Commit Graph

10025 Commits

Author SHA1 Message Date
Selase Krakani
586454bcf1
Refactor admin base controller (#18453)
* DEV: Add a dedicated Admin::StaffController base controller

The current parent(Admin:AdminController) for all admin-related controllers
uses a filter that allows only staff(admin, moderator) users.

This refactor makes Admin::AdminController filter for only admins as the name suggests and
introduces a base controller dedicated for staff-related endpoints.

* DEV: Set staff-only controllers parent to Admin::StaffController

Refactor staff-only controllers to inherit newly introduced
Admin::StaffController abstract controller. This conveys the
purpose of the parent controller better unlike the previously used parent
controller.
2022-10-31 12:02:26 +00:00
Osama Sayegh
fa9e708cb7
FIX: Don't notify topic author about small action posts (#18789) 2022-10-31 06:26:20 +08:00
Blake Erickson
f7a4fd1f49
FIX: Follow up fixes for password-reset error page (#18794)
* FIX: Follow up fixes for password-reset error page

Pass in `base_url` to the template
Use `.html_safe` since the message now contains html

Follow up to: 9b1536fb83

* Update specs to pass in the base_url
2022-10-28 15:41:26 -06:00
Osama Sayegh
e120c94236
FIX: Don't attempt to add user again to a group when syncing groups via SSO (#18772)
This commit fixes a regression introduced in 8979adc where under certain conditions the groups syncing logic in Discourse Connect would try to add users to groups they're already members of and cause errors when users try to sign in using Discourse Connect.
2022-10-28 13:27:12 +03:00
Alan Guo Xiang Tan
4244b1c57d
FIX: Ignore unique conflicts when backfilling sidebar defaults (#18785)
`insert_all!` raises an error when the insertion violates any unique
constraints which is not what we want here.

Follow-up to 1b56a55f50
2022-10-28 07:47:41 +08:00
Alan Guo Xiang Tan
101ec21bc9
SECURITY: Restrict display of topic titles associated with user badges (#18768)
Before this commit, we did not have guardian checks in place to determine if a
topic's title associated with a user badge should be displayed or not.
This means that the topic title of topics with restricted access
could be leaked to anon and users without access if certain conditions
are met. While we will not specify the conditions required, we have internally
assessed that the odds of meeting such conditions are low.

With this commit, we will now apply a guardian check to ensure that the
current user is able to see a topic before the topic's title is included
in the serialized object of a `UserBadge`.
2022-10-27 11:26:14 +08:00
Alan Guo Xiang Tan
1b56a55f50
DEV: Sidebar default tags and categories are determined at user creation (#18620)
The previous sidebar default tags and categories implementation did not
allow for a user to configure their sidebar to have no categories or
tags. This commit changes how the defaults are applied. When a user is being created,
we create the SidebarSectionLink records based on the `default_sidebar_categories` and
`default_sidebar_tags` site settings. SidebarSectionLink records are
only created for categories and tags which the user has visibility on at
the point of user creation.

With this change, we're also adding the ability for admins to apply
changes to the `default_sidebar_categories` and `default_sidebar_tags`
site settings historically when changing their site setting. When a new
category/tag has been added to the default, the new category/tag will be
added to the sidebar for all users if the admin elects to apply the changes historically.
Like wise when a tag/category is removed, the tag/category will be
removed from the sidebar for all users if the admin elects to apply the
changes historically.

Internal Ref: /t/73500
2022-10-27 06:38:50 +08:00
Alan Guo Xiang Tan
a473e352de
DEV: Introduce TopicGuardian#can_see_topic_ids method (#18692)
Before this commit, there was no way for us to efficiently check an
array of topics for which a user can see. Therefore, this commit
introduces the `TopicGuardian#can_see_topic_ids` method which accepts an
array of `Topic#id`s and filters out the ids which the user is not
allowed to see. The `TopicGuardian#can_see_topic_ids` method is meant to
maintain feature parity with `TopicGuardian#can_see_topic?` at all
times so a consistency check has been added in our tests to ensure that
`TopicGuardian#can_see_topic_ids` returns the same result as
`TopicGuardian#can_see_topic?`. In the near future, the plan is for us
to switch to `TopicGuardian#can_see_topic_ids` completely but I'm not
doing that in this commit as we have to be careful with the performance
impact of such a change.

