Commit Graph

6130 Commits

Author SHA1 Message Date
Bianca Nenciu
73760c77d9
FEATURE: Mention @here to notify users in topic (#14900)
Use @here to mention all users that were allowed to topic directly or
through group, who liked topics or read the topic. Only first 10 users
will be notified.
2021-11-23 22:25:54 +02:00
Discourse Translator Bot
563b27b763
Update translations (#15065) 2021-11-23 17:29:39 +01:00
Arpit Jalan
34354353ff
Update email deliverability mail template (#15064) 2021-11-23 18:07:36 +05:30
Natalie Tay
adf6498fe2
FEATURE: Show browser search tip when discourse search shows up in a topic (#15055) 2021-11-23 13:11:17 +08:00
RogerBW
fd66df5997
FEATURE: adds uploads scope for API keys (#14941)
* FEATURE: adds uploads scope for API keys

* Add basic test, change "image" to "file"
2021-11-22 10:49:08 -07:00
Natalie Tay
d46e450733
Refine dismiss notification confirmation (#15017) 2021-11-22 09:11:24 +08:00
Martin Brennan
fa6b87a1bf
SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032)
When rendering the markdown code blocks we replace the
offending characters in the output string with spans highlighting a textual
representation of the character, along with a title attribute with
information about why the character was highlighted.

The list of characters stripped by this fix, which are the bidirectional
characters considered relevant, are:

U+202A
U+202B
U+202C
U+202D
U+202E
U+2066
U+2067
U+2068
U+2069
2021-11-22 10:43:03 +10:00
jbrw
9955f1774d
UX: Move share topic warning to modal flash alert (#15012) 2021-11-18 19:24:15 -05:00
Dan Ungureanu
6ae065f9cd
Improved create invite modal (#14151)
* FEATURE: Always show advanced invite options

The UI is more simple and more efficient than how it was when the
advanced options toggle was introduced. It does not make sense to keep
it anymore.

* UX: Minor copy edits

* UX: Merge expire invite controls

There were two controls in the create invite modal. One was a static
text that displayed how much time is left until the invite expires. The
other one was a datetime selector that set the time the invite expires.

This commit merges the two controls in a single one: staff users will
continue to see the datetime selector without the static text and
regular users will only see the static text because they cannot set
when the invite expires.

* UX: Remove invite link

It should only be visible after the invite was created.
2021-11-18 20:19:02 +02:00
Penar Musaraj
2ff7f105d9
UX: launch full page search on second Enter hit (#14978) 2021-11-17 16:35:17 +11:00
Natalie Tay
c61d47e6f4
FEATURE: Show a confirmation modal when "Dismiss all" would dismiss an important notification (#14935)
* Show a confirmation when dismiss all will dismiss an important notification
2021-11-17 09:44:30 +08:00
jbrw
e306d84c56
FEATURE: display warning when sharing a topic in a restricted category (#14820)
* FEATURE: display warning when sharing a topic in a restricted category

If a topic belongs to a category that is not readable by everyone, display a text warning of "Only visible to members of groups: [group_a], [group_b]"

* DEV: Adding a new category means we need to bump this value

* DEV: pass category to showModal
2021-11-16 11:49:41 -05:00
Discourse Translator Bot
8420cf047e
Update translations (#14970) 2021-11-16 16:17:10 +01:00
Martin Brennan
f52e1258f7
DEV: mutlipart -> multipart spelling fix (#14963) 2021-11-16 13:58:33 +10:00
Joffrey JAFFEUX
904d509cce
FIX: ensures minimum tags logic is correct and shared (#14723)
Also fixes a bug where select-kit was not updating noneItem in multi-selects.
2021-11-12 14:04:48 +01:00
tshenry
5467bfb7d6
Remove Internet Explorer reference (#14879)
Discourse no longer supports Internet Explorer, so we can remove the IE-specific warning in this site setting description.
2021-11-11 09:10:20 +08:00
Bianca Nenciu
3791fbd919
FEATURE: Add read-only scope to API keys (#14856)
This commit adds a global read-only scope that can be used to create
new API keys.
2021-11-10 17:48:00 +02:00
Discourse Translator Bot
5d20304f95
Update translations (#14855) 2021-11-09 14:54:59 +01:00
Natalie Tay
0b495e9ad4
FEATURE: Allow users to edit alt text from the image preview in the editor (#14480) 2021-11-09 14:34:09 +08:00
Leonardo Mosquera
b1dc0dc944
Small copy fixes (#14826)
* FIX: small copy fix for embedding.sample

* FIX: improve copy for site_description and short_site_description

As part of the setup wizard, improve the description of these two
strings to add context on where they will be used, so that it is
clearer how to write each one.

Meta discussion: https://meta.discourse.org/t/unclear-double-question-in-setup-wizard/208344/
2021-11-08 09:32:44 +08:00
Martin Brennan
fac9185421
FEATURE: Move emoji uploader to use uppy (#14814)
This commit changes the emoji uploader to use the UppyUploadMixin,
and makes some minor changes to the emoji uploader (tightening the
copy for drag and drop and adding a percentage for the upload).

Since no other uppy upload mixin components have needed to upload
multiple files so far, this necessitated adding a tracker for the
in progress uploads so we know when to reset the uploader once all
uploads are complete.

