Commit Graph

4409 Commits

Author SHA1 Message Date
Mark VanLandingham 8c311dcbd5
FEATURE: Allow add group member endpoint to skip invite emails (#29962) 2024-11-27 11:33:09 -06:00
Guhyoun Nam f186e3e80b
DEV: Add categories_and_hot Route (#29948)
This PR adds a route to categories_and_hot and methods in categories_controller.
2024-11-27 11:11:33 -06:00
Penar Musaraj 43ae59bb9c
FIX: Do not ignore redirects containing "/login" in the path (#29960) 2024-11-27 11:22:45 -05:00
Martin Brennan 2ef9d6ac47
FEATURE: Allow admins to force refresh "What's new?" (#29911)
Sometimes changes to "What's new?" feed items are made or the feed items are
removed altogether, and the polling interval to check for new features is 1 day.

This is quite long, so this commit introduces a "Check for updates"
button for admins to click on the "What's new?" page which will bust
the cache for the feed and check again at the new features endpoint.
This is limited to 5 times per minute to avoid rapid sending of
requests.
2024-11-27 09:40:55 +10:00
Penar Musaraj e6fdfcdcd2
DEV: Remove `experimental_topics_filter` setting (#29902) 2024-11-25 10:49:40 -05:00
David Taylor bfe0eccdd9
FIX: Extension-less secure uploads (#29914)
Previously, the secure-upload redirection logic would fail for extension-less files. This commit updates it to work, and adds a spec for the behavior.

Extension-less file uploads are not allowed by default, so this is a very niche situation.
2024-11-25 12:18:21 +00:00
Osama Sayegh 118f7869bb
FEATURE: Add bulk destroy to admin users list (#29744)
This commit introduces a new feature that allows staff to bulk select and delete users directly from the users list at `/admin/users/list`. The main use-case for this feature is make deleting spammers easier when a site is under a large spam attack.

Internal topic: t/140321.
2024-11-25 11:13:35 +03:00
Ted Johansson 88af23e1ca
DEV: Modernize admin user fields (#29843)
This PR modernizes the user fields area of the admin UI. It is largely based on the work on the emoji section.
2024-11-25 11:54:43 +08:00
Gerhard Schlager 0295b4165c
FIX: `Permalink.create` didn't work as expected anymore (#29895)
This moves the logic of setting the correct permalink values back into the controller. And it replaces the validation with a simpler one, that always works, even when the model is loaded from the DB.

Follow-up to #29634 which broke import scripts and lots of documentation on Meta.
2024-11-22 21:11:26 +01:00
Angus McLeod ec7de0fd68
Require permitted scopes when registering a client (#29718) 2024-11-19 15:28:04 -05:00
Gabriel Grubba b39c30045b
FEATURE: Add skip notification option to group invite to topic (#29741)
* FEATURE: Add skip notification option to group invite to topic

* DEV: rename `skip_notification` to `should_notify`

* DEV: update `should_notify` param to be default `true` in controllers

* DEV: update spec to use `greater than` instead of `equal to` to prevent flakiness

* Update app/controllers/topics_controller.rb

Co-authored-by: David Taylor <david@taylorhq.com>

* DEV: merged two `#invite_group` specs into one

* DEV: Added test case for `invite-group` in requests spec

---------

Co-authored-by: David Taylor <david@taylorhq.com>
2024-11-14 13:00:15 -03:00
Krzysztof Kotlarek 42b1ca8f78
UX: redesign admin permalinks page (#29634)
Redesign the permalinks page to follow the UX guide. In addition, the ability to edit permalinks was added.

This change includes:
- move to RestModel
- added Validations
- update endpoint and clear old values after the update
- system specs and improvements for unit tests
2024-11-14 10:03:58 +11:00
Jan Cernik 920fa4c248
FIX: Correctly load the invites model when using full page logins (#29713) 2024-11-13 08:56:16 -03:00
Osama Sayegh 00196b8652
FIX: Restore and deprecate the `:type` param of `uploads#create` (#29736)
Follow up to 6f8f6a7726

Prior to the linked commit, the `uploads#create` endpoint had a `upload_type` and `type` param that acted as aliases for each other and raised an error if both of them were missing. In the linked commit, we removed the `type` param and always required the `upload_type` param which break API consumers that only included `type` in their requests.

