Commit Graph

6882 Commits

Author SHA1 Message Date
David Taylor 1002bf62e5
DEV: Bind to ipv6 loopback address in addition to ipv4 (#8544) 2019-12-16 11:01:02 +00:00
Régis Hanol 1309262569 UX: pluralize "likes/read this"
When expending the number of likes/reads, the text wasn't handling
proper pluralization that might be useful in locales that requires it.
2019-12-13 22:18:28 +01:00
Gerhard Schlager f62215046f FEATURE: Completely remove `unsafe-eval` from CSP
Plugins can add it via API if they need to use `eval`:
```
extend_content_security_policy(script_src: [:unsafe_eval])
```

See https://meta.discourse.org/t/104243
2019-12-13 12:38:32 +01:00
Daniel Waterworth 1fb7a6297c DEV: Add unambiguous routes for tags
The trouble with having:

/tags/:tag_id/...

and:

/tags/intersection/*tag_ids

for example, is: what happens if you want a tag called intersection?

Under this new scheme. Routes referring to a single tag are unambiguous
because they are prefixed with:

/tag/:tag_id

Routes referring to the collection of tags still start with:

/tags/

This commit just adds the new routes. It doesn't remove the old ones or
cause the new ones to be used.
2019-12-13 11:24:59 +00:00
Rishabh 387daaf7b8 UX: Improve copy on Move to Topic and Move to Message modals
Also clarify that messages can be searched for by url, id and not just title.
2019-12-13 14:13:13 +05:30
David Taylor 4c9ca24ccf
FEATURE: Hash API keys in the database (#8438)
API keys are now only visible when first created. After that, only the first four characters are stored in the database for identification, along with an sha256 hash of the full key. This makes key usage easier to audit, and ensures attackers would not have access to the live site in the event of a database leak.

This makes the merge lower risk, because we have some time to revert if needed. Once the change is confirmed to be working, we will add a second commit to drop the `key` column.
2019-12-12 11:45:00 +00:00
Martin Brennan 6261339da9
Improving bookmarks part 1 (#8466)
Note: All of this functionality is hidden behind a hidden, default false, site setting called `enable_bookmarks_with_reminders`. Also, any feedback on Ember code would be greatly appreciated!

This is part 1 of the bookmark improvements. The next PR will address the backend logic to send reminder notifications for bookmarked posts to users. This PR adds the following functionality:

* We are adding a new `bookmarks` table and `Bookmark` model to make the bookmarks a first-class citizen and to allow attaching reminders to them.
* Posts now have a new button in their actions menu that has the icon of an actual book
* Clicking the button opens the new bookmark modal.
* Both name and the reminder type are optional.
* If you close the modal without doing anything, the bookmark is saved with no reminder.
* If you click the Cancel button, no bookmark is saved at all.
* All of the reminder type tiles are dynamic and the times they show will be based on your user timezone set in your profile (this should already be set for you).
* If for some reason a user does not have their timezone set they will not be able to set a reminder, but they will still be able to create a bookmark.
* A bookmark can be deleted by clicking on the book icon again which will be red if the post is bookmarked.

This PR does NOT do anything to migrate or change existing bookmarks in the form of `PostActions`, the two features live side-by-side here. Also this does nothing to the topic bookmarking.
2019-12-11 14:04:02 +10:00
Gerhard Schlager dfb9fa3b98 Update translations 2019-12-10 13:10:55 +01:00
Krzysztof Kotlarek 5e29ae3ef5
FEATURE: Warning when component is added and not assigned (#8482)
When a component is installed and not assigned to any theme and the user is changing page, we should display a warning.

If the user decides to skip warning or come back later, a warning should not be shown anymore.

Also, when the user clicks "delete" button right after installation, warning about forgotten themes should not be shown.
2019-12-10 08:43:26 +11:00
Mark VanLandingham 14cb386f1e
FEATURE: Featured topic for user profile & card (#8461) 2019-12-09 11:15:47 -08:00
Dan Ungureanu 192ada0067
UX: Remove 'show more' from upload modals (#8470) 2019-12-09 12:57:43 +02:00
Penar Musaraj 78969d7719 DEV: Support custom log level in dev
See https://guides.rubyonrails.org/debugging_rails_applications.html#log-levels
Can be used to reduce noise when running "bundle exec rails server" in dev.