At the moment, the emoji uploader cannot be used for direct S3 uploads
because the admin emoji controller creates other records and does other
magic with the emojis. At some point we need to factor this kind of thing
into the ExternalUploadManager.transform! action to complete external
uploads.
2021-11-04 11:31:58 +10:00
Jean
8d73730c44
FEATURE: Add setting to disable notifications for topic tags edits (#14794) 2021-11-02 13:53:21 -04:00
Discourse Translator Bot
6894b3f3af
Update translations (#14792) 2021-11-02 18:49:00 +01:00
Vinoth Kannan
c62242c6b3
FIX: should not receive topic invites from ignored users. (#14746)
Previously, ignored users can send notifications by inviting the ignorer to topics or PMs.
2021-10-28 21:03:00 +05:30
Discourse Translator Bot
efc23b6a8d
Update translations (#14757) 2021-10-28 11:24:55 +02:00
Roman Rizzi
df3eb93973
DEV: Sanitize HTML admin inputs (#14681)
* DEV: Sanitize HTML admin inputs

This PR adds on-save HTML sanitization for:

Client site settings
translation overrides
badges descriptions
user fields descriptions

I used Rails's SafeListSanitizer, which [accepts the following HTML tags and attributes](018cf54073/lib/rails/html/sanitizer.rb (L108))

* Make sure that the sanitization logic doesn't corrupt settings with special characters
2021-10-27 11:33:07 -03:00
Discourse Translator Bot
0f71a43434
Update translations (#14714) 2021-10-27 14:24:43 +02:00
janzenisaac
dd5b0543c7
FEATURE: Add fullscreen-tables to post (#14709)
Overflown tables will have a "expand table" option added to open x table in a modal
2021-10-25 14:06:28 -05:00
Joshua Rosenfeld
61a7fbdd9e
FIX: Correct site setting name (#14686) 2021-10-21 16:32:27 -04:00
Simon Cossar
7eea58ca9e
Update copy of the max_new_accounts_per_registration_ip description to indicate that the setting can be disabled (#14687) 2021-10-21 13:15:04 -07:00
Gavin
f60711488f
UPDATE: correct path to messages (#14668) 2021-10-21 10:47:06 +08:00
Discourse Translator Bot
25097fa0af
Update translations (#14648) 2021-10-19 15:23:54 +02:00
Martin Brennan
1d131fcaff
FIX: Clarify None Needed option when editing bookmarks (#14633)
This commit makes the following change to the Edit Bookmark
modal window for clarity:

* If the user is editing an existing bookmark without a reminder set,
hide the "none needed" option. This will draw more attention to the
delete button.
* If the user is editing an existing bookmark with a reminder set for the
future, change the "none needed" option to say "remove reminder, keep bookmark"

To do this, I needed to provide an option to override the labels
for time shortcuts in certain cases, so I could keep the NONE shortcut
but have the different wording.
2021-10-19 10:32:20 +10:00
Penar Musaraj
073e5ccd83
UX: Better topic search experience (#14625) 2021-10-18 13:17:27 -04:00
Jean
6275658e3d
FEATURE: Add setting to disable notifications for topic category edits (#14632) 2021-10-18 09:04:01 -04:00
Penar Musaraj
74706bab10
UX: Add Enter hint to search dropdown (#14587) 2021-10-13 12:09:28 -04:00
Bianca Nenciu
c4843fc1c1
FEATURE: Allow admins to permanently delete posts and topics (#14406)
Sometimes administrators want to permanently delete posts and topics
from the database. To make sure that this is done for a good reasons,
administrators can do this only after one minute has passed since the
post was deleted or immediately if another administrator does it.
2021-10-13 12:53:23 +03:00
Gerhard Schlager
76c9de2d04
UX: Add missing translation (#14592) 2021-10-13 11:23:53 +02:00
Discourse Translator Bot
b44119cdb2
Update translations (#14579) 2021-10-12 16:00:22 +02:00
Roman Rizzi
7bc7e1aceb
FIX: update translation key to match flag reason. (#14573)
The refactor introduced in https://github.com/discourse/discourse/pull/14475 made this visible. Adds a safeguard to make sure translation is present before trying to linkify backticks.
2021-10-11 10:24:41 -03:00
David Taylor
9efc57f0c6 FEATURE: shortcuts for quote (q) and fast edit (e)
Reimplemented following the revert in ce0daae636

This approach uses the global `e`/`q` shortcuts, rather than shifting focus to the `quote-button` component. The current `quoteState` is used to determine whether the quote-button is currently visible. If yes, an appEvent transmits the intention to the quote-button component. If no, the old behavior is maintained.

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2021-10-11 10:46:38 +01:00
David Taylor
ce0daae636
FIX: Resolve quoting issues by reverting new shortcuts (#14560)
This reverts the new e and q shortcuts for quick-edit, and quote. The current implementation of these is causing issues with quoting on mobile devices.

We intend restore these new shortcuts soon.

* Revert "FIX: Apply quote selection workaround to all browsers (#14558)"

This reverts commit 488f716c16.

* Revert "FIX: selection going missing in Safari (#14557)"

This reverts commit 538fe2cc31.

