Commit Graph

9882 Commits

Author SHA1 Message Date
David Taylor
1672a24490
DEV: Memoize CSP nonce placeholder on response (#25724)
That way, the same value is used even if the helper is called in the context of different controllers

Followup to c8a1b49ddd
2024-02-16 12:15:55 +00:00
David Taylor
b1f74ab59e
FEATURE: Add experimental option for strict-dynamic CSP (#25664)
The strict-dynamic CSP directive is supported in all our target browsers, and makes for a much simpler configuration. Instead of allowlisting paths, we use a per-request nonce to authorize `<script>` tags, and then those scripts are allowed to load additional scripts (or add additional inline scripts) without restriction.

This becomes especially useful when admins want to add external scripts like Google Tag Manager, or advertising scripts, which then go on to load a ton of other scripts.

All script tags introduced via themes will automatically have the nonce attribute applied, so it should be zero-effort for theme developers. Plugins *may* need some changes if they are inserting their own script tags.

This commit introduces a strict-dynamic-based CSP behind an experimental `content_security_policy_strict_dynamic` site setting.
2024-02-16 11:16:54 +00:00
Martin Brennan
3094f32ff5
FIX: is_my_own? check for users who are anonymously doing actions (#25716)
Followup to 978d52841a

It's complicated...we have multiple "anonymous" user concepts
in core, and even two classes called the exact same thing --
AnonymousUser.

The first case is Guardian::AnonymousUser, which is used for
people who are browsing the forum without being authenticated.

The second case is the model AnonymousUser, which is used when
a user is liking or posting anonymously via allow_anonymous_likes
or allow_anonymous_posting site settings.

We will untangle this naming nightmare later on...but for the
time being, only authenticated users who are pretending to be
anonymous should be able to like posts if allow_anonymous_likes
is on.
2024-02-16 14:28:12 +10:00
Alan Guo Xiang Tan
ad900ef9dd
Revert "DEV: Debug AR connection pool queue on CI (#25687)" (#25714)
This reverts commit 796af077c5.

We have not seen checkout timeout errors since c30aeafd9d
2024-02-16 10:11:46 +08:00
Alan Guo Xiang Tan
64b4e0d08d
DEV: First pass of ThemeSettingsObjectValidator (#25624)
Why this change?

This is a first pass at adding an objects validator which main's job is
to validate an object against a defined schema which we will support. In
this pass, we are simply validating that properties that has been marked
as required are present in the object.
2024-02-16 09:35:16 +08:00
Osama Sayegh
cfdb461e9a
PERF: Pass the -ping option to the identify ImageMagick command to speed it up (#25697)
The `-ping` option significantly speeds up the ImageMagick `identify` command per our testing and the [documentation](https://imagemagick.org/script/command-line-options.php#ping):

> -ping
Efficiently determine these image characteristics: image number, the file name, the width and height of the image, whether the image is colormapped or not, the number of colors in the image, the number of bytes in the image, the format of the image (JPEG, PNM, etc.). Use +ping to ensure accurate image properties.

We already pass the `-ping` option in other places where the `identify` command is used, so it makes sense to use the option everywhere.

Internal topic: t/121431.
2024-02-15 18:55:39 +03:00
Sam
4346abe260
FEATURE: apply pinning to hot topic lists (#25690)
pinned topics should be pinned even on hot lists so it can be used as a
home page
2024-02-15 18:27:54 +11:00
Alan Guo Xiang Tan
796af077c5
DEV: Debug AR connection pool queue on CI (#25687)
Why this change?

On CI, we have been seeing flaky system tests because ActiveRecord is
unable to checkout a connection. This patch is meant to help us debug
which thread is not returning the connection to the queue.
2024-02-15 14:00:30 +08:00
Blake Erickson
bb261094cf
FEATURE: Auto generate and display video preview image (#25633)
This change will allow auto generated video thumbnails to be used
instead of the black video thumbnail that overlays videos.

Follow up to: 2443446e62
2024-02-14 13:43:53 -07:00
Kris
faf0807b37
FIX: email category badges shouldn't use category text color (#25655) 2024-02-13 10:18:36 -05:00
David Battersby
d7dd871d9f
FIX: quoted private topic url respects subfolder install (#25643)
Fixes an issue where private topics that are quoted have an incorrectly formatted url when using a subfolder install.

