Commit Graph

8418 Commits

Author SHA1 Message Date
Jarek Radosz
ae1e536e83
SECURITY: moderator shouldn't be able to import a theme via API (#18418)
* SECURITY: moderator shouldn't be able to import a theme via API.
* DEV: apply `AdminConstraint` for all the "themes" routes.

Co-authored-by: Vinoth Kannan <svkn.87@gmail.com>
2022-09-29 20:00:20 +02:00
Martin Brennan
8ebd5edd1e
DEV: Rename secure_media to secure_uploads (#18376)
This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality.

This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site.

Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing.

This also keeps compatibility with the `secure-media-uploads` path, and changes new
secure URLs to be `secure-uploads`.

Deprecated settings:

* secure_media -> secure_uploads
* secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails
* secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-29 09:24:33 +10:00
Alan Guo Xiang Tan
4b561277a9
FEATURE: Add review link to community section for logged in user (#18374)
When there are pending reviewables, the review section link is displayed
in the main section. When there are no pending reviewables, the review
section link is displayed under the more links drawer.

Internal ref: /t/74210
2022-09-28 09:58:07 +08:00
Discourse Translator Bot
5dea425ee9
Update translations (#18381) 2022-09-27 19:07:56 +02:00
Arpit Jalan
2ee721f8aa
FEATURE: add composer warning when user haven't been seen in a long time (#18340)
* FEATURE: add composer warning when user haven't been seen in a long time

When a user creates a PM and adds a recipient that hasn't been seen in a
long time then we'll now show a warning in composer indicating that the
user hasn't been seen in a long time.
2022-09-27 22:06:40 +05:30
Penar Musaraj
250c0bccbd
A11Y: Add aria label to composer messages Esc button (#18372) 2022-09-27 08:52:09 -04:00
Vinoth Kannan
076abe46fa
FEATURE: new site setting to set locale from cookie for anonymous users. (#18377)
This new hidden default-disabled site setting `set_locale_from_cookie` will set locale from anonymous user's cookie value.
2022-09-27 14:26:06 +05:30
Vinoth Kannan
0b6c89dc62
FEATURE: add site setting to include user associated account ids. (#18375)
By default, we won't include associated account ids in current user serializer. If the new hidden site setting `include_associated_account_ids` is enabled then we will add it in the serializer.
2022-09-27 12:40:20 +05:30
Daniel Waterworth
69d74ae508
DEV: Differentiate staff-writes-only banner (#18364) 2022-09-26 13:16:29 -05:00
Andrei Prigorshnev
4c4cc20c61
FEATURE: make user status a public experimental feature (#18352) 2022-09-26 17:44:31 +04:00
Pixlz
a142460f35
FIX: Incorrect casing for CTA (#18350) 2022-09-26 14:33:04 +08:00
Martin Brennan
e62e93f83a
FEATURE: Introduce personal_message_enabled_groups setting (#18042)
This will replace `enable_personal_messages` and
`min_trust_to_send_messages`, this commit introduces
the setting `personal_message_enabled_groups`
and uses it in all places that `enable_personal_messages`
and `min_trust_to_send_messages` currently apply.

A migration is included to set `personal_message_enabled_groups`
based on the following rules:

* If `enable_personal_messages` was false, then set
  `personal_message_enabled_groups` to `3`, which is
  the staff auto group
* If `min_trust_to_send_messages` is not default (1)
  and the above condition is false, then set the
  `personal_message_enabled_groups` setting to
  the appropriate auto group based on the trust level
* Otherwise just set `personal_message_enabled_groups` to
  11 which is the TL1 auto group

After follow-up PRs to plugins using these old settings, we will be
able to drop the old settings from core, in the meantime I've added
 DEPRECATED notices to their descriptions and added them
to the deprecated site settings list.

This commit also introduces a `_map` shortcut method definition
for all `group_list` site settings, e.g. `SiteSetting.personal_message_enabled_groups`
also has `SiteSetting.personal_message_enabled_groups_map` available,
which automatically splits the setting by `|` and converts it into
an array of integers.
2022-09-26 13:58:40 +10:00
Vinoth Kannan
998bd191a5
FEATURE: site setting to disable usernames in share links. (#18315)
https://meta.discourse.org/t/share-a-link-for-a-post-should-not-leak-username/66489/22?u=vinothkannans
2022-09-22 23:12:39 +05:30
Alan Guo Xiang Tan
b066955838
DEV: Mobile layout support for experimental user nav (#18308) 2022-09-22 09:45:50 +08:00
David Taylor
e06b9d4a52
DEV: Remove support for legacy plugin JS compilation pipeline (#18293)
This became the default in b1755137
2022-09-21 12:38:02 +01:00
Alan Guo Xiang Tan
c73ca74585
DEV: Make enable_new_user_profile_nav_groups site setting unhidden (#18307)
This improves the usability of the feature flag. Previously, the only
way was to add the right environment variable.
2022-09-21 13:23:51 +08:00
Alan Guo Xiang Tan
da3e72c2b4
DEV: Ship first pass of new user page navigation behind feature flag (#18285)
This commits introduces a new SiteSetting.enable_new_user_profile_nav_groups
feature flag. When configured, users of the configured groups will see
the new user page navigation links.

