* Added scopes UI
* Create scopes when creating a new API key
* Show scopes on the API key show route
* Apply scopes on API requests
* Extend scopes from plugins
* Add missing scopes. A mapping can be associated with multiple controller actions
* Only send scopes if the use global key option is disabled. Use the discourse plugin registry to add new scopes
* Add not null validations and index for api_key_id
* Annotate model
* DEV: Move default mappings to ApiKeyScope
* Remove unused attribute and improve UI for existing keys
* Support multiple parameters separated by a comma
* FEATURE: load hidden posts in segments
Currently, when "View hidden replies" button is clicked, all replies are loaded like there is no tomorrow. When there is plenty of hidden replies, it may cause a timeout.
Therefore, we should load them in pages and display the view link as long as we have more hidden replies.
* Import @action rather than using actions: {}
* Set default values in functions outside of init, so the functions can be modified by modifyClass (plugin api).
* Move padding from .choices div to the input in group selector.
Syntax highlighting is a CPU-intensive process which we run a lot while rendering posts and while using the composer preview. Moving it to a background worker releases the main thread to the browser, which makes the UX much smoother.
Currently in composer preview, if the image scale buttons are inside a `<a>` link then it redirects to the `href` location after the image scaling task.
* Do not autofocus name input on mobile
* Improve code for formatted reminder type times to not be computed, so the modal times update correctly
* Change wording of "Next Monday" to "Monday" for all days except when today is Monday
Category and tag hashtags used to be handled differently even though
most of the code was very similar. This design was the root cause of
multiple issues related to hashtags.
This commit reduces the number of requests (just one and debounced
better), removes the use of CSS classes which marked resolved hashtags,
simplifies a lot of the code as there is a single source of truth and
previous race condition fixes are now useless.
It also includes a very minor security fix which let unauthorized users
to guess hidden tags.
When creating a bookmark reminder that deletes the bookmark on reminder, if the user clicked on the notification and got taken to the post in the topic the bookmark icon still showed as blue with the reminder clock indicator. This was because the response JSON for reloading a topic post was not including the bookmark attributes, not even the bookmarked boolean.
We now return the correct attributes in the serializer, and if bookmarked is false we clear all the bookmark related attributes on the post for the notification to make sure nothing of the old bookmark remains in the UI.
This was only a problem if the user did not refresh the app completely inbetween setting the reminder and receiving the notification.
We have a couple of examples of enormous amounts of text being entered in the name column of bookmarks. This is not desirable...it is just meant to be a short note / reminder of why you bookmarked this.
This PR caps the column at 100 characters and truncates existing names in the database to 100 characters.
Before this change:
- first full page load would get category defaults defined un cateory settings
- a navigation to a topic and then back to categories list would reset defaut to the ones defined in discovery/topics
* add composer:saved, composer:created-post, and composer:edited-post
appEvents inside the composer controller, to make it easier to detect
these events in plugins
* FIX: Fix race condition when resolving tag and category hashtags
If the category hashtags were resolved first and then tag hashtags, then
the tags would overwrite the categories. Similarly, if the category
hashtags were resolved last it would overwrite even hashtags which ended
with '::tag'.
* DEV: Add test
* DEV: Fix test
Because of how the dropdown was structured, as long it was in the DOM, all clicks outside the widget would rerender it.
This commit introduces `widget-dropdown-body` that handles the `clickOutside` callback and is rendered conditionally, so it won't get called when the dropdown is closed.
* FIX: CookText may be gone before promise resolves
Bug introduced in 293467a37a.
* DEV: Drop the window.requireModule in cook-text
It was introduced in 2017 in 232311aa8c but doesn't seem to be necessary anymore.
Previously, basic-topic-list had its own implementation of topic-list-item on mobile, which made it more difficult to maintain and extend. The visible difference was that the basic-topic-list implementation had no large avatar on the left. This commit adds a new hideMobileAvatar parameter to topic-list-item and topic-list, and sets it to `true` for the basic-topic-list component.
08044b4f regressed emoji auto complete logic since we (I) forgot to add the
space into the not capturing group at the beginning.
This meant that
`hello 👍t` would not trigger an autocomplete to pick skin tone.
Previously we were using `$elem.find(...).not($elem.find(...))`. This took approximately 2ms on my machine with a test post.
This commit switches to using a native querySelectorAll method, which takes less than 0.5ms on the same test post.
This code runs on every keyup event in the application, so it needs to be efficient. Previously we were iterating over the whole document using the JQuery :visible selector. Per the JQuery docs at https://api.jquery.com/visible-selector/
> Using this selector heavily can have performance implications, as it may force the browser to re-render the page before it can determine visibility. Tracking the visibility of elements via other methods, using a class for example, can provide better performance.
