Commit Graph

390 Commits

Author SHA1 Message Date
Arpit Jalan 00b41437b0
FIX: hide sso email behind a button click and log views (#11186) 2020-11-11 00:42:44 +05:30
Martin Brennan 00c8f520e9
FIX: Do not enable published page if secure media enabled (#11131)
There are issues around displaying images on published pages when secure media is enabled. This PR temporarily makes it appear as if published pages are enabled if secure media is also enabled.
2020-11-06 10:33:19 +10:00
Roman Rizzi c0848a5cc4
FIX: Only include last_posted_at if there's a topic_user object. (#11011)
Trying to include this attribute when topic_user is nil causes an error when visiting a topic as anon. Additionally, we don't display the slow mode banner for these users.
2020-10-23 11:31:59 -03:00
Penar Musaraj 5763309953
FEATURE: WCAG compliant color schemes (#10882)
Co-authored-by: Kris <kris.aubuchon@discourse.org>
2020-10-15 14:05:48 -04:00
Penar Musaraj 74de7a49f5
Simplify theme and color scheme seeding (#10872)
Now that we have support for user-selectable color schemes, it makes sense
to simplify seeding and theme updates in the wizard. 

We now:

- seed only one theme, named "Default" (previously "Light")
- seed a user-selectable Dark color scheme
- rename the "Themes" wizard step to "Colors"
- update the default theme's color scheme if a default is set
(a new theme is created if there is no default)
2020-10-14 10:18:02 -04:00
Krzysztof Kotlarek 6be60b0ae5
FEATURE: respect tags_sort_alphabetically setting when display tags (#10889)
Currently, tag labels are displayed in random order.

They should be displayed in alphabetical or popularity order based on SiteSetting (tags_sort_alphabetically)

Meta: https://meta.discourse.org/t/how-to-apply-tag-sorts-by-popularity-to-topic-list-currently-it-seems-only-apply-to-tag-page/163186/7
2020-10-13 08:23:04 +11:00
Jarek Radosz e00abbe1b7 DEV: Clean up S3 specs, stubs, and helpers
Extracted commonly used spec helpers into spec/support/uploads_helpers.rb, removed unused stubs and let definitions. Makes it easier to write new S3-related specs without copy and pasting setup steps from other specs.
2020-09-28 12:02:25 +01:00
Penar Musaraj 3d39b4bbb5
FIX: Do not downcase group name in current user serializer 2020-09-17 13:03:42 -04:00
Neil Lalonde b207842720
FIX: group tag notifications included for all users
Regression from my last commit
2020-09-16 16:02:28 -04:00
Neil Lalonde 8333872e88
FIX: N+1 for admins viewing groups page
Groups page was loading fields that are only used on the group show
page, so move those fields to the GroupShowSerializer.
Also only fetch the default category and tag notifications once.
2020-09-16 14:58:52 -04:00
Guo Xiang Tan 245d29e5a3
SECURITY: Mod should not see `group_users` and `second_factor_enabled`.
Moderators should not be able to see `UserSerializer#group_users` and `UserSerializer#second_factor_enabled` of other users.

Impact of leaking this is low because the information leaked is not
exploitable.
2020-09-11 10:23:35 +08:00
Robin Ward 0a492829ea Add category id to webhook post serializer 2020-09-02 10:42:51 -04:00
Penar Musaraj b7cfc9e861
FEATURE: User selectable color schemes (#10544) 2020-08-28 10:36:52 -04:00
Kane York ab0b034404
FIX: Wizard could not send custom color schemes to the client correctly (#10484)
This was likely introduced with the refactor to make ColorSchemeColor a database object. Add a test so this doesn't happen again.

Also test other basics of the WizardSerializer.

For some reason, the .as_json left Ruby objects in; I solved this with a round trip through JSON during the test.
2020-08-20 17:10:33 -07:00
Vinoth Kannan 8348a41124
FEATURE: add `regular_categories` field in site setting & user option. (#10477)
Like "default watching" and "default tracking" categories option now the "regular" categories support is added. It will be useful for sites that are muted by default. The user option will be displayed only if `mute_all_categories_by_default` site setting is enabled.
2020-08-20 00:35:04 +05:30
Joffrey JAFFEUX b98cf565d1
FIX: makes group_show_serializer#is_group_owner follow standards (#10466)
It should only return if is_group_owner, otherwise the field won't be present in json.
2020-08-18 18:30:08 +02:00
jahan-ggn 65649eaef0
User card settings (#10302)
* settings implemented

* prettier

* settings updated

* rubocop

* prettier

* Revert "rubocop"

This reverts commit 7805145a7d.

* Revert "prettier"

This reverts commit 2c53f4fa12.

* settings updated and changed

* rubocop

* changes applied

* final changes done

* Server side feature added

* spec changed

* changed user_updater and profile file

* Fix user card specs

* web hook serializer solved

* site-setting changed

Co-authored-by: Mark VanLandingham <markvanlan@gmail.com>
2020-08-17 12:37:45 -04:00
Vinoth Kannan 476d26159a
FEATURE: add new user option `skip_new_user_tips`. (#10437)
And add new site setting `default_other_skip_new_user_tips` in user preferences category.
2020-08-14 19:10:56 +05:30
Penar Musaraj ced8cdad24
DEV: Order links by domain and url in spec 2020-08-12 17:46:12 -04:00
Penar Musaraj b44748e503
DEV: Order links by domain in spec
Should fix spec failing in macOS pgsql 11.3
2020-08-10 10:25:13 -04:00
Rafael dos Santos Silva 32f6c5c07e
DEV: Use explicit ordering so spec is realiable 2020-08-07 15:15:39 -03:00
jbrw 8f140b8903
TopicView/PostSerializer should be able to handle topics without categories 2020-07-28 19:06:55 -04:00
jbrw 74ab4f3bff
FEATURE - group modetators visual indicator (#10310) 2020-07-28 17:15:04 -04:00
Joffrey JAFFEUX 11faec71ae
FIX: prevents group show serializer to override basic group serializer (#10326) 2020-07-28 18:11:15 +02:00
Krzysztof Kotlarek e0d9232259
FIX: use allowlist and blocklist terminology (#10209)
This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 10:23:54 +10:00
Guo Xiang Tan 10a6824e5f
Revert "PERF: Reduce size of search payload by removing unused topic attributes."
This reverts commit 84de643c04.