As of this commit, only the user activity navigation link has been
converted to the newly proposed dropdown of navigation links.

Mobile support has not been considered.
2022-09-21 12:32:47 +08:00
Alan Guo Xiang Tan
1413de2809
UX: Add short site description for anonymous user in sidebar (#18084)
Displays the `short_site_description` site setting in the community
section when the site setting is set
2022-09-21 11:38:29 +08:00
Osama Sayegh
3d2de7ca03
FIX: Add missing string for reviewables in user menu when reviewable post is deleted (#18295) 2022-09-21 09:05:08 +10:00
Osama Sayegh
496f910f03
DEV: Various A11Y improvements for the new user menu (#18288)
This commit includes various accessibility improvements for the new user menu:

* Add `title` attributes to the user menu tabs
* Properly label lists (by adding `aria-labelledby` to `<ul>` elements) for screen readers
* Change the user menu structure so that the tabs come before the content panel in the DOM, but use CSS to reverse them visually.
  Normally, changing the order of elements via CSS is bad for accessibility, but I believe this is one of the rare scenarios where it [makes sense](https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_Flexible_Box_Layout/Ordering_Flex_Items#use_cases_for_order). Prior to this change, if you want to reach the first notification item after you select a tab using the keyboard, you have to hit <kbd>ctrl</kbd>+<kbd>tab</kbd> because the notifications list is before the tabs list. However, with this change, <kbd>tab</kbd> will move you to the first item in the list after you select a tab using your keyboard.
* Aria-hide the unread notifications badge/count on the tabs because the `title` attribute on the tab indicates the unread count.
* Add some tests.
2022-09-20 19:31:56 +03:00
Rafael dos Santos Silva
685e0da8c3
DEV: Update highlight.js to version 11 (#18282) 2022-09-20 12:43:28 -03:00
Discourse Translator Bot
59071a13f4
Update translations (#18287) 2022-09-20 16:03:15 +02:00
Osama Sayegh
0414bd00ae
DEV: Tone down copy in experimental user menu for pending users (#18277)
The experimental user menu has a tab that displays recent reviewables and at the moment when a new signs up for the site and they need to be approved, admins see a very scary "suspicious user" copy in the reviewables tab in the user menu. We don't need the copy to be very scary because when a user needs to be approved, it's because the site operator has configured the site to force all new users to go through the review queue and it's not some kind of spam detector flagging the user.
2022-09-19 19:32:34 +03:00
Alan Guo Xiang Tan
754ad42344
UX: Use the same text for linking to more categories and tags in sidebar (#18275)
Before this change, anonymous user and a logged in user used different
text for the links to the categories and tags routes.

Follow-up to 321aa4b4b4
2022-09-19 12:01:08 +08:00
David Taylor
3679c081a9
Improve Safari 13 warning copy (#18269) 2022-09-16 14:21:54 +01:00
David Taylor
3904c23121
Introduce warning message for Safari 13 and below (#18258)
Discourse will be dropping support for these browsers in early 2023. https://meta.discourse.org/t/224747
2022-09-16 11:17:49 +01:00
Penar Musaraj
86ecb6c58b
DEV: update yes/no confirmation dialogs (#18181) 2022-09-14 11:06:56 -04:00
Discourse Translator Bot
d00cd3295e
Update translations (#18183) 2022-09-13 16:04:18 +02:00
Kris
321aa4b4b4
UX: sidebar more link for categories & tags (#18199) 2022-09-12 13:25:25 -04:00
Penar Musaraj
7547878cde
FIX: Regression with admin user delete dialog buttons (#18179)
This also adds a test to prevent regressions and refactors the very similar delete dialog in the user summary screen.
2022-09-05 09:31:17 +02:00
Bianca Nenciu
19ed9dd183
FIX: Keep private theme key secret from user (#18106)
The generate RSA key and import theme routes worked separate from each
other. The RSA key returned both the public and private key and it was
the frontend which posted the private key back to the server. With this
commit, only the public key is necessary as the server keeps a map of
public and private keys that is used to get the private key back from
a public key.
2022-09-01 13:15:23 +03:00
Discourse Translator Bot
1ed4442c10
Update translations (#18134) 2022-08-30 20:17:57 +02:00
Blake Erickson
eba8b8d34d
FEATURE: Replace Lounge with General Category (#18097)
- Seed the General category so that the general chat channel will have
  a home
- Do not seed the Lounge category anymore
- Move the "Welcome to Site" topic to the General category
2022-08-29 13:05:41 -06:00
David Taylor
1bd1664ae0
DEV: Compile markdown-it-bundle with ember-cli (#18104)
We were already compiling the markdown bundle via ember-cli, but that version was only being used in the test environment. This commit improves the implementation, and updates the filename so it's also used in production.

