Commit Graph

26927 Commits

Author SHA1 Message Date
Jarek Radosz 5d00f7bc0a
FIX: Show footer at the end of topic list (#16519)
Previously it wouldn't show up after all items were loaded.
2022-04-20 15:53:06 +02:00
Bianca Nenciu f3ef69e27d
FIX: Add missing translations for medium format (#16517)
Commit 68497bddf2 implemented a function
to format durations in a medium format, similar to how durationTiny did.
The existent translation strings do not cover all cases and this commit
adds the missing translation strings.
2022-04-20 14:49:08 +03:00
Isaac Janzen 900fcb9da0 Add a test for topic timer notice 2022-04-20 15:29:59 +08:00
Joffrey JAFFEUX e6e0c76c94
DEV: adds an above-user-summary-stats outlet (#16426) 2022-04-20 08:48:01 +02:00
Kris 5a76a3669b
A11Y: fix WCAG contrast for notification header (#16507) 2022-04-19 18:20:50 -04:00
Rafael dos Santos Silva 9d5241d347
FEATURE: Block indexing the embed topic list (#16495)
This adds a robots tag header to disallow indexing the topic list that
powers our embed topic list feature. It also uses a new tag that allows
the content to be indexed in the parent page.

See https://developers.google.com/search/blog/2022/01/robots-meta-tag-indexifembedded

https://meta.discourse.org/t/-/125911/127
2022-04-19 18:24:38 -03:00
Isaac Janzen 39cb9f105f
Wait to display notice on topic timer (#16509) 2022-04-19 13:41:18 -05:00
Bianca Nenciu 68497bddf2
UX: Add title to read time stats from user page (#16501)
The title attributes were added to explain the difference between "read
time" and "recent read time" stats from user summary page.
2022-04-19 20:48:08 +03:00
Daniel Waterworth f55edd54fd
FIX: Don't allow DiscourseConnect logins in readonly mode (#16508) 2022-04-19 12:33:31 -05:00
Joe e0c663c20d
UX: Improves select-kit body placement when vertical space is short (#16504)
1. When the select-kit body is rendered, it defaults to being displayed under the triggering select-kit header, unless...

    there isn't enough space between the bottom of the select-kit header and the bottom of the viewport 
    & 
    there's enough space on top of the select-kit header, and in that case, we render it on top.

2. We give it a bit of padding on top, so it never renders below the header on the Z-axis. 

14778ba52e/app/assets/javascripts/select-kit/addon/components/select-kit.js (L877-L884)

3. If there isn't enough space between the bottom of the viewport and the bottom of the select-kit header, and there isn't enough space between its top and the bottom of `d-header`, it renders at the bottom of the select-kit header.

In theory, number 3 above rarely ever happens. However, it can occur in the case of the user preferences page in combination with a large select-kit body (many categories).

The select-kit body then renders below the trigging select-kit header, but it's cut off. Users won't be able to see the entire select-kit body. 

Here's an example 

a719734d92.mp4

This PR adds a "prevent overflow" modifier to Popper. What it does is that it handles the case above.

If there's not enough space below the select-kit header or above it, render the select-kit body below the select-kit header BUT... anchor it to the bottom of the viewport. 

Here's what that looks like

32cd1639bb.mp4

After this fix, even very large select-kit bodies will always be on the screen. 

Please note that this PR has no impact on either number 1 or number 2 above, and those will continue to function as they currently do. 

The only downside here is that the select-kit body might cover the select-kit header if it needs to be anchored at the bottom of the viewport, and it's very large. However, between that and not being able to see all the options, I think it's a fair compromise. There's only so much space in the viewport. 

This PR ignores mobile because we have a different placement strategy. We use `position: absolute`... so, users can scroll the viewport if needed.
2022-04-19 21:13:54 +08:00
Joffrey JAFFEUX 54812992ae
REFACTOR: badge-button (#16500)
- drops jquery
- uses native class syntax
- tagless
- tests
- removes unnecessary alias
2022-04-19 15:01:28 +02:00
Joffrey JAFFEUX 01727da9b0
REFACTOR: admin-user-field-item (#16499)
- drops jquery
- removes a deprecation caused by overriding a computed property (isEditing)
- adds basic tests
- drops observers
- uses @action
- tagless
2022-04-19 13:31:43 +02:00
David Taylor 137e06a316
FIX: Ensure 'crop' always returns requested dimensions (#16437)
Previously, 'crop' would resize the image to have the requested width, then crop the height to the requested value. This works when cropping images vertically, but not when cropping them horizontally.

For example, trying to crop a 500x500 image to 200x500 was actually resulting in a 200x200 image. Having an OptimizedImage with width/height columns mismatching the actual OptimizedImage width/height causes some unusual issues.

This commit ensures that a call to `OptimizedImage.crop(from, to, width, height)` will always return an image of the requested width/height. The `w x h^` syntax defines minimum width/height, while maintaining aspect ratio.
2022-04-19 11:21:24 +01:00
Martin Brennan c6c633e041
FIX: Issues with incorrect unread and private message topic tracking state (#16474)
This commit fixes two issues at play. The first was introduced
in f6c852b (or maybe not introduced
but rather revealed). When a user posted a new message in a topic,
they received the unread topic tracking state MessageBus message,
and the Unread (X) indicator was incremented by one, because with the
aforementioned perf commit we "guess" the correct last read post
for the user, because we no longer calculate individual users' read
status there. This meant that every time a user posted in a topic
they tracked, the unread indicator was incremented. To get around
this, we can just exclude the user who created the post from the
target users of the unread state message.

The second issue was related to the private message topic tracking
state, and was somewhat similar. Whenever a user created a new private
message, the New (X) indicator was incremented, and could not be
cleared until the page was refreshed. To solve this, we just don't
update the topic state for the user when the new_topic tracking state
message comes through if the user who created the topic is the
same as the current user.

cf. https://meta.discourse.org/t/bottom-of-topic-shows-there-is-1-unread-remaining-when-there-are-actually-0-unread-topics-remaining/220817
2022-04-19 11:37:01 +10:00
Mark VanLandingham 1e8a666003
DEV: Accept `force_respect_seen_recently` argument in UserEmail job (#16460) 2022-04-18 13:32:11 -05:00
Natalie Tay 34fba417f1
FIX: Show dismiss all modal in user-notifications page (#16491)
Earlier on when https://github.com/discourse/discourse/pull/14935 was implemented, the "Dismiss all" button in /user-notifications was not catered for. Now, it is!
2022-04-18 22:32:39 +08:00
Kris 6b4f4e5387
UX: minor email group chooser alignment fix (#16487) 2022-04-18 09:39:27 -04:00
Kris 8f7f6280cb
UX: minor adjustment to login/signup close position (#16488) 2022-04-18 09:38:39 -04:00
Bianca Nenciu 234cf65e39
FIX: Do not show visibility topic if visible (#16478)
It used to show the warning that said only members of certain groups
could view the topic even if the group "everyone" was listed in
category's permission list.
2022-04-18 11:16:30 +03:00
Kris c81d4597a7
UX: improve small action button alignment (#16486) 2022-04-15 11:43:32 -04:00
Isaac Janzen 10a4bbfa72
update email dark mode styles (#16484)
Update dark mode styles for:

- secure media
- code blocks (they were too dark and had bad contrast)
2022-04-14 15:08:09 -05:00
Jordan Vidrine 2f3b518920
DEV: Add index to each helper for access within topic-list-items (#16483) 2022-04-14 14:24:07 -05:00
Penar Musaraj e164ff3085
FIX: Email styles for Gmail app dark mode (#16482) 2022-04-14 15:03:06 -04:00
Gerhard Schlager b7230d14a3 REFACTOR: Add `full_url` to `Group`
Lets stop writing the same code over and over again.
2022-04-14 11:53:57 +02:00
Gerhard Schlager b3cda195b8 REFACTOR: Add `full_url` and `display_name` to `User`
Lets stop writing the same code over and over again.
2022-04-14 11:53:57 +02:00
Penar Musaraj 650adbe423
FIX: Href attribute for post-date link (#16471)
This updates the fix in commit eb70ea4.