Users are using the search endpoint as public API even though it is
meant to be internal. Revert for now while we figure out the path
forward on providing a more stable API to end users.
2020-07-23 09:25:31 +08:00
Blake Erickson 690f17bcbe
FEATURE: Allow List for PMs (#10270)
* FEATURE: Allow List for PMs

This feature adds a new user setting that is disabled by default that
allows them to specify a list of users that are allowed to send them
private messages. This way they don't have to maintain a large list of
users they don't want to here from and instead just list the people they
know they do want. Staff will still always be able to send messages to
the user.

* Update PR based on feedback
2020-07-20 15:23:49 -06:00
Guo Xiang Tan 84de643c04
PERF: Reduce size of search payload by removing unused topic attributes. 2020-07-16 11:49:06 +08:00
jbrw 06073fe8c6
FEATURE: Allow group moderators to close/archive topics
* FEATURE: Allow group moderators to close/archive topics
2020-07-14 12:36:19 -04:00
Rafael dos Santos Silva 73a3e2ccbc DEV: Add spec for summary links 2020-07-13 15:26:56 -03:00
Blake Erickson a900c99993 DEV: Add external_id to notification payload
If sso is enabled the notification payload will now include the
external_id for the user.

This was requested on meta: https://meta.discourse.org/t/-/129052/10
2020-07-13 12:07:39 -06:00
Dan Ungureanu c72bc27888
FEATURE: Implement support for IMAP and SMTP email protocols. (#8301)
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2020-07-10 12:05:55 +03:00
Martin Brennan 56f42d89c5
FIX: Post menu bookmark icon and attributes not refreshing on notification click (#10214)
When creating a bookmark reminder that deletes the bookmark on reminder, if the user clicked on the notification and got taken to the post in the topic the bookmark icon still showed as blue with the reminder clock indicator. This was because the response JSON for reloading a topic post was not including the bookmark attributes, not even the bookmarked boolean.

We now return the correct attributes in the serializer, and if bookmarked is false we clear all the bookmark related attributes on the post for the notification to make sure nothing of the old bookmark remains in the UI.

This was only a problem if the user did not refresh the app completely inbetween setting the reminder and receiving the notification.
2020-07-10 14:35:53 +10:00
Régis Hanol f43c0a5d85 FIX: uploading an image as a site setting
When uploading an image as a site setting, we need to return the "raw" URL, otherwise
when saving the site setting, the upload won't be looked up properly.

Follow-up-to: f11363d446
2020-07-03 13:23:10 +02:00
Guo Xiang Tan 89bac20b8e
DEV: Prefer `fab!` over `let!`. 2020-06-29 11:11:06 +08:00
Dan Ungureanu 4efc126635
FIX: Serialize an empty array if no suggested topics exist (#10134)
It used to return nil, which was ambiguous (empty vs absent
result).
2020-06-26 22:25:38 +03:00
Sam Saffron 2987901043
FIX: skip category notification_level unless scoped
#b19dcac2 improved the serializer so it sends default notification
levels to users to work around cases where a category edit would
would result in clients being left with invalid notification state

Unfortunately this did not address the root issue.

When we edit categories we publish state to multiple users this
means that the serializer is executed unscoped with no user.

The client already handles this case per:

dcad720a4c/app/assets/javascripts/discourse/app/models/site.js (L119-L119)

If a property is not shipped to it, it will leave it alone on the
existing category.


This fix ensures that these wide category info updates do not
include notification state to avoid corruption of local state.
2020-06-24 17:08:12 +10:00
Joffrey JAFFEUX 9518d6b587
fix spec (#10061) 2020-06-17 15:10:07 +02:00
Krzysztof Kotlarek 6258406419
FIX: secondary_emails, unconfirmed_emails, group_users are private fields
Those fields should be only visible to the user.
2020-06-16 12:46:27 +03:00
Blake Erickson 1ce6ff0a55 DEV: Include raw in post webhook serializer
This came in as a request on meta to include the raw field in the post
webhook serializer.

 https://meta.discourse.org/t/-/49045/55?u=blake

 Including this field can prevent needing to make a 2nd API request to
 get the raw field of a post.

 It would be handy down the road if we updated the webhook ui to specify
 fields or arguments that you wanted to be included in the serialized
 data, but most requests I've seen to update the serializers have been
 valid requests that are good to add anyways, so I don't think we have
 reached that point yet.
2020-06-10 11:56:39 -06:00
Dan Ungureanu 5bfe1ee4f1
FEATURE: Improve UX support for multiple email addresses (#9691) 2020-06-10 19:11:49 +03:00
Sam Saffron 716629dc0a
DEV: correct flaky test relying on possibly valid user id
This test lasted about 7 years prior to it becoming flaky.

Today ... for whatever reason the test suite created 100 users
prior to running this spec. So the new user becomes user id 101

And... lo and behold:

```

  1) PostSerializer a hidden post with add_raw enabled a hidden post shows the raw post only if authorized to see it
     Failure/Error: expect(serialized_post_for_user(Fabricate(:user))[:raw]).to eq(nil)

       expected: nil
            got: "Raw contents of the post."

       (compared using ==)
     # ./spec/serializers/post_serializer_spec.rb:127:in `block (4 levels) in <main>'
```
2020-06-09 17:40:41 +10:00
Michael Brown d9a02d1336
Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse""
This reverts commit 20780a1eee.

