Commit Graph

10740 Commits

Author SHA1 Message Date
Juan David Martínez Cubillos 93e5272223
FIX: Incompatibility between default_composer_category and default_subcategory_on_read_only_category (#22165) 2023-06-16 15:56:25 -05:00
David Taylor f8ea5b1136
DEV: Update TranslateAccelerator missing translation string (#22158)
Upstream added a capital 'T' to the 'Translation missing' message in https://github.com/ruby-i18n/i18n/commit/c5c6e753f3. This caused our translate accelerator patch to diverge, and the change in case affected a number of our specs. This commit updates the translate accelerator to match the upstream casing, and introduces a spec to detect future divergence.
2023-06-16 15:28:03 +01:00
Alan Guo Xiang Tan d60c90aef1
DEV: Change `have_section_link` match to use exact text match. (#22148)
Today I learnt that `has_link?("text of link")` by default does an
includes instead of looking for a link with the exact text. This is not
the behaviour I want so I'm changing
`PageObjects::Components::Sidebar.has_section_link?` to use the
`exact_text` option instead.
2023-06-16 16:36:34 +08:00
Martin Brennan 9174716737
DEV: Remove Discourse.redis.delete_prefixed (#22103)
This method is a huge footgun in production, since it calls
the Redis KEYS command. From the Redis documentation at
https://redis.io/commands/keys/:

> Warning: consider KEYS as a command that should only be used in
production environments with extreme care. It may ruin performance when
it is executed against large databases. This command is intended for
debugging and special operations, such as changing your keyspace layout.
Don't use KEYS in your regular application code.

Since we were only using `delete_prefixed` in specs (now that we
removed the usage in production in 24ec06ff85)
we can remove this and instead rely on `use_redis_snapshotting` on the
particular tests that need this kind of clearing functionality.
2023-06-16 12:44:35 +10:00
Sérgio Saquetim 4b22e67c8b
DEV: Added modifier to change mentions extracted from cooked text (#21654)
Added a new modifier hook to allow plugins to modify the @mentions
extracted from a cooked text.

Use case: Some plugins may change how the mentions are cooked to prevent
them from being confused with user or group mentions and display the user
card.

This modifier hook allows the plugin to filter the mentions detected or add new ways
to add mentions into cooked text.
2023-06-15 10:52:52 -03:00
Krzysztof Kotlarek 959c50001d
FIX: rename everything link to topics (#22076)
Rename everything link in community sidebar section to topics, which is
a bit more descriptive.
2023-06-15 11:36:38 +10:00
Krzysztof Kotlarek 2effcaa0f9
FIX: Update sidebar to be navigation menu (#22101)
Communities can use sidebar or header dropdown, therefore navigation menu is a better name settings in 2 places:

- Old user sidebar preferences;
- Site setting about default tags and categories.
2023-06-15 09:31:28 +10:00
Keegan George 9dc63c0755
UX: Add required indicator to fields with `required` validation (#22096) 2023-06-14 11:25:05 -07:00
Juan David Martínez Cubillos 8b39125985
FEATURE: Implement max_tags_per_email_subject (#22050)
* FEATURE: Implement max_tags_per_email_subject

* made it so only max_tags_per_email_subject is responsible for tags in emails when the feature is enabled

* added locales for implemented siteSettings

* reworded locale for enable_max_tags_per_email_subject

* added min value for max_tags_per_email_subject

* Implemented suggested changes to spec description
2023-06-14 12:22:14 -05:00
Selase Krakani 2652354da3
FIX: Moderator(non-admin staff user) group visibility scope queries (#22109)
Currently, groups owned by moderators are not visible to them on the
groups page. This happens because, the group visibility queries don't
account for non-admin staff user group ownership.

This change updates the group visibility scope queries to account for a
moderator(non-admin staff user) group ownership.
2023-06-14 15:25:45 +00:00
Natalie Tay 3fe06bba9d
FIX: Allow half-merged user to be accessed in admin UI (#22105) 2023-06-14 19:19:12 +08:00
Ted Johansson a674c6c4c2
DEV: Update username in new quote format - Part 1 (#22032)
When we introduced the new quote format with full-name display name:

```
[quote="Ted Johansson, post:1, topic:2, username:ted"]
we overlooked the code responsible for rewriting quotes when a user's name is changed.
```

The functional part of this change adds support for the new quote format in the code that updates quotes when a user's username changes. See the test case in `spec/services/username_changer_spec.rb` for the details.