This commit adds back the `type` param temporarily and introduces a deprecation message for it so that API consumers are made aware of the eventual removal of the `type` param.
2024-11-13 14:07:20 +03:00
Angus McLeod cb4b8146a3
Add dedicated user_api_key_clients table to allow for 1:many use cases (#28119) 2024-11-08 12:05:03 -05:00
Jean 708533b1e0
FEATURE: Add links to searchable user fields in users directory and user profile (#29338)
* FEATURE: Add links to searchable user fields in users directory and user profile
2024-11-06 13:35:30 -04:00
Osama Sayegh 6f8f6a7726
FIX: Pass upload type correctly to uploads#create (#29600)
Prior to Uppy, the `uploads#create` endpoint used to receive a `type` param that indicated the purpose/target of the upload, such as `avatar`, `site_setting` and so on. With the introduction of Uppy, the `type` param became the MIME type of the file being uploaded, and the purpose/target of the upload became a new param called `upload_type`, however the backend could still use the `type` param (which now contains MIME type) as the purpose/target of the upload if `upload_type` is absent.

We technically don't need to send the MIME type over the network, but it seems like it's done by Uppy and we have no control over the `type` param that Uppy includes:

758de8167b/app/assets/javascripts/discourse/app/lib/uppy/uppy-upload.js (L146-L151)

This commit does a couple of things:

1. It amends the `uploads#create` endpoint so it always requires the `upload_type` param and doesn't fallback to `type` if `upload_type` is absent
2. It forces consumers of the `UppyUpload` class (and by extension `UppyImageUploader`) to specify `type` of the upload

Internal topic: t/140945.
2024-11-06 07:00:35 +03:00
Alan Guo Xiang Tan 57f4176b57
DEV: Bump rubocop_discourse (#29608) 2024-11-06 06:27:49 +08:00
Osama Sayegh 0ad1c02932
FEATURE: Add 'Community title' field to about config page (#29500)
This commit adds a new "Community title" field to the about config page. This field controls the `short_site_description` setting, which is shown in the browser tab for key pages such categories pages and topic lists.

Internal topic: t/140812.
2024-10-31 10:04:31 +03:00
Amanda Alves Branquinho e6a6c8db07
DEV:refactor user badges create to get grant opts from method (#29372)
* DEV:refactor user badges create to get grant opts from method

* Replace method overwrite with plugin modifier

* Add aditional params

* change modifier name
2024-10-30 18:03:20 -03:00
Osama Sayegh 19672faba6
FEATURE: Add invite link to the sidebar (#29448)
This commit adds a new "Invite" link to the sidebar for all users who can invite to the site. Clicking the link opens the invite modal without changing the current route the user is on. Admins can customize the new link or remove it entirely if they wish by editing the sidebar section.

Internal topic: t/129752.
2024-10-30 05:31:14 +03:00
Krzysztof Kotlarek 0839bce7b6
DEV: allow the plugin to register valid site setting areas (#29432)
In this PR, we defined the ability to group site settings by area - https://github.com/discourse/discourse/pull/28570

Plugins should be able to register in their own areas.
2024-10-29 09:40:31 +11:00
Loïc Guitaut 584424594e DEV: Replace `params` by the contract object in services
This patch replaces the parameters provided to a service through
`params` by the contract object.

That way, it allows better consistency when accessing input params. For
example, if you have a service without a contract, to access a
parameter, you need to use `params[:my_parameter]`. But with a contract,
you do this through `contract.my_parameter`. Now, with this patch,
you’ll be able to access it through `params.my_parameter` or
`params[:my_parameter]`.

Some methods have been added to the contract object to better mimic a
Hash. That way, when accessing/using `params`, you don’t have to think
too much about it:
- `params.my_key` is also accessible through `params[:my_key]`.
- `params.my_key = value` can also be done through `params[:my_key] =
  value`.
- `#slice` and `#merge` are available.
- `#to_hash` has been implemented, so the contract object will be
  automatically cast as a hash by Ruby depending on the context. For
  example, with an AR model, you can do this: `user.update(**params)`.
2024-10-25 14:48:34 +02:00
Loïc Guitaut 41584ab40c DEV: Provide user input to services using `params` key
Currently in services, we don’t make a distinction between input
parameters, options and dependencies.

This can lead to user input modifying the service behavior, whereas it
was not the developer intention.

This patch addresses the issue by changing how data is provided to
services:
- `params` is now used to hold all data coming from outside (typically
  user input from a controller) and a contract will take its values from
  `params`.
- `options` is a new key to provide options to a service. This typically
  allows changing a service behavior at runtime. It is, of course,
  totally optional.
- `dependencies` is actually anything else provided to the service (like
  `guardian`) and available directly from the context object.

The `service_params` helper in controllers has been updated to reflect
those changes, so most of the existing services didn’t need specific
changes.

