
Joffrey JAFFEUX
d8d756cd2f
DEV: chat streaming (#25736)
This commit introduces the possibility to stream messages. To allow plugins to use streaming this commit also ships a `ChatSDK` library to allow to interact with few parts of discourse chat.

```ruby
ChatSDK::Message.create_with_stream(raw: "test") do |helper|
  5.times do |i|
    is_streaming = helper.stream(raw: "more #{i}")
    next if !is_streaming
    sleep 2
  end
end
```

This commit also introduces all the frontend parts:
- messages can now be marked as streaming
- when streaming their content will be updated when a new content is appended
- a special UI will be showing (a blinking indicator)
- a cancel button allows the user to stop the streaming, when cancelled `helper.stream(...)` will return `false`, and the plugin can decide exit early
2024-02-20 09:49:19 +01:00
Alan Guo Xiang Tan
bf3c4b634a
DEV: Support validations options for string and numeral types (#25719)
Why this change?

This commit updates `ThemeSettingsObjectValidator` to validate a
property's value against the validations listed in the schema.

For string types, `min_length`, `max_length` and `url` are supported.
For integer and float types, `min` and `max` are supported.
2024-02-20 09:17:27 +08:00
Alan Guo Xiang Tan
a64f558f32
DEV: Add property value validation to ThemeSettingsObjectValidator (#25718)
Why this change?

This change adds property value validation to `ThemeSettingsObjectValidator`
for the following types: "string", "integer", "float", "boolean", "enum". Note
that this class is not being used anywhere yet and is still in
development.
2024-02-19 13:19:35 +08:00
Alan Guo Xiang Tan
bdd91b3928
PERF: Stop running bootsnap in development mode on all environments (#25737)
Why this change?

For some reason, we were setting up bootsnap manually even though the
official documentation suggests requiring `bootsnap/setup` which will
setup bootsnap using the default configuration. Because we were calling
`Bootsnap.setup` manually, we did not set the `development_mode` option
which defaults to `true`. Hence, we were running bootsnap in development
mode even in the production environment which I suppose is not ideal.

What does this change do?

Instead of calling `Bootsnap.setup` manually, we can just use `require
'bootsnap/setup' instead.`
2024-02-19 11:33:52 +08:00
Krzysztof Kotlarek
fc9648578b
DEV: Make more group-based settings client: false (#25735)
Affects the following settings:

delete_all_posts_and_topics_allowed_groups
experimental_new_new_view_groups
enable_experimental_admin_ui_groups
custom_summarization_allowed_groups
pm_tags_allowed_for_groups
chat_allowed_groups
direct_message_enabled_groups
chat_message_flag_allowed_groups

This turns off client: true for these group-based settings,
because there is no guarantee that the current user gets all
their group memberships serialized to the client. Better to check
server-side first.
2024-02-19 13:25:59 +11:00
Martin Brennan
a57280cb17
DEV: Change min_trust_level_to_allow_profile_background to trust level setting (#25721)
New setting name is profile_background_allowed_groups

c.f. https://meta.discourse.org/t/changes-coming-to-settings-for-giving-access-to-features-from-trust-levels-to-groups/283408
2024-02-19 10:47:47 +10:00
Penar Musaraj
e497f6bf9b
UX: Allow resetting password when confirming session (#25708)
This is particularly useful in scenarios where 2FA is enforced and users have forgotten their password.
2024-02-16 12:18:07 -05:00
David Taylor
1c58395bca
DEV: Disable service worker caching by default (#25723)
Followup to c4559ae575
2024-02-16 15:03:05 +00:00
David Taylor
b1f74ab59e
FEATURE: Add experimental option for strict-dynamic CSP (#25664)
The strict-dynamic CSP directive is supported in all our target browsers, and makes for a much simpler configuration. Instead of allowlisting paths, we use a per-request nonce to authorize `<script>` tags, and then those scripts are allowed to load additional scripts (or add additional inline scripts) without restriction.

This becomes especially useful when admins want to add external scripts like Google Tag Manager, or advertising scripts, which then go on to load a ton of other scripts.

All script tags introduced via themes will automatically have the nonce attribute applied, so it should be zero-effort for theme developers. Plugins *may* need some changes if they are inserting their own script tags.

This commit introduces a strict-dynamic-based CSP behind an experimental `content_security_policy_strict_dynamic` site setting.
2024-02-16 11:16:54 +00:00
Osama Sayegh
9329a5395a
FEATURE: Groundwork for schema theme settings UI (#25673)
This commit is the first of a series of commits that will allow themes to define complex settings types by declaring a schema of the setting structure that Discourse core will use to build a UI for the setting automatically. We implement the navigation logic and support for multiple levels of nesting in this commit and we'll continue building this new system gradually in future commits.

Internal topic: t/116870.
2024-02-16 09:31:49 +03:00
Alan Guo Xiang Tan
64b4e0d08d
DEV: First pass of ThemeSettingsObjectValidator (#25624)
Why this change?

This is a first pass at adding an objects validator which main's job is
to validate an object against a defined schema which we will support. In
this pass, we are simply validating that properties that has been marked
as required are present in the object.
2024-02-16 09:35:16 +08:00
Alan Guo Xiang Tan
c30aeafd9d
DEV: Block all incoming requests before resetting Capybara session (#25692)
Why this change?

We have been debugging flaky system tests and noticed in https://github.com/discourse/discourse/actions/runs/7911902047/job/21596791343?pr=25690
that ActiveRecord connection checkout timeouts are encountered because
the Capybara server thread is processing requests even after
`Capybara.reset_session!` and ActiveRecord's `teardown_fixtures` have already been call.
The theory here is that an inflight request can still hit the Capybara
server even after `Capybara.reset_session!` has been called and end up
eating up an ActiveRecord connection for too long and also messing with
the database outside of a transaction.

What does this change do?

This change adds a `BlockRequestsMiddleware` middleware in the test
environment which is enabled to reject all incoming requests at the end
of each system test and before `Capybara.reset_session!` is called. At
the start of each RSpec test, the middleware is disabled again.
2024-02-15 16:36:12 +08:00
Penar Musaraj
c1577019c8
DEV: Add post_id parameter to reset_bump_date route (#25372)
This would allow a theme component (or an API call) to reset the bump
date of a topic to a given post's created_at date.

I picked `post_id` as the parameter here because it provides a bit of
extra protection against accidentally resetting the bump date to a date
that doesn't make sense.
2024-02-15 16:42:42 +11:00
Krzysztof Kotlarek
52777e2de4
FIX: Logster backlink config in production (#25685)
Bug introduced in this PR https://github.com/discourse/discourse/pull/25669

Config should apply to development and production modes, not just the development environment.
2024-02-15 13:48:36 +11:00
Krzysztof Kotlarek
e61a2fc355
FEATURE: backlink to the site from Logster (#25669)
Configure the backlink to the site from Logster.
Related PR https://github.com/discourse/logster/pull/220
2024-02-15 10:26:30 +11:00
Ted Johansson
7522957aaa
FIX: Touch up illegal flag type translations (#25670)
When we launched the new illegal flag type, there were a few problems with the translations:

The translation for the message in the e-mail was missing and in the review queue, the message read: "Is this it's illegal?"

