Commit Graph

2827 Commits

Author SHA1 Message Date
Martin Brennan
3c5fb871c0 SECURITY: Filter unread bookmark reminders the user cannot see
There is an edge case where the following occurs:

1. The user sets a bookmark reminder on a post/topic
2. The post/topic is changed to a PM before or after the reminder
   fires, and the notification remains unread by the user
3. The user opens their bookmark reminder notification list
   and they can still see the notification even though they cannot
   access the topic anymore

There is a very low chance for information leaking here, since
the only thing that could be exposed is the topic title if it
changes to something sensitive.

This commit filters the bookmark unread notifications by using
the bookmarkable can_see? methods and also prevents sending
reminder notifications for bookmarks the user can no longer see.
2023-11-09 13:39:16 +11:00
Andrei Prigorshnev
be2eb3df44
FIX: user got notified about a mention inside a chat message quote (#24229)
When quoting a chat message in a post, if that message contains a mention, 
that mention should be ignored. But we've been detecting them and sending 
notifications to users. This PR fixes the problem. Since this fix is for 
the chat plugin, I had to introduce a new API for plugins:

    # We strip posts before detecting mentions, oneboxes, attachments etc. 
    # We strip those elements that shouldn't be detected. For example, 
    # a mention inside a quote should be ignored, so we strip it off. 
    # Using this API plugins can register their own post strippers. 
    def register_post_stripper(&block) 
    end
2023-11-08 23:13:25 +04:00
Jordan Vidrine
9d1e8265da
FEATURE: Add ability to hide modal header (#24290) 2023-11-08 12:15:35 -06:00
Martin Brennan
c2b143860a
Update plugin.rb metadata (#24213)
Co-authored-by: AlexDev <104522507+alexdevlaeminck@users.noreply.github.com>
2023-11-07 15:14:10 -08:00
Discourse Translator Bot
5fa46e6995
Update translations (#24177) 2023-11-07 21:31:20 +01:00
Joffrey JAFFEUX
dcaa719363
FIX: correctly handle subscriptions (#24270)
Subscriptions manager have been a pain since the beginning, one of the problem is that thread and channels behave mostly the same but with various small difference which I expect to increase over time.

Trying to use subclasses for this case has proven to be a mistake, this commit now uses a class for each case (channel, thread) which for now contains a lot of duplication, which might be reduced in the future but has the merit to make reasoning about each case very simple.

This refactor is fixing a bug introduced in 90efdd7f9d which was causing the wrong channel to be unsubscribed, this shouldn't be possible anymore. We had tests for this which were disabled due to flakeyness, I will consider re-enabling them in the future.

Other notes:
- notices had been added to the subscriptions manager service, they have been moved into their own dedicated service: `ChatChannelNoticesManager`
- the `(each model)` trick used in `<ChatChannel />` since 90efdd7f9d to ensure atomicity has been applied to `<ChatThread />` too
2023-11-07 16:37:42 +01:00
Joffrey JAFFEUX
039d060832
DEV: improves reliability of delete/restore/update specs (#24265) 2023-11-07 11:34:35 +01:00
David Battersby
f20b6a0cc3
FEATURE: chat redesign - back button to exit threads (#24189)
Chat redesign work to improve chat navigation:

- New header title with channel name (thread list on mobile)
- New header title without channel name (thread list on full page chat)
- Removes the close button on threads (mobile only)
- Updates to back button route within thread (mobile), taking user to:
    - The thread index, if they accessed the thread from the thread index.
    - The channel itself, if they accessed the thread directly from the channel.
    - The channel itself, if they accessed the thread from a notification.
- Show thread title in chat drawer header
- Properly convert emoji in thread titles in chat header (all devices)
- Upgrades various templates to use gjs format.
2023-11-07 16:01:09 +08:00
Joffrey JAFFEUX
2797e0478e
FIX: target chat-message-text only on secondary action (#24255)
This is not necessary for other cases and was breaking specs. This commit also avoids using chat service when not necessary.
2023-11-07 00:45:13 +01:00
Joffrey JAFFEUX
2bd4cf69d0
FIX: targeting chat-message-text is more reliable (#24245) 2023-11-07 00:05:53 +01:00
Godfrey Chan
9a1695ccc1
DEV: remove markdown-it-bundle and custom build code (#23859)
With Embroider, we can rely on async `import()` to do the splitting
for us.