* SECURITY: re-adds accidentally reverted commit:
  03d26cd6: ensure embed_url contains valid http(s) uri
* when the merge commit e62a85cf was reverted, git chose the 2660c2e2 parent to land on
  instead of the 03d26cd6 parent (which contains security fixes)
2020-05-23 00:56:13 -04:00
Jeff Atwood 20780a1eee Revert "Merge branch 'master' of https://github.com/discourse/discourse"
This reverts commit e62a85cf6f, reversing
changes made to 2660c2e21d.
2020-05-22 20:25:56 -07:00
David Taylor e9f579bd3f
DEV: Clean up thumbnail tests correctly 2020-05-19 11:04:02 +01:00
David Taylor 461b4e5cc6
DEV: Add framework for filtered plugin registers (#9763)
* DEV: Add framework for filtered plugin registers

Plugins often need to add values to a list, and we need to filter those lists at runtime to ignore values from disabled plugins. This commit provides a re-usable way to do that, which should make it easier to add new registers in future, and also reduce repeated code.

Follow-up commits will migrate existing registers to use this new system

* DEV: Migrate user and group custom field APIs to plugin registry

This gives us a consistent system for checking plugin enabled state, so we are repeating less logic. API changes are backwards compatible
2020-05-15 14:04:38 +01:00
David Taylor 0495a748d0
FIX: Use CDN URLs for topic thumbnails 2020-05-15 13:35:20 +01:00
Martin Brennan a64cf265fd
FIX: Change /bookmarks URL back to topic list and add bookmark poster avatars (#9759)
* Changes the /bookmarks URL to show the original "topics filtered by bookmark" list instead of redirecting to user activity bookmarks (see https://meta.discourse.org/t/domain-com-bookmarks-is-showing-domain-com-u-user-activity-bookmarks-with-reminders/149252/12)
* Add the user avatar for the user who made the post that is bookmarked
2020-05-13 14:03:24 +10:00
David Taylor 03818e642a
FEATURE: Include optimized thumbnails for topics (#9215)
This introduces new APIs for obtaining optimized thumbnails for topics. There are a few building blocks required for this:

- Introduces new `image_upload_id` columns on the `posts` and `topics` table. This replaces the old `image_url` column, which means that thumbnails are now restricted to uploads. Hotlinked thumbnails are no longer possible. In normal use (with pull_hotlinked_images enabled), this has no noticeable impact

- A migration attempts to match existing urls to upload records. If a match cannot be found then the posts will be queued for rebake

- Optimized thumbnails are generated during post_process_cooked. If thumbnails are missing when serializing a topic list, then a sidekiq job is queued

- Topic lists and topics now include a `thumbnails` key, which includes all the available images:
   ```
   "thumbnails": [
   {
     "max_width": null,
     "max_height": null,
     "url": "//example.com/original-image.png",
     "width": 1380,
     "height": 1840
   },
   {
     "max_width": 1024,
     "max_height": 1024,
     "url": "//example.com/optimized-image.png",
     "width": 768,
     "height": 1024
   }
   ]
  ```

- Themes can request additional thumbnail sizes by using a modifier in their `about.json` file:
   ```
    "modifiers": {
      "topic_thumbnail_sizes": [
        [200, 200],
        [800, 800]
      ],
      ...
  ```
  Remember that these are generated asynchronously, so your theme should include logic to fallback to other available thumbnails if your requested size has not yet been generated

- Two new raw plugin outlets are introduced, to improve the customisability of the topic list. `topic-list-before-columns` and `topic-list-before-link`
2020-05-05 09:07:50 +01:00
Martin Brennan ca539fdccf
FIX: Rename all instances of bookmarkWithReminder to just bookmark (#9579)
* Rename all instances of bookmarkWithReminder and bookmark_with_reminder to just bookmark
* Delete old bookmark code at the same time
* Add migration to remove the bookmarkWithReminder post menu item if people have it set in site settings
2020-04-30 10:09:22 +10:00
Penar Musaraj b19dcac272
FIX: Include default notification level in category serializer (#9572)
Fixes an issue where the notification level state goes missing when user edits a category in the UI.
2020-04-28 12:05:53 -04:00
Vinoth Kannan df0c386f8a
UX: drop the `automatic_membership_retroactive` column from groups model. (#9430) 2020-04-22 22:07:39 +05:30
Krzysztof Kotlarek 81c216e04c
FIX: composer problem on the categories page (#9508) 2020-04-22 09:24:54 -07:00
Martin Brennan 628ba9d1e2
FEATURE: Promote bookmarks with reminders to core functionality (#9369)
The main thrust of this PR is to take all the conditional checks based on the `enable_bookmarks_with_reminders` away and only keep the code from the `true` path, making bookmarks with reminders the core bookmarks feature. There is also a migration to create `Bookmark` records out of `PostAction` bookmarks for a site.

### Summary

* Remove logic based on whether enable_bookmarks_with_reminders is true. This site setting is now obsolete, the old bookmark functionality is being removed. Retain the setting and set the value to `true` in a migration.
* Use the code from the rake task to create a database migration that creates bookmarks from post actions.
* Change the bookmark report to read from the new table.
* Get rid of old endpoints for bookmarks
* Link to the new bookmarks list from the user summary page
2020-04-22 13:44:19 +10:00
Krzysztof Kotlarek c21df2286c
FIX: add short_path to upload_serializer (#9417)
What problem I am trying to solve?

When an encrypted message is crafted and the image is added - discourse needs a hard refresh to display that image.

What is happening?

Everything starts here - when the upload is finished we add serialized object to the cache https://github.com/discourse/discourse/blob/master/app/assets/javascripts/discourse/components/composer-editor.js#L748:L757

Then, `discourse-encrypt` is trying to get an image from the cache and use `short_path` property
https://github.com/discourse/discourse-encrypt/blob/master/assets/javascripts/discourse/initializers/hook-decrypt-post.js.es6#L142:L143

Why is it working after a hard refresh?