Co-authored-by: Osama Sayegh <asooomaasoooma90@gmail.com>
Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2022-04-13 23:09:39 -04:00
Kris f2468f1093
Revert: UX: Make full topic row clickable on mobile (#16440) (#16472) 2022-04-13 18:35:47 -04:00
Kris 0ff66b3b74
UX: minor mobile topic list alignment adjustments (#16470)
* UX: minor mobile topic list alignment adjustments

* use margin, not padding
2022-04-13 15:47:18 -04:00
Bianca Nenciu eb70ea4478
FIX: Add href to post-date link element (#16469)
The href was removed in commit 08a1f41582,
but it was useful to quick copy the URL to the post.
2022-04-13 18:41:06 +03:00
Vinoth Kannan c863244382
FEATURE: add `user_suspended` attribute in post serialize. (#16413)
This PR will include `suspended` attribute in post serializer to check it in post widget and add a CSS class name.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2022-04-13 19:58:09 +05:30
David Taylor 01107e418e
DEV: Update to Sprockets 4.0 (#16467)
The main difference is that Sprockets 4.0 no longer tries to compile everything by default. This is good for us, because we can remove all our custom 'exclusion' logic which was working around the old sprockets 3.0 behavior.

The other big change is that lambdas can no longer be added to the `config.assets.precompile` array. Instead, we can do the necessary globs ourselves, and add the desired files manually.

A small patch is required to make ember-rails compatible. Since we plan to remove this dependency in the near future, I do not intend to upstream this change.

I have compared the `bin/rake assets:precompile` output before and after this change, and verified that all files are present.
2022-04-13 15:03:50 +01:00
Joffrey JAFFEUX 3e0c8d48e9
FIX: prevents error with emoji autocomplete (#16465)
The error would happen when emoji_autocomplete_min_chars site setting is set to anything superior to 0, in this case until we reach the min chars length, emojiSearch would return "skip" and the code was currently expecting an array.
2022-04-13 15:32:24 +02:00
Osama Sayegh eb5a3cfded
FEATURE: Add 2FA support to the Discourse Connect Provider protocol (#16386)
Discourse has the Discourse Connect Provider protocol that makes it possible to
use a Discourse instance as an identity provider for external sites. As a
natural extension to this protocol, this PR adds a new feature that makes it
possible to use Discourse as a 2FA provider as well as an identity provider.

The rationale for this change is that it's very difficult to implement 2FA
support in a website and if you have multiple websites that need to have 2FA,
it's unrealistic to build and maintain a separate 2FA implementation for each
one. But with this change, you can piggyback on Discourse to take care of all
the 2FA details for you for as many sites as you wish.

To use Discourse as a 2FA provider, you'll need to follow this guide:
https://meta.discourse.org/t/-/32974. It walks you through what you need to
implement on your end/site and how to configure your Discourse instance. Once
you're done, there is only one additional thing you need to do which is to
include `require_2fa=true` in the payload that you send to Discourse.

When Discourse sees `require_2fa=true`, it'll prompt the user to confirm their
2FA using whatever methods they've enabled (TOTP or security keys), and once
they confirm they'll be redirected back to the return URL you've configured and
the payload will contain `confirmed_2fa=true`. If the user has no 2FA methods
enabled however, the payload will not contain `confirmed_2fa`, but it will
contain `no_2fa_methods=true`.

You'll need to be careful to re-run all the security checks and ensure the user
can still access the resource on your site after they return from Discourse.
This is very important because there's nothing that guarantees the user that
will come back from Discourse after they confirm 2FA is the same user that
you've redirected to Discourse.

Internal ticket: t62183.
2022-04-13 15:04:09 +03:00
David Taylor 78f7e8fe2f
Revert "DEV: Update to Sprockets 4.0 (#16459)" (#16466)
This reverts commit ec7efbde1a.

This is causing problems in non-ember-cli environments. Reverting for now.
2022-04-13 11:04:13 +01:00
David Taylor ec7efbde1a
DEV: Update to Sprockets 4.0 (#16459)
The main difference is that Sprockets 4.0 no longer tries to compile everything by default. This is good for us, because we can remove all our custom 'exclusion' logic which was working around the old sprockets 3.0 behavior.

The other big change is that lambdas can no longer be added to the `config.assets.precompile` array. Instead, we can do the necessary globs ourselves, and add the desired files manually.

A small patch is required to make ember-rails compatible. Since we plan to remove this dependency in the near future, I do not intend to upstream this change.

I have compared the `bin/rake assets:precompile` output before and after this change, and verified that all files are present.
2022-04-13 10:21:59 +01:00
Alan Guo Xiang Tan 6fc52d95de DEV: Remove scoped order warning in PostDestroyer.
`Scoped order is ignored, it's forced to be batch order.`

`find_each` ignores the `order` scope and triggers a warning in
production which is noisy.

Follow-up to 7a284164ce
2022-04-13 09:34:36 +08:00
awesomerobot a47efcd6ec DEV: user-preference-page class on solo-perference 2022-04-13 09:32:58 +08:00
Isaac Janzen 5f9c98dfc1
FIX: update dark mode emails styles (#16461)
- divider sometimes is too bright
- lists have dark text on dark copy
- border around the “secure media” message is bright
2022-04-12 13:13:34 -05:00
Bianca Nenciu 86c7e07428
FEATURE: Improve screened IPs roll up and extend for IPv6 (#15585)
This commit improves the logic for rolling up IPv4 screened IP
addresses and extending it for IPv6. IPv4 addresses will roll up only
up to /24. IPv6 can rollup to /48 at most. The log message that is
generated contains the list of original IPs and new subnet.
2022-04-12 21:07:37 +03:00
Penar Musaraj 0bef5af582
DEV: Cleanup `body.scrollTop` usage (#16445)
All current browser treat the HTML document (not the body element) as
the scrollable document element. Hence in all current browsers,
`document.body.scrollTop` returns 0. This commit removes all usage of
this property, because it is effectively 0.

Co-authored-by: David Taylor <david@taylorhq.com>
2022-04-12 13:23:57 -04:00
Kris 0e88cffaf4
UX: Make full topic row clickable on mobile (#16440) 2022-04-12 09:44:20 -04:00
Roman Rizzi 6f76a12e0a
FEATURE: Let sites add a sitemap.xml file. (#16357)
* FEATURE: Let sites add a sitemap.xml file.

This PR adds the same features discourse-sitemap provides to core. Sitemaps are only added to the robots.txt file if the `enable_sitemap` setting is enabled and `login_required` disabled.

After merging discourse/discourse-sitemap#34, this change will take priority over the sitemap plugin because it will disable itself. We're also using the same sitemaps table, so our migration won't try to create it
again using `if_not_exists: true`.
2022-04-12 10:33:59 -03:00
David Taylor 9c33f6de05
FIX: Ensure allowed_tags and allowed_tag_groups can be removed (#16454) 2022-04-12 11:14:29 +01:00
Martin Brennan 9f2138dc92
FEATURE: Add a sidekiq job for syncing S3 ACLs (#16449)
Sometimes we need to update a _lot_ of ACLs on S3 (such as when secure media
is enabled), and since it takes ~1s per upload to update the ACL, this is
best spread out over many jobs instead of having to do the whole thing serially.

In future, it will be better to have a job that can be run based on
a column on uploads (e.g. acl_stale) so we can track progress, similar
to how we can set the baked_version to nil to rebake posts.
2022-04-12 14:26:42 +10:00
Blake Erickson 4c0a9fd4c3
FIX: Email logs not finding attached incoming email (#16446) 2022-04-11 21:22:15 -06:00
awesomerobot 264c8f5fd7 Improve docked progress position on mobile 2022-04-12 09:09:59 +08:00
awesomerobot be4699fc28 add classes to danger buttons on user admin 2022-04-12 09:09:04 +08:00
awesomerobot c4ec2049ac UX: add margin to security key button 2022-04-12 09:08:52 +08:00
Isaac Janzen 9de61f37a0
remove avatars next to 'read more' in summary email (#16439) 2022-04-11 14:07:37 -05:00
Jordan Vidrine 09ee9a6be6
UX: Less specific styling for Auth logins (#16393) 2022-04-11 12:33:09 -05:00
Isaac Janzen 6c0abe15e0
FEATURE: Add email dark mode (#16104)
implement dark mode emails when `SiteSetting.dark_mode_emails_active` is active.
2022-04-11 12:27:50 -05:00
Keegan George 0a653179a5
FEATURE: Sortable json-editor items (#16403) 2022-04-11 13:24:14 -04:00
David Taylor 7b1686ad7d
FIX: Ensure category_required_tag_groups are destroyed with tag_groups (#16433) 2022-04-11 13:28:06 +01:00
Martin Brennan cecdef83a8
FIX: Fall back to clipboard.writeText if ClipboardItem not supported (#16419)
Firefox does not support window.ClipboardItem yet (it is behind
a flag (dom.events.asyncClipboard.clipboardItem) as at version 87.)
so we need to fall back to the normal non-async clipboard copy, that
works in every browser except Safari.