This update returns a relative url that includes the base_path rather than a combination of base_url + base_path.
2024-02-13 13:20:24 +08:00
Penar Musaraj
021a02c3d8
FIX: Webauthn origin was incorrect for subfolder setups (#25651) 2024-02-12 16:27:24 -05:00
Martin Brennan
cf4d92f686
FIX: Change max_image_megapixels logic (#25625)
This commit changes `max_image_megapixels` to be used
as is without multiplying by 2 to give extra leway.
We found in reality this was just causing confusion
for admins, especially with the already permissive
40MP default.
2024-02-12 09:56:43 +10:00
Kris
c49eb373de
FIX: render category badge styles inline for email (#25487) 2024-02-09 15:29:11 -05:00
David Taylor
ee08a8c52b
Revert "FIX: Omit CSP nonce and hash values when unsafe-inline enabled (#25590)" (#25609)
This reverts commit 767b49232e.

If anything else (e.g. GTM integration) introduces a nonce/hash, then this change stops the splash screen JS to fail and makes sites unusable.
2024-02-08 11:44:09 +00:00
Alan Guo Xiang Tan
fb0e656cb7
DEV: Refactor subclasses in ThemeSettingsManager to individual files (#25605)
Why this change?

One Ruby class per file improves readability
2024-02-08 12:59:52 +08:00
Martin Brennan
7ce76143ac
FIX: Always trust admin and moderators with post edits (#25602)
Removes duplication from LimitedEdit to see who can edit
posts, and also removes the old trust level setting check
since it's no longer necessary.

Also make it so staff can always edit since can_edit_post?
already has a staff escape hatch.
2024-02-08 13:10:26 +10:00
Alan Guo Xiang Tan
9f884cdaab
DEV: Introduce experimental type: objects theme setting (#25538)
Why this change?

This commit introduces an experimental `type: objects` theme setting
which will allow theme developers to store a collection of objects as
JSON in the database. Currently, the feature is still in development and
this commit is simply setting up the ground work for us to introduce the
feature in smaller pieces.

What does this change do?

1. Adds a `json_value` column as `jsonb` data type to the `theme_settings` table.
2. Adds a `experimental_objects_type_for_theme_settings` site setting to
   determine whether `ThemeSetting` records of with the `objects` data
   type can be created.
3. Updates `ThemeSettingsManager` to support read/write access from the
   `ThemeSettings#json_value` column.
2024-02-08 10:20:59 +08:00
Martin Brennan
4ce1c2c030
FIX: Always allow staff (admins & mods) to post links (#25601)
Followup fb087b7ff6

post_links_allowed_groups is an odd check tied to
unrestricted_link_posting? in PostGuardian, in that
it doesn't have an escape hatch for staff like most
of the rest of these group based settings.

It doesn't make sense to exclude admins or mods from
posting links, so just always allow them to avoid confusion.
2024-02-08 11:19:28 +10:00
Daniel Waterworth
30922855f2
PERF: Don't allow a single user to monopolize the defer queue (#25593) 2024-02-07 13:47:50 -06:00
David Taylor
767b49232e
FIX: Omit CSP nonce and hash values when unsafe-inline enabled (#25590)
Browsers will ignore unsafe-inline if nonces or hashes are included in the CSP. When unsafe-inline is enabled, nonces and hashes are not required, so we can skip them.

Our strong recommendation remains that unsafe-inline should not be used in production.
2024-02-07 12:35:35 +00:00
David Taylor
dea753a204
FIX: Restore support for .js.es6 files in PrettyText (#25588)
Regressed in 1757a688c4

https://meta.discourse.org/t/294155
2024-02-07 09:34:31 +00:00
Ted Johansson
95a2d285d3
FEATURE: Add new 'illegal' flag reason (#25498)
To comply with Digital Services Act we need a way for users to flag a post as potentially illegal. This PR adds that functionality.
2024-02-07 10:12:22 +08:00
Arpit Jalan
badc390ebe
FEATURE: allow disabling user activity tab for non admin users (#25540)
* FEATURE: allow disabling user activity tab for non admin users