In this PR the missing translation key has been added. For the review queue there was a coupling of the name rendering to whether the flag is of "custom" type, but this is also used for deciding whether we render the textbox for additional details. I think these two things should not be coupled together. For now I have instead hard-coded the existing "custom" types when formatting the name. We can potentially improve this later.
2024-02-14 18:44:32 +08:00
Kris
037def8624
UX: clarify old dates with YYYY instead of 'YY (#25661)
* UX: clarify old dates with YYYY instead of 'YY

* update formatter test
2024-02-14 10:32:50 +11:00
Discourse Translator Bot
8eab06cb2f
Update translations (#25659) 2024-02-13 16:11:30 +01:00
David Taylor
4a5616fe86
UX: Make refresh notice copy more friendly (#25646)
'please refresh, or you may experience unexpected behavior' sounds quite threatening to me. 'please refresh to to keep things working smoothly' conveys the same information in a more friendly way
2024-02-12 15:54:44 +00:00
Bianca Nenciu
1403217ca4
FEATURE: Async load of category and chat hashtags (#25526)
This commit includes several changes to make hashtags work when "lazy
load categories" is enabled. The previous hashtag implementation use the
category colors CSS variables, but these are not defined when the site
setting is enabled because categories are no longer preloaded.

This commit implements two fundamental changes:

1. load colors together with the other hashtag information

2. load cooked hashtag data asynchronously

The first change is implemented by adding "colors" to the HashtagItem
model. It is a list because two colors are returned for subcategories:
the color of the parent category and subcategory.

The second change is implemented on the server-side in a new route
/hashtags/by-ids and on the client side by loading previously unseen
hashtags, generating the CSS on the fly and injecting it into the page.

There have been minimal changes outside of these two fundamental ones,
but a refactoring will be coming soon to reuse as much of the code
and maybe favor use of `style` rather than injecting CSS into the page,
which can lead to page rerenders and indefinite grow of the styles.
2024-02-12 12:07:14 +02:00
Martin Brennan
cf4d92f686
FIX: Change max_image_megapixels logic (#25625)
This commit changes `max_image_megapixels` to be used
as is without multiplying by 2 to give extra leway.
We found in reality this was just causing confusion
for admins, especially with the already permissive
40MP default.
2024-02-12 09:56:43 +10:00
Martin Brennan
3cc73cfd1e
FIX: Always preload admin plugin list for admin in sidebar (#25606)
When we show the links to installed plugins in the admin
sidebar (for plugins that have custom admin routes) we were
previously only doing this if you opened /admin, not if you
navigated there from the main forum. We should just always
preload this data if the user is admin.

This commit also changes `admin_sidebar_enabled_groups` to
not be sent to the client as part of ongoing efforts to
not check groups on the client, since not all a user's groups
may be serialized.
2024-02-09 12:52:22 +10:00
Alan Guo Xiang Tan
0b39ee87f0
DEV: Fix checkout time not properly enabled on CI (#25621)
Follow-up to 96ae5c395f
2024-02-09 06:02:42 +08:00
Alan Guo Xiang Tan
96ae5c395f
DEV: Set database checkout timeout to 10 on CI (#25604)
Why this change?

We have been seeing checkout timeouts happening on CI when using the
default of 5 seconds. This can happen in system tests when the server
has to process many requests using the same database connection.
Therefore, we will double the timeout for now and monitor if stuff
continues to timeout.
2024-02-08 10:35:55 +08:00
Alan Guo Xiang Tan
9f884cdaab
DEV: Introduce experimental type: objects theme setting (#25538)
Why this change?

This commit introduces an experimental `type: objects` theme setting
which will allow theme developers to store a collection of objects as
JSON in the database. Currently, the feature is still in development and
this commit is simply setting up the ground work for us to introduce the
feature in smaller pieces.

What does this change do?

1. Adds a `json_value` column as `jsonb` data type to the `theme_settings` table.
2. Adds a `experimental_objects_type_for_theme_settings` site setting to
   determine whether `ThemeSetting` records of with the `objects` data
   type can be created.
3. Updates `ThemeSettingsManager` to support read/write access from the
   `ThemeSettings#json_value` column.
2024-02-08 10:20:59 +08:00
Martin Brennan
8eb4bf07a6
FIX: Translation missing for Illegal flag on topic (#25603)
Followup to 95a2d285d3

Fixes a missing translation and also makes it so the
flag modal does not have a scrollbar when it opens.
2024-02-08 11:53:45 +10:00
Martin Brennan
4ce1c2c030
FIX: Always allow staff (admins & mods) to post links (#25601)
Followup fb087b7ff6

post_links_allowed_groups is an odd check tied to
unrestricted_link_posting? in PostGuardian, in that
it doesn't have an escape hatch for staff like most
of the rest of these group based settings.

It doesn't make sense to exclude admins or mods from
posting links, so just always allow them to avoid confusion.
2024-02-08 11:19:28 +10:00
Martin Brennan
adb4eee153
DEV: Make more group-based settings client: false (#25585)
Affects the following settings:

* whispers_allowed_groups
* anonymous_posting_allowed_groups
* personal_message_enabled_groups
* shared_drafts_allowed_groups
* here_mention_allowed_groups
* uploaded_avatars_allowed_groups
* ignore_allowed_groups

This turns off `client: true` for these group-based settings,
because there is no guarantee that the current user gets all
their group memberships serialized to the client. Better to check
server-side first.
2024-02-08 09:43:34 +10:00
David Taylor
c4559ae575
DEV: Add disable_service_worker_cache global setting (#25589)
When enabled, the workbox caching logic in the service worker will be replaced with a very simple offline error page. We plan to use this as an experiment to see how it affects performance and stability of Discourse.
2024-02-07 10:44:12 +00:00
Alan Guo Xiang Tan
f9789e974b
DEV: Reduce pool size for test environment to 1 (#25584)
Why this change?

I have been investigating transaction related issues with our system
tests and I have a hard time figuring out what is causing the problem.
To help simplify our environment further, we will set the pool size in
the test environment to 1 so that it is impossible for us to be fetching
a different connection between the threads since they all share the
connection pool.