This commit extracts from `pretty-text` all the parts that are
meant to be loaded async into a new `discourse-markdown-it` package
that is also a V2 addon (meaning that all files are presumed unused
until they are imported, aka "static").

Mostly I tried to keep the very discourse specific stuff (accessing
site settings and loading plugin features) inside discourse proper,
while the new package aims to have some resembalance of a general
purpose library, a MarkdownIt++ if you will. It is far from perfect
because of how all the "options" stuff work but I think it's a good
start for more refactorings (clearing up the interfaces) to happen
later.

With this, pretty-text and app/lib/text are mostly a kitchen sink
of loosely related text processing utilities.

After the refactor, a lot more code related to setting up the
engine are now loaded lazily, which should be a pretty nice win. I
also noticed that we are currently pulling in the `xss` library at
initial load to power the "sanitize" stuff, but I suspect with a
similar refactoring effort those usages can be removed too. (See
also #23790).

This PR does not attempt to fix the sanitize issue, but I think it
sets things up on the right trajectory for that to happen later.

Co-authored-by: David Taylor <david@taylorhq.com>
2023-11-06 16:59:49 +00:00
Joffrey JAFFEUX
90efdd7f9d
PERF: cook message in background (#24227)
This commit starts from a simple observation: cooking messages on the hot path can be slow. Especially with a lot of mentions.

To move cooking from the hot path, this commit has made the following changes:

- updating cooked, inserting mentions and notifying user of new mentions has been moved inside the `process_message` job. It happens right after the `Chat::MessageProcessor` run, which is where the cooking happens.
- the similar existing code in `rebake!` has also been moved to rely on the `process_message`job only
- refactored `create_mentions` and `update_mentions` into one single `upsert_mentions` which can be called invariably
- allows services to decide if their job is ran inline or later. It avoids to need to know you have to use `Jobs.run_immediately!` in this case, in tests it will be inline per default
- made various frontend changes to make the chat-channel component lifecycle clearer. we had to handle `did-update @channel` which was super awkward and creating bugs with listeners which the changes of the PR made clear in failing specs
- adds a new `-processed` (and `-not-processed`) class on the chat message, this is made to have a good lifecyle hook in system specs
2023-11-06 15:45:30 +01:00
David Battersby
65759c126b
FIX: add dominant color attribute to chat image uploads (#24214)
When uploading images, they are assigned a dominant color which gets used in various places, such as Discourse Hub and the new lightbox. Previously in chat we didn't assign this attribute, so it was defaulting to a null value. We did however use it as an inline CSS style for the image background (which is visible while the image is downloaded).

This change adds data-dominant-color to the uploaded image in chat and uses it correctly within lightbox.
2023-11-02 19:22:59 +08:00
Andrei Prigorshnev
a32fce9e1d
FIX: Further optimize mentioning groups in chat messages (part 2) (#24185)
This is a follow-up to e6299a3. I additionally fixed these three things:

1. Since e6299a3 there's no need anymore to join the group_users table 
when looking for users who were reached by a group mention, so 
I removed that join in that commit. But turned out we were joining 
the group_users table twice, so I removed the second join in this PR. 
That drastically speeded up my test query, from 6 sec to 0.26 sec.
2. We also were joining twice the user_chat_channel_memebership table, 
so I removed the second unnecessary join too.
3. We actually need to join the user_chat_channel_memebership table 
only in certain cases, and we don't need to do that for group mentions, 
so I fixed that too.