In addition, this change adds a regression test for PrettyText to cover the new quote format, and extracts the code responsible for rewriting raw and cooked quotes into its own `QuoteRewriter` class. The functionality of the latter is tested through the tests in `spec/services/username_changer_spec.rb`.
2023-06-14 16:14:11 +08:00
Sam eb603b246b
PERF: limit anonymization to 1 per cluster (#21992)
Anonymization is among the most expensive operations we can perform with
extreme potential to impact the database. To mitigate risk we only allow a
single anonymization across the entire cluster concurrently.

This commit introduces support for `cluster_concurrency 1`. When you set that on a Job it will only allow 1 concurrent execution per cluster.
2023-06-14 08:30:23 +10:00
Jarek Radosz dae3970bad
DEV: Fix random typos (#22078)
Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2023-06-13 22:02:21 +02:00
Roman Rizzi 8938ecabc2
FEATURE: Custom content summarization strategies. (#21813)
* FEATURE: Content custom summarization strategies.

This PR establishes a pattern for plugins to register alternative ways of summarizing content by extending a class that defines an interface.

Core controls which strategy we'll use and who has access to it through the `summarization_strategy` and `custom_summarization_allowed_groups`. It also defines the UI for summarizing topics.

Other plugins can access this summarization mechanism and implement their features, removing cross-plugin customizations, as it currently happens between chat and the discourse-ai plugin.

* Group membership validation and rate limiting

* Work with objects instead of classes

* Port summarization feature from discourse-ai to chat

* Rename available summaries to 'Top Replies' and 'Summary'
2023-06-13 14:21:46 -03:00
Blake Erickson dcceb91000
SECURITY: Prevent dismissal of topics that user can't see (#22086)
Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
2023-06-13 11:08:55 -06:00
Blake Erickson 644dded000
SECURITY: Use canonical url for topic embeddings (#22085)
This prevents duplicate topics from being created when using embed_urls
that only differ on query params.
2023-06-13 11:08:08 -06:00
Blake Erickson 56b74e6042
SECURITY: Limit ThemeField value length to prevent DoS (#22087)
Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
2023-06-13 12:07:47 -05:00
Régis Hanol 4cb3412a56
PERF: improve `findAllMatches` speed (#22083)
When we introduced unicode support in the regular expressions used in watched words (9a27803) we didn't realize the cost adding the `u` flag would be.

Turns out, it's pretty bad when you have lots of regular expressions to test. A customer had slightly less than 200 watched words, and it would freeze the browser for about 2s on the first check of those regular expressions (roughly 10ms per regular expression).

This commit introduces a new field (`word`) to the serialized watched words which is then converted to a very fast and cheap regular expression on the client-side. We use that regexp to quicly check whether a matcher is even worth trying so that we don't incure the cost of compiling the expensive unicode regexp.

This commit also busts the `WordWatcher` cache since we added a new field to be serialized.

One nice side effect of using `matchAll` instead of a `while / exec` loop is that the likeliness of having a bad regexp matching infinitely is vastly reduced 🙌
2023-06-13 18:34:28 +02:00
Loïc Guitaut 5257c80064 DEV: Set limits on custom fields
This patch sets some limits on custom fields:
- an entity can’t have more than 100 custom fields defined on it
- a custom field can’t hold a value greater than 10,000,000 characters

The current implementation of custom fields is relatively complex and
does an upsert in SQL at some point, thus preventing to simply add an
`ActiveRecord` validation on the custom field model without having to
rewrite a part of the existing logic.
That’s one of the reasons this patch is implementing validations in the
`HasCustomField` module adding them to the model including the module.
2023-06-13 11:47:21 +02:00
Jarek Radosz e6f8897450
DEV: Try to de-flake topic page specs (#22065) 2023-06-13 11:05:19 +02:00
Krzysztof Kotlarek 4270ab932a
FIX: change dismiss new button label (#22075)
Button which is opening modal to dismiss topics should be "Dismiss…"
2023-06-13 13:18:39 +10:00
Jarek Radosz 843287d584
DEV: Increase topic_page_spec wait time (#22063) 2023-06-12 15:16:08 +02:00
Jarek Radosz b7568ea4a5
FIX: TOC anchors in a subfolder setup (#21985)
Clicking on TOC heading anchors in a subfolder setup was breaking the current URL for users.