Also set `reaping_frequency` to `0` to ensure we don't reap any
connection ensuring the same connection is always used.
2024-02-07 11:10:17 +08:00
Ted Johansson
95a2d285d3
FEATURE: Add new 'illegal' flag reason (#25498)
To comply with Digital Services Act we need a way for users to flag a post as potentially illegal. This PR adds that functionality.
2024-02-07 10:12:22 +08:00
Discourse Translator Bot
c8c20585a7
Update translations (#25579) 2024-02-06 22:35:44 +01:00
Sam
090252bc39
FIX: Visits for TL3 actually means "Posts Read: unique days" (#25468)
This fixes a quirk in the TL3 report where we were calling the column "visits" but it actually meant "Posts Read: unique days"
2024-02-07 07:46:42 +11:00
Isaac Janzen
5c43fd5054
DEV: Remove widget search menu (#25545) 2024-02-06 08:52:24 -07:00
Tobias Eigen
caffcf3a9a
COPY: Update client.en.yml to rename email settings menu item
Changed emails > "Settings" to emails > "Email Settings" to differentiate it better from the main site settings menu item.
2024-02-06 09:29:28 +10:00
Blake Erickson
3159522546
DEV: Correct some tl to group site setting changes (#25550)
- Created a new migration for here_mention
- Updated existing migration for here_mention
- Updated site settings for here_mention, create_tag, and
  send_email_messages
2024-02-05 09:50:46 -07:00
Blake Erickson
a764ab5b54
DEV: Update min trust level to tag topics migration to groups (#25527)
* DEV: Update min trust level to tag topics migration to groups

- Update the existing migration to include staff and admin
- Update default values
- Added migration to include staff and admin cases
2024-02-05 09:49:54 -07:00
Gerhard Schlager
dd5ca6cc4c
FEATURE: Permalinks for users (#25552) 2024-02-05 17:31:31 +01:00
Arpit Jalan
badc390ebe
FEATURE: allow disabling user activity tab for non admin users (#25540)
* FEATURE: allow disabling user activity tab for non admin users

* add another test case
2024-02-05 14:30:36 +05:30
Martin Brennan
9563d02054
FIX: Serialize uploaded_avatars_allowed_groups check on current user (#25515)
Checking group permissions on the client does not work,
since not all groups are serialized to the client all
the time. We can check `uploaded_avatars_allowed_groups`
on the server side and serialize to the current user
instead.
2024-02-02 09:32:45 +10:00
Neil Lalonde
fb469e7e2f
FIX: use feedback_category placeholder in i18n string (#25514)
https://review.discourse.org/t/71308/4
2024-01-31 19:40:30 -05:00
Neil Lalonde
ba68ee4da7
FIX: missing translation of guidelines_topic.body (#25505)
Broken in https://github.com/discourse/discourse/pull/25253
2024-01-31 15:33:09 -05:00
Martin Brennan
f0e9a6fd0a
FIX: Default more group settings to staff + TL(N) (#25493)
There are some cases where staff (admins/mods) can
be in lower trust levels, so some of these checks will
fail for them. Since we want to keep allowing this (for now)
we should set most settings to also default to be allowed
for staff too, since the old `has_trust_level?` check
worked in this way.
2024-01-31 13:01:10 +10:00
JimmyJammyDodger
94f86630f4
Fix typos to replace 'an user' for 'a user' (#25489)
@discourse-translator-bot keep_translations
2024-01-30 20:35:43 +00:00
Discourse Translator Bot
c3b8216869
Update translations (#25476) 2024-01-30 17:05:37 +01:00
David Taylor
283fe48243
DEV: Update confirm-email flows to use central 2fa and ember rendering (#25404)
These routes were previously rendered using Rails, and had a fairly fragile 2fa implementation in vanilla-js. This commit refactors the routes to be handled in the Ember app, removes the custom vanilla-js bundles, and leans on our centralized 2fa implementation. It also introduces a set of system specs for the behavior.
2024-01-30 10:32:42 +00:00
marstall
5a00d1964f
DEV: add site setting to disable watched word checking in user fields (#25411)
adding a hidden sitesetting, `disable_watched_word_checking_in_user_fields` - false by default. if set to true, you can use any word at all in user profile fields.

meta: https://meta.discourse.org/t/watched-words-scope/282699/20
2024-01-29 12:44:32 -05:00
David Taylor
63f6bd5efe
DEV: Add admin warning for sites on Ember 3 (#25459)
Running Discourse 3.2 stable under Ember 3 will technically be possible, but is only intended as a short-term migration point. This commit adds an admin warning for sites which are using this configuration, to make it clear that themes and plugins are unlikely to support the configuration.

https://meta.discourse.org/t/287211
2024-01-29 14:09:07 +00:00
Alan Guo Xiang Tan
18d652c8f0
DEV: Create unlogged tables by default in the test environment (#25451)
Why this change?

In https://www.postgresql.org/docs/current/non-durability.html, it is
recommended to create unlogged tables to avoid WAL writes which can help
speed at performance at the expense of durability. In the CI env, there is no need for durability at all.
Therefore, we are going to be creating unlogged tables by default.

Co-authored-by: Ted Johansson <ted@discourse.org>
Co-authored-by: Rafael dos Santos Silva <xfalcox@gmail.com>
2024-01-29 09:57:58 +08:00
Gerhard Schlager
b6a04728c5
Make site setting descriptions easier to understand (#25452) 2024-01-29 00:14:02 +01:00
Ted Johansson
7e5d2a95ee
DEV: Convert min_trust_level_to_tag_topics to groups (#25273)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_level_to_tag_topics site setting to tag_topic_allowed_groups.
2024-01-26 13:25:03 +08:00
Blake Erickson
89883b2f51
WIP: Experiemental Bulk Topic Actions Dropdown (#25245)
* WIP: Experiemental Bulk Topic Actions Dropdown

Creates a new dropdown that can be used for topic bulk actions.
2024-01-25 09:12:06 -07:00
Martin Brennan
0e50f88212
DEV: Move min_trust_to_post_embedded_media to group setting (#25238)
c.f. https://meta.discourse.org/t/we-are-changing-giving-access-to-features/283408
2024-01-25 09:50:59 +10:00
Penar Musaraj
b6f64a70f0
UX: Add "filter for more" to icon picker (#25263)
Repurposes the existing "filter for more" row from the tag drop component.
2024-01-23 21:53:13 +01:00
Discourse Translator Bot
da2c0cd5c0
Update translations (#25386) 2024-01-23 18:29:34 +01:00
Penar Musaraj
4d43ef5186
FEATURE: Enable passkeys by default (#25340) 2024-01-23 17:23:26 +01:00
chapoi
3e0e5112b4
UX: remove legacy option copy in nav menu setting (#25382)
* UX: update copy in nav menu setting
2024-01-23 10:52:26 +01:00
Michael Brown
7157798938 FIX: clear db_backup_port default value
The presence of this value with the postgresql default keeps tripping up
people. We shouldn't set this here.

examples:
* https://meta.discourse.org/t/84439/2
* https://meta.discourse.org/t/100604/7
* https://meta.discourse.org/t/223144/6
* https://meta.discourse.org/t/291992/10
2024-01-22 11:39:15 -05:00
Gerhard Schlager
a870c10e14
UX: user.account_possessive was impossible to translate (#25331) 2024-01-21 15:42:14 +01:00
Jan Cernik
d401502834
FIX: Localize text in github oneboxes (#25327) 2024-01-19 11:26:06 -03:00
Ted Johansson
d17ae1563d
DEV: Convert min_trust_level_for_user_api_key to groups (#25299)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_level_for_user_api_key  site setting to user_api_key_allowed_groups.

This isn't used by any of our plugins or themes, so very little fallout.
2024-01-19 11:25:24 +08:00
Ted Johansson
46f1c209be
FIX: Account for moderators in group to TL mapping (#25326)
If configuring only moderators in a group based access setting, the mapping to the old setting wouldn't work correctly, because the case was unaccounted for.