After refresh, we populate cache once again using that function: https://github.com/discourse/discourse/blob/master/app/assets/javascripts/pretty-text/upload-short-url.js#L11:L17

And lookup_urls method from backend is returning `short_path`
https://github.com/discourse/discourse/blob/master/app/controllers/uploads_controller.rb#L55:L64

TL;DR We should expose short path in upload serializer. I ensured that this serializer is used only when attachments are uploaded so it should not affect performance.
2020-04-15 09:19:59 +10:00
Robin Ward e1f8014acd
FEATURE: Support for publishing topics as pages (#9364)
If the feature is enabled, staff members can construct a URL and publish a
topic for others to browse without the regular Discourse chrome.

This is useful if you want to use Discourse like a CMS and publish
topics as articles, which can then be embedded into other systems.
2020-04-08 12:52:36 -04:00
Jarek Radosz d21d80198c
DEV: Update rubocop-discourse (#9270)
Includes:
* DEV: Use `eq_time` matcher
2020-03-26 16:32:41 +01:00
Bianca Nenciu d8640fd042
DEV: Move requested_group_id custom field from post to topic (#9127)
Follow-up-to accbbded15
2020-03-24 11:12:52 +02:00
David Taylor 5db41cd578
SECURITY: Respect topic permissions when loading bookmark metadata
Co-authored-by: Martin Brennan <martin@discourse.org>
Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
2020-03-23 11:30:48 +00:00
Martin Brennan af92444948
FIX: Make sure bookmark serializer works with deleted topics + posts (#9195) 2020-03-13 10:44:39 +10:00
Martin Brennan 03c012bd97 Unscope post + topic relation for bookmark
* we want to be able to get these records for the bookmark
  even if they are trashed, for serialization for the bookmark
  list
2020-03-12 16:00:45 +10:00
Martin Brennan e1e74abd4f
FEATURE: Improving bookmarks part 2 -- Topic Bookmarking (#8954)
### UI Changes

If `SiteSetting.enable_bookmarks_with_reminders` is enabled:

* Clicking "Bookmark" on a topic will create a new Bookmark record instead of a post + user action
* Clicking "Clear Bookmarks" on a topic will delete all the new Bookmark records on a topic
* The topic bookmark buttons control the post bookmark flags correctly and vice-versa
Disabled selecting the "reminder type" for bookmarks in the UI because the backend functionality is not done yet (of sending users notifications etc.)

### Other Changes

* Added delete bookmark route (but no UI yet)
* Added a rake task to sync the old PostAction bookmarks to the new Bookmark table, which can be run as many times as we want for a site (it will not create duplicates).
2020-02-13 16:26:02 +10:00
Martin Brennan dd3a7f4825
FIX: Admin user list not showing 2FA icon for only security keys enabled (#8839)
If someone only had security keys enabled, the icon to say they had 2FA enabled would not show in the admin staff user list. It would only show if they had TOTP enabled.
2020-02-03 14:37:46 +10:00
Martin Brennan 7c32411881
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664)
### General Changes and Duplication

* We now consider a post `with_secure_media?` if it is in a read-restricted category.
* When uploading we now set an upload's secure status straight away.
* When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. 
* Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is).
* When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload.

### Viewing Secure Media

* The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions
* If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor`

### Removed

We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled.

* We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context.
* We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-16 13:50:27 +10:00
David Taylor 45c5f56ffc
PERF: Reduce DB queries when serializing ignore/mute information (#8629)
* PERF: Cache ignored and muted user ids in the current_user object
* PERF: Avoid DB queries when checking ignore/mute permission in guardian
2020-01-02 13:04:08 +00:00
Jeff Wong 036a24cf30
FIX: correct user serializer user method for extended serializer (#8590)
A small fix for Basic User Serializers where some downstream serializers do not correctly set user objects. This caused some issues in certain plugins that depend on the user method to return a user.
2019-12-19 09:48:01 -08:00
Martin Brennan 9f4c9bafa1
FIX: Hide old bookmark button on post-menu if SiteSetting.enable_bookmarks_with_reminders
Hide old bookmark post-menu item if the site setting for the new bookmark reminders is enabled and change icon for the new bookmark functionality to the same as the old bookmark button
Fix null @topic_view error in post serializer for post_bookmark, as new posts do not have a @topic_view
2019-12-12 16:28:01 +10:00
Martin Brennan 6261339da9
Improving bookmarks part 1 (#8466)
Note: All of this functionality is hidden behind a hidden, default false, site setting called `enable_bookmarks_with_reminders`. Also, any feedback on Ember code would be greatly appreciated!

This is part 1 of the bookmark improvements. The next PR will address the backend logic to send reminder notifications for bookmarked posts to users. This PR adds the following functionality:

* We are adding a new `bookmarks` table and `Bookmark` model to make the bookmarks a first-class citizen and to allow attaching reminders to them.
* Posts now have a new button in their actions menu that has the icon of an actual book
* Clicking the button opens the new bookmark modal.
* Both name and the reminder type are optional.
* If you close the modal without doing anything, the bookmark is saved with no reminder.
* If you click the Cancel button, no bookmark is saved at all.
* All of the reminder type tiles are dynamic and the times they show will be based on your user timezone set in your profile (this should already be set for you).
* If for some reason a user does not have their timezone set they will not be able to set a reminder, but they will still be able to create a bookmark.
* A bookmark can be deleted by clicking on the book icon again which will be red if the post is bookmarked.

This PR does NOT do anything to migrate or change existing bookmarks in the form of `PostActions`, the two features live side-by-side here. Also this does nothing to the topic bookmarking.
2019-12-11 14:04:02 +10:00
Krzysztof Kotlarek 81c7d6a462
FIX: Muted tags are respected by TopicTrackingState (#8467)
When the tag is muted and topic contains that tag, we should not mark that message as NEW.

There are 3 possible settings which site admin can set.
remove_muted_tags_from_latest - always
It means that if the topic got at least one muted tag, we should not mark that topic as NEW

remove_muted_tags_from_latest - only muted
Similar to above, however, if at least one tag is not muted, the topic is marked as NEW

remove_muted_tags_from_latest - never
Basically, mute tag setting is ignored and all topics are set as NEW
2019-12-10 09:50:05 +11:00
Mark VanLandingham 14cb386f1e
FEATURE: Featured topic for user profile & card (#8461) 2019-12-09 11:15:47 -08:00
Neil Lalonde 875f0d8fd8
FEATURE: Tag synonyms
This feature adds the ability to define synonyms for tags, and the ability to merge one tag into another while keeping it as a synonym. For example, tags named "js" and "java-script" can be synonyms of "javascript". When searching and creating topics using synonyms, they will be mapped to the base tag.