Setting DISCOURSE_DEV_LOG_LEVEL="warn" will make for easier puts debugging with unicorn.
2019-12-06 10:57:10 -05:00
Vinoth Kannan e51091f199 REFACTOR: do `X-Frame-Options` header removal in application controller.
Co-authored-by: Sam <sam.saffron@gmail.com>
Previous commit: f7084a4339
2019-12-06 18:25:32 +05:30
Vinoth Kannan f7084a4339 FEATURE: add site setting to remove `X-Frame-Options` header. 2019-12-06 03:15:09 +05:30
Neil Lalonde 50b98a47ac Update translations 2019-12-05 11:20:52 -05:00
Vinoth Kannan e6dfcda0bc DEV: handle all notification consolidations in new 'NotificationConsolidator' class.
481c8314f0
2019-12-05 14:36:06 +05:30
Neil Lalonde 875f0d8fd8
FEATURE: Tag synonyms
This feature adds the ability to define synonyms for tags, and the ability to merge one tag into another while keeping it as a synonym. For example, tags named "js" and "java-script" can be synonyms of "javascript". When searching and creating topics using synonyms, they will be mapped to the base tag.

Along with this change is a new UI found on each tag's page (for example, `/tags/javascript`) where more information about the tag can be shown. It will list the synonyms, which categories it's restricted to (if any), and which tag groups it belongs to (if tag group names are public on the `/tags` page by enabling the "tags listed by group" setting). Staff users will be able to manage tags in this UI, merge tags, and add/remove synonyms.
2019-12-04 13:33:51 -05:00
Daniel Waterworth 2f5adbe1f4 DEV: Allow the creation of sub-sub-categories
This commits adds a new site setting (max_category_nesting), that
determines whether sub-sub-categories are allowable.
2019-12-04 12:07:05 +00:00
Krzysztof Kotlarek bb69e8942e
FEATURE: ability to add all active components to theme (#8447)
* FEATURE: ability to add all active components to theme

* FIX: add a component to all themes takes only active ones

* FIX: move select components/themes to top

* FIX: improve defaultIsAvailable

* FIX: Add filter(Boolean) and remove btn class
2019-12-04 17:13:41 +11:00
Gerhard Schlager 2cca14d510 FEATURE: Add hidden setting to allow `unsafe-eval` in CSP
This new setting defaults to `true` for now, until we make sure that all official plugins and theme components work without `unsafe-eval` in the CSP.
2019-12-03 21:09:08 +01:00
Joffrey JAFFEUX 0d3d2c43a0
DEV: s/\$redis/Discourse\.redis (#8431)
This commit also adds a rubocop rule to prevent global variables.
2019-12-03 10:05:53 +01:00
Krzysztof Kotlarek b120728999
FEATURE: Ability to add components to all themes (#8404)
* FEATURE: Ability to add components to all themes

This is the first and functional step from that topic https://dev.discourse.org/t/adding-a-theme-component-is-too-much-work/15398/16

The idea here is that when a new component is added, the user can easily assign it to all themes (parents).

To achieve that, I needed to change a site-setting component to accept `setDefaultValues` action and `setDefaultValuesLabel` translated label.
Also, I needed to add `allowAny` option to disable that for theme selector.

I also refactored backend to accept both parent and child ids with one method to avoid duplication (Renamed `add_child_theme!` to more general `add_relative_theme!`)

* FIX: Improvement after code review

* FIX: Improvement after code review2

* FIX: use mapBy and filterBy directly
2019-11-28 16:19:01 +11:00
Vinoth Kannan 481c8314f0 FEATURE: consolidate group membership request notifications. 2019-11-28 04:02:35 +05:30
Martin Brennan e7c7a05097
FIX: Mark secure media upload insecure automatically if used for theme component (#8413)
When uploading a file to a theme component, and that file is existing and has already been marked as secure, we now automatically mark the file as secure: false, change the ACL, and log the action as the user (also rebake the posts for the upload)
2019-11-28 07:32:17 +10:00
Gerhard Schlager d12f2580de FIX: Serve crawler view to Google PageSpeed 2019-11-27 22:15:34 +01:00
Leo McArdle 2714149fd2 FEATURE: hide posts from incoming email based on dmarc verdict (#8333) 2019-11-26 15:55:22 +01:00
Martin Brennan afb5533581
FEATURE: Add timezone to core user_options (#8380)
* Add timezone to user_options table

* Also migrate existing timezone values from UserCustomField,
  which is where the discourse-calendar plugin is storing them

* Allow user to change their core timezone from Profile

* Auto guess & set timezone on login & invite accept & signup

* Serialize user_options.timezone for group members. this is so discourse-group-timezones can access the core user timezone, as it is being removed in discourse-calendar.