* Revert "UX: adds shortcuts for quote (q) and fast edit (e) (#14552)"

This reverts commit 2af6052307.
2021-10-08 15:31:43 +01:00
Roman Rizzi
9f3b82eeb2
DEV: Move settings to linkify to the serializer code. (#14553)
We aren't translating these settings, so it makes more sense to move them into the code. I added an instance method so plugins can add mappings for custom reasons.
2021-10-07 12:41:57 -03:00
Joffrey JAFFEUX
2af6052307
UX: adds shortcuts for quote (q) and fast edit (e) (#14552) 2021-10-07 17:22:28 +02:00
Penar Musaraj
6141ed31c7
UX: More consistent shortcut labels for macOS (#14538) 2021-10-06 16:20:43 -04:00
Penar Musaraj
e9b1d29d8b
UX: Revamp quick search (#14499)
Co-authored-by: Robin Ward <robin.ward@gmail.com>
Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2021-10-06 11:42:52 -04:00
Krzysztof Kotlarek
cb5b0cb9d8
FEATURE: save local date to calendar (#14486)
It allows saving local date to calendar.
Modal is giving option to pick between ics and google. User choice can be remembered as a default for the next actions.
2021-10-06 14:11:52 +11:00
Roman Rizzi
e5c257e5b5
FIX: Reenable global setting HTML support. (#14521) 2021-10-05 16:25:41 -03:00
Discourse Translator Bot
0f5d737a61
Update translations (#14513) 2021-10-05 15:59:26 +02:00
Roman Rizzi
437410e269
UX: Global notice no longer accepts HTML. (#14515) 2021-10-05 10:34:26 -03:00
Meghna
1552d06008
UX: capitalize unsubscribed email locale (#14512)
https://meta.discourse.org/t/unsubscribed-description-text-needs-a-capital-letter/205239
2021-10-05 17:13:22 +05:30
Penar Musaraj
23df78acb3
UX: Fix label in search when tagging is disabled (#14503) 2021-10-04 17:04:34 -04:00
Roman Rizzi
a9d20610d4
FIX: Make score's reason link building more explicit (#14475)
We relied on backticks to identify and replace site setting names with links. Unfortunately, some translations don't follow this convention, breaking this feature.

Additionally, this lets us linkify `category settings` and `watched words` without using HTML in the translations.

You may notice that I split the texts we want to linkify into two groups. I did this on purpose to emphasize those that should be translated (regular_links) from those who don't (site_settings_link). If you can think of a better solution, I'm open to suggestions.
2021-10-04 16:55:09 -03:00
Andrei Prigorshnev
149e869c22
FEATURE: make username suggester suggest user1, user2 etc. for input that contains invalid characters only (#14179)
We were suggesting 111, 1111, 1112 before.

See the discussion on Meta – https://meta.discourse.org/t/curious-account-creation-behaviour/199970/14.
2021-10-04 16:47:55 +04:00
Discourse Translator Bot
a0cb340eef
Update translations (#14460) 2021-09-28 16:44:23 +02:00
Alan Guo Xiang Tan
9d5da2b383
PERF: Revert all inboxes from messages route. (#14445)
The all inboxes was introduced in
016efeadf6 but we decided to roll it back
for performance reasons. The main performance challenge here is that PG
has to basically loop through all the PMs that a user is allowed to view
before being able to order by `Topic#bumped_at`. The all inboxes was not
planned as part of the new/unread filter so we've decided not to tackle
the performance issue for the upcoming release.

Follow-up to 016efeadf6
2021-09-28 11:58:04 +08:00
Penar Musaraj
01e50f325d
A11Y: Use shorter label for hamburger menu (#14439) 2021-09-24 14:22:40 -04:00
Penar Musaraj
9235e2ad5d
A11Y: Fix several minor issues (#14436) 2021-09-24 11:52:07 -04:00
Penar Musaraj
8cef6dabb5
A11Y: Add labels to some search fields, category notification selector (#14430) 2021-09-23 14:52:34 -04:00
Joffrey JAFFEUX
dd091fbf36
FEATURE: enables fast edit by default (#14417) 2021-09-22 10:15:17 +02:00
Martin Brennan
dba6a5eabf
FEATURE: Humanize file size error messages (#14398)
The file size error messages for max_image_size_kb and
max_attachment_size_kb are shown to the user in the KB
format, regardless of how large the limit is. Since we
are going to support uploading much larger files soon,
this KB-based limit soon becomes unfriendly to the end
user.

For example, if the max attachment size is set to 512000
KB, this is what the user sees:

> Sorry, the file you are trying to upload is too big (maximum
size is 512000KB)

This makes the user do math. In almost all file explorers that
a regular user would be familiar width, the file size is shown
in a format based on the maximum increment (e.g. KB, MB, GB).

This commit changes the behaviour to output a humanized file size
instead of the raw KB. For the above example, it would now say:

> Sorry, the file you are trying to upload is too big (maximum
size is 512 MB)

This humanization also handles decimals, e.g. 1536KB = 1.5 MB
2021-09-22 07:59:45 +10:00
Jean
ed0b6a3660
FEATURE: add update banner to the categories and latest topics view (#14403) 2021-09-21 12:35:38 -04:00
Penar Musaraj
c52513c445
A11Y: Add more descriptive labels for some dropdowns (#14402) 2021-09-21 11:19:49 -04:00
Discourse Translator Bot
88aed7512e
Update translations (#14400) 2021-09-21 15:57:14 +02:00
Martin Brennan
0c42a1e5f3
FEATURE: Topic-level bookmarks (#14353)
Allows creating a bookmark with the `for_topic` flag introduced in d1d2298a4c set to true. This happens when clicking on the Bookmark button in the topic footer when no other posts are bookmarked. In a later PR, when clicking on these topic-level bookmarks the user will be taken to the last unread post in the topic, not the OP. Only the OP can have a topic level bookmark, and users can also make a post-level bookmark on the OP of the topic.

I had to do some pretty heavy refactors because most of the bookmark code in the JS topics controller was centred around instances of Post JS models, but the topic level bookmark is not centred around a post. Some refactors were just for readability as well.