Along with this change is a new UI found on each tag's page (for example, `/tags/javascript`) where more information about the tag can be shown. It will list the synonyms, which categories it's restricted to (if any), and which tag groups it belongs to (if tag group names are public on the `/tags` page by enabling the "tags listed by group" setting). Staff users will be able to manage tags in this UI, merge tags, and add/remove synonyms.
2019-12-04 13:33:51 -05:00
Vinoth Kannan 15c2755b7b Fix the `WebHookPostSerializer` spec.
400f79cffc
2019-12-04 23:30:04 +05:30
Robin Ward 7fee3c61de
Support for custom messages and redirects when creating posts (#8434)
* Support for custom messages and redirects when creating posts

When a post/topic is created Discourse serializes a `NewPostResult`
object. Normally this contains a status like `created_post` or
errors describing why the post could not be created.

There are times when a plugin might want to take the inputted post
and do something in the background. In this case, the plugin
can return a custom `message` and `route_to` attribute in the
`NewPostResult`.

If present, the message will be displayed in an alert, and when "Ok" is
clicked the user will be routed to the new URL.

* Destroy the draft in parallel
2019-11-29 09:30:54 -05:00
Dan Ungureanu a992caf741
DEV: Replace magic values (#8398)
Follow-up to 35942f7c7c.
2019-11-25 14:32:19 +02:00
Jeff Wong 40d14ba166 Fix the actual failing test 2019-11-14 16:20:45 -08:00
Jeff Wong 25dd045ba5 Fix failing test 2019-11-14 16:11:42 -08:00
Jeff Wong 786fcceb62 Return full URLs in review serializer for both post and topic
Return full URLs, this fixes reviewable links to support subfolder
2019-11-14 15:58:21 -08:00
Dan Ungureanu 6672dcc985
FIX: Keep emoji images in group bio excerpt (#8329) 2019-11-11 18:42:08 +02:00
Martin Brennan 64b4a7ba45
FIX: Ensure enforce 2FA for staff satisfied by security keys (#8316)
* If a staff user created only a security key as their single 2FA option. they continued to be prompted to create a 2FA option because we only considered this condition satisfied if a TOTP was added.
* The condition is now satisfied if TOTP OR security keys are enabled.
2019-11-08 15:11:53 +10:00
Mark VanLandingham 4eb54f08b2
FEATURE: Site setting/UI to allow users to set their primary group (#8244)
* FEATURE: Site setting/ui to allow users to set their primary group

* prettier and remove logic from account template

* added 1 to 43 to make web_hook_user_serializer_spec pass
2019-10-28 12:46:27 -05:00
Vinoth Kannan 31577b2131 FEATURE: wiki editors are allowed edit tags for wiki topics.
If a wiki editor's TL is greater than 'min trust level to tag topics' site setting then they can edit the tags for any wiki topic.
2019-10-23 23:35:38 +05:30
Blake Erickson 3201613f13 FEATURE: Include image url in topic serializer
The `image_url` is already included when fetching a list of topics, and
this commit adds it to the individual topic serializer so that it is
available via the api.

See

https://meta.discourse.org/t/single-topic-api-endpoint-should-contain-image-url/131020

for more details.
2019-10-21 22:02:49 -06:00
Blake Erickson ef0fe51e05
FIX: Include user id in notification webhook (#8195)
The payload when receiving a notification webhook is pointless without
knowing which user the notification is for. This fix adds the user_id to
the notification serializer so that when you receive a notification
webhook you can properly identify which user the notification is for.

See

https://meta.discourse.org/t/getting-the-target-user-for-notification-webhook-events/129052?u=blake

for more details.
2019-10-21 16:24:41 -06:00
Krzysztof Kotlarek 427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Ryan Boder b7ebe574df FEATURE: Add topic and category context to post webhook payload (#8110)
Adds additional fields topic_archetype and category_slug to the post
webhook so that handlers have some context about the post event without
having to call back to the API.

Discussed [here](https://meta.discourse.org/t/webhooks-how-best-to-differentiate-a-pm-from-a-public-post/76363/13).
2019-10-02 11:41:33 +10:00
Vinoth Kannan 88359b0f16
FEATURE: add support for group members visibility level (#8004)
There are 5 visibility levels (similar to group visibility)

public (default)
logged-in users
members only
staff
owners

Admins & group owners always have visibility to group members.
2019-08-14 19:00:04 +05:30
Bianca Nenciu b60b2a342f
FIX: Show membership requests link just for group owners. (#7543) 2019-08-06 13:28:22 +03:00
Robin Ward e47e0af123
FEATURE: Allow viewing of raw emails for reviewable queued posts (#7910)
If a post arrives via email but must be reviewed, we now show an
icon that can be clicked to view the raw contents of the email.

This is useful if Discourse's email parser is acting odd and the user
reviewing the post wants to know what the original contents were before
approving/rejecting the post.
2019-07-19 11:56:14 -04:00
Robin Ward ef37af5ab0 FIX: Broken spec 2019-06-10 11:50:48 -04:00
Robin Ward 8c4e16eafd FIX: In reply to would sometimes have a broken link 2019-06-10 11:33:10 -04:00
Sam Saffron f88dced0b7 PERF: optimize lookup of reviewable info in post stream
This previously was a hot path in topic view. Avoids an expensive active
record operation and instead perform SQL directly which is far more
targeted and efficient
2019-06-07 18:12:30 +10:00
Vinoth Kannan 871fcf1117 PERF: omit user profile and private message stats in web hook serializer. 2019-06-04 08:44:10 +05:30
Guo Xiang Tan 55fd3acea0 Revert "FIX: Undefined method when serializing a user"
This reverts commit 1fbe078ae0.