We already had a `hidden` class on the modal element which we can check, so we can check that instead.
autocomplete resolving to [] was causing it to stop working.
Instead we have a special const (SKIP) which ensures it will
continue to be evaluated and only this instance is skipped.
The admin permalink list was a little tricky to use because the URLs are easily reduced with a ... if they are too long. This adds a copy to clipboard button for the URL and a title on hover so the full text of the URL can be seen.
* FEATURE: Don't display muted/ignored users under "who liked"
Previously, if you clicked on the heart icon below a post
it would show you the avatar for a user even if you ignored or muted
them.
This commit will instead display a (?) icon. The count of likes will
remain correct, but you needn't be reminded of the person you
preferred not to see.
* Use a circle instead of (?) for unknown user
* The first post was showing as bookmarked incorrectly after pressing f to open the topic modal then pressing escape to cancel without saving, because the closeWithoutSaving option was not being respected.
* Also re-introduce the enter shortcut when the name input is focused to saveAndClose the bookmark modal by pressing enter.
It's a stop gap – ideally we would generate a thumbnail for uploaded videos. For now, a bit of intentionality in the style and a pinch of context should do.
Fixes a bug in search-menu-results (type: "group"), where:
```javascript
const fullName = escapeExpression(group.fullName);
const name = escapeExpression(group.name);
const groupNames = [h("span.name", fullName || name)];
```
`groupNames` could end up having value "undefined" if a group doesn't have a `fullName`.
showPreview is necessary because we need to add 50% width class similar to: class="title-and-category with-preview" on the category and title div if the preview is shown.
There are two problems I'm trying to tackle here.
1. The site json is cached for anonymous users so readonly mode can be
cached for up to 30 minutes which makes it confusing.
2. We've already checked for readonly mode in the controller so having
to check for readonly mode again in `SiteSerializer` is adding an extra
Redis query on every request.
If cooked is unchanged, ember will not re-render the preview area, so we should not re-run the post-processing decorators. This can cause issues when decorateCooked functions are not idempotent.
Users with TL below the "min trust to create topic" setting used to see a prompt to create new topics in the footer message below the topic list. Those topics would never be submitted because those users don't meet the TL requirements to create a new topic (based on that site setting). This PR removes that prompt for those users.
The user-card-additional-controls outlet is outside the `<li>` element, which makes styling difficult. Placing an outlet inside the button list means that themes/plugins can easily reuse core styling.
Previous to this fix the we were checking for non letters.
This was mismatching what pretty-text/addon/emoji.js was doing.
`ù:su`
and
`1:su`
Would lead to an emoji autocomplete popup in the composer.
Safari uses an aggressive back/forward cache, which means the app loads
very quickly when hitting Back. But, in topics with > 30 posts, hitting
Back runs post stream calculations too early, which means that users
get taken back to an earlier point in the stream, consistently.
Using `onpageshow`, we can restore the correct location before the post
stream calculations take place.
- This function now requires an explicit scope. It will never run on the entire document.
- Previously debounce was being used with an anonymous function, which means it was having no effect.
An empty string is a falsey value in javascript, so we were looking for the meta tag every time getURL was called, which took approximately 1.5ms every time.
Behavior was changed in #9966, which made the URL be relative.
If the user landed in a topic, for example, the browser was given a
service worker URL under that specific topic URL, which was a 404.
Fixes broken PWA install and broken push notifications
* DEV: Move `Discourse.getURL` and related functions to a module
* DEV: Remove `Discourse.getURL` and `Discourse.getURLWithCDN`
* FIX: `get-url` is required for server side code
* DEV: Deprecate `BaseUri` too.
* FIX: prevents false boolean param to be filtered as non existant
This was preventing to filter top category route to be filtered by replies.
* if order is different ascending should be true on first click
* test
* fix
* just pass params
* more fixxes
* DEV: `Discourse.baseUri` does not exist
This never could have worked - should have been `Discourse.BaseUri` if
anything.
* DEV: Remove Discourse.Environment
* DEV: Remove `Discourse.disableMissingIconWarning`
* DEV: A bunch more missing environment checks
This introduces a new core API to get counts per tag from topic
tracking state
This API will only be useful if a plugin enable tags in topic
tracking state using
`TopicTrackingState.include_tags_in_report = true`
* DEV: To be pedantic, there is more than EMBER in there now
* DEV: Use less globals. Have `Discourse` start in an initializer
* DEV: Remove another global
This reverts commit 75f46ca632.