The options block has the same DSL as contracts, as it’s also based on
`ActiveModel`. There aren’t any validations, though. Here’s an example:
```ruby
options do
  attribute :allow_changing_hidden, :boolean, default: false
end
```
And here’s an example of how to call a service with the new keys:
```ruby
MyService.call(params: { key1: value1, … }, options: { my_option: true }, guardian:, …)
```
2024-10-25 09:57:59 +02:00
Bianca Nenciu 2f1d1cd062
FIX: Skip CSRF check for POST /categories/search (#29392)
This endpoint used to be a GET request, but was changed to POST to allow
larger payloads.

Follow up to commit ebc1763aa5.
2024-10-24 17:06:21 +03:00
Loïc Guitaut f79dd5c8b5 DEV: Stop injecting a service result object in the caller object
Currently, when calling a service with its block form, a `#result`
method is automatically created on the caller object. Even if it never
clashed so far, this could happen.

This patch removes that method, and instead use a more classical way of
doing things: the result object is now provided as an argument to the
main block. This means if we need to access the result object in an
outcome block, it will be done like this from now on:
```ruby
MyService.call(params) do |result|
  on_success do
    # do something with the result object
    do_something(result)
  end
end
```

In the same vein, this patch introduces the ability to match keys from
the result object in the outcome blocks, like we already do with step
definitions in a service. For example:
```ruby
on_success do |model:, contract:|
  do_something(model, contract)
end
```
Instead of
```ruby
on_success do
  do_something(result.model, result.contract)
end
```
2024-10-22 16:58:54 +02:00
Martin Brennan bd4e8422fe
FEATURE: Revive legacy pageview reports (#29308)
This commit brings back some reports hidden or changed
by the commit in 14b436923c if
the site setting `use_legacy_pageviews` is false.

* Unhide the old “Consolidated Pageviews” report and rename it
  to “Legacy Consolidated Pageviews”
* Add a legacy_page_view_total_reqs report called “Legacy Pageviews”,
  which calculates pageviews in the same way the old page_view_total_reqs
  report did.

This will allow admins to better compare old and new pageview
stats which are based on browser detection if they have switched
over to _not_ use legacy pageviews.
2024-10-22 10:06:22 +10:00
Krzysztof Kotlarek 433fadbd52
FEATURE: allow admins to enable announced experimental features (#29244)
Toggle the button to enable the experimental site setting from "What's new" announcement.

The toggle button is displayed when:
- site setting exists and is boolean;
- potentially required plugin is enabled.
2024-10-22 10:56:58 +11:00
Ted Johansson b1321b985a
DEV: Allow enabling safe-mode even when missing required fields (#29310)
When a user is missing required fields, they are required to fill those up before continuing to interact with the forum. This applies to admins as well.

We keep a whitelist of paths that can still be visited in this mode: FAQ, About, 2FA setup, and any admin route for admins.

We concluded that admins should still be able to enable safe mode even with missing required fields. Since plugins etc. can potentially mess with the ability to fill those up.
2024-10-21 17:11:43 +08:00
Régis Hanol 425643bbd8
FIX: staff only mode blocks admin password resets (#29289)
When staff only mode is enabled - Discourse.enable_readonly_mode(Discourse::STAFF_WRITES_ONLY_MODE_KEY)

Staff members couldn't reset their password via the "forgot password" link.

This fixes it.

Internal ref. t/133990
2024-10-21 09:29:37 +02:00
Régis Hanol 97ba39e60f
FIX: bump the number of svg icons we return to first 500 (#29286)
instead of the first 200 which would "hide" some icons from the list when picking an icon for a badge or a sidebar link.

Internal ref - t/119652
2024-10-18 19:22:13 +02:00
Loïc Guitaut e95edd079b DEV: Refactor some core services
Extracted from https://github.com/discourse/discourse/pull/29129.

This patch makes the code more compliant with the upcoming service docs
best practices.
2024-10-18 16:06:58 +02:00
Ted Johansson f8360f9665
FIX: Don't error out on nested topic show id param (#29274)
We're expecting the ID param to be something that neatly coerces into an ID. If we receive something like a nested parameter, this will blow up. (We already handle the case of arrays.)

This commit raises an InvalidParameters exception in the case of a nested ID.
2024-10-18 14:37:52 +08:00
Ted Johansson 9dafbe47dc
FIX: Don't error out on nested categories index page param (#29273)
We're expecting the page param to be something that neatly coerces into an integer. If we receive something like a nested parameter, this will blow up. (I'm sure there are other examples as well.)