As a result of these changes, time of my test query fall down from 
6 sec to 0.001 sec. And the resulting SQL query now contains only 
one JOIN statement.
2023-11-01 17:05:54 +04:00
Andrei Prigorshnev
e6299a310f
FIX: Further optimize mentioning groups in chat messages (#24122)
A follow-up to faac6773. This PR eliminates one more heavy join by forcing 
Active Record to do two queries instead.

Also, along the way, I made this change:
```
# this generates two quries to the groups table
def groups_to_mention
  @groups_to_mention = mentionable_groups - groups_with_too_many_members
end

# so I changed it to (this makes only one query to the groups table):
def groups_to_mention
  @groups_to_mention ||= mentionable_groups.where("user_count <= ?", SiteSetting.max_users_notified_per_group_mention)
end
```
This one is kind of a premature optimization, because we don't have evidence that 
this extra query is a problem, but it seems cleaner this way.

Commits history on this PR may help better understand the change.
2023-10-31 18:17:37 +04:00
Jan Cernik
6269134eed
FiX: Update date url for thread oneboxes (#24172) 2023-10-31 08:04:40 -03:00
Jan Cernik
4ef3066af5
FIX: Add rel=0 to youtube lazy videos url (#24173) 2023-10-31 08:04:23 -03:00
Kris
5e633708ac
UX: fix minor chat transcript overflow (#24158) 2023-10-30 16:31:01 -04:00
Joffrey JAFFEUX
4859340b2d
FIX: correctly display escaped thread titles (#24159)
Prior to this fix, titles with a quote `'` for example, would be rendered as: `&#x27`
2023-10-30 21:06:31 +01:00
chapoi
b6f9bc556e
UX: remove border radius and box shadow (#24135) 2023-10-27 11:02:42 +02:00
Joffrey JAFFEUX
db880d8ed7
DEV: adds a :chat_thread_created trigger (#24133)
Usage:

```ruby
DiscourseEvent.on(:chat_thread_created) do |thread|
end
```
2023-10-27 10:27:34 +02:00
David Battersby
8465324168
FEATURE: Add new chat indicator preference for Only Mentions (#23848)
Add new chat indicator preference within chat user preferences.

Enabling this option will mean that green notifications will only appear for mentions (within channels and DMs.

This change also enables mentions within direct messages.
2023-10-27 15:58:19 +08:00
Ted Johansson
d0915027a8
DEV: Remove deprecated queue_jobs site setting (#24127)
Using SiteSetting.queue_jobs= to configure job asynchronicity was deprecated here four years ago and marked for removal in version 2.9.0. This PR removes the fallback method we kept since then. The method was there because it was still being used in a bunch of plugin tests (now fixed.)
2023-10-27 11:05:02 +08:00
Joffrey JAFFEUX
ce801e3ff0
UX: improves support of window resize in chat (#24115)
- correctly respects min-width/height defined in css
- removes fixed width/height when resizing window
- reduces the min width of the side panel from 250px to 150px
2023-10-26 20:26:59 +02:00
Andrei Prigorshnev
faac6773c5
FIX: Optimize a slow query when mentioning groups in chat messages (#24103) 2023-10-26 17:37:54 +04:00
Jan Cernik
3f5a00e20f
FEATURE: Add onebox support for chat threads (#23580)
With this commit we now support onboxes of:
- channel
- channel message
- thread
- thread message
2023-10-25 14:30:39 +02:00
David Taylor
c3c557c2df
FIX: Correct import path in styleguide (#24092)
Followup to 605ec0ad9f
2023-10-25 12:13:38 +01:00
David Taylor
605ec0ad9f
DEV: Update styleguide to use real i18n helper implementation (#24080) 2023-10-25 10:15:19 +01:00
Martin Brennan
9db4eaa870
DEV: Change anonymous_posting_min_trust_level to a group-based setting (#24072)
No plugins or themes rely on anonymous_posting_min_trust_level so we
can just switch straight over to anonymous_posting_allowed_groups

This also adds an AUTO_GROUPS const which can be imported in JS
tests which is analogous to the one defined in group.rb. This can be used
to set the current user's groups where JS tests call for checking these groups
against site settings.