* add another test case
2024-02-05 14:30:36 +05:30
David Taylor
1df9186526
FIX: Plugin image assets in production (#25547)
Followup to 1757a688c4
2024-02-02 19:06:16 +00:00
Ted Johansson
2da7c74e60
DEV: Remove TagGuardian#can_create_tag? fallback (#25535)
We've changed access settings to be group membership based rather than based on the TL value directly. We kept both conditions here while we updated any plugins and themes. It should now be safe to remove.
2024-02-02 13:48:53 +08:00
David Taylor
1757a688c4
DEV: Remove sprockets from plugin 'extra js' pipeline (#25502)
JS assets added by plugins via `register_asset` will be outside the `assets/javascripts` directory, and are therefore exempt from being transpiled. That means that there isn't really any need to run them through DiscourseJsProcessor. Instead, we can just concatenate them together, and avoid the need for all the sprockets-wrangling.

This commit also takes the opportunity to clean up a number of plugin-asset-related codepaths which are no longer required (e.g. globs, handlebars)
2024-02-01 11:48:31 +00:00
Neil Lalonde
fb469e7e2f
FIX: use feedback_category placeholder in i18n string (#25514)
https://review.discourse.org/t/71308/4
2024-01-31 19:40:30 -05:00
Alan Guo Xiang Tan
e61608d080
FIX: Remap postgres text search proximity operator (#25497)
Why this change?

Since 1dba1aca27, we have been remapping
the `<->` proximity operator in a tsquery to `&`. However, there is
another variant of it which follows the `<N>` pattern. For example, the
following text "end-to-end" will eventually result in the following
tsquery `end-to-end:* <-> end:* <2> end:*` being generated by Postgres.
Before this fix, the tsquery is remapped to `end-to-end:* & end:* <2>
end:*` by us. This is requires the search data which we store to contain
`end` at exactly 2 position apart. Due to the way we limit the
number of duplicates in our search data, the search term may end up not
matching anything. In bd32912c5e, we made
it such that we do not allow any duplicates when indexing a topic's
title. Therefore, search for `end-to-end` against a topic title with
`end-to-end` will never match because our index will only contain one
`end` term.

What does this change do?

We will remap the `<N>` variant of the proximity operator.
2024-02-01 07:20:46 +08:00
Jordan Vidrine
f2ac9e4c12
UX: Refactor Do Not Disturb indicator (#25508) 2024-01-31 16:56:07 -06:00
Neil Lalonde
ba68ee4da7
FIX: missing translation of guidelines_topic.body (#25505)
Broken in https://github.com/discourse/discourse/pull/25253
2024-01-31 15:33:09 -05:00
Martin Brennan
575bc4af73
FIX: Remove newlines from img alt & title in HTML to markdown parser (#25473)
We were having a minor issue with emails with embedded images
that had newlines in the alt string; for example:

```
<p class="MsoNormal"><span style="font-size:11.0pt"><img width="898"
height="498" style="width:9.3541in;height:5.1875in" id="Picture_x0020_5"
src="cid:image003.png@01DA4EBA.0400B610" alt="A screenshot of a computer
program

Description automatically generated"></span><span
style="font-size:11.0pt"><o:p></o:p></span></p>
```

Once this was parsed and converted to markdown (or directly to HTML
in some cases), this caused an issue in the composer and the post
UI, where the markdown parser didn't know how to deal with this,
making the HTML show directly instead of showing an image.

The easiest way to deal with this is to just strip \n from image
alt and title attrs in the HTMLToMarkdown class.
2024-01-31 10:23:09 +10:00
Isaac Janzen
491e7a3429
DEV: Don't create backups during version bumps (#25484) 2024-01-30 11:41:15 -07:00
Isaac Janzen
a4022f69f3
Bump version to v3.3.0.beta1-dev 2024-01-30 10:37:25 -07:00
Isaac Janzen
b2b1e721b5
Bump version to v3.2.0.beta5 2024-01-30 10:37:25 -07:00
David Taylor
283fe48243
DEV: Update confirm-email flows to use central 2fa and ember rendering (#25404)
These routes were previously rendered using Rails, and had a fairly fragile 2fa implementation in vanilla-js. This commit refactors the routes to be handled in the Ember app, removes the custom vanilla-js bundles, and leans on our centralized 2fa implementation. It also introduces a set of system specs for the behavior.
2024-01-30 10:32:42 +00:00
David Taylor
2457553d0a
FIX: Avoid flash-of-unstyled-content in Safari with bug workaround (#25462)
Safari has a bug which means that scripts with the `defer` attribute are executed before stylesheets have finished loading. This is being tracked at https://bugs.webkit.org/show_bug.cgi?id=209261.

