Commit Graph

65 Commits

Author SHA1 Message Date
Alan Guo Xiang Tan 322a3be2db
DEV: Remove logical OR assignment of constants (#29201)
Constants should always be only assigned once. The logical OR assignment
of a constant is a relic of the past before we used zeitwerk for
autoloading and had bugs where a file could be loaded twice resulting in
constant redefinition warnings.
2024-10-16 10:09:07 +08:00
Bianca Nenciu 50cb7b897e
FIX: Use full column name to prevent ambiguous query (#29111)
This can happen when other plugins, for example discourse-rainbow, are
installed and add columns with same names.
2024-10-07 19:33:07 +03:00
Bianca Nenciu dd5502f166
PERF: Cache serialized voters at topic view level (#28894)
This commit introduces a way to fetch the "serialized voters" for
multiple polls.

* Use a single query to fetch voters for all types of polls

* Refactor to introduce all_serialized_voters

* Cache serialized voters
2024-09-18 12:01:40 +03:00
Robert 183ef2024c
FIX: poll ranked choice result algo majority check (#28191) 2024-08-02 08:51:26 +02:00
Robert bae492efee
FEATURE: Add Ranked Choice Voting
using Instant Run-off Voting algorithm to Poll Plugin (Part 2 add Ranked Choice)

---------

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2024-07-17 11:49:14 +02:00
Robert e3b6be15b8
FEATURE: Add Instant Run-off Voting to Poll Plugin (Part 1: migrate existing plugin to Glimmer only) (#27204)
The "migration to Glimmer" has been broken out here from #27155 to make the review process less onerous and reduce change risk: 

* DEV: migrates most of the widget code to Glimmer in prep for IRV additions
* NB This already incorporates significant amounts of review and feedback from the prior PR.
* NB because there was significant additional feedback relating to older Poll code that I've improved with feedback, there are some additional changes here that are general improvements to the plugin and not specific to IRV nor Glimmer!
* There should be no trace of IRV code here.

Once this is finalised and merged we can continue to progress with #27155.
2024-07-04 13:34:48 +02:00
Loïc Guitaut 2a28cda15c DEV: Update to lastest rubocop-discourse 2024-05-27 18:06:14 +02:00
Régis Hanol 12cba2ce24 PERF: bail out of expensive post validations
Whenever a post already failed "lightweight" validations, we skip all the expensive validations (that cooks the post or run SQL queries) so that we reply as soon as possible.

Also skip validating polls when there's no "[/poll]" in the raw.

Internal ref - t/115890
2024-05-07 18:56:16 +02:00
Loïc Guitaut f7d7092a7a DEV: Update rubocop-discourse to latest version
The lastest version of rubocop-discourse enables rules regarding
plugins.
2024-03-04 15:08:35 +01:00
Natalie Tay ef292d1fed
DEV: Shorten a condition (#25951) 2024-02-29 12:57:53 +08:00
Martin Brennan a03f87bdbd
DEV: Move core plugin TL -> group settings (#25355)
* DEV: Change poll_minimum_trust_level_to_create to group based setting

New setting is poll_create_allowed_groups

c.f. https://meta.discourse.org/t/changes-coming-to-settings-for-giving-access-to-features-from-trust-levels-to-groups/283408

* DEV: Move styleguide_admin_only to group based setting

Not exactly a TL -> group change, but still part of the
overall effort here:

https://meta.discourse.org/t/changes-coming-to-settings-for-giving-access-to-features-from-trust-levels-to-groups/283408

New setting is styleguide_allowed_groups
2024-01-23 11:35:14 +10:00
Jarek Radosz 694b5f108b
DEV: Fix various rubocop lints (#24749)
These (21 + 3 from previous PRs) are soon to be enabled in rubocop-discourse:

Capybara/VisibilityMatcher
Lint/DeprecatedOpenSSLConstant
Lint/DisjunctiveAssignmentInConstructor
Lint/EmptyConditionalBody
Lint/EmptyEnsure
Lint/LiteralInInterpolation
Lint/NonLocalExitFromIterator
Lint/ParenthesesAsGroupedExpression
Lint/RedundantCopDisableDirective
Lint/RedundantRequireStatement
Lint/RedundantSafeNavigation
Lint/RedundantStringCoercion
Lint/RedundantWithIndex
Lint/RedundantWithObject
Lint/SafeNavigationChain
Lint/SafeNavigationConsistency
Lint/SelfAssignment
Lint/UnreachableCode
Lint/UselessMethodDefinition
Lint/Void

Previous PRs:
Lint/ShadowedArgument
Lint/DuplicateMethods
Lint/BooleanSymbol
RSpec/SpecFilePathSuffix
2023-12-06 23:25:00 +01:00
Martin Brennan 30d5e752d7
DEV: Revert guardian changes (#24742)
I took the wrong approach here, need to rethink.