* Annotate user_option with timezone

* Validate timezone values
2019-11-25 10:49:27 +10:00
Sam Saffron b57e108e84 FEATURE: improve email change workflow
- Show old and new email address during the process
- Ensure correct user is logged on when attempting to make email changes
- Support reloading a page during the email reset process without resubmit
of form
- Improve tests
- Fixed issue where redirect back to site was not linking correctly in
subfolder setups

Internal refactor of single action into 4 distinct actions that are simpler
to reason about.

This also removes the step that logs on an account after you confirm an
email change, since it is no longer needed which leaves us with safer
internals.

This left me no choice but to amend translations cause the old route was
removed.
2019-11-21 16:28:35 +11:00
Kris 09579bffbe UX: More obvious alt auth link 2019-11-20 23:44:10 -05:00
Jeff Wong c6d8dbd4a9 Revert "FEATURE: Normalize the service worker route (#8359)"
This reverts commit 9799a651b6.
2019-11-20 14:10:17 -08:00
Jeff Wong 9799a651b6
FEATURE: Normalize the service worker route (#8359)
* FEATURE: Normalize the service worker route

Update cache headers so they are not immutable outside of the rails app

Add the ability to purge the service worker cache from localhost

Rails -> nginx will pass immutable flags so the file is cached until reloaded.
In most cases, nginx will have its cache flushed on rebuild (new image)

For those needing dynamic re-caching (such as upgrading via the UI),
a rake task for flushing the service worker script is provided
through `assets:flush_sw`
2019-11-20 11:33:41 -08:00
David Taylor e1fcbf4aef DEV: Remove new_version_emails global setting reference
All site settings are now shadowed by global settings, so there is no need to lookup the global setting explicitly
2019-11-20 15:54:09 +00:00
Martin Brennan 02cb01406e
FIX: Allow secure uploads if global s3 setting active and enable_s3_uploads validations (#8373)
The secure media functionality relied on `SiteSetting.enable_s3_uploads?` which, as we found in dev, did not take into account global S3 settings via `GlobalSetting.use_s3?`. We now use `SiteSetting.Upload.enable_s3_uploads` instead to be more consistent.

Also, we now validate `enable_s3_uploads` changes, because if `GlobalSetting.use_s3?` is true users should NOT be enabling S3 uploads manually.
2019-11-20 07:46:44 +10:00
Vinoth Kannan 3bb7ad4be1
FEATURE: remove support for 'suppress_from_latest' category setting. (#8308) 2019-11-18 12:28:35 +05:30
Sam Saffron d28de23ac8 FEATURE: block screaming frog SEO spider by default
This crawler is not respectful and often can make 1000s of reqs a minute.

Block by default, site operators can amend this default if they want to.
2019-11-18 16:48:07 +11:00
Sam Saffron b4bfc27b19 FEATURE: introduce default application level rate limiting by IP
We have tested rate limiting with admin accounts with block rate limiting for
close to 12 months now on meta.discourse.org.

This has resulted in no degradation of services even to admin accounts that
request a lot of info from the site.

The default of 200 requests a minute and 50 per 10 seconds is very generous.
It simply protects against very aggressive clients.

This setting can be disabled or tweaked using:

DISCOURSE_MAX_REQS_PER_IP_MODE and family.

The only big downside here is in cases when a very large number of users tend
to all come from a single IP.

This can be the case on sites accessing Discourse from an internal network
all sharing the same IP via NAT. Or a misconfigured Discourse that is unable
to resolve IP addresses of users due to proxy mis-configuration.
2019-11-18 15:54:50 +11:00
Penar Musaraj 102909edb3 FEATURE: Add support for secure media (#7888)
This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. 