This commit falls back to a page value of 1 if the coercion fails.
2024-10-18 14:37:39 +08:00
Bianca Nenciu 305927fa4b
DEV: Refactor categories controller to reuse code (#29172) 2024-10-16 11:41:26 +03:00
Alan Guo Xiang Tan 35284c77f1
Build(deps-dev): Bump rubocop from 1.66.1 to 1.67.0 (#29226)
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.66.1 to 1.67.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/rubocop/rubocop/releases">rubocop's releases</a>.</em></p>
<blockquote>
<h2>RuboCop 1.67</h2>
<h3>New features</h3>
<ul>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13259">#13259</a>: Add new <code>Lint/DuplicateSetElement</code> cop. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13223">#13223</a>: Add <code>AllowRBSInlineAnnotation</code> config option to <code>Layout/LeadingCommentSpace</code> to support RBS::Inline style annotation comments. ([<a href="https://github.com/tk0miya"><code>@​tk0miya</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13310">#13310</a>: Display analysis Ruby version in <code>rubocop -V</code>. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13314">#13314</a>: Fix a false negative for <code>Style/Semicolon</code> when using a semicolon between a closing parenthesis after a line break and a consequent expression. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13217">#13217</a>: Fix a false positive in <code>Lint/ParenthesesAsGroupedExpression</code> with compound ranges. ([<a href="https://github.com/gsamokovarov"><code>@​gsamokovarov</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13268">#13268</a>: Fix a false positive for <code>Style/BlockDelimiters</code> when a single line do-end block with an inline <code>rescue</code> with a semicolon before <code>rescue</code>. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13298">#13298</a>: Fix an error for <code>Layout/AccessModifierIndentation</code> when the access modifier is on the same line as the class definition. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13198">#13198</a>: Fix an error for <code>Style/OneLineConditional</code> when using nested if/then/else/end. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13316">#13316</a>: Fix an incorrect autocorrect for <code>Lint/ImplicitStringConcatenation</code> with <code>Lint/TripleQuotes</code> when string literals with triple quotes are used. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13220">#13220</a>: Fix an incorrect autocorrect for <code>Style/ArgumentsForwarding</code> when using only forwarded arguments in brackets. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13202">#13202</a>: Fix an incorrect autocorrect for <code>Style/CombinableLoops</code> when looping over the same data with different block variable names. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13291">#13291</a>: Fix an incorrect autocorrect for <code>Style/RescueModifier</code> when using modifier rescue for method call with heredoc argument. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13226">#13226</a>: Fix <code>--auto-gen-config</code> when passing an absolute config path. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13225">#13225</a>: Avoid syntax error when correcting <code>Style/OperatorMethodCall</code> with <code>/</code> operations followed by a parenthesized argument. ([<a href="https://github.com/dvandersluis"><code>@​dvandersluis</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13235">#13235</a>: Fix an error for <code>Style/IfUnlessModifier</code> when multiline <code>if</code> that fits on one line and using implicit method call with hash value omission syntax. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13219">#13219</a>: Fix a false positive for <code>Style/ArgumentsForwarding</code> with Ruby 3.0 and optional position arguments. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13271">#13271</a>: Fix a false positive for <code>Lint/AmbiguousRange</code> when using rational literals. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13260">#13260</a>: Fix a false positive for <code>Lint/RedundantSafeNavigation</code> with namespaced constants. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13224">#13224</a>: Fix false positives for <code>Style/OperatorMethodCall</code> with named forwarding. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13213">#13213</a>: Fix false positives for <code>Style/AccessModifierDeclarations</code> when <code>AllowModifiersOnAttrs: true</code> and using splat with a percent symbol array, or with a constant. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13145">#13145</a>: Fix false positives for <code>Style/RedundantLineContinuation</code> when line continuations with comparison operator and the LHS is wrapped in parentheses. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/12875">#12875</a>: Fix false positive for <code>Style/ArgumentsForwarding</code> when argument is used inside a block. ([<a href="https://github.com/dvandersluis"><code>@​dvandersluis</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13239">#13239</a>: Fix false positive for <code>Style/CollectionCompact</code> when using <code>delete_if</code>. ([<a href="https://github.com/masato-bkn"><code>@​masato-bkn</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13210">#13210</a>: Fix omit_parentheses style for pattern match with value omission in single-line branch. ([<a href="https://github.com/gsamokovarov"><code>@​gsamokovarov</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13149">#13149</a>: Handle crashes in custom Ruby extractors more gracefully. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13319">#13319</a>: Handle literal forward slashes inside a <code>regexp</code> in <code>Lint/LiteralInInterpolation</code>. ([<a href="https://github.com/dvandersluis"><code>@​dvandersluis</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13208">#13208</a>: Fix an incorrect autocorrect for <code>Style/IfWithSemicolon</code> when single-line <code>if/;/end</code> when the then body contains a method call with <code>[]</code> or <code>[]=</code>. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13318">#13318</a>: Prevent modifying blocks with <code>Style/HashEachMethods</code> if the hash is modified within the block. ([<a href="https://github.com/dvandersluis"><code>@​dvandersluis</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13293">#13293</a>: Fix <code>TargetRubyVersion</code> from a gemspec when the gemspec is not named like the folder it is located in. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13211">#13211</a>: Fix wrong autocorrect for <code>Style/GuardClause</code> when using heredoc without <code>else</code> branch. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13215">#13215</a>: Fix wrong autocorrect for <code>Lint/BigDecimalNew</code> when using <code>::BigDecimal.new</code>. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13215">#13215</a>: Fix wrong autocorrect for <code>Style/MethodCallWithArgsParentheses</code> with <code>EnforcedStyle: omit_parentheses</code> and whitespace. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13302">#13302</a>: Fix incompatible autocorrect between <code>Style/RedundantBegin</code> and <code>Style/BlockDelimiters</code> with <code>EnforcedStyle: braces_for_chaining</code>. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