This commit also tests the clipboardCopyAsync function by stubbing out
the clipboard on the window.navigator.

This fixes an issue in the discourse-chat plugin, where the
"Quote in Topic" button errored in Firefox.
2022-04-11 13:00:45 +10:00
Alan Guo Xiang Tan f26d07c1ad DEV: Add pretender endpoint for category visible groups.
This was causing our build to become flaky.
2022-04-11 10:34:18 +08:00
Martin Brennan 6d2441041b
DEV: Minor in-progress-uploads refactor (#16430)
These calls were missed in ac672cfcc6
2022-04-11 11:50:06 +10:00
Penar Musaraj cd02ea07fc
FIX: Buggy topic scrolling on iOS 12 (#16422) 2022-04-09 09:44:36 -04:00
Alan Guo Xiang Tan 0f7b9878ff SECURITY: Category group permissions leaked to normal users.
After this commit, category group permissions can only be seen by users
that are allowed to manage a category. In the past, we inadvertently
included a category's group permissions settings in `CategoriesController#show`
and `CategoriesController#find_by_slug` endpoints for normal users when
those settings are only a concern to users that can manage a category.
2022-04-08 13:46:20 +08:00
Bianca Nenciu 07d8189edd FIX: Serialize permissions for everyone group
The permissions for the 'everyone' group were not serialized because
the list of groups a user can view did not include it. This bug was
introduced in commit dfaf9831f7.
2022-04-08 09:25:29 +08:00
Alan Guo Xiang Tan 499793cbbc DEV: Remove comment that doesn't make any sense. 2022-04-08 09:21:45 +08:00
David Taylor fdd4c91847 UX: Apply crawler styling to `<noscript>` content 2022-04-07 15:27:06 +01:00
David Taylor 683b172104 UX: Make header/footer HTML consistent for crawler and noscript
These were originally very similar, but have diverged over time. This makes it very difficult to manage styling.

This commit moves the noscript header and footer into partials so they can be reused in both the crawler view and the `<noscript>` view. It also makes browser-update render the noscript content **instead of** the `<section id='main'>`, rather than adding adding the noscript inside the `<section>`. This provides better parity with the server-rendered crawler view.
2022-04-07 15:27:06 +01:00
David Taylor 230e220710 UX: Make crawler view usable under different color schemes
- Ensure the set of rendered `<link rel=stylesheet>` tags is consistent
- Add var() references for all crawler-view styles. Basic color definitions are defined first, as a fallback for super old browsers
2022-04-07 15:27:06 +01:00
David Taylor e16f8a5ee6 FIX: Ensure legacy browser handling uses full <noscript> content
If the noscript tag contains a lot of data, browsers seem to split it across multiple `text` nodes, so we need to concatenate them.
2022-04-07 15:27:06 +01:00
David Taylor e22acaa565
DEV: Fix flaky `tags-test` (#16410)
The test was dependent on a translation string. Under certain seeds, the translation string for `{{category-drop}}`'s `noCategoriesLabel` is broken. This is because the value is calculated the first time a `{{category-drop}}` is rendered during the suite. If that first time happens to be during a test which is messing with `I18n.translations`, then it will cache a broken value. Maybe this should be fixed in a future commit... but for now moving to `data-value` will make the `tags-test` more robust and will stop the flakiness.
2022-04-07 14:39:52 +01:00
Vinoth Kannan eb628b0747
FIX: hide user notifications tab for moderator users. (#16406)
Moderators don't have access to notifications of other users. So we shouldn't display the notifications tab on other user profiles for them.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2022-04-07 14:37:37 +05:30
Martin Brennan 41fb4a3ca0
FIX: uppy-image-uploader and uppy-upload mixin minor issues (#16405)
Follow up to ac672cf. Fixes a
small issue with uppy-image-uploader where the Processing label
was shown for the whole upload. Also adds a couple of options to
pick-files-button to allow for it to be used in the uppy-image-uploader.

Also fixes an issue where the uppy-upload mixin was resetting prematurely
when all uploads in progress were complete, but it should have been doing
that on the uppy complete event instead.
2022-04-07 15:36:21 +10:00
Martin Brennan ac672cfcc6
DEV: Improvements to UppyUploadMixin to use ExtendableUploader (#16383)
This PR brings the `UppyUploadMixin` more into line with the `ComposerUppyUpload` mixin, by extending the `ExtendableUploader` . This also adds better tracking of and events for in progress uploads in the `UppyUploadMixin` for better UI interactions, and also opens up the use of `_useUploadPlugin` for the mixin, so anything implementing `UppyUploadMixin` can add extra uppy preprocessor plugins as needed.

This has been done as part of work on extracting uploads out of the chat composer. In future, we might be able to do the same for `ComposerUppyUpload`, getting rid of that mixin to standardise on `UppyUploadMixin` and have a separate `composer-uploads` component that lives alongside `composer-editor` like what we are doing in https://github.com/discourse/discourse-chat/pull/764
2022-04-07 12:59:06 +10:00
Kris 26b752dc24
DEV: pass user to badge page outlet (#16395) 2022-04-06 22:04:22 -04:00
Sam d4e4f32f35
Revert "UX: Inline code block edit (#16394)" (#16404)
This reverts commit 11abb50cf7.

Styling change is still under discussion
2022-04-07 09:21:23 +10:00
OsamaSayegh 2f7a307237 FIX: Prevent duplicates in API scope allowed URLs
It's possible in Rails to map a single route to multiple controller
actions with different constraints. We do this in at least 1 place in
our application for the root route (/) to make it possible to change the
page that root route displays.

This means that if you get the list of routes of your application,
you'll get the same route for each time the route is defined. And if
there's an API scope for 2 (or more) controller actions that map to the
same route, the route will be listed twice in the Allowed URLs list of
the scope.

To prevent this, this PR adds the allowed URLs in a set so that
duplicate routes are automatically removed.
2022-04-07 02:09:11 +03:00
OsamaSayegh 5eaf4b8553 FIX: Include routes in an API scope's allowed URLs even if they have no format constraints
The Allowed URLs list of an API scope only includes routes that
constraint the format for the route to JSON. However, some routes define
no format constraints, but that doesn't mean they can't be used by an
API key.

This commit amends the logic for the Allowed URLs list so that it
includes routes that have no format constraints or the format
constraints include JSON.
2022-04-07 02:09:11 +03:00
Sam cedcdb0057
FEATURE: allow for local theme js assets (#16374)
Due to default CSP web workers instantiated from CDN based assets are still
treated as "same-origin" meaning that we had no way of safely instansiating
a web worker from a theme.

This limits the theme system and adds the arbitrary restriction that WASM
based components can not be safely used.

To resolve this limitation all js assets in about.json are also cached on
local domain.

{
  "name": "Header Icons",
  "assets" : {
    "worker" : "assets/worker.js"
  }
}

This can then be referenced in JS via:

settings.theme_uploads_local.worker

local_js_assets are unconditionally served from the site directly and
bypass the entire CDN, using the pre-existing JavascriptCache

Previous to this change this code was completely dormant on sites which
used s3 based uploads, this reuses the very well tested and cached asset
system on s3 based sites.

Note, when creating local_js_assets it is highly recommended to keep the
assets lean and keep all the heavy working in CDN based assets. For example
wasm files can still live on the CDN but the lean worker that loads it can
live on local.