This method is currently not being used in the current commit but will
be relied on in a subsequent commit.
2022-10-27 06:13:21 +08:00
Andrei Prigorshnev
20efd494ef
DEV: move BasicUserWithStatusSerializer from Discourse Chat (#18745) 2022-10-26 16:41:31 +04:00
Alan Guo Xiang Tan
fd993240fd
DEV: Add missing assertion for InvitesController test (#18755) 2022-10-26 13:04:55 +01:00
Osama Sayegh
787d512c03
FIX: Add theme-color <meta> tag when a dark scheme is selected (#18747)
Meta topic: https://meta.discourse.org/t/meta-theme-color-is-not-respecting-current-color-scheme/239815/7?u=osama.

This commit renders an additional `theme-color` `<meta>` tag for the dark scheme if the current user/request has a scheme selected for dark mode. We currently only render one `theme-color` tag which is always based on the user's selected scheme for light mode, but if the user also selects a scheme for dark mode and uses a device that's configured to use/prefer dark mode, the Discourse UI will be in dark mode, but any parts of the browser/OS UI that's colored based on the `theme-color` tag, would use a color from the user's selected light scheme and look inconsistent with the Discourse UI because the `theme-color` tag is based on the user's selected light scheme.

The additional `theme-color` tag has `media="(prefers-color-scheme: dark)"` and is based on the user's selected dark scheme which means any browser UI that's colored based on `theme-color` tags should be able to pick the right tag based on the user's preference for light/dark mode.
2022-10-26 07:18:05 +03:00
Alan Guo Xiang Tan
305b7c8fae
DEV: Update rubocop (#18754) 2022-10-26 09:05:15 +08:00
Blake Erickson
f78ea9926b
DEV: Add description for active param on create user api docs (#18753)
The `active` param on the create user endpoint requires that an api key
is used in the request header otherwise it is ignored, so adding this
distinction to the api docs.
2022-10-25 18:24:54 -06:00
Osama Sayegh
43ef44127c
UX: Send notification of type replied to topic author if they're watching the topic (#18684)
Related to aeee7ed.

Before the change in aeee7ed, notifications for direct replies to your posts and notifications for replies in watched topics looked the same in the notifications menu -- they both used the arrow icon.

We decided in aeee7ed to distinguish them by changing "watched topics" notifications to use the bell icon because it was confusing for users who watch topics to see the same icon for direct replies and "watched topics". However, that change also means that non-power/new users who receive replies to topics _they create_ will get notifications with the bell icon because technically they're watching the topic, but the arrow icon is more appropriate for this case because we use it throughout the app to indicate "replies".

This commit adds a special-case so that if a user is watching a topic AND the topic is created by them, they receive notifications with the arrow icon (type `replied`) instead of the bell icon (type `posted`) for new posts in the topic.

Internal topic: t/79051.
2022-10-25 11:53:35 +03:00
Osama Sayegh
8979adc3af
FIX: Log user addition/deletion from groups when they're changed via DiscourseConnect (#18677)
Discourse Connect can be used to manage group memberships of users by including a `add_groups`, `remove_groups` or `groups` attribute in the Discourse Connect payload. However, additions/deletions of users from groups aren't logged to the groups logs (available at `/g/<group>/manage/logs`) which can cause confusions to admins they try to figure out when/how users were added or removed from a group. This commit makes Discourse Connect add entries to the groups logs when it makes changes to users' group memberships.
2022-10-25 11:25:26 +03:00
Jarek Radosz
df56ab172a
DEV: Remove remaining hardcoded ids (#18735) 2022-10-25 15:29:09 +08:00
Blake Erickson
fd8fd0a1f0
DEV: Document create group api params (#18736)
* DEV: Document create group api params

Documenting more params that are available to the create group api
endpoint.