Other than the fix this change introduces the ability to test the subfolder setup in system specs.
2023-06-12 13:59:54 +02:00
Daniel Waterworth 0cec84206e
DEV: Fix interactions between tests via plugin svg sprite cache (#22047) 2023-06-09 13:53:21 -05:00
Jean b2aa411436
FEATURE: Add new site setting type for tag-group lists (#21993)
* FEATURE: Add new site setting type for tag-group lists
2023-06-09 11:02:55 -04:00
Selase Krakani b3bb3872cf
FIX: Make serialized watched word regex Javascript compatible (#22010)
This change ensures Javascript compatible regex is serialized instead of
the default ruby based one.
2023-06-09 10:22:41 +00:00
Juan David Martínez Cubillos e08f713668
DEV: Refactored and moved Edit Directory Column tests out of directory_columns_controller_spec (#22022) 2023-06-08 18:00:01 -05:00
Bianca Nenciu 3817e08b0f
DEV: Fix test (#22018) 2023-06-08 16:12:13 -05:00
Keegan George 39efa4c32a
DEV: Create posts from form templates (#21980) 2023-06-08 12:49:18 -07:00
Bianca Nenciu 4973f0ccde
UX: Remove 'Create Topics' notice (#21958)
We are looking at simplifying the new admin/user experience and the
many notices bring unnecessary complexity.
2023-06-08 22:30:26 +03:00
Selase Krakani c45eb8a618
FIX: Create new PM notifications for `watching_first_post` groups (#21997)
At the moment, PMs to groups with default notification level set to
`watching_first_post` do not generate "emailable" notifications. This happens
because, topic user notification level which is indirectly derived
from the group's default notification level is set to `tracking` if the
group's notification level happens to be `watching_first_post`.

This leads to a `group_message_summary` notification being created
instead of a `private_message` notification which results in no email
alerts being sent when a  topic is created.

As this `watching_first_post` --> `tracking` switcheroo appears to be
intentional instead being a bug, this change extends `PostAlerter`'s
`notify_pm_users` method to create a `private_message` notification for
first posts created in a `watching_first_post` group even if the topic
user notification level is set to `tracking`
2023-06-08 17:41:44 +00:00
Bianca Nenciu ab260e70be
FEATURE: Add Mailpace webhook (#21981)
Adds Mailpace (formerly known as ohmystmp) webhook

Co-authored-by: ruq <hosch@mailbox.org>
2023-06-08 20:06:20 +03:00
Alan Guo Xiang Tan 853bce2abc
UX: Allow users to filter categories in edit sidebar categories modal (#21996)
What does this change do?

This change is a continuation of
2191b879c6 and adds an input filter to the
edit sidebar categories modal which the user can use to filter through
the list of categories by the category's name.

Note that if a child category is being shown, all of its ancestors will
be shown even if the names of the ancestors do not match the given
filter. This is to ensure that we continue to display the hierarchy of a
child category even if the parent category does not match the filter.
2023-06-08 12:54:51 +08:00
Alan Guo Xiang Tan 2191b879c6
FEATURE: Support sub-subcategories in new edit sidebar categories modal (#21994)
Why does this commit do?