This change unlocks wasm in theme components, so wasm is now also allowed
in `theme_authorized_extensions`

* more usages of upload.content

* add a specific test for upload.content

* Adjust logic to ensure that after upgrades we still get a cached local js
on save
2022-04-07 07:58:10 +10:00
David Taylor ef2e4f7ee0
DEV: Improve `ember test` (testem) output (#16401)
- Repeat failure output at end (similar to rspec)
- When running in GitHub actions, set a workflow error message
2022-04-06 22:57:52 +01:00
Jarek Radosz 8e809149d2
DEV: Fix "overridden" typos (#16399)
There are still some, but those are in actual code that's used outside core, so the change there would need to go through the deprecation cycle. That's a task for another day.
2022-04-06 23:17:20 +02:00
Jarek Radosz 77fed8dfc3
DEV: Update xss.js package (#16398) 2022-04-06 22:49:13 +02:00
Jarek Radosz 06d4445ab0
DEV: Remove deprecated pretty-text functions/file (#16397)
Nothing in all-the* uses those anymore
2022-04-06 22:48:50 +02:00
Jordan Vidrine 11abb50cf7
UX: Inline code block edit (#16394) 2022-04-06 15:16:19 -05:00
Penar Musaraj df10a27067
FIX: Exclude automatic anchors from search index (#16396) 2022-04-06 16:06:45 -04:00
Daniel Waterworth 6e9a068e44
FIX: Limit max word length in search index (#16380)
Long words bloat the index for little benefit.
2022-04-06 12:23:30 -05:00
Rafael dos Santos Silva 1203121ac1
PERF: Throttle updates to API key last_used_at (#16390)
Co-authored-by: David Taylor <david@taylorhq.com>
2022-04-06 11:01:52 -03:00
David Taylor 68c74e9b93
FEATURE: Allow multiple required tag groups for a category (#16381)
Previously we only supported a single 'required tag group' for a category. This commit allows admins to specify multiple required tag groups, each with their own minimum tag count.

A new category_required_tag_groups database table replaces the existing columns on the categories table. Data is automatically migrated.
2022-04-06 14:08:06 +01:00
Joffrey JAFFEUX 8f03baaf8e
DEV: optionally removes links/avatars from user-info (#16388)
Usage:

```
{{user-info user=user includeLink=false includeAvatar=false}}
```

This is useful when using user-info in a dropdown list for example.
2022-04-06 14:07:38 +02:00
Sam 254f48e568
FIX: include crawler content on old mobile browsers (#16387)
Previous to this change an optimisation stripped crawler content from
all mobile browsers.

This had a side effect that meant that when we dropped support for an old
mobile platform we would stop rendering topic and topic list pages.

The new implementation ensures we only perform the optimisation on modern
mobile browsers.
2022-04-06 11:09:12 +01:00
Loïc Guitaut 357011eb3b DEV: Clean up freedom patches
This patch removes some of our freedom patches that have been deprecated
for some time now.
Some of them have been updated so we’re not shipping code based on an
old version of Rails.
2022-04-06 10:07:14 +02:00
Martin Brennan bf3260faea
DEV: Use pick-files-button in composer-editor and clean up (#16375)
A while ago in 27b97e4 the
pick-files-input was added but only used once for data-explorer. This commit uses it
for the composer-editor, and cleans it up to be usable either via uppy
handling the uploads or with this component handling the uploads.

This can then be used in other places in the app and also for plugins.
2022-04-06 12:48:13 +10:00
Sam 1598e6b489
FIX: users watching tags in open tag groups not notified (#16384)
All users are members of the EVERYONE group, but this group is special and
is omitted from the group_users table. When checking permission we need to
make sure we also add a bypass.

This also fixes a very buggy test in post_alerter, it was confirming the
broken behavior due to fabricator flow.

When it defined the tag group the everyone group automatically had full access
then the additional permission fabricated just added one more group. After
fix was made to code the test started failing. Fabricators can be risky.
2022-04-06 11:43:57 +10:00
Kris 4021feec63
UX: Update crawler view styles to be more readable (#16361)
* UX: Update crawler view styles to be more readable

* minor small screen fixes

* prettier
2022-04-06 08:47:19 +10:00
Jarek Radosz 14778ba52e
DEV: Fix select-kit deprecations (#15080) 2022-04-05 19:01:09 +02:00
Andrei Prigorshnev 8a9c644021
FIX: no need to hide "Later This Week" when showing "Later Today" (#16365) 2022-04-05 16:49:05 +04:00
David Taylor 7edc941843
FIX: Ensure images do not change height when loading is complete (#16368)
Browsers automatically calculate an aspect ratio based on the width/height attributes of an `<img`. HOWEVER that aspect ratio only applies while the image is loading. Once loaded, it'll use the image's actual dimensions. This can cause things to jump around after loading. For example:
 - if a user deliberately inserts false width/height
 - the image fails to load (404)
 - an optimised image is a few pixels different, due to a rounding when resizing

This decorator explicitly sets the `aspect-ratio` property so that things are consistent throughout the lifetime of all `<img` elements.
2022-04-05 13:43:17 +01:00
Dan Ungureanu 7179fbab77
UX: Require a password for invited users (#16291)
Invited users were allowed to accept invites without entering a
password. When this happened, instead of receiving an activation email,
they received a password reset email. Basically, a user could postpone
choosing a password until after registration.

Unfortunately, this led to a confusing user experience and this commit
attempts to fix that by making the client require a password. There is
a single case when users do not need to input a password: when they sign
up using an external authenticator and password field is completely
hidden. In this case, the third party handles the password logic.

Technically, invites can still be redeemed without a password, but that
functionality was kept to preserve backwards compatibility.
2022-04-05 14:57:15 +03:00
Dan Ungureanu e90815a429
FIX: Redirect user to topic they were invited to (#16298)
This did not work properly everytime because the destination URL was
saved in a cookie and that can be lost for various reasons. This commit
redirects the user to invited topic if it exists.
2022-04-05 14:57:00 +03:00
Alan Guo Xiang Tan 080164a66e DEV: Use settled ember test helper instead of attempting to rerender. 2022-04-05 18:42:02 +08:00
David Taylor 39ac476db6 FIX: Do not attempt to pull_hotlinked_image for raw_html
raw_html posts (i.e. those which are pulled as part of our comments integration) don't go through our markdown pipeline, so `upload://` URLs are not supported. Running pull_hotlinked_images will break any images in the post.

In future we may add support for pulling hotlinked images in these posts. But for now, disabling it will stop it breaking images.
2022-04-05 16:39:38 +08:00
Martin Brennan b982992ef7
FIX: Auto-generated emails causing group SMTP email storm (#16372)
When emailing a group inbox and including other support-type
emails (or even just regular ones with autoresponders) in the
CC field, each automated reply to the group inbox triggered
more emails to be sent out to all CC addresses to notify them
of the new reply, which in turn caused more automated emails
to be sent to the group inbox.

This commit fixes the issue by preventing any emails being sent
by the PostAlerter when the new post has an incoming email record
which is_auto_generated, which we detect in Email::Receiver.
2022-04-05 13:18:49 +10:00
Jean e03593d75c
DEV: add composer cancelled event triggers (#16371) 2022-04-04 17:38:30 -04:00
Blake Erickson ec2930712d
FIX: 500 error when creating a user with an integer username (#16370)
Via the API it is possible to create a user with an integer username. So
123 instead of "123". This causes the following 500 error:

```
NoMethodError (undefined method `unicode_normalize' for 1:Integer)
app/models/user.rb:276:in `normalize_username'
```

See: https://meta.discourse.org/t/222281
2022-04-04 15:15:32 -06:00
Faizaan Gagan 1da4b9eeb3
FIX: update 'posted' column on post owner change (#16367)
Fixes the issue where making a user x as owner of a post doesn't
cause the concerned topic to be listed in new owner's `My Posts`
top menu filter

per https://meta.discourse.org/t/199369
2022-04-04 22:42:38 +05:30
Vinoth Kannan 415c4fa72a
FIX: review queue scrolling is not working after take an action. (#16346)
`reject` method for `Reviewable` model is returning an array. So if we use `this.set` method to update `reviewables` attribute in controller then it replaces the model with an array of objects wrongly. This is now fixed by using the `setObjects` method of the model.
2022-04-04 14:48:06 +05:30
Jarek Radosz 6555f0c11b
DEV: Support qunit_disable_auto_start in ember CLI (#16358)
Required for e.g. `test/run-qunit.js`
2022-04-02 21:15:50 +02:00
Jordan Vidrine b20307377a
linting (#16360) 2022-04-02 10:47:01 -05:00
CommanderRoot 86a783b3ad
DEV: Replace deprecated String.prototype.substr() (#16233)
String.prototype.substr() is deprecated so we replace it with String.prototype.slice() which works similarily but isn't deprecated.