Also removes some missed reminderType code from the purge in 41e19adb0d
2021-09-21 08:45:47 +10:00
Penar Musaraj
dfeca42bf8
FEATURE: user/category/tag results in full page search (#14346)
See PR for details, this commit also changes the layout of the full page search.
2021-09-20 10:01:11 -04:00
Penar Musaraj
ab9c63e4ee
UX: Optionally show a "Summarize" button in topic timeline (#13533) 2021-09-16 15:15:00 -04:00
Andrei Prigorshnev
804274af47
FEATURE: improve blank page syndrome on the activity/topics, activity/read and group messages pages (#14313) 2021-09-16 22:24:27 +04:00
Arpit Jalan
d5424161f8
FIX: add locales for group mention PM variants (#14358) 2021-09-16 23:07:45 +05:30
Andrei Prigorshnev
477bbc372e
FEATURE: improve blank page syndrome on the user activity pages (#14311)
This improves blank page syndrome on the next pages:
* activity
* activity/replies
* activity/drafts
* activity/likes-given
2021-09-16 21:35:34 +04:00
andrea
119bdc12ea Added S3 region eu-south-1 Milanù
Added S3 region eu-south-1 Milan
2021-09-16 12:33:43 -04:00
Joffrey JAFFEUX
b83868bfb0
FEATURE: experimental fast edit (#14340)
Fast edit allows you to quickly edit a typo in a post, this is experimental ATM and behind a site setting: `enable_fast_edit` (default false)
2021-09-15 17:10:30 +02:00
Martin Brennan
22208836c5
DEV: Ignore bookmarks.topic_id column and remove references to it in code (#14289)
We don't need no stinkin' denormalization! This commit ignores
the topic_id column on bookmarks, to be deleted at a later date.
We don't really need this column and it's better to rely on the
post.topic_id as the canonical topic_id for bookmarks, then we
don't need to remember to update both columns if the bookmarked
post moves to another topic.
2021-09-15 10:16:54 +10:00
Discourse Translator Bot
5cce1b38e4
Update translations (#14336) 2021-09-14 16:21:00 +02:00
Bianca Nenciu
6a7ea66670
FEATURE: Use second factor for admin confirmation (#14293)
Administrators can use second factor to confirm granting admin access
without using email. The old method of confirmation via email is still
used as a fallback when second factor is unavailable.
2021-09-14 15:19:28 +03:00
Penar Musaraj
33fb3b7ec8
UX: Fix date input display in iOS (#14307) 2021-09-10 15:13:45 -04:00
Joffrey JAFFEUX
d51d94f771
A11Y: do not default to label for aria-label (#14258) 2021-09-07 18:24:39 +02:00
Discourse Translator Bot
f513266bcb
Update translations (#14266) 2021-09-07 15:43:26 +02:00
Alan Guo Xiang Tan
fc1fd1b416
FEATURE: Display new/unread count in browse more messages for PMs. (#14188)
In order to include the new/unread count in the browse more message
under suggested topics, a couple of technical changes have to be made.

1. `PrivateMessageTopicTrackingState` is now auto-injected which is
   similar to how it is done for `TopicTrackingState`. This is done so
we don't have to attempt to pass the `PrivateMessageTopicTrackingState`
object multiple levels down into the suggested-topics component. While
the object is auto-injected, we only fetch the initial state and start
tracking when the relevant private messages routes has been hit and only
when a private message's suggested topics is loaded. This is
done as we do not want to add the extra overhead of fetching the inital
state to all page loads but instead wait till the private messages
routes are hit.

2. Previously, we would stop tracking once the `user-private-messages`
   route has been deactivated. However, that is not ideal since
navigating out of the route and back means we send an API call to the
server each time. Since `PrivateMessageTopicTrackingState` is kept in
sync cheaply via messageBus, we can just continue to track the state
even if the user has navigated away from the relevant stages.
2021-09-07 12:30:40 +08:00
Jean
34ff7bfeeb
FEATURE: Hide suspended users from site-wide search to regular users (#14245) 2021-09-06 09:59:35 -04:00
Martin Brennan
c401d6411b
A11Y: Improve create account modal for screen readers (#14234)
Improves the create account modal for screen readers by doing the following:

* Making the `modal-alert` section into an `aria-role="alert"` region and making it show and hide using height instead of display:none so screen readers pick it up. Made a change so the field-related error messages are always shown beneath the field.
* Add `aria-invalid` and `aria-describedby` attributes to each field in the modal, so the screen reader will read out the error hint on error. This necessitated an Ember component extension to allow both the `aria-*` attributes to be bound and to render on `{{input}}`.
* Moved the social login buttons to the right in the HTML structure so they are not read out first.
* Added `aria-label` attributes to the login buttons so they can have different content for screen readers.
* In some cases for modals, the title that should be used for the `aria-labelledby` attribute is within the modal content and not the discourse-modal-title title. This introduces a new titleAriaElementId property to the d-modal component that is then used by the create-account modal to read out the title

------

This is the same as e0d2de73d8 but
fixes the Ember-input-component-extension to use the public
Ember components TextField and TextArea instead of the private
TextSupport so the extension works in both normal Ember and
Ember CLI.
2021-09-03 13:04:24 +10:00
Martin Brennan
a0fbccf612
Revert "A11Y: Improve create account modal for screen readers (#14204)" (#14233)
This reverts commit e0d2de73d8.
2021-09-03 09:42:56 +10:00
Martin Brennan
e0d2de73d8
A11Y: Improve create account modal for screen readers (#14204)
Improves the create account modal for screen readers by doing the following:

* Making the `modal-alert` section into an `aria-role="alert"` region and making it show and hide using height instead of display:none so screen readers pick it up. Made a change so the field-related error messages are always shown beneath the field.
* Add `aria-invalid` and `aria-describedby` attributes to each field in the modal, so the screen reader will read out the error hint on error. This necessitated an Ember component extension to allow both the `aria-*` attributes to be bound and to render on `{{input}}`.
* Moved the social login buttons to the right in the HTML structure so they are not read out first.
* Added `aria-label` attributes to the login buttons so they can have different content for screen readers.
* In some cases for modals, the title that should be used for the `aria-labelledby` attribute is within the modal content and not the discourse-modal-title title. This introduces a new titleAriaElementId property to the d-modal component that is then used by the create-account modal to read out the
2021-09-03 08:59:22 +10:00
Penar Musaraj
8f06528bb2
A11Y: Add "skip to main content" link (#14190) 2021-08-31 13:43:30 -04:00
Discourse Translator Bot
59975d7433
Update translations (#14197) 2021-08-31 16:10:59 +02:00
Penar Musaraj
85b8fea262
UX: Add Styling step to wizard (#14132)
Refactors three wizard steps (colors, fonts, homepage style) into one new step called Styling.
2021-08-25 17:10:12 -04:00
Andrei Prigorshnev
506a5dc607
FEATURE: improve "blank page syndrome" on the user notifications page (#14103) 2021-08-25 20:57:27 +04:00
Arpit Jalan
419d71abcb
FEATURE: allow admin to delete all posts by a user irrespectively (#14128)
This commit allows admin to delete all posts by a user irrespective of
site settings `delete_user_max_post_age` and `delete_all_posts_max`.
2021-08-25 10:14:22 +05:30
Alan Guo Xiang Tan
f66007ec83
FEATURE: Display unread and new counts for messages. (#14059)
There are certain design decisions that were made in this commit.

Private messages implements its own version of topic tracking state because there are significant differences between regular and private_message topics. Regular topics have to track categories and tags while private messages do not. It is much easier to design the new topic tracking state if we maintain two different classes, instead of trying to mash this two worlds together.

One MessageBus channel per user and one MessageBus channel per group. This allows each user and each group to have their own channel backlog instead of having one global channel which requires the client to filter away unrelated messages.
2021-08-25 11:17:56 +08:00
Martin Brennan
d295a16dab
FEATURE: Uppy direct S3 multipart uploads in composer (#14051)
This pull request introduces the endpoints required, and the JavaScript functionality in the `ComposerUppyUpload` mixin, for direct S3 multipart uploads. There are four new endpoints in the uploads controller:

* `create-multipart.json` - Creates the multipart upload in S3 along with an `ExternalUploadStub` record, storing information about the file in the same way as `generate-presigned-put.json` does for regular direct S3 uploads
* `batch-presign-multipart-parts.json` - Takes a list of part numbers and the unique identifier for an `ExternalUploadStub` record, and generates the presigned URLs for those parts if the multipart upload still exists and if the user has permission to access that upload
* `complete-multipart.json` - Completes the multipart upload in S3. Needs the full list of part numbers and their associated ETags which are returned when the part is uploaded to the presigned URL above. Only works if the user has permission to access the associated `ExternalUploadStub` record and the multipart upload still exists.

  After we confirm the upload is complete in S3, we go through the regular `UploadCreator` flow, the same as `complete-external-upload.json`, and promote the temporary upload S3 into a full `Upload` record, moving it to its final destination.
* `abort-multipart.json` - Aborts the multipart upload on S3 and destroys the `ExternalUploadStub` record if the user has permission to access that upload.

Also added are a few new columns to `ExternalUploadStub`:

* multipart - Whether or not this is a multipart upload
* external_upload_identifier - The "upload ID" for an S3 multipart upload
* filesize - The size of the file when the `create-multipart.json` or `generate-presigned-put.json` is called. This is used for validation.

When the user completes a direct S3 upload, either regular or multipart, we take the `filesize` that was captured when the `ExternalUploadStub` was first created and compare it with the final `Content-Length` size of the file where it is stored in S3. Then, if the two do not match, we throw an error, delete the file on S3, and ban the user from uploading files for N (default 5) minutes. This would only happen if the user uploads a different file than what they first specified, or in the case of multipart uploads uploaded larger chunks than needed. This is done to prevent abuse of S3 storage by bad actors.

Also included in this PR is an update to vendor/uppy.js. This has been built locally from the latest uppy source at d613b849a6. This must be done so that I can get my multipart upload changes into Discourse. When the Uppy team cuts a proper release, we can bump the package.json versions instead.
2021-08-25 08:46:54 +10:00
Kris
fdc9de3443
minor wording fix for get a room message (#14130) 2021-08-24 15:53:35 -04:00
Discourse Translator Bot
c995b20ca4
Update translations (#14063) 2021-08-24 15:25:44 +02:00
Bianca Nenciu
ff367e22fb
FEATURE: Make allow_uploaded_avatars accept TL (#14091)
This gives admins more control over who can upload custom profile
pictures.
2021-08-24 10:46:28 +03:00
Kris
bde6f7e9b0
UX: Update "get a room" composer message (#14104) 2021-08-23 18:34:23 -04:00
Joffrey JAFFEUX
cb59681d86
DEV: select-kit third major update with focus on accessibility (#13303)
Major changes included:
- better support for screen readers
- trapping focus in modals
- better tabbing order in composer
- alerts on no content found/number of items found
- better autofocus in modals
- mini-tag-chooser is now a multi-select component
- each multi-select-component will now display selection on one row
2021-08-23 10:44:19 +02:00
Andrei Prigorshnev
d1781e4c7d
FEATURE: improve "blank page syndrome" on the user bookmarks page 2021-08-20 00:08:59 +04:00
Andrei Prigorshnev
ded6a4a0ea
FIX: add a string for the Unseen view tab tooltip (#14079) 2021-08-18 20:50:53 +04:00
Discourse Translator Bot
0e53769f71
Update translations (#13994) 2021-08-14 10:18:05 +02:00
Andrei Prigorshnev
bbc565c929
FEATURE: Show the incomming topics banner on the Unseen view (#14032) 2021-08-12 23:59:23 +04:00
Arpit Jalan
e9b2415e7d
UX: show flair help text for private member visibility only (#14005) 2021-08-11 16:23:58 +10:00
Osama Sayegh
bdcb96ad1b
UX: Indicate capped history revisions only when they're actually capped (#14000)
We've recently added a limit to the posts history modal so it displays the last 100 revisions only for performance reasons. However, the title of the modal now always says `History, last 100 revisions` even when the post has fewer than 100 revisions which can be a bit noisy.