This commit adds support for sub-subcategories in the new edit sidebar
categories modal added in fc296b9a81. Note
that sub-subcategories are enabled when `max_category_nesting` is set to
`3`.
2023-06-08 10:15:01 +08:00
Juan David Martínez Cubillos 5fdd3bd28a
DEV: Implement staff logs for user columns edits (#21774)
* DEV: Implement staff logs for user columns edits

* deleted extra space in staff logger detail string, deleted string when no changes are made, added basic test coverage for EditDirectoryColumnsController

* fixed change made to #self.staff_actions un UserHistory

* implemented a method that builds the details, previous_values and new_values in a dynamic way

* removed details of changes

* refactored small merge
2023-06-07 17:19:58 -05:00
Bianca Nenciu 10ee92656c
FIX: Send TL2 promotion message to correct user (#21978)
Usually, when a user is promoted to TL2 two messages are sent. The
first one is a system message 'tl2_promotion_message' which triggers a
'system_message_sent' Discourse event.

When the event is fired and if Discourse Narrative Bot is enabled, then
a second message is sent to the recipient of the first message. The
recipients was determined by looking at the list of users that can
access that topic and pick the last one. This method does not work if
'site_contact_group_name' site setting is set because it adds the group
in the list of recipients.

A solution to this problem would have been to select the last user in
the list of 'topic_allowed_users', but an even better solution is to
pass the name of the recipients when the 'system_message_sent'
Discourse event is fired.
2023-06-07 22:51:24 +03:00
Alan Guo Xiang Tan fc296b9a81
UX: First pass at edit categories navigation modal for sidebar (#21963)
What this change?

We are currently not fully satisfied with the current way to edit the
categories and tags that appears in the sidebar where the user is
redirected to the tracking preferences tab in the user's profile causing
the user to lose context of the current page. In addition, the dropdown
to select categories or tags limits the amount of information we can
display.

Since editing or adding a custom categories section is already using a
modal, we have decided to switch editing the categories and tags that
appear in the sidebar to use a modal as well.

This commit ships a first pass of the edit categories modal such that we
can keep the commit small and reviewable. The incomplete nature of the
feature is also reflected in the fact that the feature is hidden behind
a new `new_edit_sidebar_categories_tags_interface_groups` site setting.
2023-06-07 12:09:30 +08:00
Alan Guo Xiang Tan 41f8bff2c3
DEV: Remove superfluous `js: true` metadata (#21960)
Why this change?

It is very unlikely that we need to ever JS for system tests considering
that we rely on a JS framework on the frontend.
2023-06-07 09:26:58 +08:00
Martin Brennan 69eecf92d0
FIX: Use a default hashtag icon color for user with no permission (#21825)
One user can create a post or chat message with a hashtag they
have permission to use, but then when other users look at that
post they will see an empty space next to the hashtag because they
do not have the permission to load the colors in CSS classes for
the related category.

This fixes the issue by adding a default color with a special
CSS class if the user doesn't have permission to see the linked
channel/category on the hashtag.
2023-06-07 10:15:39 +10:00
Krzysztof Kotlarek af74cf5c77
FEATURE: new dismiss button for combined new and unread view (#21817)
Display modal for combined new and unread view with options:
- [x] Dismiss new topics
- [x] Dismiss new posts
- [ ] Stop tracking these topics so they stop appearing in my new list
2023-06-07 10:06:57 +10:00
Bianca Nenciu 8e8f733c94
UX: Remove title and description block if blank (#21861)
If the description is empty then it does not make sense to keep the
quote block that contains just the title.
2023-06-06 22:13:28 +03:00
Alan Guo Xiang Tan 7ef2eaa892
DEV: Fix system test assertion to avoid stale element reference error (#21944)
What is this change required?

We were seeing this error on CI

```
  1) Fast edit when editing text that has strange characters saves when paragraph contains apostrophe
     Failure/Error:
       expect(find("#{topic_page.post_by_number_selector(2)} .cooked p")).to have_content(
         "It ‘twas a great’ “day”!",
       )

     Selenium::WebDriver::Error::StaleElementReferenceError:
       stale element reference: stale element not found
         (Session info: chrome=114.0.5735.90)
```