This commit works around the problem by introducing a no-op inline `<script>` to the end of our HTML document. This works because defer scripts are guaranteed to run after inline scripts, and inline scripts are guaranteed to run after any preceding stylesheets.

Technically we only need this for Safari. But given that the cost is so low, it makes sense to include it everywhere rather than incurring the complexity of gating it by user-agent.
2024-01-29 17:20:44 +00:00
David Taylor
1bfccdd4f2
DEV: Allow run_second_factor! to be used before login (#25420)
In a handful of situations, we need to verify a user's 2fa credentials before `current_user` is assigned. For example: login, email_login and change-email confirmation. This commit adds an explicit `target_user:` parameter to the centralized 2fa system so that it can be used for those situations.

For safety and clarity, this new parameter only works for anon. If some user is logged in, and target_user is set to a different user, an exception will be raised.
2024-01-29 12:28:47 +00:00
Ted Johansson
7e5d2a95ee
DEV: Convert min_trust_level_to_tag_topics to groups (#25273)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_level_to_tag_topics site setting to tag_topic_allowed_groups.
2024-01-26 13:25:03 +08:00
Sérgio Saquetim
d34a7916c0
DEV: Move Plugin::Instance.register_search_group_query_callback out of protected (#25413) 2024-01-25 13:36:43 -03:00
Martin Brennan
74fd883a89
DEV: Improve site setting rename generator (#25354)
We need to be able to generate these migrations
for plugin settings as well. Also, we can use the
type supervisor to get the enum data in a nicer way.
2024-01-25 10:45:46 +10:00
Martin Brennan
0e50f88212
DEV: Move min_trust_to_post_embedded_media to group setting (#25238)
c.f. https://meta.discourse.org/t/we-are-changing-giving-access-to-features/283408
2024-01-25 09:50:59 +10:00
Leonardo Mosquera
508e2e601c
FIX: FinalDestination::HTTP: validate address argument (#25407)
This would only be empty due to a programming error elsewhere, but
checking this here is a failstop so that it doesn't go further.
2024-01-24 18:50:42 -03:00
Vinoth Kannan
ecb7fb0481
FEATURE: add option to sort topic query result via plugin. (#25349)
Previously, it was not possible to modify the sorting order of the `TopicQuery` result from a plugin. This feature adds support to specify custom sorting functionality in a plugin. We're using the `apply_modifier` method in the `DiscoursePluginRegistry` module to achieve it.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2024-01-24 12:58:12 +05:30
Roman Rizzi
a709b7e861
FIX: Allow sanitized-HTML in GH issues and categories oneboxes. (#25374)
Follow-up to d78357917c

Related meta topic: https://meta.discourse.org/t/html-is-not-render-on-category-onebox-description/289424:
2024-01-22 15:25:29 -03:00
Jarek Radosz
5278734fe2
FIX: Ignore invalid images when shrinking uploads (#25346) 2024-01-22 12:10:29 +01:00
Jan Cernik
d401502834
FIX: Localize text in github oneboxes (#25327) 2024-01-19 11:26:06 -03:00
Gerhard Schlager
a417760337
FIX: Rake task executed wrong method (#25323)
Rake files share methods with all other rake files and there is already a `rebake_posts` method in another rake file.
2024-01-19 12:55:24 +01:00
Ted Johansson
d17ae1563d
DEV: Convert min_trust_level_for_user_api_key to groups (#25299)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_level_for_user_api_key  site setting to user_api_key_allowed_groups.