* fix spelling
2022-10-24 18:55:51 -06:00
Martin Brennan
cde2719ea1
DEV: Fix flaky uploads:disable_secure_uploads spec (#18719)
This test flakes occassionally, possibly because
of the arg ordering which we do not guarantee.
In future if this keeps occurring we may want to
try make expect_enqueued_with not care about argument
orders or the order of arrays etc within those arguments.
2022-10-25 09:01:15 +10:00
Martin Brennan
0730a56ce7
FEATURE: Generic hashtag autocomplete sorting (#18718)
Adds sorting for the HashtagAutocompleteService to
sort the results by case-insensitive text _within_
the type sort order specified by the params. This
should fix some flaky specs as well.
2022-10-25 08:59:17 +10:00
Alan Guo Xiang Tan
0ffd408674
DEV: Remove harded id when fabricating in tests (#18729)
Hardcoding ids always lead to sadness for our test suite
2022-10-25 06:18:40 +08:00
Bianca Nenciu
266e165885
FIX: Use only first line from commit message (#18724)
Linking a commit from a GitHub pull request included the complete commit
message, instead of just the first line. The rest of the commit message
will be added to the body of the Onebox.
2022-10-24 22:26:48 +03:00
Jan Cernik
25fbbf4020
UX: Stop falling back to topic image on embeds (#18720)
If linked post (not OP) has no image, it won't fall back to the topic
image anymore.
2022-10-24 14:54:02 -03:00
Alan Guo Xiang Tan
c752d68737
DEV: Fabricate instead of just building topic, post and user in tests (#18698)
Building does not persist the object in the database which is
unrealistic since we're mostly dealing with persisted objects in
production.

In theory, this will result our test suite taking longer to run since we
now have to write to the database. However, I don't expect the increase
to be significant and it is actually no different than us adding new
tests which fabricates more objects.
2022-10-24 05:51:41 +08:00
David Taylor
cc439cf412
DEV: Apply theme template transforms to colocated components (#18704) 2022-10-21 19:05:34 +01:00
dependabot[bot]
5827d1eecc
Build(deps): Bump @babel/standalone from 7.19.3 to 7.19.6 in /app/assets/javascripts (#18689)
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone) from 7.19.3 to 7.19.6.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.19.6/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/standalone"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Tweak whitespace expectations in tests

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Taylor <david@taylorhq.com>
2022-10-21 14:48:27 +01:00
Alan Guo Xiang Tan
5fbd16926b
DEV: Add missing test case for TopicGuardian#can_see_topic? (#18694)
Staged users are allowed to view topics they created in a read restricted category
when category has `Category#email_in` and
`Category#email_in_allow_strangers` configured.
2022-10-21 16:40:46 +08:00
Bianca Nenciu
0be0bcfc7d
FIX: Do not show a 404 page when visiting messages (#18652)
* DEV: Use list controller and action

It used an empty action handler which just returned the app and it
required another request to get the topic list. By using the correct
controller and action we can preload the topic list.
2022-10-20 16:24:56 +03:00
Osama Sayegh
ce53152e53
DEV: Include theme_uploads and theme_uploads_local objects in theme tests (#18645)
Our theme system injects a magical `settings` object at the top of themes JS modules to allow theme authors to access the settings as configured by admins in the UI. Within this `settings` object, there are a couple of special objects `theme_uploads` and `theme_uploads_local` that contain URLs for all the assets/uploads that the theme has.

For test modules/files, the theme system also injects a `settings` object at the top of tests modules, but it's not the same object as the object that's injected in non-test files. The difference is that in tests we want the settings to have their default values as opposed to any custom values that may exist in the site's database. This ensures that test results are consistent no matter the site that runs them.

However, the `settings` object in tests files currently doesn't have the special objects `theme_uploads` and `theme_uploads_local` which means that if a theme includes an asset that's lazy-loaded, it's not possible to write tests for anything that depends on the lazy-loaded asset because the theme will not be able to load the asset during the tests since `theme_uploads_local` and `theme_uploads` don't exist. This PR adds these special objects inside the `settings` object for test files.