</ul>
<h3>Changes</h3>
<ul>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13221">#13221</a>: Do not group accessors having RBS::Inline annotation comments in <code>Style/AccessorGrouping</code>. ([<a href="https://github.com/tk0miya"><code>@​tk0miya</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13286">#13286</a>: Add <code>AllowedMethods</code> configuration to <code>Layout/FirstMethodArgumentLineBreak</code>. ([<a href="https://github.com/dvandersluis"><code>@​dvandersluis</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13110">#13110</a>: Add support in <code>Style/ArgumentsForwarding</code> for detecting forwarding of all anonymous arguments. ([<a href="https://github.com/dvandersluis"><code>@​dvandersluis</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13222">#13222</a>: Allow to write RBS::Inline annotation comments after method definition in <code>Style/CommentedKeyword</code>. ([<a href="https://github.com/tk0miya"><code>@​tk0miya</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13253">#13253</a>: Emit a deprecation when custom cops inherit from <code>RuboCop::Cop::Cop</code>. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13300">#13300</a>: Set <code>EnforcedShorthandSyntax: either</code> by default for <code>Style/HashSyntax</code>. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13254">#13254</a>: Enhance the autocorrect for <code>Naming/InclusiveLanguage</code> when a sole suggestion is set. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13232">#13232</a>: Make server mode aware of auto-restart for local config update. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md">rubocop's changelog</a>.</em></p>
<blockquote>
<h2>1.67.0 (2024-10-15)</h2>
<h3>New features</h3>
<ul>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13259">#13259</a>: Add new <code>Lint/DuplicateSetElement</code> cop. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13223">#13223</a>: Add <code>AllowRBSInlineAnnotation</code> config option to <code>Layout/LeadingCommentSpace</code> to support RBS::Inline style annotation comments. ([<a href="https://github.com/tk0miya"><code>@​tk0miya</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13310">#13310</a>: Display analysis Ruby version in <code>rubocop -V</code>. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13314">#13314</a>: Fix a false negative for <code>Style/Semicolon</code> when using a semicolon between a closing parenthesis after a line break and a consequent expression. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13217">#13217</a>: Fix a false positive in <code>Lint/ParenthesesAsGroupedExpression</code> with compound ranges. ([<a href="https://github.com/gsamokovarov"><code>@​gsamokovarov</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13268">#13268</a>: Fix a false positive for <code>Style/BlockDelimiters</code> when a single line do-end block with an inline <code>rescue</code> with a semicolon before <code>rescue</code>. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13298">#13298</a>: Fix an error for <code>Layout/AccessModifierIndentation</code> when the access modifier is on the same line as the class definition. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13198">#13198</a>: Fix an error for <code>Style/OneLineConditional</code> when using nested if/then/else/end. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13316">#13316</a>: Fix an incorrect autocorrect for <code>Lint/ImplicitStringConcatenation</code> with <code>Lint/TripleQuotes</code> when string literals with triple quotes are used. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13220">#13220</a>: Fix an incorrect autocorrect for <code>Style/ArgumentsForwarding</code> when using only forwarded arguments in brackets. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13202">#13202</a>: Fix an incorrect autocorrect for <code>Style/CombinableLoops</code> when looping over the same data with different block variable names. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13291">#13291</a>: Fix an incorrect autocorrect for <code>Style/RescueModifier</code> when using modifier rescue for method call with heredoc argument. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13226">#13226</a>: Fix <code>--auto-gen-config</code> when passing an absolute config path. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13225">#13225</a>: Avoid syntax error when correcting <code>Style/OperatorMethodCall</code> with <code>/</code> operations followed by a parenthesized argument. ([<a href="https://github.com/dvandersluis"><code>@​dvandersluis</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13235">#13235</a>: Fix an error for <code>Style/IfUnlessModifier</code> when multiline <code>if</code> that fits on one line and using implicit method call with hash value omission syntax. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13219">#13219</a>: Fix a false positive for <code>Style/ArgumentsForwarding</code> with Ruby 3.0 and optional position arguments. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13271">#13271</a>: Fix a false positive for <code>Lint/AmbiguousRange</code> when using rational literals. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13260">#13260</a>: Fix a false positive for <code>Lint/RedundantSafeNavigation</code> with namespaced constants. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13224">#13224</a>: Fix false positives for <code>Style/OperatorMethodCall</code> with named forwarding. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13213">#13213</a>: Fix false positives for <code>Style/AccessModifierDeclarations</code> when <code>AllowModifiersOnAttrs: true</code> and using splat with a percent symbol array, or with a constant. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13145">#13145</a>: Fix false positives for <code>Style/RedundantLineContinuation</code> when line continuations with comparison operator and the LHS is wrapped in parentheses. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/12875">#12875</a>: Fix false positive for <code>Style/ArgumentsForwarding</code> when argument is used inside a block. ([<a href="https://github.com/dvandersluis"><code>@​dvandersluis</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13239">#13239</a>: Fix false positive for <code>Style/CollectionCompact</code> when using <code>delete_if</code>. ([<a href="https://github.com/masato-bkn"><code>@​masato-bkn</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13210">#13210</a>: Fix omit_parentheses style for pattern match with value omission in single-line branch. ([<a href="https://github.com/gsamokovarov"><code>@​gsamokovarov</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13149">#13149</a>: Handle crashes in custom Ruby extractors more gracefully. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13319">#13319</a>: Handle literal forward slashes inside a <code>regexp</code> in <code>Lint/LiteralInInterpolation</code>. ([<a href="https://github.com/dvandersluis"><code>@​dvandersluis</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13208">#13208</a>: Fix an incorrect autocorrect for <code>Style/IfWithSemicolon</code> when single-line <code>if/;/end</code> when the then body contains a method call with <code>[]</code> or <code>[]=</code>. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13318">#13318</a>: Prevent modifying blocks with <code>Style/HashEachMethods</code> if the hash is modified within the block. ([<a href="https://github.com/dvandersluis"><code>@​dvandersluis</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13293">#13293</a>: Fix <code>TargetRubyVersion</code> from a gemspec when the gemspec is not named like the folder it is located in. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13211">#13211</a>: Fix wrong autocorrect for <code>Style/GuardClause</code> when using heredoc without <code>else</code> branch. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13215">#13215</a>: Fix wrong autocorrect for <code>Lint/BigDecimalNew</code> when using <code>::BigDecimal.new</code>. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13215">#13215</a>: Fix wrong autocorrect for <code>Style/MethodCallWithArgsParentheses</code> with <code>EnforcedStyle: omit_parentheses</code> and whitespace. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13302">#13302</a>: Fix incompatible autocorrect between <code>Style/RedundantBegin</code> and <code>Style/BlockDelimiters</code> with <code>EnforcedStyle: braces_for_chaining</code>. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
</ul>
<h3>Changes</h3>
<ul>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13221">#13221</a>: Do not group accessors having RBS::Inline annotation comments in <code>Style/AccessorGrouping</code>. ([<a href="https://github.com/tk0miya"><code>@​tk0miya</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13286">#13286</a>: Add <code>AllowedMethods</code> configuration to <code>Layout/FirstMethodArgumentLineBreak</code>. ([<a href="https://github.com/dvandersluis"><code>@​dvandersluis</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/issues/13110">#13110</a>: Add support in <code>Style/ArgumentsForwarding</code> for detecting forwarding of all anonymous arguments. ([<a href="https://github.com/dvandersluis"><code>@​dvandersluis</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13222">#13222</a>: Allow to write RBS::Inline annotation comments after method definition in <code>Style/CommentedKeyword</code>. ([<a href="https://github.com/tk0miya"><code>@​tk0miya</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13253">#13253</a>: Emit a deprecation when custom cops inherit from <code>RuboCop::Cop::Cop</code>. ([<a href="https://github.com/earlopain"><code>@​earlopain</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13300">#13300</a>: Set <code>EnforcedShorthandSyntax: either</code> by default for <code>Style/HashSyntax</code>. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
<li><a href="https://redirect.github.com/rubocop/rubocop/pull/13254">#13254</a>: Enhance the autocorrect for <code>Naming/InclusiveLanguage</code> when a sole suggestion is set. ([<a href="https://github.com/koic"><code>@​koic</code></a>][])</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="c108ac0822"><code>c108ac0</code></a> Cut 1.67</li>
<li><a href="74ddd9bb96"><code>74ddd9b</code></a> Update Changelog</li>
<li><a href="b5c12aea89"><code>b5c12ae</code></a> Update Changelog</li>
<li><a href="c936160665"><code>c936160</code></a> [Fix <a href="https://redirect.github.com/rubocop/rubocop/issues/13331">#13331</a>] Fix an error when using release task</li>
<li><a href="60ecb00dd7"><code>60ecb00</code></a> [Fix <a href="https://redirect.github.com/rubocop/rubocop/issues/13328">#13328</a>] Declare <code>Enabled</code> as a common config key</li>
<li><a href="99022d9880"><code>99022d9</code></a> Merge pull request <a href="https://redirect.github.com/rubocop/rubocop/issues/13327">#13327</a> from koic/make_server_mode_aware_of_auto_restart_fo...</li>
<li><a href="60432f5e44"><code>60432f5</code></a> Apply <code>RESTRICT_ON_SEND</code> to <code>Bundler/GemVersion</code></li>
<li><a href="6b31c39f1e"><code>6b31c39</code></a> Make server mode aware of auto-restart for .rubocop_todo.yml update</li>
<li><a href="adb7ceed43"><code>adb7cee</code></a> [Fix <a href="https://redirect.github.com/rubocop/rubocop/issues/9816">#9816</a>] Refine <code>Lint/SafeNavigationConsistency</code></li>
<li><a href="7d6797cf9d"><code>7d6797c</code></a> [Fix <a href="https://redirect.github.com/rubocop/rubocop/issues/13286">#13286</a>] Add <code>AllowedMethods</code> and <code>AllowedPatterns</code> configuration to `Lay...</li>
<li>Additional commits viewable in <a href="https://github.com/rubocop/rubocop/compare/v1.66.1...v1.67.0">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rubocop&package-manager=bundler&previous-version=1.66.1&new-version=1.67.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
2024-10-16 10:56:58 +08:00
Alan Guo Xiang Tan 322a3be2db
DEV: Remove logical OR assignment of constants (#29201)
Constants should always be only assigned once. The logical OR assignment
of a constant is a relic of the past before we used zeitwerk for
autoloading and had bugs where a file could be loaded twice resulting in
constant redefinition warnings.
2024-10-16 10:09:07 +08:00
Jordan Vidrine 3ad2fd032b
FEATURE: Initial themes config area with grid (#28828)
* UX: More additions