This PR amends the history modal so the title of the modal says `History` when the post's revisions count is ≤100, and `History, last 100 revisions` when it has more >100 revisions.
2021-08-11 00:24:37 +03:00
Andrei Prigorshnev
622859dbe6
FEATURE: add Unseen view (#13977)
This view is the same as Latest except it hides the topics you have fully read. Based on this plugin of @davidtaylorhq https://meta.discourse.org/t/simple-unread-list-plugin-discourse-simple-unread/70013.
2021-08-10 18:30:34 +04:00
David Taylor
7dc8f8b794 FEATURE: Allow linking an existing account during external-auth signup
When a user signs up via an external auth method, a new link is added to the signup modal which allows them to connect an existing Discourse account. This will only happen if:

- There is at least 1 other auth method available

and

- The current auth method permits users to disconnect/reconnect their accounts themselves
2021-08-10 15:07:40 +01:00
David Taylor
46dc189850 DEV: Improve robustness of associate_accounts_controller
This handles a few edge cases which are extremely rare (due to the UI layout), but still technically possible:

- Ensure users are authenticated before attempting association.

- Add a message and logic for when a user already has an association for a given auth provider.
2021-08-10 15:07:40 +01:00
Arpit Jalan
97f701bc4c
UX: update member visibility help text to include flair information (#13995) 2021-08-10 19:31:29 +05:30
Andrei Prigorshnev
09ad3ed41d
FEATURE: revert disallowing putting URLs in titles for TL0 users (#13970)
This reverts a part of changes introduced by https://github.com/discourse/discourse/pull/13947

In that PR I:
1. Disallowed topic feature links for TL-0 users
2. Additionally, disallowed just putting any URL in topic titles for TL-0 users

Actually, we don't need the second part. It introduced unnecessary complexity for no good reason. In fact, it tries to do the job that anti-spam plugins (like Akismet plugin) should be doing.

This PR reverts this second change.
2021-08-06 20:07:42 +04:00
Andrei Prigorshnev
0c0a11b66a
FEATURE: Disallow putting urls in the title for TL-0 users (#13947)
This disallows putting URLs in topic titles for TL0 users, which means that:

If a TL-0 user puts a link into the title, a topic featured link won't be generated (as if it was disabled in the site settings)
Server methods for creating and updating topics will be refusing featured links when they are called by TL-0 users
TL-0 users won't be able to put any link into the topic title. For example, the title "Hey, take a look at https://my-site.com" will be rejected.

Also, it improves a bit server behavior when creating or updating feature links on topics in the categories with disabled featured links. Before the server just silently ignored a featured link field that was passed to him, now it will be returning 422 response.
2021-08-05 13:38:39 +04:00
Jarek Radosz
07c6b720bc
DEV: Remove PostProcessed trigger option (#13916)
It was deprecated 5 years ago in e55e2aff94

I've seen it still being used in the wild, even though it doesn't do anything anymore as I understand it.
2021-08-04 22:24:47 +02:00
Discourse Translator Bot
6b87ae3d4c
Update translations (#13929) 2021-08-04 14:14:52 +02:00
Arpit Jalan
ff994234ee
UX: append ellipsis to actions that have follow-up screen (#13943) 2021-08-04 17:26:12 +05:30
Bianca Nenciu
e2c415457c
FEATURE: Attach backup log as upload (#13849)
Discourse automatically sends a private message after backup or
restore finished. The private message used to contain the log inline
even when it was very long. A very long log can create issues because
the length of the post will be over the maximum allowed length of a
post. When that happens, Discourse will try to create an upload with
the logs. If that fails, it will trim the log and inline it.
2021-08-03 20:06:50 +03:00
Jean
e7b8e75583
FEATURE: Add post edits count to user activity (#13495) 2021-08-02 10:15:53 -04:00
Alan Guo Xiang Tan
016efeadf6
FEATURE: New and Unread messages for user personal messages. (#13603)
* FEATURE: New and Unread messages for user personal messages.

Co-authored-by: awesomerobot <kris.aubuchon@discourse.org>
2021-08-02 12:41:41 +08:00
David Taylor
ccf1cd0ca6
UX: Improve copy when a group member search returns no results (#13899)
Previously it would say "There are no members in this group". Now it says "No members match that search."

https://meta.discourse.org/t/group-username-search-empty-search-message-is-wrong/198609
2021-07-30 11:40:21 +01:00
Discourse Translator Bot
0c422cff1e
Update translations (#13898) 2021-07-30 11:30:10 +02:00
Martin Brennan
b500949ef6
FEATURE: Initial implementation of direct S3 uploads with uppy and stubs (#13787)
This adds a few different things to allow for direct S3 uploads using uppy. **These changes are still not the default.** There are hidden `enable_experimental_image_uploader` and `enable_direct_s3_uploads`  settings that must be turned on for any of this code to be used, and even if they are turned on only the User Card Background for the user profile actually uses uppy-image-uploader.