`UserProfile` is created in a callback after the user has been created.
As such, it should be impossible for a user to not have a blank
`UserProfile`. This was also improved in
4f5c9bb8d3.
2019-06-04 09:30:30 +08:00
Blake Erickson 1fbe078ae0 FIX: Undefined method when serializing a user
Apparently is is possible to have a user without a user_profile. This
fix will return nil for any user_profile fields during serialization
(like the after delete web hook) instead of blowing up.
2019-05-23 19:44:55 -06:00
Daniel Waterworth bf7594b327 More prefabrication 2019-05-10 08:34:04 -04:00
Guo Xiang Tan 63a3caa516 FIX: Don't display option for users to flag and notify a bot. 2019-05-10 10:05:03 +08:00
Daniel Waterworth e219588142 DEV: Prefabrication (test optimization) (#7414)
* Introduced fab!, a helper that creates database state for a group

It's almost identical to let_it_be, except:

 1. It creates a new object for each test by default,
 2. You can disable it using PREFABRICATION=0
2019-05-07 13:12:20 +10:00
Robin Ward 18d742d334 FIX: Broken spec 2019-05-06 17:09:08 -04:00
Robin Ward 31e100530f FEATURE: Flag count in post menu
This change shows a notification number besides the flag icon in the
post menu if there is reviewable content associated with the post.
Additionally, if there is pending stuff to review, the icon has a red
background.

We have also removed the list of links below a post with the flag
status. A reviewer is meant to click the number beside the flag icon to
view the flags. As a consequence of losing those links, we've removed
the ability to undo or ignore flags below a post.
2019-05-06 16:13:31 -04:00
Sam Saffron bcdf5823a0 DEV: correct frozen string and broken spec
This needs to be properly handled so the correct message is raised

1 item was removed from the serializer (avg_time)
2019-05-06 17:31:35 +10:00
Guo Xiang Tan 24347ace10 FIX: Properly associate user_profiles background urls via upload id.
`Upload#url` is more likely and can change from time to time. When it
does changes, we don't want to have to look through multiple tables to
ensure that the URLs are all up to date. Instead, we simply associate
uploads properly to `UserProfile` so that it does not have to replicate
the URLs in the table.
2019-05-02 14:58:24 +08:00
Sam Saffron 1be01f8dd4 DEV: Add support for Rails 6
Minor fixes to add Rails 6 support to Discourse, we now will boot
with RAILS_MASTER=1, all specs pass

Only one tiny deprecation left

Largest change was the way ActiveModel:Errors changed interface a
bit but there is a simple backwards compat way of working it
2019-05-02 16:23:25 +10:00
Robin Ward 404b35bd04 FEATURE: Category Reviewable by Group
Allow a group to review content in a particular category.
2019-04-30 15:23:06 -04:00
Sam Saffron 4ea21fa2d0 DEV: use #frozen_string_literal: true on all spec
This change both speeds up specs (less strings to allocate) and helps catch
cases where methods in Discourse are mutating inputs.

Overall we will be migrating everything to use #frozen_string_literal: true
it will take a while, but this is the first and safest move in this direction
2019-04-30 10:27:42 +10:00
Daniel Waterworth ad44243a57 Removed unused let blocks (#7446)
The bodies of these blocks were never evaluated.
2019-04-29 15:08:56 +08:00
Daniel Waterworth bf313c1b68 DEV: User email test optimization (#7405) 2019-04-23 17:49:05 +08:00
Dan Ungureanu 57d1dea8a2
FEATURE: Let staff add custom post notices. (#7377) 2019-04-19 17:53:58 +03:00
Robin Ward a5d9afe397 FEATURE: Include a user's pending posts in the topic view
Also includes a refactor to TopicView's serializer which was not
building our attributes using serializers properly.
2019-04-12 14:25:12 -04:00
Robin Ward 331a809738 FEATURE: Display the reason for many reviewable items
Queued Posts and Users will now display a reason why they are in the
review queue.
2019-04-11 12:04:45 -04:00
Dan Ungureanu 47c50d9a95
DEV: Add test for post notices. (#7352) 2019-04-10 22:06:27 +03:00
Roman Rizzi 82e051077d Show link to the original topic when it was deleted (#7319)
* Moved i18n keys to core. We show a links that points to the original topic when it was deleted

* Use link-to since it's more idiomatic
2019-04-10 11:25:45 +02:00
Tarek Khalil 131eba0366 FIX: Hide post replies content for ignored users (#7320) 2019-04-05 16:13:36 +02:00
Robin Ward 111a502231 FIX: Deleting Users should work nicely with Reviewable Users
"Rejecting" a user in the queue is equivalent to deleting them, which
would then making it impossible to review rejected users. Now we store
information about the user in the payload so if they are deleted things
still display in the Rejected view.