This PR accounts for moderators group when doing the mapping.
2024-01-19 11:10:28 +08:00
Blake Erickson
561851b104
FEATURE: Add hot as a homepage option (#25325) 2024-01-18 16:36:18 -07:00
Penar Musaraj
13e4fbb45f
DEV: Add link to Discover page (#25314) 2024-01-18 12:24:01 -05:00
Ted Johansson
fb087b7ff6
DEV: Convert min_trust_to_post_links to groups (#25298)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_to_post_links  site setting to post_links_allowed_groups.

This isn't used by any of our plugins or themes, so very little fallout.
2024-01-18 14:08:40 +08:00
Bianca Nenciu
abad38c2e7
DEV: Make lazy_load_categories setting use groups (#25282)
This allows certain users to test the new feature and avoid disruptions
in other's workflows.
2024-01-17 20:26:51 +02:00
Sam
df8bb947b2
FEATURE: improvements to hot algorithm (#25295)
- Decrease gravity, we come in too hot prioritizing too many new topics
- Remove all muted topics / categories and tags from the hot list
- Punish topics with zero likes in algorithm
2024-01-17 16:12:03 +11:00
Sam
ebd3971533
FEATURE: experiment with hot sort order (#25274)
This introduces a new experimental hot sort ordering. 

It attempts to float top conversations by first prioritizing a  topics with lots of recent activity (likes and users responding) 

The schedule that updates hot topics is disabled unless the hidden site setting: `experimental_hot_topics` is enabled. 

You can control "decay" with `hot_topic_gravity` and `recency` with `hot_topics_recent_days` 

Data is stored in the new `topic_hot_scores` table and you can check it out on the `/hot` route once 
enabled. 
---------

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2024-01-17 13:01:04 +11:00
Penar Musaraj
d7a341c965
DEV: Add site setting for Discourse Discover (#25266) 2024-01-16 13:39:25 -05:00
Discourse Translator Bot
50f8a51923
Update translations (#25278) 2024-01-16 14:54:32 +01:00
Tomas Vavrda
1e57fed3b9
FIX: Use category hashtag instead of link in guidelines_topic.body (#25253)
* FIX: Use category hashtag instead of link in guidelines_topic.body
2024-01-16 15:22:29 +11:00
Penar Musaraj
f2cf5434f3
Revert "DEV: Convert min_trust_level_to_tag_topics to groups (#25258)" (#25262)
This reverts commit c7e3d27624 due to
test failures. This is temporary.
2024-01-15 11:33:47 -05:00
Ted Johansson
c7e3d27624
DEV: Convert min_trust_level_to_tag_topics to groups (#25258)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_level_to_tag_topics site setting to tag_topic_allowed_groups.
2024-01-15 20:59:08 +08:00
Natalie Tay
9bc78625af
FIX: Enforce proper max for clean_orphan_uploads_grace_period_hours (#25235)
* FIX: Enforce proper max for clean_orphan_uploads_grace_period_hours

* Cast

* Set clean_orphan_uploads_grace_period_hours to max allowed
2024-01-15 10:32:07 +08:00
Alan Guo Xiang Tan
c76ca876a6
DEV: Add more debugging information to AR query logs on GitHub actions (#25237)
Why this change?

We have been chasing a problem with our flaky system test where the user
is logged out when it should never be.

What does this change do?

1. Logs the request path when lookup a user auth token.
2. Logs the request path and also the current thread's object id in
   ActiveRecord query logs.
2024-01-12 13:06:29 +08:00
Ted Johansson
cabbc3899f
FIX: Hide deprecated site setting that was missed out (#25220)
In the heat of converting TL based access settings to groups, the now deprecated setting was left visible. This PR hides it.
2024-01-11 12:47:04 +08:00
Martin Brennan
08d641d932
DEV: Convert review_media_unless_trust_level to group-based setting (#25201)
This commit moves the review_media_unless_trust_level setting
to skip_review_media_groups as part of our move from TL to group
based settings.

c.f. https://meta.discourse.org/t/changes-coming-to-settings-for-giving-access-to-features-from-trust-levels-to-groups/283408
2024-01-11 13:43:01 +10:00
Discourse Translator Bot
2e0ec679c5
Update translations (#25185) 2024-01-09 15:09:36 +01:00
Ted Johansson
2037683f47
FIX: Hide deprecated site settings that were missed out before (#25180)
While on a roll to deprecate TL based access site settings and replace them with group based ones, I forgot to hide some of the old ones.
2024-01-09 10:49:36 +08:00
Ted Johansson
e4494b26fd
DEV: Convert min_trust_to_send_email_messages to groups (#24942)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_to_send_email_messages site setting to send_email_messages_allowed_groups.
2024-01-09 09:47:06 +08:00
Martin Brennan
8c6144d116
DEV: Change enable_admin_sidebar_navigation to group setting (#25159)
This will make it easier to do more focused
testing of this change.
2024-01-09 09:06:27 +10:00
Martin Brennan
51016e56dd
FEATURE: Add copy quote button to post selection menu (#25139)
Merges the design experiment at
https://meta.discourse.org/t/post-quote-copy-to-clipboard-button-feedback/285376
into core.

This adds a new button by default to the menu that pops up when text is
selected in a post.

The normal Quote button that is shown when selecting text within a post
will open the composer with the quote markdown prefilled.

This new "Copy Quote" button copies the quote markdown directly to the
user’s clipboard. This is useful for when you want to copy the quote
elsewhere – to another topic or a chat message for instance – without
having to manually copy from the opened composer, which then has to be
dismissed afterwards. An example of quote markdown:

```
[quote="someuser, post:7, topic:285376"]
In this moment, I am euphoric.
[/quote]
```
2024-01-08 10:38:14 +10:00
Ted Johansson
a5f0935307
DEV: Convert min_trust_level_to_create_tag to groups (#24899)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_level_to_create_tag  site setting to create_tag_allowed_groups.

This PR maintains backwards compatibility until we can update plugins and themes using this.
2024-01-05 10:19:43 +08:00
Krzysztof Kotlarek
0bb86129a5
FEATURE: used, unused, enabled, disabled component filter (#25136)
In this PR we introduced the enabled/disabled components filter.

https://github.com/discourse/discourse/pull/25105

However, components are slightly more complicated and can be used/unused/enabled/disabled.
2024-01-05 12:15:16 +11:00
Krzysztof Kotlarek
be841e666e
FEATURE: filter themes and components (#25105)
Allow filtering themes or components to find Active/Enabled Inactive/Disabled or Updates Available in the admin panel.
2024-01-04 14:29:08 +11:00
Isaac Janzen
1f94da349b
DEV: Make the Glimmer Search Menu the new default (#25092)
- Convert group based `experimental_search_menu_groups_enabled` site setting to be a _hidden_ boolean `experimental_search_menu` setting.
- Make default `true`
- Remove widget search menu tests

Discourse Encrypt Test Failure Fix - https://github.com/discourse/discourse-encrypt/pull/301
2024-01-03 09:07:27 -07:00
David Taylor
07caa5bc03
FEATURE: Show warning banner for critical JS deprecations to admins (#25091)
Ported from d95706b25a

This is enabled by default, but can be disabled via the `warn_critical_js_deprecations` hidden site setting.