Finally a AtLeastOneGroupValidator validator is added for group_list site
settings which ensures that at least one group is always selected, since if
you want to allow all users to use a feature in this way you can just use
the everyone group.
2023-10-25 11:45:10 +10:00
Joffrey JAFFEUX
5fec841c19
FIX: ensures users can open channel invites (#24067)
We were incorrectly generating URLs with message id even when it was not provided, resulting in a route ending with "undefined", which was causing an error.

This commit also uses this opportunity to:
- move `invite_users` into a proper controller inside the API namespace
- refactors the code into a service: `Chat::InviteUsersToChannel`
2023-10-24 18:51:33 +02:00
Discourse Translator Bot
49c6671b60
Update translations (#24078) 2023-10-24 15:53:34 +02:00
Blake Erickson
99e4087ade
Fix spoiler-alert imports (#24066) 2023-10-23 15:14:58 -06:00
Blake Erickson
2633674b6f
FIX: Update path for spoiler-alert plugin (#24064)
Spoiler-alert plugin is now part of core
2023-10-23 15:04:54 -06:00
Blake Erickson
89580ee379
FEATURE: Bundle discourse-spoiler-alert plugin into core (#24030)
* FEATURE: Bundle discourse-spoiler-alert plugin into core

Formerly https://github.com/discourse/discourse-spoiler-alert

* DEV: Switch to new addComposerToolbarPopupMenuOption plugin API

`api.addToolbarPopupMenuOptionsCallback` has been deprecated in 913fd3a7b3

This commit was just added to the plugin, so adding it here.

49f86ba72e
2023-10-23 13:50:43 -06:00
Blake Erickson
b0e0b657b4
FEATURE: Bundle discourse-footnote plugin into core (#23995)
Formerly https://github.com/discourse/discourse-footnote
2023-10-23 13:48:56 -06:00
Jarek Radosz
c84fe69e10
DEV: Use @discourse/lint-configs (#24038) 2023-10-23 12:08:35 +02:00
David Battersby
f1e22dfebd
FEATURE: add grace period for chat edits (#23800)
This change allows users to edit their chat messages based on the criteria added to Site Settings.

If the grace period conditions are met then there will be no (edited) text applied to the message.

The following site settings are added to chat:

chat editing grace period (seconds since message created)
chat editing grace period max diff for low trust levels (number of characters changed)
chat editing grace period max diff for high trust levels (number of characters changed)
2023-10-23 16:40:30 +08:00
Joffrey JAFFEUX
7c057878e2
DEV: skips two flakey specs (#24044) 2023-10-22 18:50:04 +02:00
Ty Correll
700c636d29
UX: unify ai representing icon (#24029)
This PR addresses the push to unify the icon representing AI throughout Discourse, by using the discourse-sparkles icon.

The icon is being moved to core to make changes with dependencies included in core that were using the "magic" icon instead.

In 2 places "magic" -> "discourse-sparkles,
1. topic summaries
2. (unreleased) chat summaries example
2023-10-19 17:30:27 -05:00
David Taylor
98cb14dd82
DEV: Modernize chat helper definitions (#24017)
These helpers are never used in raw-hbs. Exporting default functions is enough for them to be picked up by the ember resolver, and also makes it possible to use them in gjs files.
2023-10-19 15:51:38 +01:00
Martin Brennan
9ef3a18ce4
DEV: Add new experimental admin UI route and sidebar (#23952)
This commit adds a new admin UI under the route `/admin-revamp`, which is
only accessible if the user is in a group defined by the new `enable_experimental_admin_ui_groups` site setting. It
also adds a special `admin` sidebar panel that is shown instead of the `main`
forum one when the admin is in this area.