* UX: more

* DEV: Add admin/config/themes route

* UX: Use admin config card

* syntax merge fixes

* cleanup

* cleanup

* checkbox

* more

* error

* save on click

* more

* fix setter

* DEV: Implement vanilla checkbox

* cleanup

* UX: save themes as default

* DEV: Add component list to card

* DEV: Add placeholder for no screenshots

* DEV: Fix default theme reactivity

Also add content/optionalAction yields to config area
card and put the theme user selectable checkbox there,
along with adding styles.

* DEV: Change to generic "look and feel" config area

* DEV: Auto redirect to themes on base look and feel route

* UX: Remove computed from sorted themes

* linting

* UX: Turn update icon into button that routes to settings

* DEV: remove unused function

* UX: center icons with title

* DEV: Lint

* UX: Hook up theme preview button

* DEV: Minor fixes

---------

Co-authored-by: Martin Brennan <martin@discourse.org>
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-10-15 10:54:38 -05:00
Natalie Tay ede06ffd43
FIX: Allow user to log in another account using the same device (client_id) (#29121)
Allow user to log in another account using the same device (client_id)
2024-10-14 12:39:20 +08:00
Martin Brennan 2193667e1f
FIX: Plugin JS failing to load would break admin interface (#29139)
If a plugin's JS fails to load for some reason, most commonly
ad blockers, the entire admin interface would break. This is because
we are adding links to the admin routes for plugins that define
them in the sidebar.

We have a fix for this already in the plugin list which shows a warning
to the admin. This fix just prevents the broken link from rendering
in the sidebar if the route is not valid.
2024-10-11 09:26:10 +10:00
Régis Hanol 34d04e7507
SECURITY: add pagination to post replies
When a post has some replies, and the user click on the button to show them, we would load ALL the replies. This could lead to DoS if there were a very large number of replies.