The `warn_critical_js_deprecations_message` site setting can be used by hosting providers to add a sentence to the warning message (e.g. a date when they will be deploying the Ember 5 upgrade).
2024-01-03 11:41:09 +00:00
Alan Guo Xiang Tan
1a423f3c2d
DEV: Enable query_log_tags_enabled in the test environment (#25104)
Why this change?

When logging ActiveRecord query logs in the test environment, we want to
include more runtime information about the SQL statement as well.

See
https://guides.rubyonrails.org/debugging_rails_applications.html#verbose-query-logs
for more details
2024-01-03 13:11:16 +08:00
Ted Johansson
a0fbce996a
FEATURE: Buffer file names of failed uploads when bulk uploading (#25068)
Currently, when bulk uploading and multiple uploads fail, we show a number of dialogs in quick succession. This is of course a terrible user experience.

With this change, we buffer the error messages until there are no more pending uploads. Then we combine the buffered errors and display a single dialog with a list of failed files.
2024-01-03 10:29:23 +08:00
Kelv
b4a89ea610
FEAT: add cc addresses and post_id to sent email logs (#25014)
* add cc addresses and post_id to sent email logs
* sort cc addresses by email address filter value and collapse additional addreses into tooltip
* add slice helper for use in ember tempaltes
2024-01-03 09:27:25 +08:00
Discourse Translator Bot
8e1fc93748
Update translations (#25088) 2024-01-02 15:25:58 +01:00
David Taylor
236f3cc6eb
UX: Add 'edit' link to theme colour palette selector (#25073) 2024-01-02 10:45:52 +00:00
marstall
ddd750cda7
FEATURE: change /invites.json api endpoint to optionally accept array of emails (#24853)
https://meta.discourse.org/t/feature-request-sending-bulk-invitations-via-api/272423/18
2023-12-28 10:16:04 -05:00
Discourse Translator Bot
cd818ab63f
Update translations (#25041) 2023-12-28 10:12:53 +01:00
Alan Guo Xiang Tan
655c106101
DEV: Capture and log AR debug logs on GitHub actions for flaky tests (#25048)
Why this change?

We have been running into flaky tests which seems to be related to
AR transaction problems. However, we are not able to reproduce this
locally and do not have sufficient information on our builds now to
debug the problem.

What does this change do?

Noe the following changes only applies when `ENV["GITHUB_ACTIONS"]` is
present.

This change introduces an RSpec around hook when `capture_log: true` has
been set for a test. The responsibility of the hook is to capture the
ActiveRecord debug logs and print them out.
2023-12-27 14:40:00 +08:00
Ted Johansson
b890eb1bd2
DEV: Convert min_trust_to_allow_self_wiki to groups (#25009)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_to_allow_self_wiki site setting to self_wiki_allowed_groups.

Nothing of note here. This is used in exactly one place, and there's no fallout.
2023-12-27 09:21:39 +08:00
chapoi
32c438387b
UX: make sidebar title static (#25040)
* UX: make sidebar title static

* tests
2023-12-26 13:37:32 +01:00
chapoi
3a20718526
UX: header avatar > change to aria-label (#25038) 2023-12-26 12:18:12 +01:00
Alan Guo Xiang Tan
bf3e121323
DEV: Set config.eager_load = true on CI (#25032)
Why this change?

When running system tests on our CI, we have been occasionally seeing
server errors like:

```
Error encountered while proccessing /stylesheets/desktop_e58cf7f686aab173f9b778797f241913c2833c39.css
  NoMethodError: undefined method `+' for nil:NilClass
    /__w/discourse/discourse/vendor/bundle/ruby/3.2.0/gems/actionpack-7.0.7/lib/action_dispatch/journey/path/pattern.rb:139:in `[]'
    /__w/discourse/discourse/vendor/bundle/ruby/3.2.0/gems/actionpack-7.0.7/lib/action_dispatch/journey/router.rb:127:in `block (2 levels) in find_routes'
    /__w/discourse/discourse/vendor/bundle/ruby/3.2.0/gems/actionpack-7.0.7/lib/action_dispatch/journey/router.rb:126:in `each'
    /__w/discourse/discourse/vendor/bundle/ruby/3.2.0/gems/actionpack-7.0.7/lib/action_dispatch/journey/router.rb:126:in `each_with_index'
    /__w/discourse/discourse/vendor/bundle/ruby/3.2.0/gems/actionpack-7.0.7/lib/action_dispatch/journey/router.rb:126:in `block in find_routes'
    /__w/discourse/discourse/vendor/bundle/ruby/3.2.0/gems/actionpack-7.0.7/lib/action_dispatch/journey/router.rb:123:in `map!'
    /__w/discourse/discourse/vendor/bundle/ruby/3.2.0/gems/actionpack-7.0.7/lib/action_dispatch/journey/router.rb:123:in `find_routes'
    /__w/discourse/discourse/vendor/bundle/ruby/3.2.0/gems/actionpack-7.0.7/lib/action_dispatch/journey/router.rb:32:in `serve'
    /__w/discourse/discourse/vendor/bundle/ruby/3.2.0/gems/actionpack-7.0.7/lib/action_dispatch/routing/route_set.rb:852:in `call'
```

While looking through various Rails issues related to the error above, I
came across https://github.com/rails/rails/pull/27647 which is a fix to
fully initialize routes before the first request is handled. However,
the routes are only fully initialize only if `config.eager_load` is set
to `true`. There is no reason why `config.eager_load` shouldn't be `true` in the
CI environment and this is what a new Rails 7.1 app is generated with.

What does this change do?

Enable `config.eager_load` when `env["CI"]` is present
2023-12-26 13:05:55 +08:00
Krzysztof Kotlarek
7cad69e6ef
UX: File types site setting (#24976)
New file types site setting with buttons allowing to easily add image/video/audio/document extensions to the list.
2023-12-22 11:23:42 +11:00
Krzysztof Kotlarek
025e40354c
FIX: correct typo minmin_trust_to_edit_wiki_post (#24999)
Typo introduced here https://github.com/discourse/discourse/pull/24766#pullrequestreview-1792187422

In addition, use setting instead of hard-coded @user.has_trust_level?(TrustLevel[4])
2023-12-22 08:39:42 +11:00
yvanzo
ed20800986 FIX: Vietnamese language native name
It was wrongly set to the Vietnamese name of the Vietnam country,
instead of the Vietnamese name of the Vietnamese language.

Source: https://www.wikidata.org/wiki/Q9199
2023-12-21 18:03:57 +01:00
Discourse Translator Bot
032bfa3d51
Update translations (#24968) 2023-12-19 22:45:27 +01:00
Martin Brennan
b83d4953da
FIX: Admin problem notification minor issues (#24963)
* Icon was a gift and not exclamation-triangle...these admin problems
  are not usually a gift :P
* Added missing title translation
2023-12-19 18:37:31 +10:00
Alan Guo Xiang Tan
38abc0d922
DEV: Change default of cross_origin_opener_policy_header (#24940)
Why this change?