![image](https://github.com/discourse/discourse/assets/920448/fa0f25e1-e178-4d94-aa5f-472fd3efd787)

We also add an "Admin Revamp" sidebar link to the community section, which
will only appear if the user is in the setting group:

![image](https://github.com/discourse/discourse/assets/920448/ec05ca8b-5a54-442b-ba89-6af35695c104)

Within this there are subroutes defined like `/admin-revamp/config/:area`,
these areas could contain any UI imaginable, this is just laying down an
initial idea of the structure and how the sidebar will work. Sidebar links are
currently hardcoded.

Some other changes:

* Changed the `main` and `chat` panels sidebar panel keys to use exported const values for reuse
* Allowed custom sidebar sections to hide their headers with the `hideSectionHeader` option
* Add a `groupSettingArray` setting on `this.siteSettings` in JS, which accepts a group site setting name
  and splits it by `|` then converts the items in the array to integers, similar to the `_map` magic for ruby
  group site settings
* Adds a `hidden` option for sidebar panels which prevents them from showing in separated mode and prevents
  the switch button from being shown

---------

Co-authored-by: Krzysztof Kotlarek <kotlarek.krzysztof@gmail.com>
2023-10-19 14:23:41 +10:00
Godfrey Chan
c34f8b65cb
DEV: Rename I18n imports to discourse-i18n (#23915)
As of #23867 this is now a real package, so updating the imports to
use the real package name, rather than relying on the alias. The
name change in the package name is because `I18n` is not a valid
name as NPM packages must be all lowercase.

This commit also introduces an eslint rule to prevent importing from
the old I18n path.

For themes/plugins, the old 'i18n' name remains functional.
2023-10-18 11:07:09 +01:00
Discourse Translator Bot
5e6c63901f
Update translations (#23955) 2023-10-17 10:57:06 -04:00
Joffrey JAFFEUX
d1ef6ab99f
FIX: do not serialize status when profile is hidden (#23946)
Users can decide to hide their profile and presence. It seems more correct to also not return the status in this case.

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2023-10-16 17:43:39 +02:00
Kelvin Tan
ee084b754e
SECURITY: Prevent unauthorized access to grouped poll results
This adds access controls for the `/polls/grouped_poll_results`
endpoint, such that only users with appropriate permissions can read
the grouped results of a given poll.
2023-10-16 10:34:37 -04:00
Jan Cernik
6350ba2cb3
SECURITY: Add permissions to MessageBus in chat
Add spec

compact
2023-10-16 10:34:30 -04:00
chapoi
9d1726fe2b
UX: better align user count (#23941) 2023-10-16 13:28:35 +02:00
chapoi
29beaff25b
FIX: revert (edited) layout in chat message (#23927)
* Revert "UX: place (edited) on same line (#23866)"

This reverts commit c1017a479b.

* Revert "UX: prevent (edited) and following from being copied (#23882)"

This reverts commit 563bff509a.
2023-10-13 13:01:56 +02:00
Joffrey JAFFEUX
b6d9aa5a4c
DEV: simplify reply to message smoke spec (#23928)
We now create threads on reply so the refresh check is not really necessary as there's nothing special about it anymore. We don't refresh every pages in other tests to check they still work.

Hopefully these changes will prevent few flakeys too.
2023-10-13 11:16:26 +02:00
Joffrey JAFFEUX
c1abf8b35c
UX: improves reminder setting text (#23918)
The setting will change from "%{count} days" to "Chat settings have been set to retain channel messages for %{count} day."

This commit also:
- migrates `chat-retention-reminder` to gjs
- adds a "type" property to `chat-retention-reminder-text` to allow use a long or short text depending on where it's used.
2023-10-13 07:55:47 +02:00