This isn't used by any of our plugins or themes, so very little fallout.
2024-01-19 11:25:24 +08:00
Ted Johansson
46f1c209be
FIX: Account for moderators in group to TL mapping (#25326)
If configuring only moderators in a group based access setting, the mapping to the old setting wouldn't work correctly, because the case was unaccounted for.

This PR accounts for moderators group when doing the mapping.
2024-01-19 11:10:28 +08:00
Ruben Oussoren
0c0f486647
Corrected reply_to_user_id to reference original posters ID instead of itself. (#25307) 2024-01-18 09:02:45 -05:00
Ted Johansson
fb087b7ff6
DEV: Convert min_trust_to_post_links to groups (#25298)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_to_post_links  site setting to post_links_allowed_groups.

This isn't used by any of our plugins or themes, so very little fallout.
2024-01-18 14:08:40 +08:00
Gerhard Schlager
1a8cf92be1
DEV: Update reply_to_user_id after bulk imports (#25289) 2024-01-17 20:47:01 +01:00
Bianca Nenciu
abad38c2e7
DEV: Make lazy_load_categories setting use groups (#25282)
This allows certain users to test the new feature and avoid disruptions
in other's workflows.
2024-01-17 20:26:51 +02:00
Sam
df8bb947b2
FEATURE: improvements to hot algorithm (#25295)
- Decrease gravity, we come in too hot prioritizing too many new topics
- Remove all muted topics / categories and tags from the hot list
- Punish topics with zero likes in algorithm
2024-01-17 16:12:03 +11:00
Sam
ebd3971533
FEATURE: experiment with hot sort order (#25274)
This introduces a new experimental hot sort ordering. 

It attempts to float top conversations by first prioritizing a  topics with lots of recent activity (likes and users responding) 

The schedule that updates hot topics is disabled unless the hidden site setting: `experimental_hot_topics` is enabled. 

You can control "decay" with `hot_topic_gravity` and `recency` with `hot_topics_recent_days` 

Data is stored in the new `topic_hot_scores` table and you can check it out on the `/hot` route once 
enabled. 
---------

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2024-01-17 13:01:04 +11:00
Gerhard Schlager
241bf48497 DEV: Allow rebakes to generate optimized images at the same time
Previously only Sidekiq was allowed to generate more than one optimized image at the same time per machine. This adds an easy mechanism to allow the same in rake tasks and other tools.
2024-01-16 14:33:16 +01:00
Alan Guo Xiang Tan
c33a8d658b
DEV: Avoid duplicating constant between client and server (#25179)
Why this change?

While the constant does not change very often, we should still avoid
duplicating the value of a constant used on the server side in the
client side to avoid the values going out of sync.
2024-01-16 09:50:55 +08:00
Alan Guo Xiang Tan
22614ca85b
DEV: Compile theme migrations javascript files when running theme qunit (#25219)
Why this change?

Currently, is it hard to iteratively write a theme settings migrations
because our theme migrations system does not rollback. Therefore, we
want to allow theme developers to be able to write QUnit tests for their
theme migrations files enabling them to iteratively write their theme
migrations.

What does this change do?

1. Update `Theme#baked_js_tests_with_digest` to include all `ThemeField`
records of `ThemeField#target` equal to `migrations`. Note that we do
not include the `settings` and `themePrefix` variables for migration files.

2. Don't minify JavaScript test files becasue it makes debugging in
   development hard.
2024-01-16 09:50:44 +08:00
David Taylor
a562214f56
FIX: Update global rate limiter keys/messages to clarify user vs ip (#25264) 2024-01-15 19:54:50 +00:00
David Taylor
59c2407e18
FEATURE: add username header to global-rate-limited responses (#25265)
This will make it easier to analyze rate limiting in reverse-proxy logs. To make this possible without a database lookup, we add the username to the encrypted `_t` cookie data.
2024-01-15 19:50:37 +00:00
Penar Musaraj
f2cf5434f3
Revert "DEV: Convert min_trust_level_to_tag_topics to groups (#25258)" (#25262)
This reverts commit c7e3d27624 due to
test failures. This is temporary.
2024-01-15 11:33:47 -05:00
Ted Johansson
c7e3d27624
DEV: Convert min_trust_level_to_tag_topics to groups (#25258)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_level_to_tag_topics site setting to tag_topic_allowed_groups.
2024-01-15 20:59:08 +08:00
Mark VanLandingham
66fb2257cf
DEV: Add apply_modifier in Email::Renderer for html modifications (#25205) 2024-01-12 09:14:55 -06:00
Daniel Waterworth
30bea5c7c2
FIX: Don't use joins to filter (#24904)
Posts may have multiple uploads/upload references.
2024-01-11 16:11:29 +11:00
Martin Brennan
08d641d932
DEV: Convert review_media_unless_trust_level to group-based setting (#25201)
This commit moves the review_media_unless_trust_level setting
to skip_review_media_groups as part of our move from TL to group
based settings.