This is part of our efforts to harden the security of the Discourse
application. Setting the `CROSS_ORIGIN_OPENER_POLICY` header to `same-origin-allow-popups`
by default makes the application safer. We have opted to make this a
hidden site setting because most admins will never have to care about
this setting so we're are opting not to show it. If they do have to
change it, they can still do so by setting the
`DISCOURSE_CROSS_ORIGIN_OPENER_POLICY` env.
2023-12-19 11:46:44 +08:00
Blake Erickson
3380d283c9
FEATURE: Add API scope for /logs route (#24956)
Adds an API scope for accessing Logster's routes. This one is a bit
different than routes from core because it is mounted like

```
mount Logster::Web => "/logs"
```

and doesn't have all the route info a traditional rails app/engine does.
2023-12-18 19:45:04 -07:00
Penar Musaraj
46efe4f96a
FIX: Inconsistent login label (#24949) 2023-12-18 10:58:03 -05:00
Ted Johansson
0edf39409c
DEV: Convert min_trust_level_to_allow_ignore to groups (#24894)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_level_to_allow_ignore  site setting to ignore_allowed_groups.

This PR maintains backwards compatibility until we can update plugins and themes using this.
2023-12-18 13:04:37 +08:00
Ted Johansson
6ab1a19e93
DEV: Convert min_trust_level_to_allow_invite to groups (#24893)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_level_to_allow_invite  site setting to invite_allowed_groups.

Nothing much of note. This is used in one place and there's no fallout.
2023-12-18 12:07:36 +08:00
Martin Brennan
6de00f89c2
FEATURE: Initial admin sidebar navigation (#24789)
This is v0 of admin sidebar navigation, which moves
all of the top-level admin nav from the top of the page
into a sidebar. This is hidden behind a enable_admin_sidebar_navigation
site setting, and is opt-in for now.

This sidebar is dynamically shown whenever the user enters an
admin route in the UI, and is hidden and replaced with either
the:

* Main forum sidebar
* Chat sidebar

Depending on where they navigate to. For now, custom sections
are not supported in the admin sidebar.

This commit removes the experimental admin sidebar generation rake
task but keeps the experimental sidebar UI for now for further
testing; it just uses the real nav as the default now.
2023-12-18 11:48:25 +10:00
Ted Johansson
53d40672a7
DEV: Convert min_trust_level_to_allow_user_card_background to groups (#24891)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_level_to_allow_user_card_background site setting to user_card_background_allowed_groups.

Nothing of note here. This is used in exactly one place, and there's no fallout.
2023-12-14 10:57:58 +08:00
Ted Johansson
48116186af
DEV: Convert tl4_delete_posts_and_topics to groups (#24866)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the tl4_delete_posts_and_topics  site setting to delete_all_posts_and_topics_allowed_groups.

This one is a bit different from previous ones, as it's a boolean flag, and the default should be no group. Pay special attention to the migration during review.
2023-12-14 09:56:42 +08:00
Blake Erickson
00209f03e6
DEV: Add file_size_restriction site setting type (#24704)
This change will allow admins to configure file sizes in mb instead of
having to convert to kb.

Co-authored-by: Ella <ella.estigoy@gmail.com>
2023-12-13 16:22:48 -07:00
marstall
0513865c3c
FEATURE: Delete backups based on time window (#24296)
* FEATURE: core code, tests for feature to allow backups to removed based on a time window

* FEATURE: getting tests working for time-based backup

* FEATURE: getting tests running

* FEATURE: linting
2023-12-13 13:00:27 -05:00
David Taylor
fadcfd1451
DEV: Add safe_mode=deprecation_errors mode (#24870)
This commit adds an additional toggle to our safe-mode system. When enabled, it will cause all deprecation messages to become exceptions. This gives admins a way to test their themes/plugins against upcoming Discourse changes without needing to use the browser developer tools.
2023-12-13 14:06:59 +00:00
Ted Johansson
294febf3c4
DEV: Convert min_trust_to_flag_posts setting to groups (#24864)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_to_flag_posts site setting to flag_post_allowed_groups.

Note: In the original setting, "posts" is plural. I have changed this to "post" singular in the new setting to match others.
2023-12-13 17:18:42 +08:00
Ted Johansson
36057638ca
DEV: Convert min_trust_to_edit_post to groups (#24840)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_to_edit_post site setting to edit_post_allowed_groups.

The old implementation will co-exist for a short period while I update any references in plugins and themes.
2023-12-13 13:25:13 +08:00
Krzysztof Kotlarek
702d0620d7
DEV: Convert min_trust_to_create_topic to groups (#24740)
This change converts the min_trust_to_create_topic site setting to
create_topic_allowed_groups.

See: https://meta.discourse.org/t/283408

- Hides the old setting
- Adds the new site setting
- Add a deprecation warning
- Updates to use the new setting
- Adds a migration to fill in the new setting if the old setting was
changed
- Adds an entry to the site_setting.keywords section
- Updates tests to account for the new change
- After a couple of months, we will remove the min_trust_to_create_topicsetting entirely.

Internal ref: /t/117248
2023-12-13 14:50:13 +11:00
Krzysztof Kotlarek
1017820012
DEV: Convert allow_uploaded_avatars to groups (#24810)
This change converts the allow_uploaded_avatars site setting to uploaded_avatars_allowed_groups.

See: https://meta.discourse.org/t/283408

Hides the old setting
Adds the new site setting
Adds a deprecation warning
Updates to use the new setting
Adds a migration to fill in the new setting if the old setting was changed
Adds an entry to the site_setting.keywords section
Updates tests to account for the new change
After a couple of months, we will remove the allow_uploaded_avatars setting entirely.

Internal ref: /t/117248
2023-12-13 10:53:19 +11:00
Angus McLeod
95c61b88dc
Apply embed unlisted setting consistently (#24294)
Applies the embed_unlisted site setting consistently across topic embeds, including those created via the WP Discourse plugin. Relatedly, adds a embed exception to can_create_unlisted_topic? check. Users creating embedded topics are not always staff.
2023-12-12 09:35:26 -05:00
Discourse Translator Bot
7d0562f10e
Update translations (#24848) 2023-12-12 14:23:51 +01:00
Krzysztof Kotlarek
7dd150bc95
DEV: Convert min_trust_to_edit_wiki_post to groups (#24766)
This change converts the min_trust_to_edit_wiki_post site setting to edit_wiki_post_allowed_groups.

See: https://meta.discourse.org/t/283408

Hides the old setting
Adds the new site setting
Add a deprecation warning
Updates to use the new setting
Adds a migration to fill in the new setting if the old setting was changed
Adds an entry to the site_setting.keywords section
Updates tests to account for the new change
After a couple of months, we will remove the email_in_min_trust setting entirely.