A few notes: 

- the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads
- the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured
- upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status
- when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error
- when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 11:25:42 +10:00
Vinoth Kannan 56b19ba740 UX: instead of total user count display only the count of users going to be affected.
edec922803
2019-11-18 00:09:38 +05:30
Blake Erickson eb4d8a43e3 DEV: Improve mail-receiver update instructions 2019-11-15 13:57:43 -07:00
Martin Brennan 5c59247c3a Block enabling force 2FA if local logins disabled & vice-versa (#8355) 2019-11-15 17:05:10 +11:00
Gerhard Schlager f72730703a Update translations 2019-11-14 15:41:42 +01:00
Martin Brennan e7226a8c84
FEATURE: Allow scoping search to tag (#8345)
* When viewing a tag, the search widget will now show a checkbox to scope the search by tag, which will limit search results to that tag on desktop and mobile
2019-11-14 10:40:26 +10:00
tshenry 9caec39aef
UX: Add CSP documentation link to content_security_policy_script_src setting 2019-11-12 14:57:47 -08:00
Mark VanLandingham 3dd2f2f701
DEV: Remove RSS feed polling in favor of plugin (#8233) 2019-11-12 09:49:02 -06:00
David Taylor 5f927ceeb3
DEV: Display a warning when themes hard-code optimized image links (#8304) 2019-11-12 14:30:19 +00:00
Blake Erickson 15f6f57cdc DEV: Add update message for an outdated mail-receiver
Previous versions of the mail-receiver used query based api credentials,
if we detect this we will show a message in the admin panel to update
the mail receiver.
2019-11-08 17:32:22 -07:00
Martin Brennan 56d3e29a69
FIX: Badge and user title interaction fixes (#8282)
* Fix user title logic when badge name customized
* Fix an issue where a user's title was not considered a badge granted title when the user used a badge for their title and the badge name was customized. this affected the effectiveness of revoke_ungranted_titles! which only operates on badge_granted_titles.
* When a user's title is set now it is considered a badge_granted_title if the badge name OR the badge custom name from TranslationOverride is the same as the title
* When a user's badge is revoked we now also revoke their title if the user's title matches the badge name OR the badge custom name from TranslationOverride
* Add a user history log when the title is revoked to remove confusion about why titles are revoked
* Add granted_title_badge_id to user_profile, now when we set badge_granted_title on a user profile when updating a user's title based on a badge, we also remember which badge matched the title
* When badge name (or custom text) changes update titles of users in a background job
* When the name of a badge changes, or in the case of system badges when their custom translation text changes, then we need to update the title of all corresponding users who have a badge_granted_title and matching granted_title_badge_id. In the case of system badges we need to first get the proper badge ID based on the translation key e.g. badges.regular.name
* Add migration to backfill all granted_title_badge_ids for both normal badge name titles and titles using custom badge text.
2019-11-08 15:34:24 +10:00
Vinoth Kannan ba5b78a348
FEATURE: support to mute all categories by default. (#8295)
Instead of enabling `suppress_from_latest` setting on many categories now we can enable `mute_all_categories_by_default` site setting. Then users should opt-in to categories for them to appear in the latest and categories pages.
2019-11-08 08:28:11 +05:30
Blake Erickson 2db2003187 DEV: Add deprecation warning of non-header based API auth
This change adds a message to the admin panel if it detects an api
requests that doesn't use the new header based authentication method.

The message is to warn people to switch to header based auth and links
to the api documention topic on meta for more info.
2019-11-07 17:06:13 -07:00
Arpit Jalan 6a417c308f FIX: include onebox default options in development environment 2019-11-07 15:42:53 +05:30
Vinoth Kannan 5d42f052bc Minor copy edit
671f303b53
2019-11-07 11:39:17 +05:30
Sam Saffron 1d1dd2a4d4 PERF: cache static assets in NGINX for longer
Previously our cache would expire any asset that was not accessed for 10
minutes. This is way too short and was never intended. All the assets we
are serving are usually very long living assets like avatars and css files

1 day is a reasonable setting here cause it offers far better protection.
I would consider upping this to a week though longer term.

Maximum disk space of cache was increased as well to 600m. Very unlikely to
ever hit this except on very large sites.