Signed-off-by: Tobias Speicher <rootcommander@gmail.com>
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2022-04-01 17:35:17 +02:00
Andrei Prigorshnev e30f13d850
FIX: stop sorting options in date-pickers on the bookmark modal and the topic-timers modal (#15750) 2022-04-01 16:16:46 +04:00
awesomerobot 98f3349c31 DEV: Safari's window.innerWidth doesn't match CSS 2022-04-01 09:50:08 +08:00
awesomerobot e54440a035 DEV: pass user to user-summary outlets 2022-04-01 09:49:44 +08:00
Bianca Nenciu 819038537c
FIX: can_permanently_delete should check for admin (#16348)
can_permanently_delete field in Post and TopicViewDetails serializers
cannot use Guardian's can_permanently_delete beause their use is
different. The field from the serializers is used to show the button
and the button is shown even if the post cannot be removed forever
because not enough time has passed since it was first deleted. The
guardian method is used by the controller to check that the post can
really be deleted.
2022-04-01 12:03:39 +11:00
Sam b023d88b09
FIX: Abort theme creation if unable to create uploads (#16336)
Previous to this change if any of the assets were not allowed extensions
they would simply be silently ignored, this could lead to broken themes
that are very hard to debug
2022-04-01 12:03:14 +11:00
Alan Guo Xiang Tan e7c3d01aaa
DEV: Restore order assertion in category serializer tests. (#16344)
Our group fabrication creates groups with name "my_group_#{n}" where n
is the sequence number of the group being created. However, this can
cause the test to be flaky if and when a group with name `my_group_10`
is created as it will be ordered before
`my_group_9`. This commits makes the group names determinstic to
eliminate any flakiness.

This reverts commit 558bc6b746.
2022-04-01 08:58:06 +08:00
Bianca Nenciu ac612987ef
FIX: Build correct post and topic shareUrl (#16332)
The links returned by post.url and topic.url are relative, but contain
the subdirectory. When getAbsoluteURL is called to construct the
complete share URL, it adds the host and the subdirectory again. As a
result the created URLs contained the subdirectory twice.
2022-04-01 00:02:01 +03:00
OsamaSayegh ba509a93c2 DEV: Add tests for accessibility changes
Follow-up to the previous 5 commits (aka PR #16328).
2022-03-31 19:01:40 +03:00
OsamaSayegh db67c478be A11Y: Make user avatars in posts stream untabbable
The user avatar in posts has aria-hidden set to true to reduce
redundancy since the information that the avatar gives to screen readers
is the same information that the username/name of the post gives which
is the author of the post.

However, it's still possible for a screen reader user to reach the
avatar by tabbing through the post and when that happens the avatar is
read as "blank". This isn't ideal so we should set tabindex to -1 on the
avatar to remove it from the default keyboard nav flow.
2022-03-31 19:01:40 +03:00
OsamaSayegh ca58d80b0c A11Y: Improve accessibility of embedded replies below post
The changes are:

* Add an aria-label for the button that embeds/expand the replies of a
post below it
* Add an aria-label for the button that collapses the embedded replies
* Add an aria-label to describe the embedded replies section when
expanded and an aria-label for each embedded reply
2022-03-31 19:01:40 +03:00
OsamaSayegh fd26facdf3 A11Y: Improve accessibility of likes/read count post buttons
The improvements are:

* Add an aria-label to the like/read count buttons below posts to
indicate what they mean and do.

* Add aria-pressed to the like/read count buttons to make it clear to screen
readers that these buttons are toggleable.

* Add an aria-label to the list of avatars that's shown when post likes
or readers are expanded so that screen reader users can understand what
the list of avatars means.
2022-03-31 19:01:40 +03:00
OsamaSayegh acdb64eb7e A11Y: change tabLoc tagName from <a> to <span>
The tabLoc is a hidden element inside the post region that we use to
move the focus close to the post that's visually highlighted (by
changing the background color and then fading it away) when a topic is
opened so that screen readers can start reading from that post rather
than the top of the page.

Some screen readers get confused by the tabLoc element being an `<a>`
element and read out the topic ID and I've found that changing the tag
to `<span>` fixes the problem.
2022-03-31 19:01:40 +03:00
OsamaSayegh ef66b3fd40 A11Y: Include username in aria-label of post region
I think the author of a post is a critical piece of information that
should be communicated right when the post region is reached.
2022-03-31 19:01:40 +03:00
Osama Sayegh e7c16bc49a
DEV: Remove grant admin 2FA modal (#16347)
The `grant-admin-second-factor` modal is no longer being used since dd6ec65061.
2022-03-31 19:01:11 +03:00
Penar Musaraj e5bf704c7b
UX: Add details button to admin bounced/rejected lists (#16343) 2022-03-31 11:14:11 -04:00
Alan Guo Xiang Tan dfaf9831f7
SECURITY: Avoid leaking private group name when viewing category. (#16337)
In certain instances when viewing a category, the name of a group with
restricted visilbity may be revealed to users which do not have the
required permission.
2022-03-31 14:39:01 +08:00
Penar Musaraj e431000b23
FIX: Hide tag count in tag filter when in a category context (#16327) 2022-03-31 12:57:27 +11:00
Penar Musaraj 943083f4df
DEV: Include helper in core for `applyLocalDates` (#16325) 2022-03-30 20:58:38 -04:00
Joffrey JAFFEUX 57b20393ac
FIX: flips popper when top position is chosen incorrectly (#16333)
More precisely, if popper can't position something at the bottom, it will automatically attempt to position it at the top. However we should ensure it doesn’t consider the space under the d-header as valid space, when header's height is taken into consideration if top space is not enough, we should force bottom, and flip it back.

This logic is not necessary on modals as the d-header is not present.
2022-03-30 20:58:22 -04:00
Kris 8999de6e5b
DEV: add plugin outlets for user badges (#16334) 2022-03-30 19:59:45 -04:00
Rafael dos Santos Silva 4d809e984d
FEATURE: DiscourseEvent hook for sync_sso (#16329) 2022-03-30 16:22:22 -03:00
Mark VanLandingham b974375239
DEV: Skip notifications without topic_id in `ensure_consistency` (#16299) 2022-03-30 09:56:35 -05:00
Osama Sayegh 2e77cc86fc
Revert "A11Y: Make the views column in topics lists tabbable" (#16321)
This partially reverts commit 771dddb711.

This was a mistake; non-interactive element should not be included in tab navigation.
2022-03-30 17:50:28 +03:00
Penar Musaraj daa581d8f2
REFACTOR: Abstract search link click logging (#16317) 2022-03-30 10:10:39 -04:00
Alan Guo Xiang Tan d0c2eb3359
DEV: Drop `enable_long_polling` and `long_polling_interval` settings (#16323)
Scheduled to drop in 2.9.

Co-authored-by: Loïc Guitaut <loic@discourse.org>
2022-03-30 16:32:40 +08:00
Martin Brennan b8828d4a2d
FEATURE: Polymorphic bookmarks pt. 1 (CRUD) (#16308)
This commit introduces a new use_polymorphic_bookmarks site setting
that is default false and hidden, that will be used to help continuous
development of polymorphic bookmarks. This setting **should not** be
enabled anywhere in production yet, it is purely for local development.

This commit uses the setting to enable create/update/delete actions
for polymorphic bookmarks on the server and client side. The bookmark
interactions on topics/posts are all usable. Listing, searching,
sending bookmark reminders, and other edge cases will be handled
in subsequent PRs.

Comprehensive UI tests will be added in the final PR -- we already
have them for regular bookmarks, so it will just be a matter of
changing them to be for polymorphic bookmarks.
2022-03-30 12:43:11 +10:00
Osama Sayegh a782f04676
FIX: Close user/group card on esc key press (#16306)
`keyUp` is only invoked if the component's root element (or one of its descendants) has focus which isn't great for keyboard users because if they open a user card and want to close it, they have to tab through to the user card and only then will the Esc key actually close the card. This commit adds a `keyup` event listener on the `document` for the Esc key so that the user card is closed (if it's open) no matter where the focus is.
2022-03-29 21:29:22 +03:00
Penar Musaraj 1210cfe60e
UX: Indicate that "Show replies" button does not work for deleted posts (#16304) 2022-03-29 11:58:50 -04:00
David Taylor 7a284164ce
PERF: Update UserDestroyer to fetch histories and actions in batch (#16316)
This is much more memory-efficient when there are 1000s of rows
2022-03-29 16:56:55 +01:00
Alan Guo Xiang Tan 5743a6ec1e DEV: Remove Zeitwerk inflection monkey patch.
There isn't a good reason we need to patch the inflector.