Secondly, if a user is destroyed outside of the review queue, it will
now automatically "Reject" that queue item.
2019-04-03 16:42:39 -04:00
Robin Ward af04318aff FIX: Allow us to serialize reviewables with deleted topics 2019-04-02 09:36:49 -04:00
Guo Xiang Tan a2e6a8a51e DEV: Refactor test to assert for actual content.
The other assertion is already asserting for `Post#url` and I think it
makes the test clearer here.
2019-04-02 07:43:13 +08:00
Robin Ward 6470c85fda UX: Link directly to the post, not to the topic 2019-04-01 14:29:14 -04:00
Robin Ward b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Tarek Khalil ef2362a30f
FEATURE: Introducing new UI for changing User's notification levels (#7248)
* FEATURE: Introducing new UI for tracking User's ignored or muted states
2019-03-27 09:41:50 +00:00
Vinoth Kannan b8bd031648 FIX: Always include custom fields in CategorySerializer
even if it is empty
2019-03-25 07:59:56 +05:30
Vinoth Kannan 4477938ea7 DEV: Option to preload category custom fields for site serializer 2019-03-16 17:18:57 +05:30
Guo Xiang Tan c5808a8a25 PERF: N+1 queries admin users pages. 2019-03-15 15:09:44 +08:00
Gerhard Schlager c34a6ba674 REFACTOR: Rename site settings to make them less confusing 2019-03-14 13:40:14 +01:00
Dan Ungureanu 7310ee3ef1 FEATURE: Add more control over post notices. (#7148) 2019-03-13 08:06:28 +11:00
Dan Ungureanu ceec11a153
FIX: Make post notices invisible to poster. 2019-03-11 12:07:19 +02:00
Dan Ungureanu b28b418363
FIX: Various improvements to post notices.
- Notices are visible only by poster and trust level 2+ users.
- Notices are not generated for non-human or staged users.
- Notices are deleted when post is deleted.
2019-03-11 11:19:58 +02:00
Tarek Khalil eb3f15c3e2 FIX: WebhookPostSerializer spec failure 2019-03-06 09:47:31 +00:00
Tarek Khalil 55b4b84b63 FIX: WebhookUserSerializer spec failure 2019-03-05 17:57:46 +00:00
Tarek Khalil 986cc8a0fb FEATURE: Introduce Ignore user (#7072) 2019-02-27 14:49:07 +01:00
Gerhard Schlager 457e6c7b37 FIX: Mods weren't able to see emails in admin user list 2019-01-18 15:37:30 +01:00
Arpit Jalan 83af32c472 DEV: more accurate spec for UserSummarySerializer 2019-01-14 07:26:10 +05:30
Arpit Jalan 5e9a7e41e9 DEV: improve UserSummarySerializer spec 2019-01-14 07:19:37 +05:30
Guo Xiang Tan e453539e1e DEV: Refactor test to assert for the actual output.
Also, generatnig the same json multiple times.
2019-01-12 08:00:22 +08:00
Arpit Jalan 5e0f9eadb8
FIX: show user avatar on User summary page (#6872) 2019-01-11 23:39:06 +05:30
Robin Ward dbe42068a2 REFACTOR: Move option to return emails into the serializer
This makes more sense than having the guardian take an accessor.
The logic belongs in the Serializer, where the JSON is calculated.

Also removed some of the DRYness in the spec. It's fewer lines
and made it easier to test the option on the serializer.
2019-01-11 11:17:23 -05:00
Maja Komel 0ce5f05b2a FIX: hide emails on admin user list for moderators (#6781) 2018-12-19 10:24:57 +01:00
Maja Komel 98d09c90ac Current user serializer groups (ef7f84b follow-up) 2018-12-18 09:05:45 +01:00
David Taylor 9f3e2a9e34
FIX: Only serialize group membership domains for administrators (#6771) 2018-12-14 15:47:00 +00:00
David Taylor 5e09398c5b
FIX: Do not serialize user fields unless they are specified for display (#6736) 2018-12-07 10:57:28 +00:00
Vinoth Kannan 1da265db11 UX: category images have no sizes (#6662) 2018-11-27 08:40:06 +08:00
Guo Xiang Tan cf21c7f5aa
DEV: Fix typo in specs. 2018-11-19 15:13:54 +08:00
Guo Xiang Tan fe131c5ea2 Fix missing avatars on topic list page.
Introduced in b50fab2d72
2018-11-19 14:55:41 +08:00
Guo Xiang Tan b50fab2d72 PERF: Fix N+1 for non-staff users when tagging is enabled. 2018-11-19 12:53:58 +08:00
Bianca Nenciu fa0e421af3 FIX: Do not leak information about post revisions. (#6536) 2018-10-31 14:47:00 +00:00
Régis Hanol d17c8df926 Only check for suspicious login for staff members 2018-10-26 00:29:28 +02:00
Bianca Nenciu effbef7d0b UX: Use user locale for locations. (#6527)
* UX: Use user locale for locations.

* DEV: Added MaxMindDB test data and fixed test.
2018-10-25 10:54:01 +00:00
Guo Xiang Tan 65faff5832 DEV: Improve specs to provide a better error message. 2018-10-19 14:31:17 +08:00
David Taylor 501ac4dfa6 DEV: Cleanup properly after user_serializer test 2018-10-17 10:54:22 +01:00
David Taylor c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499)
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Paul Trippett b8a1196b6b Add missing fields to Upload Fabricator (#6448) 2018-10-04 22:00:07 +08:00
Vinoth Kannan a651d39b8a
FIX: Display errors in single theme pages (#6449)
Currently the errors are not well handled. So it breaks the whole UI of admin themes list page.
2018-10-04 02:33:06 +05:30
Guo Xiang Tan 5a214a687c FIX: Exclude `UserAuthToken` and `UserAuthTokenLog` in user webhook. 2018-08-31 17:25:56 +08:00
Bianca Nenciu 931cffcebe FEATURE: Let users see their user auth tokens. (#6313) 2018-08-31 10:18:06 +02:00
Bianca Nenciu ff441bc4ca Add spec for UserSerializer and UserApiKey. 2018-08-23 19:01:02 +02:00
Arpit Jalan 7a91df3248
Merge pull request #6290 from techAPJ/latest-full-name
UX: show full name on /latest page
2018-08-23 17:34:54 +05:30
Arpit Jalan 1a7cd6648b UX: show full name on /latest page 2018-08-23 14:41:06 +05:30
Régis Hanol 3e436e2daf FIX: doesn't translate group permission keys 2018-08-21 12:56:56 +02:00
Vinoth Kannan 50df2d7241 FIX: Should not include regular categories in top_category_ids array 2018-07-30 16:06:36 +05:30
Vinoth Kannan dac29b5ebc
UX: Display only top categories in hamburger menu (#6146) 2018-07-27 12:11:07 +05:30
Leo McArdle 21ebb1cd54 FEATURE: Secondary emails support. 2018-07-16 11:09:49 +08:00
Guo Xiang Tan 96aca6d7e6
Remove legacy vote post action code. (#6009) 2018-07-09 16:54:18 +08:00
Guo Xiang Tan 969e79d7c6 PERF: Do not calculate gaps for `TopicViewPostsSerializer`.
The client doesn't use the gaps results when loading new posts.
2018-07-02 14:01:50 +08:00
Guo Xiang Tan bad6a5142c PERF: Don't include entire post stream when we're loading more posts. 2018-06-22 10:49:03 +08:00
Arpit Jalan ced3c8e5cf remove unused variable 2018-06-12 15:00:50 +05:30
Arpit Jalan 59a8471308 FIX: do not show SSO external_email to moderators 2018-06-12 14:20:44 +05:30
Sam 89ad2b5900 DEV: Rails 5.2 upgrade and global gem upgrade
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated

Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
Sam 45f65859c9 improve erraticly failing spec 2018-05-23 08:39:15 +10:00
Guo Xiang Tan 37ad2dd936 Fix the build. 2018-05-21 17:59:47 +08:00
Guo Xiang Tan 00c6b078e3 Trim `WebHookUserSerializer`. 2018-05-21 17:29:58 +08:00
Guo Xiang Tan 60e7b13f59 Trim `WebHookPostSerializer` further. 2018-05-21 17:29:58 +08:00
Guo Xiang Tan 3ff0074e9d Trim `WebHookTopicSerializer` further. 2018-05-21 17:29:58 +08:00
Guo Xiang Tan b74c108c09 UX: Display group tabs in user's messages tab for non-staff as well.
https://meta.discourse.org/t/group-inboxes-in-user-messages/86787
2018-05-17 18:10:17 +08:00
Guo Xiang Tan 565fa1f60e Fix regression introduced in 8cf0f51eb2. 2018-05-16 14:26:03 +08:00
Guo Xiang Tan 64a45b0980 FIX: Missing `Group#bio_raw` attribute for group owners.
https://meta.discourse.org/t/group-description-does-not-load-in-editor-for-owners-who-are-not-staff/85345
2018-04-17 15:57:52 +08:00
Neil Lalonde f2c060bdf2 FEATURE: option for tags in a tag group to be visible only to staff 2018-03-26 17:05:09 -04:00
Simon Cossar 88fdc926d1 Move external_id from UserSerializer to CurrentUserSerializer (#5658) 2018-03-07 22:54:31 -05:00
scossar 51544047dc Add external_id to User Serializer 2018-02-28 10:13:27 +08:00
Guo Xiang Tan 519026a31f Trim attributes that are not useful from `WebHookTopicViewSerializer`. 2018-02-27 11:28:31 +08:00
Vinoth Kannan 7cbda949f1 REFACTOR: New spec tests and code improvement 2018-02-22 20:27:02 +05:30
Vinoth Kannan 84867c1c07 Rename site setting to allow_staff_to_tag_pms from allow_staff_to_tag_in_pm 2018-02-22 06:48:34 +05:30
Vinoth Kannan 2b509eaa91
Merge branch 'master' into pm-tags 2018-02-21 23:55:59 +05:30
Vinoth Kannan 4d842ef2d5 Additional spec test function added and fixed the existing 2018-02-21 21:47:02 +05:30
Vinoth Kannan 84ce1acfef FEATURE: Allow staffs to tag PMs 2018-02-21 20:11:46 +05:30
Vinoth Kannan 1446753fd2 FIX: Include deleted topics in the post serializer 2018-02-21 14:31:52 +05:30
Neil Lalonde 179ecee11e FIX: featured links are 'undefined' in suggested topics 2018-01-25 14:40:07 -05:00
Guo Xiang Tan 80c41a0e59
Merge pull request #5510 from discourse/add-posts-count-to-web-hook-post-serializer
Feature: add topic posts count to webhook post serializer
2018-01-23 07:46:59 +08:00
Sam 47058b29d3 FEATURE: emit external_id field with user webhook 2018-01-22 10:09:26 +11:00
scossar 22ca5a772d Expect 41 keys in the serializer 2018-01-17 11:48:00 -08:00
Guo Xiang Tan 9fbe1436b6 UX: Replace heuristic solution root domain extraction for topic featured link. 2017-11-29 21:52:41 +08:00
Guo Xiang Tan 8491c5fba5 UX: Replace heuristic solution for extracting root domain. 2017-11-29 16:26:46 +08:00
Neil Lalonde 87ec11e298 FIX: more accurate counting of posts read. Skipping to the end of a topic does not count all posts as read in user stats. 2017-11-17 16:08:46 -05:00
Robin Ward 838568cbc3 Refactor flag types for more customization 2017-10-19 13:55:23 -04:00
Guo Xiang Tan 5d37f8673b PERF: Only send down suggested payload when loading last chunk. 2017-09-26 14:42:27 +08:00
Bianca Nenciu 6bc74ceb50 Split alias levels in mentionable and messageable levels. (#5065)
* Split alias levels in mentionable and messageable levels.

* Fixed some tests.

* Set messageable level to everyone by default.

* By defaults, groups are not mentionable or messageable.

* Made staff groups messageable by the system.
2017-08-28 12:32:08 -04:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Guo Xiang Tan 75374c76b3 UX: Display button to message group on group page.
https://meta.discourse.org/t/make-it-easier-to-send-a-message-to-groups/65065
2017-07-27 17:51:25 +09:00
Guo Xiang Tan 2a17f1ccd7 FIX: Group owners should be able to invite users to their groups.
https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12
2017-07-21 23:48:25 +09:00
Guo Xiang Tan fe05587134 Fix incorrect filename. 2017-07-21 13:37:32 +09:00
Guo Xiang Tan 13f3de4bf6 Nuke all `SiteSetting.stubs` from our codebase. 2017-07-07 15:09:14 +09:00
Arpit Jalan a10c939775 FIX: do not show website name on TL0 profile 2017-06-04 18:30:28 +05:30
Guo Xiang Tan 2b21e5ea7e UX: Display translated group name for automatic groups. 2017-05-05 14:34:47 +08:00