* Revert "FIX: Use Guardian.basic_user instead of new (anon) (#24705)"

This reverts commit 9057272ee2.

* Revert "DEV: Remove unnecessary method_missing from GuardianUser (#24735)"

This reverts commit a5d4bf6dd2.

* Revert "DEV: Improve Guardian devex (#24706)"

This reverts commit 77b6a038ba.

* Revert "FIX: Introduce Guardian::BasicUser for oneboxing checks (#24681)"

This reverts commit de983796e1.
2023-12-06 16:37:32 +10:00
Martin Brennan 9057272ee2
FIX: Use Guardian.basic_user instead of new (anon) (#24705)
c.f. de983796e1

There will soon be additional login_required checks
for Guardian, and the intent of many checks by automated
systems is better fulfilled by using BasicUser, which
simulates a logged in TL0 forum user, rather than an
anon user.

In some cases the use of anon still makes sense (e.g.
anonymous_cache), and in that case the more explicit
`Guardian.anon_user` is used
2023-12-06 11:56:21 +10:00
Kelvin Tan ee084b754e
SECURITY: Prevent unauthorized access to grouped poll results
This adds access controls for the `/polls/grouped_poll_results`
endpoint, such that only users with appropriate permissions can read
the grouped results of a given poll.
2023-10-16 10:34:37 -04:00
Selase Krakani 55bdab2b3b
FIX: Ensure poll extraction is not attempted if post body is absent (#19718)
Since the poll post handler runs very early in the post creation
process, it's possible to run the handler on an obiviously invalid post.

This change ensures the post's `raw` value is present  before
proceeding.
2023-01-13 01:47:44 +00:00
David Taylor 055310cea4
DEV: Apply syntax_tree formatting to `plugins/*` 2023-01-07 11:11:37 +00:00
Daniel Waterworth 167181f4b7
DEV: Quote values when constructing SQL (#18827)
All of these cases should already be safe, but still good to quote for
"defense in depth".
2022-11-01 14:05:13 -05:00
Bianca Nenciu 62cbb766cd
FIX: Validate post's polls as acting user (#16638)
It used to validate the post from the perspective of the user who
created the post. That did not work well when an admin attempted to
add a poll to a post created by a user who cannot create posts because
it said the user cannot create polls.

The problem was that it used post.user for the validation process
instead of post.acting_user.
2022-05-05 09:54:10 +03:00
Vinoth Kannan 461936f211
FIX: don't validate and render the polls inside a quoted post. (#15019)
Previously, we had issues while approving posts since we validated the polls inside quotes.
2022-04-15 16:33:07 +05:30
Alan Guo Xiang Tan 21822cf0b7 FIX: Error when voting on a multiple poll without the min/max attrs. 2022-01-05 11:31:18 +08:00
Alan Guo Xiang Tan 1d0faedfbc
FIX: Validate number of votes allowed per poll per user. (#15001)
* DEV: Remove spec that we no longer need.

As far as we know, the migration has been successful for a number of
years.

* FIX: Validate number of votes allowed per poll per user.
2021-11-19 09:50:08 +08:00
Bianca Nenciu 6a143030f8
FEATURE: Allow users to remove their vote (#14459)
They can use the remove vote button or select the same option again for
single choice polls.

This commit refactor the plugin to properly organize code and make it
easier to follow.
2021-10-05 11:38:49 +03:00
Jarek Radosz babbebfb35
FEATURE: Add the title attribute to polls (#10759)
Adds an optional title attribute to polls. The rationale for this addition is that polls themselves didn't contain context/question and relied on post body to explain them. That context wasn't always obvious (e.g. when there are multiple polls in a single post) or available (e.g. when you display the poll breakdown - you see the answers, but not the question)

As a side note, here's a word on how the poll plugin works:

> We have a markdown poll renderer, which we use in the builder UI and the composer preview, but… when you submit a post, raw markdown is cooked into html (twice), then we extract data from the generated html and save it to the database. When it's render time, we first display the cooked html poll, and then extract some data from that html, get the data from the post's JSON (and identify that poll using the extracted html stuff) to then render the poll using widgets and the JSON data.
2020-10-02 09:21:24 +02:00
Kane York 330102fd20 FEATURE: Show votes in an "on voted" poll to the creator
This required properly plumbing the guardian into the serializer.

Notably, the default state in the client was not changed - if you haven't voted in
the poll, you need to click the button to view the results instead of the results
being immediately visible on page load.