Co-authored-by: Loïc Guitaut <loic@discourse.org>
2022-03-29 16:04:49 +02:00
David Taylor b2a8dc4c0f
FIX: Maintain HTML `<img` when downloading remote images (#16278)
Under some conditions, replacing an `<img` with `![]()` can break rendering, and make the image disappear.

Context at https://meta.discourse.org/t/152801
2022-03-29 10:55:10 +01:00
Martin Brennan 045be237a0
DEV: Fix failing share topic tests (#16309)
Since 3fd7b31a2a some tests
were failing with this error:

> Error: Unhandled request in test environment: /c/feature/find_by_slug.json
> (GET) at http://localhost:7357/assets/test-helpers.js

This commit fixes the issue by adding the missing pretender. Also
noticed while fixing this that the parameter for the translation
was incorrect -- it was `group` instead of `groupNames`, so that
is fixed here too, along with moving the onShow functions into
@afterRender decorated private functions. There is no need for the
appevent listeners.
2022-03-29 15:11:44 +08:00
Kris ad89bd5ac1
DEV: New plugin outlets for user and user-card (#16307) 2022-03-29 09:09:13 +08:00
Osama Sayegh e40c4bb7f9
FIX: Validate category tag restrictions before sending new topics to review (#16292)
Tags (and tag groups) can be configured so that they can only be used in specific categories and (optionally) restrict topics in these categories to be able to add/use only these tags. These restrictions work as expected when a topic is created without going through the review queue; however, if the topic has to be reviewed by a moderator then these restrictions currently aren't checked before the topic is sent to the review queue, but they're checked later when a moderator tries to approve the topic. This is because if a user manages to submit a topic that doesn't meet the restrictions, moderators won't be able to approve and it'll be stuck in the review queue.

This PR prevents topics that don't meet the tags requirements from being sent to the review queue and shows the poster an error message that indicates which tags that cannot be used.

Internal ticket: t60562.
2022-03-28 21:25:26 +03:00
Jordan Vidrine 2b974d4992
DEV: Add additional outlet to user-card next to `message` button (#16300) 2022-03-28 11:56:43 -05:00
Bianca Nenciu 3fd7b31a2a
FIX: Show restricted groups warning when necessary (#16236)
It was displayed for the "everyone" group too, but that was not
necessary.
2022-03-28 19:38:29 +03:00
David Taylor c219740274
DEV: Add polyfill for `String.prototype.replaceAll` (#16301) 2022-03-28 17:18:56 +01:00
David Taylor 720e1ca9e7
FEATURE: Support upload:// urls in img tags (#16277)
Previously, our `upload://` protocol urls were only supported in markdown image tags. This meant that our PullHotlinkedImages job was forced to convert `<img` tags to markdown. Depending on the exact syntax, this can actually cause the image to break.

This commit adds support for `upload://` inside regular HTML `<img` tags. In a future commit, we'll be able to use this to make our PullHotlinkedImages job much more robust.

Context at https://meta.discourse.org/t/152801
2022-03-28 16:46:47 +01:00
Alan Guo Xiang Tan fc40a572bb
DEV: Register question_answer_user_commented notification type. (#16297)
The notification type is used by https://github.com/discourse/discourse-question-answer
2022-03-28 16:03:19 +08:00
Martin Brennan 94207e27d1
DEV: Remove underscore versions of TextareaTextManipulation functions (#16285)
Since 6a5ef27, we made public
versions of some TextareaTextManipulation methods. This commit removes
the old underscore versions of these methods:

_focusTextArea
_insertBlock
_insertText
_getSelected
_selectText
_replaceText
_applySurround
_addText
_extractTable
_isInside
2022-03-28 13:23:50 +10:00
Martin Brennan 230e82e948
DEV: Make Bookmark#post_id column nullable (#16287)
As we are gradually moving to having a polymorphic
bookmarkable relationship on the Bookmark table,
we need to make the post_id column nullable to be
able to develop and test the new columns, and
for cutover/migration purposes later as well.
2022-03-28 13:09:13 +10:00
Mark VanLandingham 96719cbf4f
DEV: Rename param passed to updateNotificationLevel (#16289) 2022-03-25 11:20:24 -05:00
Mark VanLandingham a3563336db
FIX: Bug setting notification level to muted/ignored on user page (#16268) 2022-03-25 10:51:45 -05:00
Roman Rizzi 136f7dbf78
DEV: Remove old link building code. (#16121)
We have a new API introduced [here](https://github.com/discourse/discourse/pull/14553).
2022-03-25 09:36:39 -03:00
Dan Ungureanu 76ece494f9
DEV: Fix "serialize to JSON safely" deprecation (#16280)
Job arguments must match after a serialize-deserialize cycle and
symbols were converted to strings during this process.
2022-03-25 09:07:21 +08:00
Andrei Prigorshnev 5423d46442
UX: cleaner messages for empty state on the user activity topics page (#16267) 2022-03-25 00:20:55 +04:00
Dan Ungureanu 03ad88f2c2
FIX: Add `errors` field if group update confirmation (#16260)
* FIX: Redirect if Discourse-Xhr-Redirect is present

`handleRedirect` was passed an wrong argument type (a string) instead of
a jqXHR object and missed the fields checked in condition, thus always
evaluating to `false`.

* FIX: Add `errors` field if group update confirmation

An explicit confirmation about the effect of the group update is
required if the default notification level changes. Previously, if the
confirmation was missing the API endpoint failed silently returning
a 200 response code and a `user_count` field. This change ensures that
a proper error code is returned (422), a descriptive error message and
the additional information in the `user_count` field.

This commit also refactors the API endpoint to use the
`Discourse-Xhr-Redirect` header to redirect the user if the group is
no longer visible.
2022-03-24 14:50:44 +02:00
OsamaSayegh 771dddb711 A11Y: Make the views column in topics lists tabbable 2022-03-24 13:42:24 +03:00
OsamaSayegh bc54b0055c A11Y: Improve topic entrance modal
Clicking the Replies cell of a topic in a topics list shows a little
modal with 2 buttons that take you to the first and last posts of the
topic. This modal is currently completely inaccessible to
keyboard/screen reader users because it can't be reached using the
keyboard.

This commit improves the modal so that it traps focus when it's shown
and makes it possible to close the modal using the esc key.
2022-03-24 13:42:24 +03:00
OsamaSayegh 0d4fad67db A11Y: Add `aria-label`s to topics list column headers
Topics lists like /latest are ordered by last activity date by default,
but the order can be changed (and reversed) to something else such as
replies count and views count by clicking on the corresponding column
header in the topics list. These column headers are tabbable, but screen
readers announce them as, using the replies column as example, `Replies
toggle button`. This doesn't communicate very well that this the button
changes the order, so this commit adds `aria-label`s to all column
headers to make it clear that they change order. The current copy for
the `aria-label` is `Sort by replies`.
2022-03-24 13:42:24 +03:00
OsamaSayegh 0d6bb64c0f A11Y: Add aria-label to the Replies cell in topics list
When tabbing through a topics list like /latest, /unread, /new etc. the
Replies column is announced as `<replies count> button` by screen
readers and it's not clear that number means the topic has that number
of replies. This commit adds an `aria-label` so the Replies column to
make it clear what that number means. The current copy of the
`aria-label` is "This topic has <replies count> replies".
2022-03-24 13:42:24 +03:00
Martin Brennan 9d5737fd28
SECURITY: Hide private categories in user activity export (#16273)
In some of the user's own activity export data,
we sometimes showed a secure category's name or
exposed the existence of a secure category.
2022-03-24 15:38:44 +10:00
Osama Sayegh 8dd6cb14ee
FIX: Don't attempt to focus .title in topic-list-item if it doesn't exist (#16274)
Follow-up to 97e7bb1ce4

Themes/plugins may override the default `topic-list-item` and remove the `.main-link` or `.title` elements from the template. We shouldn't attempt to focus them if they don't exist.
2022-03-24 08:33:17 +03:00
Martin Brennan 817035b557
DEV: Add useUploadPlaceholders to composer-upload-uppy (#16272)
This option is being added because some composer derivatives
like the chat composer use ComposerUploadUppy, but do not
need the placeholder text for uploads to be inserted/replaced.
This way those components can set useUploadPlaceholders to
false to avoid it.
2022-03-24 14:50:18 +10:00
Martin Brennan 1341baaeba
DEV: Use composerEventPrefix for paste in textarea-text-manipulation (#16262)
In the commit d678ba1103 we added
gif parsing support on paste, but we also slightly changed the
isComposer check there, along with a change in chat this caused
isComposer to be true (which is correct), however the event we fire
is composer:insert-text which the chat composer does not pick up.