This commit also
- Removes the vendored copy of `markdown-it.js` and fetches from node_modules instead
- Updates `pretty_text.rb` to remove the custom sprockets-manifest-parsing
- Removes `pretty-text-bundle.js`, which was only being used by `pretty_text.rb`
2022-08-29 19:11:59 +01:00
Penar Musaraj
4116bce902
DEV: Add A11Y-friendly dialog addon (#18028)
This adds a new framework for accessible dialogs that will eventually replace bootbox. Under the hood, it uses the a11y-dialog package and an in-repo Ember addon. See PR for usage details.
2022-08-29 13:59:57 -04:00
Andrei Prigorshnev
b6e0219a74
DEV: extract until date formatting in a library function (#18003) 2022-08-29 15:45:36 +04:00
Kris
000c4e1084
UX: fix styles for the wizard congrats step (#18105) 2022-08-26 12:29:40 -04:00
Discourse Translator Bot
62b87b2df9
Update translations (#18093) 2022-08-26 11:04:49 +02:00
Gerhard Schlager
ec93bca99e
UX: Remove confusing fallback locale warning (#18096) 2022-08-26 01:22:04 +02:00
Alan Guo Xiang Tan
7f198bd975 DEV: Add dedicated translations for links in sidebar
We do not want to depend on existing translations which are used
elsewhere and can break the sidebar experience when changed.
2022-08-25 09:34:36 +08:00
Martin Brennan
b197ca02b7
DEV: Do not MiniProfile theme-javascripts (#18067)
This creates a huge amount of noise depending on
the themes/theme components installed and doesn't
provide much value.
2022-08-24 16:01:42 +10:00
Stephen White
6771673a1b
Fix constraints typo in routes config (#17994) 2022-08-24 10:27:05 +08:00
Discourse Translator Bot
d7ce2d40dd
Update translations (#18053) 2022-08-23 17:24:36 +02:00
David Taylor
33a2624f09
DEV: Introduce flag for compiling Plugin JS with Ember CLI (#17965)
When `EMBER_CLI_PLUGIN_ASSETS=1`, plugin application JS will be compiled via Ember CLI. In this mode, the existing `register_asset` API will cause any registered JS files to be made available in `/plugins/{plugin-name}_extra.js`. These 'extra' files will be loaded immediately after the plugin app JS file, so this should not affect functionality.

Plugin compilation in Ember CLI is implemented as an addon, similar to the existing 'admin' addon. We bypass the normal Ember CLI compilation process (which would add the JS to the main app bundle), and reroute the addon Broccoli tree into a separate JS file per-plugin. Previously, Sprockets would add compiled templates directly to `Ember.TEMPLATES`. Under Ember CLI, they are compiled into es6 modules. Some new logic in `discourse-boot.js` takes care of remapping the new module names into the old-style `Ember.TEMPLATES`.

This change has been designed to be a like-for-like replacement of the old plugin compilation system, so we do not expect any breakage. Even so, the environment variable flag will allow us to test this in a range of environments before enabling it by default.

A manual silence implementation is added for the build-time `ember-glimmer.link-to.positional-arguments` deprecation while we work on a better story for plugins.
2022-08-22 09:56:39 +01:00
Krzysztof Kotlarek
caab916569
FEATURE: default sidebar categories and tags (#17939)
Ability to set up default sidebar categories and tags for authenticated users
2022-08-22 08:46:20 +10:00
Andrei Prigorshnev
21d5904d7c UX: fix typo in a blank page copy 2022-08-19 09:36:51 +08:00
Bianca Nenciu
b082f459c9
FEATURE: Limit maximum recipients for group emails (#17971)
New maximum_recipients_per_new_group_email site setting can be used to
prevent spam group emails with many recipients.
2022-08-18 18:18:58 +03:00
Andrei Prigorshnev
e49167b311
UX: Improve empty state copy on the activity/replies page (#17784) 2022-08-18 18:00:15 +04:00
Andrei Prigorshnev
d7c1ff3116
UX: show blank page placeholder instead of the blue panel that says "No Activity" (#16293) 2022-08-18 17:24:52 +04:00
Alan Guo Xiang Tan
5990842dd9 UX: Revamp styling of sidebar
The following changes are made in this commit:

1. Move caret icon in sidebar section header to the right.
1. Each row in sidebar takes the full width which enables us to do a
full width highlight on hover and when sidebar link is active.
1. Ensure each row in Sidebar is of the same height.

Internal refs: /t/70546, /t/72196, /t/71820
2022-08-18 16:14:49 +08:00