Additionally, this places all the cached assets in nested directories, we
never want cached files to be in one giant directory cause it is inefficient
2019-11-07 12:12:24 +11:00
Gerhard Schlager ee5b56914c FIX: Use long version of month names in date formats
Otherwise we'd need to add `date.abbr_month_names` to `server.en.yml`
2019-11-06 22:30:51 +01:00
Neil Lalonde b151963f18 Update translations 2019-11-06 10:43:13 -05:00
Gerhard Schlager 61b1f9c36b FEATURE: Load translation overrides without JS `eval` 2019-11-05 19:16:38 +01:00
Gerhard Schlager 94a34af702 Update translations 2019-11-05 16:52:48 +01:00
David Taylor 52c5cf33f8
FEATURE: Overhaul of admin API key system (#8284)
- Allow revoking keys without deleting them
- Auto-revoke keys after a period of no use (default 6 months)
- Allow multiple keys per user
- Allow attaching a description to each key, for easier auditing
- Log changes to keys in the staff action log
- Move all key management to one place, and improve the UI
2019-11-05 14:10:23 +00:00
Daniel Waterworth fa2c06da93 DEV: Change tag routing for categories on the server-side
These are the changes to tags routing that correspond to the category
routing changes of d84c34ad. The new scheme is:

/tags/c/*slug_path/:id/none/:tag_id/ENDPOINT
/tags/c/*slug_path/:id/none/:tag_id
/tags/c/*slug_path/:id/:tag_id/ENDPOINT
/tags/c/*slug_path/:id/:tag_id
2019-11-05 13:24:36 +00:00
Vinoth Kannan 671f303b53
FEATURE: Add welcome message for admins. (#8293) 2019-11-05 18:15:55 +05:30
Daniel Waterworth f3f04f1643 REFACTOR: Handle no_subcategories option during routing 2019-11-04 10:58:06 +00:00
Arpit Jalan b7327d2c34 UX: show user email address on "grant admin access" email and UI 2019-11-04 14:47:00 +05:30
Mark VanLandingham 66e0bdc053
FEATURE: Create New Topic button on embed with params (#8280)
* FEATURE: Create New Topic button on embed with params
2019-11-01 14:19:10 -05:00
Vinoth Kannan 72aa26c8c5
FEATURE: New site settings for default tags in user preferences. (#8283) 2019-11-01 12:40:13 +05:30
Neil Lalonde d777844ed6 FEATURE: categories can require topics have a tag from a tag group
In a category's settings, the Tags tab has two new fields to
specify the number of tags that must be added to a topic
from a tag group. When creating a new topic, an error will be
shown to the user if the requirement isn't met.
2019-10-31 16:10:19 -04:00
Neil Lalonde 091d058ff2 UX: widen tag group name input field and add placeholder text 2019-10-31 16:10:19 -04:00
Daniel Waterworth d84c34ad75 DEV: Server-side category routing changes
The routes for categories are changing. The scheme that I intend to move
us to is:

/c/*slug_path/(:id)/ENDPOINT
/c/*slug_path/(:id)

This commit adds support for the new scheme to the server side without
dropping support for existing URLs. It is necessary to support existing
URLs for two reasons:

 * This commit does not change any client side routing code,
 * Posts that contain category hashtags that refer to a root category
   are baked into URLs that do not fit this new scheme, (/c/[id]-[slug])
2019-10-31 18:06:22 +00:00
Kris 4434f419c6 Copy edit: rename profile header to profile background 2019-10-31 13:06:59 -04:00
Sam Saffron c5e67726fd FIX: under some conditions draft would say it was saving when not
This is a major change to draft internals. Previously there were quite a
few cases where the draft system would say "draft saved", when in fact
we just skipped saving.

This commit ensures the draft system deals with draft ownership handover in
a predictable way.

For example:

- Window 1 editing draft
- Window 2 editing same draft at the same time

Previously we would allow window 1 and 2 to just fight on the same draft
each window overwriting the same draft over an over.

This commit introduces an ownership concept where either window 1 or 2 win
and user is prompted on the loser window to reload screen to correct the issue

This also corrects edge cases where a user could have multiple browser windows
open and posts in 1 window, later to post in the second window. Previously
drafts would break in the second window, this corrects it.
2019-10-31 17:15:58 +11:00
Penar Musaraj 580a4a827b Exclude audio/video URLs from search result blurbs
Displays translatable "[audio]" or "[video]" placeholders instead of ugly (and often long) URLs.
2019-10-30 13:07:16 -04:00
Penar Musaraj 965662d215 Prettify server.en.yml 2019-10-30 12:56:25 -04:00
Jarek Radosz 080e899b8c
DEV: Tag group improvements (#8252)
* DEV: Add the actual "tag_groups/new" route

Allows refreshing the "new" page without an error.