Instead, we should use composerEventPrefix if it is present to
fire the insert-text event, and if it is not present (e.g. for
some custom composer that someone has implemented) fall back to
the default. There is a companion commit for chat to handle this
change there.
2022-03-24 09:49:56 +10:00
Penar Musaraj 99a6f32554
DEV: Add `registerCustomLastUnreadUrlCallback`to plugin API (#16222) 2022-03-23 13:34:17 -04:00
Joffrey JAFFEUX 4a39850aac
FIX: closing the picker shouldn't propagate the pointer event (#16266) 2022-03-23 16:42:53 +01:00
Bianca Nenciu cbaf7c949b
FIX: Make sure max_oneboxes_per_post is enforced (#16215)
PostAnalyzer and CookedPostProcessor both replace URLs with oneboxes.
PostAnalyzer did not use the max_oneboxes_per_post site and setting and
CookedPostProcessor replaced at most max_oneboxes_per_post URLs ignoring
the oneboxes that were replaced already by PostAnalyzer.
2022-03-23 17:36:08 +02:00
Penar Musaraj 147ffadcf3
DEV: Update Uppy to 2.1.6 (#16227) 2022-03-23 09:28:55 -04:00
Jarek Radosz 7fcf4dcd4b
FIX: Allow `@ember/test` import in embercli prod builds (#16264)
This matches the behavior of legacy discourse-loader and the regular Ember resolver.
2022-03-23 14:28:09 +01:00
Osama Sayegh 97e7bb1ce4
FIX: Don't listen for focus/blur events if the topic-list opts out of last visited focus (#16263)
Follow-up to eb237e634a.

Some `{{topic-list}}` instances, like the one for suggested topics, opt out of focusing the row of the last visited topic in the list, but we currently still add listeners for focus/blur events even if when the topic-list instance opts out. This commit adds a check so that we only register focus/blur listeners if the topic-list opts in for last visited topic focus.
2022-03-23 15:30:11 +03:00
Osama Sayegh eb237e634a
A11Y: Focus last viewed topic in topic lists (take 3) (#16257)
Another attempt at fixing https://meta.discourse.org/t/discourse-with-a-screen-reader/178105/88?u=osama. Previous PR (reverted): #16240.

The problems with the previous PR were:

1. As you scrolled down a topics list, the first topic of every new batch of topics would receive focus and the indicator would show up.
2. Similar to 1, clicking the `See X new or updated topics` notice would also focus a random topic from the new topics that were just loaded.
3. Topics in the suggested topics list received focus too
4. Our custom focus indicator appeared on mobile, but it shouldn't.

This commit should have none of these problems.
2022-03-23 13:03:56 +03:00
Martin Brennan 8040b95e8c
DEV: Re-add polymorphic bookmark columns (#16261)
This commit is a redo of2f1ddadff7dd47f824070c8a3f633f00a27aacde
which we reverted because it blew up an internal CI check. I looked
into it, and it happened because the old migration to add the bookmark
columns still existed, and those columns were dropped in a post migrate,
so the two migrations to add the columns were conflicting before
the post migrate was run.

------

This commit only includes the creation of the new columns and index,
and does not add any triggers, backfilling, or new data.

A backfill will be done in the final PR when we switch this over.
Intermediate PRs will look something like this:

Add an experimental site setting for using polymorphic bookmarks,
and make sure in the places where bookmarks are created or updated
we fill in the columns. This setting will be used in subsequent
PRs as well.
Listing and searching bookmarks based on polymorphic associations
Creating post and topic bookmarks using polymorphic associations,
and changing special for_topic logic to just rely on the Topic
bookmarkable_type
Querying bookmark reminders based on polymorphic associations
Make sure various other areas like importers, bookmark guardian,
and others all rely on the associations
Prepare plugins that rely on the Bookmark model to use polymorphic
associations
The final core PR will remove all the setting gates and switch over
to using the polymorphic associations, backfill the bookmarks
table columns, and ignore the old post_id and for_topic colummns.
Then it will just be a matter of dropping the old columns down the
line.
2022-03-23 12:43:08 +10:00
Osama Sayegh 97519a3ea5
Revert "A11Y: Focus last viewed topic in topic lists (#16240)" (#16255)
This reverts commit 5d77f485cb.

There are some edge cases that we need to handle better. Reverting this
commit because we're going to do a beta release later today.
2022-03-22 20:09:12 +03:00
Mark VanLandingham f0e87aa35f
DEV: appEvent to close user card (#16253) 2022-03-22 12:00:44 -05:00
Osama Sayegh 5d77f485cb
A11Y: Focus last viewed topic in topic lists (#16240)
Meta topic: https://meta.discourse.org/t/discourse-with-a-screen-reader/178105/88?u=osama

This is another attempt to fix the same problem that https://github.com/discourse/discourse/pull/15300 was meant to fix, but it had to be reverted because the `focus()` call caused the topic title to have an outline on certain browsers. This commit does mostly the same thing as the previous one, but the difference is that the native focus indicator outline is replaced with a custom indicator that only appear on the left side of the topic rather than all sides. See https://github.com/discourse/discourse/pull/16240#issuecomment-1075212093 for screenshots.
2022-03-22 19:26:38 +03:00
David Taylor daacb3b038 FIX: Ensure all/none subcategory filters work correctly with tags
This is done by defining a `/all` route for use when a category's default filter is 'none'. This was defined for regular category routes in 3e7f7fdd, but not for tag routes.

This commit also corrects the route name TagsShowNoneCategory*Route -> TagsShowCategoryNone*Route, which fixes an error when setting subcategories=none while filtering by tags.
2022-03-22 15:26:00 +00:00
David Taylor 80dd769530 FIX: Issue 404 for invalid `/tags/c/...` routes
Previously we would issue a 403 for all invalid routes under `/tags/c/...`, which is not semantically correct. In some cases, these 403'd routes would then be handled successfully in the Ember app, leading to some very confusing behavior.
2022-03-22 15:26:00 +00:00
David Taylor 6acd2c58a9
DEV: Drop padStart and padEnd polyfills (#16249)
These methods have been natively supported in all our target browsers for many years. We're now feature-detecting `String.prototype.replaceAll`, which is a much more recent addition. If a browser has `replaceAll`, it'll have `padStart` and `padEnd`
2022-03-22 11:46:13 +00:00
David Taylor cf6deb439a
FIX: Add replaceAll to browser-detect (#16248)
We're using replaceAll in a few places. If it's not supported, we should fall back to the basic-html view.
2022-03-22 11:45:03 +00:00
Alan Guo Xiang Tan 4e6f7a1a6e
Revert "DEV: Re-add polymorphic bookmark columns (#16245)" (#16246)
This reverts commit 2f1ddadff7.
2022-03-22 13:13:42 +08:00
Martin Brennan 2f1ddadff7
DEV: Re-add polymorphic bookmark columns (#16245)
This commit is a redo of e21c640a3c
which we reverted to not include half-done work in a release.

This commit is slightly different though, in that it only includes
the creation of the new columns and index, and does not add any
triggers, backfilling, or new data.

A backfill will be done in the final PR when we switch this over.
Intermediate PRs will look something like this:

1. Add an experimental site setting for using polymorphic bookmarks,
   and make sure in the places where bookmarks are created or updated
   we fill in the columns. This setting will be used in subsequent
   PRs as well.
2. Listing and searching bookmarks based on polymorphic associations
3. Creating post and topic bookmarks using polymorphic associations,
   and changing special for_topic logic to just rely on the Topic
   bookmarkable_type
4. Querying bookmark reminders based on polymorphic associations
5. Make sure various other areas like importers, bookmark guardian,
   and others all rely on the associations
6. Prepare plugins that rely on the Bookmark model to use polymorphic
   associations

The final core PR will remove all the setting gates and switch over
to using the polymorphic associations, backfill the bookmarks
table columns, and ignore the old post_id and for_topic colummns.
Then it will just be a matter of dropping the old columns down the
line.
2022-03-22 14:26:13 +10:00
Robin Ward d025405130
FIX: When using Ember CLI, plugin admin code was not being loaded in tests (#16239) 2022-03-21 15:46:41 -04:00
Roman Rizzi 581d435d09
Revert "FEATURE: Let reviewables override the score type title. (#16234)" (#16238)
This reverts commit 746f8f3797.
2022-03-21 16:32:47 -03:00
Roman Rizzi 746f8f3797
FEATURE: Let reviewables override the score type title. (#16234)
Plugins like chat add custom score type to override the title in the UI, but that should be reserved for situations when you need to manage the flag priority separately, which is configurable in the queue settings page.