c.f. https://meta.discourse.org/t/changes-coming-to-settings-for-giving-access-to-features-from-trust-levels-to-groups/283408
2024-01-11 13:43:01 +10:00
Blake Erickson
6ebe61ecec
FIX: Logs api scope not working (#25215) 2024-01-10 19:30:10 -07:00
Bianca Nenciu
c916806fe8
FIX: Serialize categories when viewing a topic (#25206)
When navigating straight to a topic the category was not displayed at
all because the categories were not loaded. Similarly, the categories
for suggested topics were not loaded either.

This commit adds a list of categories to topic view model class and
serializer.
2024-01-10 20:30:59 +02:00
David Taylor
7a8cbf8422
DEV: Switch default Ember version to 5 (#25203)
https://meta.discourse.org/t/287211
2024-01-10 12:12:36 +00:00
Vinoth Kannan
992211350a
FEATURE: option to sort user and group private messages. (#25146)
The UI will be the same as the one we're using in the topic list in "latest", "top" etc.,
2024-01-10 13:33:30 +05:30
Ted Johansson
e4494b26fd
DEV: Convert min_trust_to_send_email_messages to groups (#24942)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_to_send_email_messages site setting to send_email_messages_allowed_groups.
2024-01-09 09:47:06 +08:00
marstall
3837657449
FIX: refactor calling of timed backup deletion
refactor calling of timed backup deletion so it runs regardless of SiteSetting.automatic_backups_enabled value
2024-01-08 15:41:00 -05:00
Penar Musaraj
d795a59fab
Bump version to v3.2.0.beta5-dev 2024-01-08 12:41:52 -05:00
Penar Musaraj
f953d9b113
Bump version to v3.2.0.beta4 2024-01-08 12:41:51 -05:00
Isaac Janzen
e463bc9a67
Revert "DEV: Version bumps for main: v3.2.0.beta4, v3.2.0.beta5-dev (#25168)" (#25169)
This reverts commit ab0fea3f42.
2024-01-08 10:24:04 -07:00
Isaac Janzen
ab0fea3f42
DEV: Version bumps for main: v3.2.0.beta4, v3.2.0.beta5-dev (#25168)
* Bump version to v3.2.0.beta4
* Bump version to v3.2.0.beta5-dev
2024-01-08 10:07:33 -07:00
Martin Brennan
628873de24
FIX: Sort plugins by their setting category name (#25128)
Some plugins have names (e.g. discourse-x-yz) that
are totally different from what they are actually called,
and that causes issues when showing them in a sorted way
in the admin plugin list.

Now, we should use the setting category name from client.en.yml
if it exists, otherwise fall back to the name, for sorting.
This is what we do on the client to determine what text to
show for the plugin name as well.
2024-01-08 09:57:25 +10:00
Ted Johansson
a5f0935307
DEV: Convert min_trust_level_to_create_tag to groups (#24899)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_level_to_create_tag  site setting to create_tag_allowed_groups.