* DEV: Prevent attempts to create group tags if tagging is disabled

* DEV: Refactor the tag-groups controller

Gets rid of `selectedItem`, `selected`, and `selectTagGroup` action.

* DEV: Rename tag-groups-show to tag-groups-edit

* DEV: Refactor tag-groups form

* Extracted the tag-groups-form that's used by tag-groups-new and tag-groups-edit
* The model is now a buffered property
* Serialization relies more heavily on RestAdapter now
* Data is sent as JSON
* Payload is now namespaced ("tag_group")

* Update app/assets/javascripts/discourse/controllers/tag-groups-new.js.es6

Co-Authored-By: Joffrey JAFFEUX <j.jaffeux@gmail.com>

* Update app/assets/javascripts/discourse/components/tag-groups-form.js.es6

Co-Authored-By: Joffrey JAFFEUX <j.jaffeux@gmail.com>

* Update app/assets/javascripts/discourse/controllers/tag-groups-edit.js.es6

Co-Authored-By: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2019-10-30 16:57:13 +01:00
Krzysztof Kotlarek c32bd8ae48 FEATURE: Remove attachments and truncate raw field for incoming emails (#8253)
Adds the settings: 

raw_email_max_length, raw_rejected_email_max_length, delete_rejected_email_after_days. 

These settings control retention of the "raw" emails logs.

raw_email_max_length ensures that if we get incoming email that is huge we will truncate it removing uploads from the raw log.

raw_rejected_email_max_length introduces an even more aggressive truncation for rejected incoming mail. 

delete_rejected_email_after_days controls how many days we will keep rejected emails for (default 90)
2019-10-30 16:54:35 +11:00
Jeff Atwood 6d381b33a4 copyedits on moderator welcome PM 2019-10-28 17:19:42 -07:00
Jeff Wong 64d51ab45e DEV: add UNICORN_BIND_ALL
listen on local interface by default.
2019-10-28 14:11:19 -07:00
Mark VanLandingham 4eb54f08b2
FEATURE: Site setting/UI to allow users to set their primary group (#8244)
* FEATURE: Site setting/ui to allow users to set their primary group

* prettier and remove logic from account template

* added 1 to 43 to make web_hook_user_serializer_spec pass
2019-10-28 12:46:27 -05:00
Leo McArdle e7ff6809a3 FEATURE: add SES spam header to recognised spam headers (#8254) 2019-10-28 12:46:53 -04:00
Jarek Radosz 5776251cdd
DEV: Remove an obsolete "preferences/about-me" route (#8251)
User's title and bio can be changed on the "preferences/account" page.
2019-10-28 17:29:14 +01:00
Mark VanLandingham 437edfc415
FEATURE: Welcome moderator message - add copy! (#8246) 2019-10-28 08:58:45 -05:00
tshenry 5d1b34e1b9
Minor Copy Change
Context: https://meta.discourse.org/t/email-with-correct-incoming-email-address-in-bcc-is-being-rejected/131003/2
2019-10-24 11:16:31 -07:00
Neil Lalonde f061aee818 FEATURE: support SCSS in custom email style
In the CSS tab of Admin > Customize > Email Style, SCSS can now be used.
2019-10-23 15:42:37 -04:00
Vinoth Kannan 31577b2131 FEATURE: wiki editors are allowed edit tags for wiki topics.
If a wiki editor's TL is greater than 'min trust level to tag topics' site setting then they can edit the tags for any wiki topic.
2019-10-23 23:35:38 +05:30
Sam Saffron 98d6cee7c7 FIX: various fixes to draft system
- destroyDraft which is called when we cancel a draft is now async,
  removing race conditions when you click "reply" to a post and are
  already editing. We used to trigger double dialogs for cancelling
  drafts which was confusing.