A new `ExternalUploadStub` model and database table is introduced in this pull request. This is used to keep track of uploads that are uploaded to a temporary location in S3 with the direct to S3 code, and they are eventually deleted a) when the direct upload is completed and b) after a certain time period of not being used. 

### Starting a direct S3 upload

When an S3 direct upload is initiated with uppy, we first request a presigned PUT URL from the new `generate-presigned-put` endpoint in `UploadsController`. This generates an S3 key in the `temp` folder inside the correct bucket path, along with any metadata from the clientside (e.g. the SHA1 checksum described below). This will also create an `ExternalUploadStub` and store the details of the temp object key and the file being uploaded.

Once the clientside has this URL, uppy will upload the file direct to S3 using the presigned URL. Once the upload is complete we go to the next stage.

### Completing a direct S3 upload

Once the upload to S3 is done we call the new `complete-external-upload` route with the unique identifier of the `ExternalUploadStub` created earlier. Only the user who made the stub can complete the external upload. One of two paths is followed via the `ExternalUploadManager`.

1. If the object in S3 is too large (currently 100mb defined by `ExternalUploadManager::DOWNLOAD_LIMIT`) we do not download and generate the SHA1 for that file. Instead we create the `Upload` record via `UploadCreator` and simply copy it to its final destination on S3 then delete the initial temp file. Several modifications to `UploadCreator` have been made to accommodate this.

2. If the object in S3 is small enough, we download it. When the temporary S3 file is downloaded, we compare the SHA1 checksum generated by the browser with the actual SHA1 checksum of the file generated by ruby. The browser SHA1 checksum is stored on the object in S3 with metadata, and is generated via the `UppyChecksum` plugin. Keep in mind that some browsers will not generate this due to compatibility or other issues.

    We then follow the normal `UploadCreator` path with one exception. To cut down on having to re-upload the file again, if there are no changes (such as resizing etc) to the file in `UploadCreator` we follow the same copy + delete temp path that we do for files that are too large.

3. Finally we return the serialized upload record back to the client

There are several errors that could happen that are handled by `UploadsController` as well.

Also in this PR is some refactoring of `displayErrorForUpload` to handle both uppy and jquery file uploader errors.
2021-07-28 08:42:25 +10:00
Andrew Schleifer
461cb96532 use more appropriate labels for chinese UI option 2021-07-27 22:47:59 +08:00
Discourse Translator Bot
e951cb9aef
Update translations (#13860) 2021-07-27 15:24:03 +02:00
Bianca Nenciu
760c9a5698
FEATURE: Show draft count in user menu and activity (#13812)
This commit adds the number of drafts a user has next to the "Draft"
label in the user preferences menu and activity tab. The count is
updated via MessageBus when a draft is created or destroyed.
2021-07-27 14:05:33 +03:00
Bianca Nenciu
18c32a809b
FIX: Validate email_accent_bg_color color (#13778)
Using an invalid value was allowed. This commit tries to automatically
fix the color by adding missing # symbol or will show an error to the
user if it is not possible and it is not a CSS color either.
2021-07-22 17:42:47 +03:00
Discourse Translator Bot
3667cc6447
Update translations (#13821) 2021-07-22 12:31:19 +02:00
Régis Hanol
da81cfe317
Fixed a typo in the 'same_site_cookies' site setting description (#13809) 2021-07-21 17:21:04 +02:00
Discourse Translator Bot
28b5e6e47d
Update translations (#13796) 2021-07-21 10:30:34 +02:00
mintsaxon
7162ecfb04 FEATURE: Per-category default slow mode duration for topics.
When configured, all topics in the category inherits the slow mode
duration from the category's default.

Note that currently there is no way to remove the slow mode from the
topics once it has been set.
2021-07-21 12:32:07 +08:00
Kris
5f6b9e36ed
UX: New text and style for dominating topic message (#13789) 2021-07-20 13:58:38 -04:00
Andrei Prigorshnev
1a8c949900
UX: suspend forever time period messages (#13776)
When the Forever option is selected for suspending a user, the user is suspended for 1000 years. Without customizing the site’s text, this time period is displayed to the user in the suspension email that is sent to the user, and if the user attempts to log back into the site. Telling someone that they have been suspended for 1000 years seems likely to come across as a bad attempt at humour.

This PR special case messages when a user suspended or silenced forever.
2021-07-20 14:42:08 +04:00
Martin Brennan
0dadd61d27
FIX: Change email from to not have via site_name for group SMTP (#13788)
We now use the group's full name in group SMTP emails, so we are dropping the via #{site_name}. If group owners still want this they can just change the full name of the group.
2021-07-20 11:56:04 +10:00
Michael Brown
5f7e60d9dc discourse/discourse change from 'master' to 'main' 2021-07-19 11:46:15 -04:00
Osama Sayegh
1c82989f77
FEATURE: Add filter box to the themes/components list (#13767) 2021-07-19 09:33:58 +08:00
Gerhard Schlager
ec9a2a04f3
Fix i18n issues reported on Crowdin (#13769)
* Removes unused strings
* Clarifies some of the strings
* Fixes typos

@discourse-translator-bot keep_translations_and_approvals
2021-07-19 09:30:48 +08:00
Neil Lalonde
b0f06b8ed0
FIX: don't allow category and tag tracking settings on staged users (#13688)
Configuring staged users to watch categories and tags is a way to sign
them up to get many emails. These emails may be unwanted and get marked
as spam, hurting the site's email deliverability.
Users can opt-in to email notifications by logging on to their
account and configuring their own preferences.