This adds support for pagination to these post replies.

Internal ref t/129773

FIX: Duplicated parent posts

DEV: Query refactor
2024-10-07 11:48:48 +08:00
Loïc Guitaut ad8f46f4f1 DEV: Make params explicit for services in controllers 2024-10-03 16:56:39 +09:00
Martin Brennan 8fc34e9323
DEV: Add a skeleton for section landing page & items (#28477)
We are going to start making section landing pages
for admin for each sidebar section. This lays the framework
with routes and simple components that can be further
refined by a designer, but I have taken the base CSS from
AI which Kris made.

The initial section landing items will be used in AI to replace
the placeholders added in this commit b8b3c61451
2024-10-02 12:19:38 +10:00
Krzysztof Kotlarek c5a024f8df
FIX: custom flag name should be unique (#28869)
Validation to ensure that the custom flag name is unique.
2024-09-30 09:17:19 +10:00
Linca a1e5796ba1
FEAT: Allow admin delete user's associated accounts (#29018)
This commit introduces a feature that allows an admin to delete a user's
associated account. After deletion, a log will be recorded in staff
actions.

ref=t/136675
2024-09-27 20:08:05 +08:00
Ted Johansson be33363f13
FEATURE: Add ability to dismiss admin notices (#28916)
his is a new feature that lets admins dismiss notices from the dashboard. This helps with self-service in cases where a notice is "stuck", while we work on provisions to prevent "sticking" in the first place.
2024-09-17 14:43:34 +08:00
Linca 741e9d70ad
FIX: Don't show move topic for private messages for TL4 (#28871)
In TopicController, in addition to ensure_can_move_posts!, we also
checked if the topic is private message in this line:

```ruby
raise Discourse::InvalidAccess if params[:archetype] == "private_message" && !guardian.is_staff?
```

However, this was not present in `guardian.can_move_posts?`. As a result,
the frontend topic view got an incorrect serialized result, thinking
that TL4 could move the private message post. In fact, once they tried
to move it, they got the `InvalidAccess` error message.

This commit fixes that TL4 will no longer sees the "move to" option in
the "select post" panel for a private message.
2024-09-16 11:30:05 +08:00
Loïc Guitaut b806dce13d DEV: Refactor suspend/silence user services
- fetch models inside services
- validate `user_id` in contracts
- use policy objects
- extract more logic to actions
- write specs for services and action
2024-09-12 10:28:48 +02:00
Martin Brennan 14b436923c
FEATURE: Switch to new methods of pageview measurement and reporting (#28729)
### UI changes

All of the UI changes described are gated behind the `use_legacy_pageviews`
site setting.

This commit changes the admin dashboard pageviews report to
use the "Consolidated Pageviews with Browser Detection" report
introduced in 2f2da72747 with
the following changes:

* The report name is changed to "Site traffic"
* The pageview count on the dashboard is counting only using the new method
* The old "Consolidated Pageviews" report is renamed as "Consolidated Legacy Pageviews"
* By default "known crawlers" and "other" sources of pageviews are hidden on the report

When `use_legacy_pageviews` is `true`, we do not show or allow running
the "Site traffic" report for admins. When `use_legacy_pageviews` is `false`,
we do not show or allow running the following legacy reports:

* consolidated_page_views
* consolidated_page_views_browser_detection
* page_view_anon_reqs
* page_view_logged_in_reqs

### Historical data changes

Also part of this change is that, since we introduced our new "Consolidated
Pageviews with Browser Detection" report, some admins are confused at either:

* The lack of data before a certain date , which didn’t exist before
  we started collecting it
* Comparing this and the current "Consolidated Pageviews" report data,
  which rolls up "Other Pageviews" into "Anonymous Browser" and so it
  appears inaccurate

All pageview data in the new report before the date where the _first_
anon or logged in browser pageview was recorded is now hidden.
2024-09-10 09:51:49 +10:00
Linca aab2987438
FEATURE: Log tag group changes in staff action log (#28787)
* FEATURE: Log tag group changes in staff action log

This commit records every change (add, change, delete) to a tag group in
the staff action log.

It uses a modal that was originally called ThemeChangeModal to display
changes, allowing staffs to see the specific changes clearly. The modal
is renamed to StaffActionLogChangeModal in this PR.

ref: https://meta.discourse.org/t/-/325011/14

Co-authored-by: Keegan George <kgeorge13@gmail.com>
2024-09-09 10:50:48 +08:00