- Remove reply as new topic / reply as pm keys, they are no longer
  used and only caused confustion. For example we used to pop up a
  warning when you are composing a reply and flick to reply as
  new topic

- Remove createTopic key, this was a bug that proliferated. Whenever
  creating a topic via the C shortcut or clicking on new topic on full
  screen search the correct new topic draft key will be used
  consistently

- When abandoning an edit we now say "Are you sure you want to discard
  your changes" (instead of abandon your post which is confusing)
2019-10-21 17:24:06 +11:00
Krzysztof Kotlarek 858cf5836c
FIX: update Redis gem to version 4.1.3
I run our benchmark on commit with hiredis and redis-4.1.3

Results:
type | hidredis | redis 4.1.3 | percent
--- | --- | --- | ---
Categories-50 | 49 | 50 | 102.04%
Categories-75 | 51 | 51 | 100.00%
Categories-90 | 63 | 64 | 101.59%
Categories-99 | 86 | 85 | 98.84%
Home-50 | 55 | 55 | 100.00%
Home-75 | 56 | 57 | 101.79%
Home-90 | 68 | 69 | 101.47%
Home-99 | 102 | 104 | 101.96%
Topic-50 | 36 | 37 | 102.78%
Topic-75 | 37 | 37 | 100.00%
Topic-90 | 47 | 48 | 102.13%
Topic-99 | 60 | 61 | 101.67%
Categories-admin-50 | 124 | 117 | 94.35%
Categories-admin-75 | 130 | 129 | 99.23%
Categories-admin-90 | 147 | 143 | 97.28%
Categories-admin-99 | 204 | 199 | 97.55%
Home-admin-50 | 146 | 148 | 101.37%
Home-admin-75 | 150 | 152 | 101.33%
Home-admin-90 | 169 | 168 | 99.41%
Home-admin-99 | 232 | 223 | 96.12%
Topic-admin-50 | 60 | 61 | 101.67%
Topic-admin-75 | 64 | 63 | 98.44%
Topic-admin-90 | 76 | 73 | 96.05%
Topic-admin-99 | 124 | 94 | 75.81%
Load rails | 2412 | 2360 | 97.84%
rss | 290204 | 295828 | 101.94%
pss | 277948 | 283624 | 102.04%

Redis gem is manipulating Redis config https://github.com/redis/redis-rb/blob/master/lib/redis/client.rb#L95
therefore we cannot pass the frozen config object.

Pass of the copy of the object is protecting original config
2019-10-21 09:59:24 +11:00
tshenry 95114f87ae
Improve spam_hosts copy (#8203)
- Increase size of the reviewable's conversation excerpt to prevent truncation of the new copy
- Remove the `domain` parameter from the `flag_linked_posts_as_spam` method in the user model since it is no longer needed
- Remove the `domain` interpolation variable from all translation files
- Add "All posts from this user that include links should be reviewed." to server.en.yml for added clarity on why the posts entered the queue
2019-10-18 09:31:15 -07:00
Blake Erickson 80d8830c17 DEV: Make max_tags_in_filter_list available clientside
This will allow plugins that use this setting to read the value using
javascript.
2019-10-17 15:22:27 -06:00
David Taylor d1b86352d4
UX: Make group membership UI clearer (#8210)
The 'automatically set primary group' checkbox looked like it was associated with the email membership. In fact, it applies to all members who join the group. This commit moves it next to the 'automatic trust level' setting, and puts them both under an 'Effects' heading
2019-10-17 18:05:42 +01:00
Sam Saffron f5d1aff8dd FEATURE: experimental hidden setting for draft backups
Under exceptional situations the automatic draft feature can fail.

This new **hidden, default off** site setting
`backup_drafts_to_pm_length` will automatically backup any draft that is
saved by the system to a dedicated PM (originating from self)

The body of that PM will contain the text of the reply.

We can enable this feature strategically on sites exhibiting issues to
diagnose issues with the draft system and offer a recourse to users who
appear to lose drafts. We automatically checkpoint these drafts every 5
minutes forcing a new revision each 5 minutes so you can revert to old
content.

Longer term we are considering automatically enabling this kind of feature
for extremely long drafts where the risk is really high one could lose
days of writing.
2019-10-17 16:58:21 +11:00
Sam Saffron ae2a56999e Revert "FIX: update Redis gem to version 4.1.3 (#8197)"
This reverts commit ab74a50d85.

We really want to upgrade redis, but discovered some edge cases
around failover we need to test.