If staff need to be able to configure these preferences on behalf of
staged users, the "allow changing staged user tracking" site setting
can be enabled. Default is to not allow it.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2021-07-16 14:50:40 -04:00
Rafael dos Santos Silva
216dc99f18
FIX: Media optimization setting was misnamed (#13766) 2021-07-16 15:13:16 -03:00
Andrei Prigorshnev
27b97e4f64
DEV: add pick-files-button component (#13764)
* DEV: add pick-files-button component
* Scope querySelector to the component, add removeEventListener, fix formatting
2021-07-16 21:50:50 +04:00
Dan Ungureanu
079d2af55f
FIX: Clear stale status of reloaded reviewables (#13750)
* FIX: Clear stale status of reloaded reviewables

Navigating away from and back to the reviewables reloaded Reviewable
records, but did not clear the "stale" attribute.

* FEATURE: Show user who last acted on reviewable

When a user acts on a reviewable, all other clients are notified and a
generic "reviewable was resolved by someone" notice was shown instead of
the buttons. There is no need to keep secret the username of the acting
user.
2021-07-16 19:57:12 +03:00
David Taylor
50b3d7708e DEV: Update discourse_connect_overrides_ setting copy 2021-07-16 16:19:09 +01:00
David Taylor
444e21b12d
FEATURE: Add 'users.list' API scope (#13742) 2021-07-16 11:10:04 +08:00
Tobias Eigen
8bdec18d58
changed private message -> personal message (#13753)
We are trying to not use "private message" in the interface, in favor of "personal message", because of course admins can read all messages so they are not really private unless encrypted messaging is turned on..
2021-07-15 13:22:57 -07:00
Tobias Eigen
23773b3f19
updated copy for reply_as_new_group_message (#13754)
I changed from "Create a new private message with the same recipients" to "Create new message starting with same recipients". 

Wanting to remove "private message" because these messages are not private (admins can read them). Also want to communicate that this is a way to expand the conversation to new people without having to explicitly invite them to the current message, or give them access to the past discussions. 

ref: https://dev.discourse.org/t/bring-invite-to-message-in-line-with-new-invite-system/49578/12?u=tobiaseigen

ref: https://meta.discourse.org/t/how-do-you-add-another-person-to-a-private-message-when-its-already-sent/43357/8?u=tobiaseigen
2021-07-15 13:22:21 -07:00
Vinoth Kannan
d6fc39c886
FEATURE: update existing users when group default notifications changed. (#13434)
Currently, the changes will only affect the users added after.
2021-07-15 19:53:57 +05:30
Osama Sayegh
31aa701518
FEATURE: Add option to grant badge multiple times to users using Bulk Award (#13571)
Currently when bulk-awarding a badge that can be granted multiple times, users in the CSV file are granted the badge once no matter how many times they're listed in the file and only if they don't have the badge already.

This PR adds a new option to the Badge Bulk Award feature so that it's possible to grant users a badge even if they already have the badge and as many times as they appear in the CSV file.
2021-07-15 05:53:26 +03:00
Jordan Vidrine
1fb48fc9a6
A11Y: Add labels where needed (#13686) 2021-07-14 14:19:21 +08:00
Discourse Translator Bot
53fe8b2e77
Update translations (#13647) 2021-07-13 20:30:09 +02:00
Guhyoun Nam
0dc96ce817
FEATURE: Setting to allow moderators to change post ownership (#13708) 2021-07-13 09:40:11 -05:00
Bianca Nenciu
21cf1b78da
FIX: Various translation string fixes (#13715)
Make small action post description a correct sentence. Replace true and
false in site settings description with enabled and disabled.
2021-07-13 12:52:13 +03:00
Jeff Wong
d87a0216bb
FEATURE: Penalty history improvements (#13359)
* FEATURE: add penalty history when silencing a user

Display penalty history (last 6 months) when silencing/suspending a user

* FEATURE: allow default penalty values to be chosen

Adds a site setting that designates default penalty values in hours.

Silence/suspend modals will auto-fill in the default values, but otherwise
will still allow moderators to pick and overwrite values as normal.

First silence/suspend: first value
Second silence/suspend: second value
etc.

Penalty counts are forgiven at the same rate as tl3 promotion requirements do.

Co-authored-by: jjaffeux <j.jaffeux@gmail.com>
2021-07-12 11:36:56 -07:00
Bianca Nenciu
3ef44bd134
FIX: Various translation string fixes (#13681)
Do not use banner as a verb, remove unused translation strings and
fix wrong name of plural key.
2021-07-09 16:35:24 +03:00
David Taylor
04db58fbd8
UX: Translate the action type in watched words regex error (#13680)
Previously we were using the untranslated key from the code
2021-07-09 14:34:08 +01:00
Bianca Nenciu
87c1e98571
FEATURE: Let users select flair (#13587)
User flair was given by user's primary group. This PR separates the
two, adds a new field to the user model for flair group ID and users
can select their flair from user preferences now.
2021-07-08 10:46:21 +03:00
Dan Ungureanu
34387c5a38
FEATURE: Warn if invited user cannot see topic (#13548)
Users can invite people to topics from secured category, but they will
not be redirected to the topic after signing up unless they have the
permissions to view the topic. This commit shows a warning when invite
is saved if the topic is in a secured category and none of the invite
groups are allowed to see it.
2021-07-06 12:49:26 +03:00
Alan Guo Xiang Tan
37b8ce79c9
FEATURE: Add last visit indication to topic view page. (#13471)
This PR also removes grey old unread bubble from the topic badges by
dropping `TopicUser#highest_seen_post_number`.
2021-07-05 14:17:31 +08:00