Internal topic: t/71825/52.
2022-10-20 08:00:29 +03:00
Blake Erickson
505aec123f
FEATURE: Hide welcome topic if it hasn't been edited (#18632) 2022-10-19 20:01:36 -06:00
Bianca Nenciu
66904f2cd2
FEATURE: Add button to reset seen popups (#18586) 2022-10-20 09:06:39 +08:00
Bianca Nenciu
6b788d7329
FIX: Skip all post validations if necessary (#18625)
When PostRevisor is called with 'skip_validations: true' it can save
the post twice and one of the calls passes the correct 'validate: false'
argument, but the other one does not.
2022-10-19 18:54:32 +03:00
David Taylor
c185043590
FIX: Ensure minification does not break colocated connectors (#18664)
The filenames (minus the extensions) were being used as keys in a hash to pass to Terser, which meant that colocated connector files would overwrite each other. This commit moves the un-colocating earlier in the pipeline so that the fixed filenames are passed to Terser.

Followup to be3d6a56ce
2022-10-19 10:49:01 +01:00
Joffrey JAFFEUX
a705e4815f
FIX: do not include group less emojis in standard list (#18659) 2022-10-19 09:53:56 +02:00
Martin Brennan
7c25597da2
FEATURE: Generic hashtag autocomplete part 1 (#18592)
This commit adds a new `/hashtag/search` endpoint and both
relevant JS and ruby plugin APIs to handle plugins adding their
own data sources and priority orders for types of things to search
when `#` is pressed.

A `context` param is added to `setupHashtagAutocomplete` which
a corresponding chat PR https://github.com/discourse/discourse-chat/pull/1302
will now use.

The UI calls `registerHashtagSearchParam` for each context that will
require a `#` search (e.g. the topic composer), for each type of record that
the context needs to search for, as well as a priority order for that type. Core
uses this call to add the `category` and `tag` data sources to the topic composer.

The `register_hashtag_data_source` ruby plugin API call is for plugins to
add a new data source for the hashtag searching endpoint, e.g. discourse-chat
may add a `channel` data source.

This functionality is hidden behind the `enable_experimental_hashtag_autocomplete`
flag, except for the change to `setupHashtagAutocomplete` since only core and
discourse-chat are using that function. Note this PR does **not** include required
changes for hashtag lookup or new styling.
2022-10-19 14:03:57 +10:00
Krzysztof Kotlarek
45bdfa1c84
FIX: sidebar_list_destination on CurrentUserSerializer (#18660)
Before, `sidebar_list_destination` was an attribute on UserOptionSerializer. The problem was that this attribute was added to user model only when the user entered the preferences panel. We want that attribute to be available all the time, therefore it was moved to CurrentUserSerializer.
2022-10-19 11:48:36 +11:00
Roman Rizzi
d25ca2a468
FIX: Exclude hidden topic posts and small actions from the RSS feed. (#18649)
This commit excludes posts from hidden topics from the latest posts and user activity RSS feeds. Additionally, it also excludes small actions from the first one.
2022-10-18 15:19:54 -03:00
David Taylor
be3d6a56ce
DEV: Introduce minification and source maps for Theme JS (#18646)
Theme javascript is now minified using Terser, just like our core/plugin JS bundles. This reduces the amount of data sent over the network.

This commit also introduces sourcemaps for theme JS. Browser developer tools will now be able show each source file separately when browsing, and also in backtraces.

For theme test JS, the sourcemap is inlined for simplicity. Network load is not a concern for tests.
2022-10-18 18:20:10 +01:00
David Taylor
cb87067c77 DEV: Introduce support for template colocation in themes 2022-10-18 10:10:49 +01:00
David Taylor
65a5c84a92 DEV: perform theme extra_js compilation all together
Previously, compiling theme 'extra_js' was done with a number of steps. Each theme_field would be compiled into its own value_baked column, and then the JavascriptCache content would be built by concatenating all of those compiled values.

This commit streamlines things by removing the value_baked step. The raw value of all extra_js theme_fields are passed directly to the ThemeJavascriptCompiler, and then the result is stored in the JavascriptCache.