This unfortunately breaks
`RAILS_ENV=production bin/rake assets:precompile`
I don't think discourse-loader.js is transpiled
There was a race condition where drafts could be either saving
or queued to be saved and a user canceled draft leading to destroying
it.
This cancels debounce save and waits for save in the pipeline to
be over prior to firing off a DELETE on the draft
cancelComposer would leak a promise that never got resolved if
you aborted cancelling a composer.
This change ensured the promise will always be resolved
This reverts commit 20780a1eee.
* SECURITY: re-adds accidentally reverted commit:
03d26cd6: ensure embed_url contains valid http(s) uri
* when the merge commit e62a85cf was reverted, git chose the 2660c2e2 parent to land on
instead of the 03d26cd6 parent (which contains security fixes)
* FIX: Emit web hooks for flags
* FEATURE: Remove 'flag' web hook in favor of 'reviewable' web hook
* FEATURE: Remove 'queued post' web hook in favor of 'reviewable' web hook
* FIX: Do not set a default value for web hooks with no events
* DEV: Standardize table sorting verbiage
This commit creates a common component that tables can use to make their
headers sortable. This commit also standardizes on using `desc` as the
default and passing in the `asc=true` flag to adjust the sorting
direction.
* Add deprecation warnings
Adds deprecation warnings if using previous params and maintains
backwards compatibility. Set the default sort value for group members to
be asc.
* switch group requests to use common table-header-toggle
* update fixture
* PERF: Dematerialize topic_reply_count
It's only ever used for trust level promotions that run daily, or compared to 0. We don't need to track it on every post creation.
* UX: Add symbol in TL3 report if topic reply count is capped
* DEV: Drop user_stats.topic_reply_count column
Previously if saving a draft took longer than 2 seconds there
could be conditions where drafts could be saved concurrently.
This meant the composer could race with itself and raise conflicts.
This is likely to happen on bad internet connections or where
latency is really high.
Additionally a throttle was added so drafts save unconditionally
every 15 seconds.
Save draft in the model now properly and consistently returns a
promise.
Unlike other browsers, Safari maintains focus on elements even when
they are hidden. And since the composer is fixed-positioned when hidden,
closing the composer on a topic with several replies causes Safari to
scroll the window up.
Deliberately blurring the focused element fixes the issue.
Co-authored-by: Mark VanLandingham <markvanlan@gmail.com>
Co-authored-by: Robin Ward <robin.ward@gmail.com>
Co-authored-by: Mark VanLandingham <markvanlan@gmail.com>
Adding this from a review; I was using Discourse.currentUser which is frowned upon now.
Passing currentUser both for regular post menu buttons and extra buttons attached via the plugin API.
Lots of formatting/whitespace changes, best off reviewing with ?w=1
* DEV: allows to define an ariaLabel on d-button
This topic also adds this function to topic-footer-buttons, simplifies the whole logic of titile/label/arialabel in d-button and adds tests for these properties.
* typo
In production `title` was set to undefined causing a
discrepancy between originalTitle and title
This attempts to work around the issue in the production bundle
In moment.js the .day() function can accept a day string but this is locale based, so e.g. in Finnish locale the string "Monday" means nothing and will parse incorrectly to Sunday. To resolve this we always use the moment.js number for the day of the week we want.
* This is to prevent user's timezones being changed accidentally
e.g. by admin looking at a user
* This problem only occurred via the user card, however the user card
was still calling userTimezone even if the setting to display user
time in card was disabled
Previously originalTitle was set to undefined leading to
titleDirty being unconditionally undefined for new topics
That mean you could not dismiss the composer via ESC
Adds a new rake task to auto generate a constants.js file with the
constants present. This makes migrating to Ember CLI easier, but also
slightly speeds up asset compilation by having to do less work.
If the constants change you need to run:
`rake javascripts:update_constants`
There were two constants here, `INLINE_ONEBOX_LOADING_CSS_CLASS` and
`INLINE_ONEBOX_CSS_CLASS` that were both longer than the strings they
were DRYing up: `inline-onebox-loading` and `inline-onebox`
I normally appreciate constants, but in this case it meant that we had
a lot of JS imports resulting in many more lines of code (and CPU cycles
spent figuring them out.)
It also meant we had an `.erb` file and had to invoke Ruby to create the
JS file, which meant the app was harder to port to Ember CLI.
I removed the constants. It's less DRY but faster and simpler, and
arguably the loss of DRYness is not significant as you can still search
for the `inline-onebox-loading` and `inline-onebox` strings easily if
you are refactoring.