Currently, if a plugin creates a custom score type, it won't be able to associate a priority, so there's no real gain from doing so. Priorities are tightly related to post-action types, which is something we might want to revise. For now, this change lets plugins move away from custom score types without compromises.
2022-03-21 14:29:57 -03:00
David Taylor f7b5ff39cf
DEV: Refactor tag-show route (#16217)
Previously we were loading almost all the data in an afterModel hook, storing it temporarily in route properties, and then passing it to the controller in `setupController`.

This does not follow Ember best-practices, and causes a number of unexpected behaviours. For example, Ember only calls `setupController` **when the model value changes**. Since `model()` was only returning the tag, that meant that category changes and `additionalTag` changes wouldn't always trigger a `setupController` call, and things would get into a very weird state. This is visible when using the 'loading-slider' component because the category navigation dropdown gets 'stuck' when switching categories.

This commit moves all the data-fetching into `model()`. To make things cleaner, it also:
- removes most uses of route-level variables
- introduces async/await in the model() function
- removes some unneeded `get()` usage
- re-uses DiscoverySortableController for queryParam default handling
- Removes override of `renderTemplate()` so that queryParams are correctly passed through to the controller
- Removes some `transitionToRoute` hacks which were working around the queryParams issue
- Switches to `@action`
2022-03-21 12:20:51 +00:00
Martin Brennan 0832cad803
DEV: Add clipboardCopyAsync API to utilities (#16232)
In certain cases (like chat quoting) we need to be able
to call the API with an async AJAX call before copying
the results to the clipboard. The only way to reliably
do this is by handing off the AJAX promise to a ClipboardItem.

This commit introduces a new clipboardCopyAsync function
to handle this, which will stand alongside the existing
clipboardCopy function which can be used when no AJAX
request is necessary.
2022-03-21 13:34:01 +10:00
Jarek Radosz 4e9a96b8c4
DEV: Update fireworm package (#16226) 2022-03-19 14:43:18 +01:00
Jarek Radosz 508370e433
DEV: Add missing service injections (#16223) 2022-03-18 18:38:56 +01:00
Bianca Nenciu 30f3e78834
FIX: Reset last sent for existent bookmarks (#16202)
The meaning of reminder_at and reminder_last_sent_at changed after
commit 6d422a8033. A bookmark reminder
will fire only if reminder_last_sent_at is null, but before that it
fired everytime reminder_at was set. This is no longer true because
sometimes reminder_at continues to exist even after a reminder fired.
2022-03-18 16:31:35 +02:00
David Taylor 13b4b0d3c4
DEV: Refactor d-section to function correctly with loading-slider (#16216)
When using the loading-slider, the component instance is re-used across different pages and so the didInsertElement/willDestroyElement hooks are not fired during page transitions. Instead, we can lean on `didReceiveAttrs`.

Similar fix to 87b98e2862

Note that the `scrollTop` feature is still problematic under the loading slider. That will need to be addressed in a future commit.
2022-03-18 11:47:23 +00:00
Blake Erickson 61248652cd
DEV: Allow params to be passed on topic redirects (#16218)
* DEV: Allow params to be passed on topic redirects

There are several places where we redirect a url to a standard topic url
like `/t/:slug/:topic_id` but we weren't always passing query parameters
to the new url.

This change allows a few more query params to be included on the
redirect. The new params that are permitted are page, print, and
filter_top_level_replies. Any new params will need to be specified.

This also prevents the odd trailing empty page param that would
sometimes appear on a redirect. `/t/:slug/:id.json?page=`

* rubocop: fix missing space after comma

* fix another page= reference
2022-03-17 19:27:51 -06:00
Rafael dos Santos Silva d678ba1103
FEATURE: Allow users to paste animated gifs into composer (#16204)
If a user copies a gif from a website into their clipboard and then
tries to paste it into the Discourse composer, we would only paste a
static single frame of the original gif. This happens because the
browser doesn't store the original image in the clipboard, but two
entries:

1. image/png with the frame of the copy moment
2. text/html with the markup of the gif img element

This commit adds an heuristic that detects this and makes us pick the
clipboard content of text/html instead of the image/png when this
happens.

From there our existing HTML paste logic handles and converts the HTML
img tag into markdown, preserving even the alt text.

See https://meta.discourse.org/t/-/218720 for context.
2022-03-17 10:47:54 -03:00
Rafael dos Santos Silva 100a84d345
DEV: Reserve assigned notification type (#16207)
* DEV: Reserve assigned notification type

* update constants
2022-03-16 17:08:10 -03:00
Rafael dos Santos Silva 69752f0100
FEATURE: Update push notification icons (#16206) 2022-03-16 16:21:44 -03:00
Jarek Radosz d10f95bfad
FIX: Ember test imports, again (#16203)
We use that import also outside of tests…
2022-03-16 17:12:15 +01:00
Jarek Radosz ecfbd45607
FIX: Ember test entries in discourse-loader (#16201)
Those aren't available in the production build.
(+ Move to test-shims)
2022-03-16 16:06:34 +01:00
Bianca Nenciu 44c8f4940e
FIX: Show bookmark options by default when editing (#16189)
These changes also update user bookmark preferences on the client side
immediately in case user creates more than a bookmark during the same
session.
2022-03-16 16:41:24 +02:00
Mark VanLandingham cea0b9cefb
DEV: Reserve usernames for chat and sunset `chat_group_mention` (#16200) 2022-03-16 08:55:21 -05:00
Mark VanLandingham a0f4c7fe88
FIX: remove racing requests for admin users (#15936) 2022-03-16 08:47:48 -05:00
Jarek Radosz 704606e731
DEV: Support `registerWaiter` import in legacy env (#16195)
Throw in `unregisterWaiter` too
2022-03-16 14:32:38 +01:00
Bianca Nenciu 6a295ea9e9
DEV: Log more when verbose_upload_logging is enabled (#16177)
A message was logged when download started, but it was not known if a error
during the download.
2022-03-15 23:55:05 +02:00
Bianca Nenciu 08a1f41582
FEATURE: Replace share-popup with share-topic (#16108)
share-topic modal is used everywhere expect when clicking on the top
right corner of the post. This changes standardize on share-topic modal
and add the missing features from share-popup.
2022-03-15 21:27:18 +02:00
Penar Musaraj d19b5fe80b
DEV: Stop live-reloading locally on SCSS changes (#16193)
The `testem.scss` include triggers a live reload locally. We need these
styles when running `ember test --server`, so this loads that stylesheet
only in that scenario.
2022-03-15 16:46:12 +01:00
Penar Musaraj 593f3e5dd8
UX: Styling changes to global banner (#16191) 2022-03-15 16:19:55 +01:00
Jarek Radosz 383f164672
FIX: Always include the first poster when converting to PM (#16187)
Regressed in #15626
2022-03-15 10:51:10 +01:00
Sam de9a031073
FEATURE: use canonical links in posts.rss feed (#16190)
* FEATURE: use canonical links in posts.rss feed

Previously we used non canonical links in posts.rss

These links get crawled frequently by crawlers when discovering new
content forcing crawlers to hop to non canonical pages just to end up
visiting canonical pages

This uses up expensive crawl time and adds load on Discourse sites

Old links were of the form:

`https://DOMAIN/t/SLUG/43/21`

New links are of the form

`https://DOMAIN/t/SLUG/43?page=2#post_21`

This also adds a post_id identified element to crawler view that was
missing.

Note, to avoid very expensive N+1 queries required to figure out the
page a post is on during rss generation, we cache that information.

There is a smart "cache breaker" which ensures worst case scenario is
a "page drift" - meaning we would publicize a post is on page 11 when
it is actually on page 10 due to post deletions. Cache holds for up to
12 hours.

Change only impacts public post RSS feeds (`/posts.rss`)
2022-03-15 20:17:06 +11:00