Holding off on the upgrade till a bit more testing happens
2019-10-17 11:41:46 +11:00
Krzysztof Kotlarek ab74a50d85 FIX: update Redis gem to version 4.1.3 (#8197)
* FIX: update Redis gem to version 4.1.3

I run our benchmark on commit with hiredis and redis-4.1.3

Results:
type | hidredis | redis 4.1.3 | percent
--- | --- | --- | ---
Categories-50 | 49 | 50 | 102.04%
Categories-75 | 51 | 51 | 100.00%
Categories-90 | 63 | 64 | 101.59%
Categories-99 | 86 | 85 | 98.84%
Home-50 | 55 | 55 | 100.00%
Home-75 | 56 | 57 | 101.79%
Home-90 | 68 | 69 | 101.47%
Home-99 | 102 | 104 | 101.96%
Topic-50 | 36 | 37 | 102.78%
Topic-75 | 37 | 37 | 100.00%
Topic-90 | 47 | 48 | 102.13%
Topic-99 | 60 | 61 | 101.67%
Categories-admin-50 | 124 | 117 | 94.35%
Categories-admin-75 | 130 | 129 | 99.23%
Categories-admin-90 | 147 | 143 | 97.28%
Categories-admin-99 | 204 | 199 | 97.55%
Home-admin-50 | 146 | 148 | 101.37%
Home-admin-75 | 150 | 152 | 101.33%
Home-admin-90 | 169 | 168 | 99.41%
Home-admin-99 | 232 | 223 | 96.12%
Topic-admin-50 | 60 | 61 | 101.67%
Topic-admin-75 | 64 | 63 | 98.44%
Topic-admin-90 | 76 | 73 | 96.05%
Topic-admin-99 | 124 | 94 | 75.81%
Load rails | 2412 | 2360 | 97.84%
rss | 290204 | 295828 | 101.94%
pss | 277948 | 283624 | 102.04%

* FIX: get rid of redis freedom patch
2019-10-17 08:49:23 +11:00
Rafael dos Santos Silva 6e9c8fe854
FIX: More encoded slug fixes (#8191)
* FIX: Do not encode the URL twice

Now that we encode slugs in the server we don't need this anymore.

Reverts fe5na33

* FIX: More places do deal with encoded slugs

* the param is a string now, not a hash

* FIX: Handle the nil slug on /categories

* DEV: Add seeded? method to identity default categories

* DEV: Use SiteSetting to keep track of seeded categories
2019-10-16 17:08:43 -03:00
David Taylor 1b8be069e5
DEV: Disable better_errors when developing with more than one worker (#8201)
From the better_errors README:

> Better Errors works by leaving a lot of context in server process memory. If you're using a web server that runs multiple "workers" it's likely that a second request (as happens when you click on a stack frame) will hit a different worker. That worker won't have the necessary context in memory, and you'll see a Session Expired message.
2019-10-16 14:44:48 +01:00
Arpit Jalan 600233482f FIX: include topic link when inviting existing users to a topic/PM
FEATURE: allow staff to use topic_url for customizing email template
2019-10-16 12:36:16 +05:30
Krzysztof Kotlarek 0bf55fe2ff
Revert "FIX: public_file_server.enabled is false in test (#8192)" (#8196)
This reverts commit 5a8fdd02fe.
2019-10-16 10:39:31 +11:00
Krzysztof Kotlarek 5a8fdd02fe FIX: public_file_server.enabled is false in test (#8192)
After a small conversation, we decided that we can set `public_file_server.enabled` to false in the `test` environment to have the same value as `production`.
2019-10-16 09:18:48 +11:00
Vinoth Kannan b2f682f35e
FEATURE: Option to update category preferences of all users when site setting changed (#8180) 2019-10-15 18:41:27 +05:30
Dan Ungureanu 5b84307774
FIX: Ensure that scheduled jobs are loaded. (#8183)
In development, the scheduled jobs are loaded lazily and MiniScheduler
cannot discover them (/sidekiq/scheduler does not show any jobs).
2019-10-14 12:14:16 +03:00
Jeff Atwood 16d8e3f872 minor copyedit 2019-10-12 20:05:34 -07:00
Roman Rizzi 01bc465db8
DEV: Split max decompressed setting for themes and backups (#8179) 2019-10-11 14:38:10 -03:00
Penar Musaraj 3a469a79cf
FEATURE: search topics when adding a link in composer (#8178) 2019-10-11 11:37:44 -04:00
Neil Lalonde 3007c93205 Update translations 2019-10-10 11:15:24 -04:00