Implements https://meta.discourse.org/t/-/138108
2020-03-20 13:36:42 -07:00
Dan Ungureanu c62d5b139b
FIX: Allow users to create polls in PMs with non human users (#9055) 2020-03-02 14:29:40 -05:00
Mark VanLandingham 5d97286fa7
FEATURE: Allow single option polls (#8853) 2020-02-05 08:03:27 -06:00
Bianca Nenciu 07222af7ab
FEATURE: Add 'groups' option to polls (#8469)
This options can be used to restrict polls to certain groups.
2020-01-28 14:30:04 +02:00
Jarek Radosz 9e3fc1111d
FIX: Add a blank poll options validation (#8652)
Before, saving a post with a blank poll option resulted in error 500.
2020-01-03 15:09:36 +01:00
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Guo Xiang Tan 152238b4cf DEV: Prefer `public_send` over `send`. 2019-05-07 09:33:21 +08:00
Bianca Nenciu e49bcebb35 FIX: Validate poll arguments. (#6740)
* FIX: Validate number poll.
* FEATURE: Poll's min can be 0.
* FIX: Fix URL to user profile.
2018-12-31 10:48:30 +01:00
Bianca Nenciu c928386c3e FIX: Copy old status to new poll. (#6788) 2018-12-19 11:29:13 +01:00
Régis Hanol aea2d8bbeb FIX: properly secure poll message bus
Co-authored-by: Sam <sam.saffron@gmail.com>
2018-12-05 21:27:49 +01:00
Régis Hanol 4459665dee
REFACTOR: use tables instead of custom fields for polls (#6359)
Co-authored-by: Guo Xiang Tan <tgx_world@hotmail.com>
2018-11-19 14:50:00 +01:00
Régis Hanol f05ca02f13 FIX: unable to add new poll to post with a public poll 2018-06-05 15:49:21 +02:00
Régis Hanol 9ff2d540ba fix the build 2018-05-03 10:32:01 +02:00
Régis Hanol ba14c80b9c FEATURE: automatically close a poll on a given date and time 2018-05-03 02:12:19 +02:00
Guo Xiang Tan 51657d3426 Allow polls to be added/renamed/removed as long as user can edit posts. 2018-03-14 11:00:57 +08:00
Guo Xiang Tan b77553a635 FIX: Staff should be able to updates polls when edit window expires.
https://meta.discourse.org/t/moderators-cannot-remove-polls-from-posts/81804/7?u=tgxworld
2018-03-08 16:45:06 +08:00
Guo Xiang Tan d02e2cbcca PERF: Avoid fetching a bunch of ids in polls updater. 2018-03-07 14:18:56 +08:00
Gerhard Schlager 7a2183e8ab FEATURE: rake task for merging users 2018-03-01 12:28:12 +01:00
Joffrey JAFFEUX 316d814130
FIX: staff should always be allowed to create polls if they are enabled 2017-12-05 00:03:56 +01:00
Joffrey JAFFEUX 76bc173d47
FEATURE: adds poll_allow_staff_to_create
This setting will bypass poll_minimum_trust_level_to_create if set to true
2017-12-04 18:12:17 +01:00
Joffrey JAFFEUX 63bab32816 FEATURE: introduces minimum trust level for polls (#5391)
* FEATURE: introduces minimum trust level for polls

This commit makes `poll_enabled` less misleading and introduces `poll_minimum_trust_level_to_create`. If poll are enabled they will always be cooked, and if you have the required trust level you can create polls. As a side effect, it also fixes a bug where rebaking a post created by staff member when `poll_enabled=false` would end up not cooking it.

It also adds more tests to ensure settings are respected.

* admins should be whitelisted

* checks for admin in post validation

* test for >= instead of == trust level
2017-12-04 14:47:11 +01:00
Sam 43c0111ca1 FIX: multichoice poll with more than 25 votes
In the past we would double up on avatars due to incorrect logic for
handling offset
2017-08-14 15:33:59 -04:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Sam Saffron 045a2abcec FEATURE: remove the timecop gem
We should only have one way of mocking time, misuse of timecop
was causing build stability issues
2017-07-24 12:11:10 -04:00
Guo Xiang Tan e80a1dfa43 FIX: Post with multiple polls containing votes can not be edited.
https://meta.discourse.org/t/500-internal-server-error-when-editing-specific-poll-in-a-post-with-votes-editing-other-polls-works-fine/59684
2017-07-14 12:33:22 +09:00
Guo Xiang Tan 8c4dfdfa40 FIX: Votes lost when editing a poll option with votes. 2017-01-16 22:51:57 +08:00