This PR maintains backwards compatibility until we can update plugins and themes using this.
2024-01-05 10:19:43 +08:00
David Taylor
451581d50a
DEV: Remove unmaintained tidy-jsdoc dependency (#25110)
This was used by chat's HTML documentation experiment. That documentation experiment isn't being actively used/updated, but may be revisited in future. Therefore, this commit updates the jsdoc config to remove the custom theme, but keeps it functional (with the default jsdoc theme).
2024-01-03 10:30:54 +00:00
Martin Brennan
e8deed874b
FIX: Do not allow setting admin and staff for TrustLevelSetting (#25107)
This fixes an issue where any string for an enum site setting
(such as TrustLevelSetting) would be converted to an integer
if the default value for the enum was an integer. This is an
issue because things like "admin" and "staff" would get silently
converted to 0 which is "valid" because it's TrustLevel[0],
but it's unexpected behaviour. It's best to just let the site
setting validator catch this broken value.
2024-01-03 16:55:28 +10:00
Alan Guo Xiang Tan
5530cb574b
DEV: Fix test incorrectly removing stylesheet cache of other processes (#25103)
Why this change?

The `can survive cache miss` test in `spec/requests/stylesheets_controller_spec.rb`
was failing because the file was not found on disk for the cache to be
regenerated. This is because a test in
`spec/lib/stylesheet/manager_spec.rb` was removing the entire
`tmp/stylesheet-cache` directory which is incorrect because the folder
in the test environment further segretates the stylesheet caches based
on the process of the test.

What does this change do?

1. Introduce `Stylesheet::Manager.rm_cache_folder` method for the test
   environment to properly clean up the cache folder.

2. Make `Stylesheet::Manager::CACHE_PATH` a private constant since the
   cache path should be obtained from the `Stylesheet::Manager.cache_fullpath` method.
2024-01-03 13:15:35 +08:00
Kris
e8509ddf50
FIX: github onebox styles for commits (#25098) 2024-01-02 17:29:56 -05:00
David Taylor
7d0e0c3110
DEV: Collect css assets from webpack build (#25087)
fb95ab8e00 started depending on webpack-bundled CSS, but css files weren't being collected by Sprockets or uploaded to S3.
2024-01-02 12:45:34 +00:00
Alan Guo Xiang Tan
655c106101
DEV: Capture and log AR debug logs on GitHub actions for flaky tests (#25048)
Why this change?

We have been running into flaky tests which seems to be related to
AR transaction problems. However, we are not able to reproduce this
locally and do not have sufficient information on our builds now to
debug the problem.

What does this change do?

Noe the following changes only applies when `ENV["GITHUB_ACTIONS"]` is
present.

This change introduces an RSpec around hook when `capture_log: true` has
been set for a test. The responsibility of the hook is to capture the
ActiveRecord debug logs and print them out.
2023-12-27 14:40:00 +08:00
Ted Johansson
b890eb1bd2
DEV: Convert min_trust_to_allow_self_wiki to groups (#25009)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_to_allow_self_wiki site setting to self_wiki_allowed_groups.

Nothing of note here. This is used in exactly one place, and there's no fallout.
2023-12-27 09:21:39 +08:00
Martin Brennan
89705be722
DEV: Add auto map from TL -> group site settings in DeprecatedSettings (#24959)
When setting an old TL based site setting in the console e.g.:

SiteSetting.min_trust_level_to_allow_ignore = TrustLevel[3]

We will silently convert this to the corresponding Group::AUTO_GROUP. And vice-versa, when we read the value on the old setting, we will automatically get the lowest trust level corresponding to the lowest auto group for the new setting in the database.
2023-12-26 14:39:18 +08:00
Alan Guo Xiang Tan
cfec408bc1
DEV: Remove flaky tests report when there are too many failures (#25031)
Why this change?

Currently we only rerun failing tests to check if they are flaky tests
when there are 10 or less failing tests. When there are more than 10
failing tests in the first run, we assume that the odds of those tests
being flaky are low and do not rerun the tests. However, there was a bug
where we do not clean up the potential flaky tests being logged when
there are too many test failures. This resulted in those test failures
being treated as flaky tests.

What does this change do?

Clean up the flaky tests report when we do not rerun the tests.
2023-12-26 09:23:17 +08:00
Krzysztof Kotlarek
d03f6727b1
FIX: TL3 can convert their post to a wiki (#25023)
A bug that allowed TL1 to convert other's posts to wiki.