In itself, this commit should not cause any behavior change. It is designed to open the door to more advanced compilation features which have interdependencies between different source files (e.g. template colocation, sourcemaps).
2022-10-18 10:10:49 +01:00
Krzysztof Kotlarek
243efa8931
FEATURE: allow user to set preferred sidebar list destination (#18594)
User can choose between latest or new/unread and that preference will affect behavior of sidebar links.
2022-10-18 13:21:52 +11:00
Blake Erickson
124ee4b7bb
Revert "FEATURE: Hide Privacy Policy and TOS topics (#18533)" (#18633)
This reverts commit 49abcf965b.
2022-10-18 10:26:34 +11:00
Alan Guo Xiang Tan
d1304ecb46
DEV: Move sidebar site settings to the sidebar category (#18596)
Sidebar category is only shown in the admin panel when `enable_experimental_sidebar_hamburger` site setting is enabled
2022-10-17 10:33:15 +08:00
Joffrey JAFFEUX
3bd94b2794
DEV: includes search_aliases in emoji object (#18608)
This is an information we need on client side for example when filtering emojis.
2022-10-15 07:09:00 -05:00
David Taylor
e0a6d12c55
Use service account credentials for fetching google hd groups (#18329)
The previous implementation would attempt to fetch groups using the end-user's Google auth token. This only worked for admin accounts, or users with 'delegated' access to the `admin.directory.group.readonly` API.

This commit changes the approach to use a single 'service account' for fetching the groups. This removes the need to add permissions to all regular user accounts. I'll be updating the [meta docs](https://meta.discourse.org/t/226850) with instructions on setting up the service account.

This is technically a breaking change in behavior, but the existing implementation was marked experimental, and is currently unusable in production google workspace environments.
2022-10-13 16:04:42 +01:00
Martin Brennan
beaf009b4a
FIX: action_code_path not being loaded for user-stream-item (#18577)
This commit fixes an issue where we had a typo in the
UserAction.stream query which meant that action_code_path
was not loaded correctly. Once that was fixed, we were also
not actually using the action_code_path in the user-stream-item,
so that has been fixed here too.

The bug this caused was that, when the link for the action was
clicked within the user-stream-item, the user would be redirected
to a URL ending with `[missing%20%%7Bpath%7D%20value]` because
the I18n call did not have the path present.
2022-10-13 19:10:18 +10:00
Alan Guo Xiang Tan
deb0656b63
UX: Hide tags section in sidebar when user has no visible tags (#18539)
Also hides the tags configuration for sidebar under user preferences

Internal ref: /t/73500
2022-10-13 08:37:28 +08:00
Vinoth Kannan
7f167de10b
FIX: remove nil items before sorting the sha1 string array. (#18571)
Previously, when the array had both nil and string values it returned the error "comparison of NilClass with String failed". Now I added the `.compact` method to prevent this issue as per @martin-brennan's suggestion https://github.com/discourse/discourse/pull/18431#discussion_r984204788
2022-10-13 02:43:56 +05:30
Andrei Prigorshnev
0fe111e492
FEATURE: add user status to user preferences (#18532) 2022-10-12 23:35:25 +04:00
dependabot[bot]
c4812948f6
Build(deps-dev): Bump rspec-rails from 5.1.2 to 6.0.0 (#18534)
* Build(deps-dev): Bump rspec-rails from 5.1.2 to 6.0.0

Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 5.1.2 to 6.0.0.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v5.1.2...v6.0.0)

---
updated-dependencies:
- dependency-name: rspec-rails
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* FIX: Set the default level of FakeLogger

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2022-10-12 20:25:49 +02:00
Blake Erickson
efb116d2bd
FIX: Reset related site settings on general category delete (#18548)
* FIX: Reset related site settings on general category delete

If the new seeded General category is deleted we also need to delete the
corresponding site setting for it so that we don't try and reference it.

This fixes a bug in the category dropdown composer.

This change creates the `clear_related_site_settings` after destroy
hook that could also be used by other features in the future, like maybe
when we have a `default_category_id` site_setting.

Looks like if `nil` out a site setting it is set to `0`?

```
[9] pry(main)> SiteSetting.general_category_id = nil
  SiteSetting Load (0.4ms)  SELECT "site_settings".* FROM "site_settings" WHERE "site_settings"."name" = 'general_category_id' LIMIT 1
=> nil
[10] pry(main)> SiteSetting.general_category_id
=> 0
```

That is why the tests check if the value is `< 1` and not `nil`.

* Use -1 instead of nil because it is the default
2022-10-12 11:09:45 -06:00