I believe this is because the element that is "found" using `find` is
eventually re-rendered before the `have_content` matcher is called on
it.
2023-06-06 15:43:49 +08:00
Alan Guo Xiang Tan 5af2f4b888
DEV: Skip flaky network disconnected test (#21945)
Follow up to c574d7c555. Skipping the
entire file because both tests are flaky.
2023-06-06 15:39:18 +08:00
Matt Palmer a98d2a8086
FEATURE: allow S3 ACLs to be disabled (#21769)
AWS recommends running buckets without ACLs, and to use resource policies to manage access control instead.
This is not a bad idea, because S3 ACLs are whack, and while resource policies are also whack, they're a more constrained form of whack.
Further, some compliance regimes get antsy if you don't go with the vendor's recommended settings, and arguing that you need to enable ACLs on a bucket just to store images in there is more hassle than it's worth.
The new site setting (s3_use_acls) cannot be disabled when secure
uploads is enabled -- the latter relies on private ACLs for security
at this point in time. We may want to reexamine this in future.
2023-06-06 15:47:40 +10:00
Natalie Tay d2ef490e9a
FIX: Hide delete button to invite as user are unable to delete anyway (#21884)
Moderators are not allowed to delete invites that don't belong to them
2023-06-06 12:24:19 +08:00
Alan Guo Xiang Tan c574d7c555
DEV: Skip flaky system test (#21941)
Failure message on CI

```
Failures:

  1) Network Disconnected Doesn't show the offline indicator when the site setting isn't present
     Failure/Error: expect(page).to have_css("html.message-bus-offline")
       expected to find css "html.message-bus-offline" but there were no matches

     [Screenshot Image]: /__w/discourse/discourse/tmp/capybara/failures_r_spec_example_groups_network_disconnected_doesn_t_show_the_offline_indicator_when_the_site_setting_isn_t_present_764.png

     ~~~~~~~ JS LOGS ~~~~~~~
     http://localhost:31338/uploads/default/test_0/optimized/1X/_129430568242d1b7f853bb13ebea28b3f6af4e7_2_512x512.png - Failed to load resource: net::ERR_INTERNET_DISCONNECTED
     http://localhost:31338/categories - Error while trying to use the following icon from the Manifest: http://localhost:31338/uploads/default/test_0/optimized/1X/_129430568242d1b7f853bb13ebea28b3f6af4e7_2_512x512.png (Download error or resource isn't a valid image)
     ~~~~~ END JS LOGS ~~~~~

     # ./spec/system/network_disconnected_spec.rb:35:in `block (3 levels) in <main>'
     # ./spec/system/network_disconnected_spec.rb:8:in `with_network_disconnected'
     # ./spec/system/network_disconnected_spec.rb:34:in `block (2 levels) in <main>'
     # ./spec/rails_helper.rb:380:in `block (3 levels) in <top (required)>'
     # ./spec/rails_helper.rb:380:in `block (2 levels) in <top (required)>'
     # ./spec/rails_helper.rb:372:in `block (3 levels) in <top (required)>'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:189:in `block in timeout'
     # ./vendor/bundle/ruby/3.2.0/gems/timeout-0.3.2/lib/timeout.rb:196:in `timeout'
     # ./spec/rails_helper.rb:367:in `block (2 levels) in <top (required)>'
     # ./spec/rails_helper.rb:356:in `block (2 levels) in <top (required)>'
     # ./vendor/bundle/ruby/3.2.0/gems/webmock-3.18.1/lib/webmock/rspec.rb:37:in `block (2 levels) in <top (required)>'
```
2023-06-06 08:50:32 +08:00
Selase Krakani f462347e12
DEV: `PostRevisor` helper methods to track topic title and raw revisions (#21918)
Not all revisions involve changes to the actual post/topic content. We
may want to know if a revisions includes the topic title or post raw.

Specifically introducing these for use in the Akismet plugin to
conditionally queue checks.
2023-06-05 18:02:46 +00:00
Mark VanLandingham 3bfc6805ce
FEATURE: Offline indicator (#21369) 2023-06-05 11:08:04 -05:00
Blake Erickson 704a792f18
FEATURE: Add API Scope for latest posts (#21913)
Adds api scopes for

- `/posts.json`
- `/posts.rss`
- `/private-posts.json`
- `/private-posts.rss`
2023-06-05 09:04:34 -06:00