Internal ref: /t/117248
2023-12-12 15:20:37 +11:00
Tobias Eigen
653073bb24
update desc of top_page_default_timeframe (#24755)
Update to top_page_default_timeframe description to clarify how the setting works. It adjusts automatically for logged in users depending on their last visit.
2023-12-11 16:44:20 -08:00
David Taylor
598961086c
FIX: Correct and improve autohighlight_all_code setting description (#24828)
We allow HTML in site setting descriptions, so `<code>` was being rendered as HTML instead of text. This commit fixes that, and adds an additional sentence about how to control markdown-authored code blocks.
2023-12-11 18:29:05 +00:00
Neil Lalonde
27144f188c
UX: if no login options are configured, show a message (#24777)
Admins will be instructed to login via /u/admin-login to change their
site settings.
2023-12-08 10:49:54 -05:00
David Taylor
efbe5b7dda
DEV: Catch errors in theme/plugin onPageChange handlers (#24784)
This makes the errors easier for admins to identify/resolve, and also prevents failures from affecting core functionality.
2023-12-08 10:01:37 +00:00
Martin Brennan
d5fe9b4f8c
FEATURE: Add copy link post menu button (#24709)
This commit ports the feature by @chapoi that was
previously a theme component in core.

A new post_menu button, copyLink, is added and used
as the default instead of share.

copyLink, on desktop, will copy the link of the post
to the user's clipboard and show a nice 'lil animation.
On mobile the native share menu will be shown.

If site owners want the old behaviour back, they just
need to change the post_menu site setting to use
the share button instead of copyLink.
2023-12-08 11:45:49 +10:00
Mark VanLandingham
ee05f57e2d
FEATURE: Site setting to display user avatars in user menu (#24514) 2023-12-07 11:30:44 -06:00
Jarek Radosz
694b5f108b
DEV: Fix various rubocop lints (#24749)
These (21 + 3 from previous PRs) are soon to be enabled in rubocop-discourse:

Capybara/VisibilityMatcher
Lint/DeprecatedOpenSSLConstant
Lint/DisjunctiveAssignmentInConstructor
Lint/EmptyConditionalBody
Lint/EmptyEnsure
Lint/LiteralInInterpolation
Lint/NonLocalExitFromIterator
Lint/ParenthesesAsGroupedExpression
Lint/RedundantCopDisableDirective
Lint/RedundantRequireStatement
Lint/RedundantSafeNavigation
Lint/RedundantStringCoercion
Lint/RedundantWithIndex
Lint/RedundantWithObject
Lint/SafeNavigationChain
Lint/SafeNavigationConsistency
Lint/SelfAssignment
Lint/UnreachableCode
Lint/UselessMethodDefinition
Lint/Void

Previous PRs:
Lint/ShadowedArgument
Lint/DuplicateMethods
Lint/BooleanSymbol
RSpec/SpecFilePathSuffix
2023-12-06 23:25:00 +01:00
Ella E
47629db3db
UX: Add a link from admin reports page to meta a topic (#24707)
* UX: Add a link from admin reports page to meta a topic
* DEV: apply prettier
2023-12-05 16:37:44 -07:00
Kris
4ad6c9ce34
FIX: shortcut typo (#24731) 2023-12-05 17:17:04 -05:00
Jordan Vidrine
bdecb23fd4
UX: More adjustments (#24726) 2023-12-05 14:55:08 -06:00
Discourse Translator Bot
cae2b83af8
Update translations (#24716) 2023-12-05 14:39:08 +01:00
Krzysztof Kotlarek
d9ac0c33ff
FIX: update tag description field placeholder (#24644)
Improvements after  https://github.com/discourse/discourse/pull/24561

1. Make placeholder more descriptive
2. Respect new line breaks in description
2023-12-04 09:38:20 +11:00
David Taylor
ecf7a4f0c6
FIX: Ensure app-cdn CORS is not overridden by cors_origin setting (#24661)
We add `Access-Control-Allow-Origin: *` to all asset requests which are requested via a configured CDN. This is particularly important now that we're using browser-native `import()` to load the highlightjs bundle. Unfortunately, user-configurable 'cors_origins' site setting was overriding the wldcard value on CDN assets and causing CORS errors.

This commit updates the logic to give the `*` value precedence, and adds a spec for the situation. It also invalidates the cache of hljs assets (because CDNs will have cached the bad Access-Control-Allow-Origin header).

The rack-cors middleware is also slightly tweaked so that it is always inserted. This makes things easier to test and more consistent.
2023-12-01 12:57:11 +00:00
Gerhard Schlager
ca296c4926
Fix typos (#24656)
@discourse-translator-bot keep_translations
2023-11-30 22:13:28 +01:00
Keegan George
d2b53ccac2
DEV: Port discourse-table-builder theme component to core (#24441) 2023-11-30 10:54:29 -08:00
Martin Brennan
dc8a727b3f
COPY: secure media -> secure uploads (#24643)
Fixing up the last few holdouts
2023-11-30 14:58:55 +10:00
Martin Brennan
c58cd697d2
FIX: Further improvements for plugin list (#24622)
Followup e37fb3042d

* Automatically remove the prefix `Discourse ` from all the plugin titles to avoid repetition
* Remove the :discourse_dev: icon from the author. Consider a "By Discourse" with no labels as official
* We add a `label` metadata to plugin.rb
  * Only plugins made by us in `discourse` and `discourse-org` GitHub organizations will show these in the list
* Make the plugin author font size a little smaller
* Make the commit sha look like a link so it's more obvious it goes to the code

Also I added some validation and truncation for plugin metadata
parsing since currently you can put absolutely anything in there
and it will show on the plugin list.
2023-11-30 10:53:17 +10:00
Discourse Translator Bot
c90772fd3a
Update translations (#24599) 2023-11-29 10:41:27 +01:00
Bianca Nenciu
e85a81f33c
FIX: Make category-drop work with lazy_load_categories (#24187)
The category drop was rerendered after every category async change
because it updated the categories list. This is not necessary and
categories can be referenced indirectly by ID instead.
2023-11-28 17:58:47 +02:00
David Taylor
5783f231f8
DEV: Introduce DISCOURSE_ASSET_URL_SALT (#24596)
This value is included when generating static asset URLs. Updating the value will allow site operators to invalidate all asset urls to recover from configuration issues which may have been cached by CDNs/browsers.
2023-11-28 11:28:40 +00:00
Martin Brennan
3e639e4aa7
FIX: Add higher read & open timeouts for group SMTP emails (#24593)
When sending SMTP for group SMTP functionality, we
are running into timeouts for both read and open
when sending mail occassionally, which can cause issues
like the email only being sent to _some_ of the recipients
or to fail altogether.

The defaults of 5s are too low, so bumping them up to
the defaults of the `net-smtp` gem.
2023-11-28 15:32:59 +10:00
Martin Brennan
eb1a622d38
FIX: Improve group mention copy for small groups (#24558)
If a group is < 5 members, the mention warning doesn't need to
be so harsh. This commit changes the copy for the existing warning
and adds a new one for groups that are >= 5 members.
2023-11-27 10:31:24 +10:00
Krzysztof Kotlarek
dc2a0854b0
UX: add gift emoji styling for new features (#24523)
When admin has unseen new feature, gift emoji is added to a link.