The issue was introduced in this PR: https://github.com/discourse/discourse/pull/24999/files

The wiki can be created if a user is TL3 and it is their own post - default 3 for setting `SiteSetting.min_trust_to_allow_self_wiki`

In addition, a wiki can be created by staff and TL4 users for any post.
2023-12-23 21:31:46 +11:00
Krzysztof Kotlarek
025e40354c
FIX: correct typo minmin_trust_to_edit_wiki_post (#24999)
Typo introduced here https://github.com/discourse/discourse/pull/24766#pullrequestreview-1792187422

In addition, use setting instead of hard-coded @user.has_trust_level?(TrustLevel[4])
2023-12-22 08:39:42 +11:00
Martin Brennan
7fcef5f2f9
FIX: Show admin plugin route sub-links in sidebar (#24982)
This changes the Plugins link in the admin sidebar to
be a section instead, which then shows all enabled plugin
admin routes (which are custom routes some plugins e.g.
chat define).

This is done via adding some special preloaded data for
all controllers based on AdminController, and also specifically
on Admin::PluginsController, to have the routes loaded without
additional requests on page load.

We just use a cog for all the route icons for now...we don't
have anything better.
2023-12-21 11:37:20 +10:00
Blake Erickson
43a6c1b7cc
FIX: Have file size restriction type return integers (#24989) 2023-12-20 10:17:10 -07:00
Krzysztof Kotlarek
4c8bc34475
DEV: Custom generator for move setting from tl to groups (#24912)
Ability to automatically generate migration when site setting is changed from trust level to groups.

Example usage:

rails generate site_setting_move_to_groups_migration min_trust_to_create_topic create_topic_allowed_groups
2023-12-19 10:52:28 +11:00
Ted Johansson
0edf39409c
DEV: Convert min_trust_level_to_allow_ignore to groups (#24894)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_level_to_allow_ignore  site setting to ignore_allowed_groups.

This PR maintains backwards compatibility until we can update plugins and themes using this.
2023-12-18 13:04:37 +08:00
Ted Johansson
6ab1a19e93
DEV: Convert min_trust_level_to_allow_invite to groups (#24893)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_level_to_allow_invite  site setting to invite_allowed_groups.

Nothing much of note. This is used in one place and there's no fallout.
2023-12-18 12:07:36 +08:00
Krzysztof Kotlarek
1f72152e47
DEV: Remove usage of min_trust_to_create_topic SiteSetting (#24887)
Using min_trust_to_create_topic and create_topic_allowed_groups together was part of #24740

Now, when plugins specs are fixed, we can safely remove that part of logic.
2023-12-18 13:39:53 +11:00
Martin Brennan
6de00f89c2
FEATURE: Initial admin sidebar navigation (#24789)
This is v0 of admin sidebar navigation, which moves
all of the top-level admin nav from the top of the page
into a sidebar. This is hidden behind a enable_admin_sidebar_navigation
site setting, and is opt-in for now.

This sidebar is dynamically shown whenever the user enters an
admin route in the UI, and is hidden and replaced with either
the:

* Main forum sidebar
* Chat sidebar

Depending on where they navigate to. For now, custom sections
are not supported in the admin sidebar.

This commit removes the experimental admin sidebar generation rake
task but keeps the experimental sidebar UI for now for further
testing; it just uses the real nav as the default now.
2023-12-18 11:48:25 +10:00
Andrei Prigorshnev
6e2201135f
DEV: Introduce plugin API for getting stats (#24829)
Before, when needed to get stats in a plugin, we called Core classes directly. 
Introducing plugin API will decouple plugins from Core and give as more freedom 
in refactoring stats in Core. Without this API, I wasn't able to do all refactorings 
I wanted when working on d91456f.
2023-12-15 23:47:20 +04:00
Kelv
2477bcc32e
DEV: lint against Layout/EmptyLineBetweenDefs (#24914) 2023-12-15 23:46:04 +08:00
Blake Erickson
7aeb5d6012
FIX: Unable to move pm to public topic (#24903)
* FIX: guard against empty category_ids when creating small action post for changing of category

Co-authored-by: Kelvin Tan <kelv@discourse.org>
2023-12-14 12:31:38 -07:00
Alan Guo Xiang Tan
c437b9f5f2
DEV: Include exception details for each test in flaky tests report (#24892)
Why this change?

The exception message and name is useful when analyzing why a test
failed.
2023-12-14 11:11:11 +08:00