In addition, `/new-features` path was changed to `/whats-new`
2023-11-27 09:32:28 +11:00
Sam
c2fd090d7d
DEV: revert missing license for maxmind changes (#24538)
Reverts
 
 - DEV: maxmind license checking failing tests #24534 
 - UX: Show if MaxMind key is missing on IP lookup #18993

These changes are leading to surprising results, our logs are now filling up with warnings on dev environments 

We need the change to be redone
2023-11-24 11:31:11 +11:00
Sam
85d2b5fa48
DEV: maxmind license checking failing tests (#24534)
This improves the implementation of #18993

1. Error message displayed to user is clearer
2. open_db will also be called, even if license key is blank, as it was previously
3. This in turn means no need to keep stubbing 'maxmind_license_key'
2023-11-24 09:38:46 +11:00
MichaIng
c58a41cb3e
UX: Show on IP lookup if MaxMind key is missing (#18993)
as discussed in https://meta.discourse.org/t/maxminddb-not-found-error/148512/7.
 
shows a warning to the admin if no license for maxmind is found
2023-11-24 08:02:05 +11:00
Blake Erickson
c89edd9e86
DEV: Convert email_in_min_trust to groups (#24515)
This change converts the `email_in_min_trust` site setting to
`email_in_allowed_groups`.

See: https://meta.discourse.org/t/283408

- Hides the old setting
- Adds the new site setting
- Add a deprecation warning
- Updates to use the new setting
- Adds a migration to fill in the new setting if the old setting was
  changed
- Adds an entry to the site_setting.keywords section
- Updates tests to account for the new change

After a couple of months we will remove the
`email_in_min_trust` setting entirely.

Internal ref: /t/115696
2023-11-22 18:03:28 -07:00
Blake Erickson
8a45f84277
DEV: Convert approve_new_topics_unless_trust_level to groups (#24504)
* DEV: Convert approve_new_topics_unless_trust_level to groups

This change converts the `approve_new_topics_unless_trust_level` site
setting to `approve_new_topics_unless_allowed_groups`.

See: https://meta.discourse.org/t/283408

- Hides the old setting
- Adds the new site setting
- Add a deprecation warning
- Updates to use the new setting
- Adds a migration to fill in the new setting if the old setting was
  changed
- Adds an entry to the site_setting.keywords section
- Updates tests to account for the new change

After a couple of months we will remove the
`approve_new_topics_unless_trust_level` setting entirely.

Internal ref: /t/115696

* add missing translation

* Add keyword entry

* Add migration
2023-11-22 10:44:59 -07:00
Blake Erickson
447d9b2105
DEV: Convert approve_unless_trust_level to groups (#24357)
This change converts the `approve_unless_trust_level` site setting to
`approve_unless_allowed_groups`.

See: https://meta.discourse.org/t/283408

- Adds the new site setting
- Adds a deprecation warning
- Updates core to use the new settings.
- Adds a migration to fill in the new setting of the old setting was
  changed
- Adds an entry to the site_setting.keywords section
- Updates many tests to account for the new change

After a couple of months we will remove the `approve_unless_trust_level`
setting entirely.

Internal ref: /t/115696
2023-11-21 11:31:42 -07:00
Discourse Translator Bot
c33a20cff6
Update translations (#24485) 2023-11-21 14:36:16 +01:00
Martin Brennan
e37fb3042d
FEATURE: Admin plugin list redesign (#24363)
* Remove checkmark for official plugins
* Add author for plugin, which is By Discourse for all discourse
  and discourse-org github plugins
* Link to meta topic instead of github repo
* Add experimental flag for plugin metadata and show this as a
  badge on the plugin list if present

---------

Co-authored-by: chapoi <101828855+chapoi@users.noreply.github.com>
2023-11-21 09:37:11 +10:00
Martin Brennan
10b546d8c7
FIX: Make fullscreen code modal occupy as much of the screen as needed (#24403)
This commit makes it so the fullscreen code modal grows
to fit its content, and doesn't show horizontal scrollbars
unless the entire screen is filled by the modal already.

The code syntax highlighting and copy buttons were also
broken in fullscreen because of modal changes over time.
2023-11-21 09:36:42 +10:00
Martin Brennan
146da75fd7
FEATURE: Add setting & preference for search sort default order (#24428)
This commit adds a new `search_default_sort_order` site setting,
set to "relevance" by default, that controls the default sort order
for the full page /search route.

If the user changes the order in the dropdown on that page, we remember
their preference automatically, and it takes precedence over the site
setting as a default from then on. This way people who prefer e.g.
Latest Post as their default can make it so.
2023-11-20 10:43:58 +10:00
Krzysztof Kotlarek
96c5a6c9ca
FEATURE: dedicated admin section for new features (#24292)
New tab in admin panel with list of new features. Presentation was enhanced by screenshot and markdown description.

Related PR https://github.com/discourse-org/discourse-new-features-feeds/pull/23
2023-11-20 09:59:04 +11:00
Alan Guo Xiang Tan
e0ef88abca
DEV: Run QUnit tests for official Discourse themes (#24405)
Why this change?

As the number of themes which the Discourse team supports officially
grows, we want to ensure that changes made to Discourse core do not
break the plugins. As such, we are adding a step to our Github actions
test job to run the QUnit tests for all official themes.

What does this change do?

This change adds a new job to our tests Github actions workflow to run the QUnit
tests for all official plugins. This is achieved with the following
changes:

1. Update `testem.js` to rely on the `THEME_TEST_PAGES` env variable to set the
   `test_page` option when running theme QUnit tests with testem. The
   `test_page` option [allows an array to be specified](https://github.com/testem/testem#multiple-test-pages) such that tests for
   multiple pages can be run at the same time. We are relying on a ENV variable
   because  the `testem` CLI does not support passing a list of pages
   to the `--test_page` option.

2. Support a `/testem-theme-qunit/:testem_id/theme-qunit` Rails route in the development environment. This
   is done because testem prefixes the path with a unique ID to the configured `test_page` URL.
   This is problematic for us because we proxy all testem requests to the
   Rails server and testem's proxy configuration option does not allow us
   to easily rewrite the URL to remove the prefix. Therefore, we configure a proxy in testem to prefix `theme-qunit` requests with
  `/testem-theme-qunit` which can then be easily identified by the Rails server and routed accordingly. 

3. Update `qunit:test` to support a `THEME_IDS` environment variable
   which will allow it to run QUnit tests for multiple themes at the
   same time.

4. Support `bin/rake themes:qunit[ids,"<theme_id>|<theme_id>"]` to run
   the QUnit tests for multiple themes at the same time.

5. Adds a `themes:qunit_all_official` Rake task which runs the QUnit
   tests for all the official themes.
2023-11-17 07:17:32 +08:00
Mark VanLandingham
69464cbbe2
FIX: Add desktop notification translation for watching_category_or_tag (#24276) 2023-11-16 08:34:58 -06:00
David Taylor
e2e720b2b7
UX: Expand enforce_second_factor setting description (#24413) 2023-11-16 13:58:52 +00:00